public void Doesnt_allow_sending_invalid_APIKeys() { var client = new JsonServiceClient(ListeningOn) { Credentials = new NetworkCredential("InvalidKey", ""), }; var request = new Secured { Name = "live" }; try { var response = client.Send(request); Assert.Fail("Should throw"); } catch (WebServiceException ex) { Assert.That(ex.ResponseStatus.ErrorCode, Is.EqualTo("NotFound")); Assert.That(ex.ResponseStatus.Message, Is.EqualTo("ApiKey does not exist")); Assert.That(ex.ResponseStatus.StackTrace, Is.Not.Null); } }
public void Can_not_access_Secure_service_with_invalidated_token() { var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProvider.Name); var token = jwtProvider.CreateJwtBearerToken(new AuthUserSession { UserAuthId = "1", DisplayName = "Test", Email = "*****@*****.**" }); var client = GetClientWithBearerToken(token); var request = new Secured { Name = "test" }; var response = client.Send(request); Assert.That(response.Result, Is.EqualTo(request.Name)); jwtProvider.InvalidateTokensIssuedBefore = DateTime.UtcNow.AddSeconds(1); try { response = client.Send(request); Assert.Fail("Should throw"); } catch (WebServiceException ex) { Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized)); Assert.That(ex.ErrorCode, Is.EqualTo(typeof(TokenException).Name)); } finally { jwtProvider.InvalidateTokensIssuedBefore = null; } }
public void Can_Authenticate_with_ApiKeyAuth_SessionCacheDuration() { apiProvider.SessionCacheDuration = TimeSpan.FromSeconds(60); var client = GetClientWithBearerToken(ApiKey); var request = new Secured { Name = "test" }; var response = client.Send(request); Assert.That(response.Result, Is.EqualTo(request.Name)); //Does not preserve UserSession var newClient = GetClient(); newClient.SetSessionId(client.GetSessionId()); try { response = newClient.Send(request); Assert.Fail("Should throw"); } catch (WebServiceException webEx) { Assert.That(webEx.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized)); } var cachedSession = appHost.GetCacheClient(null).Get <IAuthSession>(ApiKeyAuthProvider.GetSessionKey(ApiKey)); Assert.That(cachedSession.IsAuthenticated); //Can call multiple times using cached UserSession response = client.Send(request); Assert.That(response.Result, Is.EqualTo(request.Name)); apiProvider.SessionCacheDuration = null; }
public void Authenticating_once_with_CredentialsAuth_does_establish_auth_session() { var client = GetClient(); try { client.Send(new Authenticate()); Assert.Fail("Should throw"); } catch (WebServiceException ex) { Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized)); } client.Post(new Authenticate { provider = "credentials", UserName = Username, Password = Password, }); client.Send(new Authenticate()); var request = new Secured { Name = "test" }; var response = client.Send(request); Assert.That(response.Result, Is.EqualTo(request.Name)); var newClient = GetClient(); newClient.SetSessionId(client.GetSessionId()); response = newClient.Send(request); Assert.That(response.Result, Is.EqualTo(request.Name)); }
public void Authenticating_once_with_ApiKeyAuth_BearerToken_does_not_establish_auth_session() { var client = GetClientWithBearerToken(ApiKey); var request = new Secured { Name = "test" }; var response = client.Send(request); Assert.That(response.Result, Is.EqualTo(request.Name)); var newClient = GetClient(); newClient.SetSessionId(client.GetSessionId()); try { response = newClient.Send(request); Assert.Fail("Should throw"); } catch (WebServiceException webEx) { Assert.That(webEx.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized)); } }
public void Doesnt_allow_using_expired_keys() { var client = new JsonServiceClient(ListeningOn) { Credentials = new NetworkCredential(ApiKey, ""), }; var authResponse = client.Get(new Authenticate()); var apiKeys = apiRepo.GetUserApiKeys(authResponse.UserId) .Where(x => x.Environment == "test") .ToList(); var oldApiKey = apiKeys[0].Id; client = new JsonServiceClient(ListeningOn) { BearerToken = oldApiKey, }; //Key IsValid var request = new Secured { Name = "live" }; var response = client.Send(request); Assert.That(response.Result, Is.EqualTo(request.Name)); apiKeys[0].ExpiryDate = DateTime.UtcNow.AddMinutes(-1); apiRepo.StoreAll(new[] { apiKeys[0] }); try { //Key is no longer valid client.Get(new GetApiKeys { Environment = "test" }); Assert.Fail("Should throw"); } catch (WebServiceException ex) { Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Forbidden)); } client = new JsonServiceClient(ListeningOn) { Credentials = new NetworkCredential(ApiKey, ""), }; var regenResponse = client.Send(new RegenerateApiKeys { Environment = "test" }); //Change to new Valid Key client.BearerToken = regenResponse.Results[0].Key; var apiKeyResponse = client.Get(new GetApiKeys { Environment = "test" }); Assert.That(regenResponse.Results.Map(x => x.Key), Is.EquivalentTo( apiKeyResponse.Results.Map(x => x.Key))); }