public void CannotUpdateOtherUsersClaims() { HttpResponseMessage response = null !; "When updating user claims".x( async() => { var updateRequest = new UpdateResourceOwnerClaimsRequest { Subject = "user", Claims = new[] { new ClaimData { Type = "test", Value = "something" } } }; var json = JsonConvert.SerializeObject(updateRequest); var request = new HttpRequestMessage { Content = new StringContent(json, Encoding.UTF8, "application/json"), Method = HttpMethod.Post, RequestUri = new Uri(_fixture.Server.BaseAddress + "resource_owners/claims") }; request.Headers.Authorization = new AuthenticationHeaderValue( "Bearer", _administratorToken.AccessToken); response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); }); "Then is bad request".x(() => { Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); }); }
public static UpdateResourceOwnerClaimsParameter ToParameter(this UpdateResourceOwnerClaimsRequest request) { if (request == null) { throw new ArgumentNullException(nameof(request)); } return(new UpdateResourceOwnerClaimsParameter { Login = request.Login, Claims = request.Claims }); }
public async Task <ActionResult> UpdateClaims([FromBody] UpdateResourceOwnerClaimsRequest updateResourceOwnerClaimsRequest) { if (updateResourceOwnerClaimsRequest == null) { return(BuildError(ErrorCodes.InvalidRequestCode, "no parameter in body request", HttpStatusCode.BadRequest)); } await _resourceOwnerActions.UpdateResourceOwnerClaims(updateResourceOwnerClaimsRequest.ToParameter()); await _representationManager.AddOrUpdateRepresentationAsync(this, StoreNames.GetResourceOwner + updateResourceOwnerClaimsRequest.Login, false); return(new OkResult()); }
public void CanUpdateOwnClaimsAndRefresh() { HttpResponseMessage response = null !; "When updating user claims".x( async() => { var updateRequest = new UpdateResourceOwnerClaimsRequest { Subject = "administrator", Claims = new[] { new ClaimData { Type = "added_claim_test", Value = "something" } } }; var json = JsonConvert.SerializeObject(updateRequest); var request = new HttpRequestMessage { Content = new StringContent(json, Encoding.UTF8, "application/json"), Method = HttpMethod.Post, RequestUri = new Uri(_fixture.Server.BaseAddress + "resource_owners/claims") }; request.Headers.Authorization = new AuthenticationHeaderValue( "Bearer", _administratorToken.AccessToken); response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); }); "Then is ok request".x(() => { Assert.Equal(HttpStatusCode.OK, response.StatusCode); }); "and has new token".x( async() => { var updatedToken = await response.Content.ReadAsStringAsync().ConfigureAwait(false); Assert.NotNull(updatedToken); }); "When refreshing token, then has updated claims".x( async() => { var result = await _tokenClient .GetToken(TokenRequest.FromRefreshToken(_administratorToken.RefreshToken)) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(result.Item); var handler = new JwtSecurityTokenHandler(); var token = handler.ReadToken(result.Item.AccessToken) as JwtSecurityToken; Assert.Contains(token.Claims, c => c.Type == "added_claim_test" && c.Value == "something"); }); }
public async Task <BaseResponse> ExecuteAsync(Uri resourceOwnerUri, UpdateResourceOwnerClaimsRequest updateResourceOwnerClaimsRequest, string authorizationHeaderValue = null) { if (resourceOwnerUri == null) { throw new ArgumentNullException(nameof(resourceOwnerUri)); } if (updateResourceOwnerClaimsRequest == null) { throw new ArgumentNullException(nameof(updateResourceOwnerClaimsRequest)); } var httpClient = _httpClientFactory.GetHttpClient(); var serializedJson = JsonConvert.SerializeObject(updateResourceOwnerClaimsRequest).ToString(); var body = new StringContent(serializedJson, Encoding.UTF8, "application/json"); var request = new HttpRequestMessage { Method = HttpMethod.Put, RequestUri = resourceOwnerUri, Content = body }; if (!string.IsNullOrWhiteSpace(authorizationHeaderValue)) { request.Headers.Add("Authorization", "Bearer " + authorizationHeaderValue); } var httpResult = await httpClient.SendAsync(request); var content = await httpResult.Content.ReadAsStringAsync().ConfigureAwait(false); try { httpResult.EnsureSuccessStatusCode(); } catch (Exception) { return(new BaseResponse { ContainsError = true, Error = JsonConvert.DeserializeObject <ErrorResponse>(content), HttpStatus = httpResult.StatusCode }); } return(new BaseResponse()); }
public void CanUpdateOwnClaimsTwoTimes() { HttpResponseMessage response = null !; "When updating user claims".x( async() => { var updateRequest = new UpdateResourceOwnerClaimsRequest { Subject = "administrator", Claims = new[] { new ClaimData { Type = "added_claim_test", Value = "something" } } }; var json = JsonConvert.SerializeObject(updateRequest); var request = new HttpRequestMessage { Content = new StringContent(json, Encoding.UTF8, "application/json"), Method = HttpMethod.Post, RequestUri = new Uri(_fixture.Server.BaseAddress + "resource_owners/claims") }; request.Headers.Authorization = new AuthenticationHeaderValue( "Bearer", _administratorToken.AccessToken); response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); }); "Then is ok response".x( async() => { var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false); _administratorToken = JsonConvert.DeserializeObject <GrantedTokenResponse>(json); Assert.Equal(HttpStatusCode.OK, response.StatusCode); }); "and when updating second time".x( async() => { var updateRequest = new UpdateResourceOwnerClaimsRequest { Subject = "administrator", Claims = new[] { new ClaimData { Type = "added_claim_test2", Value = "something" } } }; var json = JsonConvert.SerializeObject(updateRequest); var request = new HttpRequestMessage { Content = new StringContent(json, Encoding.UTF8, "application/json"), Method = HttpMethod.Post, RequestUri = new Uri(_fixture.Server.BaseAddress + "resource_owners/claims") }; request.Headers.Authorization = new AuthenticationHeaderValue( "Bearer", _administratorToken.AccessToken); response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); }); "Then is also ok response".x(() => { Assert.Equal(HttpStatusCode.OK, response.StatusCode); }); }
public void CanUpdateOwnClaimsAndLogInAgain() { HttpResponseMessage response = null !; GrantedTokenResponse updatedToken = null !; GrantedTokenResponse newToken = null !; "When updating user claims".x( async() => { var updateRequest = new UpdateResourceOwnerClaimsRequest { Subject = "administrator", Claims = new[] { new ClaimData { Type = "added_claim_test", Value = "something" } } }; var json = JsonConvert.SerializeObject(updateRequest); var request = new HttpRequestMessage { Content = new StringContent(json, Encoding.UTF8, "application/json"), Method = HttpMethod.Post, RequestUri = new Uri(_fixture.Server.BaseAddress + "resource_owners/claims") }; request.Headers.Authorization = new AuthenticationHeaderValue( "Bearer", _administratorToken.AccessToken); response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); }); "Then is ok request".x(() => { Assert.Equal(HttpStatusCode.OK, response.StatusCode); }); "and has new token".x( async() => { var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false); updatedToken = JsonConvert.DeserializeObject <GrantedTokenResponse>(json); Assert.NotNull(updatedToken); }); "When logging out".x( async() => { var result = await _tokenClient.RevokeToken(RevokeTokenRequest.Create(updatedToken)) .ConfigureAwait(false); Assert.IsType <Option.Success>(result); }); "and logging in again".x( async() => { var result = await _tokenClient .GetToken(TokenRequest.FromPassword("administrator", "password", new[] { "manager" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(result); newToken = result.Item; }); "then gets updated claim in token".x( () => { var handler = new JwtSecurityTokenHandler(); var updatedJwt = handler.ReadJwtToken(updatedToken.AccessToken); var newJwt = handler.ReadJwtToken(newToken.AccessToken); Assert.Equal( updatedJwt.Claims.First(x => x.Type == "added_claim_test").Value, newJwt.Claims.First(x => x.Type == "added_claim_test").Value); }); }
public async Task <BaseResponse> ResolveUpdateClaims(Uri wellKnownConfigurationUri, UpdateResourceOwnerClaimsRequest request, string authorizationHeaderValue = null) { var configuration = await _configurationClient.GetConfiguration(wellKnownConfigurationUri).ConfigureAwait(false); return(await _updateResourceOwnerClaimsOperation.ExecuteAsync(new Uri(configuration.Content.ResourceOwnersEndpoint + "/claims"), request, authorizationHeaderValue).ConfigureAwait(false)); }
public void SuccessfulResourceOwnerClaimsUpdate() { TokenClient client = null !; GrantedTokenResponse tokenResponse = null !; HttpResponseMessage updateResponse = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromBasicAuthentication("client", "client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid", "offline" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; tokenResponse = response.Item; }); "and valid access token is received".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(tokenResponse.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "and updating own claims".x( async() => { var updateRequest = new UpdateResourceOwnerClaimsRequest { Subject = "user", Claims = new[] { new ClaimData { Type = "test", Value = "something" } } }; var json = JsonConvert.SerializeObject(updateRequest); var request = new HttpRequestMessage { Content = new StringContent(json, Encoding.UTF8, "application/json"), Method = HttpMethod.Post, RequestUri = new Uri(_fixture.Server.BaseAddress + "resource_owners/claims") }; request.Headers.Authorization = new AuthenticationHeaderValue( JwtBearerDefaults.AuthenticationScheme, tokenResponse.AccessToken); updateResponse = await _fixture.Client().SendAsync(request).ConfigureAwait(false); }); "then update is successful".x(() => { Assert.Equal(HttpStatusCode.OK, updateResponse.StatusCode); }); }