public void GetClientIpAddressForEmptyXForwardedForReturnsNull()
{
var sut = new HttpRequest(string.Empty, "http://www.example.com", string.Empty);
sut.AddHeader(ForwardedFor, string.Empty);
Assert.Equal(null, sut.GetClientIpAddress());
}
public void GetTokenFromRequestWithInvalidAuthorizationHeaderReturnsNull(string header)
{
var sut = new TestModule();
var request = new HttpRequest(string.Empty, "http://www.example.com", string.Empty);
request.AddHeader("Authorization", header);
var extractedToken = sut.GetTokenFromRequestTest(request);
Assert.Null(extractedToken);
}
public void GetTokenFromRequestWithAuthorizationHeaderReturnsToken()
{
var sut = new TestModule();
var request = new HttpRequest(string.Empty, "http://www.example.com", string.Empty);
var expectedToken = "access-token";
request.AddHeader("Authorization", "Bearer " + expectedToken);
var extractedToken = sut.GetTokenFromRequestTest(request);
Assert.Equal(expectedToken, extractedToken);
}
public void GetClientIpAddressForPartiallyMalformedXForwardedForReturnsProperlyFormedClientIp()
{
var sut = new HttpRequest(string.Empty, "http://www.example.com", string.Empty);
sut.AddHeader(
ForwardedFor,
MalformedIpAddress,
GoogleIpAddress,
MalformedIpAddress);
Assert.Equal(GoogleIpAddress, sut.GetClientIpAddress());
}
public void GetClientIpAddressForPublicClientAndMultipleProxiesReturnsPublicClientIp()
{
var sut = new HttpRequest(string.Empty, "http://www.example.com", string.Empty);
sut.AddHeader(
ForwardedFor,
MicrosoftIpAddress,
Private16Bit,
Private20Bit,
Private24Bit,
PrivateLinkLocal);
Assert.Equal(MicrosoftIpAddress, sut.GetClientIpAddress());
}
public void OnAuthenticateRequestWithTokenSetsApplicationContextUser()
{
var application = new TestApplication(new TokenValidationParameters()
{
AllowedAudiences = this.allowedAudiences,
SigningToken = new X509SecurityToken(this.certificate),
ValidIssuer = "self"
});
var request = new HttpRequest(string.Empty, "http://www.example.com", string.Empty);
request.AddHeader("Authorization", "Bearer " + this.GenerateAuthToken("http://www.example.com"));
var sut = new TestModule();
sut.Init(application);
var principal = (ClaimsPrincipal)sut.GetPrincipalFromRequestTest(request);
Assert.True(principal.Identity.IsAuthenticated);
Assert.True(principal.HasClaim(ClaimTypes.Name, "Username"));
Assert.True(principal.HasClaim(ClaimTypes.Role, "User"));
}
public void OnAuthenticateRequestWithInvalidTokenCallsOnValidateTokenException()
{
var application = new TestApplication(new TokenValidationParameters()
{
AllowedAudiences = this.allowedAudiences,
SigningToken = new X509SecurityToken(this.certificate),
ValidIssuer = "self"
});
var request = new HttpRequest(string.Empty, "http://www.example.com", string.Empty);
request.AddHeader("Authorization", "Bearer invalid-token");
var sut = new TestModule();
sut.Init(application);
var principal = (ClaimsPrincipal)sut.GetPrincipalFromRequestTest(request);
Assert.NotNull(sut.ValidationTokenException);
Assert.False(principal.Identity.IsAuthenticated);
Assert.Empty(principal.Claims);
}