public async Task DefaultSecurityToken_V1_ValidatedDontGetUserInfoClaim() { var testEmail = "*****@*****.**"; var vippsLoginService = A.Fake <IVippsLoginService>(); A.CallTo(() => vippsLoginService.GetVippsUserInfo(A <ClaimsIdentity> ._)) .Returns(new VippsUserInfo { Email = testEmail }); // No contact with subject guid var vippsCommerceService = A.Fake <IVippsLoginCommerceService>(); A.CallTo(() => vippsCommerceService.FindCustomerContact(A <Guid> ._)) .Returns(null); var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), vippsLoginService, vippsCommerceService, A.Fake <IVippsLoginSanityCheck>(), GetMapUserKey(testEmail) ); var context = CreateContext(); await notifications.DefaultSecurityTokenValidated(context); A.CallTo(() => vippsLoginService.GetUserInfoClaims(A <string> ._, A <string> ._)) .MustNotHaveHappened(); }
public async Task DefaultSecurityTokenValidatedSetsEmailAsNameClaim() { var testEmail = "*****@*****.**"; var vippsCommerceService = A.Fake <IVippsLoginCommerceService>(); A.CallTo(() => vippsCommerceService.FindCustomerContact(A <Guid> ._)) .Returns(new CustomerContact() { UserId = testEmail }); var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), A.Fake <IVippsLoginService>(), vippsCommerceService, A.Fake <IVippsLoginSanityCheck>(), GetMapUserKey(testEmail) ); var context = CreateContext(); await notifications.DefaultSecurityTokenValidated(context); Assert.True( context.AuthenticationTicket.Identity.HasClaim( context.AuthenticationTicket.Identity.NameClaimType, testEmail) ); }
public async Task DefaultSecurityTokenValidatedThrowsIfNoUserIdFound() { var testEmail = "*****@*****.**"; var vippsLoginService = A.Fake <IVippsLoginService>(); // No contact with subject guid var vippsCommerceService = A.Fake <IVippsLoginCommerceService>(); A.CallTo(() => vippsCommerceService.FindCustomerContact(A <Guid> ._)) .Returns(null); var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), vippsLoginService, vippsCommerceService, A.Fake <IVippsLoginSanityCheck>(), GetMapUserKey(testEmail) ); var context = CreateContext(); var exception = await Assert.ThrowsAsync <VippsLoginException>(async() => await notifications.DefaultSecurityTokenValidated(context)); }
public async Task DefaultSecurityTokenThrowsIfNoLinkedAccountFound() { var linkAccountGuid = Guid.NewGuid(); var testEmail = "*****@*****.**"; var vippsCommerceService = A.Fake <IVippsLoginCommerceService>(); A.CallTo(() => vippsCommerceService.FindCustomerContactByLinkAccountToken(linkAccountGuid)) .Returns(null); A.CallTo(() => vippsCommerceService.FindCustomerContact(A <Guid> ._)) .Returns(null); var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), A.Fake <IVippsLoginService>(), vippsCommerceService, A.Fake <IVippsLoginSanityCheck>(), GetMapUserKey(testEmail) ); var context = CreateContext(); context.AuthenticationTicket.Properties.Dictionary.Add(VippsConstants.LinkAccount, linkAccountGuid.ToString()); var exception = await Assert.ThrowsAsync <VippsLoginLinkAccountException>(async() => await notifications.DefaultSecurityTokenValidated(context)); Assert.False(exception.UserError); }
public async Task DefaultSecurityTokenValidatedSetsLinkedAccountEmailAsNameClaim() { var linkAccountGuid = Guid.NewGuid(); var testEmail = "*****@*****.**"; var vippsCommerceService = A.Fake <IVippsLoginCommerceService>(); A.CallTo(() => vippsCommerceService.FindCustomerContactByLinkAccountToken(linkAccountGuid)) .Returns(new CustomerContact() { UserId = testEmail }); A.CallTo(() => vippsCommerceService.FindCustomerContact(A <Guid> ._)) .Returns(null); var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), A.Fake <IVippsLoginService>(), vippsCommerceService, A.Fake <IVippsLoginSanityCheck>(), GetMapUserKey(testEmail) ); var context = CreateContext(); context.AuthenticationTicket.Properties.Dictionary.Add(VippsConstants.LinkAccount, linkAccountGuid.ToString()); await notifications.DefaultSecurityTokenValidated(context); Assert.True( context.AuthenticationTicket.Identity.HasClaim( context.AuthenticationTicket.Identity.NameClaimType, testEmail) ); }
public async Task RedirectToIdentityProviderDoesNotReturn403ForLinkAccount() { var notifications = new VippsEpiNotifications( A.Fake <HttpClient>(), A.Fake <ISynchronizingUserService>(), A.Fake <IVippsLoginService>(), A.Fake <IVippsLoginCommerceService>(), A.Fake <IVippsLoginSanityCheck>(), A.Fake <MapUserKey>()); var configurationManager = A.Fake <IConfigurationManager <OpenIdConnectConfiguration> >(); A.CallTo(() => configurationManager.GetConfigurationAsync(A <CancellationToken> ._)) .Returns(new OpenIdConnectConfiguration()); var context = A.Fake <IOwinContext>(); var response = new OwinResponse() { StatusCode = 401 }; A.CallTo(() => context.Response).Returns(response); var request = A.Fake <IOwinRequest>(); A.CallTo(() => request.Uri).ReturnsLazily(() => new Uri("https://test.com/asdf")); A.CallTo(() => context.Request).Returns(request); var properties = new AuthenticationProperties(); properties.Dictionary.Add(VippsConstants.LinkAccount, VippsConstants.LinkAccount); A.CallTo(() => context.Authentication.AuthenticationResponseChallenge) .Returns(new AuthenticationResponseChallenge(new[] { "" }, properties)); var notification = new RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>( context, new VippsOpenIdConnectAuthenticationOptions("clientId", "clientSecret", "authority") { ConfigurationManager = configurationManager }) { ProtocolMessage = new OpenIdConnectMessage() }; await notifications.RedirectToIdentityProvider(notification); Assert.NotEqual(403, response.StatusCode); }
public async Task DefaultSecurityTokenValidatedSetsFirstCustomerAsNameClaim() { var testEmail = "*****@*****.**"; var testPhoneNumber = "0612345678"; var vippsLoginService = A.Fake <IVippsLoginService>(); A.CallTo(() => vippsLoginService.GetVippsUserInfo(A <ClaimsIdentity> ._)) .Returns(new VippsUserInfo { Email = testEmail, PhoneNumber = testPhoneNumber }); // No contact with subject guid var vippsCommerceService = A.Fake <IVippsLoginCommerceService>(); A.CallTo(() => vippsCommerceService.FindCustomerContact(A <Guid> ._)) .Returns(null); // Find with phone or by email A.CallTo(() => vippsCommerceService.FindCustomerContacts(testEmail, testPhoneNumber)) .Returns(new[] { new CustomerContact { UserId = testEmail } }); var sanityCheck = A.Fake <IVippsLoginSanityCheck>(); A.CallTo(() => sanityCheck.IsValidContact(A <CustomerContact> ._, A <VippsUserInfo> ._)) .Returns(true); var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), vippsLoginService, vippsCommerceService, sanityCheck, GetMapUserKey(testEmail) ); var context = CreateContext(); await notifications.DefaultSecurityTokenValidated(context); Assert.True( context.AuthenticationTicket.Identity.HasClaim( context.AuthenticationTicket.Identity.NameClaimType, testEmail) ); }
public async Task DefaultSecurityTokenValidatedRewritesRedirectUriToLocal() { var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), A.Fake <IVippsLoginService>(), A.Fake <IVippsLoginCommerceService>(), A.Fake <IVippsLoginSanityCheck>(), A.Fake <MapUserKey>() ); var context = CreateContext(); await notifications.DefaultSecurityTokenValidated(context); Assert.Equal("/redirect-url", context.AuthenticationTicket.Properties.RedirectUri); }
public async Task DefaultSecurityTokenValidatedThrowsIfUserInfoIsNull() { var vippsLoginService = A.Fake <IVippsLoginService>(); A.CallTo(() => vippsLoginService.GetVippsUserInfo(A <ClaimsIdentity> ._)).Returns(null); var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), vippsLoginService, A.Fake <IVippsLoginCommerceService>(), A.Fake <IVippsLoginSanityCheck>(), A.Fake <MapUserKey>() ); await Assert.ThrowsAsync <VippsLoginException>(async() => await notifications.DefaultSecurityTokenValidated(CreateContext())); }
public async Task RedirectToIdentityProviderReturns403() { var notifications = new VippsEpiNotifications( A.Fake <HttpClient>(), A.Fake <ISynchronizingUserService>(), A.Fake <IVippsLoginService>(), A.Fake <IVippsLoginCommerceService>(), A.Fake <IVippsLoginSanityCheck>(), A.Fake <MapUserKey>()); var configurationManager = A.Fake <IConfigurationManager <OpenIdConnectConfiguration> >(); A.CallTo(() => configurationManager.GetConfigurationAsync(A <CancellationToken> ._)) .Returns(new OpenIdConnectConfiguration()); var context = A.Fake <IOwinContext>(); var response = new OwinResponse() { StatusCode = 401 }; A.CallTo(() => context.Response).Returns(response); var request = A.Fake <IOwinRequest>(); A.CallTo(() => request.Uri).ReturnsLazily(() => new Uri("https://test.com/asdf")); A.CallTo(() => context.Request).Returns(request); var user = A.Fake <ClaimsPrincipal>(); A.CallTo(() => context.Authentication.User).Returns(user); A.CallTo(() => user.Identity.IsAuthenticated).Returns(true); var notification = new RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>( context, new VippsOpenIdConnectAuthenticationOptions("clientId", "clientSecret", "authority") { ConfigurationManager = configurationManager }) { ProtocolMessage = new OpenIdConnectMessage() }; await notifications.RedirectToIdentityProvider(notification); Assert.Equal(403, response.StatusCode); }
public async Task DefaultSecurityTokenValidated_V2_GetUserInfoClaims() { var testEmail = "*****@*****.**"; var testClaimName = "testClaimName"; var testClaimValue = "testClaimValue"; var vippsLoginService = A.Fake <IVippsLoginService>(); A.CallTo(() => vippsLoginService.GetUserInfoClaims(A <string> ._, A <string> ._)) .Returns(Task.FromResult <IEnumerable <Claim> >(new List <Claim> { new Claim(testClaimName, testClaimValue) })); A.CallTo(() => vippsLoginService.GetVippsUserInfo(A <ClaimsIdentity> ._)) .Returns(new VippsUserInfo { Email = testEmail }); // No contact with subject guid var vippsCommerceService = A.Fake <IVippsLoginCommerceService>(); A.CallTo(() => vippsCommerceService.FindCustomerContact(A <Guid> ._)) .Returns(null); var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), vippsLoginService, vippsCommerceService, A.Fake <IVippsLoginSanityCheck>(), GetMapUserKey(testEmail) ); var context = CreateContext(scope: VippsScopes.ApiV2); await notifications.DefaultSecurityTokenValidated(context); A.CallTo(() => vippsLoginService.GetUserInfoClaims(A <string> ._, A <string> ._)) .MustHaveHappenedOnceExactly(); Assert.True( context.AuthenticationTicket.Identity.HasClaim( testClaimName, testClaimValue) ); }
public async Task DefaultSecurityTokenValidatedThrowsIfSanityCheckFails() { var testEmail = "*****@*****.**"; var testPhoneNumber = "0612345678"; var vippsLoginService = A.Fake <IVippsLoginService>(); A.CallTo(() => vippsLoginService.GetVippsUserInfo(A <ClaimsIdentity> ._)) .Returns(new VippsUserInfo { Email = testEmail, PhoneNumber = testPhoneNumber }); // No contact with subject guid var vippsCommerceService = A.Fake <IVippsLoginCommerceService>(); A.CallTo(() => vippsCommerceService.FindCustomerContact(A <Guid> ._)) .Returns(null); // Find with phone or by email A.CallTo(() => vippsCommerceService.FindCustomerContacts(testEmail, testPhoneNumber)) .Returns(new[] { new CustomerContact { UserId = testEmail } }); // Failing sanity check var sanityCheck = A.Fake <IVippsLoginSanityCheck>(); A.CallTo(() => sanityCheck.IsValidContact(A <CustomerContact> ._, A <VippsUserInfo> ._)) .Returns(false); var notifications = new VippsEpiNotifications( A.Fake <ISynchronizingUserService>(), vippsLoginService, vippsCommerceService, sanityCheck, GetMapUserKey(testEmail) ); var context = CreateContext(); await Assert.ThrowsAsync <VippsLoginSanityCheckException>(async() => await notifications.DefaultSecurityTokenValidated(context)); }