public async Task GivenAssociatedLocalAdminUser_ItChallengesWhenNotUsingRequiredExternalProvider(string providerUsedForLogin, bool shouldChallenge)
{
// Arrange
var enforcedProvider = "AzureActiveDirectory";
var configurationService = GetConfigurationService();
configurationService.Current.ConfirmEmailAddresses = false;
configurationService.Current.EnforcedAuthProviderForAdmin = enforcedProvider;
var fakes = Get <Fakes>();
GetMock <AuthenticationService>(); // Force a mock to be created
var controller = GetController <AuthenticationController>();
var cred = new CredentialBuilder().CreateExternalCredential(providerUsedForLogin, "blorg", "Bloog");
var authUser = new AuthenticatedUser(
fakes.CreateUser("test", cred),
cred);
authUser.User.Roles.Add(new Role {
Name = Constants.AdminRoleName
});
GetMock <AuthenticationService>()
.Setup(x => x.AuthenticateExternalLogin(controller.OwinContext))
.CompletesWith(new AuthenticateExternalLoginResult()
{
ExternalIdentity = new ClaimsIdentity(),
Authentication = authUser
});
if (shouldChallenge)
{
GetMock <AuthenticationService>()
.Setup(x => x.Challenge(enforcedProvider, It.IsAny <string>()))
.Returns(new ChallengeResult(enforcedProvider, null))
.Verifiable();
}
else
{
GetMock <AuthenticationService>()
.Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser))
.Returns(Task.FromResult(0))
.Verifiable();
}
// Act
var result = await controller.LinkExternalAccount("theReturnUrl");
// Assert
if (shouldChallenge)
{
ResultAssert.IsChallengeResult(result, enforcedProvider);
}
else
{
ResultAssert.IsSafeRedirectTo(result, "theReturnUrl");
GetMock <AuthenticationService>().VerifyAll();
}
}
public void VerifyShouldChallenge(string providerUsedForLogin, bool shouldChallenge)
{
// Arrange
var enforcedProvider = "AzureActiveDirectory";
EnableAllAuthenticators(Get <AuthenticationService>());
var controller = GetController <AuthenticationController>();
var authUser = new AuthenticatedUser(
new User("theUsername")
{
EmailAddress = "*****@*****.**",
Roles =
{
new Role {
Name = Constants.AdminRoleName
}
}
},
new Credential {
Type = providerUsedForLogin
});
// Act
ActionResult challengeResult;
var result = controller.ShouldChallengeEnforcedProvider(enforcedProvider, authUser, null, out challengeResult);
// Assert
Assert.Equal(shouldChallenge, result);
if (shouldChallenge)
{
ResultAssert.IsChallengeResult(challengeResult, enforcedProvider);
}
}
public void WillChallengeTheUserUsingTheGivenProviderAndReturnUrl()
{
// Arrange
EnableAllAuthenticators(Get <AuthenticationService>());
var controller = GetController <AuthenticationController>();
// Act
var result = controller.ChallengeAuthentication("/theReturnUrl", "MicrosoftAccount");
// Assert
ResultAssert.IsChallengeResult(result, "MicrosoftAccount", "/users/account/authenticate/return?ReturnUrl=%2FtheReturnUrl");
}
public async Task GivenAdminLogsInWithExternalIdentity_ItChallengesWhenNotUsingRequiredExternalProvider(string providerUsedForLogin, bool shouldChallenge)
{
// Arrange
var enforcedProvider = "AzureActiveDirectory";
var configurationService = GetConfigurationService();
configurationService.Current.ConfirmEmailAddresses = false;
configurationService.Current.EnforcedAuthProviderForAdmin = enforcedProvider;
var externalCred = new CredentialBuilder().CreateExternalCredential(providerUsedForLogin, "blorg", "Bloog");
var authUser = new AuthenticatedUser(
new User("theUsername")
{
UnconfirmedEmailAddress = "*****@*****.**",
EmailConfirmationToken = "t0k3n",
Roles =
{
new Role {
Name = Constants.AdminRoleName
}
}
},
externalCred);
GetMock <AuthenticationService>()
.Setup(x => x.Register("theUsername", "theEmailAddress", externalCred))
.CompletesWith(authUser);
EnableAllAuthenticators(Get <AuthenticationService>());
var controller = GetController <AuthenticationController>();
if (shouldChallenge)
{
GetMock <AuthenticationService>()
.Setup(x => x.Challenge(enforcedProvider, It.IsAny <string>()))
.Returns(new ChallengeResult(enforcedProvider, null))
.Verifiable();
}
else
{
GetMock <AuthenticationService>()
.Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser))
.Returns(Task.FromResult(0))
.Verifiable();
}
GetMock <AuthenticationService>()
.Setup(x => x.ReadExternalLoginCredential(controller.OwinContext))
.CompletesWith(new AuthenticateExternalLoginResult()
{
ExternalIdentity = new ClaimsIdentity(),
Credential = externalCred
});
// Act
var result = await controller.Register(
new LogOnViewModel()
{
Register = new RegisterViewModel
{
Username = "******",
EmailAddress = "theEmailAddress",
}
}, "/theReturnUrl", linkingAccount : true);
// Assert
if (shouldChallenge)
{
ResultAssert.IsChallengeResult(result, enforcedProvider);
}
else
{
ResultAssert.IsSafeRedirectTo(result, "/theReturnUrl");
}
GetMock <AuthenticationService>().VerifyAll();
}
public async Task GivenAdminLogsInWithValidExternalAuth_ItChallengesWhenNotUsingRequiredExternalProvider(string providerUsedForLogin, bool shouldChallenge)
{
var enforcedProvider = "AzureActiveDirectory";
var mockConfig = GetMock <IGalleryConfigurationService>();
mockConfig.Setup(x => x.Current).Returns(new AppConfiguration
{
ConfirmEmailAddresses = false,
EnforcedAuthProviderForAdmin = enforcedProvider
});
var externalCred = new CredentialBuilder().CreateExternalCredential(providerUsedForLogin, "blorg", "Bloog");
var authUser = new AuthenticatedUser(
new User("theUsername")
{
UnconfirmedEmailAddress = "*****@*****.**",
Roles =
{
new Role {
Name = Constants.AdminRoleName
}
}
},
externalCred);
var authResult =
new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.Success, authUser);
GetMock <AuthenticationService>()
.Setup(x => x.Authenticate(authUser.User.Username, "thePassword"))
.CompletesWith(authResult);
GetMock <AuthenticationService>()
.Setup(x => x.AddCredential(authUser.User, externalCred))
.Completes()
.Verifiable();
GetMock <IMessageService>()
.Setup(x => x.SendCredentialAddedNotice(authUser.User, externalCred))
.Verifiable();
EnableAllAuthenticators(Get <AuthenticationService>());
var controller = GetController <AuthenticationController>();
if (shouldChallenge)
{
GetMock <AuthenticationService>()
.Setup(x => x.Challenge(enforcedProvider, It.IsAny <string>()))
.Returns(new ChallengeResult(enforcedProvider, null))
.Verifiable();
}
else
{
GetMock <AuthenticationService>()
.Setup(x => x.CreateSessionAsync(controller.OwinContext, It.IsAny <AuthenticatedUser>()))
.Returns(Task.FromResult(0))
.Verifiable();
}
GetMock <AuthenticationService>()
.Setup(x => x.ReadExternalLoginCredential(controller.OwinContext))
.CompletesWith(new AuthenticateExternalLoginResult()
{
ExternalIdentity = new ClaimsIdentity(),
Credential = externalCred
});
// Act
var result = await controller.SignIn(
new LogOnViewModel(
new SignInViewModel(
authUser.User.Username,
"thePassword")),
"theReturnUrl", linkingAccount : true);
// Assert
if (shouldChallenge)
{
ResultAssert.IsChallengeResult(result, enforcedProvider);
}
else
{
ResultAssert.IsSafeRedirectTo(result, "theReturnUrl");
}
GetMock <AuthenticationService>().VerifyAll();
GetMock <IMessageService>().VerifyAll();
}