public async Task ProcessConsentAsync_AllowConsentSelected_SavesConsent() { RequiresConsent(true); var client = new Client { AllowRememberConsent = true }; var user = new ClaimsPrincipal(); var request = new ValidatedAuthorizeRequest() { ResponseMode = Constants.ResponseModes.Fragment, State = "12345", RedirectUri = "https://client.com/callback", ValidatedScopes = new ScopeValidator(new InMemoryScopeStore(TestScopes.Get())), Client = client, Subject = user }; await request.ValidatedScopes.AreScopesValidAsync(new string[] { "read", "write" }); var consent = new UserConsent { Button = "yes", RememberConsent = true, Scopes = new string[] { "read" } }; var result = subject.ProcessConsentAsync(request, consent).Result; AssertUpdateConsentCalled(client, user, "read"); }
public async Task ProcessConsentAsync_PromptModeConsent_ConsentGranted_ScopesSelected_ReturnsConsentResult() { RequiresConsent(true); var request = new ValidatedAuthorizeRequest() { ResponseMode = Constants.ResponseModes.Fragment, State = "12345", RedirectUri = "https://client.com/callback", ValidatedScopes = new ScopeValidator(new InMemoryScopeStore(TestScopes.Get())), Client = new Client { } }; await request.ValidatedScopes.AreScopesValidAsync(new string[] { "read", "write" }); var consent = new UserConsent { Button = "yes", RememberConsent = false, Scopes = new string[] { "read" } }; var result = subject.ProcessConsentAsync(request, consent).Result; request.ValidatedScopes.GrantedScopes.Count.Should().Be(1); "read".Should().Be(request.ValidatedScopes.GrantedScopes.First().Name); request.WasConsentShown.Should().BeTrue(); result.IsConsent.Should().BeFalse(); AssertUpdateConsentNotCalled(); }
public void ProcessConsentAsync_NoPromptMode_ConsentServiceRequiresConsent_ConsentNotGranted_ReturnsErrorResult() { RequiresConsent(true); var request = new ValidatedAuthorizeRequest() { ResponseMode = Constants.ResponseModes.Fragment, State = "12345", RedirectUri = "https://client.com/callback", }; var consent = new UserConsent { Button = "no", RememberConsent = false, Scopes = new string[] { "read", "write" } }; var result = subject.ProcessConsentAsync(request, consent).Result; request.WasConsentShown.Should().BeTrue(); result.IsError.Should().BeTrue(); result.Error.ErrorType.Should().Be(ErrorTypes.Client); result.Error.Error.Should().Be(Constants.AuthorizeErrors.AccessDenied); AssertErrorReturnsRequestValues(result.Error, request); AssertUpdateConsentNotCalled(); }
public void ProcessConsentAsync_NoPromptMode_ConsentServiceRequiresConsent_ConsentGranted_NoScopesSelected_ReturnsConsentResult() { RequiresConsent(true); var request = new ValidatedAuthorizeRequest() { ResponseMode = Constants.ResponseModes.Fragment, State = "12345", RedirectUri = "https://client.com/callback", ValidatedScopes = new ScopeValidator(null), Client = new Client { } }; var consent = new UserConsent { Button = "yes", RememberConsent = false, Scopes = new string[] { } }; var result = subject.ProcessConsentAsync(request, consent).Result; request.WasConsentShown.Should().BeTrue(); result.IsConsent.Should().BeTrue(); result.ConsentError.Should().Be(Messages.MustSelectAtLeastOnePermission); AssertUpdateConsentNotCalled(); }
public async Task<ConsentInteractionResponse> ProcessConsentAsync(ValidatedAuthorizeRequest request, UserConsent consent = null) { if (request == null) throw new ArgumentNullException("request"); if (request.PromptMode != null && request.PromptMode != Constants.PromptModes.None && request.PromptMode != Constants.PromptModes.Consent) { throw new ArgumentException("Invalid PromptMode"); } var consentRequired = await _consent.RequiresConsentAsync(request.Client, request.Subject, request.RequestedScopes); if (consentRequired && request.PromptMode == Constants.PromptModes.None) { return new ConsentInteractionResponse { Error = new AuthorizeError { ErrorType = ErrorTypes.Client, Error = Constants.AuthorizeErrors.InteractionRequired, ResponseMode = request.ResponseMode, ErrorUri = request.RedirectUri, State = request.State } }; } if (request.PromptMode == Constants.PromptModes.Consent || consentRequired) { var response = new ConsentInteractionResponse(); // did user provide consent if (consent == null) { // user was not yet shown conset screen response.IsConsent = true; } else { request.WasConsentShown = true; // user was shown consent -- did they say yes or no if (consent.WasConsentGranted == false) { // no need to show consent screen again // build access denied error to return to client response.Error = new AuthorizeError { ErrorType = ErrorTypes.Client, Error = Constants.AuthorizeErrors.AccessDenied, ResponseMode = request.ResponseMode, ErrorUri = request.RedirectUri, State = request.State }; } else { // they said yes, set scopes they chose request.ValidatedScopes.SetConsentedScopes(consent.ScopedConsented); if (!request.ValidatedScopes.GrantedScopes.Any()) { // they said yes, but didn't pick any scopes // show consent again and provide error message response.IsConsent = true; response.ConsentError = Messages.MustSelectAtLeastOnePermission; } else if (request.Client.AllowRememberConsent) { // remember consent var scopes = Enumerable.Empty<string>(); if (consent.RememberConsent) { // remember what user actually selected scopes = request.ValidatedScopes.GrantedScopes.Select(x => x.Name); } await _consent.UpdateConsentAsync(request.Client, request.Subject, scopes); } } } return response; } return new ConsentInteractionResponse(); }