public async Task <ActionResult> AddResourceSet([FromBody] PostResourceSet postResourceSet) { if (postResourceSet == null) { return(BuildError(ErrorCodes.InvalidRequestCode, "no parameter in body request", HttpStatusCode.BadRequest)); } var parameter = postResourceSet.ToParameter(); var result = await _resourceSetActions.AddResourceSet(parameter); var response = new AddResourceSetResponse { Id = result }; return(new ObjectResult(response) { StatusCode = (int)HttpStatusCode.Created }); }
public async Task <ActionResult> AddResourceSet([FromBody] PostResourceSet postResourceSet) { if (postResourceSet == null) { throw new ArgumentNullException(nameof(postResourceSet)); } var parameter = postResourceSet.ToParameter(); var result = await _resourceSetActions.AddResourceSet(parameter); var response = new AddResourceSetResponse { Id = result }; await _representationManager.AddOrUpdateRepresentationAsync(this, CachingStoreNames.GetResourcesStoreName, false); return(new ObjectResult(response) { StatusCode = (int)HttpStatusCode.Created }); }
public void CanRegisterAResourceForUserAndManagePolicies() { TokenClient client = null !; UmaClient umaClient = null !; GrantedTokenResponse token = null !; AddResourceSetResponse resourceSetResponse = null !; EditPolicyResponse policyRules = null !; "Given a token client".x( () => { client = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), _fixture.Client, new Uri(WellKnownOpenidConfiguration)); }); "And a UMA client".x(() => { umaClient = new UmaClient(_fixture.Client, new Uri(BaseUrl)); }); "When getting a PAT token".x( async() => { var response = await client.GetToken( TokenRequest.FromPassword("administrator", "password", new[] { "uma_protection" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; token = response.Item; Assert.NotNull(token); }); "Then can register a resource".x( async() => { var resource = new ResourceSet { AuthorizationPolicies = new[] { new PolicyRule { ClientIdsAllowed = new[] { "clientCredentials" }, IsResourceOwnerConsentNeeded = true, Scopes = new[] { "read" } } }, Name = "test resource", Scopes = new[] { "read" }, Type = "test" }; var response = await umaClient.AddResource(resource, token.AccessToken).ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; Assert.NotNull(response); resourceSetResponse = response.Item; }); "And can view resource policies".x( async() => { var msg = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri(resourceSetResponse.UserAccessPolicyUri) }; msg.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); msg.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken); var policyResponse = await _fixture.Client().SendAsync(msg).ConfigureAwait(false); Assert.True(policyResponse.IsSuccessStatusCode); var content = await policyResponse.Content.ReadAsStringAsync().ConfigureAwait(false); policyRules = JsonConvert.DeserializeObject <EditPolicyResponse>(content); Assert.Single(policyRules !.Rules); }); "And can update resource policies".x( async() => { policyRules.Rules[0] = policyRules.Rules[0] with { IsResourceOwnerConsentNeeded = false }; var msg = new HttpRequestMessage { Method = HttpMethod.Put, RequestUri = new Uri(resourceSetResponse.UserAccessPolicyUri), Content = new StringContent(JsonConvert.SerializeObject(policyRules)) }; msg.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken); var policyResponse = await _fixture.Client().SendAsync(msg).ConfigureAwait(false); Assert.True(policyResponse.IsSuccessStatusCode); }); }
public void SuccessfulTicketAuthentication() { GrantedTokenResponse umaToken = null !; AddResourceSetResponse resourceSetResponse = null !; UmaClient umaClient = null !; TokenClient client = null !; GrantedTokenResponse result = null !; string ticketId = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("post_client", "post_client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "uma_protection", "offline" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "post_client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "given a uma client".x( () => { umaClient = new UmaClient( _fixture.Client, new Uri("https://localhost/.well-known/uma2-configuration")); }); "when creating resource set".x( async() => { var resourceSet = new ResourceSet { Name = "Local", Scopes = new[] { "api1" }, Type = "url", }; var resourceResponse = await umaClient.AddResource(resourceSet, result.AccessToken).ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceSetResponse = resourceResponse.Item; Assert.NotNull(resourceResponse); }); "and setting access policy".x( async() => { var resourceSet = new ResourceSet { Id = resourceSetResponse.Id, Name = "Local", Scopes = new[] { "api1" }, Type = "url", AuthorizationPolicies = new[] { new PolicyRule { Scopes = new[] { "api1" }, Claims = new[] { new ClaimData { Type = ClaimTypes.NameIdentifier, Value = "user" } }, ClientIdsAllowed = new[] { "post_client" }, IsResourceOwnerConsentNeeded = false } } }; var resourceResponse = await umaClient.UpdateResource(resourceSet, result.AccessToken).ConfigureAwait(false) as Option <UpdateResourceSetResponse> .Result; Assert.NotNull(resourceResponse); }); "then can get redirection".x( async() => { var request = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri("http://localhost/data/" + resourceSetResponse.Id) }; request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); var response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); var httpHeaderValueCollection = response.Headers.WwwAuthenticate; Assert.True(httpHeaderValueCollection != null); var match = Regex.Match( httpHeaderValueCollection.First().Parameter, ".+ticket=\"(.+)\".*", RegexOptions.Compiled); ticketId = match.Groups[1].Value; }); "when requesting token".x( async() => { var response = await client.GetToken(TokenRequest.FromTicketId(ticketId, result.IdToken)) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; umaToken = response.Item; Assert.NotNull(umaToken.AccessToken); }); "then can get resource with token".x( async() => { var request = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri("http://localhost/data/" + resourceSetResponse.Id) }; request.Headers.Authorization = new AuthenticationHeaderValue( umaToken.TokenType, umaToken.AccessToken); var response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); var content = await response.Content.ReadAsStringAsync().ConfigureAwait(false); Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal("\"Hello\"", content); }); }
public void UnsuccessfulTicketAuthentication() { Option <GrantedTokenResponse> ticketResponse = null !; AddResourceSetResponse resourceSetResponse = null !; UmaClient umaClient = null !; TokenClient client = null !; GrantedTokenResponse result = null !; string ticketId = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("post_client", "post_client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "uma_protection" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "post_client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "given a uma client".x( () => { umaClient = new UmaClient( _fixture.Client, new Uri("https://localhost/.well-known/uma2-configuration")); }); "when creating resource set with deviating scopes".x( async() => { var resourceSet = new ResourceSet { Name = "Local", Scopes = new[] { "api1" }, Type = "url", AuthorizationPolicies = new[] { new PolicyRule { Scopes = new[] { "anotherApi" }, Claims = new[] { new ClaimData { Type = "sub", Value = "user" } }, ClientIdsAllowed = new[] { "post_client" }, IsResourceOwnerConsentNeeded = false } } }; var resourceResponse = await umaClient.AddResource(resourceSet, result.AccessToken).ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; Assert.NotNull(resourceResponse); resourceSetResponse = resourceResponse.Item; }); "and requesting permission ticket".x( async() => { var permission = new PermissionRequest { ResourceSetId = resourceSetResponse.Id, Scopes = new[] { "api1" } }; var permissionResponse = await umaClient.RequestPermission(result.AccessToken, requests: permission) .ConfigureAwait(false) as Option <TicketResponse> .Result; Assert.NotNull(permissionResponse); ticketId = permissionResponse.Item.TicketId; }); "and requesting token from ticket".x( async() => { ticketResponse = await client.GetToken(TokenRequest.FromTicketId(ticketId, result.IdToken)) .ConfigureAwait(false); }); "then has error".x(() => { Assert.IsType <Option <GrantedTokenResponse> .Error>(ticketResponse); }); }
public void DefaultPolicyTicketAuthentication() { AddResourceSetResponse resourceSetResponse = null !; UmaClient umaClient = null !; TokenClient client = null !; GrantedTokenResponse result = null !; string ticketId = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("post_client", "post_client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "uma_protection" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "post_client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "given a uma client".x( () => { umaClient = new UmaClient(_fixture.Client, new Uri("https://localhost/")); }); "when creating resource set without a policy".x( async() => { var resourceSet = new ResourceSet { Name = "Local", Scopes = new[] { "api1" }, Type = "url", AuthorizationPolicies = null }; var resourceResponse = await umaClient.AddResource(resourceSet, result.AccessToken).ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceSetResponse = resourceResponse.Item; Assert.NotNull(resourceResponse); }); "then can get redirection".x( async() => { var request = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri("http://localhost/data/" + resourceSetResponse.Id) }; request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); var response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); var httpHeaderValueCollection = response.Headers.WwwAuthenticate; Assert.True(httpHeaderValueCollection != null); var match = Regex.Match( httpHeaderValueCollection.First().Parameter, ".+ticket=\"(.+)\".*", RegexOptions.Compiled); ticketId = match.Groups[1].Value; }); "when requesting token".x( async() => { var response = await client.GetToken(TokenRequest.FromTicketId(ticketId, result.IdToken)) .ConfigureAwait(false); Assert.IsType <Option <GrantedTokenResponse> .Error>(response); }); }