public static Tuple <ServerWithAuthorizationCode, ResourceOwner> GetCredentialsFromAuthorizationRedirect(this IWebOperationContext context)
{
var code = context.IncomingRequest.UriTemplateMatch.QueryParameters.Get("code");
var state = context.IncomingRequest.UriTemplateMatch.QueryParameters.Get("state");
if (string.IsNullOrEmpty(code))
{
throw new InvalidAuthorizationRequestException("the query parameters 'code' is not set.");
}
if (string.IsNullOrEmpty(state))
{
throw new InvalidAuthorizationRequestException("the query parameters 'state' is not set.");
}
if (!state.Contains("_"))
{
throw new InvalidAuthorizationRequestException("the query parameters 'state' must be of type '<GUID of Server>_<GUID of ResourceOwner>'");
}
var states = state.Split('_');
var server = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(new Guid(states[0]));
var resourceOwner = ResourceOwners.GetResourceOwner(new Guid(states[1]));
var token = Tokens.GetToken(server, resourceOwner);
token.AuthorizationCode = code;
return(new Tuple <ServerWithAuthorizationCode, ResourceOwner>(server, resourceOwner));
}
public void GetAuthorizationCodeViaUserAgentAndRequestProtectedResource()
{
//TODO: webrequest mocken
// diesen dann mit "Pseudo"-Auth-Code ausstatten, die SetToken(server, incommingRequest) => resoruceOwner
// und die WebRequest.Authorize(server, resourceOwner) anschubsen
// dabei müssen die UserCredentials richtig gesetzt sein
var resourceOwnertmp = ResourceOwners.GetResourceOwner(_resourceOwnerName);
var servertmp = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(_clientId, _authorizationRequestUri, _accessTokenRequestUri, _redirectionUri);
var mockContext = new Mock <IWebOperationContext> {
DefaultValue = DefaultValue.Mock
};
mockContext.SetupAllProperties();
var context = mockContext.Object;
context.IncomingRequest.UriTemplateMatch.RequestUri = _redirectionUri;
context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("code", "Splx10BeZQQYbYS6WxSbIA");
context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("state", servertmp.Guid.ToString() + "_" + resourceOwnertmp.Guid.ToString());
var tuple = context.GetCredentialsFromAuthorizationRedirect();
var server = tuple.Item1;
var resourceOwner = tuple.Item2;
server.Should().Be(servertmp);
resourceOwner.Should().Be(resourceOwner);
var webRequest = resourceOwner.GetSignedRequestFor(server, "http://example.com/ProtectedResource");;
//Test ob WebRequest richtig unterschrieben wurde
Assert.Fail("Test is not completed yet");
}
public void GetServer()
{
ServersWithAuthorizationCode.CleanUpForTests();
var server1 = ServersWithAuthorizationCode.Add("myfunnyid",
"myfunnysecret",
new Uri("http://example.com/AuthorizationRequest"),
new Uri("http://example.com/AccessRequest"),
new Uri("http://example.com/RedirectionUri"));
var server2 = ServersWithAuthorizationCode.Add("myfunnyid2",
"myfunnysecret",
new Uri("http://example.com/AuthorizationRequest2"),
new Uri("http://example.com/AccessRequest2"),
new Uri("http://example.com/RedirectionUri2"));
server2.Version = Server.OAuthVersion.v2_22;
var server1Result = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(server1.Guid);
Assert.AreEqual(server1, server1Result);
Assert.IsTrue(ServersWithAuthorizationCode.ServerWithAuthorizationCodeExists(server1.Guid));
var server2Result = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(server2.ClientId, server2.AuthorizationRequestUri, server2.AccessTokenRequestUri, server2.RedirectionUri);
Assert.AreEqual(server2, server2Result);
Assert.IsTrue(ServersWithAuthorizationCode.ServerWithAuthorizationCodeExists(server2.ClientId, server2.AuthorizationRequestUri, server2.AccessTokenRequestUri, server2.RedirectionUri));
var resourceOwnerNull = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(Guid.NewGuid());
Assert.IsNull(resourceOwnerNull);
Assert.IsFalse(ServersWithAuthorizationCode.ServerWithAuthorizationCodeExists(Guid.NewGuid()));
}
public void DisposeAndLoad()
{
ServersWithAuthorizationCode.CleanUpForTests();
var server1 = ServersWithAuthorizationCode.Add("server1", "afunnysecret", new Uri("http://example.org/uri1"), new Uri("http://example.org/uri2"), new Uri("http://example.org/uri3"), new List <String>()
{
"scopedmaskl", "scope2"
});
ServersWithAuthorizationCode.Add("server2", "afunnysecret", new Uri("http://example.org/uri4"), new Uri("http://example.org/uri5"), new Uri("http://example.org/uri6"));
ServersWithAuthorizationCode.SaveToIsoStore();
ServersWithAuthorizationCode.LoadFromIsoStore();
var server = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(server1.Guid);
server.Should().NotBeNull();
server.ClientId.Should().Be("server1");
server.AuthorizationRequestUri.ToString().Should().Be("http://example.org/uri1");
server.AccessTokenRequestUri.ToString().Should().Be("http://example.org/uri2");
server.RedirectionUri.ToString().Should().Be("http://example.org/uri3");
server.Scopes.FirstOrDefault(item => item == "scopedmaskl").Should().NotBeNull();
server.Scopes.FirstOrDefault(item => item == "scope2").Should().NotBeNull();
var serverNull = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(Guid.NewGuid());
serverNull.Should().BeNull();
}
public void CreateServerAndUsersAndGetCorrectRedirectToAuthorizationRequest()
{
// Spec v2-22 4.1.1
var resourceOwner = ResourceOwners.GetResourceOwner(_resourceOwnerName);
var server = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(_clientId, _authorizationRequestUri,
_accessTokenRequestUri,
_redirectionUri);
var mockContext = new Mock <IWebOperationContext> {
DefaultValue = DefaultValue.Mock
};
mockContext.SetupAllProperties();
resourceOwner.AuthorizesMeToAccessTo(server).Should().BeFalse();
var context = mockContext.Object;
context.RedirectToAuthorization(server, resourceOwner);
context.OutgoingResponse.StatusCode.Should().Be(HttpStatusCode.Redirect);
context.OutgoingResponse.Location.Should().NotBeNullOrEmpty();
}
