/// <summary>
/// Initializes a new instance of the <see cref="UserInfoEndpointController"/> class.
/// </summary>
/// <param name="options">The options.</param>
/// <param name="tokenValidator">The token validator.</param>
/// <param name="generator">The generator.</param>
/// <param name="tokenUsageValidator">The token usage validator.</param>
/// <param name="events">The event service</param>
public UserInfoEndpointController(IdentityServerOptions options, TokenValidator tokenValidator, UserInfoResponseGenerator generator, BearerTokenUsageValidator tokenUsageValidator, IEventService events)
{
_tokenValidator = tokenValidator;
_generator = generator;
_options = options;
_tokenUsageValidator = tokenUsageValidator;
_events = events;
}
public async Task No_Header_no_Body_Post()
{
var ctx = new OwinContext();
ctx.Request.Method = "POST";
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(ctx);
result.TokenFound.Should().BeFalse();
}
public async Task No_Header_no_Body_Get()
{
var request = new HttpRequestMessage();
request.Method = HttpMethod.Get;
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(request);
result.TokenFound.Should().BeFalse();
}
public async Task Empty_Bearer_Scheme_Header()
{
var ctx = new OwinContext();
ctx.Request.Method = "GET";
ctx.Request.Headers.Add("Authorization", new string[] { "Bearer" });
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(ctx);
result.TokenFound.Should().BeFalse();
}
public async Task Empty_Bearer_Scheme_Header()
{
var request = new HttpRequestMessage();
request.Method = HttpMethod.Get;
request.Headers.Add("Authorization", "Bearer");
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(request);
result.TokenFound.Should().BeFalse();
}
public async Task No_Header_no_Body_Post()
{
var request = new HttpRequestMessage();
request.Method = HttpMethod.Post;
request.Content = new FormUrlEncodedContent(new Dictionary<string, string>());
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(request);
result.TokenFound.Should().BeFalse();
}
public async Task Body_Post_no_Token()
{
var ctx = new OwinContext();
ctx.Request.Method = "POST";
ctx.Request.ContentType = "application/x-www-form-urlencoded";
var body = "foo=bar";
ctx.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body));
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(ctx);
result.TokenFound.Should().BeFalse();
}
public async Task Valid_Body_Post()
{
var ctx = new OwinContext();
ctx.Request.Method = "POST";
ctx.Request.ContentType = "application/x-www-form-urlencoded";
var body = "access_token=token";
ctx.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body));
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(ctx);
result.TokenFound.Should().BeTrue();
result.Token.Should().Be("token");
result.UsageType.Should().Be(BearerTokenUsageType.PostBody);
}
public async Task Valid_Bearer_Scheme_Header()
{
var ctx = new OwinContext();
ctx.Request.Method = "GET";
ctx.Request.Headers.Add("Authorization", new string[] { "Bearer token" });
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(ctx);
result.TokenFound.Should().BeTrue();
result.Token.Should().Be("token");
result.UsageType.Should().Be(BearerTokenUsageType.AuthorizationHeader);
}
public async Task Body_Post_Whitespace_Token()
{
var request = new HttpRequestMessage();
request.Method = HttpMethod.Post;
request.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
{ "access_token", " " }
});
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(request);
result.TokenFound.Should().BeFalse();
}
public async Task Valid_Body_Post()
{
var request = new HttpRequestMessage();
request.Method = HttpMethod.Post;
request.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
{ "access_token", "token" }
});
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(request);
result.TokenFound.Should().BeTrue();
result.Token.Should().Be("token");
result.UsageType.Should().Be(BearerTokenUsageType.PostBody);
}
public async Task Valid_Bearer_Scheme_Header()
{
var request = new HttpRequestMessage();
request.Method = HttpMethod.Get;
request.Headers.Add("Authorization", "Bearer token");
var validator = new BearerTokenUsageValidator();
var result = await validator.ValidateAsync(request);
result.TokenFound.Should().BeTrue();
result.Token.Should().Be("token");
result.UsageType.Should().Be(BearerTokenUsageType.AuthorizationHeader);
}
