public async Task ValidateClaimsTest()
{
var claims = new List <Claim>();
var defaultAuthConfig = new AuthenticationConfiguration();
// No validator should pass.
await JwtTokenValidation.ValidateClaimsAsync(defaultAuthConfig, claims);
var mockValidator = new Mock <ClaimsValidator>();
var authConfigWithClaimsValidator = new AuthenticationConfiguration()
{
ClaimsValidator = mockValidator.Object
};
// ClaimsValidator configured but no exception should pass.
mockValidator.Setup(x => x.ValidateClaimsAsync(It.IsAny <List <Claim> >())).Returns(Task.CompletedTask);
await JwtTokenValidation.ValidateClaimsAsync(authConfigWithClaimsValidator, claims);
// Configure IClaimsValidator to fail
mockValidator.Setup(x => x.ValidateClaimsAsync(It.IsAny <List <Claim> >())).Throws(new UnauthorizedAccessException("Invalid claims."));
var exception = await Assert.ThrowsAsync <UnauthorizedAccessException>(
async() => await JwtTokenValidation.ValidateClaimsAsync(authConfigWithClaimsValidator, claims));
Assert.Equal("Invalid claims.", exception.Message);
}
public async Task ValidateClaimsTest_DoesNotThrow_WhenNotSkillClaim_WithNullValidator()
{
var claims = new List <Claim>();
claims.Add(new Claim(AuthenticationConstants.VersionClaim, "2.0"));
claims.Add(new Claim(AuthenticationConstants.AudienceClaim, "BotId"));
claims.Add(new Claim(AuthenticationConstants.AuthorizedParty, "BotId")); // Skill claims aud!=azp
// AuthenticationConfiguration with no ClaimsValidator and a none Skill Claim, should NOT throw UnauthorizedAccessException
// None Skill do not need a ClaimsValidator.
await JwtTokenValidation.ValidateClaimsAsync(new AuthenticationConfiguration(), claims);
}
public async Task ValidateClaimsTest_ThrowsOnSkillClaim_WithNullValidator()
{
var claims = new List <Claim>();
claims.Add(new Claim(AuthenticationConstants.VersionClaim, "2.0"));
claims.Add(new Claim(AuthenticationConstants.AudienceClaim, "SkillBotId"));
claims.Add(new Claim(AuthenticationConstants.AuthorizedParty, "BotId")); // Skill claims aud!=azp
// AuthenticationConfiguration with no ClaimsValidator and a Skill Claim, should throw UnauthorizedAccessException
// Skill calls MUST be validated with a ClaimsValidator
await Assert.ThrowsAsync <UnauthorizedAccessException>(async() => await JwtTokenValidation.ValidateClaimsAsync(new AuthenticationConfiguration(), claims));
}
