public void Parse_Scopes_with_Empty_Scope_List()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("");
scopes.Should().BeNull();
}
public static DeviceAuthorizationRequestValidator CreateDeviceAuthorizationRequestValidator(
IdentityServerOptions options = null,
IResourceStore resourceStore = null,
ScopeValidator scopeValidator = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (resourceStore == null)
{
resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis());
}
if (scopeValidator == null)
{
scopeValidator = new ScopeValidator(resourceStore, new LoggerFactory().CreateLogger <ScopeValidator>());
}
return(new DeviceAuthorizationRequestValidator(
options,
scopeValidator,
TestLogger.Create <DeviceAuthorizationRequestValidator>()));
}
public void ProcessConsentAsync_NoPromptMode_ConsentServiceRequiresConsent_ConsentGrantedButMissingRequiredScopes_ReturnsErrorResult()
{
RequiresConsent(true);
var client = new Client {
};
var scopeValidator = new ScopeValidator(new InMemoryScopeStore(GetScopes()), TestLogger.Create <ScopeValidator>());
var request = new ValidatedAuthorizeRequest()
{
ResponseMode = OidcConstants.ResponseModes.Fragment,
State = "12345",
RedirectUri = "https://client.com/callback",
RequestedScopes = new List <string> {
"openid", "read"
},
ValidatedScopes = scopeValidator,
Client = client
};
var valid = scopeValidator.AreScopesValidAsync(request.RequestedScopes).Result;
var consent = new ConsentResponse
{
RememberConsent = false,
ScopesConsented = new string[] { "read" }
};
var result = _subject.ProcessConsentAsync(request, consent).Result;
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.AuthorizeErrors.AccessDenied);
AssertUpdateConsentNotCalled();
}
public static TokenRequestValidator CreateTokenRequestValidator(
IdentityServerOptions options = null,
IScopeStore scopes = null,
IAuthorizationCodeStore authorizationCodeStore = null,
IRefreshTokenStore refreshTokens = null,
IUserService userService = null,
ICustomGrantValidator customGrantValidator = null,
ICustomRequestValidator customRequestValidator = null,
ScopeValidator scopeValidator = null,
IDictionary <string, object> environment = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (scopes == null)
{
scopes = new InMemoryScopeStore(TestScopes.Get());
}
if (userService == null)
{
userService = new TestUserService();
}
if (customRequestValidator == null)
{
customRequestValidator = new DefaultCustomRequestValidator();
}
if (customGrantValidator == null)
{
customGrantValidator = new TestGrantValidator();
}
if (refreshTokens == null)
{
refreshTokens = new InMemoryRefreshTokenStore();
}
if (scopeValidator == null)
{
scopeValidator = new ScopeValidator(scopes);
}
IOwinContext context;
if (environment == null)
{
context = new OwinContext(new Dictionary <string, object>());
}
else
{
context = new OwinContext(environment);
}
return(new TokenRequestValidator(options, authorizationCodeStore, refreshTokens, userService, scopes, customGrantValidator, customRequestValidator, scopeValidator, context));
}
public void Parse_Scopes_with_Empty_Scope_List()
{
var validator = new ScopeValidator(_logger);
var scopes = validator.ParseScopes("");
Assert.IsNull(scopes);
}
public void Invalid_Scope()
{
var validator = new ScopeValidator(_logger);
var scopes = validator.ParseScopes("openid email resource1 resource2 unknown");
var result = validator.AreScopesValid(scopes, _allScopes);
Assert.IsFalse(result);
}
public void All_Scopes_Allowed_For_Restricted_Client()
{
var validator = new ScopeValidator(_logger);
var scopes = validator.ParseScopes("openid resource1");
var result = validator.AreScopesAllowed(_restrictedClient, scopes);
Assert.IsTrue(result);
}
public void All_Scopes_Allowed_For_Unrestricted_Client()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("openid email resource1 resource2");
var result = validator.AreScopesAllowed(_unrestrictedClient, scopes);
Assert.IsTrue(result);
}
public void Restricted_Scopes()
{
var scopes = ScopeValidator.ParseScopesString("openid email resource1 resource2");
var validator = new ScopeValidator(_store);
var result = validator.AreScopesAllowed(_restrictedClient, scopes);
result.Should().BeFalse();
}
public void Restricted_Scopes()
{
var validator = new ScopeValidator(_logger);
var scopes = validator.ParseScopes("openid email resource1 resource2");
var result = validator.AreScopesAllowed(_restrictedClient, scopes);
Assert.IsFalse(result);
}
public void Invalid_Scope()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("openid email resource1 resource2 unknown");
var result = validator.AreScopesValid(scopes, _allScopes);
result.Should().BeFalse();
}
public void All_Scopes_Valid()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("openid email resource1 resource2");
var result = validator.AreScopesValid(scopes, _allScopes);
result.Should().BeTrue();
}
public void All_Scopes_Valid()
{
var validator = new ScopeValidator(_logger);
var scopes = validator.ParseScopes("openid email resource1 resource2");
var result = validator.AreScopesValid(scopes, _allScopes);
Assert.IsTrue(result);
}
public void Disabled_Scope()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("openid email resource1 resource2 disabled");
var result = validator.AreScopesValid(scopes, _allScopes);
Assert.IsFalse(result);
}
public void All_Scopes_Allowed_For_Restricted_Client()
{
var scopes = ScopeValidator.ParseScopesString("openid resource1");
var validator = new ScopeValidator(_store);
var result = validator.AreScopesAllowed(_restrictedClient, scopes);
result.Should().BeTrue();
}
public void Parse_Scopes_with_Duplicate_Scope()
{
var scopes = ScopeValidator.ParseScopesString("scope2 scope1 scope2");
scopes.Count.Should().Be(2);
scopes[0].Should().Be("scope1");
scopes[1].Should().Be("scope2");
}
public async Task All_Scopes_Valid()
{
var scopes = ScopeValidator.ParseScopesString("openid email resource1 resource2");
var validator = new ScopeValidator(_store);
var result = await validator.AreScopesValidAsync(scopes);
result.Should().BeTrue();
}
public async Task Disabled_Scope()
{
var scopes = ScopeValidator.ParseScopesString("openid email resource1 resource2 disabled");
var validator = new ScopeValidator(_store);
var result = await validator.AreScopesValidAsync(scopes);
result.Should().BeFalse();
}
public void Parse_Scopes_with_Duplicate_Scope()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("scope2 scope1 scope2");
scopes.Count.Should().Be(2);
scopes[0].Should().Be("scope1");
scopes[1].Should().Be("scope2");
}
public void Parse_Scopes_with_Duplicate_Scope()
{
var validator = new ScopeValidator(_logger);
var scopes = validator.ParseScopes("scope2 scope1 scope2");
Assert.AreEqual(scopes.Count, 2);
Assert.AreEqual(scopes[0], "scope1");
Assert.AreEqual(scopes[1], "scope2");
}
public void Parse_Scopes_with_Sorting()
{
var scopes = ScopeValidator.ParseScopesString("scope3 scope2 scope1");
scopes.Count.Should().Be(3);
scopes[0].Should().Be("scope1");
scopes[1].Should().Be("scope2");
scopes[2].Should().Be("scope3");
}
public static TokenRequestValidator CreateTokenRequestValidator(
IdentityServerOptions options = null,
IScopeStore scopes = null,
IAuthorizationCodeStore authorizationCodeStore = null,
IRefreshTokenStore refreshTokens = null,
IUserService userService = null,
ICustomGrantValidator customGrantValidator = null,
ICustomRequestValidator customRequestValidator = null,
ScopeValidator scopeValidator = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (scopes == null)
{
scopes = new InMemoryScopeStore(TestScopes.Get());
}
if (userService == null)
{
userService = new TestUserService();
}
if (customRequestValidator == null)
{
customRequestValidator = new DefaultCustomRequestValidator();
}
if (customGrantValidator == null)
{
customGrantValidator = new TestGrantValidator();
}
if (refreshTokens == null)
{
refreshTokens = new InMemoryRefreshTokenStore();
}
if (scopeValidator == null)
{
scopeValidator = new ScopeValidator(scopes);
}
return(new TokenRequestValidator(
options,
authorizationCodeStore,
refreshTokens,
userService,
customGrantValidator,
customRequestValidator,
scopeValidator,
new DefaultEventService()));
}
public void Parse_Scopes_with_Extra_Spaces()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes(" scope3 scope2 scope1 ");
scopes.Count.Should().Be(3);
scopes[0].Should().Be("scope1");
scopes[1].Should().Be("scope2");
scopes[2].Should().Be("scope3");
}
public void Parse_Scopes_with_Extra_Spaces()
{
var validator = new ScopeValidator(_logger);
var scopes = validator.ParseScopes(" scope3 scope2 scope1 ");
Assert.AreEqual(scopes.Count, 3);
Assert.AreEqual(scopes[0], "scope1");
Assert.AreEqual(scopes[1], "scope2");
Assert.AreEqual(scopes[2], "scope3");
}
public void Contains_Identity_Scopes_Only()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("openid email");
var result = validator.AreScopesValid(scopes, _allScopes);
result.Should().BeTrue();
validator.ContainsOpenIdScopes.Should().BeTrue();
validator.ContainsResourceScopes.Should().BeFalse();
}
public void Contains_Identity_Scopes_Only()
{
var validator = new ScopeValidator(_logger);
var scopes = validator.ParseScopes("openid email");
var result = validator.AreScopesValid(scopes, _allScopes);
Assert.IsTrue(result);
Assert.IsTrue(validator.ContainsOpenIdScopes);
Assert.IsFalse(validator.ContainsResourceScopes);
}
public void Contains_Resource_and_Identity_Scopes()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("openid email resource1 resource2");
var result = validator.AreScopesValid(scopes, _allScopes);
Assert.IsTrue(result);
Assert.IsTrue(validator.ContainsOpenIdScopes);
Assert.IsTrue(validator.ContainsResourceScopes);
}
public void Contains_Resource_Scopes_Only()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("resource1 resource2");
var result = validator.AreScopesValid(scopes, _allScopes);
Assert.IsTrue(result);
Assert.IsFalse(validator.ContainsOpenIdScopes);
Assert.IsTrue(validator.ContainsResourceScopes);
}
public void Parse_Scopes_with_Sorting()
{
var validator = new ScopeValidator();
var scopes = validator.ParseScopes("scope3 scope2 scope1");
Assert.AreEqual(scopes.Count, 3);
Assert.AreEqual(scopes[0], "scope1");
Assert.AreEqual(scopes[1], "scope2");
Assert.AreEqual(scopes[2], "scope3");
}
public async Task Contains_Identity_Scopes_Only()
{
var scopes = ScopeValidator.ParseScopesString("openid email");
var validator = new ScopeValidator(_store);
var result = await validator.AreScopesValidAsync(scopes);
result.Should().BeTrue();
validator.ContainsOpenIdScopes.Should().BeTrue();
validator.ContainsResourceScopes.Should().BeFalse();
}
