public async Task TenantChangedRequest() { MockTransportBuilder builder = new MockTransportBuilder { AccessTokenLifetime = TimeSpan.Zero, }; MockTransport transport = builder.Build(); SecretClientOptions options = new SecretClientOptions { Transport = transport, }; MockCredential credential = new MockCredential(transport); SecretClient client = new SecretClient(VaultUri, credential, options); KeyVaultSecret secret = await client.GetSecretAsync("test-secret").ConfigureAwait(false); Assert.AreEqual("secret-value", secret.Value); builder.TenantId = "de763a21-49f7-4b08-a8e1-52c8fbc103b4"; try { await client.GetSecretAsync("test-secret").ConfigureAwait(false); Assert.Fail("Expected a 401 Unauthorized response"); } catch (RequestFailedException ex) when(ex.Status == 401) { } }
public void Setup() { expectedTenantId = null; cred = new MockCredential { GetTokenCallback = (trc, _) => { Assert.AreEqual(scopes, trc.Scopes); Assert.AreEqual(expectedTenantId, trc.TenantId); } }; }
public async Task ContainerRegistryChallengeAuthenticationPolicy_CachesRefreshToken() { // Arrange int refreshTokenRequests = 0; int accessTokenRequests = 0; string mockJwt = GetMockJwt(TimeSpan.FromHours(3)); // We expect the refresh token request method to be called only the first time. MockAuthenticationClient mockClient = new MockAuthenticationClient( service => { refreshTokenRequests++; return(new AcrRefreshToken(mockJwt)); }, (service, scope) => { accessTokenRequests++; return(new AcrAccessToken($"TestAcrAccessToken{accessTokenRequests}")); }); MockCredential mockCredential = new MockCredential(); var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient); // We'll send two GET requests - each will receive a challenge response MockTransport transport = CreateMockTransport( GetChallengeResponse(), new MockResponse(200), GetChallengeResponse(), new MockResponse(200)); // Act await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default); MockRequest firstRequest = transport.Requests[0]; // Assert string authHeaderValue; Assert.IsTrue(firstRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue)); Assert.AreEqual("Bearer TestAcrAccessToken1", authHeaderValue); Assert.AreEqual(1, refreshTokenRequests); Assert.AreEqual(1, accessTokenRequests); // Act await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default); MockRequest secondRequest = transport.Requests[2]; // Assert Assert.IsTrue(secondRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue)); Assert.AreEqual("Bearer TestAcrAccessToken2", authHeaderValue); Assert.AreEqual(1, refreshTokenRequests); Assert.AreEqual(2, accessTokenRequests); }
public async Task ContainerRegistryChallengeAuthenticationPolicy_RequestsTokenOnForceRefresh() { // Arrange int refreshTokenRequests = 0; int accessTokenRequests = 0; MockAuthenticationClient mockClient = new MockAuthenticationClient( service => { refreshTokenRequests++; return(new AcrRefreshToken(GetMockJwt(TimeSpan.FromHours(3)))); }, (service, scope) => { accessTokenRequests++; return(new AcrAccessToken($"TestAcrAccessToken{accessTokenRequests}")); }); MockCredential mockCredential = new MockCredential(); var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient); // Getting a different service name will invalidate the token and force a refresh. MockTransport transport = CreateMockTransport( GetChallengeResponse("example1"), new MockResponse(200), GetChallengeResponse("example2"), new MockResponse(200)); // Act await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default); MockRequest firstRequest = transport.Requests[0]; // Assert string authHeaderValue; Assert.IsTrue(firstRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue)); Assert.AreEqual("Bearer TestAcrAccessToken1", authHeaderValue); Assert.AreEqual(1, refreshTokenRequests); Assert.AreEqual(1, accessTokenRequests); // Act await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default); MockRequest secondRequest = transport.Requests[2]; // Assert Assert.IsTrue(secondRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue)); Assert.AreEqual("Bearer TestAcrAccessToken2", authHeaderValue); Assert.AreEqual(2, refreshTokenRequests); Assert.AreEqual(2, accessTokenRequests); }
public async Task ContainerRegistryChallengeAuthenticationPolicy_UsesTokenProvidedByAuthClient() { MockAuthenticationClient mockClient = GetMockAuthClient(); MockCredential mockCredential = new MockCredential(); var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient); MockTransport transport = CreateMockTransport(GetChallengeResponse(), new MockResponse(200)); await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default); MockRequest request = transport.Requests[0]; Assert.IsTrue(request.Headers.TryGetValue(HttpHeader.Names.Authorization, out string authHeaderValue)); Assert.AreEqual("Bearer TestAcrAccessToken", authHeaderValue); }
public void Setup() { int callCount = 0; _expectedTenantId = null; _cred = new MockCredential { GetTokenCallback = (trc, _) => { ++callCount; Assert.AreEqual(_scopes, trc.Scopes); Assert.AreEqual(_expectedTenantId, trc.TenantId); // Validate that the token cache is working. Assert.That(callCount, Is.LessThanOrEqualTo(1)); } }; }
public async Task UsesScopeFromBearerChallange() { // Arrange bool firstRequest = true; string initialMismatchedScope = "https://disk.compute.azure.com/.default"; string serviceChallengeResponseScope = "https://storage.azure.com"; string[] initialMismatchedScopes = new string[] { initialMismatchedScope }; string[] serviceChallengeResponseScopes = new string[] { serviceChallengeResponseScope + "/.default" }; int callCount = 0; MockCredential mockCredential = new MockCredential() { GetTokenCallback = (trc, _) => { Assert.IsTrue(callCount <= 1); Assert.AreEqual(serviceChallengeResponseScopes, trc.Scopes); callCount++; } }; StorageBearerTokenChallengeAuthorizationPolicy tokenChallengeAuthorizationPolicy = new StorageBearerTokenChallengeAuthorizationPolicy(mockCredential, initialMismatchedScopes, enableTenantDiscovery: true); MockResponse challengeResponse = new MockResponse((int)HttpStatusCode.Unauthorized); challengeResponse.AddHeader( new HttpHeader( HttpHeader.Names.WwwAuthenticate, $"Bearer authorization_uri=https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize resource_id={serviceChallengeResponseScope}")); MockTransport transport = CreateMockTransport( _ => { MockResponse response = firstRequest switch { true => challengeResponse, false => new MockResponse(200) }; firstRequest = false; return(response); }); // Act await SendGetRequest(transport, tokenChallengeAuthorizationPolicy, uri : new Uri("https://example.com")); await SendGetRequest(transport, tokenChallengeAuthorizationPolicy, uri : new Uri("https://example.com")); }
public async Task GeneratesPhoneNumberClientUsingTokenCredential(string?locale) { TokenCredential tokenCredential; if (Mode == RecordedTestMode.Playback) { tokenCredential = new MockCredential(); } else { tokenCredential = new DefaultAzureCredential(); } var client = CreateClientWithTokenCredential(tokenCredential); // Smoke test to ensure that client generated from token is able to work as expected. var numbersPagable = client.GetAllPhoneNumbersAsync(); var numbers = await numbersPagable.ToEnumerableAsync(); Assert.IsNotNull(numbers); }
public async Task ChallengePolicySetsToken() { MockAuthenticationClient mockClient = new MockAuthenticationClient(); MockCredential mockCredential = new MockCredential(); var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient); var challengeResponse = new MockResponse(401); string challenge = "Bearer realm=\"https://example.azurecr.io/oauth2/token\",service=\"example.azurecr.io\",scope=\"repository:library/hello-world:metadata_read\",error=\"invalid_token\""; challengeResponse.AddHeader(new HttpHeader(HttpHeader.Names.WwwAuthenticate, challenge)); MockTransport transport = CreateMockTransport(challengeResponse, new MockResponse(200)); await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default); MockRequest request = transport.Requests[0]; Assert.IsTrue(request.Headers.TryGetValue(HttpHeader.Names.Authorization, out string authHeaderValue)); Assert.AreEqual("Bearer TestAcrAccessToken", authHeaderValue); }
public async Task GeneratesIdentityUsingTokenCredentialWithScopes(params string[] scopes) { TokenCredential tokenCredential; if (Mode == RecordedTestMode.Playback) { tokenCredential = new MockCredential(); } else { tokenCredential = new DefaultAzureCredential(); } CommunicationIdentityClient client = CreateInstrumentedCommunicationIdentityClientWithToken(tokenCredential); Response <CommunicationUserIdentifier> userResponse = await client.CreateUserAsync(); Response <CommunicationUserToken> tokenResponse = await client.IssueTokenAsync(userResponse.Value, scopes : scopes.Select(x => new CommunicationTokenScope(x))); Assert.IsNotNull(tokenResponse.Value); Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.Token)); Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.User.Id)); }
public SmsClient CreateSmsClientWithToken() { Uri endpoint = TestEnvironment.LiveTestEndpoint; TokenCredential tokenCredential; if (Mode == RecordedTestMode.Playback) { tokenCredential = new MockCredential(); } else { #region Snippet:Azure_Communication_Sms_Tests_Samples_CreateSmsClientWithToken //@@ string endpoint = "<endpoint_url>"; //@@ TokenCredential tokenCredential = new DefaultAzureCredential(); /*@@*/ tokenCredential = new DefaultAzureCredential(); //@@ SmsClient client = new SmsClient(new Uri(endpoint), tokenCredential); #endregion Snippet:Azure_Communication_Sms_Tests_Samples_CreateSmsClientWithToken } SmsClient client = new SmsClient(endpoint, tokenCredential, CreateSmsClientOptionsWithCorrelationVectorLogs()); return(InstrumentClient(client)); }
public async Task SendingSmsMessageUsingTokenCredential() { TokenCredential tokenCredential; if (Mode == RecordedTestMode.Playback) { tokenCredential = new MockCredential(); } else { tokenCredential = new DefaultAzureCredential(); } SmsClient client = InstrumentClient( new SmsClient( new Uri(ConnectionString.Parse(TestEnvironment.ConnectionString, allowEmptyValues: true).GetRequired("endpoint")), tokenCredential, InstrumentClientOptions(new SmsClientOptions()))); try { SmsSendResult result = await client.SendAsync( from : TestEnvironment.FromPhoneNumber, to : TestEnvironment.ToPhoneNumber, message : "Hi"); Console.WriteLine($"Sms id: {result.MessageId}"); Assert.IsFalse(string.IsNullOrWhiteSpace(result.MessageId)); Assert.AreEqual(202, result.HttpStatusCode); Assert.IsTrue(result.Successful); } catch (RequestFailedException ex) { Console.WriteLine(ex.Message); } catch (Exception ex) { Assert.Fail($"Unexpected error: {ex}"); } }
/// <summary> /// Creates a <see cref="CallingServerClient" />. /// </summary> /// <returns>The instrumented <see cref="CallingServerClient"/>.</returns> protected CallingServerClient CreateInstrumentedCallingServerClientWithToken() { Uri endpoint = TestEnvironment.LiveTestStaticEndpoint; TokenCredential tokenCredential; if (Mode == RecordedTestMode.Playback) { tokenCredential = new MockCredential(); } else { tokenCredential = new DefaultAzureCredential(); #region Snippet:Azure_Communication_CallingServer_Tests_Samples_CreateCallingServerClientWithToken //@@ var endpoint = new Uri("https://my-resource.communication.azure.com"); //@@ TokenCredential tokenCredential = new DefaultAzureCredential(); //@@ var client = new CallingServerClient(endpoint, tokenCredential); #endregion Snippet:Azure_Communication_CallingServer_Tests_Samples_CreateCallingServerClientWithToken } CallingServerClient client = new CallingServerClient(endpoint, tokenCredential, CreateServerCallingClientOptionsWithCorrelationVectorLogs()); return(InstrumentClient(client)); }
public async Task SendingSmsMessageUsingTokenCredential() { TokenCredential tokenCredential; if (Mode == RecordedTestMode.Playback) { tokenCredential = new MockCredential(); } else { tokenCredential = new DefaultAzureCredential(); } SmsClient client = InstrumentClient( new SmsClient( TestEnvironment.LiveTestEndpoint, tokenCredential, InstrumentClientOptions(new SmsClientOptions()))); try { SmsSendResult result = await client.SendAsync( from : TestEnvironment.FromPhoneNumber, to : TestEnvironment.ToPhoneNumber, message : "Hi"); Console.WriteLine($"Sms id: {result.MessageId}"); assertHappyPath(result); } catch (RequestFailedException ex) { Console.WriteLine(ex.Message); Assert.Fail($"Unexpected error: {ex}"); } catch (Exception ex) { Assert.Fail($"Unexpected error: {ex}"); } }
public async Task ContainerRegistryChallengeAuthenticationPolicy_RefreshesRefreshToken() { // Arrange int refreshTokenRequests = 0; int accessTokenRequests = 0; TimeSpan refreshOffset = TimeSpan.FromSeconds(30); TimeSpan expiryTime = TimeSpan.FromSeconds(35); string mockJwt = GetMockJwt(expiryTime); // We expect the refresh token request method to be called the first and third times. MockAuthenticationClient mockClient = new MockAuthenticationClient( service => { refreshTokenRequests++; return(new AcrRefreshToken(mockJwt)); }, (service, scope) => { accessTokenRequests++; return(new AcrAccessToken($"TestAcrAccessToken{accessTokenRequests}")); }); MockCredential mockCredential = new MockCredential(); // Set expiration 5 seconds longer than refresh time. Result should be that it tries to refresh in 5 seconds. var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient, tokenRefreshOffset: refreshOffset); // We'll send three GET requests - each will receive a challenge response // In the last one, the token will need to be refreshed so a new request for it will be sent MockTransport transport = CreateMockTransport( GetChallengeResponse(), new MockResponse(200), GetChallengeResponse(), new MockResponse(200), GetChallengeResponse(), new MockResponse(200)); // Act await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default); MockRequest firstRequest = transport.Requests[0]; // Assert string authHeaderValue; Assert.IsTrue(firstRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue)); Assert.AreEqual("Bearer TestAcrAccessToken1", authHeaderValue); Assert.AreEqual(1, refreshTokenRequests); Assert.AreEqual(1, accessTokenRequests); // Act await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default); MockRequest secondRequest = transport.Requests[2]; // Assert Assert.IsTrue(secondRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue)); Assert.AreEqual("Bearer TestAcrAccessToken2", authHeaderValue); Assert.AreEqual(1, refreshTokenRequests); Assert.AreEqual(2, accessTokenRequests); // Act await Task.Delay(expiryTime - refreshOffset); await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default); MockRequest thirdRequest = transport.Requests[4]; // Wait for bg thread to complete its refresh request. await Task.Delay(TimeSpan.FromSeconds(1)); // Assert Assert.IsTrue(thirdRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue)); Assert.AreEqual("Bearer TestAcrAccessToken3", authHeaderValue); Assert.AreEqual(2, refreshTokenRequests); Assert.AreEqual(3, accessTokenRequests); }