public void ShouldRedirectToFailurePathIfErrorIn()
{
// See https://tools.ietf.org/html/rfc6749#section-4.1.2.1
var subject = new MicrosoftGraphAuthenticationProvider(new TestAzureGraphService())
{
FailureRedirectPath = "/auth-failure"
};
var auth = new Authenticate
{
UserName = "******"
};
var request = new MockHttpRequest("auth", "GET", "text", "/auth/foo?error=invalid_request",
new NameValueCollection {
{ "error", "invalid_request" }
}, Stream.Null, null);
var mockAuthService = MockAuthService(request);
var response = subject.Authenticate(mockAuthService.Object, new AuthUserSession(), auth);
var result = (IHttpResult)response;
//var redirectRequest = new Uri(result.Headers["Location"]);
Assert.Equal("http://localhost/auth-failure?f=invalid_request&response_type=code",
result.Headers["Location"]);
var query = PclExportClient.Instance.ParseQueryString(new Uri(result.Headers["Location"]).Query);
Assert.Equal("code", query["response_type"]);
}
public void ShouldBeAuthProvider()
{
var subject = new MicrosoftGraphAuthenticationProvider(new TestAzureGraphService());
Assert.IsAssignableFrom <AuthProvider>(subject);
Assert.Equal("ms-graph", subject.Provider);
}
public void ShouldSetCallbackUrlWithoutParameters()
{
var subject = new MicrosoftGraphAuthenticationProvider(new TestAzureGraphService());
var auth = new Authenticate
{
UserName = "******"
};
var request = new MockHttpRequest("auth", "GET", "text",
"/auth/foo/bar?redirect=" + "http://localhost/secure-resource".UrlEncode(), new NameValueCollection
{
{ "redirect", "http://localhost/secure-resource" }
}, Stream.Null, null);
var mockAuthService = MockAuthService(request);
var response = subject.Authenticate(mockAuthService.Object, new AuthUserSession(), auth);
var result = (IHttpResult)response;
var codeRequest = new Uri(result.Headers["Location"]);
var query = PclExportClient.Instance.ParseQueryString(codeRequest.Query);
Assert.Equal(query["response_type"], "code");
Assert.Equal(subject.CallbackUrl, "http://localhost/auth/foo/bar");
Assert.Equal(query["redirect_uri"].UrlDecode(), subject.CallbackUrl);
}
public void ShouldRequestToken()
{
var subject = new MicrosoftGraphAuthenticationProvider(new TestAzureGraphService());
var auth = new Authenticate
{
UserName = "******"
};
var session = new AuthUserSession {
State = "D79E5777-702E-4260-9A62-37F75FF22CCE", UserName = auth.UserName
};
subject.CallbackUrl = "http://localhost/myapp/";
var request = new MockHttpRequest("myapp", "GET", "text", "/myapp", new NameValueCollection
{
{
"code",
"AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrqqf_ZT_p5uEAEJJ_nZ3UmphWygRNy2C3jJ239gV_DBnZ2syeg95Ki-374WHUP-i3yIhv5i-7KU2CEoPXwURQp6IVYMw-DjAOzn7C3JCu5wpngXmbZKtJdWmiBzHpcO2aICJPu1KvJrDLDP20chJBXzVYJtkfjviLNNW7l7Y3ydcHDsBRKZc3GuMQanmcghXPyoDg41g8XbwPudVh7uCmUponBQpIhbuffFP_tbV8SNzsPoFz9CLpBCZagJVXeqWoYMPe2dSsPiLO9Alf_YIe5zpi-zY4C3aLw5g9at35eZTfNd0gBRpR5ojkMIcZZ6IgAA"
},
{ "session_state", "7B29111D-C220-4263-99AB-6F6E135D75EF" },
{ "state", "D79E5777-702E-4260-9A62-37F75FF22CCE" }
}, Stream.Null, null);
var mockAuthService = MockAuthService(request);
using (new HttpResultsFilter
{
StringResultFn = (tokenRequest, s) =>
{
Assert.Equal(tokenRequest.RequestUri.ToString(),
"https://login.microsoftonline.com/common/oauth2/v2.0/token");
Assert.Equal(tokenRequest.Method, "POST");
Assert.Equal(tokenRequest.ContentType, "application/x-www-form-urlencoded");
return(TokenHelper.GetIdToken());
}
})
{
var response = subject.Authenticate(mockAuthService.Object, session, auth);
Assert.True(session.IsAuthenticated);
var tokens = session.GetAuthTokens("ms-graph");
Assert.NotNull(tokens);
Assert.Equal(tokens.Provider, "ms-graph");
Assert.Equal(tokens.AccessTokenSecret, TokenHelper.AccessToken);
Assert.NotNull(tokens.RefreshTokenExpiry);
Assert.Equal(tokens.RefreshToken, TokenHelper.RefreshToken);
Assert.Equal(tokens.UserId, "d542096aa0b94e2195856b57e43257e4"); // oid
Assert.Equal(tokens.UserName, "*****@*****.**");
Assert.Equal(tokens.LastName, "User");
Assert.Equal(tokens.FirstName, "Some");
Assert.Equal(tokens.DisplayName, "Some User");
Assert.Equal(session.UserName, tokens.UserName);
Assert.Equal(session.LastName, tokens.LastName);
Assert.Equal(session.FirstName, tokens.FirstName);
Assert.Equal(session.DisplayName, tokens.DisplayName);
var result = (IHttpResult)response;
Assert.True(result.Headers["Location"].StartsWith("http://localhost#s=1"));
}
}
public void ShouldSaveOAuth2StateValue()
{
var subject = new MicrosoftGraphAuthenticationProvider(new TestAzureGraphService());
var auth = new Authenticate
{
UserName = "******"
};
var session = new AuthUserSession();
var response = subject.Authenticate(MockAuthService().Object, session, auth);
var result = (IHttpResult)response;
var codeRequest = new Uri(result.Headers["Location"]);
var query = PclExportClient.Instance.ParseQueryString(codeRequest.Query);
var state = query["state"];
Assert.Equal(session.State, state);
}
public void ShouldSetReferrerFromRedirectParam()
{
var subject = new MicrosoftGraphAuthenticationProvider(new TestAzureGraphService());
var auth = new Authenticate
{
UserName = "******"
};
var request = new MockHttpRequest("myapp", "GET", "text", "/myapp", new NameValueCollection
{
{ "redirect", "http://localhost/myapp/secure-resource" }
}, Stream.Null, null);
var mockAuthService = MockAuthService(request);
var session = new AuthUserSession();
subject.Authenticate(mockAuthService.Object, session, auth);
Assert.Equal(session.ReferrerUrl, "http://localhost/myapp/secure-resource");
}
public void ShouldAbortIfStateValuesDoNotMatch()
{
var subject = new MicrosoftGraphAuthenticationProvider(new TestAzureGraphService());
var auth = new Authenticate
{
UserName = "******"
};
subject.CallbackUrl = "http://localhost/myapp/";
var request = new MockHttpRequest("myapp", "GET", "text", "/myapp", new NameValueCollection
{
{ "code", "code123" },
{ "session_state", "dontcare" },
{ "state", "state123" }
}, Stream.Null, null);
var mockAuthService = MockAuthService(request);
using (new HttpResultsFilter
{
StringResultFn = (tokenRequest, s) => @"{
""access_token"": ""fake token"",
""id_token"": ""eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctODkwYS0yNzRhNzJhNzMwOWUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83ZmU4MTQ0Ny1kYTU3LTQzODUtYmVjYi02ZGU1N2YyMTQ3N2UvIiwiaWF0IjoxMzg4NDQwODYzLCJuYmYiOjEzODg0NDA4NjMsImV4cCI6MTM4ODQ0NDc2MywidmVyIjoiMS4wIiwidGlkIjoiN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0NzdlIiwib2lkIjoiNjgzODlhZTItNjJmYS00YjE4LTkxZmUtNTNkZDEwOWQ3NGY1IiwidXBuIjoiZnJhbmttQGNvbnRvc28uY29tIiwidW5pcXVlX25hbWUiOiJmcmFua21AY29udG9zby5jb20iLCJzdWIiOiJKV3ZZZENXUGhobHBTMVpzZjd5WVV4U2hVd3RVbTV5elBtd18talgzZkhZIiwiZmFtaWx5X25hbWUiOiJNaWxsZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ.""
}"
})
{
var session = new AuthUserSession
{
State = "state133" // Not the same as the state in the request above
};
try
{
subject.Authenticate(mockAuthService.Object, session, auth);
}
catch (UnauthorizedAccessException)
{
}
Assert.False(session.IsAuthenticated);
}
}
public void ShouldRequestCode()
{
var subject = new MicrosoftGraphAuthenticationProvider(new TestAzureGraphService());
var auth = new Authenticate
{
UserName = "******"
};
var authService = MockAuthService();
var response = subject.Authenticate(authService.Object, new AuthUserSession(), auth);
var result = (IHttpResult)response;
Assert.True(result.Headers["Location"].StartsWith(
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=clientid&response_type=code&redirect_uri=http%3a%2f%2flocalhost%2f&[email protected]&scope=https%3a%2f%2fgraph.microsoft.com%2fUser.Read++https%3a%2f%2fgraph.microsoft.com%2foffline%5faccess++https%3a%2f%2fgraph.microsoft.com%2fopenid++https%3a%2f%2fgraph.microsoft.com%2fprofile"));
var codeRequest = new Uri(result.Headers["Location"]);
var query = PclExportClient.Instance.ParseQueryString(codeRequest.Query);
Assert.Equal(query["response_type"], "code");
Assert.Equal(query["client_id"], "clientid");
Assert.Equal(query["redirect_uri"].UrlDecode(), subject.CallbackUrl);
Assert.Equal("*****@*****.**", query["domain_hint"]);
}
public void Register(IAppHost appHost)
{
MicrosoftGraphAuthenticationProvider.RegisterProviderSupportServices(appHost);
InitSchema(appHost);
}