private static IAuthorizationRequestFactory CreateAuthorizationRequestFactory(bool validClientId = true, bool validRedirectUri = true, bool validScopes = true)
{
var clientIdValidator = new Mock <IClientIdValidator>();
clientIdValidator
.Setup(c => c.ValidateClientIdAsync(It.IsAny <string>()))
.ReturnsAsync(validClientId);
var redirectUriValidatorMock = new Mock <IRedirectUriResolver>();
redirectUriValidatorMock
.Setup(m => m.ResolveRedirectUriAsync(It.IsAny <string>(), It.IsAny <string>()))
.ReturnsAsync((string clientId, string redirectUrl) => validRedirectUri ?
RedirectUriResolutionResult.Valid(redirectUrl ?? "http://www.example.com/registered") :
RedirectUriResolutionResult.Invalid(ProtocolErrorProvider.InvalidRedirectUri(redirectUrl)));
var scopeValidatorMock = new Mock <IScopeResolver>();
scopeValidatorMock
.Setup(m => m.ResolveScopesAsync(It.IsAny <string>(), It.IsAny <IEnumerable <string> >()))
.ReturnsAsync(
(string clientId, IEnumerable <string> scopes) => validScopes ?
ScopeResolutionResult.Valid(scopes.Select(s => ApplicationScope.CanonicalScopes.TryGetValue(s, out var parsedScope) ? parsedScope : new ApplicationScope(clientId, s))) :
ScopeResolutionResult.Invalid(ProtocolErrorProvider.InvalidScope(scopes.First())));
return(new AuthorizationRequestFactory(
clientIdValidator.Object,
redirectUriValidatorMock.Object,
scopeValidatorMock.Object,
Enumerable.Empty <IAuthorizationRequestValidator>(),
new ProtocolErrorProvider()));
}
private IScopeResolver GetScopeResolver(bool hasInvalidScopes)
{
var mock = new Mock <IScopeResolver>();
mock.Setup(m => m.ResolveScopesAsync(It.IsAny <string>(), It.IsAny <IEnumerable <string> >()))
.ReturnsAsync((string clientId, IEnumerable <string> scopes) => !hasInvalidScopes ?
ScopeResolutionResult.Valid(scopes.Select(s => CreateScope(s))) :
ScopeResolutionResult.Invalid(ProtocolErrorProvider.InvalidScope(scopes.First())));
return(mock.Object);
ApplicationScope CreateScope(string s) =>
ApplicationScope.CanonicalScopes.TryGetValue(s, out var parsedScope) ? parsedScope : new ApplicationScope("resourceId", s);
}
public async Task <ScopeResolutionResult> ResolveScopesAsync(string clientId, IEnumerable <string> scopes)
{
var authorizedParty = await _applicationManager.FindByClientIdAsync(clientId);
var authorizedPartyScopes = await _applicationManager.FindScopesAsync(authorizedParty);
var result = new List <ApplicationScope>();
string resourceName = null;
TApplication resourceApplication = null;
IEnumerable <string> resourceApplicationScopes = null;
foreach (var scope in scopes)
{
var(wellFormed, canonical, name, scopeValue) = ParseScope(scope);
if (!wellFormed)
{
return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope)));
}
if (canonical && authorizedPartyScopes.Any(s => s.Equals(scope, StringComparison.Ordinal)))
{
result.Add(ApplicationScope.CanonicalScopes[scope]);
}
if (canonical)
{
// We purposely ignore canonical scopes not allowed by the client application.
continue;
}
resourceName = resourceName ?? name;
if (resourceName != null && !resourceName.Equals(name, StringComparison.Ordinal))
{
return(ScopeResolutionResult.Invalid(_errorProvider.MultipleResourcesNotSupported(resourceName, name)));
}
if (resourceApplicationScopes == null)
{
resourceApplication = await _applicationManager.FindByNameAsync(resourceName);
if (resourceApplication == null)
{
return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope)));
}
resourceApplicationScopes = await _applicationManager.FindScopesAsync(resourceApplication);
}
if (!resourceApplicationScopes.Contains(scopeValue, StringComparer.Ordinal))
{
return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope)));
}
else
{
var resourceClientId = await _applicationManager.GetApplicationClientIdAsync(resourceApplication);
result.Add(new ApplicationScope(resourceClientId, scopeValue));
}
}
return(ScopeResolutionResult.Valid(result));
}