public void WhenAccessTokenIsExpired_ThenReturnFalse()
{
var mocker = new AutoMoqer();
mocker.MockServiceLocator();
var issuer = new OAuthIssuer();
mocker.GetMock<IOAuthServiceLocator>().Setup(x => x.Issuer).Returns(issuer);
mocker.GetMock<IConfiguration>().Setup(x => x.AccessTokenExpirationLength).Returns(3600);
var validator = mocker.Resolve<ResourceRequestAuthorizer>();
var token =
issuer.GenerateAccessToken(new TokenData
{
ConsumerId = 1,
ResourceOwnerId = 5,
Timestamp = DateTimeOffset.UtcNow.AddMinutes(-65).Ticks
});
mocker.GetMock<IOAuthRequest>().Setup(x => x.AccessToken).Returns(token);
var result = validator.Authorize(mocker.GetMock<IOAuthRequest>().Object);
Assert.IsFalse(result);
}
public void WhenConsumerIsNolongerApproved_ThenThrowsException()
{
var mocker = new AutoMoqer();
mocker.GetMock<IOAuthRequest>().Setup(x => x.ContentType).Returns(ContentType.FormEncoded);
mocker.GetMock<IOAuthRequest>().Setup(x => x.ClientId).Returns("clientid");
mocker.GetMock<IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.RefreshToken);
mocker.GetMock<IConsumerRepository>().Setup(x => x.GetByClientId("clientid")).Returns(new ConsumerImpl { ConsumerId = 12, ClientId = "clientid", Secret = "clientsecret" });
mocker.GetMock<IResourceOwnerRepository>().Setup(x => x.IsConsumerApproved(10, 12)).Returns(false);
mocker.GetMock<IOAuthRequest>().Setup(x => x.ClientSecret).Returns("clientsecret");
mocker.SetInstance<IOAuthIssuer>(new OAuthIssuer());
var issuer = new OAuthIssuer();
var authorizer = mocker.Resolve<RefreshTokenRequestAuthorizer>();
var token = issuer.GenerateRefreshToken(new TokenData { ConsumerId = 12, ResourceOwnerId = 10, Timestamp = 1 });
mocker.GetMock<IOAuthRequest>().Setup(x => x.RefreshToken).Returns(token);
try
{
authorizer.Authorize(mocker.GetMock<IOAuthRequest>().Object);
Assert.Fail("Exception not thrown");
}
catch (OAuthException ex)
{
Assert.AreEqual(ErrorCode.UnauthorizedClient, ex.ErrorCode);
Assert.IsTrue(!string.IsNullOrWhiteSpace(ex.ErrorDescription));
}
}
public void WhenDataIsValid_ThenNewTokenIsCreated()
{
var mocker = new AutoMoqer();
mocker.GetMock<IOAuthRequest>().Setup(x => x.ContentType).Returns(ContentType.FormEncoded);
mocker.GetMock<IOAuthRequest>().Setup(x => x.ClientId).Returns("clientid");
mocker.GetMock<IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.RefreshToken);
mocker.GetMock<IConsumerRepository>().Setup(x => x.GetByClientId("clientid")).Returns(new ConsumerImpl { ConsumerId = 12, ClientId = "clientid", Secret = "clientsecret" });
mocker.GetMock<IResourceOwnerRepository>().Setup(x => x.IsConsumerApproved(10, 12)).Returns(true);
mocker.GetMock<IOAuthRequest>().Setup(x => x.ClientSecret).Returns("clientsecret");
mocker.SetInstance<IOAuthIssuer>(new OAuthIssuer());
var issuer = new OAuthIssuer();
var authorizer = mocker.Resolve<RefreshTokenRequestAuthorizer>();
var token = issuer.GenerateRefreshToken(new TokenData { ConsumerId = 12, ResourceOwnerId = 10, Timestamp = 1 });
mocker.GetMock<IOAuthRequest>().Setup(x => x.RefreshToken).Returns(token);
var newToken = authorizer.Authorize(mocker.GetMock<IOAuthRequest>().Object);
Assert.IsNotNull(newToken);
var accessTokenData = issuer.DecodeAccessToken(newToken.AccessToken);
Assert.IsNotNull(accessTokenData);
Assert.AreEqual(10, accessTokenData.ResourceOwnerId);
Assert.IsTrue(accessTokenData.Timestamp > DateTimeOffset.UtcNow.AddMinutes(-5).Ticks);
var refreshTokenData = issuer.DecodeRefreshToken(newToken.RefreshToken);
Assert.IsNotNull(refreshTokenData);
Assert.AreEqual(12, refreshTokenData.ConsumerId);
Assert.AreEqual(10, refreshTokenData.ResourceOwnerId);
Assert.IsTrue(refreshTokenData.Timestamp > DateTimeOffset.UtcNow.AddMinutes(-5).Ticks);
}
public void WhenRedirectUriDoesNotMatch_ThenExceptionIsThrown()
{
var mocker = new AutoMoqer();
mocker.GetMock<IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.AuthorizationCode);
mocker.GetMock<IConfiguration>().Setup(x => x.AuthorizationTokenExpirationLength).Returns(300);
mocker.GetMock<IConfiguration>().Setup(x => x.AccessTokenExpirationLength).Returns(500);
var issuer = new OAuthIssuer();
mocker.SetInstance<IOAuthIssuer>(issuer);
var token = issuer.GenerateAuthorizationToken(new TokenData { ConsumerId = 1, Timestamp = DateTime.UtcNow.Ticks, RedirectUri = "http://test.com" });
mocker.GetMock<IOAuthRequest>().Setup(x => x.AuthorizationCode).Returns(token);
var authorizer = mocker.Resolve<AuthorizationCodeAuthorizer>();
try
{
authorizer.Authorize(mocker.GetMock<IOAuthRequest>().Object);
Assert.Fail("Exception not thrown");
}
catch (OAuthException ex)
{
Assert.AreEqual(ErrorCode.InvalidRequest, ex.ErrorCode);
Assert.IsTrue(ex.ErrorDescription.HasValue());
}
mocker.GetMock<IOAuthRequest>().Setup(x => x.RedirectUri).Returns("http://test.com");
var result = authorizer.Authorize(mocker.GetMock<IOAuthRequest>().Object);
Assert.IsNotNull(result);
Assert.IsTrue(result.AccessToken.HasValue());
Assert.AreEqual(500, result.ExpiresIn);
Assert.IsTrue(result.RefreshToken.HasValue());
}
public void WhenAuthorizationCodeHasExpired_ThenThrowException()
{
var mocker = new AutoMoqer();
mocker.GetMock<IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.AuthorizationCode);
mocker.GetMock<IConfiguration>().Setup(x => x.AuthorizationTokenExpirationLength).Returns(300);
mocker.SetInstance<IOAuthIssuer>(new OAuthIssuer());
var issuer = new OAuthIssuer();
var token = issuer.GenerateAuthorizationToken(new TokenData { ConsumerId = 1, Timestamp = DateTime.UtcNow.AddHours(-1).Ticks });
mocker.GetMock<IOAuthRequest>().Setup(x => x.AuthorizationCode).Returns(token);
var authorizer = mocker.Resolve<AuthorizationCodeAuthorizer>();
try
{
authorizer.Authorize(mocker.GetMock<IOAuthRequest>().Object);
Assert.Fail("Exception not thrown");
}
catch (OAuthException ex)
{
Assert.AreEqual(ErrorCode.InvalidRequest, ex.ErrorCode);
Assert.IsTrue(ex.ErrorDescription.HasValue());
}
}
public void ReturnsAccessToken()
{
var mocker = new AutoMoqer();
mocker.GetMock<IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.AuthorizationCode);
mocker.GetMock<IConfiguration>().Setup(x => x.AuthorizationTokenExpirationLength).Returns(300);
mocker.GetMock<IConfiguration>().Setup(x => x.AccessTokenExpirationLength).Returns(500);
var issuer = new OAuthIssuer();
mocker.SetInstance<IOAuthIssuer>(issuer);
var token = issuer.GenerateAuthorizationToken(new TokenData {ConsumerId = 1, Timestamp = DateTime.UtcNow.Ticks});
mocker.GetMock<IOAuthRequest>().Setup(x => x.AuthorizationCode).Returns(token);
var authorizer = mocker.Resolve<AuthorizationCodeAuthorizer>();
var result = authorizer.Authorize(mocker.GetMock<IOAuthRequest>().Object);
Assert.IsNotNull(result);
Assert.IsTrue(result.AccessToken.HasValue());
Assert.AreEqual(500, result.ExpiresIn);
Assert.IsTrue(result.RefreshToken.HasValue());
}