public void OnAuthorization_RedirectsToAuthorizationRedirectPath_OnlyWhenUserDeniedGrantingPermissions(string requestUrl, string expectedRedirectUrl)
{
FacebookClient client = MockHelpers.CreateFacebookClient();
IFacebookPermissionService permissionService = MockHelpers.CreatePermissionService(new[] { "" });
FacebookConfiguration config = MockHelpers.CreateConfiguration(client, permissionService);
config.AuthorizationRedirectPath = "~/home/permissions";
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
AuthorizationContext context = new AuthorizationContext(
MockHelpers.CreateControllerContext(new NameValueCollection
{
{ "signed_request", "exampleSignedRequest" }
},
null,
new Uri(requestUrl)),
MockHelpers.CreateActionDescriptor(new[] { new FacebookAuthorizeAttribute("email") }));
authorizeFilter.OnAuthorization(context);
ContentResult result = Assert.IsAssignableFrom <JavaScriptRedirectResult>(context.Result);
Assert.Equal("text/html", result.ContentType);
Assert.Equal(
String.Format("<script>window.top.location = '{0}';</script>", expectedRedirectUrl),
result.Content);
}
public void OnAuthorization_RedirectsToOAuthDialog_ForMissingPermissions()
{
FacebookClient client = MockHelpers.CreateFacebookClient();
IFacebookPermissionService permissionService = MockHelpers.CreatePermissionService(
new[] { "" }
);
FacebookConfiguration config = MockHelpers.CreateConfiguration(
client,
permissionService
);
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
AuthorizationContext context = new AuthorizationContext(
MockHelpers.CreateControllerContext(
new NameValueCollection {
{ "signed_request", "exampleSignedRequest" }
}
),
MockHelpers.CreateActionDescriptor(
new[] { new FacebookAuthorizeAttribute("email", "user_likes") }
)
);
authorizeFilter.OnAuthorization(context);
ContentResult result = Assert.IsType <ShowPromptResult>(context.Result);
Assert.Equal("text/html", result.ContentType);
Assert.Equal(
"<script>window.top.location = 'https://www.facebook.com/dialog/oauth?redirect_uri=example.com';</script>",
result.Content
);
}
public void OnAuthorization_ThrowsArgumentNullException()
{
FacebookConfiguration config = MockHelpers.CreateConfiguration();
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
Assert.ThrowsArgumentNull(() => authorizeFilter.OnAuthorization(null), "filterContext");
}
public void GetUserPermissions_CallsGetOnFacebookClientWithExpectedPath()
{
LocalFacebookClient localClient = new LocalFacebookClient();
FacebookConfiguration config = MockHelpers.CreateConfiguration(localClient);
DefaultFacebookPermissionService permissionService = new DefaultFacebookPermissionService(config);
permissionService.GetUserPermissions("123456", "sampleAccessToken");
Assert.Equal("me/permissions", localClient.Path);
}
public void CreateRedirectResult_StringEncodesTheRedirectUrl()
{
Uri uri = new Uri("http://example.com?query=4'; alert('hello world')");
FacebookConfiguration config = MockHelpers.CreateConfiguration();
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
ContentResult result = Assert.IsType <JavaScriptRedirectResult>(authorizeFilter.CreateRedirectResult(uri));
Assert.Equal("text/html", result.ContentType);
Assert.Equal(@"<script>window.top.location = 'http://example.com/?query=4\u0027;%20alert(\u0027hello%20world\u0027)';</script>", result.Content);
}
// Helper methods and classes
private FacebookConfiguration BuildConfiguration(string authorizationRedirectPath,
PermissionsStatus userPermissionsStatus = null)
{
var client = MockHelpers.CreateFacebookClient();
var permissionService = MockHelpers.CreatePermissionService(new[] { "" }, userPermissionsStatus);
var config = MockHelpers.CreateConfiguration(client, permissionService);
config.AuthorizationRedirectPath = authorizationRedirectPath;
return(config);
}
public void OnAuthorization_RedirectsToOAuthDialog_WhenSignedRequestIsNull()
{
FacebookConfiguration config = MockHelpers.CreateConfiguration();
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
AuthorizationContext context = new AuthorizationContext(
MockHelpers.CreateControllerContext(),
MockHelpers.CreateActionDescriptor(new[] { new FacebookAuthorizeAttribute("email") }));
authorizeFilter.OnAuthorization(context);
ContentResult result = Assert.IsType <JavaScriptRedirectResult>(context.Result);
Assert.Equal("text/html", result.ContentType);
Assert.Equal(
"<script>window.top.location = 'https://www.facebook.com/dialog/oauth?redirect_uri=https%3A%2F%2Fapps.facebook.com%2FDefaultAppId%2F\\u0026client_id=DefaultAppId';</script>",
result.Content);
}