public void Parse_Scopes_with_Empty_Scope_List() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes(""); scopes.Should().BeNull(); }
public static DeviceAuthorizationRequestValidator CreateDeviceAuthorizationRequestValidator( IdentityServerOptions options = null, IResourceStore resourceStore = null, ScopeValidator scopeValidator = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (resourceStore == null) { resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis()); } if (scopeValidator == null) { scopeValidator = new ScopeValidator(resourceStore, new LoggerFactory().CreateLogger <ScopeValidator>()); } return(new DeviceAuthorizationRequestValidator( options, scopeValidator, TestLogger.Create <DeviceAuthorizationRequestValidator>())); }
public void ProcessConsentAsync_NoPromptMode_ConsentServiceRequiresConsent_ConsentGrantedButMissingRequiredScopes_ReturnsErrorResult() { RequiresConsent(true); var client = new Client { }; var scopeValidator = new ScopeValidator(new InMemoryScopeStore(GetScopes()), TestLogger.Create <ScopeValidator>()); var request = new ValidatedAuthorizeRequest() { ResponseMode = OidcConstants.ResponseModes.Fragment, State = "12345", RedirectUri = "https://client.com/callback", RequestedScopes = new List <string> { "openid", "read" }, ValidatedScopes = scopeValidator, Client = client }; var valid = scopeValidator.AreScopesValidAsync(request.RequestedScopes).Result; var consent = new ConsentResponse { RememberConsent = false, ScopesConsented = new string[] { "read" } }; var result = _subject.ProcessConsentAsync(request, consent).Result; result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.AuthorizeErrors.AccessDenied); AssertUpdateConsentNotCalled(); }
public static TokenRequestValidator CreateTokenRequestValidator( IdentityServerOptions options = null, IScopeStore scopes = null, IAuthorizationCodeStore authorizationCodeStore = null, IRefreshTokenStore refreshTokens = null, IUserService userService = null, ICustomGrantValidator customGrantValidator = null, ICustomRequestValidator customRequestValidator = null, ScopeValidator scopeValidator = null, IDictionary <string, object> environment = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (scopes == null) { scopes = new InMemoryScopeStore(TestScopes.Get()); } if (userService == null) { userService = new TestUserService(); } if (customRequestValidator == null) { customRequestValidator = new DefaultCustomRequestValidator(); } if (customGrantValidator == null) { customGrantValidator = new TestGrantValidator(); } if (refreshTokens == null) { refreshTokens = new InMemoryRefreshTokenStore(); } if (scopeValidator == null) { scopeValidator = new ScopeValidator(scopes); } IOwinContext context; if (environment == null) { context = new OwinContext(new Dictionary <string, object>()); } else { context = new OwinContext(environment); } return(new TokenRequestValidator(options, authorizationCodeStore, refreshTokens, userService, scopes, customGrantValidator, customRequestValidator, scopeValidator, context)); }
public void Parse_Scopes_with_Empty_Scope_List() { var validator = new ScopeValidator(_logger); var scopes = validator.ParseScopes(""); Assert.IsNull(scopes); }
public void Invalid_Scope() { var validator = new ScopeValidator(_logger); var scopes = validator.ParseScopes("openid email resource1 resource2 unknown"); var result = validator.AreScopesValid(scopes, _allScopes); Assert.IsFalse(result); }
public void All_Scopes_Allowed_For_Restricted_Client() { var validator = new ScopeValidator(_logger); var scopes = validator.ParseScopes("openid resource1"); var result = validator.AreScopesAllowed(_restrictedClient, scopes); Assert.IsTrue(result); }
public void All_Scopes_Allowed_For_Unrestricted_Client() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes("openid email resource1 resource2"); var result = validator.AreScopesAllowed(_unrestrictedClient, scopes); Assert.IsTrue(result); }
public void Restricted_Scopes() { var scopes = ScopeValidator.ParseScopesString("openid email resource1 resource2"); var validator = new ScopeValidator(_store); var result = validator.AreScopesAllowed(_restrictedClient, scopes); result.Should().BeFalse(); }
public void Restricted_Scopes() { var validator = new ScopeValidator(_logger); var scopes = validator.ParseScopes("openid email resource1 resource2"); var result = validator.AreScopesAllowed(_restrictedClient, scopes); Assert.IsFalse(result); }
public void Invalid_Scope() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes("openid email resource1 resource2 unknown"); var result = validator.AreScopesValid(scopes, _allScopes); result.Should().BeFalse(); }
public void All_Scopes_Valid() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes("openid email resource1 resource2"); var result = validator.AreScopesValid(scopes, _allScopes); result.Should().BeTrue(); }
public void All_Scopes_Valid() { var validator = new ScopeValidator(_logger); var scopes = validator.ParseScopes("openid email resource1 resource2"); var result = validator.AreScopesValid(scopes, _allScopes); Assert.IsTrue(result); }
public void Disabled_Scope() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes("openid email resource1 resource2 disabled"); var result = validator.AreScopesValid(scopes, _allScopes); Assert.IsFalse(result); }
public void All_Scopes_Allowed_For_Restricted_Client() { var scopes = ScopeValidator.ParseScopesString("openid resource1"); var validator = new ScopeValidator(_store); var result = validator.AreScopesAllowed(_restrictedClient, scopes); result.Should().BeTrue(); }
public void Parse_Scopes_with_Duplicate_Scope() { var scopes = ScopeValidator.ParseScopesString("scope2 scope1 scope2"); scopes.Count.Should().Be(2); scopes[0].Should().Be("scope1"); scopes[1].Should().Be("scope2"); }
public async Task All_Scopes_Valid() { var scopes = ScopeValidator.ParseScopesString("openid email resource1 resource2"); var validator = new ScopeValidator(_store); var result = await validator.AreScopesValidAsync(scopes); result.Should().BeTrue(); }
public async Task Disabled_Scope() { var scopes = ScopeValidator.ParseScopesString("openid email resource1 resource2 disabled"); var validator = new ScopeValidator(_store); var result = await validator.AreScopesValidAsync(scopes); result.Should().BeFalse(); }
public void Parse_Scopes_with_Duplicate_Scope() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes("scope2 scope1 scope2"); scopes.Count.Should().Be(2); scopes[0].Should().Be("scope1"); scopes[1].Should().Be("scope2"); }
public void Parse_Scopes_with_Duplicate_Scope() { var validator = new ScopeValidator(_logger); var scopes = validator.ParseScopes("scope2 scope1 scope2"); Assert.AreEqual(scopes.Count, 2); Assert.AreEqual(scopes[0], "scope1"); Assert.AreEqual(scopes[1], "scope2"); }
public void Parse_Scopes_with_Sorting() { var scopes = ScopeValidator.ParseScopesString("scope3 scope2 scope1"); scopes.Count.Should().Be(3); scopes[0].Should().Be("scope1"); scopes[1].Should().Be("scope2"); scopes[2].Should().Be("scope3"); }
public static TokenRequestValidator CreateTokenRequestValidator( IdentityServerOptions options = null, IScopeStore scopes = null, IAuthorizationCodeStore authorizationCodeStore = null, IRefreshTokenStore refreshTokens = null, IUserService userService = null, ICustomGrantValidator customGrantValidator = null, ICustomRequestValidator customRequestValidator = null, ScopeValidator scopeValidator = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (scopes == null) { scopes = new InMemoryScopeStore(TestScopes.Get()); } if (userService == null) { userService = new TestUserService(); } if (customRequestValidator == null) { customRequestValidator = new DefaultCustomRequestValidator(); } if (customGrantValidator == null) { customGrantValidator = new TestGrantValidator(); } if (refreshTokens == null) { refreshTokens = new InMemoryRefreshTokenStore(); } if (scopeValidator == null) { scopeValidator = new ScopeValidator(scopes); } return(new TokenRequestValidator( options, authorizationCodeStore, refreshTokens, userService, customGrantValidator, customRequestValidator, scopeValidator, new DefaultEventService())); }
public void Parse_Scopes_with_Extra_Spaces() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes(" scope3 scope2 scope1 "); scopes.Count.Should().Be(3); scopes[0].Should().Be("scope1"); scopes[1].Should().Be("scope2"); scopes[2].Should().Be("scope3"); }
public void Parse_Scopes_with_Extra_Spaces() { var validator = new ScopeValidator(_logger); var scopes = validator.ParseScopes(" scope3 scope2 scope1 "); Assert.AreEqual(scopes.Count, 3); Assert.AreEqual(scopes[0], "scope1"); Assert.AreEqual(scopes[1], "scope2"); Assert.AreEqual(scopes[2], "scope3"); }
public void Contains_Identity_Scopes_Only() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes("openid email"); var result = validator.AreScopesValid(scopes, _allScopes); result.Should().BeTrue(); validator.ContainsOpenIdScopes.Should().BeTrue(); validator.ContainsResourceScopes.Should().BeFalse(); }
public void Contains_Identity_Scopes_Only() { var validator = new ScopeValidator(_logger); var scopes = validator.ParseScopes("openid email"); var result = validator.AreScopesValid(scopes, _allScopes); Assert.IsTrue(result); Assert.IsTrue(validator.ContainsOpenIdScopes); Assert.IsFalse(validator.ContainsResourceScopes); }
public void Contains_Resource_and_Identity_Scopes() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes("openid email resource1 resource2"); var result = validator.AreScopesValid(scopes, _allScopes); Assert.IsTrue(result); Assert.IsTrue(validator.ContainsOpenIdScopes); Assert.IsTrue(validator.ContainsResourceScopes); }
public void Contains_Resource_Scopes_Only() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes("resource1 resource2"); var result = validator.AreScopesValid(scopes, _allScopes); Assert.IsTrue(result); Assert.IsFalse(validator.ContainsOpenIdScopes); Assert.IsTrue(validator.ContainsResourceScopes); }
public void Parse_Scopes_with_Sorting() { var validator = new ScopeValidator(); var scopes = validator.ParseScopes("scope3 scope2 scope1"); Assert.AreEqual(scopes.Count, 3); Assert.AreEqual(scopes[0], "scope1"); Assert.AreEqual(scopes[1], "scope2"); Assert.AreEqual(scopes[2], "scope3"); }
public async Task Contains_Identity_Scopes_Only() { var scopes = ScopeValidator.ParseScopesString("openid email"); var validator = new ScopeValidator(_store); var result = await validator.AreScopesValidAsync(scopes); result.Should().BeTrue(); validator.ContainsOpenIdScopes.Should().BeTrue(); validator.ContainsResourceScopes.Should().BeFalse(); }