public void Test_MissingAuthCookie()
{
SecuredAttribute securedAttribute;
HttpActionContext httpActionContext;
httpActionContext = BuildHttpActionContext();
HttpContext.Current = BuildHttpContext();
securedAttribute = new SecuredAttribute();
Assert.That(() => securedAttribute.OnAuthorization(httpActionContext),
Throws.TypeOf <InvalidCredentialException>().And.Property("Message").EqualTo(SecuredAttribute.AuthenticationCookieMissingMessage));
}
public void Test_InvalidAuthCookie()
{
SecuredAttribute securedAttribute;
HttpActionContext httpActionContext;
httpActionContext = BuildHttpActionContext();
httpActionContext.Request.Headers.Add("Cookie",
string.Format("{0}=aa", FormsAuthentication.FormsCookieName));
HttpContext.Current = BuildHttpContext();
securedAttribute = new SecuredAttribute();
Assert.That(() => securedAttribute.OnAuthorization(httpActionContext),
Throws.TypeOf <InvalidCredentialException>().And.Property("Message").EqualTo(UserAccountValidator.InvalidUserNameOrPasswordMessage));
}
private static SecuredAttribute CreateSubjectUnderTest(
string role = "",
Claim claim = null)
{
var sut = new SecuredAttribute();
if (!role.IsNullOrEmpty())
{
sut.Role = role;
}
if (claim.IsNotNull())
{
sut.Claim = claim;
}
return(sut);
}
public void Test_IdentifierNotInOpenIdCache()
{
SecuredAttribute securedAttribute;
HttpActionContext httpActionContext;
HttpCookie authCookie;
HttpCookie xsrfCookie;
CookieHelper.CreateAuthenticationAndXsrfCookies(
RequestContext.TenantId,
WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance,
Guid.NewGuid().ToString(),
1234,
true, // Persistent
null, // Create new XSRF token,
DateTime.Now, // Issue date
DateTime.Now.AddMinutes(10), // Expiry
out authCookie,
out xsrfCookie);
httpActionContext = BuildHttpActionContext();
httpActionContext.Request.Headers.Add(
"Cookie",
string.Format(
"{0}={1};{2}={3}",
authCookie.Name,
authCookie.Value,
xsrfCookie.Name,
xsrfCookie.Value));
httpActionContext.Request.Headers.Add(
LoginConstants.Headers.AngularJsXsrfToken,
xsrfCookie.Value);
httpActionContext.Request.RequestUri = new Uri(
string.Format(
"http://a?{0}={1}",
LoginConstants.QueryString.XsrfToken,
xsrfCookie.Value),
UriKind.Absolute);
HttpContext.Current = BuildHttpContext();
securedAttribute = new SecuredAttribute();
Assert.That(() => securedAttribute.OnAuthorization(httpActionContext),
Throws.TypeOf <InvalidCredentialException>().And.Property("Message").EqualTo(UserAccountValidator.InvalidUserNameOrPasswordMessage));
}
public void AuthenticateWithoutPinAuthenticationActive()
{
// Set PIN authentication Active status to false
var activeAttributeGuid = Guid.Parse("f8926e80-1cd1-4dfd-ac1f-28b5dc75b207");
var attributeService = new AttributeService(new RockContext());
var activeAttribute = attributeService.Queryable().FirstOrDefault(a => a.Guid == activeAttributeGuid);
var pinAuthentication = AuthenticationContainer.GetComponent(typeof(Security.Authentication.PINAuthentication).FullName);
pinAuthentication.AttributeValues["Active"] = new AttributeValueCache {
AttributeId = activeAttribute.Id, EntityId = pinAuthentication.Id, Value = "False"
};
// Add signed in user to trigger PIN authentication check
var principal = new GenericPrincipal(new GenericIdentity("tdecker"), null);
var requestContext = new HttpRequestContext()
{
Principal = principal
};
var request = new HttpRequestMessage();
request.SetUserPrincipal(principal);
// Categories controller because it is authenticated and will activate SecuredAttribute filter and has an endpoint which us called to populate a tree-view
var descriptor = new HttpControllerDescriptor(new HttpConfiguration(), nameof(CategoriesController), typeof(CategoriesController));
var controller = new CategoriesController()
{
Request = request, RequestContext = requestContext, User = principal
};
var actionFilter = new SecuredAttribute();
var httpContext = new HttpActionContext()
{
ControllerContext = new HttpControllerContext(requestContext, request, descriptor, controller),
ActionDescriptor = new ReflectedHttpActionDescriptor()
{
ControllerDescriptor = descriptor, MethodInfo = descriptor.ControllerType.GetMethod("GetChildren")
},
Response = new HttpResponseMessage(HttpStatusCode.OK)
};
actionFilter.OnActionExecuting(httpContext);
Assert.That.AreEqual(httpContext.Response.StatusCode, HttpStatusCode.OK);
}
public void Test_ExpiredAuthCookie()
{
SecuredAttribute securedAttribute;
HttpActionContext httpActionContext;
HttpCookie authCookie;
HttpCookie xsrfCookie;
var requestContext = RequestContext.GetContext();
CookieHelper.CreateAuthenticationAndXsrfCookies(
RequestContext.TenantId,
WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance,
requestContext.Identity.Name,
requestContext.Identity.Id,
true, // Persistent
null, // Create new XSRF token,
DateTime.Now.AddMinutes(-10), // Issue date
DateTime.Now.AddMinutes(-1), // Expiry
out authCookie,
out xsrfCookie);
httpActionContext = BuildHttpActionContext();
httpActionContext.Request.Headers.Add(
"Cookie",
string.Format(
"{0}={1};{2}={3}",
authCookie.Name,
authCookie.Value,
xsrfCookie.Name,
xsrfCookie.Value));
HttpContext.Current = BuildHttpContext();
securedAttribute = new SecuredAttribute();
Assert.That(() => securedAttribute.OnAuthorization(httpActionContext),
Throws.TypeOf <AuthenticationTokenExpiredException>());
}
public void Test_ExtendWindow(string requestPath, double offset, bool expectExtension)
{
SecuredAttribute securedAttribute;
HttpActionContext httpActionContext;
HttpCookie authCookie;
HttpCookie xsrfCookie;
DateTime issueDate;
DateTime expiryDate;
// Ensure the ticket is over half way through its window
issueDate = DateTime.Now.AddMinutes(-(LoginConstants.Cookie.Timeout / 2) + offset);
expiryDate = issueDate.AddMinutes(LoginConstants.Cookie.Timeout);
var requestContext = RequestContext.GetContext();
CookieHelper.CreateAuthenticationAndXsrfCookies(
RequestContext.TenantId,
WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance,
requestContext.Identity.Name,
requestContext.Identity.Id,
true, // Persistent
null, // Create new XSRF token,
issueDate,
expiryDate,
out authCookie,
out xsrfCookie);
httpActionContext = BuildHttpActionContext();
httpActionContext.Request.Headers.Add(
"Cookie",
string.Format(
"{0}={1};{2}={3}",
authCookie.Name,
authCookie.Value,
xsrfCookie.Name,
xsrfCookie.Value));
httpActionContext.Request.Headers.Add(
LoginConstants.Headers.AngularJsXsrfToken,
xsrfCookie.Value);
httpActionContext.Request.RequestUri = new Uri(
string.Format(
"http://host{0}?{1}={2}",
requestPath,
LoginConstants.QueryString.XsrfToken,
xsrfCookie.Value),
UriKind.Absolute);
HttpContext.Current = BuildHttpContext();
securedAttribute = new SecuredAttribute();
securedAttribute.OnAuthorization(httpActionContext);
if (expectExtension)
{
Assert.That(HttpContext.Current.Response.Cookies.AllKeys,
Is.EquivalentTo(new[]
{ FormsAuthentication.FormsCookieName, LoginConstants.Cookie.AngularDefaultXsrfCookieName }));
}
else
{
Assert.That(HttpContext.Current.Response.Cookies.AllKeys,
Is.Empty);
}
}
private static SecuredAttribute CreateSubjectUnderTest(
string role = "",
Claim claim = null)
{
var sut = new SecuredAttribute();
if (!role.IsNullOrEmpty())
sut.Role = role;
if (claim.IsNotNull())
sut.Claim = claim;
return sut;
}
