public void ShouldFailValidationDueToMissingDate()
{
// Arrange
IHmacConfiguration configuration = CreateConfiguration();
IHmacSigner signer = new HmacSigner(configuration, _keyRepository);
HmacValidator validator = new HmacValidator(configuration, signer);
DateTimeOffset dateTimeOffset = DateTimeOffset.UtcNow.AddMinutes(-3);
string dateString = dateTimeOffset.ToString(HmacConstants.DateHeaderFormat, _dateHeaderCulture);
HttpRequestBase request = CreateRequest(dateString);
HmacSignatureData signatureData = signer.GetSignatureDataFromHttpRequest(request);
string signature = signer.CreateSignature(signatureData);
request.Headers[HmacConstants.AuthorizationHeaderName] = string.Format(
HmacConstants.AuthorizationHeaderFormat,
configuration.AuthorizationScheme,
signature);
request.Headers.Remove(HmacConstants.DateHeaderName);
// Act
HmacValidationResult result = validator.ValidateHttpRequest(request);
// Assert
Assert.IsNotNull(result);
Assert.IsNotNull(result.ErrorMessage);
Assert.AreEqual(result.ResultCode, HmacValidationResultCode.DateMissing);
}
public void ShouldFailValidationDueToMissingKey()
{
// Arrange
Mock <IHmacKeyRepository> mockKeyRepo = new Mock <IHmacKeyRepository>();
mockKeyRepo.Setup(r => r.GetHmacKeyForUsername(It.IsAny <string>())).Returns((string)null);
IHmacConfiguration configuration = CreateConfiguration();
IHmacSigner signer = new HmacSigner(configuration, mockKeyRepo.Object);
HmacValidator validator = new HmacValidator(configuration, signer);
DateTimeOffset dateTimeOffset = DateTimeOffset.UtcNow.AddMinutes(-3);
string dateString = dateTimeOffset.ToString(HmacConstants.DateHeaderFormat, _dateHeaderCulture);
HttpRequestBase request = CreateRequest(dateString);
HmacSignatureData signatureData = signer.GetSignatureDataFromHttpRequest(request);
signatureData.Key = "TestKey";
string signature = signer.CreateSignature(signatureData);
request.Headers[HmacConstants.AuthorizationHeaderName] = string.Format(
HmacConstants.AuthorizationHeaderFormat,
configuration.AuthorizationScheme,
signature);
// Act
HmacValidationResult result = validator.ValidateHttpRequest(request);
// Assert
Assert.IsNotNull(result);
Assert.IsNotNull(result.ErrorMessage);
Assert.AreEqual(result.ResultCode, HmacValidationResultCode.KeyMissing);
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
IHmacConfiguration configuration = _configurationManager.Get("Example");
IHmacSigner signer = new HmacSigner(configuration, _keyRepository);
IHmacValidator validator = new HmacValidator(configuration, signer);
HmacValidationResult result = validator.ValidateHttpRequest(filterContext.HttpContext.Request);
if (result.ResultCode == HmacValidationResultCode.Ok)
{
return;
}
HttpResponseBase response = filterContext.HttpContext.Response;
validator.AddWwwAuthenticateHeader(response, configuration.AuthorizationScheme);
response.Headers.Add("X-Auth-ErrorCode", result.ResultCode.ToString());
response.StatusCode = (int)HttpStatusCode.Unauthorized;
response.Write(result.ErrorMessage);
response.End();
}
public void ShouldFailValidationDueToInvalidAuthorization()
{
// Arrange
IHmacConfiguration configuration = CreateConfiguration();
IHmacSigner signer = new HmacSigner(configuration, _keyRepository);
HmacValidator validator = new HmacValidator(configuration, signer);
DateTimeOffset dateTimeOffset = DateTimeOffset.UtcNow.AddMinutes(-3);
string dateString = dateTimeOffset.ToString(HmacConstants.DateHeaderFormat, _dateHeaderCulture);
HttpRequestBase request = CreateRequest(dateString);
request.Headers[HmacConstants.AuthorizationHeaderName] = "blahblah";
// Act
HmacValidationResult result = validator.ValidateHttpRequest(request);
// Assert
Assert.IsNotNull(result);
Assert.IsNotNull(result.ErrorMessage);
Assert.AreEqual(result.ResultCode, HmacValidationResultCode.AuthorizationInvalid);
}
