public MobileAppAuthenticationHandlerTests()
{
this.config = new HttpConfiguration();
this.tokenHandler = new MobileAppTokenHandler(this.config);
this.loggerMock = new Mock <ILogger>();
this.handlerMock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, this.tokenHandler);
}
public MobileAppTokenHandlerTests()
{
this.config = new HttpConfiguration();
this.tokenHandlerMock = new Mock <MobileAppTokenHandler>(this.config)
{
CallBase = true
};
this.tokenHandler = this.tokenHandlerMock.Object;
this.credentials = new FacebookCredentials
{
UserId = "Facebook:1234",
AccessToken = "abc123"
};
}
private static JwtSecurityToken GetTestToken(string secretKey)
{
Claim[] claims = new Claim[]
{
new Claim("uid", "Facebook:1234"),
new Claim(ClaimTypes.GivenName, "Frank"),
new Claim(ClaimTypes.Surname, "Miller"),
new Claim(ClaimTypes.Role, "Admin"),
new Claim("my_custom_claim", "MyClaimValue")
};
string zumoIssuerValue = "urn:microsoft:windows-azure:zumo";
TokenInfo info = MobileAppTokenHandler.CreateTokenFromClaims(claims, secretKey, zumoIssuerValue, zumoIssuerValue, null);
return(info.Token);
}
public void ValidateToken_PassesWithValidToken()
{
// Arrange
TimeSpan lifetime = new TimeSpan(24, 0, 0);
DateTime tokenCreationDate = DateTime.UtcNow;
DateTime tokenExpiryDate = tokenCreationDate + lifetime;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDate, tokenExpiryDate);
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
// Assert
MobileAppTokenHandler.ValidateToken(token.RawData, TestSecretKey);
}
public static IMobileAppTokenHandler GetMobileAppTokenHandler(this HttpConfiguration config)
{
if (config == null)
{
throw new ArgumentNullException("config");
}
IMobileAppTokenHandler handler;
if (!config.Properties.TryGetValue(ServiceTokenHandlerKey, out handler))
{
handler = new MobileAppTokenHandler(config);
config.Properties[ServiceTokenHandlerKey] = handler;
}
return(handler);
}
public void ValidateToken_ThrowsArgumentException_WithMalformedToken()
{
// Arrange
TimeSpan lifetime = new TimeSpan(24, 0, 0);
DateTime tokenCreationDate = DateTime.UtcNow;
DateTime tokenExpiryDate = tokenCreationDate + lifetime;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDate, tokenExpiryDate);
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
ArgumentException ex = Assert.Throws <ArgumentException>(() => MobileAppTokenHandler.ValidateToken(token.RawData + ".malformedbits.!.2.", TestSecretKey));
// Assert
Assert.Contains("IDX10708: 'System.IdentityModel.Tokens.JwtSecurityTokenHandler' cannot read this string", ex.Message, StringComparison.Ordinal);
}
private SecurityTokenDescriptor GetTestSecurityTokenDescriptor(DateTime tokenLifetimeStart, DateTime tokenLifetimeEnd)
{
List <Claim> claims = new List <Claim>()
{
new Claim("uid", this.credentials.UserId),
new Claim("ver", "2"),
};
byte[] signingKey = MobileAppTokenHandler.GetSigningKey(TestSecretKey);
BinarySecretSecurityToken signingToken = new BinarySecretSecurityToken(signingKey);
SigningCredentials signingCredentials = new SigningCredentials(new InMemorySymmetricSecurityKey(signingToken.GetKeyBytes()), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256");
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor
{
AppliesToAddress = MobileAppTokenHandler.ZumoAudienceValue,
TokenIssuerName = MobileAppTokenHandler.ZumoIssuerValue,
SigningCredentials = signingCredentials,
Lifetime = new Lifetime(tokenLifetimeStart, tokenLifetimeEnd),
Subject = new ClaimsIdentity(claims),
};
return(tokenDescriptor);
}
public void ValidateToken_ThrowsSecurityTokenValidationException_WhenIssuerIsBlank()
{
// Arrange
TimeSpan lifetime = new TimeSpan(24, 0, 0);
DateTime tokenCreationDate = DateTime.UtcNow;
DateTime tokenExpiryDate = tokenCreationDate + lifetime;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDate, tokenExpiryDate);
tokenDescriptor.TokenIssuerName = string.Empty;
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
SecurityTokenInvalidIssuerException ex = Assert.Throws <SecurityTokenInvalidIssuerException>(() => MobileAppTokenHandler.ValidateToken(token.RawData, TestSecretKey));
// Assert
Assert.Contains("IDX10211: Unable to validate issuer. The 'issuer' parameter is null or whitespace", ex.Message, StringComparison.Ordinal);
}
public void ValidateToken_ThrowsSecurityTokenValidationException_WhenTokenExpired()
{
// Arrange
TimeSpan lifetime = new TimeSpan(0, 0, 1);
DateTime tokenCreationDate = DateTime.UtcNow + new TimeSpan(-1, 0, 0);
DateTime tokenExpiryDate = tokenCreationDate + lifetime;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDate, tokenExpiryDate);
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
System.Threading.Thread.Sleep(1000);
SecurityTokenExpiredException ex = Assert.Throws <SecurityTokenExpiredException>(() =>
MobileAppTokenHandler.ValidateToken(token.RawData, TestSecretKey));
// Assert
Assert.Contains("IDX10223: Lifetime validation failed. The token is expired", ex.Message, StringComparison.Ordinal);
}
public void ValidateToken_ThrowsSecurityTokenValidationException_WhenValidFromIsAfterCurrentTime()
{
// Arrange
TimeSpan lifetimeFiveMinute = new TimeSpan(0, 5, 0);
DateTime tokenCreationDateInFuture = DateTime.UtcNow + new TimeSpan(1, 0, 0);
DateTime tokenExpiryDate = tokenCreationDateInFuture + lifetimeFiveMinute;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDateInFuture, tokenExpiryDate);
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
// Assert
SecurityTokenNotYetValidException ex = Assert.Throws <SecurityTokenNotYetValidException>(() =>
MobileAppTokenHandler.ValidateToken(token.RawData, TestSecretKey));
Assert.Contains("IDX10222: Lifetime validation failed. The token is not yet valid", ex.Message, StringComparison.Ordinal);
}
