示例#1
0
        public void OldAccessTokenTokenShouldNotPingSuccessfully()
        {
            // Authenticate and get an access token
            var proxy1 = new AuthorisationProxy();
            var scope = new AuthorisationScope[] { new AuthorisationScope {
                                                       ScopeType = AuthorisationScopeType.Full
                                                   } }.ToTextValues();
            var response = proxy1.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope);

            Assert.True(response.IsSuccessfull);
            Assert.NotNull(response.DataObject);
            Assert.True(response.DataObject.IsSuccessfull);
            var originalAccessToken = response.DataObject.AccessGrant.access_token;

            // Refresh the access token so the old one becomes invalid
            response = proxy1.RefreshAccessToken(response.DataObject.AccessGrant.refresh_token, scope);
            Assert.True(response.IsSuccessfull);
            Assert.NotNull(response.DataObject);
            Assert.True(response.DataObject.IsSuccessfull);

            // Now try and authenicate and access a resource with the invalidated original access token which should fail.
            var proxy2     = new AuthorisationProxy(originalAccessToken);
            var pingResult = proxy2.AuthorisationPing();

            Assert.NotNull(pingResult);
            Assert.False(pingResult.IsSuccessfull);
            //Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult.StatusCode);
            Assert.Equal(pingResult.StatusCode, HttpStatusCode.Unauthorized);
        }
示例#2
0
        public void InValidBearerTokenShouldNotPingSuccessfully()
        {
            var proxy      = new AuthorisationProxy("bogustoken");
            var pingResult = proxy.AuthorisationPing();

            Assert.NotNull(pingResult);
            Assert.False(pingResult.IsSuccessfull);
            //Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult.StatusCode);
            Assert.Equal(pingResult.StatusCode, HttpStatusCode.Unauthorized);
        }
示例#3
0
        public void ValidBearerTokenShouldPingSuccessfully()
        {
            var proxy = new AuthorisationProxy();
            var scope = new AuthorisationScope[] { new AuthorisationScope {
                                                       ScopeType = AuthorisationScopeType.Full
                                                   } }.ToTextValues();
            var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope);

            Assert.True(response.IsSuccessfull);
            Assert.True(response.DataObject.IsSuccessfull);
            proxy.BearerToken = response.DataObject.AccessGrant.access_token;
            var pingResult = proxy.AuthorisationPing();

            Assert.NotNull(pingResult);
            Assert.True(pingResult.IsSuccessfull);
        }
示例#4
0
        public void ShouldBeAbleToRefreshValidAccessToken()
        {
            var proxy = new AuthorisationProxy();
            var scope = new AuthorisationScope[] { new AuthorisationScope {
                                                       ScopeType = AuthorisationScopeType.Full
                                                   } }.ToTextValues();
            var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope);

            Assert.True(response.IsSuccessfull);
            Assert.True(response.DataObject.IsSuccessfull);
            proxy.BearerToken = response.DataObject.AccessGrant.access_token;
            var pingResult = proxy.AuthorisationPing();

            Assert.NotNull(pingResult);
            Assert.True(pingResult.IsSuccessfull);

            // Now ask for a refresh token
            var proxy2          = new AuthorisationProxy();
            var refreshResponse = proxy2.RefreshAccessToken(response.DataObject.AccessGrant.refresh_token, scope);

            Assert.NotNull(refreshResponse);
            Assert.True(refreshResponse.IsSuccessfull);
            //Assert.AreNotEqual<string>(response.DataObject.AccessGrant.access_token, refreshResponse.DataObject.AccessGrant.access_token);
            //Assert.AreEqual<string>(response.DataObject.AccessGrant.refresh_token, refreshResponse.DataObject.AccessGrant.refresh_token);
            Assert.NotEqual(response.DataObject.AccessGrant.access_token, refreshResponse.DataObject.AccessGrant.access_token);
            Assert.Equal(refreshResponse.DataObject.AccessGrant.refresh_token, response.DataObject.AccessGrant.refresh_token);

            // Now check the access token after refresh works
            var proxy3      = new AuthorisationProxy(refreshResponse.DataObject.AccessGrant.access_token);
            var pingResult2 = proxy3.AuthorisationPing();

            Assert.NotNull(pingResult2);
            Assert.True(pingResult2.IsSuccessfull);

            // And finally ensure the previous access token (before refresh is invalid)

            var proxy4      = new AuthorisationProxy(response.DataObject.AccessGrant.access_token);
            var pingResult3 = proxy4.AuthorisationPing();

            Assert.NotNull(pingResult3);
            Assert.False(pingResult3.IsSuccessfull);
            //Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult3.StatusCode);
            Assert.Equal(pingResult3.StatusCode, HttpStatusCode.Unauthorized);
        }