public void OldAccessTokenTokenShouldNotPingSuccessfully()
{
// Authenticate and get an access token
var proxy1 = new AuthorisationProxy();
var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues();
var response = proxy1.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsNotNull(response.DataObject);
Assert.IsTrue(response.DataObject.IsSuccessfull);
var originalAccessToken = response.DataObject.AccessGrant.access_token;
// Refresh the access token so the old one becomes invalid
response = proxy1.RefreshAccessToken(response.DataObject.AccessGrant.refresh_token, scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsNotNull(response.DataObject);
Assert.IsTrue(response.DataObject.IsSuccessfull);
// Now try and authenicate and access a resource with the invalidated original access token which should fail.
var proxy2 = new AuthorisationProxy(originalAccessToken);
var pingResult = proxy2.AuthorisationPing();
Assert.IsNotNull(pingResult);
Assert.IsFalse(pingResult.IsSuccessfull);
//Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult.StatusCode);
Assert.AreEqual(HttpStatusCode.Unauthorized, pingResult.StatusCode);
}
public static string SignInAndGetAccessToken()
{
var authProxy = new AuthorisationProxy();
var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues();
var authResponse = authProxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope);
Assert.IsTrue(authResponse.IsSuccessfull);
Assert.IsTrue(authResponse.DataObject.IsSuccessfull);
return authResponse.DataObject.AccessGrant.access_token;
}
public static string ToTextValue(this AuthorisationScope authScope)
{
if (authScope.ScopeType == AuthorisationScopeType.None)
{
return(string.Empty);
}
var scopeText = authScope.ScopeType.ToString().ToLowerInvariant();
if (!string.IsNullOrWhiteSpace(authScope.ScopeContext))
{
return(string.Format("{0}:{1}", scopeText, authScope.ScopeContext));
}
return(scopeText);
}
public static AuthorisationScope ToAuthorisationScope(this string scopeValue)
{
if (!string.IsNullOrWhiteSpace(scopeValue))
{
var lowerValue = scopeValue.ToLowerInvariant();
if (lowerValue == AuthorisationScopeValue.View)
{
return(new AuthorisationScope {
ScopeType = AuthorisationScopeType.View
});
}
if (lowerValue == AuthorisationScopeValue.Delete)
{
return(new AuthorisationScope {
ScopeType = AuthorisationScopeType.Delete
});
}
if (lowerValue == AuthorisationScopeValue.Modify)
{
return(new AuthorisationScope {
ScopeType = AuthorisationScopeType.Modify
});
}
if (lowerValue == AuthorisationScopeValue.Full)
{
return(new AuthorisationScope {
ScopeType = AuthorisationScopeType.Full
});
}
if (lowerValue.StartsWith(AuthorisationScopeValue.FileId))
{
var scope = new AuthorisationScope {
ScopeType = AuthorisationScopeType.FileId
};
int index = lowerValue.IndexOf(':');
if (index >= 0)
{
var scopeContext = lowerValue.Substring(index + 1, lowerValue.Length - (index + 1));
scope.ScopeContext = scopeContext;
}
return(scope);
}
}
return(new AuthorisationScope {
ScopeType = AuthorisationScopeType.None
});
}
public void PasswordCredentialsGrantShouldSucceed()
{
var proxy = new AuthorisationProxy();
var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType= AuthorisationScopeType.Full} }.ToTextValues();
var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword,scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsNotNull(response.DataObject);
Assert.IsTrue(response.DataObject.IsSuccessfull);
Assert.IsNotNull(response.DataObject.AccessGrant);
Assert.IsNotNull(response.DataObject.AccessGrant.access_token);
Assert.IsNotNull(response.DataObject.AccessGrant.refresh_token);
Assert.IsNotNull(response.DataObject.AccessGrant.token_type);
Assert.IsNotNull(response.DataObject.AccessGrant.scope);
Assert.IsTrue(response.DataObject.AccessGrant.scope.Contains(AuthorisationScopeValue.FileId));
var returnedScope = response.DataObject.AccessGrant.scope.ToScopeArray();
Assert.IsNotNull(returnedScope);
Assert.IsTrue(returnedScope.Length > 0);
Assert.IsTrue(returnedScope.Count(s => s.ScopeType == AuthorisationScopeType.FileId) > 0, "Access response should contain at least 1 valid FileId applicable to user in the scope");
}
public static AuthorisationScope ToAuthorisationScope(this string scopeValue)
{
if (!string.IsNullOrWhiteSpace(scopeValue))
{
var lowerValue = scopeValue.ToLowerInvariant();
if (lowerValue == AuthorisationScopeValue.View)
{
return new AuthorisationScope { ScopeType = AuthorisationScopeType.View };
}
if (lowerValue == AuthorisationScopeValue.Delete)
{
return new AuthorisationScope { ScopeType = AuthorisationScopeType.Delete};
}
if (lowerValue == AuthorisationScopeValue.Modify)
{
return new AuthorisationScope { ScopeType = AuthorisationScopeType.Modify};
}
if (lowerValue == AuthorisationScopeValue.Full)
{
return new AuthorisationScope { ScopeType = AuthorisationScopeType.Full};
}
if (lowerValue.StartsWith(AuthorisationScopeValue.FileId))
{
var scope = new AuthorisationScope { ScopeType = AuthorisationScopeType.FileId };
int index = lowerValue.IndexOf(':');
if (index >= 0)
{
var scopeContext = lowerValue.Substring(index + 1, lowerValue.Length - (index + 1));
scope.ScopeContext = scopeContext;
}
return scope;
}
}
return new AuthorisationScope { ScopeType = AuthorisationScopeType.None};
}
public void ShouldBeAbleToRefreshValidAccessToken()
{
var proxy = new AuthorisationProxy();
var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues();
var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword,scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsTrue(response.DataObject.IsSuccessfull);
proxy.BearerToken = response.DataObject.AccessGrant.access_token;
var pingResult = proxy.AuthorisationPing();
Assert.IsNotNull(pingResult);
Assert.IsTrue(pingResult.IsSuccessfull);
// Now ask for a refresh token
var proxy2 = new AuthorisationProxy();
var refreshResponse = proxy2.RefreshAccessToken(response.DataObject.AccessGrant.refresh_token, scope);
Assert.IsNotNull(refreshResponse);
Assert.IsTrue(refreshResponse.IsSuccessfull);
//Assert.AreNotEqual<string>(response.DataObject.AccessGrant.access_token, refreshResponse.DataObject.AccessGrant.access_token);
//Assert.AreEqual<string>(response.DataObject.AccessGrant.refresh_token, refreshResponse.DataObject.AccessGrant.refresh_token);
Assert.AreNotEqual(response.DataObject.AccessGrant.access_token, refreshResponse.DataObject.AccessGrant.access_token);
Assert.AreEqual(response.DataObject.AccessGrant.refresh_token, refreshResponse.DataObject.AccessGrant.refresh_token);
// Now check the access token after refresh works
var proxy3 = new AuthorisationProxy(refreshResponse.DataObject.AccessGrant.access_token);
var pingResult2 = proxy3.AuthorisationPing();
Assert.IsNotNull(pingResult2);
Assert.IsTrue(pingResult2.IsSuccessfull);
// And finally ensure the previous access token (before refresh is invalid)
var proxy4 = new AuthorisationProxy(response.DataObject.AccessGrant.access_token);
var pingResult3 = proxy4.AuthorisationPing();
Assert.IsNotNull(pingResult3);
Assert.IsFalse(pingResult3.IsSuccessfull);
//Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult3.StatusCode);
Assert.AreEqual(HttpStatusCode.Unauthorized, pingResult3.StatusCode);
}
public void ValidBearerTokenShouldPingSuccessfully()
{
var proxy = new AuthorisationProxy();
var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues();
var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword,scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsTrue(response.DataObject.IsSuccessfull);
proxy.BearerToken = response.DataObject.AccessGrant.access_token;
var pingResult = proxy.AuthorisationPing();
Assert.IsNotNull(pingResult);
Assert.IsTrue(pingResult.IsSuccessfull);
}
public void ValidBearerTokenButNoFileIdShouldFailWhenMakingApiCall()
{
var proxy = new AuthorisationProxy();
var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues();
var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsTrue(response.DataObject.IsSuccessfull);
proxy.BearerToken = response.DataObject.AccessGrant.access_token;
var contactProxy = new ContactsProxy(response.DataObject.AccessGrant.access_token);
contactProxy.FileId = 0; // invalid file id so it should fail.
var contactResponse = contactProxy.GetContacts();
Assert.IsNotNull(contactResponse, "No response returned wwhen access contacts resource");
Assert.IsFalse(contactResponse.IsSuccessfull, "Expected GET Contacts to fail as used an invalid File Id");
Assert.AreEqual(contactResponse.StatusCode, HttpStatusCode.Unauthorized, "Expected Unauthorized status code as used an invalid FileId");
}
public void ShouldNotBeAbleToUseRefreshTokenToAccessApi()
{
var proxy = new AuthorisationProxy();
var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues();
var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsTrue(response.DataObject.IsSuccessfull);
var contactProxy = new ContactsProxy(response.DataObject.AccessGrant.refresh_token);
var contactResponse = contactProxy.GetContacts();
Assert.IsNotNull(contactResponse, "No response returned wwhen access contacts resource");
Assert.IsFalse(contactResponse.IsSuccessfull, "Expected GET Contacts to fail used refreshToken instead of access token to access API");
Assert.AreEqual(contactResponse.StatusCode, HttpStatusCode.Unauthorized, "Expected Unauthorised Status code as used an invalid access token");
// And now just reverify that we can access via the access token
contactProxy.BearerToken = response.DataObject.AccessGrant.access_token;
contactResponse = contactProxy.GetContacts();
Assert.IsNotNull(contactResponse, "No response returned wwhen access contacts resource");
Assert.IsTrue(contactResponse.IsSuccessfull, "Expected GET Contacts to succeed since we used valid accessToken to access API");
}
