public async Task GivenMatchingApiKey_ItReturnsTicketWithClaims(string apiKeyType) { // Arrange var fakes = Get <Fakes>(); var user = fakes.User; //var user = new User { Username = "******", EmailAddress = "*****@*****.**" }; var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()); var apiKeyCredential = user.Credentials.First(c => c.Type == apiKeyType); apiKeyCredential.Key = 99; var plaintextApiKey = apiKeyCredential.Type == CredentialTypes.ApiKey.V4 ? fakes.ApiKeyV4PlaintextValue : apiKeyCredential.Value; handler.OwinContext.Request.Headers.Set( ServicesConstants.ApiKeyHeaderName, plaintextApiKey); handler.MockAuth.SetupAuth(apiKeyCredential, user, credentialValue: plaintextApiKey); // Act var ticket = await handler.InvokeAuthenticateCoreAsync(); // Assert Assert.NotNull(ticket); Assert.Equal(user.Username, ticket.Identity.GetClaimOrDefault(ClaimTypes.NameIdentifier)); Assert.Equal(apiKeyCredential.Value, ticket.Identity.GetClaimOrDefault(NuGetClaims.ApiKey)); Assert.Equal(apiKeyCredential.Key.ToString(), ticket.Identity.GetClaimOrDefault(NuGetClaims.CredentialKey)); Assert.Equal(JsonConvert.SerializeObject(apiKeyCredential.Scopes, Formatting.None), ticket.Identity.GetClaimOrDefault(NuGetClaims.Scope)); }
public async Task GivenApiKeyWithOwnerScopeThatDoesNotMatch_WritesUnauthorizedResponse() { // Arrange var user = new User { Key = 1234, Username = "******", EmailAddress = "*****@*****.**" }; TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()); var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1, out string plaintextApiKey); apiKeyCredential.Scopes.Add(new Scope(2345, "thePackage", "theAction")); handler.OwinContext.Request.Headers.Set( ServicesConstants.ApiKeyHeaderName, plaintextApiKey); handler.MockAuth.SetupAuth(apiKeyCredential, user, credentialValue: plaintextApiKey); // Act var body = await handler.OwinContext.Response.CaptureBodyAsString(async() => await handler.InvokeAuthenticateCoreAsync()); // Assert Assert.Equal(Strings.ApiKeyNotAuthorized, handler.OwinContext.Response.ReasonPhrase); Assert.Equal(Strings.ApiKeyNotAuthorized, body); Assert.Equal(403, handler.OwinContext.Response.StatusCode); }
public async Task GivenA401ResponseInActiveModeAndNoHeader_ItReturns401ApiKeyRequired() { // Arrange var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { AuthenticationMode = AuthenticationMode.Active, AuthenticationType = "blarg" }); handler.OwinContext.Response.StatusCode = 401; handler.OwinContext.Response.Headers.Set("WWW-Authenticate", "existing"); handler.OwinContext.Authentication.AuthenticationResponseChallenge = new AuthenticationResponseChallenge(new [] { "blarg" }, new AuthenticationProperties()); // Act var body = await handler.OwinContext.Response.CaptureBodyAsString(async() => await handler.InvokeApplyResponseChallengeAsync()); // Assert Assert.Equal(Strings.ApiKeyRequired, handler.OwinContext.Response.ReasonPhrase); Assert.Equal(Strings.ApiKeyRequired, body); Assert.Equal(401, handler.OwinContext.Response.StatusCode); var authenticateValues = handler.OwinContext.Response.Headers.GetCommaSeparatedValues("WWW-Authenticate"); Assert.Contains( "ApiKey realm=\"nuget.local\"", authenticateValues); Assert.Contains( "existing", authenticateValues); }
public async Task GivenMatchingApiKey_ItReturnsTicketWithClaims() { // Arrange var user = new User { Username = "******", EmailAddress = "*****@*****.**" }; var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()); var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1); apiKeyCredential.Key = 99; apiKeyCredential.Scopes = new List <Scope>() { new Scope("a", "b") }; handler.OwinContext.Request.Headers.Set( Constants.ApiKeyHeaderName, apiKeyCredential.Value.ToLowerInvariant()); handler.MockAuth.SetupAuth(apiKeyCredential, user); // Act var ticket = await handler.InvokeAuthenticateCoreAsync(); // Assert Assert.NotNull(ticket); Assert.Equal(user.Username, ticket.Identity.GetClaimOrDefault(ClaimTypes.NameIdentifier)); Assert.Equal(apiKeyCredential.Value.ToLower(), ticket.Identity.GetClaimOrDefault(NuGetClaims.ApiKey)); Assert.Equal(apiKeyCredential.Key.ToString(), ticket.Identity.GetClaimOrDefault(NuGetClaims.CredentialKey)); Assert.Equal(JsonConvert.SerializeObject(apiKeyCredential.Scopes, Formatting.None), ticket.Identity.GetClaimOrDefault(NuGetClaims.Scope)); }
public async Task GivenMatchingApiKeyWithOwnerScopeOfSelf_ItSetsUserInOwinEnvironment() { // Arrange var user = new User { Key = 1234, Username = "******", EmailAddress = "*****@*****.**" }; TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()); var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1, out string plaintextApiKey); apiKeyCredential.Scopes.Add(new Scope(1234, "thePackage", "theAction")); handler.OwinContext.Request.Headers.Set( ServicesConstants.ApiKeyHeaderName, plaintextApiKey); handler.MockAuth.SetupAuth(apiKeyCredential, user, credentialValue: plaintextApiKey); // Act await handler.InvokeAuthenticateCoreAsync(); // Assert var authUser = Assert.IsType <AuthenticatedUser>( handler.OwinContext.Environment[ServicesConstants.CurrentUserOwinEnvironmentKey]); Assert.Same(user, authUser.User); }
public async Task GivenMatchingApiKey_ItSetsUserInOwinEnvironment() { // Arrange Guid apiKey = Guid.NewGuid(); var user = new User() { Username = "******", EmailAddress = "*****@*****.**" }; TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { RootPath = "/api" }); handler.OwinContext.Request.Path = "/api/v2/packages"; handler.OwinContext.Request.Headers.Set( Constants.ApiKeyHeaderName, apiKey.ToString().ToLowerInvariant()); handler.MockAuth.SetupAuth(CredentialBuilder.CreateV1ApiKey(apiKey), user); // Act await handler.InvokeAuthenticateCoreAsync(); // Assert var authUser = Assert.IsType <AuthenticatedUser>( handler.OwinContext.Environment[Constants.CurrentUserOwinEnvironmentKey]); Assert.Same(user, authUser.User); }
public async Task GivenMatchingApiKey_ItReturnsTicketWithUserNameAndRoles() { // Arrange Guid apiKey = Guid.NewGuid(); var user = new User() { Username = "******", EmailAddress = "*****@*****.**" }; TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { RootPath = "/api" }); handler.OwinContext.Request.Path = "/api/v2/packages"; handler.OwinContext.Request.Headers.Set( Constants.ApiKeyHeaderName, apiKey.ToString().ToLowerInvariant()); handler.MockAuth.SetupAuth(CredentialBuilder.CreateV1ApiKey(apiKey), user); // Act var ticket = await handler.InvokeAuthenticateCoreAsync(); // Assert Assert.NotNull(ticket); Assert.Equal(apiKey.ToString().ToLower(), ticket.Identity.GetClaimOrDefault(NuGetClaims.ApiKey)); }
public async Task GivenNoApiKeyHeader_ItReturnsNull() { // Arrange TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()); // Act var ticket = await handler.InvokeAuthenticateCoreAsync(); // Assert Assert.Null(ticket); }
public async Task GivenANon401ResponseInActiveMode_ItPassesThrough() { // Arrange var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { AuthenticationMode = AuthenticationMode.Active }); handler.OwinContext.Response.StatusCode = 200; // Act await handler.InvokeApplyResponseChallengeAsync(); // Assert Assert.Equal(200, handler.OwinContext.Response.StatusCode); }
public async Task GivenNoUserMatchingApiKey_ItReturnsNull() { // Arrange Guid apiKey = Guid.NewGuid(); TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()); handler.OwinContext.Request.Headers.Set( Constants.ApiKeyHeaderName, apiKey.ToString().ToLowerInvariant()); // Act var ticket = await handler.InvokeAuthenticateCoreAsync(); // Assert Assert.Null(ticket); }
public async Task GivenANon401ResponseInActiveMode_ItReturnsNull() { // Arrange var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { AuthenticationMode = AuthenticationMode.Active }); handler.OwinContext.Response.StatusCode = 200; // Act var message = handler.GetChallengeMessage(); // Assert Assert.Null(message); }
public async Task GivenNoApiKeyHeader_ItReturnsNull() { // Arrange TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { RootPath = "/api" }); handler.OwinContext.Request.Path = "/api/v2/packages"; // Act var ticket = await handler.InvokeAuthenticateCoreAsync(); // Assert Assert.Null(ticket); }
public async Task GivenA401ResponseInPassiveModeWithoutMatchingAuthenticationType_ItPassesThrough() { // Arrange var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { AuthenticationMode = AuthenticationMode.Passive, AuthenticationType = "blarg" }); handler.OwinContext.Response.StatusCode = 401; handler.OwinContext.Authentication.AuthenticationResponseChallenge = new AuthenticationResponseChallenge(new[] { "flarg" }, new AuthenticationProperties()); // Act await handler.InvokeApplyResponseChallengeAsync(); // Assert Assert.Equal(401, handler.OwinContext.Response.StatusCode); }
public async Task GivenA401ResponseInPassiveModeWithMatchingAuthenticationTypeAndNoHeader_ItReturnsApiKeyRequired() { // Arrange var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { AuthenticationMode = AuthenticationMode.Passive, AuthenticationType = "blarg" }); handler.OwinContext.Response.StatusCode = 401; handler.OwinContext.Authentication.AuthenticationResponseChallenge = new AuthenticationResponseChallenge(new [] { "blarg" }, new AuthenticationProperties()); // Act var message = handler.GetChallengeMessage(); // Assert Assert.Equal(Strings.ApiKeyRequired, message); }
public async Task GivenA401ResponseInActiveModeAndHeader_ItReturnsApiKeyNotAuthorized() { // Arrange var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { AuthenticationMode = AuthenticationMode.Active, AuthenticationType = "blarg" }); handler.OwinContext.Response.StatusCode = 401; handler.OwinContext.Authentication.AuthenticationResponseChallenge = new AuthenticationResponseChallenge(new [] { "blarg" }, new AuthenticationProperties()); handler.OwinContext.Request.Headers[Constants.ApiKeyHeaderName] = "woozle wuzzle"; // Act var message = handler.GetChallengeMessage(); // Assert Assert.Equal(Strings.ApiKeyNotAuthorized, message); }
public async Task GivenA401ResponseInPassiveModeWithMatchingAuthenticationTypeAndNoHeader_ItWrites401WithApiKeyRequiredMessage() { // Arrange var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { AuthenticationMode = AuthenticationMode.Passive, AuthenticationType = "blarg" }); handler.OwinContext.Response.StatusCode = 401; handler.OwinContext.Authentication.AuthenticationResponseChallenge = new AuthenticationResponseChallenge(new[] { "blarg" }, new AuthenticationProperties()); // Act var body = await handler.OwinContext.Response.CaptureBodyAsString(async() => await handler.InvokeApplyResponseChallengeAsync()); // Assert Assert.Equal(Strings.ApiKeyRequired, handler.OwinContext.Response.ReasonPhrase); Assert.Equal(Strings.ApiKeyRequired, body); Assert.Equal(401, handler.OwinContext.Response.StatusCode); }
public async Task GivenMatchingApiKey_ItReturnsTicketWithUserNameAndRoles() { // Arrange var user = new User { Username = "******", EmailAddress = "*****@*****.**" }; var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()); var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1); handler.OwinContext.Request.Headers.Set( Constants.ApiKeyHeaderName, apiKeyCredential.Value.ToLowerInvariant()); handler.MockAuth.SetupAuth(apiKeyCredential, user); // Act var ticket = await handler.InvokeAuthenticateCoreAsync(); // Assert Assert.NotNull(ticket); Assert.Equal(apiKeyCredential.Value.ToLower(), ticket.Identity.GetClaimOrDefault(NuGetClaims.ApiKey)); }
public async Task GivenMatchingApiKeyWithOwnerScopeOfOrganization_ItSetsUserInOwinEnvironment(bool isAdmin) { // Arrange var organization = new Organization() { Key = 2345 }; var user = new User { Key = 1234, Username = "******", EmailAddress = "*****@*****.**" }; user.Organizations.Add(new Membership { OrganizationKey = 2345, Organization = organization, IsAdmin = isAdmin }); TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()); var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1); apiKeyCredential.Scopes.Add(new Scope(2345, "thePackage", "theAction")); handler.OwinContext.Request.Headers.Set( Constants.ApiKeyHeaderName, apiKeyCredential.Value.ToLowerInvariant()); handler.MockAuth.SetupAuth(apiKeyCredential, user); // Act await handler.InvokeAuthenticateCoreAsync(); // Assert var authUser = Assert.IsType <AuthenticatedUser>( handler.OwinContext.Environment[Constants.CurrentUserOwinEnvironmentKey]); Assert.Same(user, authUser.User); }
public async Task GivenA401ResponseInPassiveModeWithMatchingAuthenticationTypeAndHeader_ItReturnsApiKeyNotAuthorized() { // Arrange var handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions() { AuthenticationMode = AuthenticationMode.Passive, AuthenticationType = "blarg" }); handler.OwinContext.Response.StatusCode = 401; handler.OwinContext.Authentication.AuthenticationResponseChallenge = new AuthenticationResponseChallenge(new[] { "blarg" }, new AuthenticationProperties()); handler.OwinContext.Request.Headers[Constants.ApiKeyHeaderName] = "woozle wuzzle"; // Act var body = await handler.OwinContext.Response.CaptureBodyAsString(async() => await handler.InvokeApplyResponseChallengeAsync()); // Assert Assert.Equal(Strings.ApiKeyNotAuthorized, handler.OwinContext.Response.ReasonPhrase); Assert.Equal(Strings.ApiKeyNotAuthorized, body); Assert.Equal(403, handler.OwinContext.Response.StatusCode); }
public async Task GivenMatchingApiKey_ItSetsUserInOwinEnvironment() { // Arrange var user = new User { Username = "******", EmailAddress = "*****@*****.**" }; TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()); var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1); handler.OwinContext.Request.Headers.Set( Constants.ApiKeyHeaderName, apiKeyCredential.Value.ToLowerInvariant()); handler.MockAuth.SetupAuth(apiKeyCredential, user); // Act await handler.InvokeAuthenticateCoreAsync(); // Assert var authUser = Assert.IsType <AuthenticatedUser>( handler.OwinContext.Environment[Constants.CurrentUserOwinEnvironmentKey]); Assert.Same(user, authUser.User); }