public async Task ProcessConsentAsync_AllowConsentSelected_SavesConsent()
{
RequiresConsent(true);
var client = new Client { AllowRememberConsent = true };
var user = new ClaimsPrincipal();
var request = new ValidatedAuthorizeRequest()
{
ResponseMode = Constants.ResponseModes.Fragment,
State = "12345",
RedirectUri = "https://client.com/callback",
ValidatedScopes = new ScopeValidator(new InMemoryScopeStore(TestScopes.Get())),
Client = client,
Subject = user
};
await request.ValidatedScopes.AreScopesValidAsync(new string[] { "read", "write" });
var consent = new UserConsent
{
Button = "yes",
RememberConsent = true,
Scopes = new string[] { "read" }
};
var result = subject.ProcessConsentAsync(request, consent).Result;
AssertUpdateConsentCalled(client, user, "read");
}
public async Task ProcessConsentAsync_PromptModeConsent_ConsentGranted_ScopesSelected_ReturnsConsentResult()
{
RequiresConsent(true);
var request = new ValidatedAuthorizeRequest()
{
ResponseMode = Constants.ResponseModes.Fragment,
State = "12345",
RedirectUri = "https://client.com/callback",
ValidatedScopes = new ScopeValidator(new InMemoryScopeStore(TestScopes.Get())),
Client = new Client { }
};
await request.ValidatedScopes.AreScopesValidAsync(new string[] { "read", "write" });
var consent = new UserConsent
{
Button = "yes",
RememberConsent = false,
Scopes = new string[] { "read" }
};
var result = subject.ProcessConsentAsync(request, consent).Result;
request.ValidatedScopes.GrantedScopes.Count.Should().Be(1);
"read".Should().Be(request.ValidatedScopes.GrantedScopes.First().Name);
request.WasConsentShown.Should().BeTrue();
result.IsConsent.Should().BeFalse();
AssertUpdateConsentNotCalled();
}
public void ProcessConsentAsync_NoPromptMode_ConsentServiceRequiresConsent_ConsentNotGranted_ReturnsErrorResult()
{
RequiresConsent(true);
var request = new ValidatedAuthorizeRequest()
{
ResponseMode = Constants.ResponseModes.Fragment,
State = "12345",
RedirectUri = "https://client.com/callback",
};
var consent = new UserConsent
{
Button = "no",
RememberConsent = false,
Scopes = new string[] { "read", "write" }
};
var result = subject.ProcessConsentAsync(request, consent).Result;
request.WasConsentShown.Should().BeTrue();
result.IsError.Should().BeTrue();
result.Error.ErrorType.Should().Be(ErrorTypes.Client);
result.Error.Error.Should().Be(Constants.AuthorizeErrors.AccessDenied);
AssertErrorReturnsRequestValues(result.Error, request);
AssertUpdateConsentNotCalled();
}
public void ProcessConsentAsync_NoPromptMode_ConsentServiceRequiresConsent_ConsentGranted_NoScopesSelected_ReturnsConsentResult()
{
RequiresConsent(true);
var request = new ValidatedAuthorizeRequest()
{
ResponseMode = Constants.ResponseModes.Fragment,
State = "12345",
RedirectUri = "https://client.com/callback",
ValidatedScopes = new ScopeValidator(null),
Client = new Client { }
};
var consent = new UserConsent
{
Button = "yes",
RememberConsent = false,
Scopes = new string[] { }
};
var result = subject.ProcessConsentAsync(request, consent).Result;
request.WasConsentShown.Should().BeTrue();
result.IsConsent.Should().BeTrue();
result.ConsentError.Should().Be(Messages.MustSelectAtLeastOnePermission);
AssertUpdateConsentNotCalled();
}
public async Task<ConsentInteractionResponse> ProcessConsentAsync(ValidatedAuthorizeRequest request, UserConsent consent = null)
{
if (request == null) throw new ArgumentNullException("request");
if (request.PromptMode != null &&
request.PromptMode != Constants.PromptModes.None &&
request.PromptMode != Constants.PromptModes.Consent)
{
throw new ArgumentException("Invalid PromptMode");
}
var consentRequired = await _consent.RequiresConsentAsync(request.Client, request.Subject, request.RequestedScopes);
if (consentRequired && request.PromptMode == Constants.PromptModes.None)
{
return new ConsentInteractionResponse
{
Error = new AuthorizeError
{
ErrorType = ErrorTypes.Client,
Error = Constants.AuthorizeErrors.InteractionRequired,
ResponseMode = request.ResponseMode,
ErrorUri = request.RedirectUri,
State = request.State
}
};
}
if (request.PromptMode == Constants.PromptModes.Consent || consentRequired)
{
var response = new ConsentInteractionResponse();
// did user provide consent
if (consent == null)
{
// user was not yet shown conset screen
response.IsConsent = true;
}
else
{
request.WasConsentShown = true;
// user was shown consent -- did they say yes or no
if (consent.WasConsentGranted == false)
{
// no need to show consent screen again
// build access denied error to return to client
response.Error = new AuthorizeError {
ErrorType = ErrorTypes.Client,
Error = Constants.AuthorizeErrors.AccessDenied,
ResponseMode = request.ResponseMode,
ErrorUri = request.RedirectUri,
State = request.State
};
}
else
{
// they said yes, set scopes they chose
request.ValidatedScopes.SetConsentedScopes(consent.ScopedConsented);
if (!request.ValidatedScopes.GrantedScopes.Any())
{
// they said yes, but didn't pick any scopes
// show consent again and provide error message
response.IsConsent = true;
response.ConsentError = Messages.MustSelectAtLeastOnePermission;
}
else if (request.Client.AllowRememberConsent)
{
// remember consent
var scopes = Enumerable.Empty<string>();
if (consent.RememberConsent)
{
// remember what user actually selected
scopes = request.ValidatedScopes.GrantedScopes.Select(x => x.Name);
}
await _consent.UpdateConsentAsync(request.Client, request.Subject, scopes);
}
}
}
return response;
}
return new ConsentInteractionResponse();
}
