public async Task TestInstanceDiscovery_WhenAuthorityIsInvalidButValidationIsNotRequired_ShouldCacheTheProvidedAuthority()
{
for (int i = 0; i < 2; i++) // Prepare 2 mock responses
{
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant)
{
Method = HttpMethod.Get,
Url = $"https://{InstanceDiscovery.DefaultTrustedAuthority}/common/discovery/instance",
ResponseMessage = MockHelpers.CreateFailureResponseMessage("{\"error\":\"invalid_instance\"}")
});
}
CallState callState = new CallState(Guid.NewGuid());
string host = "invalid_instance.example.com";
// ADAL still behaves correctly using developer provided authority
var entry = await InstanceDiscovery.GetMetadataEntry(new Uri($"https://{host}/tenant"), false, callState).ConfigureAwait(false);
Assert.AreEqual(host, entry.PreferredNetwork); // No exception raised, the host is returned as-is
Assert.AreEqual(1, HttpMessageHandlerFactory.MockHandlersCount()); // 1 mock response is consumed, 1 remaining
// Subsequent requests do not result in further authority validation network requests for the process lifetime
var entry2 = await InstanceDiscovery.GetMetadataEntry(new Uri($"https://{host}/tenant"), false, callState).ConfigureAwait(false);
Assert.AreEqual(host, entry2.PreferredNetwork);
Assert.AreEqual(1, HttpMessageHandlerFactory.MockHandlersCount()); // Still 1 mock response remaining, so no new request was attempted
}
public async Task AuthenticationContextAuthorityValidationTestAsync()
{
AuthenticationContext context = null;
AuthenticationResult result = null;
try
{
context = new AuthenticationContext("https://login.contoso.com/adfs");
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
}
catch (ArgumentException ex)
{
Assert.AreEqual(ex.ParamName, "validateAuthority");
}
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
//whitelisted authority
context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, true);
result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters,
new UserIdentifier(TestConstants.DefaultDisplayableId, UserIdentifierType.RequiredDisplayableId));
Assert.IsNotNull(result);
Assert.AreEqual(result.AccessToken, "some-access-token");
Assert.IsNotNull(result.UserInfo);
//add handler to return failed discovery response
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage =
MockHelpers.CreateFailureResponseMessage(
"{\"error\":\"invalid_instance\",\"error_description\":\"AADSTS70002: Error in validating authority.\"}")
});
try
{
context = new AuthenticationContext("https://login.microsoft0nline.com/common");
result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
}
catch (AdalException ex)
{
Assert.AreEqual(ex.ErrorCode, AdalError.AuthorityNotInValidList);
}
}
public async Task FullCoveragePositiveTestAsync()
{
MockHttpMessageHandler mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant)
{
Method = HttpMethod.Get,
Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/devicecode",
ResponseMessage = MockHelpers.CreateSuccessDeviceCodeResponseMessage()
};
HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler);
mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant)
{
Method = HttpMethod.Post,
Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/token",
ResponseMessage = MockHelpers.CreateFailureResponseMessage("{\"error\":\"authorization_pending\"," +
"\"error_description\":\"AADSTS70016: Pending end-user authorization." +
"\\r\\nTrace ID: f6c2c73f-a21d-474e-a71f-d8b121a58205\\r\\nCorrelation ID: " +
"36fe3e82-442f-4418-b9f4-9f4b9295831d\\r\\nTimestamp: 2015-09-24 19:51:51Z\"," +
"\"error_codes\":[70016],\"timestamp\":\"2015-09-24 19:51:51Z\",\"trace_id\":" +
"\"f6c2c73f-a21d-474e-a71f-d8b121a58205\",\"correlation_id\":" +
"\"36fe3e82-442f-4418-b9f4-9f4b9295831d\"}")
};
HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant)
{
Method = HttpMethod.Post,
Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/token",
ResponseMessage =
MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId,
TestConstants.DefaultDisplayableId, TestConstants.DefaultResource)
});
TokenCache cache = new TokenCache();
AuthenticationContext ctx = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, cache);
DeviceCodeResult dcr = await ctx.AcquireDeviceCodeAsync("some-resource", "some-client").ConfigureAwait(false);
Assert.IsNotNull(dcr);
Assert.AreEqual("some-device-code", dcr.DeviceCode);
Assert.AreEqual("some-user-code", dcr.UserCode);
Assert.AreEqual("some-URL", dcr.VerificationUrl);
Assert.AreEqual(5, dcr.Interval);
Assert.AreEqual("some-message", dcr.Message);
Assert.AreEqual("some-client", dcr.ClientId);
AuthenticationResult result = await ctx.AcquireTokenByDeviceCodeAsync(dcr).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
// There should be one cached entry.
Assert.AreEqual(1, ctx.TokenCache.Count);
}
public async Task PositiveTestAsync()
{
DeviceCodeResult dcr = new DeviceCodeResult()
{
ClientId = TestConstants.DefaultClientId,
Resource = TestConstants.DefaultResource,
DeviceCode = "device-code",
ExpiresOn = (DateTimeOffset.UtcNow + TimeSpan.FromMinutes(10)),
Interval = 5,
Message = "get token here",
UserCode = "user-code",
VerificationUrl = "https://login.microsoftonline.com/home.oauth2/token"
};
MockHttpMessageHandler mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant)
{
Method = HttpMethod.Post,
Url = "https://login.microsoftonline.com/home/oauth2/token",
ResponseMessage = MockHelpers.CreateFailureResponseMessage("{\"error\":\"authorization_pending\"," +
"\"error_description\":\"AADSTS70016: Pending end-user authorization." +
"\\r\\nTrace ID: f6c2c73f-a21d-474e-a71f-d8b121a58205\\r\\nCorrelation ID: " +
"36fe3e82-442f-4418-b9f4-9f4b9295831d\\r\\nTimestamp: 2015-09-24 19:51:51Z\"," +
"\"error_codes\":[70016],\"timestamp\":\"2015-09-24 19:51:51Z\",\"trace_id\":" +
"\"f6c2c73f-a21d-474e-a71f-d8b121a58205\",\"correlation_id\":" +
"\"36fe3e82-442f-4418-b9f4-9f4b9295831d\"}")
};
HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant)
{
Method = HttpMethod.Post,
Url = "https://login.microsoftonline.com/home/oauth2/token",
ResponseMessage =
MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId,
TestConstants.DefaultDisplayableId, TestConstants.DefaultResource)
});
TokenCache cache = new TokenCache();
AuthenticationContext ctx = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, cache);
AuthenticationResult result = await ctx.AcquireTokenByDeviceCodeAsync(dcr).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
}
public async Task NegativeDeviceCodeTimeoutTestAsync()
{
MockHttpMessageHandler mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant)
{
Method = HttpMethod.Get,
Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/devicecode",
ResponseMessage = MockHelpers.CreateSuccessDeviceCodeResponseMessage("1")
};
HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler);
mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant)
{
Method = HttpMethod.Post,
Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/token",
ResponseMessage = MockHelpers.CreateFailureResponseMessage("{\"error\":\"authorization_pending\"," +
"\"error_description\":\"AADSTS70016: Pending end-user authorization." +
"\\r\\nTrace ID: f6c2c73f-a21d-474e-a71f-d8b121a58205\\r\\nCorrelation ID: " +
"36fe3e82-442f-4418-b9f4-9f4b9295831d\\r\\nTimestamp: 2015-09-24 19:51:51Z\"," +
"\"error_codes\":[70016],\"timestamp\":\"2015-09-24 19:51:51Z\",\"trace_id\":" +
"\"f6c2c73f-a21d-474e-a71f-d8b121a58205\",\"correlation_id\":" +
"\"36fe3e82-442f-4418-b9f4-9f4b9295831d\"}")
};
HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler);
mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant)
{
Method = HttpMethod.Post,
Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/token",
ResponseMessage = MockHelpers.CreateDeviceCodeExpirationErrorResponse()
};
HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler);
TokenCache cache = new TokenCache();
AuthenticationContext ctx = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, cache);
DeviceCodeResult dcr = await ctx.AcquireDeviceCodeAsync("some resource", "some authority").ConfigureAwait(false);
Assert.IsNotNull(dcr);
AuthenticationResult result;
AdalServiceException ex = AssertException.TaskThrows <AdalServiceException>(async() => result = await ctx.AcquireTokenByDeviceCodeAsync(dcr).ConfigureAwait(false));
Assert.IsTrue(ex.Message.Contains("Verification code expired"));
}
public async Task UserRealmDiscoveryTest()
{
AuthenticationContext context = new AuthenticationContext(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/"
+ TestConstants.DefaultDisplayableId, new TokenCache());
await context.Authenticator.UpdateFromTemplateAsync(null);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/"
+ TestConstants.DefaultDisplayableId)
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"Federated\",\"domain_name\":\"microsoft.com\"," +
"\"federation_protocol\":\"WSTrust\",\"federation_metadata_url\":" +
"\"https://msft.sts.microsoft.com/adfs/services/trust/mex\"," +
"\"federation_active_auth_url\":\"https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed\"" +
",\"cloud_instance_name\":\"login.microsoftonline.com\"}")
},
QueryParams = new Dictionary <string, string>()
{
{ "api-version", "1.0" }
}
});
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, TestConstants.DefaultDisplayableId,
CallState.Default);
VerifyUserRealmResponse(userRealmResponse, "Federated");
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/"
+ TestConstants.DefaultDisplayableId)
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"Unknown\",\"cloud_instance_name\":\"login.microsoftonline.com\"}")
},
QueryParams = new Dictionary <string, string>()
{
{ "api-version", "1.0" }
}
});
userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, TestConstants.DefaultDisplayableId, CallState.Default);
VerifyUserRealmResponse(userRealmResponse, "Unknown");
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/"
+ null)
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateFailureResponseMessage("unknown_user")
});
AdalException ex = AssertException.TaskThrows <AdalException>(() =>
UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, null, CallState.Default));
Assert.AreEqual(AdalError.UnknownUser, ex.Message);
// All mocks are consumed
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
}
