public void Doesnt_allow_sending_invalid_APIKeys()
{
var client = new JsonServiceClient(ListeningOn)
{
Credentials = new NetworkCredential("InvalidKey", ""),
};
var request = new Secured {
Name = "live"
};
try
{
var response = client.Send(request);
Assert.Fail("Should throw");
}
catch (WebServiceException ex)
{
Assert.That(ex.ResponseStatus.ErrorCode, Is.EqualTo("NotFound"));
Assert.That(ex.ResponseStatus.Message, Is.EqualTo("ApiKey does not exist"));
Assert.That(ex.ResponseStatus.StackTrace, Is.Not.Null);
}
}
public void Can_not_access_Secure_service_with_invalidated_token()
{
var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProvider.Name);
var token = jwtProvider.CreateJwtBearerToken(new AuthUserSession
{
UserAuthId = "1",
DisplayName = "Test",
Email = "*****@*****.**"
});
var client = GetClientWithBearerToken(token);
var request = new Secured {
Name = "test"
};
var response = client.Send(request);
Assert.That(response.Result, Is.EqualTo(request.Name));
jwtProvider.InvalidateTokensIssuedBefore = DateTime.UtcNow.AddSeconds(1);
try
{
response = client.Send(request);
Assert.Fail("Should throw");
}
catch (WebServiceException ex)
{
Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
Assert.That(ex.ErrorCode, Is.EqualTo(typeof(TokenException).Name));
}
finally
{
jwtProvider.InvalidateTokensIssuedBefore = null;
}
}
public void Can_Authenticate_with_ApiKeyAuth_SessionCacheDuration()
{
apiProvider.SessionCacheDuration = TimeSpan.FromSeconds(60);
var client = GetClientWithBearerToken(ApiKey);
var request = new Secured {
Name = "test"
};
var response = client.Send(request);
Assert.That(response.Result, Is.EqualTo(request.Name));
//Does not preserve UserSession
var newClient = GetClient();
newClient.SetSessionId(client.GetSessionId());
try
{
response = newClient.Send(request);
Assert.Fail("Should throw");
}
catch (WebServiceException webEx)
{
Assert.That(webEx.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
}
var cachedSession = appHost.GetCacheClient(null).Get <IAuthSession>(ApiKeyAuthProvider.GetSessionKey(ApiKey));
Assert.That(cachedSession.IsAuthenticated);
//Can call multiple times using cached UserSession
response = client.Send(request);
Assert.That(response.Result, Is.EqualTo(request.Name));
apiProvider.SessionCacheDuration = null;
}
public void Authenticating_once_with_CredentialsAuth_does_establish_auth_session()
{
var client = GetClient();
try
{
client.Send(new Authenticate());
Assert.Fail("Should throw");
}
catch (WebServiceException ex)
{
Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
}
client.Post(new Authenticate
{
provider = "credentials",
UserName = Username,
Password = Password,
});
client.Send(new Authenticate());
var request = new Secured {
Name = "test"
};
var response = client.Send(request);
Assert.That(response.Result, Is.EqualTo(request.Name));
var newClient = GetClient();
newClient.SetSessionId(client.GetSessionId());
response = newClient.Send(request);
Assert.That(response.Result, Is.EqualTo(request.Name));
}
public void Authenticating_once_with_ApiKeyAuth_BearerToken_does_not_establish_auth_session()
{
var client = GetClientWithBearerToken(ApiKey);
var request = new Secured {
Name = "test"
};
var response = client.Send(request);
Assert.That(response.Result, Is.EqualTo(request.Name));
var newClient = GetClient();
newClient.SetSessionId(client.GetSessionId());
try
{
response = newClient.Send(request);
Assert.Fail("Should throw");
}
catch (WebServiceException webEx)
{
Assert.That(webEx.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
}
}
public void Doesnt_allow_using_expired_keys()
{
var client = new JsonServiceClient(ListeningOn)
{
Credentials = new NetworkCredential(ApiKey, ""),
};
var authResponse = client.Get(new Authenticate());
var apiKeys = apiRepo.GetUserApiKeys(authResponse.UserId)
.Where(x => x.Environment == "test")
.ToList();
var oldApiKey = apiKeys[0].Id;
client = new JsonServiceClient(ListeningOn)
{
BearerToken = oldApiKey,
};
//Key IsValid
var request = new Secured {
Name = "live"
};
var response = client.Send(request);
Assert.That(response.Result, Is.EqualTo(request.Name));
apiKeys[0].ExpiryDate = DateTime.UtcNow.AddMinutes(-1);
apiRepo.StoreAll(new[] { apiKeys[0] });
try
{
//Key is no longer valid
client.Get(new GetApiKeys {
Environment = "test"
});
Assert.Fail("Should throw");
}
catch (WebServiceException ex)
{
Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Forbidden));
}
client = new JsonServiceClient(ListeningOn)
{
Credentials = new NetworkCredential(ApiKey, ""),
};
var regenResponse = client.Send(new RegenerateApiKeys {
Environment = "test"
});
//Change to new Valid Key
client.BearerToken = regenResponse.Results[0].Key;
var apiKeyResponse = client.Get(new GetApiKeys {
Environment = "test"
});
Assert.That(regenResponse.Results.Map(x => x.Key), Is.EquivalentTo(
apiKeyResponse.Results.Map(x => x.Key)));
}
