public void UsesContextFromFirstMembership()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "membership",
redirect_uri = "https://test2.local",
context = ""
};
var memberships = new List <IdentityMembership>();
memberships.Add(new IdentityMembership()
{
IsPrimaryMember = false, MembershipID = 11234
});
memberships.Add(new IdentityMembership()
{
IsPrimaryMember = false, MembershipID = 6578
});
var result = validator.Validate(app, memberships, request);
Assert.AreEqual("11234", result.context);
Assert.IsFalse(result.HasClaimedMembership);
}
public void UsesContextThatIsPrimaryIfNoneInRequest()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "membership",
redirect_uri = "https://test2.local",
context = ""
};
var memberships = new List <IdentityMembership>();
memberships.Add(new IdentityMembership()
{
CanAccessNeeds = true, MembershipID = 11234
});
memberships.Add(new IdentityMembership()
{
IsPrimaryMember = true, MembershipID = 6578
});
var result = validator.Validate(app, memberships, request);
Assert.AreEqual("6578", result.context);
}
public void ValidRequestMultipleScope()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "read browse",
redirect_uri = "https://test2.local"
};
var result = validator.Validate(app, request);
}
public Authorize_ProtocolValidation_Resources()
{
_subject = new AuthorizeRequestValidator(
_options,
new TestIssuerNameService("https://sts"),
new InMemoryClientStore(_clients),
new DefaultCustomAuthorizeRequestValidator(),
new StrictRedirectUriValidator(),
_mockResourceValidator,
_mockUserSession,
new JwtRequestValidator("aud", TestLogger.Create <JwtRequestValidator>()),
new MockJwtRequestUriHttpClient(),
TestLogger.Create <AuthorizeRequestValidator>());
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizeEndpointController"/> class.
/// </summary>
/// <param name="viewService">The view service.</param>
/// <param name="validator">The validator.</param>
/// <param name="responseGenerator">The response generator.</param>
/// <param name="interactionGenerator">The interaction generator.</param>
/// <param name="options">The options.</param>
public AuthorizeEndpointController(
IViewService viewService,
AuthorizeRequestValidator validator,
AuthorizeResponseGenerator responseGenerator,
AuthorizeInteractionResponseGenerator interactionGenerator,
IdentityServerOptions options)
{
_viewService = viewService;
_options = options;
_responseGenerator = responseGenerator;
_interactionGenerator = interactionGenerator;
_validator = validator;
}
public void ValidRequestMultipleScope()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
scope = "read search",
redirect_uri = "https://prod.local"
};
var result = validator.Validate(app, request);
}
public void ValidRequestSingleScope()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
scope = "read",
redirect_uri = "https://prod.local"
};
var result = validator.Validate(app, new List <IdentityMembership>(), request);
}
public void NoParameters()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
try
{
var result = validator.Validate(app, null);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
// todo: inspect exception
return;
}
Assert.Fail("No exception thrown.");
}
public void NeedsDenied()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "needs",
redirect_uri = "https://test2.local",
context = "11234"
};
var result = validator.Validate(app, new List <IdentityMembership>(), request);
Assert.AreEqual("11234", result.context);
Assert.AreEqual(0, result.Scopes.Count);
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizeEndpointController" /> class.
/// </summary>
/// <param name="viewService">The view service.</param>
/// <param name="validator">The validator.</param>
/// <param name="responseGenerator">The response generator.</param>
/// <param name="interactionGenerator">The interaction generator.</param>
/// <param name="options">The options.</param>
/// <param name="localizationService">The localization service.</param>
/// <param name="events">The event service.</param>
/// <param name="antiForgeryToken">The anti forgery token.</param>
public AuthorizeEndpointController(
IViewService viewService,
AuthorizeRequestValidator validator,
AuthorizeResponseGenerator responseGenerator,
AuthorizeInteractionResponseGenerator interactionGenerator,
IdentityServerOptions options,
ILocalizationService localizationService,
IEventService events,
AntiForgeryToken antiForgeryToken)
{
_viewService = viewService;
_options = options;
_responseGenerator = responseGenerator;
_interactionGenerator = interactionGenerator;
_validator = validator;
_localizationService = localizationService;
_events = events;
_antiForgeryToken = antiForgeryToken;
}
public void MissingClientId()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
response_type = "code",
scope = "read",
redirect_uri = "https://prod.local"
};
try
{
var result = validator.Validate(app, new List <IdentityMembership>(), request);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
// todo: check error code
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingResponseType()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
scope = "read",
redirect_uri = "https://prod.local"
};
try
{
var result = validator.Validate(app, new List <IdentityMembership>(), request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidRequest, ex.Error);
return;
}
Assert.Fail("No exception thrown.");
}
public void NeedsGranted()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "needs",
redirect_uri = "https://test2.local",
context = "11234"
};
var memberships = new List <IdentityMembership>();
memberships.Add(new IdentityMembership()
{
CanAccessNeeds = true, MembershipID = 11234
});
var result = validator.Validate(app, new List <IdentityMembership>(), request);
Assert.AreEqual("11234", result.context);
}
public void DisabledClient()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "disabledclient",
response_type = "code",
scope = "read",
redirect_uri = "https://prod.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingRedirectUri()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
scope = "read"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
// todo: check error code
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingScope()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
redirect_uri = "https://prod.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.IsTrue(ex.Error == OAuthConstants.Errors.InvalidScope);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedScopeSingle()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "write",
redirect_uri = "https://test2.local"
};
try
{
var result = validator.Validate(app, new List <IdentityMembership>(), request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.Error);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedScopeMultiple()
{
var validator = new AuthorizeRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "read write",
redirect_uri = "https://prod.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.Error);
return;
}
Assert.Fail("No exception thrown.");
}
public void NonSslRedirectUri()
{
var validator = new AuthorizeRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
scope = "read",
redirect_uri = "http://prod.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidRequest, ex.Error);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedResponseType()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "code",
scope = "read",
redirect_uri = "https://test2.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnsupportedResponseType, ex.Error);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedRedirectUri()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "read",
redirect_uri = "https://unauthorized.com"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
// todo: check error code
return;
}
Assert.Fail("No exception thrown.");
}
public void MalformedRedirectUri1()
{
var validator = new AuthorizeRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
scope = "read",
redirect_uri = "https:/prod.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
// todo: check error code
return;
}
Assert.Fail("No exception thrown.");
}
public Authorize_ProtocolValidation_CustomValidator()
{
_subject = Factory.CreateAuthorizeRequestValidator(customValidator: _stubAuthorizeRequestValidator);
}
