public void InvalidClientIdReturnsOAUTHError()
{
var formCollection = new FormCollection
{
{"client_id", ""},
{"client_secret", ""},
{"grant_type", ""},
{"refresh_token", ""},
{"code", ""}
};
HttpContextBase context = Mocking.FakeHttpContext();
var loginServiceMock = new Mock<ILoginService>();
var controller = new TokenController(loginServiceMock.Object);
controller.ControllerContext = new ControllerContext(context, new RouteData(), controller);
var result = (JsonResult)controller.Index(formCollection);
Assert.AreEqual(400, context.Response.StatusCode);
Assert.IsInstanceOf(typeof(Error), result.Data);
var error = (Error)result.Data;
Assert.AreEqual(400, error.status);
Assert.AreEqual("", error.error_uri);
Assert.AreEqual("client is not registered", error.error_description);
Assert.AreEqual("invalid_client", error.error);
}
public void ValidRefreshCodeReturnsToken()
{
var formCollection = new FormCollection
{
{"client_id", _client_id},
{"client_secret", _client_secret},
{"grant_type", "refresh_token"},
{"refresh_token", _refresh_token}
};
HttpContextBase context = Mocking.FakeHttpContext();
var loginServiceMock = new Mock<ILoginService>();
loginServiceMock.Setup(m => m.Login(It.IsAny<string>(), It.IsAny<string>())).Returns(
new ApiLogOnResponseDTO
{
AllowedAccountOperator = true,
PasswordChangeRequired = false,
Session = _session
});
var controller = new TokenController(loginServiceMock.Object);
controller.ControllerContext = new ControllerContext(context, new RouteData(), controller);
var result = (JsonResult)controller.Index(formCollection);
Assert.IsInstanceOf(typeof(AccessToken), result.Data);
var token = (AccessToken)result.Data;
Assert.AreEqual(string.Format("{0}:{1}", _username, _session), token.access_token);
Assert.AreEqual(_refresh_token, token.refresh_token);
Assert.AreEqual("bearer", token.token_type);
}
public void ValidRefreshCodeButBadCredentialsReturnsError()
{
var formCollection = new FormCollection
{
{"client_id", _client_id},
{"client_secret", _client_secret},
{"grant_type", "refresh_token"},
{"refresh_token", _refresh_token}
};
HttpContextBase context = Mocking.FakeHttpContext();
var loginServiceMock = new Mock<ILoginService>();
loginServiceMock.Setup(m => m.Login(It.IsAny<string>(), It.IsAny<string>())).Throws(
new InvalidCredentialsException("Invalid"));
var controller = new TokenController(loginServiceMock.Object);
controller.ControllerContext = new ControllerContext(context, new RouteData(), controller);
var result = (JsonResult)controller.Index(formCollection);
Assert.AreEqual(401, context.Response.StatusCode);
Assert.IsInstanceOf(typeof(Error), result.Data);
var error = (Error)result.Data;
Assert.AreEqual(401, error.status);
Assert.AreEqual("", error.error_uri);
Assert.AreEqual("Invalid Username or Password", error.error_description);
Assert.AreEqual("invalid_request", error.error);
}
public void ValidRefreshCodeButPasswordChangeRequiredReturnsError()
{
var formCollection = new FormCollection
{
{"client_id", _client_id},
{"client_secret", _client_secret},
{"grant_type", "refresh_token"},
{"refresh_token", _refresh_token}
};
HttpContextBase context = Mocking.FakeHttpContext();
var loginServiceMock = new Mock<ILoginService>();
loginServiceMock.Setup(m => m.Login(It.IsAny<string>(), It.IsAny<string>())).Returns(
new ApiLogOnResponseDTO
{
AllowedAccountOperator = true,
PasswordChangeRequired = true,
Session = _session
});
var controller = new TokenController(loginServiceMock.Object);
controller.ControllerContext = new ControllerContext(context, new RouteData(), controller);
var result = (JsonResult)controller.Index(formCollection);
Assert.AreEqual(400, context.Response.StatusCode);
Assert.IsInstanceOf(typeof(Error), result.Data);
var error = (Error)result.Data;
Assert.AreEqual(400, error.status);
Assert.AreEqual("", error.error_uri);
Assert.AreEqual("password change required", error.error_description);
Assert.AreEqual("invalid_request", error.error);
}
public void ValidCodeReturnsToken()
{
var formCollection = new FormCollection
{
{"client_id", _client_id},
{"client_secret", _client_secret},
{"grant_type", "authorization_code"},
{"code", "JpstAC9GbwGop5FiEqfs3Q=="}
};
HttpContextBase context = Mocking.FakeHttpContext();
var loginServiceMock = new Mock<ILoginService>();
var controller = new TokenController(loginServiceMock.Object);
controller.ControllerContext = new ControllerContext(context, new RouteData(), controller);
var result = (JsonResult)controller.Index(formCollection);
Assert.IsInstanceOf(typeof(AccessToken), result.Data);
var token = (AccessToken)result.Data;
Assert.AreEqual("foo:session", token.access_token);
Assert.AreEqual(_refresh_token, token.refresh_token);
Assert.AreEqual("bearer", token.token_type);
}