예제 #1
0
        public async Task OnRedirectToIdentityProviderEventCanReplaceValues()
        {
            var newClientId = Guid.NewGuid().ToString();

            var settings = new TestSettings(
                opts =>
            {
                opts.ClientId  = "Test Id";
                opts.Authority = TestServerBuilder.DefaultAuthority;
                opts.Events    = new OpenIdConnectEvents()
                {
                    OnRedirectToIdentityProvider = context =>
                    {
                        context.ProtocolMessage.ClientId = newClientId;
                        return(Task.FromResult(0));
                    }
                };
            }
                );

            var server      = settings.CreateTestServer();
            var transaction = await server.SendAsync(ChallengeEndpoint);

            var res = transaction.Response;

            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
            Assert.NotNull(res.Headers.Location);

            settings.ValidateChallengeRedirect(
                res.Headers.Location,
                OpenIdConnectParameterNames.ResponseType,
                OpenIdConnectParameterNames.ResponseMode,
                OpenIdConnectParameterNames.Scope,
                OpenIdConnectParameterNames.RedirectUri);

            var actual = res.Headers.Location.Query.Trim('?').Split('&').Single(seg => seg.StartsWith($"{OpenIdConnectParameterNames.ClientId}="));

            Assert.Equal($"{OpenIdConnectParameterNames.ClientId}={newClientId}", actual);
        }
예제 #2
0
        public async Task OnRedirectToIdentityProviderEventCanSetState(string userState)
        {
            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest"));
            var settings    = new TestSettings(opt =>
            {
                opt.StateDataFormat = stateFormat;
                opt.ClientId        = "Test Id";
                opt.Authority       = TestServerBuilder.DefaultAuthority;
                opt.Events          = new OpenIdConnectEvents()
                {
                    OnRedirectToIdentityProvider = context =>
                    {
                        context.ProtocolMessage.State = userState;
                        return(Task.FromResult(0));
                    }
                };
            });

            var server      = settings.CreateTestServer();
            var transaction = await server.SendAsync(ChallengeEndpoint);

            var res = transaction.Response;

            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
            Assert.NotNull(res.Headers.Location);

            var values           = settings.ValidateChallengeRedirect(res.Headers.Location);
            var actualState      = values[OpenIdConnectParameterNames.State];
            var actualProperties = stateFormat.Unprotect(actualState);

            if (userState != null)
            {
                Assert.Equal(userState, actualProperties.Items[OpenIdConnectDefaults.UserstatePropertiesKey]);
            }
            else
            {
                Assert.False(actualProperties.Items.ContainsKey(OpenIdConnectDefaults.UserstatePropertiesKey));
            }
        }
예제 #3
0
        public async Task RemoteSignOut_WithInvalidIssuer()
        {
            var settings = new TestSettings(o =>
            {
                o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                o.Authority    = TestServerBuilder.DefaultAuthority;
                o.ClientId     = "Test Id";
            });
            var server = settings.CreateTestServer(handler: async context =>
            {
                var claimsIdentity = new ClaimsIdentity("Cookies");
                claimsIdentity.AddClaim(new Claim("iss", "test"));
                await context.SignInAsync(new ClaimsPrincipal(claimsIdentity));
            });

            var signInTransaction = await server.SendAsync(DefaultHost);

            var remoteSignOutTransaction = await server.SendAsync(DefaultHost + "/signout-oidc?iss=invalid", signInTransaction.AuthenticationCookieValue);

            Assert.Equal(HttpStatusCode.OK, remoteSignOutTransaction.Response.StatusCode);
            Assert.DoesNotContain(remoteSignOutTransaction.Response.Headers, h => h.Key == "Set-Cookie");
        }
예제 #4
0
        public async Task EndSessionRequestDoesNotIncludeTelemetryParametersWhenDisabled()
        {
            var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
            var setting       = new TestSettings(opt =>
            {
                opt.ClientId         = "Test Id";
                opt.Configuration    = configuration;
                opt.SignInScheme     = CookieAuthenticationDefaults.AuthenticationScheme;
                opt.DisableTelemetry = true;
            });

            var server = setting.CreateTestServer();

            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);

            var res = transaction.Response;

            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
            Assert.DoesNotContain(OpenIdConnectParameterNames.SkuTelemetry, res.Headers.Location.Query);
            Assert.DoesNotContain(OpenIdConnectParameterNames.VersionTelemetry, res.Headers.Location.Query);
            setting.ValidateSignoutRedirect(transaction.Response.Headers.Location);
        }
        public async Task Challenge_HasOverwrittenMaxAgeParam()
        {
            var settings = new TestSettings(opt =>
            {
                opt.ClientId  = "Test Id";
                opt.Authority = TestServerBuilder.DefaultAuthority;
                opt.MaxAge    = TimeSpan.FromSeconds(500);
            });
            var properties = new OpenIdConnectChallengeProperties()
            {
                MaxAge = TimeSpan.FromSeconds(1234),
            };

            var server      = settings.CreateTestServer(properties);
            var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);

            var res = transaction.Response;

            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
            settings.ValidateChallengeRedirect(res.Headers.Location);
            Assert.Contains("max_age=1234", res.Headers.Location.Query);
        }
        public async Task ChallengeDoesNotIncludePkceForOtherResponseTypes(string responseType)
        {
            var settings = new TestSettings(
                opt =>
            {
                opt.Authority            = TestServerBuilder.DefaultAuthority;
                opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
                opt.ResponseType         = responseType;
                opt.ClientId             = "Test Id";
                opt.UsePkce = true;
            });

            var server      = settings.CreateTestServer();
            var transaction = await server.SendAsync(ChallengeEndpoint);

            var res = transaction.Response;

            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
            Assert.NotNull(res.Headers.Location);

            Assert.DoesNotContain("code_challenge=", res.Headers.Location.Query);
            Assert.DoesNotContain("code_challenge_method=", res.Headers.Location.Query);
        }
        public async Task Challenge_HasOverwrittenScopeParamFromBaseAuthenticationProperties()
        {
            var settings = new TestSettings(opt =>
            {
                opt.ClientId  = "Test Id";
                opt.Authority = TestServerBuilder.DefaultAuthority;
                opt.Scope.Clear();
                opt.Scope.Add("foo");
                opt.Scope.Add("bar");
            });
            var properties = new AuthenticationProperties();

            properties.SetParameter(OpenIdConnectChallengeProperties.ScopeKey, new string[] { "baz", "qux" });

            var server      = settings.CreateTestServer(properties);
            var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);

            var res = transaction.Response;

            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
            settings.ValidateChallengeRedirect(res.Headers.Location);
            Assert.Contains("scope=baz%20qux", res.Headers.Location.Query);
        }
        public async Task RegularGetRequestToCallbackPathSkips()
        {
            // Arrange
            var settings = new TestSettings(
                opt =>
            {
                opt.Authority                = TestServerBuilder.DefaultAuthority;
                opt.CallbackPath             = new PathString("/");
                opt.SkipUnrecognizedRequests = true;
                opt.ClientId = "Test Id";
            });

            var server = settings.CreateTestServer(handler: async context =>
            {
                await context.Response.WriteAsync("Hi from the callback path");
            });

            // Act
            var transaction = await server.SendAsync("/");

            // Assert
            Assert.Equal("Hi from the callback path", transaction.ResponseText);
        }
        public async Task OnRedirectToIdentityProviderEventCanReplaceMessage()
        {
            var newMessage = new MockOpenIdConnectMessage
            {
                IssuerAddress         = "http://example.com/",
                TestAuthorizeEndpoint = $"http://example.com/{Guid.NewGuid()}/oauth2/signin"
            };

            var settings = new TestSettings(
                opts =>
            {
                opts.ClientId  = "Test Id";
                opts.Authority = TestServerBuilder.DefaultAuthority;
                opts.Events    = new OpenIdConnectEvents()
                {
                    OnRedirectToIdentityProvider = context =>
                    {
                        context.ProtocolMessage = newMessage;

                        return(Task.FromResult(0));
                    }
                };
            }
                );

            var server      = settings.CreateTestServer();
            var transaction = await server.SendAsync(ChallengeEndpoint);

            var res = transaction.Response;

            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
            Assert.NotNull(res.Headers.Location);

            // The CreateAuthenticationRequestUrl method is overridden MockOpenIdConnectMessage where
            // query string is not generated and the authorization endpoint is replaced.
            Assert.Equal(newMessage.TestAuthorizeEndpoint, res.Headers.Location.AbsoluteUri);
        }
        public async Task OnRedirectToIdentityProviderEventIsHit()
        {
            var eventIsHit = false;
            var settings   = new TestSettings(
                opts =>
            {
                opts.ClientId  = "Test Id";
                opts.Authority = TestServerBuilder.DefaultAuthority;
                opts.Events    = new OpenIdConnectEvents()
                {
                    OnRedirectToIdentityProvider = context =>
                    {
                        eventIsHit = true;
                        return(Task.FromResult(0));
                    }
                };
            }
                );

            var server      = settings.CreateTestServer();
            var transaction = await server.SendAsync(ChallengeEndpoint);

            Assert.True(eventIsHit);

            var res = transaction.Response;

            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
            Assert.NotNull(res.Headers.Location);

            settings.ValidateChallengeRedirect(
                res.Headers.Location,
                OpenIdConnectParameterNames.ClientId,
                OpenIdConnectParameterNames.ResponseType,
                OpenIdConnectParameterNames.ResponseMode,
                OpenIdConnectParameterNames.Scope,
                OpenIdConnectParameterNames.RedirectUri);
        }