Пример #1
0
        public void TestOauthStolenAppId(ApplicationType appType)
        {
            InitApiHelpers(appType);
            var defaultAppInfo = GetDefaultApplication(appType);

            using (var appInfo = AuthenticationInfoProvider.Current.Manager.GetApplication(
                       new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "app_stolen")))
            {
                // Oauth
                APITestFramework.Resources.PublicAPI.Authentication auth = oAuthAPI.GetCodeSuccess(appInfo.Key, "code_direct");
                Assume.That(auth, Is.Not.Null, "Failed to parse the server's response");
                if (appType == ApplicationType.SecondParty)
                {
                    Assume.That(auth.Error, Is.EqualTo(Enums.PublicAPIAuthCode.Success.ToString()), auth.Message);

                    // Access Token
                    auth = tokenAPI.AccessTokenSuccess(appInfo.Key, "oauth_code", defaultAppInfo.Secret, auth.Code);
                    Assert.That(auth, Is.Not.Null, "Failed to parse the server's response");
                    Assert.That(auth.Error, Is.EqualTo(Enums.PublicAPIAuthCode.SecretInvalid.ToString()), auth.Message);
                }
                else
                {
                    Assert.That(auth.Error, Is.EqualTo(Enums.PublicAPIAuthCode.ResponseTypeInvalid.ToString()), "Wrong error message for oauth call for 3rd party app.");
                }
            }
        }
Пример #2
0
        private string GetAccessToken(string tokenType, ApplicationType appType)
        {
            var appInfo = GetDefaultApplication(appType);

            switch (tokenType)
            {
            case "random": return(Util.GetUniqueString(StolenToken.Length, false));

            case "expired":
                APITestFramework.Resources.PublicAPI.Authentication auth =
                    Authenticate(appInfo.Key, appInfo.Secret, appType);
                Thread.Sleep(int.Parse(auth.AccessTokenExpiresIn));
                return(auth.AccessToken);

            case "overridden":
                auth = Authenticate(appInfo.Key, appInfo.Secret, appType);
                string result = auth.AccessToken;
                auth = Authenticate(appInfo.Key, appInfo.Secret, appType);
                return(result);

            case "stolen": return(StolenToken);

            case "empty": return(string.Empty);
            }
            return(null);
        }
Пример #3
0
        public void TestOauthInvalidAppId(string type, object errorCode, ApplicationType appType)
        {
            InitApiHelpers(appType);

            Dictionary <string, object> oauthParams = new Dictionary <string, object>()
            {
            };

            oauthParams.Add("response_type", "code_direct");

            switch (type)
            {
            case "Invalid":
                oauthParams.Add("app_id", "9d02c2aa122f971ee25bd9eb04880123");
                break;

            case "Sequential":
                oauthParams.Add("app_id", Util.GetMd5Hash(Util.GetUniqueString(10, true)));
                break;

            default:
                break;
            }

            Handler handler = oAuthAPI.Read(oauthParams);

            Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");

            APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
            Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
            Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message);
        }
Пример #4
0
        private APITestFramework.Resources.PublicAPI.Authentication Authenticate(string appId, string secret, ApplicationType apptype, List <string> scope = null)
        {
            APITestFramework.Resources.PublicAPI.Authentication auth = GetAndValidateOAuthCode(appId, apptype);

            auth = tokenAPI.AccessTokenSuccess(appId, "oauth_code", secret, auth.Code);
            Assume.That(auth, Is.Not.Null, "Getting an access token from TokenAPI is not successful!");
            Assume.That(auth.Error, Is.EqualTo(Enums.PublicAPIResultCode.Success.ToString()), "Getting an access token from TokenAPI is not successful!");
            Assume.That(auth.AccessToken, Is.Not.Null.And.Not.Empty, "Getting an access token from TokenAPI is not successful!");
            return(auth);
        }
Пример #5
0
        public void TestInjection(string param, object errorCode, ApplicationType appType)
        {
            InitApiHelpers(appType);

            using (var appInfo = AuthenticationInfoProvider.Current.Manager.GetApplication(
                       new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "full_scope")))
            {
                Dictionary <string, object> oauthParams = new Dictionary <string, object>()
                {
                };

                switch (param)
                {
                case "AppId":
                    oauthParams.Add("app_id", "' or 1=1");
                    oauthParams.Add("response_type", "code_direct");
                    break;

                case "redirect_url":
                    oauthParams.Add("app_id", appInfo.Key);
                    oauthParams.Add("redirect_url", "' or 1=1");
                    oauthParams.Add("scope", "client_r");
                    oauthParams.Add("response_type", "code");
                    //oauthParams.Add("state", "0");
                    break;

                case "scope":
                    oauthParams.Add("app_id", appInfo.Key);
                    oauthParams.Add("scope", "' or 1=1");
                    oauthParams.Add("response_type", "code_direct");
                    break;

                case "state":
                    oauthParams.Add("app_id", appInfo.Key);
                    oauthParams.Add("state", "' or 1=1");
                    oauthParams.Add("response_type", "code_direct");
                    break;

                case "response_type":
                    oauthParams.Add("app_id", appInfo.Key);
                    oauthParams.Add("response_type", "' or 1=1");
                    break;
                }

                Handler handler = oAuthAPI.Read(oauthParams);
                Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");

                APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
                Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
                Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message);
            }
        }
Пример #6
0
        public void TestOauthValidInput(string redirect_url, string scope, string state, string response_type, ApplicationType appType)
        {
            InitApiHelpers(appType);
            var appInfo = GetDefaultApplication(appType);

            Dictionary <string, object> oauthParams = new Dictionary <string, object>()
            {
            };

            oauthParams.Add("app_id", appInfo.Key);

            if (null != redirect_url)
            {
                oauthParams.Add("redirect_url", redirect_url);
            }

            if (null != scope)
            {
                oauthParams.Add("scope", scope);
            }

            if (null != state)
            {
                oauthParams.Add("state", state);
            }

            if (null != response_type)
            {
                oauthParams.Add("response_type", response_type);
            }

            Handler handler = oAuthAPI.Read(oauthParams);

            Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");

            APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
            Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
            if (response_type == "code_direct" && appType == ApplicationType.ThirdParty)
            {
                Assert.That(int.Parse(result.Error), Is.EqualTo(Enums.PublicAPIAuthCode.ResponseTypeInvalid), "Wrong error code. Received message: '" + result.Message + "', while expected 'Invalid Response Type' ");
            }
            else
            {
                Assert.That(int.Parse(result.Error), Is.EqualTo(Enums.PublicAPIAuthCode.Success), result.Message);
            }
        }
Пример #7
0
        private APITestFramework.Resources.PublicAPI.Authentication GetAndValidateOAuthCode(string appId, ApplicationType apptype, List <string> scope = null)
        {
            if (apptype == ApplicationType.SecondParty)
            {
                APITestFramework.Resources.PublicAPI.Authentication auth = oAuthAPI.GetCodeSuccess(appId, "code_direct", scopeList: scope);
                Assume.That(auth, Is.Not.Null, "Getting code from OAuth is not successful!");
                Assume.That(auth.Error, Is.EqualTo(Enums.PublicAPIResultCode.Success.ToString()), "Getting code from OAuth is not successful!");
                Assume.That(auth.Code, Is.Not.Null.And.Not.Empty, "Getting code from OAuth is not successful!");
                return(auth);
            }

            var subscriber = new ApplicationSubscriber();

            Assert.That(subscriber.Subscribe(appId, ApplicationSubscriber.DefaultRedirectUrl, FullScope, AuthenticationInfoProvider.Current.DefaultCompanyName,
                                             AuthenticationInfoProvider.Current.DefaultUserLogin,
                                             AuthenticationInfoProvider.Current.DefaultUserPassword), Is.EqualTo(AuthResponseCode.Success));
            return(new APITestFramework.Resources.PublicAPI.Authentication {
                Code = subscriber.ResultOauthCode
            });
        }
Пример #8
0
        public void TestUseRefreshTokenToAccessPublicApi(ApplicationType appType)
        {
            InitHelpers(appType);
            var appInfo = GetDefaultApplication(appType);

            APITestFramework.Resources.PublicAPI.Authentication auth =
                Authenticate(appInfo.Key, appInfo.Secret, appType);

            Dictionary <string, object> urlParams = new Dictionary <string, object>()
            {
                ["partition"] = appInfo.Company.Partition,
            };

            Dictionary <string, string> newHeaders = new Dictionary <string, string>()
            {
                ["Content-Type"] = PublicAPIConnection.HEADER_APP_XML,
                [PublicAPIConnection.HEADER_OAUTH_TOKEN] = auth.RefreshToken
            };

            WriteClientFail(newHeaders, urlParams, Enums.PublicAPIResultCode.InvalidAccessToken);
        }
Пример #9
0
        public void TestWriteDataWithAccessTokenInUrl(ApplicationType appType)
        {
            InitHelpers(appType);
            var appInfo = GetDefaultApplication(appType);

            APITestFramework.Resources.PublicAPI.Authentication auth =
                Authenticate(appInfo.Key, appInfo.Secret, appType);

            Dictionary <string, object> urlParams = new Dictionary <string, object>()
            {
                ["partition"] = appInfo.Company.Partition,
                [PublicAPIConnection.HEADER_OAUTH_TOKEN] = auth.AccessToken
            };

            Dictionary <string, string> newHeaders = new Dictionary <string, string>()
            {
                { "Content-Type", PublicAPIConnection.HEADER_APP_XML },
            };

            WriteClientFail(newHeaders, urlParams);
        }
Пример #10
0
        public void TestAuthorizedUserReadDataInvalidPartition(ApplicationType appType)
        {
            InitHelpers(appType);
            var appInfo = GetDefaultApplication(appType);

            APITestFramework.Resources.PublicAPI.Authentication auth =
                Authenticate(appInfo.Key, appInfo.Secret, appType);

            Dictionary <string, object> urlParams = new Dictionary <string, object>()
            {
                ["partition"] = int.Parse(appInfo.Company.Partition) + 1,
                ["condition"] = "Client.P_Id=10001",
            };

            Dictionary <string, string> newHeaders = new Dictionary <string, string>()
            {
                { "Content-Type", PublicAPIConnection.HEADER_APP_XML },
                { PublicAPIConnection.HEADER_OAUTH_TOKEN, auth.AccessToken }
            };

            ReadClientFail(newHeaders, urlParams);
        }
Пример #11
0
        public void TestOauthInvalidInput(string redirect_url, string scope, string state, string response_type, object errorCode, ApplicationType appType)
        {
            InitApiHelpers(appType);
            var appInfo = GetDefaultApplication(appType);

            Dictionary <string, object> oauthParams = new Dictionary <string, object>()
            {
            };

            oauthParams.Add("app_id", appInfo.Key);

            if (null != redirect_url)
            {
                oauthParams.Add("redirect_url", redirect_url);
            }

            if (null != scope)
            {
                oauthParams.Add("scope", scope);
            }

            if (null != state)
            {
                oauthParams.Add("state", state);
            }

            if (null != response_type)
            {
                oauthParams.Add("response_type", response_type);
            }

            Handler handler = oAuthAPI.Read(oauthParams);

            Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");

            APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
            Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
            Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message);
        }
Пример #12
0
        public void TestOauthWithoutScopeRegister(string scope, string type, object errorCode, ApplicationType appType)
        {
            InitApiHelpers(appType);

            using (var appInfoRead = AuthenticationInfoProvider.Current.Manager.GetApplication(
                       new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "read_scope")))
            {
                using (var appInfoWrite = AuthenticationInfoProvider.Current.Manager.GetApplication(
                           new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "write_scope")))
                {
                    Dictionary <string, object> oauthParams = new Dictionary <string, object>()
                    {
                    };
                    oauthParams.Add("response_type", "code_direct");
                    oauthParams.Add("scope", scope);

                    string appId = string.Empty;
                    switch (type)
                    {
                    case "read":
                        appId = appInfoWrite.Key;
                        break;

                    case "write":
                        appId = appInfoRead.Key;
                        break;
                    }
                    oauthParams.Add("app_id", appId);

                    Handler handler = oAuthAPI.Read(oauthParams);
                    Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");

                    APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
                    Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
                    Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message);
                }
            }
        }
Пример #13
0
        public void TestOauthVerifyRedirectUrlValid(ApplicationType appType)
        {
            InitApiHelpers(appType);
            var appInfo = GetDefaultApplication(appType);

            Dictionary <string, object> oauthParams = new Dictionary <string, object>()
            {
            };

            oauthParams.Add("app_id", appInfo.Key);
            oauthParams.Add("response_type", "code_direct");
            oauthParams.Add("redirect_url", "http://localhost/dummy");
            oauthParams.Add("scope", DefaultReadPermissions);

            Handler handler = oAuthAPI.Read(oauthParams);

            Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");

            APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
            Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
            Assert.That(int.Parse(result.Error), Is.EqualTo(appType == ApplicationType.SecondParty ?
                                                            Enums.PublicAPIAuthCode.Success :
                                                            Enums.PublicAPIAuthCode.ResponseTypeInvalid), "Wrong error code. Error message: " + result.Message);
        }