public async Task OnRedirectToIdentityProviderEventCanReplaceValues() { var newClientId = Guid.NewGuid().ToString(); var settings = new TestSettings( opts => { opts.ClientId = "Test Id"; opts.Authority = TestServerBuilder.DefaultAuthority; opts.Events = new OpenIdConnectEvents() { OnRedirectToIdentityProvider = context => { context.ProtocolMessage.ClientId = newClientId; return(Task.FromResult(0)); } }; } ); var server = settings.CreateTestServer(); var transaction = await server.SendAsync(ChallengeEndpoint); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); Assert.NotNull(res.Headers.Location); settings.ValidateChallengeRedirect( res.Headers.Location, OpenIdConnectParameterNames.ResponseType, OpenIdConnectParameterNames.ResponseMode, OpenIdConnectParameterNames.Scope, OpenIdConnectParameterNames.RedirectUri); var actual = res.Headers.Location.Query.Trim('?').Split('&').Single(seg => seg.StartsWith($"{OpenIdConnectParameterNames.ClientId}=")); Assert.Equal($"{OpenIdConnectParameterNames.ClientId}={newClientId}", actual); }
public async Task OnRedirectToIdentityProviderEventCanSetState(string userState) { var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest")); var settings = new TestSettings(opt => { opt.StateDataFormat = stateFormat; opt.ClientId = "Test Id"; opt.Authority = TestServerBuilder.DefaultAuthority; opt.Events = new OpenIdConnectEvents() { OnRedirectToIdentityProvider = context => { context.ProtocolMessage.State = userState; return(Task.FromResult(0)); } }; }); var server = settings.CreateTestServer(); var transaction = await server.SendAsync(ChallengeEndpoint); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); Assert.NotNull(res.Headers.Location); var values = settings.ValidateChallengeRedirect(res.Headers.Location); var actualState = values[OpenIdConnectParameterNames.State]; var actualProperties = stateFormat.Unprotect(actualState); if (userState != null) { Assert.Equal(userState, actualProperties.Items[OpenIdConnectDefaults.UserstatePropertiesKey]); } else { Assert.False(actualProperties.Items.ContainsKey(OpenIdConnectDefaults.UserstatePropertiesKey)); } }
public async Task RemoteSignOut_WithInvalidIssuer() { var settings = new TestSettings(o => { o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; o.Authority = TestServerBuilder.DefaultAuthority; o.ClientId = "Test Id"; }); var server = settings.CreateTestServer(handler: async context => { var claimsIdentity = new ClaimsIdentity("Cookies"); claimsIdentity.AddClaim(new Claim("iss", "test")); await context.SignInAsync(new ClaimsPrincipal(claimsIdentity)); }); var signInTransaction = await server.SendAsync(DefaultHost); var remoteSignOutTransaction = await server.SendAsync(DefaultHost + "/signout-oidc?iss=invalid", signInTransaction.AuthenticationCookieValue); Assert.Equal(HttpStatusCode.OK, remoteSignOutTransaction.Response.StatusCode); Assert.DoesNotContain(remoteSignOutTransaction.Response.Headers, h => h.Key == "Set-Cookie"); }
public async Task EndSessionRequestDoesNotIncludeTelemetryParametersWhenDisabled() { var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration(); var setting = new TestSettings(opt => { opt.ClientId = "Test Id"; opt.Configuration = configuration; opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; opt.DisableTelemetry = true; }); var server = setting.CreateTestServer(); var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); Assert.DoesNotContain(OpenIdConnectParameterNames.SkuTelemetry, res.Headers.Location.Query); Assert.DoesNotContain(OpenIdConnectParameterNames.VersionTelemetry, res.Headers.Location.Query); setting.ValidateSignoutRedirect(transaction.Response.Headers.Location); }
public async Task Challenge_HasOverwrittenMaxAgeParam() { var settings = new TestSettings(opt => { opt.ClientId = "Test Id"; opt.Authority = TestServerBuilder.DefaultAuthority; opt.MaxAge = TimeSpan.FromSeconds(500); }); var properties = new OpenIdConnectChallengeProperties() { MaxAge = TimeSpan.FromSeconds(1234), }; var server = settings.CreateTestServer(properties); var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); settings.ValidateChallengeRedirect(res.Headers.Location); Assert.Contains("max_age=1234", res.Headers.Location.Query); }
public async Task ChallengeDoesNotIncludePkceForOtherResponseTypes(string responseType) { var settings = new TestSettings( opt => { opt.Authority = TestServerBuilder.DefaultAuthority; opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet; opt.ResponseType = responseType; opt.ClientId = "Test Id"; opt.UsePkce = true; }); var server = settings.CreateTestServer(); var transaction = await server.SendAsync(ChallengeEndpoint); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); Assert.NotNull(res.Headers.Location); Assert.DoesNotContain("code_challenge=", res.Headers.Location.Query); Assert.DoesNotContain("code_challenge_method=", res.Headers.Location.Query); }
public async Task Challenge_HasOverwrittenScopeParamFromBaseAuthenticationProperties() { var settings = new TestSettings(opt => { opt.ClientId = "Test Id"; opt.Authority = TestServerBuilder.DefaultAuthority; opt.Scope.Clear(); opt.Scope.Add("foo"); opt.Scope.Add("bar"); }); var properties = new AuthenticationProperties(); properties.SetParameter(OpenIdConnectChallengeProperties.ScopeKey, new string[] { "baz", "qux" }); var server = settings.CreateTestServer(properties); var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); settings.ValidateChallengeRedirect(res.Headers.Location); Assert.Contains("scope=baz%20qux", res.Headers.Location.Query); }
public async Task RegularGetRequestToCallbackPathSkips() { // Arrange var settings = new TestSettings( opt => { opt.Authority = TestServerBuilder.DefaultAuthority; opt.CallbackPath = new PathString("/"); opt.SkipUnrecognizedRequests = true; opt.ClientId = "Test Id"; }); var server = settings.CreateTestServer(handler: async context => { await context.Response.WriteAsync("Hi from the callback path"); }); // Act var transaction = await server.SendAsync("/"); // Assert Assert.Equal("Hi from the callback path", transaction.ResponseText); }
public async Task OnRedirectToIdentityProviderEventCanReplaceMessage() { var newMessage = new MockOpenIdConnectMessage { IssuerAddress = "http://example.com/", TestAuthorizeEndpoint = $"http://example.com/{Guid.NewGuid()}/oauth2/signin" }; var settings = new TestSettings( opts => { opts.ClientId = "Test Id"; opts.Authority = TestServerBuilder.DefaultAuthority; opts.Events = new OpenIdConnectEvents() { OnRedirectToIdentityProvider = context => { context.ProtocolMessage = newMessage; return(Task.FromResult(0)); } }; } ); var server = settings.CreateTestServer(); var transaction = await server.SendAsync(ChallengeEndpoint); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); Assert.NotNull(res.Headers.Location); // The CreateAuthenticationRequestUrl method is overridden MockOpenIdConnectMessage where // query string is not generated and the authorization endpoint is replaced. Assert.Equal(newMessage.TestAuthorizeEndpoint, res.Headers.Location.AbsoluteUri); }
public async Task OnRedirectToIdentityProviderEventIsHit() { var eventIsHit = false; var settings = new TestSettings( opts => { opts.ClientId = "Test Id"; opts.Authority = TestServerBuilder.DefaultAuthority; opts.Events = new OpenIdConnectEvents() { OnRedirectToIdentityProvider = context => { eventIsHit = true; return(Task.FromResult(0)); } }; } ); var server = settings.CreateTestServer(); var transaction = await server.SendAsync(ChallengeEndpoint); Assert.True(eventIsHit); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); Assert.NotNull(res.Headers.Location); settings.ValidateChallengeRedirect( res.Headers.Location, OpenIdConnectParameterNames.ClientId, OpenIdConnectParameterNames.ResponseType, OpenIdConnectParameterNames.ResponseMode, OpenIdConnectParameterNames.Scope, OpenIdConnectParameterNames.RedirectUri); }