public void MismatchTokenBetweenUsersWhenUserSignedRequestThrows()
{
IAppIdentity commonAppIdentity = DelegatedAppIdentity.Master;
IUserIdentity userIdentityMaster = RecognizedUserIdentity.Master;
IDelegatedApp clientAppMaster = DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(commonAppIdentity)
.Authenticate(userIdentityMaster)
.GetClient();
Assert.That(clientAppMaster, Is.Not.Null);
Assert.That(clientAppMaster.AuthToken, Is.Not.Null);
Assert.That(clientAppMaster.AuthToken.Token, Is.Not.Null);
IUserIdentity userIdentityHelper = RecognizedUserIdentity.Helper;
IDelegatedApp clientAppHelper = DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(commonAppIdentity)
.Authenticate(userIdentityHelper)
.GetClient();
Assert.That(clientAppHelper, Is.Not.Null);
Assert.That(clientAppHelper.AuthToken, Is.Not.Null);
Assert.That(clientAppHelper.AuthToken.Token, Is.Not.Null);
IPayloadClaimsManager mismatchTokenClaimBehavior = InvalidTokenPayloadClaim.WithClaimBehavior(() => clientAppHelper.AuthToken.Token);
ServiceLocator.Instance.RegisterPayloadClaimsManager(mismatchTokenClaimBehavior);
AspenException exception = Assert.Throws <AspenException>(() => clientAppMaster.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15846"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("No coinciden los datos recibidos del token vs los valores esperados. ¿Se modificaron los valores en tránsito o está utilizando el ApiKey en otra aplicación?", exception.Message);
}
public void MismatchTokenWhenUserSignedRequestThrows()
{
IDelegatedApp client = this.GetDelegatedClient();
IAppIdentity appIdentityMaster = DelegatedAppIdentity.Master;
IUserIdentity userIdentityMaster = RecognizedUserIdentity.Master;
TestContext.CurrentContext.DatabaseHelper().EnsureMismatchUserAuthToken(appIdentityMaster.ApiKey, userIdentityMaster.DocType, userIdentityMaster.DocNumber, userIdentityMaster.Device.DeviceId);
AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15846"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("No coinciden los datos recibidos del token vs los valores esperados. ¿Se modificaron los valores en tránsito o está utilizando el ApiKey en otra aplicación?", exception.Message);
}
public void MismatchUsernameWhenUserSignedRequestThrows()
{
IDelegatedApp client = this.GetDelegatedClient();
IUserIdentity userIdentityHelper = RecognizedUserIdentity.Helper;
IPayloadClaimsManager mismatchUsernameClaimBehavior = InvalidUsernamePayloadClaim.WithClaimBehavior(() => $"{userIdentityHelper.DocType}-{userIdentityHelper.DocNumber}");
ServiceLocator.Instance.RegisterPayloadClaimsManager(mismatchUsernameClaimBehavior);
AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15846"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("No coinciden los datos recibidos del token vs los valores esperados. ¿Se modificaron los valores en tránsito o está utilizando el ApiKey en otra aplicación?", exception.Message);
}
public void NotFoundValidTokenWhenUserSignedRequestThrows()
{
IDelegatedApp client = this.GetDelegatedClient();
UserAuthToken authToken = client.AuthToken as UserAuthToken;
Assert.That(authToken, Is.Not.Null);
IAppIdentity appIdentity = DelegatedAppIdentity.Master;
IUserIdentity userIdentity = RecognizedUserIdentity.Master;
TestContext.CurrentContext.DatabaseHelper().RemoveUserAuthToken(appIdentity.ApiKey, userIdentity.DocType, userIdentity.DocNumber, authToken.DeviceId);
AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15847"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("No hay un token de autenticación vigente", exception.Message);
}
public void TokenProvidedExpiredWhenUserSignedRequestThrows()
{
IDelegatedApp client = this.GetDelegatedClient();
UserAuthToken authToken = client.AuthToken as UserAuthToken;
Assert.That(authToken, Is.Not.Null);
Assert.That(authToken.DeviceId, Is.Not.Empty);
Assert.That(authToken.Expired, Is.False);
IAppIdentity appIdentity = DelegatedAppIdentity.Master;
IUserIdentity userIdentity = RecognizedUserIdentity.Master;
TestContext.CurrentContext.DatabaseHelper().EnsureExpireUserAuthToken(appIdentity.ApiKey, userIdentity.DocType, userIdentity.DocNumber, authToken.DeviceId);
AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15848"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("El token de autenticación proporcionado ya venció", exception.Message);
}
public void UserLockoutThrows()
{
IUserIdentity userIdentity = RecognizedUserIdentity.Master;
TestContext.CurrentContext.DatabaseHelper().EnsureUserIsLocked(userIdentity.DocType, userIdentity.DocNumber);
AspenException exception = Assert.Throws <AspenException>(() =>
{
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(DelegatedAppIdentity.Master)
.Authenticate(userIdentity)
.GetClient();
});
Assert.That(exception.EventId, Is.EqualTo("97413"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("Usuario está bloqueado por superar el número máximo de intentos de sesión inválidos", exception.Message);
TestContext.CurrentContext.DatabaseHelper().EnsureUserIsNotLocked(userIdentity.DocType, userIdentity.DocNumber);
}
