Exemplo n.º 1
0
        public void Doesnt_allow_sending_invalid_APIKeys()
        {
            var client = new JsonServiceClient(ListeningOn)
            {
                Credentials = new NetworkCredential("InvalidKey", ""),
            };

            var request = new Secured {
                Name = "live"
            };

            try
            {
                var response = client.Send(request);
                Assert.Fail("Should throw");
            }
            catch (WebServiceException ex)
            {
                Assert.That(ex.ResponseStatus.ErrorCode, Is.EqualTo("NotFound"));
                Assert.That(ex.ResponseStatus.Message, Is.EqualTo("ApiKey does not exist"));
                Assert.That(ex.ResponseStatus.StackTrace, Is.Not.Null);
            }
        }
Exemplo n.º 2
0
        public void Can_not_access_Secure_service_with_invalidated_token()
        {
            var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProvider.Name);

            var token = jwtProvider.CreateJwtBearerToken(new AuthUserSession
            {
                UserAuthId  = "1",
                DisplayName = "Test",
                Email       = "*****@*****.**"
            });

            var client = GetClientWithBearerToken(token);

            var request = new Secured {
                Name = "test"
            };
            var response = client.Send(request);

            Assert.That(response.Result, Is.EqualTo(request.Name));

            jwtProvider.InvalidateTokensIssuedBefore = DateTime.UtcNow.AddSeconds(1);

            try
            {
                response = client.Send(request);
                Assert.Fail("Should throw");
            }
            catch (WebServiceException ex)
            {
                Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
                Assert.That(ex.ErrorCode, Is.EqualTo(typeof(TokenException).Name));
            }
            finally
            {
                jwtProvider.InvalidateTokensIssuedBefore = null;
            }
        }
Exemplo n.º 3
0
        public void Can_Authenticate_with_ApiKeyAuth_SessionCacheDuration()
        {
            apiProvider.SessionCacheDuration = TimeSpan.FromSeconds(60);

            var client = GetClientWithBearerToken(ApiKey);

            var request = new Secured {
                Name = "test"
            };
            var response = client.Send(request);

            Assert.That(response.Result, Is.EqualTo(request.Name));

            //Does not preserve UserSession
            var newClient = GetClient();

            newClient.SetSessionId(client.GetSessionId());
            try
            {
                response = newClient.Send(request);
                Assert.Fail("Should throw");
            }
            catch (WebServiceException webEx)
            {
                Assert.That(webEx.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
            }

            var cachedSession = appHost.GetCacheClient(null).Get <IAuthSession>(ApiKeyAuthProvider.GetSessionKey(ApiKey));

            Assert.That(cachedSession.IsAuthenticated);

            //Can call multiple times using cached UserSession
            response = client.Send(request);
            Assert.That(response.Result, Is.EqualTo(request.Name));

            apiProvider.SessionCacheDuration = null;
        }
Exemplo n.º 4
0
        public void Authenticating_once_with_CredentialsAuth_does_establish_auth_session()
        {
            var client = GetClient();

            try
            {
                client.Send(new Authenticate());
                Assert.Fail("Should throw");
            }
            catch (WebServiceException ex)
            {
                Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
            }

            client.Post(new Authenticate
            {
                provider = "credentials",
                UserName = Username,
                Password = Password,
            });

            client.Send(new Authenticate());

            var request = new Secured {
                Name = "test"
            };
            var response = client.Send(request);

            Assert.That(response.Result, Is.EqualTo(request.Name));

            var newClient = GetClient();

            newClient.SetSessionId(client.GetSessionId());
            response = newClient.Send(request);
            Assert.That(response.Result, Is.EqualTo(request.Name));
        }
Exemplo n.º 5
0
        public void Authenticating_once_with_ApiKeyAuth_BearerToken_does_not_establish_auth_session()
        {
            var client = GetClientWithBearerToken(ApiKey);

            var request = new Secured {
                Name = "test"
            };
            var response = client.Send(request);

            Assert.That(response.Result, Is.EqualTo(request.Name));

            var newClient = GetClient();

            newClient.SetSessionId(client.GetSessionId());
            try
            {
                response = newClient.Send(request);
                Assert.Fail("Should throw");
            }
            catch (WebServiceException webEx)
            {
                Assert.That(webEx.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
            }
        }
Exemplo n.º 6
0
        public void Doesnt_allow_using_expired_keys()
        {
            var client = new JsonServiceClient(ListeningOn)
            {
                Credentials = new NetworkCredential(ApiKey, ""),
            };

            var authResponse = client.Get(new Authenticate());

            var apiKeys = apiRepo.GetUserApiKeys(authResponse.UserId)
                          .Where(x => x.Environment == "test")
                          .ToList();

            var oldApiKey = apiKeys[0].Id;

            client = new JsonServiceClient(ListeningOn)
            {
                BearerToken = oldApiKey,
            };

            //Key IsValid
            var request = new Secured {
                Name = "live"
            };
            var response = client.Send(request);

            Assert.That(response.Result, Is.EqualTo(request.Name));

            apiKeys[0].ExpiryDate = DateTime.UtcNow.AddMinutes(-1);
            apiRepo.StoreAll(new[] { apiKeys[0] });

            try
            {
                //Key is no longer valid
                client.Get(new GetApiKeys {
                    Environment = "test"
                });
                Assert.Fail("Should throw");
            }
            catch (WebServiceException ex)
            {
                Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Forbidden));
            }

            client = new JsonServiceClient(ListeningOn)
            {
                Credentials = new NetworkCredential(ApiKey, ""),
            };
            var regenResponse = client.Send(new RegenerateApiKeys {
                Environment = "test"
            });

            //Change to new Valid Key
            client.BearerToken = regenResponse.Results[0].Key;
            var apiKeyResponse = client.Get(new GetApiKeys {
                Environment = "test"
            });

            Assert.That(regenResponse.Results.Map(x => x.Key), Is.EquivalentTo(
                            apiKeyResponse.Results.Map(x => x.Key)));
        }