diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-11-11 20:41:08 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-11-11 20:41:08 -0800 |
| commit | 31376a37a587523c5b80dbcf3f21b26f1a6bcb76 (patch) | |
| tree | 67a143e64a7983390fe4ae6f5105130bb90ad667 | |
| parent | 5575ed58c0b9d0c6b0c19eace2a8af4c8666c5eb (diff) | |
| download | DotNetOpenAuth-31376a37a587523c5b80dbcf3f21b26f1a6bcb76.zip DotNetOpenAuth-31376a37a587523c5b80dbcf3f21b26f1a6bcb76.tar.gz DotNetOpenAuth-31376a37a587523c5b80dbcf3f21b26f1a6bcb76.tar.bz2 | |
Adds more token decoding tests.
| -rw-r--r-- | src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs | 5 | ||||
| -rw-r--r-- | src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs | 70 |
2 files changed, 65 insertions, 10 deletions
diff --git a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs index f43a349..b9e32fe 100644 --- a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs +++ b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs @@ -8,6 +8,7 @@ namespace DotNetOpenAuth.Test.OAuth2 { using System; using System.Collections.Generic; using System.Linq; + using System.Security.Cryptography; using System.Text; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.Messaging.Bindings; @@ -29,6 +30,8 @@ namespace DotNetOpenAuth.Test.OAuth2 { protected static readonly Uri ClientCallback = new Uri("http://client/callback"); + protected static readonly RSACryptoServiceProvider AsymmetricKey = new RSACryptoServiceProvider(512); + protected static readonly AuthorizationServerDescription AuthorizationServerDescription = new AuthorizationServerDescription { AuthorizationEndpoint = new Uri("https://authserver/authorize"), TokenEndpoint = new Uri("https://authserver/token"), @@ -55,7 +58,7 @@ namespace DotNetOpenAuth.Test.OAuth2 { MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))).Returns(true); string canonicalUserName = ResourceOwnerUsername; authHostMock.Setup(m => m.TryAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>(), out canonicalUserName)).Returns(true); - authHostMock.Setup(m => m.CreateAccessToken(It.IsAny<IAccessTokenRequest>())).Returns(new AccessTokenResult(new AuthorizationServerAccessToken())); + authHostMock.Setup(m => m.CreateAccessToken(It.IsAny<IAccessTokenRequest>())).Returns(new AccessTokenResult(new AuthorizationServerAccessToken() { AccessTokenSigningKey = AsymmetricKey })); return authHostMock; } } diff --git a/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs b/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs index 0ac31b5..97bae2a 100644 --- a/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs +++ b/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs @@ -11,18 +11,18 @@ namespace DotNetOpenAuth.Test.OAuth2 { using System.Linq; using System.Security.Cryptography; using System.Text; - using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2; - + using DotNetOpenAuth.OAuth2.ChannelElements; + using DotNetOpenAuth.OAuth2.Messages; + using Moq; using NUnit.Framework; [TestFixture] public class ResourceServerTests : OAuth2TestBase { [Test] public void GetAccessTokenWithMissingAccessToken() { - var rsa = new RSACryptoServiceProvider(512); - var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(rsa, rsa)); + var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null)); var requestHeaders = new NameValueCollection { { "Authorization", "Bearer " }, @@ -33,8 +33,7 @@ namespace DotNetOpenAuth.Test.OAuth2 { [Test] public void GetPrincipalWithMissingAccessToken() { - var rsa = new RSACryptoServiceProvider(512); - var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(rsa, rsa)); + var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null)); var requestHeaders = new NameValueCollection { { "Authorization", "Bearer " }, @@ -44,9 +43,8 @@ namespace DotNetOpenAuth.Test.OAuth2 { } [Test] - public void GetAccessTokenWithCorruptedToken() { - var rsa = new RSACryptoServiceProvider(512); - var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(rsa, rsa)); + public void GetAccessTokenWithTotallyFakeToken() { + var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null)); var requestHeaders = new NameValueCollection { { "Authorization", "Bearer foobar" }, @@ -54,5 +52,59 @@ namespace DotNetOpenAuth.Test.OAuth2 { var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders); Assert.That(() => resourceServer.GetAccessToken(request), Throws.InstanceOf<ProtocolException>()); } + + [Test] + public void GetAccessTokenWithCorruptedToken() { + var accessToken = this.ObtainValidAccessToken(); + + var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null)); + + var requestHeaders = new NameValueCollection { + { "Authorization", "Bearer " + accessToken + "zzz" }, + }; + var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders); + Assert.That(() => resourceServer.GetAccessToken(request), Throws.InstanceOf<ProtocolException>()); + } + + [Test] + public void GetAccessTokenWithValidToken() { + var accessToken = this.ObtainValidAccessToken(); + + var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null)); + + var requestHeaders = new NameValueCollection { + { "Authorization", "Bearer " + accessToken }, + }; + var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders); + var resourceServerDecodedToken = resourceServer.GetAccessToken(request); + Assert.That(resourceServerDecodedToken, Is.Not.Null); + } + + private string ObtainValidAccessToken() { + string accessToken = null; + var authServer = CreateAuthorizationServerMock(); + authServer.Setup( + a => a.IsAuthorizationValid(It.Is<IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))) + .Returns(true); + authServer.Setup( + a => a.TryAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))) + .Returns(true); + var coordinator = new OAuth2Coordinator<WebServerClient>( + AuthorizationServerDescription, + authServer.Object, + new WebServerClient(AuthorizationServerDescription), + client => { + var authState = client.GetClientAccessToken(TestScopes); + Assert.That(authState.AccessToken, Is.Not.Null.And.Not.Empty); + Assert.That(authState.RefreshToken, Is.Null); + accessToken = authState.AccessToken; + }, + server => { + server.HandleTokenRequest().Respond(); + }); + coordinator.Run(); + + return accessToken; + } } } |