public static Tuple <ServerWithAuthorizationCode, ResourceOwner> GetCredentialsFromAuthorizationRedirect(this IWebOperationContext context) { var code = context.IncomingRequest.UriTemplateMatch.QueryParameters.Get("code"); var state = context.IncomingRequest.UriTemplateMatch.QueryParameters.Get("state"); if (string.IsNullOrEmpty(code)) { throw new InvalidAuthorizationRequestException("the query parameters 'code' is not set."); } if (string.IsNullOrEmpty(state)) { throw new InvalidAuthorizationRequestException("the query parameters 'state' is not set."); } if (!state.Contains("_")) { throw new InvalidAuthorizationRequestException("the query parameters 'state' must be of type '<GUID of Server>_<GUID of ResourceOwner>'"); } var states = state.Split('_'); var server = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(new Guid(states[0])); var resourceOwner = ResourceOwners.GetResourceOwner(new Guid(states[1])); var token = Tokens.GetToken(server, resourceOwner); token.AuthorizationCode = code; return(new Tuple <ServerWithAuthorizationCode, ResourceOwner>(server, resourceOwner)); }
public void GetAuthorizationCodeViaUserAgentAndRequestProtectedResource() { //TODO: webrequest mocken // diesen dann mit "Pseudo"-Auth-Code ausstatten, die SetToken(server, incommingRequest) => resoruceOwner // und die WebRequest.Authorize(server, resourceOwner) anschubsen // dabei müssen die UserCredentials richtig gesetzt sein var resourceOwnertmp = ResourceOwners.GetResourceOwner(_resourceOwnerName); var servertmp = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(_clientId, _authorizationRequestUri, _accessTokenRequestUri, _redirectionUri); var mockContext = new Mock <IWebOperationContext> { DefaultValue = DefaultValue.Mock }; mockContext.SetupAllProperties(); var context = mockContext.Object; context.IncomingRequest.UriTemplateMatch.RequestUri = _redirectionUri; context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("code", "Splx10BeZQQYbYS6WxSbIA"); context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("state", servertmp.Guid.ToString() + "_" + resourceOwnertmp.Guid.ToString()); var tuple = context.GetCredentialsFromAuthorizationRedirect(); var server = tuple.Item1; var resourceOwner = tuple.Item2; server.Should().Be(servertmp); resourceOwner.Should().Be(resourceOwner); var webRequest = resourceOwner.GetSignedRequestFor(server, "http://example.com/ProtectedResource");; //Test ob WebRequest richtig unterschrieben wurde Assert.Fail("Test is not completed yet"); }
public void GetServer() { ServersWithAuthorizationCode.CleanUpForTests(); var server1 = ServersWithAuthorizationCode.Add("myfunnyid", "myfunnysecret", new Uri("http://example.com/AuthorizationRequest"), new Uri("http://example.com/AccessRequest"), new Uri("http://example.com/RedirectionUri")); var server2 = ServersWithAuthorizationCode.Add("myfunnyid2", "myfunnysecret", new Uri("http://example.com/AuthorizationRequest2"), new Uri("http://example.com/AccessRequest2"), new Uri("http://example.com/RedirectionUri2")); server2.Version = Server.OAuthVersion.v2_22; var server1Result = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(server1.Guid); Assert.AreEqual(server1, server1Result); Assert.IsTrue(ServersWithAuthorizationCode.ServerWithAuthorizationCodeExists(server1.Guid)); var server2Result = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(server2.ClientId, server2.AuthorizationRequestUri, server2.AccessTokenRequestUri, server2.RedirectionUri); Assert.AreEqual(server2, server2Result); Assert.IsTrue(ServersWithAuthorizationCode.ServerWithAuthorizationCodeExists(server2.ClientId, server2.AuthorizationRequestUri, server2.AccessTokenRequestUri, server2.RedirectionUri)); var resourceOwnerNull = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(Guid.NewGuid()); Assert.IsNull(resourceOwnerNull); Assert.IsFalse(ServersWithAuthorizationCode.ServerWithAuthorizationCodeExists(Guid.NewGuid())); }
public void DisposeAndLoad() { ServersWithAuthorizationCode.CleanUpForTests(); var server1 = ServersWithAuthorizationCode.Add("server1", "afunnysecret", new Uri("http://example.org/uri1"), new Uri("http://example.org/uri2"), new Uri("http://example.org/uri3"), new List <String>() { "scopedmaskl", "scope2" }); ServersWithAuthorizationCode.Add("server2", "afunnysecret", new Uri("http://example.org/uri4"), new Uri("http://example.org/uri5"), new Uri("http://example.org/uri6")); ServersWithAuthorizationCode.SaveToIsoStore(); ServersWithAuthorizationCode.LoadFromIsoStore(); var server = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(server1.Guid); server.Should().NotBeNull(); server.ClientId.Should().Be("server1"); server.AuthorizationRequestUri.ToString().Should().Be("http://example.org/uri1"); server.AccessTokenRequestUri.ToString().Should().Be("http://example.org/uri2"); server.RedirectionUri.ToString().Should().Be("http://example.org/uri3"); server.Scopes.FirstOrDefault(item => item == "scopedmaskl").Should().NotBeNull(); server.Scopes.FirstOrDefault(item => item == "scope2").Should().NotBeNull(); var serverNull = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(Guid.NewGuid()); serverNull.Should().BeNull(); }
public void CreateServerAndUsersAndGetCorrectRedirectToAuthorizationRequest() { // Spec v2-22 4.1.1 var resourceOwner = ResourceOwners.GetResourceOwner(_resourceOwnerName); var server = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(_clientId, _authorizationRequestUri, _accessTokenRequestUri, _redirectionUri); var mockContext = new Mock <IWebOperationContext> { DefaultValue = DefaultValue.Mock }; mockContext.SetupAllProperties(); resourceOwner.AuthorizesMeToAccessTo(server).Should().BeFalse(); var context = mockContext.Object; context.RedirectToAuthorization(server, resourceOwner); context.OutgoingResponse.StatusCode.Should().Be(HttpStatusCode.Redirect); context.OutgoingResponse.Location.Should().NotBeNullOrEmpty(); }