public void DuplicatePrefixToBypassLookup()
{
string prefixToBypassLookup = "test:";
// Set a duplicate PrefixToBypassLookup on 2 items already existing in the list should throw exception InvalidOperationException
Config.ClaimTypes.Where(x => !String.IsNullOrEmpty(x.ClaimType)).Take(2).Select(x => x.PrefixToBypassLookup = prefixToBypassLookup).ToList();
Assert.Throws <InvalidOperationException>(() => Config.Update(), $"Set a duplicate PrefixToBypassLookup on 2 items already existing in the list should throw exception InvalidOperationException with this message: \"{ConfigUpdateErrorMessage}\"");
// Set a PrefixToBypassLookup on an existing item and add a new item with the same PrefixToBypassLookup should throw exception InvalidOperationException
var firstCTConfig = Config.ClaimTypes.FirstOrDefault(x => !String.IsNullOrEmpty(x.ClaimType));
firstCTConfig.PrefixToBypassLookup = prefixToBypassLookup;
ClaimTypeConfig ctConfig = new ClaimTypeConfig()
{
ClaimType = UnitTestsHelper.RandomClaimType, PrefixToBypassLookup = prefixToBypassLookup, DirectoryObjectProperty = UnitTestsHelper.RandomObjectProperty
};
Assert.Throws <InvalidOperationException>(() => Config.Update(), $"Set a duplicate PrefixToBypassLookup on an existing item and add a new item with the same PrefixToBypassLookup should throw exception InvalidOperationException with this message: \"{ConfigUpdateErrorMessage}\"");
}
public void AddClaimTypeConfig()
{
ClaimTypeConfig ctConfig = new ClaimTypeConfig();
// Add a ClaimTypeConfig with a claim type already set should throw exception InvalidOperationException
ctConfig.ClaimType = UnitTestsHelper.SPTrust.IdentityClaimTypeInformation.MappedClaimType;
ctConfig.DirectoryObjectProperty = UnitTestsHelper.RandomObjectProperty;
Assert.Throws <InvalidOperationException>(() => Config.ClaimTypes.Add(ctConfig), $"Add a ClaimTypeConfig with a claim type already set should throw exception InvalidOperationException with this message: \"Claim type '{UnitTestsHelper.SPTrust.IdentityClaimTypeInformation.MappedClaimType}' already exists in the collection\"");
// Add a ClaimTypeConfig with UseMainClaimTypeOfDirectoryObject = false (default value) and DirectoryObjectProperty not set should throw exception InvalidOperationException
ctConfig.ClaimType = UnitTestsHelper.RandomClaimType;
ctConfig.DirectoryObjectProperty = AzureADObjectProperty.NotSet;
Assert.Throws <InvalidOperationException>(() => Config.ClaimTypes.Add(ctConfig), $"Add a ClaimTypeConfig with UseMainClaimTypeOfDirectoryObject = false (default value) and DirectoryObjectProperty not set should throw exception InvalidOperationException with this message: \"Property DirectoryObjectProperty is required\"");
// Add a ClaimTypeConfig with UseMainClaimTypeOfDirectoryObject = true and ClaimType set should throw exception InvalidOperationException
ctConfig.ClaimType = UnitTestsHelper.RandomClaimType;
ctConfig.DirectoryObjectProperty = UnitTestsHelper.RandomObjectProperty;
ctConfig.UseMainClaimTypeOfDirectoryObject = true;
Assert.Throws <InvalidOperationException>(() => Config.ClaimTypes.Add(ctConfig), $"Add a ClaimTypeConfig with UseMainClaimTypeOfDirectoryObject = true and ClaimType set should throw exception InvalidOperationException with this message: \"No claim type should be set if UseMainClaimTypeOfDirectoryObject is set to true\"");
// Add a ClaimTypeConfig with EntityType 'Group' should throw exception InvalidOperationException since 1 already exists by default and AzureCP allows only 1 claim type for EntityType 'Group'
ctConfig.ClaimType = UnitTestsHelper.RandomClaimType;
ctConfig.DirectoryObjectProperty = UnitTestsHelper.RandomObjectProperty;
ctConfig.EntityType = DirectoryObjectType.Group;
ctConfig.UseMainClaimTypeOfDirectoryObject = false;
Assert.Throws <InvalidOperationException>(() => Config.ClaimTypes.Add(ctConfig), $"Add a ClaimTypeConfig with EntityType 'Group' should throw exception InvalidOperationException with this message: \"A claim type for EntityType 'Group' already exists in the collection\"");
// Add a valid ClaimTypeConfig should succeed
ctConfig.ClaimType = UnitTestsHelper.RandomClaimType;
ctConfig.DirectoryObjectProperty = UnitTestsHelper.RandomObjectProperty;
ctConfig.EntityType = DirectoryObjectType.User;
ctConfig.UseMainClaimTypeOfDirectoryObject = false;
Assert.DoesNotThrow(() => Config.ClaimTypes.Add(ctConfig), $"Add a valid ClaimTypeConfig should succeed");
// Add a ClaimTypeConfig twice should throw exception InvalidOperationException
Assert.Throws <InvalidOperationException>(() => Config.ClaimTypes.Add(ctConfig), $"Add a ClaimTypeConfig with a claim type already set should throw exception InvalidOperationException with this message: \"Claim type '{UnitTestsHelper.RandomClaimType}' already exists in the collection\"");
// Delete the ClaimTypeConfig by calling method ClaimTypeConfigCollection.Remove(ClaimTypeConfig) should succeed
Assert.IsTrue(Config.ClaimTypes.Remove(ctConfig), $"Delete the ClaimTypeConfig by calling method ClaimTypeConfigCollection.Remove(ClaimTypeConfig) should succeed");
}
public void DuplicateDirectoryObjectProperty()
{
ClaimTypeConfig existingCTConfig = Config.ClaimTypes.FirstOrDefault(x => !String.IsNullOrEmpty(x.ClaimType) && x.EntityType == DirectoryObjectType.User);
// Create a new ClaimTypeConfig with a DirectoryObjectProperty already set should throw exception InvalidOperationException
ClaimTypeConfig ctConfig = new ClaimTypeConfig()
{
ClaimType = UnitTestsHelper.RandomClaimType, EntityType = DirectoryObjectType.User, DirectoryObjectProperty = existingCTConfig.DirectoryObjectProperty
};
Assert.Throws <InvalidOperationException>(() => Config.ClaimTypes.Add(ctConfig), $"Create a new ClaimTypeConfig with a DirectoryObjectProperty already set should throw exception InvalidOperationException with this message: \"An item with property '{existingCTConfig.DirectoryObjectProperty.ToString()}' already exists for the object type 'User'\"");
// Add a valid ClaimTypeConfig should succeed (done for next test)
ctConfig.DirectoryObjectProperty = UnitTestsHelper.RandomObjectProperty;
Assert.DoesNotThrow(() => Config.ClaimTypes.Add(ctConfig), $"Add a valid ClaimTypeConfig should succeed");
// Update an existing ClaimTypeConfig with a DirectoryObjectProperty already set should throw exception InvalidOperationException
ctConfig.DirectoryObjectProperty = existingCTConfig.DirectoryObjectProperty;
Assert.Throws <InvalidOperationException>(() => Config.Update(), $"Update an existing ClaimTypeConfig with a DirectoryObjectProperty already set should throw exception InvalidOperationException with this message: \"{ConfigUpdateErrorMessage}\"");
// Delete the ClaimTypeConfig should succeed
Assert.IsTrue(Config.ClaimTypes.Remove(ctConfig), "Delete the ClaimTypeConfig should succeed");
}
/// <summary>
/// Add a new claim type configuration
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void BtnCreateNewItem_Click(object sender, EventArgs e)
{
string newClaimType = TxtNewClaimType.Text.Trim();
string newLdapAttribute = TxtNewAttrName.Text.Trim();
string newLdapClass = TxtNewObjectClass.Text.Trim();
DirectoryObjectType newDirectoryObjectType;
Enum.TryParse <DirectoryObjectType>(DdlNewDirectoryObjectType.SelectedValue, out newDirectoryObjectType);
string newEntityMetadata = DdlNewEntityMetadata.SelectedValue;
bool useMainClaimTypeOfDirectoryObject = false;
if (RdbNewItemClassicClaimType.Checked)
{
if (String.IsNullOrEmpty(newClaimType))
{
this.LabelErrorMessage.Text = TextErrorFieldsMissing;
ShowNewItemForm = true;
BuildAttributesListTable(false);
return;
}
}
else if (RdbNewItemPermissionMetadata.Checked)
{
if (String.IsNullOrEmpty(newEntityMetadata))
{
this.LabelErrorMessage.Text = TextErrorFieldsMissing;
ShowNewItemForm = true;
BuildAttributesListTable(false);
return;
}
newClaimType = String.Empty;
}
else
{
useMainClaimTypeOfDirectoryObject = true;
newClaimType = String.Empty;
}
ClaimTypeConfig newCTConfig = new ClaimTypeConfig();
newCTConfig.ClaimType = newClaimType;
newCTConfig.EntityType = newDirectoryObjectType;
newCTConfig.LDAPClass = newLdapClass;
newCTConfig.LDAPAttribute = newLdapAttribute;
newCTConfig.UseMainClaimTypeOfDirectoryObject = useMainClaimTypeOfDirectoryObject;
newCTConfig.EntityDataKey = newEntityMetadata;
try
{
// ClaimTypeConfigCollection.Add() may thrown an exception if new ClaimTypeConfig is not valid for any reason
PersistedObject.ClaimTypes.Add(newCTConfig);
}
catch (Exception ex)
{
this.LabelErrorMessage.Text = ex.Message;
ShowNewItemForm = true;
BuildAttributesListTable(false);
return;
}
// Update configuration and rebuild table with new configuration
CommitChanges();
BuildAttributesListTable(false);
}
/// <summary>
/// Add a new claim type configuration
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void BtnCreateNewItem_Click(object sender, EventArgs e)
{
string newClaimType = TxtNewClaimType.Text.Trim();
AzureADObjectProperty newDirectoryObjectProp;
Enum.TryParse <AzureADObjectProperty>(DdlNewGraphProperty.SelectedValue, out newDirectoryObjectProp);
DirectoryObjectType newDirectoryObjectType;
Enum.TryParse <DirectoryObjectType>(DdlNewDirectoryObjectType.SelectedValue, out newDirectoryObjectType);
bool useMainClaimTypeOfDirectoryObject = false;
if (RdbNewItemClassicClaimType.Checked)
{
if (String.IsNullOrEmpty(TxtNewClaimType.Text))
{
this.LabelErrorMessage.Text = TextErrorFieldsMissing;
ShowNewItemForm = true;
BuildAttributesListTable(false);
return;
}
}
else if (RdbNewItemPermissionMetadata.Checked)
{
if (String.IsNullOrEmpty(DdlNewEntityMetadata.SelectedValue))
{
this.LabelErrorMessage.Text = TextErrorFieldsMissing;
ShowNewItemForm = true;
BuildAttributesListTable(false);
return;
}
newClaimType = String.Empty;
}
else
{
useMainClaimTypeOfDirectoryObject = true;
newClaimType = String.Empty;
}
ClaimTypeConfig newCTConfig = new ClaimTypeConfig();
newCTConfig.ClaimType = newClaimType;
newCTConfig.DirectoryObjectProperty = newDirectoryObjectProp;
newCTConfig.EntityType = newDirectoryObjectType;
newCTConfig.UseMainClaimTypeOfDirectoryObject = useMainClaimTypeOfDirectoryObject;
newCTConfig.EntityDataKey = DdlNewEntityMetadata.SelectedValue;
bool convertSuccess = Enum.TryParse <AzureADObjectProperty>(DdlNewGraphPropertyToDisplay.SelectedValue, out newDirectoryObjectProp);
newCTConfig.DirectoryObjectPropertyToShowAsDisplayText = convertSuccess ? newDirectoryObjectProp : AzureADObjectProperty.NotSet;
try
{
// ClaimTypeConfigCollection.Add() may thrown an exception if new ClaimTypeConfig is not valid for any reason
PersistedObject.ClaimTypes.Add(newCTConfig);
}
catch (Exception ex)
{
this.LabelErrorMessage.Text = ex.Message;
ShowNewItemForm = true;
BuildAttributesListTable(false);
return;
}
// Update configuration and rebuild table with new configuration
CommitChanges();
BuildAttributesListTable(false);
}
/// <summary>
/// Ensures configuration is valid to proceed
/// </summary>
/// <returns></returns>
public virtual ConfigStatus ValidatePrerequisite()
{
if (!this.IsPostBack)
{
// DataBind() must be called to bind attributes that are set as "<%# #>"in .aspx
// But only during initial page load, otherwise it would reset bindings in other controls like SPGridView
DataBind();
ViewState.Add("ClaimsProviderName", ClaimsProviderName);
ViewState.Add("PersistedObjectName", PersistedObjectName);
ViewState.Add("PersistedObjectID", PersistedObjectID);
}
else
{
ClaimsProviderName = ViewState["ClaimsProviderName"].ToString();
PersistedObjectName = ViewState["PersistedObjectName"].ToString();
PersistedObjectID = ViewState["PersistedObjectID"].ToString();
}
Status = ConfigStatus.AllGood;
if (String.IsNullOrEmpty(ClaimsProviderName))
{
Status |= ConfigStatus.ClaimsProviderNamePropNotSet;
}
if (String.IsNullOrEmpty(PersistedObjectName))
{
Status |= ConfigStatus.PersistedObjectNamePropNotSet;
}
if (String.IsNullOrEmpty(PersistedObjectID))
{
Status |= ConfigStatus.PersistedObjectIDPropNotSet;
}
if (Status != ConfigStatus.AllGood)
{
ClaimsProviderLogging.Log($"[{ClaimsProviderName}] {MostImportantError}", TraceSeverity.Unexpected, EventSeverity.Error, TraceCategory.Configuration);
// Should not go further if those requirements are not met
return(Status);
}
if (CurrentTrustedLoginProvider == null)
{
CurrentTrustedLoginProvider = LDAPCP.GetSPTrustAssociatedWithCP(this.ClaimsProviderName);
if (CurrentTrustedLoginProvider == null)
{
Status |= ConfigStatus.NoSPTrustAssociation;
return(Status);
}
}
if (PersistedObject == null)
{
Status |= ConfigStatus.PersistedObjectNotFound;
}
if (Status != ConfigStatus.AllGood)
{
ClaimsProviderLogging.Log($"[{ClaimsProviderName}] {MostImportantError}", TraceSeverity.Unexpected, EventSeverity.Error, TraceCategory.Configuration);
// Should not go further if those requirements are not met
return(Status);
}
PersistedObject.CheckAndCleanConfiguration(CurrentTrustedLoginProvider.Name);
PersistedObject.ClaimTypes.SPTrust = CurrentTrustedLoginProvider;
if (IdentityCTConfig == null && Status == ConfigStatus.AllGood)
{
IdentityCTConfig = this.IdentityCTConfig = PersistedObject.ClaimTypes.FirstOrDefault(x => String.Equals(CurrentTrustedLoginProvider.IdentityClaimTypeInformation.MappedClaimType, x.ClaimType, StringComparison.InvariantCultureIgnoreCase) && !x.UseMainClaimTypeOfDirectoryObject);
if (IdentityCTConfig == null)
{
Status |= ConfigStatus.NoIdentityClaimType;
}
}
if (PersistedObjectVersion != PersistedObject.Version)
{
Status |= ConfigStatus.PersistedObjectStale;
}
if (Status != ConfigStatus.AllGood)
{
ClaimsProviderLogging.Log($"[{ClaimsProviderName}] {MostImportantError}", TraceSeverity.Unexpected, EventSeverity.Error, TraceCategory.Configuration);
}
return(Status);
}
