public void SignInCommand_Run_NullcheckOptions() { Action a = () => SignInCommand.Run(null, null, null, null, null); a.ShouldThrow <ArgumentNullException>() .And.ParamName.Should().Be("options"); }
public void SignInCommand_Run_Uses_IdpFromNotification() { var options = StubFactory.CreateOptions(); var idp = options.IdentityProviders.Default; var entityId = new EntityId("urn:invalid"); options.SPOptions.DiscoveryServiceUrl.Should().NotBeNull("this test assumes a non-null DS url"); var request = new HttpRequestData("GET", new Uri("http://sp.example.com")); options.Notifications.SelectIdentityProvider = (ei, r) => { return(idp); }; var authnRequestCreatedCalled = false; options.Notifications.AuthenticationRequestCreated = (a, i, r) => { authnRequestCreatedCalled = true; i.Should().BeSameAs(idp, "the idp from the SelectIdentityProvider notification should override the default behaviour"); }; SignInCommand.Run(entityId, null, request, options, null); authnRequestCreatedCalled.Should().BeTrue("an AuthenticateRequest should have been created instead of going to the Discovery Service."); }
protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode == 401) { var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { EntityId idp; string strIdp; if (challenge.Properties.Dictionary.TryGetValue("idp", out strIdp)) { idp = new EntityId(strIdp); } else { object objIdp = null; Context.Environment.TryGetValue("KentorAuthServices.idp", out objIdp); idp = objIdp as EntityId; } var redirectUri = challenge.Properties.RedirectUri; // Don't serialize the RedirectUri twice. challenge.Properties.RedirectUri = null; var result = SignInCommand.Run( idp, redirectUri, await Context.ToHttpRequestData(Options.DataProtector.Unprotect), Options, challenge.Properties.Dictionary); result.Apply(Context, Options.DataProtector); } } }
public void SignInCommand_Run_Calls_Notifications() { var options = StubFactory.CreateOptions(); var idp = options.IdentityProviders.Default; var relayData = new Dictionary <string, string>(); options.SPOptions.DiscoveryServiceUrl = null; var request = new HttpRequestData("GET", new Uri("http://sp.example.com")); var selectedIdpCalled = false; options.Notifications.SelectIdentityProvider = (ei, r) => { ei.Should().BeSameAs(idp.EntityId); r.Should().BeSameAs(relayData); selectedIdpCalled = true; return(null); }; Saml2AuthenticationRequest saml2AuthenticationRequest = null; options.Notifications.AuthenticationRequestCreated = (a, i, r) => { a.Should().NotBeNull(); i.Should().BeSameAs(idp); r.Should().BeSameAs(relayData); saml2AuthenticationRequest = a; }; CommandResult notifiedCommandResult = null; options.Notifications.SignInCommandResultCreated = (cr, r) => { notifiedCommandResult = cr; r.Should().BeSameAs(relayData); }; bool authenticationRequestXmlCreatedCalled = false; options.Notifications.AuthenticationRequestXmlCreated = (ar, xd, bt) => { authenticationRequestXmlCreatedCalled = true; ar.Should().BeSameAs(saml2AuthenticationRequest); bt.Should().Be(Saml2BindingType.HttpRedirect); }; SignInCommand.Run(idp.EntityId, null, request, options, relayData) .Should().BeSameAs(notifiedCommandResult); saml2AuthenticationRequest.Should().NotBeNull("the AuthenticationRequestCreated notification should have been called"); selectedIdpCalled.Should().BeTrue("the SelectIdentityProvider notification should have been called."); authenticationRequestXmlCreatedCalled.Should().BeTrue("the AuthenticationedRequestXmlCreated should have been called."); }
public void SignInCommand_WithHttpsPublicOrigin_SetsSecureCookieFlag() { var options = StubFactory.CreateOptionsPublicOrigin(new Uri("https://my.public.origin:8443")); var httpRequest = new HttpRequestData("GET", new Uri("http://localhost")); var actual = SignInCommand.Run(options.IdentityProviders.Default.EntityId, null, httpRequest, options, null); actual.SetCookieName.Should().StartWith(StoredRequestState.CookieNameBase); actual.SetCookieSecureFlag.Should().BeTrue(); }
public void SignInCommand_WithHttpUrl_DoesNotSetSecureCookieFlag() { var options = StubFactory.CreateOptions(); var httpRequest = new HttpRequestData("GET", new Uri("http://localhost")); var actual = SignInCommand.Run(options.IdentityProviders.Default.EntityId, null, httpRequest, options, null); actual.SetCookieName.Should().StartWith(StoredRequestState.CookieNameBase); actual.SetCookieSecureFlag.Should().BeFalse(); }
public void SignInCommand_Run_RedirectToDsWorksWithoutSpecifiedReturnPath() { var options = StubFactory.CreateOptions(); var request = new HttpRequestData("GET", new Uri("http://sp.example.com/Saml2/SignIn")); Action a = () => SignInCommand.Run(null, null, request, options, null); a.ShouldNotThrow(); }
protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode == 401) { var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { EntityId idp; string strIdp; if (challenge.Properties.Dictionary.TryGetValue("idp", out strIdp)) { idp = new EntityId(strIdp); } else { object objIdp = null; Context.Environment.TryGetValue("saml2.idp", out objIdp); idp = objIdp as EntityId; } var redirectUri = challenge.Properties.RedirectUri; // Don't serialize the RedirectUri twice. challenge.Properties.RedirectUri = null; if (redirectUri == null) { redirectUri = Context.Request.Uri.ToString(); } var result = SignInCommand.Run( idp, redirectUri, await Context.ToHttpRequestData(Options.DataProtector.Unprotect), Options, challenge.Properties.Dictionary); if (!result.HandledResult) { result.Apply( Context, Options.DataProtector, Options.Notifications.EmitSameSiteNone(Request.GetUserAgent())); } } } }
public void SignInCommand_Run_Calls_CommandResultCreated_OnRedirectToDS() { var options = StubFactory.CreateOptions(); var idp = options.IdentityProviders.Default; options.SPOptions.DiscoveryServiceUrl.Should().NotBeNull("this test assumes a non-null DS url"); var request = new HttpRequestData("GET", new Uri("http://sp.example.com")); CommandResult notifiedCommandResult = null; options.Notifications.SignInCommandResultCreated = (cr, r) => { notifiedCommandResult = cr; }; SignInCommand.Run(null, null, request, options, null) .Should().BeSameAs(notifiedCommandResult); }
protected override Task HandleChallengeAsync(AuthenticationProperties properties) { var requestData = Context.ToHttpRequestData(null); // Don't serialize the return url twice, move it to our location. var redirectUri = properties.RedirectUri; properties.RedirectUri = null; var result = SignInCommand.Run( null, redirectUri, requestData, Options, properties.Items); result.Apply(Context, dataProtector); return(Task.CompletedTask); }
/// <InheritDoc /> public async Task ChallengeAsync(AuthenticationProperties properties) { if (properties == null) { throw new ArgumentNullException(nameof(properties)); } // Don't serialize the return url twice, move it to our location. var redirectUri = properties.RedirectUri; properties.RedirectUri = null; var requestData = context.ToHttpRequestData(null); var result = SignInCommand.Run( null, redirectUri, requestData, options, properties.Items); await result.Apply(context, dataProtector, null, null); }
public void SignInCommand_Run_SetForceAuthnFromQueryString() { var options = StubFactory.CreateOptions(); options.SPOptions.DiscoveryServiceUrl = null; bool?isPassiveValue = null; bool?forceAuthnValue = null; options.Notifications.AuthenticationRequestCreated = (authnr, idp, relay) => { isPassiveValue = authnr.IsPassive; forceAuthnValue = authnr.ForceAuthentication; }; var request = new HttpRequestData("GET", new Uri("http://sp.example.com/Saml2/SignIn?ForceAuthn=true")); SignInCommand.Run(null, null, request, options, null); isPassiveValue.Should().BeFalse(); forceAuthnValue.Should().BeTrue(); }