public async Task AcquireTokenByIntegratedWindowsAuthTestAsync() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityHomeTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustWindowsTransport(httpManager); AddMockHandlerAadSuccess(httpManager, MsalTestConstants.AuthorityHomeTenant); var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); var result = await app .AcquireTokenByIntegratedWindowsAuthAsync(MsalTestConstants.Scope, MsalTestConstants.User.Username) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(MsalTestConstants.DisplayableId, result.Account.Username); } }
public void AcquireTokenByIntegratedWindowsAuthTest_ManagedUser() { // Arrange using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant); AddMockHandlerDefaultUserRealmDiscovery_ManagedUser(httpManager); var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); // Act var exception = AssertException.TaskThrows <MsalClientException>( async() => await app.AcquireTokenByIntegratedWindowsAuthAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username) .ConfigureAwait(false)); // Assert Assert.AreEqual(MsalError.IntegratedWindowsAuthNotSupportedForManagedUser, exception.ErrorCode); } }
public async Task WsTrustRequestFailureTestAsync() { string uri = "https://some/address/usernamemixed"; var endpoint = new WsTrustEndpoint(new Uri(uri), WsTrustVersion.WsTrust13); using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddMockHandlerContentNotFound(HttpMethod.Post, url: uri); var requestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)); try { var message = endpoint.BuildTokenRequestMessageWindowsIntegratedAuth("urn:federation:SomeAudience"); WsTrustResponse wstResponse = await serviceBundle.WsTrustWebRequestManager.GetWsTrustResponseAsync(endpoint, message, requestContext).ConfigureAwait(false); Assert.Fail("We expect an exception to be thrown here"); } catch (MsalException ex) { Assert.AreEqual(CoreErrorCodes.FederatedServiceReturnedError, ex.ErrorCode); } } }
public void ValidationOffSuccessTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); //add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://fs.contoso.com/adfs/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("OpenidConfiguration-OnPremise.json"))) }); Authority instance = Authority.CreateAuthority(serviceBundle, CoreTestConstants.OnPremiseAuthority, false); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.Adfs); Task.Run( async() => { await instance.ResolveEndpointsAsync( CoreTestConstants.FabrikamDisplayableId, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/authorize/", instance.AuthorizationEndpoint); Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/token/", instance.TokenEndpoint); Assert.AreEqual("https://fs.contoso.com/adfs", instance.SelfSignedJwtAudience); } }
public async Task WsTrustRequestTestAsync() { string wsTrustAddress = "https://some/address/usernamemixed"; var endpoint = new WsTrustEndpoint(new Uri(wsTrustAddress), WsTrustVersion.WsTrust13); using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddMockHandler( new MockHttpMessageHandler() { Url = wsTrustAddress, Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("WsTrustResponse13.xml"))) } }); var requestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)); var wsTrustRequest = endpoint.BuildTokenRequestMessageWindowsIntegratedAuth("urn:federation:SomeAudience"); var wsTrustResponse = await serviceBundle.WsTrustWebRequestManager.GetWsTrustResponseAsync(endpoint, wsTrustRequest, requestContext) .ConfigureAwait(false); Assert.IsNotNull(wsTrustResponse.Token); } }
public void ManagedUsernameNoPasswordAcquireTokenTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseforManagedAccounts(httpManager); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; SecureString str = null; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, str).ConfigureAwait(false)); // Check error code Assert.AreEqual(MsalError.PasswordRequiredForManagedUserError, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public void TestDeviceCodeCancel() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); const int NumberOfAuthorizationPendingRequestsToInject = 0; var parameters = CreateAuthenticationParametersAndSetupMocks( httpManager, NumberOfAuthorizationPendingRequestsToInject, out HashSet <string> expectedScopes); _cache.ServiceBundle = serviceBundle; var cancellationSource = new CancellationTokenSource(); DeviceCodeResult actualDeviceCodeResult = null; var request = new DeviceCodeRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, async result => { await Task.Delay(200, CancellationToken.None).ConfigureAwait(false); actualDeviceCodeResult = result; }); // We setup the cancel before calling the RunAsync operation since we don't check the cancel // until later and the mock network calls run insanely fast for us to timeout for them. cancellationSource.Cancel(); AssertException.TaskThrows <OperationCanceledException>(() => request.RunAsync(cancellationSource.Token)); } }
public void ExpiredTokenRefreshFlowTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); var aadInstanceDiscovery = new AadInstanceDiscovery(httpManager, new TelemetryManager()); Authority authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); TokenCache cache = new TokenCache() { ClientId = MsalTestConstants.ClientId, ServiceBundle = serviceBundle }; _tokenCacheHelper.PopulateCache(cache.TokenCacheAccessor); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authority = authority, ClientId = MsalTestConstants.ClientId, Scope = MsalTestConstants.Scope, TokenCache = cache, RequestContext = new RequestContext(null, new MsalLogger(Guid.Empty, null)), Account = new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null) }; // set access tokens as expired foreach (var atCacheItemStr in cache.GetAllAccessTokenCacheItems(new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)))) { MsalAccessTokenCacheItem accessItem = JsonHelper.DeserializeFromJson <MsalAccessTokenCacheItem>(atCacheItemStr); accessItem.ExpiresOnUnixTimestamp = ((long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds).ToString(CultureInfo.InvariantCulture); cache.AddAccessTokenCacheItem(accessItem); } TestCommon.MockInstanceDiscoveryAndOpenIdRequest(httpManager); httpManager.AddMockHandler(new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }); var crypto = PlatformProxyFactory.GetPlatformProxy().CryptographyManager; SilentRequest request = new SilentRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, false); Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.AreEqual(MsalTestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString()); } }
private static async Task RunWithMockHttpAsync(Func <MockHttpManager, IServiceBundle, MyReceiver, Task> action) { using (var httpManager = new MockHttpManager()) { var receiver = new MyReceiver(); var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, receiver); await action(httpManager, serviceBundle, receiver).ConfigureAwait(false); } }
private static void RunWithMockHttp(Action <MockHttpManager, IServiceBundle, MyReceiver> action) { using (var httpManager = new MockHttpManager()) { var receiver = new MyReceiver(); var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, receiver); action(httpManager, serviceBundle, receiver); } }
public void FailedValidationResourceNotInTrustedRealmTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); //add mock response for on-premise DRS request httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract", QueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response.json"))) }); //add mock response for on-premise webfinger request httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://fs.fabrikam.com/adfs/.well-known/webfinger", QueryParams = new Dictionary <string, string> { { "resource", "https://fs.contoso.com" }, { "rel", "http://schemas.microsoft.com/rel/trusted-realm" } }, ResponseMessage = MockHelpers.CreateSuccessWebFingerResponseMessage("https://fs.some-other-sts.com") }); Authority instance = Authority.CreateAuthority(serviceBundle, CoreTestConstants.OnPremiseAuthority, true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.Adfs); try { Task.Run( async() => { await instance.ResolveEndpointsAsync( CoreTestConstants.FabrikamDisplayableId, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.Fail("ResolveEndpointsAsync should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
public void GetExactScopesMatchedAccessTokenTest() { var atItem = Credential.CreateAccessToken( MsalTestConstants.HomeAccountId, MsalTestConstants.ProductionPrefNetworkEnvironment, new Uri(MsalTestConstants.AuthorityTestTenant).GetRealm(), MsalTestConstants.ClientId, ScopeUtils.JoinScopes(MsalTestConstants.Scope), TimeUtils.GetSecondsFromEpochNow(), TimeUtils.GetSecondsFromEpochNow() + MsalCacheV2TestConstants.ValidExpiresIn, TimeUtils.GetSecondsFromEpochNow() + MsalCacheV2TestConstants.ValidExtendedExpiresIn, TheSecret, string.Empty); _storageWorker.WriteCredentials( new List <Credential> { atItem }); using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); var cacheManager = new CacheManager( _storageManager, new AuthenticationRequestParameters { Account = MsalTestConstants.User, // TODO: In MSALC++, the request parameters only really needs the // Authority URI itself since the cache isn't meant to // do ANY network calls. // So it would be great if we could reduce the complexity/dependencies // here and do any of the validated authority cache / instance discovery // outside of the context of the authentication parameters and // cache interaction and just track the authority we're using... // AccountId = MsalTestConstants.HomeAccountId, // Authority = new Uri(MsalTestConstants.AuthorityTestTenant), Authority = Authority.CreateAuthority( serviceBundle, MsalTestConstants.AuthorityTestTenant, false), ClientId = MsalTestConstants.ClientId, Scope = new SortedSet <string>(MsalCacheV2TestConstants.Scope) // todo(mzuber): WHY SORTED SET? }); Assert.IsTrue(cacheManager.TryReadCache(out var tokenResponse, out var accountResponse)); Assert.IsNotNull(tokenResponse); Assert.IsNull(accountResponse); Assert.AreEqual(TheSecret, tokenResponse.AccessToken); } }
public void SuccessfulValidationTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); //add mock response for instance validation httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://login.microsoftonline.com/common/discovery/instance", QueryParams = new Dictionary <string, string> { { "api-version", "1.1" }, { "authorization_endpoint", "https%3A%2F%2Flogin.microsoftonline.in%2Fmytenant.com%2Foauth2%2Fv2.0%2Fauthorize" }, }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( "{\"tenant_discovery_endpoint\":\"https://login.microsoftonline.in/mytenant.com/.well-known/openid-configuration\"}") }); //add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://login.microsoftonline.in/mytenant.com/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration.json"))) }); Authority instance = Authority.CreateAuthority(serviceBundle, "https://login.microsoftonline.in/mytenant.com", true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.Aad); Task.Run( async() => { await instance.ResolveEndpointsAsync( null, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/oauth2/v2.0/authorize", instance.AuthorizationEndpoint); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/oauth2/v2.0/token", instance.TokenEndpoint); Assert.AreEqual("https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/", instance.SelfSignedJwtAudience); Assert.AreEqual("https://login.microsoftonline.in/common/userrealm/", instance.UserRealmUriPrefix); } }
public void OAuthClient_FailsWithServiceExceptionWhenResponseIsHttpNotFound() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver); var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); var responseMessage = MockHelpers.CreateHttpStatusNotFoundResponseMessage(); httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = responseMessage }); var parameters = new AuthenticationRequestParameters { Authority = authority, ClientId = MsalTestConstants.ClientId, Scope = MsalTestConstants.Scope, TokenCache = null, RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)), RedirectUri = new Uri("some://uri"), }; var ui = new MockWebUI(); var request = new InteractiveRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, MsalTestConstants.ScopeForAnotherResource.ToArray(), MsalTestConstants.DisplayableId, UIBehavior.SelectAccount, ui); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { var serverEx = exc.InnerException as MsalServiceException; Assert.IsNotNull(serverEx); Assert.AreEqual((int)HttpStatusCode.NotFound, serverEx.StatusCode); Assert.IsNotNull(serverEx.ResponseBody); Assert.AreEqual(MsalError.HttpStatusNotFound, serverEx.ErrorCode); } } }
public void TestDeviceCodeAuthSuccess() { const int NumberOfAuthorizationPendingRequestsToInject = 1; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); var parameters = CreateAuthenticationParametersAndSetupMocks( httpManager, NumberOfAuthorizationPendingRequestsToInject, out HashSet <string> expectedScopes); _cache.ServiceBundle = serviceBundle; // Check that cache is empty Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); Assert.AreEqual(0, _cache.TokenCacheAccessor.AccountCount); Assert.AreEqual(0, _cache.TokenCacheAccessor.IdTokenCount); Assert.AreEqual(0, _cache.TokenCacheAccessor.RefreshTokenCount); DeviceCodeResult actualDeviceCodeResult = null; var request = new DeviceCodeRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, result => { actualDeviceCodeResult = result; return(Task.FromResult(0)); }); Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None); task.Wait(); var authenticationResult = task.Result; Assert.IsNotNull(authenticationResult); Assert.IsNotNull(actualDeviceCodeResult); Assert.AreEqual(MsalTestConstants.ClientId, actualDeviceCodeResult.ClientId); Assert.AreEqual(ExpectedDeviceCode, actualDeviceCodeResult.DeviceCode); Assert.AreEqual(ExpectedInterval, actualDeviceCodeResult.Interval); Assert.AreEqual(ExpectedMessage, actualDeviceCodeResult.Message); Assert.AreEqual(ExpectedUserCode, actualDeviceCodeResult.UserCode); Assert.AreEqual(ExpectedVerificationUrl, actualDeviceCodeResult.VerificationUrl); CoreAssert.AreScopesEqual(expectedScopes.AsSingleString(), actualDeviceCodeResult.Scopes.AsSingleString()); // Validate that entries were added to cache Assert.AreEqual(1, _cache.TokenCacheAccessor.AccessTokenCount); Assert.AreEqual(1, _cache.TokenCacheAccessor.AccountCount); Assert.AreEqual(1, _cache.TokenCacheAccessor.IdTokenCount); Assert.AreEqual(1, _cache.TokenCacheAccessor.RefreshTokenCount); } }
public void MexEndpointFailsToResolveTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandler( new MockHttpMessageHandler { Url = "https://msft.sts.microsoft.com/adfs/services/trust/mex", Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml")) .Replace("<wsp:All>", " ")) } }); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token, Mex parser fails var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check exception message Assert.AreEqual("Parsing WS metadata exchange failed", result.Message); Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public void ManagedUsernamePasswordCommonAuthorityTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant); // user realm discovery httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\",\"account_type\":\"Managed\",\"domain_name\":\"id.com\"}") }, QueryParams = new Dictionary <string, string> { { "api-version", "1.0" } } }); httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage() }); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check inner exception Assert.AreEqual(CoreErrorCodes.InvalidRequest, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public void FailedValidationTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); //add mock response for instance validation httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://login.microsoftonline.com/common/discovery/instance", QueryParams = new Dictionary <string, string> { { "api-version", "1.1" }, { "authorization_endpoint", "https%3A%2F%2Flogin.microsoft0nline.com%2Fmytenant.com%2Foauth2%2Fv2.0%2Fauthorize" }, }, ResponseMessage = MockHelpers.CreateFailureMessage( HttpStatusCode.BadRequest, "{\"error\":\"invalid_instance\"," + "\"error_description\":\"AADSTS50049: " + "Unknown or invalid instance. Trace " + "ID: b9d0894d-a9a4-4dba-b38e-8fb6a009bc00 " + "Correlation ID: 34f7b4cf-4fa2-4f35-a59b" + "-54b6f91a9c94 Timestamp: 2016-08-23 " + "20:45:49Z\",\"error_codes\":[50049]," + "\"timestamp\":\"2016-08-23 20:45:49Z\"," + "\"trace_id\":\"b9d0894d-a9a4-4dba-b38e-8f" + "b6a009bc00\",\"correlation_id\":\"34f7b4cf-" + "4fa2-4f35-a59b-54b6f91a9c94\"}") }); Authority instance = Authority.CreateAuthority(serviceBundle, "https://login.microsoft0nline.com/mytenant.com", true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.Aad); try { Task.Run( async() => { await instance.ResolveEndpointsAsync( null, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (Exception exc) { Assert.IsTrue(exc is MsalServiceException); Assert.AreEqual(((MsalServiceException)exc).ErrorCode, "invalid_instance"); } } }
public void SilentRefreshFailedNoCacheItemFoundTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); var aadInstanceDiscovery = new AadInstanceDiscovery(httpManager, new TelemetryManager()); var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); _cache = new TokenCache() { ClientId = MsalTestConstants.ClientId, ServiceBundle = serviceBundle }; httpManager.AddInstanceDiscoveryMockHandler(); var parameters = new AuthenticationRequestParameters() { Authority = authority, ClientId = MsalTestConstants.ClientId, Scope = ScopeHelper.CreateSortedSetFromEnumerable( new[] { "some-scope1", "some-scope2" }), TokenCache = _cache, Account = new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null), RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)) }; var crypto = PlatformProxyFactory.GetPlatformProxy().CryptographyManager; var telemetryManager = new TelemetryManager(); try { var request = new SilentRequest(serviceBundle, parameters, ApiEvent.ApiIds.None, false); Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None); var authenticationResult = task.Result; Assert.Fail("MsalUiRequiredException should be thrown here"); } catch (AggregateException ae) { var exc = ae.InnerException as MsalUiRequiredException; Assert.IsNotNull(exc, "Actual exception type is " + ae.InnerException.GetType()); Assert.AreEqual(MsalUiRequiredException.NoTokensFoundError, exc.ErrorCode); } } }
public void FederatedUsernamePasswordCommonAuthorityTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityCommonTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustUserName(httpManager); // AAD httpManager.AddMockHandler( new MockHttpMessageHandler { Url = "https://login.microsoftonline.com/common/oauth2/v2.0/token", Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage() }); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check inner exception Assert.AreEqual(CoreErrorCodes.InvalidRequest, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public void ManagedUsernameIncorrectPasswordAcquireTokenTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseforManagedAccounts(httpManager); var str = new SecureString(); str.AppendChar('y'); str.MakeReadOnly(); httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage(), PostDataObject = new Dictionary <string, object> { { "grant_type", "password" }, { "username", MsalTestConstants.User.Username }, { "password", _secureString } } }); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, str).ConfigureAwait(false)); // Check error code Assert.AreEqual(CoreErrorCodes.InvalidGrantError, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public void FederatedUsernameNullPasswordTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); // Mex does not return integrated auth endpoint (.../13/windowstransport) httpManager.AddMockHandlerContentNotFound(HttpMethod.Post, "https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport"); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; SecureString str = null; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, str).ConfigureAwait(false)); // Check inner exception Assert.AreEqual(CoreErrorCodes.ParsingWsTrustResponseFailed, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public void MexParsingFailsTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandlerContentNotFound(HttpMethod.Get, "https://msft.sts.microsoft.com/adfs/services/trust/mex"); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check inner exception Assert.AreEqual("Response status code does not indicate success: 404 (NotFound).", result.Message); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public void DuplicateQueryParameterErrorTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver); var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); var parameters = new AuthenticationRequestParameters { Authority = authority, ClientId = MsalTestConstants.ClientId, Scope = MsalTestConstants.Scope, TokenCache = null, RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)), RedirectUri = new Uri("some://uri"), ExtraQueryParameters = "extra=qp&prompt=login" }; MockInstanceDiscoveryAndOpenIdRequest(httpManager); var request = new InteractiveRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, MsalTestConstants.ScopeForAnotherResource.ToArray(), null, UIBehavior.ForceLogin, new MockWebUI()); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should be thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual( MsalClientException.DuplicateQueryParameterError, ((MsalException)exc.InnerException).ErrorCode); } } }
public async Task MexEndpointFailsToResolveTestAsync() { // TODO: should we move this into a separate test class for WsTrustWebRequestManager? using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddMockHandlerContentNotFound(HttpMethod.Get); try { await serviceBundle.WsTrustWebRequestManager.GetMexDocumentAsync("http://somehost", _requestContext).ConfigureAwait(false); Assert.Fail("We expect an exception to be thrown here"); } catch (MsalException ex) { Assert.AreEqual(CoreErrorCodes.AccessingWsMetadataExchangeFailed, ex.ErrorCode); } } }
public void FailedValidationMissingFieldsTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); //add mock response for instance validation httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://login.windows.net/common/discovery/instance", QueryParams = new Dictionary <string, string> { { "api-version", "1.0" }, { "authorization_endpoint", "https://login.microsoft0nline.com/mytenant.com/oauth2/v2.0/authorize" }, }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage("{}") }); var aadInstanceDiscovery = new AadInstanceDiscovery(httpManager, new TelemetryManager()); Authority instance = Authority.CreateAuthority(serviceBundle, "https://login.microsoft0nline.com/mytenant.com", true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.Aad); try { Task.Run( async() => { await instance.ResolveEndpointsAsync( null, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
public void B2CMicrosoftOnlineCreateAuthority() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); // add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2C.json"))) }); Authority instance = Authority.CreateAuthority( serviceBundle, "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/", true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.B2C); Task.Run( async() => { await instance.ResolveEndpointsAsync( null, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/authorize", instance.AuthorizationEndpoint); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/token", instance.TokenEndpoint); Assert.AreEqual("https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/", instance.SelfSignedJwtAudience); } }
public async Task JsonWebTokenWithX509PublicCertSendCertificateOnBehalfOfTestAsync() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); SetupMocks(httpManager); var certificate = new X509Certificate2( ResourceHelper.GetTestResourceRelativePath("valid_cert.pfx"), MsalTestConstants.DefaultPassword); var clientAssertion = new ClientAssertionCertificate(certificate); var clientCredential = new ClientCredential(clientAssertion); var app = new ConfidentialClientApplication( serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority, MsalTestConstants.RedirectUri, clientCredential, _cache, _cache) { ValidateAuthority = false }; var userAssertion = new UserAssertion(MsalTestConstants.DefaultAccessToken); //Check for x5c claim httpManager.AddMockHandler(X5CMockHandler); AuthenticationResult result = await(app as IConfidentialClientApplicationWithCertificate).AcquireTokenOnBehalfOfWithCertificateAsync( MsalTestConstants.Scope, userAssertion).ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); result = await app.AcquireTokenOnBehalfOfAsync(MsalTestConstants.Scope, userAssertion).ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); } }
public void FailedTenantDiscoveryMissingEndpointsTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); //add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, Url = "https://login.microsoftonline.in/mytenant.com/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-MissingFields.json"))) }); var aadInstanceDiscovery = new AadInstanceDiscovery(httpManager, new TelemetryManager()); Authority instance = Authority.CreateAuthority(serviceBundle, "https://login.microsoftonline.in/mytenant.com", false); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityType, AuthorityType.Aad); try { Task.Run( async() => { await instance.ResolveEndpointsAsync( null, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))).ConfigureAwait(false); }).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (MsalClientException exc) { Assert.AreEqual(CoreErrorCodes.TenantDiscoveryFailedError, exc.ErrorCode); } } }
public async Task FederatedUsernamePasswordWithSecureStringAcquireTokenTestAsync() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseForFederatedAccounts(httpManager); var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); var result = await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(MsalTestConstants.User.Username, result.Account.Username); } }