protected override Task ArrangeAsync() { _suppliedClient = new ApiClient { ApiClientId = 1 }; _suppliedAccessToken = Guid.NewGuid(); _accessTokenClientRepo = Stub <IAccessTokenClientRepo>(); _apiClientAuthenticator = Stub <IApiClientAuthenticator>(); A.CallTo(() => _accessTokenClientRepo.AddClientAccessTokenAsync(A <int> ._, A <string> ._)) .Returns( new ClientAccessToken(new TimeSpan(0, 10, 0)) { ApiClient = _suppliedClient, Id = _suppliedAccessToken }); A.CallTo(() => _apiClientAuthenticator.TryAuthenticateAsync(A <string> ._, A <string> ._)) .Returns( Task.FromResult( new ApiClientAuthenticator.AuthenticationResult { IsAuthenticated = true, ApiClientIdentity = new ApiClientIdentity { Key = "clientId" } })); _controller = ControllerHelper.CreateTokenController(_apiClientAuthenticator, _accessTokenClientRepo); return(Task.CompletedTask); }
protected override Task ArrangeAsync() { _suppliedClient = new ApiClient { ApiClientId = 1 }; _apiClientAuthenticator = Stub <IApiClientAuthenticator>(); var ApplicationEducationOrganizations = new List <int>() { 997, 998, 999 }; // Scope the request to the first associated EdOrg _requestedScope = ApplicationEducationOrganizations .First() .ToString(); _suppliedAccessToken = Guid.NewGuid(); _accessTokenClientRepo = Stub <IAccessTokenClientRepo>(); A.CallTo(() => _accessTokenClientRepo.AddClientAccessTokenAsync(A <int> ._, A <string> ._)) .Returns( new ClientAccessToken(new TimeSpan(0, 10, 0)) { ApiClient = _suppliedClient, Id = _suppliedAccessToken }); A.CallTo(() => _apiClientAuthenticator.TryAuthenticateAsync(A <string> ._, A <string> ._)) .Returns( Task.FromResult( new ApiClientAuthenticator.AuthenticationResult { IsAuthenticated = true, ApiClientIdentity = new ApiClientIdentity { Key = "clientId", EducationOrganizationIds = ApplicationEducationOrganizations, ApiClientId = _suppliedClient.ApiClientId, } })); _controller = ControllerHelper.CreateTokenController(_apiClientAuthenticator, _accessTokenClientRepo); return(Task.CompletedTask); }
public void Should_not_use_AccessTokenClientRepo_to_create_token_using_the_supplied_ApiClientId() { A.CallTo(() => _accessTokenClientRepo.AddClientAccessTokenAsync(_suppliedClient.ApiClientId, null)) .MustNotHaveHappened(); }
public void Should_use_AccessTokenClientRepo_to_create_token_using_the_supplied_ApiClientId_and_scope() { A.CallTo(() => _accessTokenClientRepo.AddClientAccessTokenAsync(_suppliedClient.ApiClientId, _requestedScope)) .MustHaveHappened(); }
public async Task <AuthenticationResponse> HandleAsync(TokenRequest tokenRequest) { // Only handle the "client_credentials" grant type if (!RequestIsRequiredGrantType()) { return(new AuthenticationResponse { TokenError = new TokenError(TokenErrorType.UnsupportedGrantType) }); } // Verify client_id and client_secret are present if (!HasIdAndSecret()) { return(new AuthenticationResponse { TokenError = new TokenError(TokenErrorType.InvalidClient) }); } // authenticate the client var authenticationResult = await _apiClientAuthenticator.TryAuthenticateAsync( tokenRequest.Client_id, tokenRequest.Client_secret); if (!authenticationResult.IsAuthenticated) { return(new AuthenticationResponse { TokenError = new TokenError(TokenErrorType.InvalidClient) }); } // get client information var client = await _clientAppRepo.GetClientAsync(authenticationResult.ApiClientIdentity.Key); // Convert empty scope to null string tokenRequestScope = string.IsNullOrEmpty(tokenRequest.Scope) ? null : tokenRequest.Scope.Trim(); // validate client is in scope if (tokenRequestScope != null) { if (!int.TryParse(tokenRequestScope, out int educationOrganizationScope)) { return(new AuthenticationResponse { TokenError = new TokenError( TokenErrorType.InvalidScope, "The supplied 'scope' was not a number (it should be an EducationOrganizationId that is explicitly associated with the client).") }); } if (!client.ApplicationEducationOrganizations .Select(x => x.EducationOrganizationId) .Contains(educationOrganizationScope)) { return(new AuthenticationResponse { TokenError = new TokenError( TokenErrorType.InvalidScope, "The client is not explicitly associated with the EducationOrganizationId specified in the requested 'scope'.") }); } } // create a new token var token = await _accessTokenClientRepo.AddClientAccessTokenAsync(client.ApiClientId, tokenRequestScope); var tokenResponse = new TokenResponse(); tokenResponse.SetToken(token.Id, (int)token.Duration.TotalSeconds, token.Scope); return(new AuthenticationResponse { TokenResponse = tokenResponse }); bool RequestIsRequiredGrantType() => tokenRequest.Grant_type.EqualsIgnoreCase("client_credentials"); bool HasIdAndSecret() => !string.IsNullOrEmpty(tokenRequest.Client_secret) && !string.IsNullOrEmpty(tokenRequest.Client_id); }