public async Task ReplacedPrincipalIsRespected()
{
using HttpClient client = CreateClient(out _, 10, validatedPrincipal: context =>
{
context.ReplacePrincipal(
new ClaimsPrincipal(
new ClaimsIdentity(
new[]
{
new Claim(ClaimTypes.Name, "REPLACED-NAME")
},
"REPLACED-TYPE"
)
)
);
return(Task.CompletedTask);
});
string token = PersonalAccessTokenUtilities.EncodeToken(UserId, GetPasswordBytesForToken(42, 10));
using var request = new HttpRequestMessage(HttpMethod.Get, "https://example.test/pat/user-name");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
using HttpResponseMessage response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("REPLACED-NAME", await response.Content.ReadAsStringAsync());
}
public async Task WrongAuthSchemeFailes()
{
using HttpClient client = CreateClient(out _, 10);
string token = PersonalAccessTokenUtilities.EncodeToken(UserId, GetPasswordBytesForToken(42, 10));
using var request = new HttpRequestMessage(HttpMethod.Get, "https://example.test/pat/user-name");
request.Headers.Authorization = new AuthenticationHeaderValue("NotBearer", token);
using HttpResponseMessage response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
public async Task GoodTokenWorks()
{
using HttpClient client = CreateClient(out _, 10);
string token = PersonalAccessTokenUtilities.EncodeToken(UserId, GetPasswordBytesForToken(42, 10));
using var request = new HttpRequestMessage(HttpMethod.Get, "https://example.test/pat/user-name");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
using HttpResponseMessage response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(GetUser(UserId).Name, await response.Content.ReadAsStringAsync());
}
public async Task BadTokenRequiringAuthIsRejected()
{
using HttpClient client = CreateClient(out _, 10);
var zeroTokenBytes = new byte[PersonalAccessTokenUtilities.CalculateTokenSizeForPasswordSize(10)];
using var request = new HttpRequestMessage(HttpMethod.Get, "https://example.test/test-auth/role/role");
request.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", Convert.ToBase64String(zeroTokenBytes));
using HttpResponseMessage response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
public async Task PasswordFromWrongSizeFails()
{
using HttpClient client = CreateClient(out TestAppFactory factory);
var pat = factory.Services.GetRequiredService <PersonalAccessTokenAuthenticationHandler <TestUser> >();
string token = PersonalAccessTokenUtilities.EncodeToken(42, GetPasswordBytesForToken(42, 10));
using var request = new HttpRequestMessage(HttpMethod.Get, "https://example.test/pat/user-name");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
using HttpResponseMessage response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
public async Task ExceptionFails()
{
using HttpClient client = CreateClient(out _, 10, validatedPrincipal: context =>
{
throw new Exception("Test Exception");
});
string token = PersonalAccessTokenUtilities.EncodeToken(UserId, GetPasswordBytesForToken(42, 10));
using var request = new HttpRequestMessage(HttpMethod.Get, "https://example.test/pat/user-name");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
using HttpResponseMessage response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
public async Task FailedPrincipalValidateFails()
{
using HttpClient client = CreateClient(out _, 10, validatedPrincipal: context =>
{
context.RejectPrincipal();
return(Task.CompletedTask);
});
string token = PersonalAccessTokenUtilities.EncodeToken(UserId, GetPasswordBytesForToken(42, 10));
using var request = new HttpRequestMessage(HttpMethod.Get, "https://example.test/pat/user-name");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
using HttpResponseMessage response = await client.SendAsync(request);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
private static string GetPasswordForToken(int tokenId, int passwordSize)
{
return(PersonalAccessTokenUtilities.EncodePasswordBytes(GetPasswordBytesForToken(tokenId, passwordSize)));
}
