protected override Task ArrangeAsync()
{
_suppliedClient = new ApiClient {
ApiClientId = 1
};
_suppliedAccessToken = Guid.NewGuid();
_accessTokenClientRepo = Stub <IAccessTokenClientRepo>();
_apiClientAuthenticator = Stub <IApiClientAuthenticator>();
A.CallTo(() => _accessTokenClientRepo.AddClientAccessTokenAsync(A <int> ._, A <string> ._))
.Returns(
new ClientAccessToken(new TimeSpan(0, 10, 0))
{
ApiClient = _suppliedClient,
Id = _suppliedAccessToken
});
A.CallTo(() => _apiClientAuthenticator.TryAuthenticateAsync(A <string> ._, A <string> ._))
.Returns(
Task.FromResult(
new ApiClientAuthenticator.AuthenticationResult
{
IsAuthenticated = true,
ApiClientIdentity = new ApiClientIdentity {
Key = "clientId"
}
}));
_controller = ControllerHelper.CreateTokenController(_apiClientAuthenticator, _accessTokenClientRepo);
return(Task.CompletedTask);
}
protected override Task ArrangeAsync()
{
_suppliedClient = new ApiClient
{
ApiClientId = 1
};
_apiClientAuthenticator = Stub <IApiClientAuthenticator>();
var ApplicationEducationOrganizations = new List <int>()
{
997, 998, 999
};
// Scope the request to the first associated EdOrg
_requestedScope = ApplicationEducationOrganizations
.First()
.ToString();
_suppliedAccessToken = Guid.NewGuid();
_accessTokenClientRepo = Stub <IAccessTokenClientRepo>();
A.CallTo(() => _accessTokenClientRepo.AddClientAccessTokenAsync(A <int> ._, A <string> ._))
.Returns(
new ClientAccessToken(new TimeSpan(0, 10, 0))
{
ApiClient = _suppliedClient,
Id = _suppliedAccessToken
});
A.CallTo(() => _apiClientAuthenticator.TryAuthenticateAsync(A <string> ._, A <string> ._))
.Returns(
Task.FromResult(
new ApiClientAuthenticator.AuthenticationResult
{
IsAuthenticated = true,
ApiClientIdentity = new ApiClientIdentity {
Key = "clientId",
EducationOrganizationIds = ApplicationEducationOrganizations,
ApiClientId = _suppliedClient.ApiClientId,
}
}));
_controller = ControllerHelper.CreateTokenController(_apiClientAuthenticator, _accessTokenClientRepo);
return(Task.CompletedTask);
}
public void Should_not_use_AccessTokenClientRepo_to_create_token_using_the_supplied_ApiClientId()
{
A.CallTo(() => _accessTokenClientRepo.AddClientAccessTokenAsync(_suppliedClient.ApiClientId, null))
.MustNotHaveHappened();
}
public void Should_use_AccessTokenClientRepo_to_create_token_using_the_supplied_ApiClientId_and_scope()
{
A.CallTo(() => _accessTokenClientRepo.AddClientAccessTokenAsync(_suppliedClient.ApiClientId, _requestedScope))
.MustHaveHappened();
}
public async Task <AuthenticationResponse> HandleAsync(TokenRequest tokenRequest)
{
// Only handle the "client_credentials" grant type
if (!RequestIsRequiredGrantType())
{
return(new AuthenticationResponse {
TokenError = new TokenError(TokenErrorType.UnsupportedGrantType)
});
}
// Verify client_id and client_secret are present
if (!HasIdAndSecret())
{
return(new AuthenticationResponse {
TokenError = new TokenError(TokenErrorType.InvalidClient)
});
}
// authenticate the client
var authenticationResult = await _apiClientAuthenticator.TryAuthenticateAsync(
tokenRequest.Client_id,
tokenRequest.Client_secret);
if (!authenticationResult.IsAuthenticated)
{
return(new AuthenticationResponse {
TokenError = new TokenError(TokenErrorType.InvalidClient)
});
}
// get client information
var client = await _clientAppRepo.GetClientAsync(authenticationResult.ApiClientIdentity.Key);
// Convert empty scope to null
string tokenRequestScope = string.IsNullOrEmpty(tokenRequest.Scope)
? null
: tokenRequest.Scope.Trim();
// validate client is in scope
if (tokenRequestScope != null)
{
if (!int.TryParse(tokenRequestScope, out int educationOrganizationScope))
{
return(new AuthenticationResponse
{
TokenError = new TokenError(
TokenErrorType.InvalidScope,
"The supplied 'scope' was not a number (it should be an EducationOrganizationId that is explicitly associated with the client).")
});
}
if (!client.ApplicationEducationOrganizations
.Select(x => x.EducationOrganizationId)
.Contains(educationOrganizationScope))
{
return(new AuthenticationResponse
{
TokenError = new TokenError(
TokenErrorType.InvalidScope,
"The client is not explicitly associated with the EducationOrganizationId specified in the requested 'scope'.")
});
}
}
// create a new token
var token = await _accessTokenClientRepo.AddClientAccessTokenAsync(client.ApiClientId, tokenRequestScope);
var tokenResponse = new TokenResponse();
tokenResponse.SetToken(token.Id, (int)token.Duration.TotalSeconds, token.Scope);
return(new AuthenticationResponse {
TokenResponse = tokenResponse
});
bool RequestIsRequiredGrantType() => tokenRequest.Grant_type.EqualsIgnoreCase("client_credentials");
bool HasIdAndSecret()
=> !string.IsNullOrEmpty(tokenRequest.Client_secret) && !string.IsNullOrEmpty(tokenRequest.Client_id);
}
