public void ShouldNotAuthenticateWhenMissingHeaders()
{
IPrincipal principal = null;
var handler = new BasicAuthenticationHandler(new FakeChannel(), new UserValidation((u, p) => true), "realm");
var authenticated = handler.Authenticate(new HttpRequestMessage(), new HttpResponseMessage(), out principal);
Assert.IsFalse(authenticated, "The user must not be authenticated");
}
public Note[] Get([FromQuery] string containing)
{
var authorizationHeader = Request.Headers["Authorization"];
var user = BasicAuthenticationHandler.GetUserFrom(authorizationHeader);
return(_database.Notes
.FromSqlRaw($"SELECT * FROM Notes WHERE Author='{user.Username}' AND Content LIKE '%{containing}%' ORDER BY Id")
.ToArray());
}
public void ShouldChallengeWhenMissingHeaders()
{
IPrincipal principal = null;
var response = new HttpResponseMessage();
var handler = new BasicAuthenticationHandler(new FakeChannel(), new UserValidation((u, p) => true), "realm");
var authenticated = handler.Authenticate(new HttpRequestMessage(), response, out principal);
Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.IsTrue(response.Headers.WwwAuthenticate.Any(h => h.Scheme == BasicAuthenticationScheme && h.Parameter.Contains("realm")),
"A WWW must be present in the response");
}
public BasicAuthenticationTests()
{
_options = new Mock<IOptionsMonitor<AuthenticationSchemeOptions>>();
var logger = new Mock<ILogger<BasicAuthenticationHandler>>();
_loggerFactory = new Mock<ILoggerFactory>();
_loggerFactory.Setup(x => x.CreateLogger(It.IsAny<String>())).Returns(logger.Object);
_encoder = new Mock<UrlEncoder>();
_clock = new Mock<ISystemClock>();
_principalProvider = new Mock<IProvidePrincipal>();
_handler = new BasicAuthenticationHandler(_options.Object, _loggerFactory.Object, _encoder.Object, _clock.Object, _principalProvider.Object);
}
public void ShouldNotAuthenticateWithInvalidEncodedUsernameAndPassword()
{
IPrincipal principal = null;
var request = new HttpRequestMessage();
var response = new HttpResponseMessage();
var credentials = "some credentials";
request.Headers.Authorization = new Headers.AuthenticationHeaderValue(BasicAuthenticationScheme, credentials);
var handler = new BasicAuthenticationHandler(new FakeChannel(), new UserValidation((u, p) => true), "realm");
var authenticated = handler.Authenticate(request, response, out principal);
Assert.IsFalse(authenticated, "The user should have not been authenticated");
}
public ActionResult <Note> Post([FromBody] CreateNote createNote)
{
var authorizationHeader = Request.Headers["Authorization"];
var user = BasicAuthenticationHandler.GetUserFrom(authorizationHeader);
var note = new Note
{
Author = user.Username,
Content = createNote.Content,
};
_database.Add(note);
_database.SaveChanges();
return(CreatedAtRoute("GetNoteById", new { noteId = note.Id }, note));
}
public BasicAuthenticationHandlerTests()
{
_options = new Mock <IOptionsMonitor <AuthenticationSchemeOptions> >();
_options.Setup(x => x.Get("Basic")).Returns(new AuthenticationSchemeOptions());
var logger = new Mock <ILogger <BasicAuthenticationHandler> >();
_loggerFactory = new Mock <ILoggerFactory>();
_loggerFactory.Setup(x => x.CreateLogger(It.IsAny <string>())).Returns(logger.Object);
_encoder = new Mock <UrlEncoder>();
_clock = new Mock <ISystemClock>();
_userService = new Mock <UserService>();
_handler = new BasicAuthenticationHandler(_options.Object, _loggerFactory.Object, _encoder.Object, _clock.Object, _userService.Object);
}
public BasicAuthenticationHandlerFixture()
{
var options = new Mock <IOptionsMonitor <AuthenticationSchemeOptions> >();
options.Setup(x => x.Get(BasicAuthenticationHandler.SchemeName)).Returns(new AuthenticationSchemeOptions());
var logger = new Mock <ILogger <BasicAuthenticationHandler> >();
var loggerFactory = new Mock <ILoggerFactory>();
loggerFactory.Setup(x => x.CreateLogger(It.IsAny <string>())).Returns(logger.Object);
var encoder = new Mock <UrlEncoder>();
var clock = new Mock <ISystemClock>();
_dataStore = new Mock <IDataStore>();
_handler = new BasicAuthenticationHandler(options.Object, loggerFactory.Object, encoder.Object, clock.Object, _dataStore.Object);
}
public void ShouldCallAuthenticateWithProvidedUserAndPassword()
{
IPrincipal principal = null;
var request = new HttpRequestMessage();
var response = new HttpResponseMessage();
var credentials = EncodeCredentials("foo", "pass");
request.Headers.Authorization = new Headers.AuthenticationHeaderValue(BasicAuthenticationScheme, credentials);
var handler = new BasicAuthenticationHandler(new FakeChannel(),
new UserValidation((u, p) => u == "foo" && p == "pass"),
"realm");
var authenticated = handler.Authenticate(request, response, out principal);
Assert.IsTrue(authenticated, "The user should have been authenticated");
}
public void BasicAuthenticationHandlerTests_Setup()
{
this._options = new Mock <IOptionsMonitor <AuthenticationSchemeOptions> >();
this._logger = new Mock <ILoggerFactory>();
this._encoder = new Mock <UrlEncoder>();
this._clock = new Mock <ISystemClock>();
this._authenticationService = new Mock <IApiAuthenicationService>();
var logger = new Mock <ILogger <BasicAuthenticationHandler> >();
this._logger.Setup(x => x.CreateLogger(It.IsAny <string>())).Returns(logger.Object);
this._authenticationHandler = new BasicAuthenticationHandler(this._options.Object,
this._logger.Object,
this._encoder.Object,
this._clock.Object,
this._authenticationService.Object);
}
public async Task <IActionResult> Register([FromBody] UserRegistrationInfo registrationInfo, CancellationToken cancellationToken)
{
if (registrationInfo == null)
{
return(BadRequest());
}
var passwordHash = BasicAuthenticationHandler.HashPassword(registrationInfo.Password);
var userInfo = new UserInfo(registrationInfo.Login, passwordHash);
User user = null;
try
{
user = await users.CreateAsync(userInfo, cancellationToken);
}
catch (UserDuplicationException)
{
return(Conflict());
}
return(Ok(user));
}
/// <summary>
/// Not all WWW-Authenticate basic auth responses are handled by the NSUrlSessionHandler, such as those
/// from VSTS NuGet package sources, so an Authorization header is added to the request and re-sent
/// if basic auth credentials can be found.
/// </summary>
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
bool retry = false;
while (true)
{
var response = await base.SendAsync(request, cancellationToken).ConfigureAwait(false);
if (retry || response.StatusCode != HttpStatusCode.Unauthorized)
{
return(response);
}
if (!BasicAuthenticationHandler.Authenticate(request, response, Credentials))
{
return(response);
}
retry = true;
}
}
public AccountsController(BasicAuthenticationHandler authenticationHandler,
IBasicAuthenticationService authenticationService)
{
_authenticationService = authenticationService;
_authenticationHandler = authenticationHandler;
}
public void ShouldNotSetPrincipalWhenMissingHeaders()
{
IPrincipal principal = null;
var handler = new BasicAuthenticationHandler(new FakeChannel(), new UserValidation((u, p) => true), "realm");
var authenticated = handler.Authenticate(new HttpRequestMessage(), new HttpResponseMessage(), out principal);
Assert.IsNull(principal, "The principal should not be set");
}
public void ShouldReturnScheme()
{
var handler = new BasicAuthenticationHandler(new FakeChannel(), new UserValidation((u, p) => true), "realm");
Assert.AreEqual(BasicAuthenticationScheme, handler.Scheme);
}
public void ShouldSetPrincipalForAuthenticatedUsers()
{
IPrincipal principal = null;
var request = new HttpRequestMessage();
var response = new HttpResponseMessage();
var credentials = EncodeCredentials("foo", "pass");
request.Headers.Authorization = new Headers.AuthenticationHeaderValue(BasicAuthenticationScheme, credentials);
var handler = new BasicAuthenticationHandler(new FakeChannel(), new UserValidation((u, p) => u == "foo" && p == "pass"), "realm");
var authenticated = handler.Authenticate(request, response, out principal);
Assert.AreEqual("foo", principal.Identity.Name, "The principal should have been set with the user name");
}
public void ShouldThrowWithNullRealm()
{
var handler = new BasicAuthenticationHandler(new FakeChannel(), new UserValidation((u, p) => true), null);
}
public void ShouldThrowWithNullValidationFunction()
{
var handler = new BasicAuthenticationHandler(new FakeChannel(), null, "realm");
}
