private static PersistedGrantService CreateSut()
{
var authorizationCodeStoreMock = new Mock <IAdminStore <Entity.AuthorizationCode> >();
var userConsentStoreMock = new Mock <IAdminStore <Entity.UserConsent> >();
var refreshTokenStoreMock = new Mock <IAdminStore <Entity.RefreshToken> >();
var referenceTokenStoreMock = new Mock <IAdminStore <Entity.ReferenceToken> >();
var serializer = new PersistentGrantSerializer();
var sut = new PersistedGrantService(authorizationCodeStoreMock.Object,
userConsentStoreMock.Object,
refreshTokenStoreMock.Object,
referenceTokenStoreMock.Object,
serializer);
authorizationCodeStoreMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default)).ReturnsAsync(new PageResponse <Entity.AuthorizationCode>
{
Items = new[] {
new Entity.AuthorizationCode
{
Data = serializer.Serialize(new AuthorizationCode {
RequestedScopes = Array.Empty <string>()
})
}
}
});
userConsentStoreMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default)).ReturnsAsync(new PageResponse <Entity.UserConsent>
{
Items = new[] { new Entity.UserConsent
{
Data = serializer.Serialize(new Consent {
Scopes = Array.Empty <string>()
})
} }
});
refreshTokenStoreMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default)).ReturnsAsync(new PageResponse <Entity.RefreshToken>
{
Items = new[] { new Entity.RefreshToken()
{
Data = serializer.Serialize(new RefreshToken {
AccessToken = new Token
{
Claims = Array.Empty <Claim>()
}
})
} }
});
referenceTokenStoreMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default)).ReturnsAsync(new PageResponse <Entity.ReferenceToken>
{
Items = new[] { new Entity.ReferenceToken()
{
Data = serializer.Serialize(new Token {
Claims = Array.Empty <Claim>()
})
} }
});
return(sut);
}
public async Task RemoveReferenceTokenAsync_by_subjectId_clientId_should_delete_entity()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
var serializer = new PersistentGrantSerializer();
var loggerMock = new Mock <ILogger <ReferenceTokenStore> >();
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.ReferenceToken
{
Id = "test",
ClientId = "test",
UserId = "test",
Data = serializer.Serialize(new Token
{
ClientId = "test"
})
}, $"{nameof(Entity.ReferenceToken)}/test");
await s1.SaveChangesAsync();
using var session = store.OpenAsyncSession();
var sut = new ReferenceTokenStore(new ScopedAsynDocumentcSession(session), serializer, loggerMock.Object);
await sut.RemoveReferenceTokensAsync("test", "test");
using var s2 = store.OpenAsyncSession();
var result = await s2.LoadAsync <Entity.ReferenceToken>($"{nameof(Entity.ReferenceToken)}/test");
Assert.Null(result);
}
public async Task GetReferenceTokenAsync_should_return_grant_by_hamlder()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
var serializer = new PersistentGrantSerializer();
var loggerMock = new Mock <ILogger <ReferenceTokenStore> >();
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.ReferenceToken
{
Id = "test",
ClientId = "test",
Data = serializer.Serialize(new Token
{
ClientId = "test"
})
}, $"{nameof(Entity.ReferenceToken)}/test");
await s1.SaveChangesAsync();
using var session = store.OpenAsyncSession();
var sut = new ReferenceTokenStore(new ScopedAsynDocumentcSession(session), serializer, loggerMock.Object);
var result = await sut.GetReferenceTokenAsync("test");
Assert.NotNull(result);
}
public async Task StoreReferenceTokenAsync_should_update_entity()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
var serializer = new PersistentGrantSerializer();
var loggerMock = new Mock <ILogger <ReferenceTokenStore> >();
var token = new Token
{
ClientId = "test"
};
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.ReferenceToken
{
Id = "test",
ClientId = "test",
Data = serializer.Serialize(token)
}, $"{nameof(Entity.ReferenceToken)}/test");
await s1.SaveChangesAsync();
using var session = store.OpenAsyncSession();
var sut = new ReferenceTokenStore(new ScopedAsynDocumentcSession(session), serializer, loggerMock.Object);
var code = await sut.StoreReferenceTokenAsync(token);
Assert.Equal("test", code);
}
public async Task StoreAuthorizationCodeAsync_should_update_entity()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
var serializer = new PersistentGrantSerializer();
var loggerMock = new Mock <ILogger <AuthorizationCodeStore> >();
var authorizationCode = new AuthorizationCode
{
ClientId = "test",
Subject = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(JwtClaimTypes.Subject, "test") }))
};
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.AuthorizationCode
{
Id = "test",
ClientId = "test",
UserId = "test",
Data = serializer.Serialize(authorizationCode)
}, $"{nameof(Entity.AuthorizationCode)}/test");
await s1.SaveChangesAsync();
using var session = store.OpenAsyncSession();
var sut = new AuthorizationCodeStore(new ScopedAsynDocumentcSession(session), serializer, loggerMock.Object);
var code = await sut.StoreAuthorizationCodeAsync(authorizationCode);
Assert.Equal("test", code);
}
public async Task FindByUserCodeAsync_should_find_device_code_by_user_code()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
var serializer = new PersistentGrantSerializer();
var loggerMock = new Mock <ILogger <DeviceFlowStore> >();
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.DeviceCode
{
Id = "test",
UserCode = "code",
Data = serializer.Serialize(new DeviceCode
{
AuthorizedScopes = new[] { "client_credential" }
})
}, $"{nameof(Entity.DeviceCode)}/test");
await s1.SaveChangesAsync();
var sut = new DeviceFlowStore(new ScopedAsynDocumentcSession(store.OpenAsyncSession()), serializer, loggerMock.Object);
var result = await sut.FindByUserCodeAsync("code");
Assert.NotNull(result);
}
public async Task UpdateByUserCodeAsync_should_update_device_code()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
var serializer = new PersistentGrantSerializer();
var loggerMock = new Mock <ILogger <DeviceFlowStore> >();
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.DeviceCode
{
Id = "test",
UserCode = "code",
Data = serializer.Serialize(new DeviceCode
{
AuthorizedScopes = new[] { "client_credential" }
})
}, $"{nameof(Entity.DeviceCode)}/test");
await s1.SaveChangesAsync();
var sut = new DeviceFlowStore(new ScopedAsynDocumentcSession(store.OpenAsyncSession()), serializer, loggerMock.Object);
await sut.UpdateByUserCodeAsync("code", new DeviceCode
{
ClientId = "test"
});
using var s2 = store.OpenAsyncSession();
var updated = await s2.LoadAsync <Entity.DeviceCode>($"{nameof(Entity.DeviceCode)}/test");
var data = serializer.Deserialize <DeviceCode>(updated.Data);
Assert.Equal("test", data.ClientId);
}
public async Task StoreUserConsentAsync_should_update_entity()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
var serializer = new PersistentGrantSerializer();
var loggerMock = new Mock <ILogger <UserConsentStore> >();
var UserConsent = new Consent
{
ClientId = "test",
SubjectId = "test"
};
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.UserConsent
{
Id = "test",
ClientId = "test",
UserId = "test",
Data = serializer.Serialize(UserConsent)
}, $"{nameof(Entity.UserConsent)}/test");
await s1.SaveChangesAsync();
using var session = store.OpenAsyncSession();
var sut = new UserConsentStore(new ScopedAsynDocumentcSession(session), serializer, loggerMock.Object);
await sut.StoreUserConsentAsync(UserConsent);
using var s2 = store.OpenAsyncSession();
var result = await s2.Advanced.LoadStartingWithAsync <Entity.UserConsent>($"{nameof(Entity.UserConsent).ToLowerInvariant()}/");
Assert.Single(result);
}
public async Task Should_Retrieve_Data_By_DeviceCode(TestDatabase testDb)
{
var loggerMock = new Mock <ILogger <DeviceFlowStore> >();
var serializer = new PersistentGrantSerializer();
var testDeviceCode = $"device_{Guid.NewGuid()}";
var testUserCode = $"user_{Guid.NewGuid()}";
var expectedSubject = $"sub_{Guid.NewGuid()}";
var expectedDeviceCodeData = new DeviceCode()
{
ClientId = "device_flow",
RequestedScopes = new[] { "openid", "api1" },
CreationTime = new DateTime(2018, 12, 7, 14, 15, 16),
Lifetime = 300,
IsOpenId = true,
Subject = new ClaimsPrincipal(
new ClaimsIdentity(
new List <Claim> {
new Claim(JwtClaimTypes.Subject, expectedSubject)
}
)
)
};
using (var session = testDb.SessionFactory.OpenSession())
{
using (var tx = session.BeginTransaction())
{
await session.SaveAsync(new DeviceFlowCodes
{
DeviceCode = testDeviceCode,
ID = testUserCode,
ClientId = expectedDeviceCodeData.ClientId,
SubjectId = expectedDeviceCodeData.Subject.FindFirst(JwtClaimTypes.Subject).Value,
CreationTime = expectedDeviceCodeData.CreationTime,
Expiration = expectedDeviceCodeData.CreationTime.AddSeconds(expectedDeviceCodeData.Lifetime),
Data = serializer.Serialize(expectedDeviceCodeData)
});
await tx.CommitAsync();
}
}
DeviceCode code;
using (var session = testDb.SessionFactory.OpenSession())
{
var store = new DeviceFlowStore(session, serializer, loggerMock.Object);
code = await store.FindByDeviceCodeAsync(testDeviceCode);
}
code.Should().BeEquivalentTo(expectedDeviceCodeData, assertionOptions => assertionOptions.Excluding(x => x.Subject));
code.Subject.Claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject && x.Value == expectedSubject).Should().NotBeNull();
await CleanupTestDataAsync(testDb);
}
public async Task Should_Throw_Exception_If_DeviceCode_Already_Exists(TestDatabase testDb)
{
var loggerMock = new Mock <ILogger <DeviceFlowStore> >();
var serializer = new PersistentGrantSerializer();
var existingUserCode = $"user_{Guid.NewGuid()}";
var deviceCodeData = new DeviceCode()
{
ClientId = "device_flow",
RequestedScopes = new[] { "openid", "api1" },
CreationTime = new DateTime(2018, 12, 07, 8, 00, 00),
Lifetime = 300,
IsOpenId = true,
Subject = new ClaimsPrincipal(
new ClaimsIdentity(
new List <Claim> {
new Claim(JwtClaimTypes.Subject, $"sub_{Guid.NewGuid()}")
}
)
)
};
using (var session = testDb.SessionFactory.OpenSession())
{
using (var tx = session.BeginTransaction())
{
await session.SaveAsync(new DeviceFlowCodes()
{
DeviceCode = $"device_{Guid.NewGuid()}",
ID = existingUserCode,
ClientId = deviceCodeData.ClientId,
SubjectId = deviceCodeData.Subject.FindFirst(JwtClaimTypes.Subject).Value,
CreationTime = deviceCodeData.CreationTime,
Expiration = deviceCodeData.CreationTime.AddSeconds(deviceCodeData.Lifetime),
Data = serializer.Serialize(deviceCodeData)
});
await tx.CommitAsync();
}
}
using (var session = testDb.SessionFactory.OpenSession())
{
var store = new DeviceFlowStore(session, new PersistentGrantSerializer(), loggerMock.Object);
Func <Task> act = async() => await store.StoreDeviceAuthorizationAsync($"device_{Guid.NewGuid()}", existingUserCode, deviceCodeData);
await act.Should().ThrowAsync <HibernateException>();
}
await CleanupTestDataAsync(testDb);
}
public async Task Should_Remove_Existing_DeviceCode(TestDatabase testDb)
{
var loggerMock = new Mock <ILogger <DeviceFlowStore> >();
var serializer = new PersistentGrantSerializer();
var testDeviceCode = $"device_{Guid.NewGuid()}";
var testUserCode = $"user_{Guid.NewGuid()}";
var existingDeviceCode = new DeviceCode
{
ClientId = "device_flow",
RequestedScopes = new[] { "openid", "api1" },
CreationTime = new DateTime(2018, 12, 7, 14, 15, 16),
Lifetime = 42,
IsOpenId = true
};
using (var session = testDb.SessionFactory.OpenSession())
{
using (var tx = session.BeginTransaction())
{
await session.SaveAsync(new DeviceFlowCodes
{
DeviceCode = testDeviceCode,
ID = testUserCode,
ClientId = existingDeviceCode.ClientId,
CreationTime = existingDeviceCode.CreationTime,
Expiration = existingDeviceCode.CreationTime.AddSeconds(existingDeviceCode.Lifetime),
Data = serializer.Serialize(existingDeviceCode)
});
await tx.CommitAsync();
}
}
using (var session = testDb.SessionFactory.OpenSession())
{
var store = new DeviceFlowStore(session, serializer, loggerMock.Object);
await store.RemoveByDeviceCodeAsync(testDeviceCode);
}
using (var session = testDb.SessionFactory.OpenSession())
{
(await session.GetAsync <DeviceFlowCodes>(testUserCode)).Should().BeNull();
}
await CleanupTestDataAsync(testDb);
}
public async Task UpdateByUserCodeAsync_should_update_token()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
var serializer = new PersistentGrantSerializer();
var loggerMock = new Mock <ILogger <RefreshTokenStore> >();
var token = new RefreshToken
{
AccessToken = new Token
{
ClientId = "test"
}
};
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.RefreshToken
{
Id = "test",
ClientId = "test",
Data = serializer.Serialize(token)
}, $"{nameof(Entity.RefreshToken)}/test");
await s1.SaveChangesAsync();
var sut = new RefreshTokenStore(new ScopedAsynDocumentcSession(store.OpenAsyncSession()), serializer, loggerMock.Object);
await sut.UpdateRefreshTokenAsync("test", new RefreshToken
{
AccessToken = new Token
{
ClientId = "test",
Description = "test"
}
});
using var s2 = store.OpenAsyncSession();
var updated = await s2.LoadAsync <Entity.RefreshToken>($"{nameof(Entity.RefreshToken)}/test");
var data = serializer.Deserialize <RefreshToken>(updated.Data);
Assert.Equal("test", data.AccessToken.Description);
}
async Task StoreItem <T>(string key, T item, string type, string clientId, string subjectId, DateTime created, int lifetime)
{
key = HashKey(key, type);
var json = _serializer.Serialize(item);
var grant = new PersistedGrant
{
Key = key,
Type = type,
ClientId = clientId,
SubjectId = subjectId,
CreationTime = created,
Expiration = created.AddSeconds(lifetime),
Data = json
};
await _store.StoreAsync(grant);
}
protected async Task StoreItemAsync(string key, T item, string clientId, string subjectId, DateTime created, int lifetime)
{
key = GetHashedKey(key);
var json = _serializer.Serialize(item);
var grant = new PersistedGrant()
{
Key = key,
Type = _grantType,
ClientId = clientId,
SubjectId = subjectId,
CreationTime = created,
Expiration = created.AddSeconds(lifetime),
Data = json,
};
await _store.StoreAsync(grant);
}
private static PersistedGrantService CreateSut(out Mock <IDataProtector> mock)
{
var authorizationCodeStoreMock = new Mock <IAdminStore <Entity.AuthorizationCode> >();
var userConsentStoreMock = new Mock <IAdminStore <Entity.UserConsent> >();
var refreshTokenStoreMock = new Mock <IAdminStore <Entity.RefreshToken> >();
var referenceTokenStoreMock = new Mock <IAdminStore <Entity.ReferenceToken> >();
var dataProtectorProviderMock = new Mock <IDataProtectionProvider>();
var dataProtectorMock = new Mock <IDataProtector>();
dataProtectorMock.Setup(m => m.Protect(It.IsAny <byte[]>())).Returns <byte[]>(b => b);
dataProtectorMock.Setup(m => m.Unprotect(It.IsAny <byte[]>())).Returns <byte[]>(b => b);
dataProtectorProviderMock.Setup(m => m.CreateProtector(It.IsAny <string>())).Returns(dataProtectorMock.Object);
#if DUENDE
var serializer = new PersistentGrantSerializer(new PersistentGrantOptions
{
DataProtectData = true
}, dataProtectorProviderMock.Object);
#else
var serializer = new PersistentGrantSerializer();
#endif
var localizerMock = new Mock <IStringLocalizer <PersistedGrantService> >();
var loggerMock = new Mock <ILogger <PersistedGrantService> >();
var sut = new PersistedGrantService(authorizationCodeStoreMock.Object,
userConsentStoreMock.Object,
refreshTokenStoreMock.Object,
referenceTokenStoreMock.Object,
serializer,
localizerMock.Object,
loggerMock.Object);
authorizationCodeStoreMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default)).ReturnsAsync(new PageResponse <Entity.AuthorizationCode>
{
Items = new[] {
new Entity.AuthorizationCode
{
Data = serializer.Serialize(new AuthorizationCode {
RequestedScopes = Array.Empty <string>()
})
}
}
});
userConsentStoreMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default)).ReturnsAsync(new PageResponse <Entity.UserConsent>
{
Items = new[] { new Entity.UserConsent
{
Data = serializer.Serialize(new Consent {
Scopes = Array.Empty <string>()
})
} }
});
#if DUENDE
var refreshToken = new RefreshToken();
refreshToken.SetAccessToken(new Token
{
Claims = Array.Empty <Claim>()
});
#else
var refreshToken = new RefreshToken
{
AccessToken = new Token
{
Claims = Array.Empty <Claim>()
}
};
#endif
refreshTokenStoreMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default)).ReturnsAsync(new PageResponse <Entity.RefreshToken>
{
Items = new[] { new Entity.RefreshToken()
{
Data = serializer.Serialize(refreshToken)
} }
});
referenceTokenStoreMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default)).ReturnsAsync(new PageResponse <Entity.ReferenceToken>
{
Items = new[] { new Entity.ReferenceToken()
{
Data = serializer.Serialize(new Token {
Claims = Array.Empty <Claim>()
})
} }
});
mock = dataProtectorMock;
return(sut);
}
public async Task Should_Update_Authorized_Device_Code(TestDatabase testDb)
{
var loggerMock = new Mock <ILogger <DeviceFlowStore> >();
var serializer = new PersistentGrantSerializer();
var testDeviceCode = $"device_{Guid.NewGuid()}";
var testUserCode = $"user_{Guid.NewGuid()}";
var expectedSubject = $"sub_{Guid.NewGuid()}";
var unauthorizedDeviceCode = new DeviceCode()
{
ClientId = "device_flow",
RequestedScopes = new[] { "openid", "api1" },
CreationTime = new DateTime(2018, 12, 7, 14, 15, 16),
Lifetime = 42,
IsOpenId = true
};
using (var session = testDb.SessionFactory.OpenSession())
{
using (var tx = session.BeginTransaction())
{
await session.SaveAsync(new DeviceFlowCodes
{
DeviceCode = testDeviceCode,
ID = testUserCode,
ClientId = unauthorizedDeviceCode.ClientId,
CreationTime = unauthorizedDeviceCode.CreationTime,
Expiration = unauthorizedDeviceCode.CreationTime.AddSeconds(unauthorizedDeviceCode.Lifetime),
Data = serializer.Serialize(unauthorizedDeviceCode)
});
await tx.CommitAsync();
}
}
var authorizedDeviceCode = new DeviceCode
{
ClientId = unauthorizedDeviceCode.ClientId,
RequestedScopes = unauthorizedDeviceCode.RequestedScopes,
AuthorizedScopes = unauthorizedDeviceCode.RequestedScopes,
Subject = new ClaimsPrincipal(
new ClaimsIdentity(
new List <Claim> {
new Claim(JwtClaimTypes.Subject, expectedSubject)
}
)
),
IsAuthorized = true,
IsOpenId = true,
CreationTime = new DateTime(2018, 12, 7, 14, 15, 16),
Lifetime = 42
};
using (var session = testDb.SessionFactory.OpenSession())
{
var store = new DeviceFlowStore(session, serializer, loggerMock.Object);
await store.UpdateByUserCodeAsync(testUserCode, authorizedDeviceCode);
}
DeviceFlowCodes updatedCodes;
using (var session = testDb.SessionFactory.OpenSession())
{
updatedCodes = await session.GetAsync <DeviceFlowCodes>(testUserCode);
}
// Unchanged
updatedCodes.DeviceCode.Should().Be(testDeviceCode);
updatedCodes.ClientId.Should().Be(unauthorizedDeviceCode.ClientId);
updatedCodes.CreationTime.Should().Be(unauthorizedDeviceCode.CreationTime);
updatedCodes.Expiration.Should().Be(unauthorizedDeviceCode.CreationTime.AddSeconds(unauthorizedDeviceCode.Lifetime));
// Updated
var parsedCode = serializer.Deserialize <DeviceCode>(updatedCodes.Data);
parsedCode.Should().BeEquivalentTo(authorizedDeviceCode, assertionOptions => assertionOptions.Excluding(x => x.Subject));
parsedCode.Subject.Claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject && x.Value == expectedSubject).Should().NotBeNull();
await CleanupTestDataAsync(testDb);
}
