public void SignInCommand_Run_NullcheckOptions()
{
Action a = () => SignInCommand.Run(null, null, null, null, null);
a.ShouldThrow <ArgumentNullException>()
.And.ParamName.Should().Be("options");
}
public void SignInCommand_Run_Uses_IdpFromNotification()
{
var options = StubFactory.CreateOptions();
var idp = options.IdentityProviders.Default;
var entityId = new EntityId("urn:invalid");
options.SPOptions.DiscoveryServiceUrl.Should().NotBeNull("this test assumes a non-null DS url");
var request = new HttpRequestData("GET",
new Uri("http://sp.example.com"));
options.Notifications.SelectIdentityProvider = (ei, r) =>
{
return(idp);
};
var authnRequestCreatedCalled = false;
options.Notifications.AuthenticationRequestCreated = (a, i, r) =>
{
authnRequestCreatedCalled = true;
i.Should().BeSameAs(idp, "the idp from the SelectIdentityProvider notification should override the default behaviour");
};
SignInCommand.Run(entityId, null, request, options, null);
authnRequestCreatedCalled.Should().BeTrue("an AuthenticateRequest should have been created instead of going to the Discovery Service.");
}
protected override async Task ApplyResponseChallengeAsync()
{
if (Response.StatusCode == 401)
{
var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
if (challenge != null)
{
EntityId idp;
string strIdp;
if (challenge.Properties.Dictionary.TryGetValue("idp", out strIdp))
{
idp = new EntityId(strIdp);
}
else
{
object objIdp = null;
Context.Environment.TryGetValue("KentorAuthServices.idp", out objIdp);
idp = objIdp as EntityId;
}
var redirectUri = challenge.Properties.RedirectUri;
// Don't serialize the RedirectUri twice.
challenge.Properties.RedirectUri = null;
var result = SignInCommand.Run(
idp,
redirectUri,
await Context.ToHttpRequestData(Options.DataProtector.Unprotect),
Options,
challenge.Properties.Dictionary);
result.Apply(Context, Options.DataProtector);
}
}
}
public void SignInCommand_Run_Calls_Notifications()
{
var options = StubFactory.CreateOptions();
var idp = options.IdentityProviders.Default;
var relayData = new Dictionary <string, string>();
options.SPOptions.DiscoveryServiceUrl = null;
var request = new HttpRequestData("GET",
new Uri("http://sp.example.com"));
var selectedIdpCalled = false;
options.Notifications.SelectIdentityProvider =
(ei, r) =>
{
ei.Should().BeSameAs(idp.EntityId);
r.Should().BeSameAs(relayData);
selectedIdpCalled = true;
return(null);
};
Saml2AuthenticationRequest saml2AuthenticationRequest = null;
options.Notifications.AuthenticationRequestCreated = (a, i, r) =>
{
a.Should().NotBeNull();
i.Should().BeSameAs(idp);
r.Should().BeSameAs(relayData);
saml2AuthenticationRequest = a;
};
CommandResult notifiedCommandResult = null;
options.Notifications.SignInCommandResultCreated = (cr, r) =>
{
notifiedCommandResult = cr;
r.Should().BeSameAs(relayData);
};
bool authenticationRequestXmlCreatedCalled = false;
options.Notifications.AuthenticationRequestXmlCreated = (ar, xd, bt) =>
{
authenticationRequestXmlCreatedCalled = true;
ar.Should().BeSameAs(saml2AuthenticationRequest);
bt.Should().Be(Saml2BindingType.HttpRedirect);
};
SignInCommand.Run(idp.EntityId, null, request, options, relayData)
.Should().BeSameAs(notifiedCommandResult);
saml2AuthenticationRequest.Should().NotBeNull("the AuthenticationRequestCreated notification should have been called");
selectedIdpCalled.Should().BeTrue("the SelectIdentityProvider notification should have been called.");
authenticationRequestXmlCreatedCalled.Should().BeTrue("the AuthenticationedRequestXmlCreated should have been called.");
}
public void SignInCommand_WithHttpsPublicOrigin_SetsSecureCookieFlag()
{
var options = StubFactory.CreateOptionsPublicOrigin(new Uri("https://my.public.origin:8443"));
var httpRequest = new HttpRequestData("GET", new Uri("http://localhost"));
var actual = SignInCommand.Run(options.IdentityProviders.Default.EntityId, null, httpRequest, options, null);
actual.SetCookieName.Should().StartWith(StoredRequestState.CookieNameBase);
actual.SetCookieSecureFlag.Should().BeTrue();
}
public void SignInCommand_WithHttpUrl_DoesNotSetSecureCookieFlag()
{
var options = StubFactory.CreateOptions();
var httpRequest = new HttpRequestData("GET", new Uri("http://localhost"));
var actual = SignInCommand.Run(options.IdentityProviders.Default.EntityId, null, httpRequest, options, null);
actual.SetCookieName.Should().StartWith(StoredRequestState.CookieNameBase);
actual.SetCookieSecureFlag.Should().BeFalse();
}
public void SignInCommand_Run_RedirectToDsWorksWithoutSpecifiedReturnPath()
{
var options = StubFactory.CreateOptions();
var request = new HttpRequestData("GET",
new Uri("http://sp.example.com/Saml2/SignIn"));
Action a = () => SignInCommand.Run(null, null, request, options, null);
a.ShouldNotThrow();
}
protected override async Task ApplyResponseChallengeAsync()
{
if (Response.StatusCode == 401)
{
var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
if (challenge != null)
{
EntityId idp;
string strIdp;
if (challenge.Properties.Dictionary.TryGetValue("idp", out strIdp))
{
idp = new EntityId(strIdp);
}
else
{
object objIdp = null;
Context.Environment.TryGetValue("saml2.idp", out objIdp);
idp = objIdp as EntityId;
}
var redirectUri = challenge.Properties.RedirectUri;
// Don't serialize the RedirectUri twice.
challenge.Properties.RedirectUri = null;
if (redirectUri == null)
{
redirectUri = Context.Request.Uri.ToString();
}
var result = SignInCommand.Run(
idp,
redirectUri,
await Context.ToHttpRequestData(Options.DataProtector.Unprotect),
Options,
challenge.Properties.Dictionary);
if (!result.HandledResult)
{
result.Apply(
Context,
Options.DataProtector,
Options.Notifications.EmitSameSiteNone(Request.GetUserAgent()));
}
}
}
}
public void SignInCommand_Run_Calls_CommandResultCreated_OnRedirectToDS()
{
var options = StubFactory.CreateOptions();
var idp = options.IdentityProviders.Default;
options.SPOptions.DiscoveryServiceUrl.Should().NotBeNull("this test assumes a non-null DS url");
var request = new HttpRequestData("GET",
new Uri("http://sp.example.com"));
CommandResult notifiedCommandResult = null;
options.Notifications.SignInCommandResultCreated = (cr, r) =>
{
notifiedCommandResult = cr;
};
SignInCommand.Run(null, null, request, options, null)
.Should().BeSameAs(notifiedCommandResult);
}
protected override Task HandleChallengeAsync(AuthenticationProperties properties)
{
var requestData = Context.ToHttpRequestData(null);
// Don't serialize the return url twice, move it to our location.
var redirectUri = properties.RedirectUri;
properties.RedirectUri = null;
var result = SignInCommand.Run(
null,
redirectUri,
requestData,
Options,
properties.Items);
result.Apply(Context, dataProtector);
return(Task.CompletedTask);
}
/// <InheritDoc />
public async Task ChallengeAsync(AuthenticationProperties properties)
{
if (properties == null)
{
throw new ArgumentNullException(nameof(properties));
}
// Don't serialize the return url twice, move it to our location.
var redirectUri = properties.RedirectUri;
properties.RedirectUri = null;
var requestData = context.ToHttpRequestData(null);
var result = SignInCommand.Run(
null,
redirectUri,
requestData,
options,
properties.Items);
await result.Apply(context, dataProtector, null, null);
}
public void SignInCommand_Run_SetForceAuthnFromQueryString()
{
var options = StubFactory.CreateOptions();
options.SPOptions.DiscoveryServiceUrl = null;
bool?isPassiveValue = null;
bool?forceAuthnValue = null;
options.Notifications.AuthenticationRequestCreated = (authnr, idp, relay) =>
{
isPassiveValue = authnr.IsPassive;
forceAuthnValue = authnr.ForceAuthentication;
};
var request = new HttpRequestData("GET",
new Uri("http://sp.example.com/Saml2/SignIn?ForceAuthn=true"));
SignInCommand.Run(null, null, request, options, null);
isPassiveValue.Should().BeFalse();
forceAuthnValue.Should().BeTrue();
}