public async Task TransformAsyncMapsAuth0RoleClaimToStandardRoleClaimTest() { var logger = _output.BuildLoggerFor <ClaimsTransformer>(); var identity = new ClaimsIdentity("Bearer", ClaimType.Subject, ClaimType.Role); var principal = new ClaimsPrincipal(identity); var account = Model.Create <Account>(); var expectedRole = Guid.NewGuid().ToString(); identity.AddClaim(new Claim(ClaimType.Subject, Guid.NewGuid().ToString())); identity.AddClaim(new Claim(ClaimType.Auth0Roles, expectedRole)); var manager = Substitute.For <IAccountQuery>(); manager.GetAccount(Arg.Is <User>(x => x.Username == identity.Name), Arg.Any <CancellationToken>()) .Returns(account); var target = new ClaimsTransformer(manager, logger); await target.TransformAsync(principal).ConfigureAwait(false); var expected = identity.GetClaimValue <string>(ClaimType.Role); expected.Should().Be(expectedRole); identity.Claims.Should().NotContain(x => x.Type == ClaimType.Auth0Roles); }
/// <summary> /// Handles all request comming into server /// </summary> /// <param name="request">request being sent to server</param> /// <param name="cancellationToken">operation </param> /// <returns>success</returns> protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { try { //get token from request string token = new RequestTransformer().GetToken(request); if (token == null) { return(base.SendAsync(request, cancellationToken)); } // check if token is valid. returns principals var incommingprincipal = new VerifyJWT().VerifyToken(token); // Authenticates principals and gets user claims fromd db ClaimsPrincipal AuthenticatedPrincipal = new ClaimsTransformer().Authenticate(incommingprincipal); // create IPrincipal IPrincipal principal = AuthenticatedPrincipal; // run thread in principal Thread.CurrentPrincipal = principal; HttpContext.Current.User = principal; return(base.SendAsync(request, cancellationToken)); } catch (Exception) { // send to unauthenticated return(UnAuthenticated()); } }
/// <summary> /// Method to call the claims transformer to create the /// /// @author: Rachel Dang /// @updated: 04/28/18 /// </summary> /// <param name="username"></param> /// <param name="isFirstTimeUser"></param> /// <returns></returns> private ResponseDto <ClaimsIdentity> CreateClaimsIdentity(string username) { // Check if user is a first time user from the SSO var isFirstTimeUser = CheckIfFirstTimeUser(username); // If user is invalid and an error occurs, return dto with error if (isFirstTimeUser.Error != null) { return(new ResponseDto <ClaimsIdentity> { Error = GeneralErrorMessages.GENERAL_ERROR }); } // Call the Claims Transformer manager to create the claims identity var transformer = new ClaimsTransformer(); if (isFirstTimeUser.Data == true) { return(new ResponseDto <ClaimsIdentity> { Data = transformer.CreateSsoClaimsIdentity(username) }); } return(new ResponseDto <ClaimsIdentity> { Data = transformer.CreateAuthenticationClaimsIdentity(username) }); }
// manual way of invoking claims transformation protected void Application_PostAuthenticateRequest(object sender, EventArgs e) { var transformer = new ClaimsTransformer(); var principal = transformer.Authenticate(string.Empty, ClaimsPrincipal.Current); Thread.CurrentPrincipal = principal; HttpContext.Current.User = principal; }
// claims transformation protected void Application_PostAuthenticateRequest() { if (ClaimsPrincipal.Current.Identity.IsAuthenticated) { var principal = new ClaimsTransformer().Authenticate(string.Empty, ClaimsPrincipal.Current); HttpContext.Current.User = principal; Thread.CurrentPrincipal = principal; } }
public async Task TransformAsyncSkipsProcessingWhenUserNotAuthenticatedTest() { var logger = _output.BuildLoggerFor <ClaimsTransformer>(); var identity = new ClaimsIdentity(); var principal = new ClaimsPrincipal(identity); var manager = Substitute.For <IAccountQuery>(); var target = new ClaimsTransformer(manager, logger); await target.TransformAsync(principal).ConfigureAwait(false); await manager.DidNotReceive().GetAccount(Arg.Any <User>(), Arg.Any <CancellationToken>()) .ConfigureAwait(false); }
public async Task TransformAsyncDoesNotAddProfileIdClaimWhenStoreReturnsNullAccountTest() { var logger = _output.BuildLoggerFor <ClaimsTransformer>(); var identity = new ClaimsIdentity("Bearer", ClaimType.Subject, ClaimType.Role); var principal = new ClaimsPrincipal(identity); identity.AddClaim(new Claim(ClaimType.Subject, Guid.NewGuid().ToString())); var manager = Substitute.For <IAccountQuery>(); var target = new ClaimsTransformer(manager, logger); await target.TransformAsync(principal).ConfigureAwait(false); principal.HasClaim(x => x.Type == ClaimType.ProfileId).Should().BeFalse(); }
public async Task TransformAsyncAddsProfileIdClaimFromStoreToIdentityTest() { var logger = _output.BuildLoggerFor <ClaimsTransformer>(); var identity = new ClaimsIdentity("Bearer", ClaimType.Subject, ClaimType.Role); var principal = new ClaimsPrincipal(identity); var account = Model.Create <Account>(); identity.AddClaim(new Claim(ClaimType.Subject, Guid.NewGuid().ToString())); var manager = Substitute.For <IAccountQuery>(); manager.GetAccount(Arg.Is <User>(x => x.Username == identity.Name), Arg.Any <CancellationToken>()) .Returns(account); var target = new ClaimsTransformer(manager, logger); await target.TransformAsync(principal).ConfigureAwait(false); var expected = principal.Identity.As <ClaimsIdentity>().GetClaimValue <string>(ClaimType.ProfileId); expected.Should().Be(account.Id.ToString()); }
public async Task TransformAsyncDoesNotAddProfileIdClaimWhenAlreadyPresentTest() { var logger = _output.BuildLoggerFor <ClaimsTransformer>(); var claims = new[] { new Claim(ClaimType.Subject, Guid.NewGuid().ToString()), new Claim(ClaimTypes.Name, Guid.NewGuid().ToString()), new Claim(ClaimType.ProfileId, Guid.NewGuid().ToString()) }; var identity = new ClaimsIdentity(claims, "Bearer", ClaimType.Subject, ClaimType.Role); var principal = new ClaimsPrincipal(identity); var manager = Substitute.For <IAccountQuery>(); var target = new ClaimsTransformer(manager, logger); await target.TransformAsync(principal).ConfigureAwait(false); var expected = principal.Identity.As <ClaimsIdentity>().Claims.Where(x => x.Type == ClaimType.ProfileId); expected.Should().HaveCount(1); await manager.DidNotReceive().GetAccount(Arg.Any <User>(), CancellationToken.None).ConfigureAwait(false); }
public async Task TransformAsyncProvidesAdditionalClaimsToManagerWhenGettingAccountTest() { var email = Guid.NewGuid().ToString(); var firstName = Guid.NewGuid().ToString(); var lastName = Guid.NewGuid().ToString(); var logger = _output.BuildLoggerFor <ClaimsTransformer>(); var identity = new ClaimsIdentity("Bearer", ClaimType.Subject, ClaimType.Role); identity.AddClaim(new Claim(ClaimType.Subject, Guid.NewGuid().ToString())); identity.AddClaim(new Claim(ClaimType.Email, email)); identity.AddClaim(new Claim(ClaimType.GivenName, firstName)); identity.AddClaim(new Claim(ClaimType.Surname, lastName)); var principal = new ClaimsPrincipal(identity); var account = Model.Create <Account>(); var manager = Substitute.For <IAccountQuery>(); manager.GetAccount(Arg.Is <User>(x => x.Username == identity.Name), Arg.Any <CancellationToken>()) .Returns(account); var target = new ClaimsTransformer(manager, logger); await target.TransformAsync(principal).ConfigureAwait(false); await manager.Received(1).GetAccount(Arg.Any <User>(), CancellationToken.None).ConfigureAwait(false); await manager.Received().GetAccount(Arg.Is <User>(x => x.Email == email), CancellationToken.None) .ConfigureAwait(false); await manager.Received().GetAccount(Arg.Is <User>(x => x.FirstName == firstName), CancellationToken.None) .ConfigureAwait(false); await manager.Received().GetAccount(Arg.Is <User>(x => x.LastName == lastName), CancellationToken.None) .ConfigureAwait(false); }