protected void ThrowIfNotAllowedInApp(List <Grants> requiredGrants, IAppIdentity alternateApp = null) { var permCheck = ServiceProvider.Build <MultiPermissionsApp>().Init(ContextOfBlock, alternateApp ?? ContextOfBlock.AppState, Log); if (!permCheck.EnsureAll(requiredGrants, out var error)) { throw HttpException.PermissionDenied(error); } }
public override IUiContextBuilder SetZoneAndApp(int zoneId, IAppIdentity app) { // check if we're providing context for missing app // in this case we must find the zone based on the portals. if (zoneId == 0 && app == null) { zoneId = _zoneMapper.Value.Init(null).GetZoneId(_portal.PortalId); } return(base.SetZoneAndApp(zoneId, app)); }
public void GetStatementsSafelyUnavailableRecognizedDataProviderRequestWorks() { IAutonomousApp client = this.GetAutonomousClient(); IUserIdentity userIdentity = RecognizedUserIdentity.Master; string docType = userIdentity.DocType; string docNumber = userIdentity.DocNumber; IList <AccountInfo> accounts = client.Inquiries.GetAccounts(docType, docNumber); CollectionAssert.IsNotEmpty(accounts); AccountInfo accountInfo = accounts.FirstOrDefault(account => account.Source == Subsystem.Tup); Assert.IsNotNull(accountInfo); string accountId = accountInfo.SourceAccountId; Assert.IsNotEmpty(accountId); IList <BalanceInfo> balances = client.Inquiries.GetBalances(docType, docNumber, accountId); CollectionAssert.IsNotEmpty(balances); void AssertStatementsSafeResults(IList <MiniStatementResultInfo> statementInquiryResults) { CollectionAssert.IsNotEmpty(statementInquiryResults); Assert.That(statementInquiryResults.Count, Is.EqualTo(1)); foreach (MiniStatementResultInfo inquiryResult in statementInquiryResults) { CollectionAssert.IsEmpty(inquiryResult.Data); Assert.IsNotEmpty(inquiryResult.Reason); Assert.That(inquiryResult.Subsystem, Is.EqualTo(Subsystem.Tup)); Assert.That(inquiryResult.Status, Is.EqualTo(SubsystemStatus.Unavailable)); } } // Se configura una conexión inválida para el proveedor de datos de TUP para esperar que falle la consulta de saldos... IAppIdentity appIdentity = AutonomousAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bifrost:ConnectionStringName", "RabbitMQ:Broken:Tests"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "TUP:ConnectionStringName", "Aspen"); // Los movimientos más recientes realizados por la cuenta... IList <MiniStatementResultInfo> inquiryResults = client.InquiriesV11.GetStatements(docType, docNumber, accountId); AssertStatementsSafeResults(inquiryResults); // Los movimientos más recientes realizados por la cuenta y el bolsillo específico... string accountTypeId = balances.First().TypeId; Assert.IsNotEmpty(accountTypeId); inquiryResults = client.InquiriesV11.GetStatements(docType, docNumber, accountId, accountTypeId); AssertStatementsSafeResults(inquiryResults); // Se reestablece las conexión valida al proveedor de datos de TUP... TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bifrost:ConnectionStringName", "RabbitMQ:Bifrost:Tests"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "TUP:ConnectionStringName", "Sql:TupCompensar"); }
public HelloWorldCronService( IScheduleConfig <HelloWorldCronService> config, ILogger <HelloWorldCronService> logger, IQueueService <HelloWorldModel> queueService, IAppIdentity appIdentity ) : base(config.CronExpression, config.TimeZoneInfo) { this.logger = logger; this.queueService = queueService; this.appIdentity = appIdentity; }
public void NotFoundValidTokenWhenAppSignedRequestThrows() { IAutonomousApp client = this.GetAutonomousClient(); IAppIdentity appIdentity = AutonomousAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().RemoveAppAuthToken(appIdentity.ApiKey); AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15847")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("No hay un token de autenticación vigente", exception.Message); }
public void MismatchTokenSignatureWhenAppSignedRequestThrows() { IAutonomousApp client = this.GetAutonomousClient(); IAppIdentity appIdentityMaster = AutonomousAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().EnsureMismatchAppAuthToken(appIdentityMaster.ApiKey); AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15846")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("No coinciden los datos recibidos del token vs los valores esperados. ¿Se modificaron los valores en tránsito o está utilizando el ApiKey en otra aplicación?", exception.Message); }
public void ApiKeyDisabledWhenAppSigninRequestThrows() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().UpdateEnabled(appIdentity.ApiKey, false); AspenException exception = Assert.Throws <AspenException>(() => this.GetAutonomousClient()); Assert.That(exception.EventId, Is.EqualTo("20006")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Forbidden)); StringAssert.IsMatch("ApiKey está desactivado. Póngase en contacto con el administrador", exception.Message); TestContext.CurrentContext.DatabaseHelper().UpdateEnabled(appIdentity.ApiKey, true); }
public void AppRequiresChangeSecretWhenSigninRequestThrows() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().UpdateChangeSecret(appIdentity.ApiKey, true); AspenException exception = Assert.Throws <AspenException>(() => this.GetAutonomousClient()); Assert.That(exception.EventId, Is.EqualTo("20009")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.UpgradeRequired)); StringAssert.IsMatch("Necesita actualizar el secreto de la aplicación.", exception.Message); TestContext.CurrentContext.DatabaseHelper().UpdateChangeSecret(appIdentity.ApiKey, false); }
public void GetAccountsRecognizedDataProvidersRequestWorks() { // Se habilitan los proveedores actuales en la aplicación... IAppIdentity appIdentity = DelegatedAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP|Bancor"); IDelegatedApp client = this.GetDelegatedClient(); IList <AccountExtendedInfo> accounts = client.Inquiries.GetAccounts(); CollectionAssert.IsNotEmpty(accounts); Assert.That(accounts.Count, Is.EqualTo(2)); const string AccountIdPattern = @"^[\d]*$"; const string AccountNumberPattern = @".*\d{4}"; const string BackgroundColorPattern = @"^#(?:[0-9a-fA-F]{3}){1,2}$"; foreach (AccountExtendedInfo account in accounts) { Assert.That(account.Balance, Is.AssignableTo(typeof(decimal))); Assert.That(account.Id, Is.Not.Null.And.Match(AccountIdPattern)); Assert.That(account.SourceAccountId, Is.Not.Null.And.Match(AccountIdPattern)); Assert.That(account.MaskedPan, Is.Not.Null.And.Match(AccountNumberPattern)); Assert.That(account.Name, Is.Not.Empty); Assert.That(account.ShortName, Is.Not.Empty); Assert.That(account.BackgroundColor, Is.Not.Null.And.Match(BackgroundColorPattern)); CollectionAssert.IsNotEmpty(account.Properties); IList <AccountProperty> accountProperties = account.Properties; switch (account.Source) { case Subsystem.Tup: Assert.That(accountProperties.Count, Is.EqualTo(4)); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "LastTranName"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "LastTranDate"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "LastTranCardAcceptor"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "CardStatusName"), Is.Not.Null); break; case Subsystem.Bancor: Assert.That(accountProperties.Count, Is.EqualTo(4)); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "LastTran"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "NextPayment"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "FullPayment"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "PartialPayment"), Is.Not.Null); break; } } // Se reestablece la aplicación para usar el proveedor predeterminando para pruebas... TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP"); }
public void MismatchTokenWhenUserSignedRequestThrows() { IDelegatedApp client = this.GetDelegatedClient(); IAppIdentity appIdentityMaster = DelegatedAppIdentity.Master; IUserIdentity userIdentityMaster = RecognizedUserIdentity.Master; TestContext.CurrentContext.DatabaseHelper().EnsureMismatchUserAuthToken(appIdentityMaster.ApiKey, userIdentityMaster.DocType, userIdentityMaster.DocNumber, userIdentityMaster.Device.DeviceId); AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15846")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("No coinciden los datos recibidos del token vs los valores esperados. ¿Se modificaron los valores en tránsito o está utilizando el ApiKey en otra aplicación?", exception.Message); }
public void GetAccountsRecognizedDataProvidersRequestWorks() { // Se habilitan los proveedores conocidos para la aplicación... IAppIdentity appIdentity = AutonomousAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP|Bancor"); IAutonomousApp client = this.GetAutonomousClient(); IUserIdentity userIdentity = RecognizedUserIdentity.Master; string docType = userIdentity.DocType; string docNumber = userIdentity.DocNumber; IList <AccountInfo> accounts = client.Inquiries.GetAccounts(docType, docNumber); CollectionAssert.IsNotEmpty(accounts); Assert.That(accounts.Count, Is.EqualTo(2)); const string AccountIdPattern = @"^[\d]*$"; const string AccountNumberPattern = @".*\d{4}"; foreach (AccountInfo account in accounts) { Assert.That(account.Balance, Is.AssignableTo(typeof(decimal))); Assert.That(account.Id, Is.Not.Null.And.Match(AccountIdPattern)); Assert.That(account.SourceAccountId, Is.Not.Null.And.Match(AccountIdPattern)); Assert.That(account.MaskedPan, Is.Not.Null.And.Match(AccountNumberPattern)); Assert.That(account.Name, Is.Not.Empty); CollectionAssert.IsNotEmpty(account.Properties); IList <AccountProperty> accountProperties = account.Properties; switch (account.Source) { case Subsystem.Tup: Assert.That(accountProperties.SingleOrDefault(p => p.Key == "LastTranName"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "LastTranDate"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "LastTranCardAcceptor"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "CardStatusName"), Is.Not.Null); break; case Subsystem.Bancor: Assert.That(accountProperties.SingleOrDefault(p => p.Key == "LastTran"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "NextPayment"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "FullPayment"), Is.Not.Null); Assert.That(accountProperties.SingleOrDefault(p => p.Key == "PartialPayment"), Is.Not.Null); break; } } // Se reestablece la aplicación para usar el proveedor de datos predeterminando para pruebas... TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP"); }
public void RunBeforeTestFixture() { IAppIdentity appIdentity = DelegatedAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bifrost:ConnectionStringName", "RabbitMQ:Bifrost:Tests"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bancor:ConnectionStringName", "RabbitMQ:Bancor:Tests"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Kraken:ConnectionStringName", "RabbitMQ:Kraken:Tests"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "TUP:InquiryProvider", "Database"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "IOC:AuthProviderKey", "DbAuthProvider"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "IOC:TokenProviderKey", "LocalTokenProvider"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "RemoteTokenProvider:SupportsChannels", "False"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "RemoteTokenProvider:NullifyErrorBehavior", "SilentlyContinue"); }
public void GetBalancesSafelyUnavailableRecognizedDataProviderRequestWorks() { // Se habilitan los proveedores conocidos para la aplicación... IAppIdentity appIdentity = AutonomousAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP|Bancor"); IAutonomousApp client = this.GetAutonomousClient(); IUserIdentity userIdentity = RecognizedUserIdentity.Master; string docType = userIdentity.DocType; string docNumber = userIdentity.DocNumber; IList <AccountInfo> accounts = client.Inquiries.GetAccounts(docType, docNumber); CollectionAssert.IsNotEmpty(accounts); AccountInfo accountInfo = accounts.FirstOrDefault(account => account.Source == Subsystem.Tup); Assert.IsNotNull(accountInfo); string accountId = accountInfo.SourceAccountId; // Se configura una conexión inválida para el proveedor de datos de TUP para esperar que falle la consulta de saldos... TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bifrost:ConnectionStringName", "RabbitMQ:Broken:Tests"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "TUP:ConnectionStringName", "Aspen"); IList <BalanceResultInfo> inquiryResults = client.InquiriesV11.GetBalances(docType, docNumber, accountId); CollectionAssert.IsNotEmpty(inquiryResults); Assert.That(inquiryResults.Count, Is.EqualTo(2)); // El proveedor de datos de TUP debe indicar que no está disponible para procesar la consulta requerida... BalanceResultInfo tupInquiryResult = inquiryResults.First(info => info.Subsystem == Subsystem.Tup); CollectionAssert.IsEmpty(tupInquiryResult.Data); Assert.IsNotEmpty(tupInquiryResult.Reason); Assert.That(tupInquiryResult.Status, Is.EqualTo(SubsystemStatus.Unavailable)); // El proveedor de datos de BANCOR debe indicar que no implementa la característica de saldos... BalanceResultInfo bancorInquiryResult = inquiryResults.First(info => info.Subsystem == Subsystem.Bancor); CollectionAssert.IsEmpty(bancorInquiryResult.Data); Assert.IsNotEmpty(bancorInquiryResult.Reason); Assert.That(bancorInquiryResult.Status, Is.EqualTo(SubsystemStatus.MissingFeature)); // Se reestablece la aplicación para usar el proveedor de datos predeterminando para pruebas... TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP"); // Se reestablece las conexión valida al proveedor de datos de TUP... TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bifrost:ConnectionStringName", "RabbitMQ:Bifrost:Tests"); TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "TUP:ConnectionStringName", "Sql:TupCompensar"); }
public void UpdateApiSecretRequestWorks() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; string apiKey = appIdentity.ApiKey; string currentApiSecret = appIdentity.ApiSecret; string newApiSecret = this.GetRandomSecret(); Assert.That(newApiSecret.Length, Is.GreaterThanOrEqualTo(128)); Assert.DoesNotThrow(() => AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, currentApiSecret) .UpdateApiSecret(newApiSecret)); TestContext.CurrentContext.DatabaseHelper().UpdateApiSecret(apiKey, currentApiSecret); }
/// <summary> /// Inicializa una nueva instancia de la clase <see cref="ServiceLocator" /> /// </summary> /// <param name="nonceGenerator">Instancia de <see cref="INonceGenerator" /> que se utiliza para inicializar el proveedor de valores nonce o <c>null</c> para utilizar la instancia predeterminada.</param> /// <param name="epochGenerator">Instancia de <see cref="IEpochGenerator" /> que se utiliza para inicializar el proveedor de valores epoch o <c>null</c> para utilizar la instancia predeterminada.</param> /// <param name="headersManager">Instancia de <see cref="IHeadersManager" /> que se utiliza para inicializar el proveedor de cabeceras para las solicitudes al servicio o <c>null</c> para utilizar la instancia predeterminada.</param> /// <param name="requestHeaderNames">Instancia de <see cref="IHeaderElement" /> que se utiliza para inicializar el proveedor de los nombres de cabeceras personalizadas o <c>null</c> para utilizar la instancia predeterminada.</param> /// <param name="payloadClaimNames">Instancia de <see cref="IPayloadClaimElement" /> que se utiliza para inicializar el proveedor de los nombres para las reclamaciones usadas en la carga útil del servicio o <c>null</c> para utilizar la instancia predeterminada.</param> /// <param name="payloadClaimsManager">Instancia de <see cref="IPayloadClaimsManager" /> que se utiliza para inicializar el proveedor de reclamaciones de la carga útil o <c>null</c> para utilizar la instancia predeterminada.</param> /// <param name="jwtJsonSerializer">Instancia de <see cref="IJsonSerializer" /> que se utiliza para inicializar el proveedor de serialización y deserialización de JWT o <c>null</c> para utilizar la instancia predeterminada.</param> /// <param name="webProxy">Instancia de <see cref="IWebProxy" /> que se utiliza para inicializar el proveedor del servidor proxy o <c>null</c> para utilizar la instancia predeterminada.</param> /// <param name="loggingProvider">Instancia de <see cref="ILoggingProvider" /> que se utiliza para inicializar el proveedor de escritura de trazas de seguimiento o <c>null</c> para utilizar la instancia predeterminada.</param> /// <param name="endpointProvider">Instancia que implementa <see cref="IEndpointProvider"/> para la obtención de valores de configuración.</param> /// <param name="appIdentity">Instancia que implementa <see cref="IAppIdentity"/> para la obtención de valores de configuración.</param> private void RegisterInstance( INonceGenerator nonceGenerator = null, IEpochGenerator epochGenerator = null, IHeadersManager headersManager = null, IHeaderElement requestHeaderNames = null, IPayloadClaimElement payloadClaimNames = null, IPayloadClaimsManager payloadClaimsManager = null, IJsonSerializer jwtJsonSerializer = null, IWebProxy webProxy = null, ILoggingProvider loggingProvider = null, IEndpointProvider endpointProvider = null, IAppIdentity appIdentity = null) { lock (padlock) { INonceGenerator instanceOfNonceGenerator = nonceGenerator ?? this.NonceGenerator ?? new GuidNonceGenerator(); IEpochGenerator instanceOfEpochGenerator = epochGenerator ?? this.EpochGenerator ?? new UnixEpochGenerator(); IHeaderElement instanceOfRequestHeaderNames = requestHeaderNames ?? this.RequestHeaderNames ?? new DefaultHeaderElement(); IPayloadClaimElement instanceOfPayloadClaimNames = payloadClaimNames ?? this.PayloadClaimNames ?? new DefaultPayloadClaimElement(); IPayloadClaimsManager instanceOfPayloadClaimsManager = payloadClaimsManager ?? this.PayloadClaimsManager ?? new DefaultPayloadClaimsManager(); IHeadersManager instanceOfHeadersManager = headersManager ?? this.HeadersManager ?? new DefaultHeadersManager(); IJsonSerializer instanceOfJwtJsonSerializer = jwtJsonSerializer ?? this.JwtJsonSerializer ?? new JsonNetSerializer(); IWebProxy instanceOfWebProxy = webProxy ?? this.WebProxy ?? new NullWebProxy(); ILoggingProvider instanceOfLoggingProvider = loggingProvider ?? this.LoggingProvider ?? new NullLoggingProvider(); IEndpointProvider instanceOfEndpointProvider = endpointProvider ?? new EnvironmentEndpoint(); IAppIdentity instanceOfAppIdentity = appIdentity ?? new EnvironmentIdentity(); if (this.container != null) { this.container.Dispose(); this.container = null; } this.container = new Container(); this.container.RegisterInstance <IEnvironmentRuntime>(new EnvironmentRuntime()); this.container.RegisterInstance(instanceOfNonceGenerator); this.container.RegisterInstance(instanceOfEpochGenerator); this.container.RegisterInstance(instanceOfRequestHeaderNames); this.container.RegisterInstance(instanceOfHeadersManager); this.container.RegisterInstance(instanceOfPayloadClaimNames); this.container.RegisterInstance(instanceOfPayloadClaimsManager); this.container.RegisterInstance(instanceOfJwtJsonSerializer); this.container.RegisterInstance(instanceOfWebProxy); this.container.RegisterInstance(instanceOfLoggingProvider); this.container.RegisterInstance(instanceOfEndpointProvider); this.container.RegisterInstance(instanceOfAppIdentity); } }
public void ApiKeyScopeMismatchThrows() { IAppIdentity delegatedAppIdentity = DelegatedAppIdentity.Master; AspenException exception = Assert.Throws <AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(delegatedAppIdentity) .Authenticate() .GetClient(); }); Assert.That(exception.EventId, Is.EqualTo("1000478")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Forbidden)); StringAssert.IsMatch("ApiKey no tiene permisos para realizar la operación. Alcance requerido: 'Autonomous'", exception.Message); }
public void NotFoundValidTokenWhenUserSignedRequestThrows() { IDelegatedApp client = this.GetDelegatedClient(); UserAuthToken authToken = client.AuthToken as UserAuthToken; Assert.That(authToken, Is.Not.Null); IAppIdentity appIdentity = DelegatedAppIdentity.Master; IUserIdentity userIdentity = RecognizedUserIdentity.Master; TestContext.CurrentContext.DatabaseHelper().RemoveUserAuthToken(appIdentity.ApiKey, userIdentity.DocType, userIdentity.DocNumber, authToken.DeviceId); AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15847")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("No hay un token de autenticación vigente", exception.Message); }
public void TokenProvidedExpiredWhenAppSignedRequestThrows() { IAutonomousApp client = this.GetAutonomousClient(); AuthToken authToken = client.AuthToken as AuthToken; Assert.That(authToken, Is.Not.Null); Assert.That(authToken.Expired, Is.False); IAppIdentity appIdentity = AutonomousAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().EnsureExpireAppAuthToken(appIdentity.ApiKey); AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15848")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("El token de autenticación proporcionado ya venció", exception.Message); }
public void SecretFormatMustBeEncryptedTypeAfterUpdate() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; string apiKey = appIdentity.ApiKey; string currentApiSecret = appIdentity.ApiSecret; string newApiSecret = this.GetRandomSecret(); Assert.DoesNotThrow(() => AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, currentApiSecret) .UpdateApiSecret(newApiSecret)); // El tipo de formato del secreto debe ser 'SecretFormat.Encrypted' (1) Assert.IsTrue(TestContext.CurrentContext.DatabaseHelper().AppSecretFormatIsEncrypted(apiKey)); TestContext.CurrentContext.DatabaseHelper().UpdateApiSecret(apiKey, currentApiSecret); }
public void TokenProvidedExpiredWhenUserSignedRequestThrows() { IDelegatedApp client = this.GetDelegatedClient(); UserAuthToken authToken = client.AuthToken as UserAuthToken; Assert.That(authToken, Is.Not.Null); Assert.That(authToken.DeviceId, Is.Not.Empty); Assert.That(authToken.Expired, Is.False); IAppIdentity appIdentity = DelegatedAppIdentity.Master; IUserIdentity userIdentity = RecognizedUserIdentity.Master; TestContext.CurrentContext.DatabaseHelper().EnsureExpireUserAuthToken(appIdentity.ApiKey, userIdentity.DocType, userIdentity.DocNumber, authToken.DeviceId); AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15848")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("El token de autenticación proporcionado ya venció", exception.Message); }
public DnnPermissionCheck( Log parentLog, IContentType targetType = null, IEntity targetItem = null, IInstanceInfo instance = null, IApp app = null, IEnumerable <IEntity> permissions1 = null, PortalSettings portal = null, IAppIdentity appIdentity = null ) : base(parentLog, targetType, targetItem, app?.Metadata.Permissions, permissions1) { var logWrap = Log.New("DnnPermissionCheck", $"..., {targetItem?.EntityId}, app: {app?.AppId}, "); AppIdentity = appIdentity ?? app; App = app; Instance = instance; Portal = portal; logWrap(null); }
public void MismatchBetweenAppsWhenUserSignedRequestThrows() { IUserIdentity commonUserIdentity = RecognizedUserIdentity.Master; IAppIdentity appIdentityMaster = DelegatedAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().EnsureUserAndProfileInfo(appIdentityMaster.ApiKey, commonUserIdentity.DocType, commonUserIdentity.DocNumber); IDelegatedApp clientAppMaster = DelegatedApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(appIdentityMaster) .Authenticate(commonUserIdentity) .GetClient(); Assert.That(clientAppMaster, Is.Not.Null); Assert.That(clientAppMaster.AuthToken, Is.Not.Null); Assert.That(clientAppMaster.AuthToken.Token, Is.Not.Null); IAppIdentity appIdentityHelper = DelegatedAppIdentity.Helper; TestContext.CurrentContext.DatabaseHelper().EnsureUserAndProfileInfo(appIdentityHelper.ApiKey, commonUserIdentity.DocType, commonUserIdentity.DocNumber); IDelegatedApp clientAppHelper = DelegatedApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(appIdentityHelper) .Authenticate(commonUserIdentity) .GetClient(); Assert.That(clientAppHelper, Is.Not.Null); Assert.That(clientAppHelper.AuthToken, Is.Not.Null); Assert.That(clientAppHelper.AuthToken.Token, Is.Not.Null); IPayloadClaimsManager mismatchTokenClaimBehavior = InvalidTokenPayloadClaim.WithClaimBehavior(() => clientAppHelper.AuthToken.Token); ServiceLocator.Instance.RegisterPayloadClaimsManager(mismatchTokenClaimBehavior); AspenException exception = Assert.Throws <AspenException>(() => clientAppMaster.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15846")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("No coinciden los datos recibidos del token vs los valores esperados. ¿Se modificaron los valores en tránsito o está utilizando el ApiKey en otra aplicación?", exception.Message); }
public void GetAccountsSafelyUnavailableRecognizedDataProviderRequestWorks() { // Se habilitan los proveedores conocidos para la aplicación... IAppIdentity appIdentity = AutonomousAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP|Bancor"); // Se configura una conexión inválida a un proveedor de datos conocido para esperar que falle la consulta... TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bancor:ConnectionStringName", "RabbitMQ:Broken:Tests"); IAutonomousApp client = this.GetAutonomousClient(); IUserIdentity userIdentity = RecognizedUserIdentity.Master; string docType = userIdentity.DocType; string docNumber = userIdentity.DocNumber; IList <AccountResultInfo> inquiryResults = client.InquiriesV11.GetAccounts(docType, docNumber); CollectionAssert.IsNotEmpty(inquiryResults); Assert.That(inquiryResults.Count, Is.EqualTo(2)); // El proveedor de datos de TUP debe retornar un resultado por la consulta de cuentas... AccountResultInfo tupInquiryResult = inquiryResults.First(info => info.Subsystem == Subsystem.Tup); CollectionAssert.IsNotEmpty(tupInquiryResult.Data); Assert.IsNotEmpty(tupInquiryResult.Reason); Assert.That(tupInquiryResult.Status, Is.EqualTo(SubsystemStatus.Available)); // El proveedor de datos de BANCOR debe indicar que no está disponible para procesar la consulta requerida... AccountResultInfo bancorInquiryResult = inquiryResults.First(info => info.Subsystem == Subsystem.Bancor); CollectionAssert.IsEmpty(bancorInquiryResult.Data); Assert.IsNotEmpty(bancorInquiryResult.Reason); Assert.That(bancorInquiryResult.Status, Is.EqualTo(SubsystemStatus.Unavailable)); // Se reestablece la aplicación para usar el proveedor de datos predeterminando para pruebas... TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP"); // Se reestablece las conexión valida al proveedor de datos conocido... TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bancor:ConnectionStringName", "RabbitMQ:Bancor:Tests"); }
private static void SetChannelForRemoteTokenProvider(ChannelTarget target) { IAppIdentity appIdentity = AutonomousAppIdentity.Master; string value = string.Empty; switch (target) { case ChannelTarget.ToInternalServerError: value = "DEMOINTSERERR0000000"; break; case ChannelTarget.ToUnrecognizedStatusCode: value = "DEMOINVRESCOD0000000"; break; case ChannelTarget.ToCustomStatusCode: value = "DEMOCUSTOMCOD0000000"; break; } TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "RemoteTokenProvider:Channel", value); }
public void UseNewSecretWhenAppSigninRequestWorks() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; string apiKey = appIdentity.ApiKey; string currentApiSecret = appIdentity.ApiSecret; string newApiSecret = this.GetRandomSecret(); Assert.DoesNotThrow(() => AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, currentApiSecret) .UpdateApiSecret(newApiSecret)); IAutonomousApp client = AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, newApiSecret) .Authenticate() .GetClient(); Assert.That(client, Is.Not.Null); Assert.That(client.AuthToken, Is.Not.Null); Assert.That(client.AuthToken.Token, Is.Not.Null); TestContext.CurrentContext.DatabaseHelper().UpdateApiSecret(apiKey, currentApiSecret); }
public new App Init(IAppIdentity appId, Func <EavApp, IAppDataConfiguration> buildConfig, ILog parentLog) { base.Init(appId, buildConfig, parentLog); return(this); }
private static void UseUnrecognizedTokenProvider() { IAppIdentity appIdentity = DelegatedAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "IOC:TokenProviderKey", "UnrecognizedTokenProviderName"); }
private static void UseBrokenConnection() { IAppIdentity appIdentity = DelegatedAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "RemoteTokenProvider:ConnectionStringName", "RabbitMQ:Broken:Tests"); }
private static void SupportsChannels() { IAppIdentity appIdentity = DelegatedAppIdentity.Master; TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "RemoteTokenProvider:SupportsChannels", "True"); }
public static IApp Init(this App app, IAppIdentity appIdentity, ILog log, bool showDrafts = false) { var buildConfig = ConfigurationProvider.Build(showDrafts, false, new LookUpEngine(log)); return(app.Init(appIdentity, buildConfig, false, log)); }