public void ValidRequestMultipleScope()
{
var validator = new AuthorizeRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
scope = "read search",
redirect_uri = "https://prod.local"
};
var result = validator.Validate(app, request);
}
public void ValidRequestMultipleScope()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "read browse",
redirect_uri = "https://test2.local"
};
var result = validator.Validate(app, request);
}
public void NoParameters()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
try
{
var result = validator.Validate(app, null);
}
catch (AuthorizeRequestClientException ex)
{
Assert.IsTrue(ex.Error == OAuthConstants.Errors.InvalidRequest);
return;
}
Assert.Fail("No exception thrown.");
}
public void NoParameters()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
try
{
var result = validator.Validate(app, null);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
// todo: inspect exception
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingRedirectUri()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
scope = "read"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
// todo: check error code
return;
}
Assert.Fail("No exception thrown.");
}
public void DisabledClient()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "disabledclient",
response_type = "code",
scope = "read",
redirect_uri = "https://prod.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedRedirectUri()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "read",
redirect_uri = "https://unauthorized.com"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
// todo: check error code
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedResponseType()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "code",
scope = "read",
redirect_uri = "https://test2.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.IsTrue(ex.Error == OAuthConstants.Errors.UnsupportedResponseType);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedScopeMultiple()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "implicitclient",
response_type = "token",
scope = "read write",
redirect_uri = "https://test2.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.Error);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedResponseType()
{
var validator = new AuthorizeRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "token",
scope = "read",
redirect_uri = "https://prod.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnsupportedResponseType, ex.Error);
return;
}
Assert.Fail("No exception thrown.");
}
public void NonSslRedirectUri()
{
var validator = new AuthorizeRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
scope = "read",
redirect_uri = "http://prod.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestClientException ex)
{
Assert.IsTrue(ex.Error == OAuthConstants.Errors.InvalidRequest);
return;
}
Assert.Fail("No exception thrown.");
}
public void MalformedRedirectUri1()
{
var validator = new AuthorizeRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new AuthorizeRequest
{
client_id = "codeclient",
response_type = "code",
scope = "read",
redirect_uri = "https:/prod.local"
};
try
{
var result = validator.Validate(app, request);
}
catch (AuthorizeRequestResourceOwnerException ex)
{
// todo: check error code
return;
}
Assert.Fail("No exception thrown.");
}