public void TokenNotSeparatedBy3Parts()
{
HttpRequestMessage request = new HttpRequestMessage();
request.Headers.Add("Authorization", "Bearer abc");
var tokenRequest = helper.GetRequestObject(request);
Assert.IsNotNull(tokenRequest.Errors);
Assert.AreEqual(2, tokenRequest.Errors.Count);
Assert.AreEqual(Constants.Messages.JsonWebTokenParserError, tokenRequest.Errors[1].Message);
Assert.AreEqual(Constants.Messages.TokenFormatError, tokenRequest.Errors[0].Message);
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
Trace.TraceInformation("Enter JWT Authorize attribute.");
if (actionContext == null)
{
throw new ArgumentNullException(Constants.Parameters.ActionContext);
}
var api = GetApi(actionContext.Request.RequestUri.LocalPath);
Trace.TraceInformation($"localpath:{actionContext.Request.RequestUri.LocalPath}");
JsonWebTokenHelper helper = new JsonWebTokenHelper(new ConfigurationService(), api);
Trace.TraceInformation("Call Getrequest object");
var request = helper.GetRequestObject(actionContext.Request);
Trace.TraceInformation("GetRequestObject - success");
//presence of errors indicate bad request
if (request.Errors != null && request.Errors.Count > 0)
{
Trace.TraceWarning("Bad Request Header: Error while parsing the request object");
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
ReasonPhrase = Constants.Messages.JsonWebTokenParserError
};
return;
}
//check token validation flags
if (!request.HeaderAlgorithmValid ||
!request.HeaderTypeValid ||
!request.IssuedAtTimeValid ||
!request.NotBeforetimeValid ||
!request.SignatureValid ||
!request.ExpiryValid)
{
Trace.TraceWarning("Bad Request: One or more information is missing in the token or signature didn't match.");
Trace.TraceWarning("Type:{0},Algorithm:{1},IatValid:{2},NbfValid:{3},SignValid:{4},Expiry:{5}"
, request.HeaderTypeValid
, request.HeaderAlgorithmValid
, request.IssuedAtTimeValid
, request.NotBeforetimeValid
, request.SignatureValid
, request.ExpiryValid);
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
ReasonPhrase = Constants.Messages.JsonWebTokenExpiredOrNoMatch
};
return;
}
}
private HttpResponseMessage ValidateMessage(Payload payload)
{
JsonWebTokenHelper helper = new JsonWebTokenHelper(this.configurationService, Api.Caching);
var request = helper.GetRequestObject(payload);
if (request.Errors != null && request.Errors.Count > 0)
{
Trace.TraceWarning("Bad Request Header: Error while parsing the request object");
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
ReasonPhrase = Constants.Messages.JsonWebTokenParserError
});
}
//check token validation flags
if (!request.HeaderAlgorithmValid ||
!request.HeaderTypeValid ||
!request.IssuedAtTimeValid ||
!request.NotBeforetimeValid ||
!request.SignatureValid ||
!request.ExpiryValid)
{
Trace.TraceWarning("Bad Request: One or more information is missing in the token or signature didn't match.");
Trace.TraceWarning("Type:{0},Algorithm:{1},IatValid:{2},NbfValid:{3},SignValid:{4},Expiry:{5}"
, request.HeaderTypeValid
, request.HeaderAlgorithmValid
, request.IssuedAtTimeValid
, request.NotBeforetimeValid
, request.SignatureValid
, request.ExpiryValid);
return(new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
ReasonPhrase = Constants.Messages.JsonWebTokenExpiredOrNoMatch
});
}
return(null);
}