public void TryParseLoginToken_NoTokenValidation_ReturnsExpectedClaims()
{
// Arrange
Mock <MobileAppTokenHandler> tokenHandlerMock = new Mock <MobileAppTokenHandler>(this.config);
MobileAppAuthenticationHandlerMock authHandlerMock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, tokenHandlerMock.Object);
MobileAppAuthenticationOptions skipOptions = new MobileAppAuthenticationOptions();
skipOptions.SigningKey = "SOME_SIGNING_KEY";
skipOptions.SkipTokenSignatureValidation = true;
JwtSecurityToken skipToken = GetTestToken("SOME_OTHER_KEY");
// Act
ClaimsPrincipal skipClaimsPrincipal;
bool skipResult = authHandlerMock.TryParseLoginToken(skipToken.RawData, skipOptions, out skipClaimsPrincipal);
// Assert
tokenHandlerMock.Verify(h => h.TryValidateLoginToken(It.IsAny <string>(), It.IsAny <string>(), out skipClaimsPrincipal), Times.Never);
Assert.True(skipResult);
MobileAppUser user = this.tokenHandler.CreateServiceUser((ClaimsIdentity)skipClaimsPrincipal.Identity, skipToken.RawData);
Assert.Equal("Facebook:1234", user.Id);
Assert.True(user.Identity.IsAuthenticated);
Claim[] claims = user.Claims.ToArray();
Assert.Equal(8, claims.Length);
Assert.Equal("Frank", claims.Single(p => p.Type == ClaimTypes.GivenName).Value);
Assert.Equal("Miller", claims.Single(p => p.Type == ClaimTypes.Surname).Value);
Assert.Equal("Admin", claims.Single(p => p.Type == ClaimTypes.Role).Value);
Assert.Equal("Facebook:1234", claims.Single(p => p.Type == "uid").Value);
Assert.Equal("MyClaimValue", claims.Single(p => p.Type == "my_custom_claim").Value);
}
public MobileAppAuthenticationHandlerTests()
{
this.config = new HttpConfiguration();
this.tokenHandler = new MobileAppTokenHandler(this.config);
this.loggerMock = new Mock <ILogger>();
this.handlerMock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, this.tokenHandler);
}
public MobileAppAuthenticationHandlerTests()
{
this.config = new HttpConfiguration();
this.tokenHandler = new MobileAppTokenHandler(this.config);
this.loggerMock = new Mock<ILogger>();
this.handlerMock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, this.tokenHandler);
}
public void Authenticate_CorrectlyAuthenticates(string otherSigningKey, bool expectAuthenticated)
{
// Arrange
HttpConfiguration config = new HttpConfiguration();
AppServiceAuthenticationOptions optionsDefault = CreateTestOptions(config);
optionsDefault.SigningKey = SigningKeyAlpha;
AppServiceAuthenticationOptions optionsOtherSigningKey = CreateTestOptions(config);
optionsOtherSigningKey.SigningKey = otherSigningKey;
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken());
// Act
AuthenticationTicket authTicket = mock.Authenticate(request, optionsOtherSigningKey);
// Assert
if (expectAuthenticated)
{
// ensure the AuthenticationTicket is set correctly
Assert.NotNull(authTicket);
Assert.NotNull(authTicket.Identity);
Assert.True(authTicket.Identity.IsAuthenticated);
}
else
{
Assert.NotNull(authTicket);
Assert.NotNull(authTicket.Identity);
Assert.False(authTicket.Identity.IsAuthenticated);
}
}
public void Authenticate_Fails_WithInvalidIssuer()
{
// Arrange
AppServiceAuthenticationOptions options = CreateTestOptions(new HttpConfiguration());
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken(issuer: "https://invalidIssuer/"));
// Act
AuthenticationTicket authticket = mock.Authenticate(request, options);
// Assert
Assert.NotNull(authticket);
Assert.NotNull(authticket.Identity);
Assert.False(authticket.Identity.IsAuthenticated, "Expected Authenticate to fail with invalid issuer");
}
public void Authenticate_FailsToAuthenticate_ValidIdentity_WithoutSigningKey()
{
// Arrange
AppServiceAuthenticationOptions options = CreateTestOptions(new HttpConfiguration());
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken());
options.SigningKey = null;
// Act
AuthenticationTicket authticket = mock.Authenticate(request, options);
// Assert
Assert.NotNull(authticket);
Assert.NotNull(authticket.Identity);
Assert.False(authticket.Identity.IsAuthenticated, "Expected Authenticate to fail without signing key specified in MobileAppAuthenticationOptions");
}
public void Authenticate_LeavesUserNull_IfException()
{
// Arrange
var mockTokenHandler = new Mock <MobileAppTokenHandler>(this.config);
mockTokenHandler.CallBase = true;
mockTokenHandler
.Setup(t => t.CreateServiceUser(It.IsAny <ClaimsIdentity>(), It.IsAny <string>()))
.Throws(new InvalidOperationException())
.Verifiable();
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, mockTokenHandler.Object);
var request = CreateAuthRequest("signing_key");
request.User = new ClaimsPrincipal();
// Act
mock.Authenticate(request, CreateOptions(false, "signing_key"));
// Assert
mockTokenHandler.VerifyAll();
Assert.Null(request.User);
}
public void Authenticate_CorrectlyAuthenticates(MobileAppAuthenticationOptions options, bool expectAuthenticated)
{
// Arrange
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, this.tokenHandler);
var request = CreateAuthRequest("signing_key");
request.User = new ClaimsPrincipal();
// Act
mock.Authenticate(request, options);
// Assert
if (expectAuthenticated)
{
Assert.NotNull(request.User.Identity);
Assert.True(request.User.Identity.IsAuthenticated);
Assert.IsType(typeof(MobileAppUser), request.User);
}
else
{
Assert.Null(request.User);
}
}
public void Authenticate_CorrectlyAuthenticates(string otherSigningKey, bool expectAuthenticated)
{
// Arrange
HttpConfiguration config = new HttpConfiguration();
AppServiceAuthenticationOptions optionsDefault = CreateTestOptions(config);
optionsDefault.SigningKey = SigningKeyAlpha;
AppServiceAuthenticationOptions optionsOtherSigningKey = CreateTestOptions(config);
optionsOtherSigningKey.SigningKey = otherSigningKey;
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken());
// Act
AuthenticationTicket authTicket = mock.Authenticate(request, optionsOtherSigningKey);
// Assert
if (expectAuthenticated)
{
// ensure the AuthenticationTicket is set correctly
Assert.NotNull(authTicket);
Assert.NotNull(authTicket.Identity);
Assert.True(authTicket.Identity.IsAuthenticated);
}
else
{
Assert.NotNull(authTicket);
Assert.NotNull(authTicket.Identity);
Assert.False(authTicket.Identity.IsAuthenticated);
}
}
public void Authenticate_Fails_WithInvalidIssuer()
{
// Arrange
AppServiceAuthenticationOptions options = CreateTestOptions(new HttpConfiguration());
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken(issuer: "https://invalidIssuer/"));
// Act
AuthenticationTicket authticket = mock.Authenticate(request, options);
// Assert
Assert.NotNull(authticket);
Assert.NotNull(authticket.Identity);
Assert.False(authticket.Identity.IsAuthenticated, "Expected Authenticate to fail with invalid issuer");
}
public void Authenticate_FailsToAuthenticate_ValidIdentity_WithoutSigningKey()
{
// Arrange
AppServiceAuthenticationOptions options = CreateTestOptions(new HttpConfiguration());
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken());
options.SigningKey = null;
// Act
AuthenticationTicket authticket = mock.Authenticate(request, options);
// Assert
Assert.NotNull(authticket);
Assert.NotNull(authticket.Identity);
Assert.False(authticket.Identity.IsAuthenticated, "Expected Authenticate to fail without signing key specified in MobileAppAuthenticationOptions");
}
public void Authenticate_Fails_WithInvalidAudience()
{
// Arrange
MobileAppAuthenticationOptions options = CreateTestOptions();
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, this.tokenHandler);
var request = CreateAuthRequest(new Uri(TestWebsiteUrl), GetTestToken(audience: "https://invalidAudience/"));
// Act
AuthenticationTicket authticket = mock.Authenticate(request, options);
// Assert
Assert.NotNull(authticket);
Assert.NotNull(authticket.Identity);
Assert.False(authticket.Identity.IsAuthenticated, "Expected Authenticate to fail with invalid audience");
}
public void Authenticate_LeavesUserNull_IfException()
{
// Arrange
var mockTokenHandler = new Mock<MobileAppTokenHandler>(this.config);
mockTokenHandler.CallBase = true;
mockTokenHandler
.Setup(t => t.CreateServiceUser(It.IsAny<ClaimsIdentity>(), It.IsAny<string>()))
.Throws(new InvalidOperationException())
.Verifiable();
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, mockTokenHandler.Object);
var request = CreateAuthRequest("signing_key");
request.User = new ClaimsPrincipal();
// Act
mock.Authenticate(request, CreateOptions(false, "signing_key"));
// Assert
mockTokenHandler.VerifyAll();
Assert.Null(request.User);
}
public void Authenticate_CorrectlyAuthenticates(MobileAppAuthenticationOptions options, bool expectAuthenticated)
{
// Arrange
var mock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, this.tokenHandler);
var request = CreateAuthRequest("signing_key");
request.User = new ClaimsPrincipal();
// Act
mock.Authenticate(request, options);
// Assert
if (expectAuthenticated)
{
Assert.NotNull(request.User.Identity);
Assert.True(request.User.Identity.IsAuthenticated);
Assert.IsType(typeof(MobileAppUser), request.User);
}
else
{
Assert.Null(request.User);
}
}
public void TryParseLoginToken_NoTokenValidation_ReturnsExpectedClaims()
{
// Arrange
Mock<MobileAppTokenHandler> tokenHandlerMock = new Mock<MobileAppTokenHandler>(this.config);
MobileAppAuthenticationHandlerMock authHandlerMock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, tokenHandlerMock.Object);
MobileAppAuthenticationOptions skipOptions = new MobileAppAuthenticationOptions();
skipOptions.SigningKey = "SOME_SIGNING_KEY";
skipOptions.SkipTokenSignatureValidation = true;
JwtSecurityToken skipToken = GetTestToken("SOME_OTHER_KEY");
// Act
ClaimsPrincipal skipClaimsPrincipal;
bool skipResult = authHandlerMock.TryParseLoginToken(skipToken.RawData, skipOptions, out skipClaimsPrincipal);
// Assert
tokenHandlerMock.Verify(h => h.TryValidateLoginToken(It.IsAny<string>(), It.IsAny<string>(), out skipClaimsPrincipal), Times.Never);
Assert.True(skipResult);
MobileAppUser user = this.tokenHandler.CreateServiceUser((ClaimsIdentity)skipClaimsPrincipal.Identity, skipToken.RawData);
Assert.Equal("Facebook:1234", user.Id);
Assert.True(user.Identity.IsAuthenticated);
Claim[] claims = user.Claims.ToArray();
Assert.Equal(8, claims.Length);
Assert.Equal("Frank", claims.Single(p => p.Type == ClaimTypes.GivenName).Value);
Assert.Equal("Miller", claims.Single(p => p.Type == ClaimTypes.Surname).Value);
Assert.Equal("Admin", claims.Single(p => p.Type == ClaimTypes.Role).Value);
Assert.Equal("Facebook:1234", claims.Single(p => p.Type == "uid").Value);
Assert.Equal("MyClaimValue", claims.Single(p => p.Type == "my_custom_claim").Value);
}
