summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.Test/OAuth2
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth.Test/OAuth2')
-rw-r--r--src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs183
-rw-r--r--src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs5
-rw-r--r--src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs4
-rw-r--r--src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs32
4 files changed, 216 insertions, 8 deletions
diff --git a/src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs b/src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs
index 3791e28..e8f7172 100644
--- a/src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs
+++ b/src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs
@@ -9,8 +9,11 @@ namespace DotNetOpenAuth.Test.OAuth2 {
using System.Collections.Generic;
using System.Linq;
using System.Text;
+ using System.Threading.Tasks;
using DotNetOpenAuth.OAuth2;
+ using DotNetOpenAuth.OAuth2.ChannelElements;
using DotNetOpenAuth.OAuth2.Messages;
+ using Moq;
using NUnit.Framework;
/// <summary>
@@ -28,8 +31,7 @@ namespace DotNetOpenAuth.Test.OAuth2 {
AuthorizationServerMock,
new UserAgentClient(AuthorizationServerDescription),
client => {
- var request = new AccessTokenAuthorizationCodeRequestC(AuthorizationServerDescription)
- { ClientIdentifier = ClientId, ClientSecret = ClientSecret, AuthorizationCode = "foo" };
+ var request = new AccessTokenAuthorizationCodeRequestC(AuthorizationServerDescription) { ClientIdentifier = ClientId, ClientSecret = ClientSecret, AuthorizationCode = "foo" };
var response = client.Channel.Request<AccessTokenFailedResponse>(request);
Assert.That(response.Error, Is.Not.Null.And.Not.Empty);
@@ -40,5 +42,182 @@ namespace DotNetOpenAuth.Test.OAuth2 {
});
coordinator.Run();
}
+
+ [Test]
+ public void DecodeRefreshToken() {
+ var refreshTokenSource = new TaskCompletionSource<string>();
+ var coordinator = new OAuth2Coordinator<WebServerClient>(
+ AuthorizationServerDescription,
+ AuthorizationServerMock,
+ new WebServerClient(AuthorizationServerDescription),
+ client => {
+ try {
+ var authState = new AuthorizationState(TestScopes) {
+ Callback = ClientCallback,
+ };
+ client.PrepareRequestUserAuthorization(authState).Respond();
+ var result = client.ProcessUserAuthorization();
+ Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
+ Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty);
+ refreshTokenSource.SetResult(result.RefreshToken);
+ } catch {
+ refreshTokenSource.TrySetCanceled();
+ }
+ },
+ server => {
+ var request = server.ReadAuthorizationRequest();
+ Assert.That(request, Is.Not.Null);
+ server.ApproveAuthorizationRequest(request, ResourceOwnerUsername);
+ server.HandleTokenRequest().Respond();
+ var authorization = server.DecodeRefreshToken(refreshTokenSource.Task.Result);
+ Assert.That(authorization, Is.Not.Null);
+ Assert.That(authorization.User, Is.EqualTo(ResourceOwnerUsername));
+ });
+ coordinator.Run();
+ }
+
+ [Test]
+ public void ResourceOwnerScopeOverride() {
+ var clientRequestedScopes = new[] { "scope1", "scope2" };
+ var serverOverriddenScopes = new[] { "scope1", "differentScope" };
+ var authServerMock = CreateAuthorizationServerMock();
+ authServerMock
+ .Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
+ .Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
+ var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
+ response.ApprovedScope.Clear();
+ response.ApprovedScope.UnionWith(serverOverriddenScopes);
+ return response;
+ });
+ var coordinator = new OAuth2Coordinator<WebServerClient>(
+ AuthorizationServerDescription,
+ authServerMock.Object,
+ new WebServerClient(AuthorizationServerDescription),
+ client => {
+ var authState = new AuthorizationState(TestScopes) {
+ Callback = ClientCallback,
+ };
+ var result = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, clientRequestedScopes);
+ Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
+ },
+ server => {
+ server.HandleTokenRequest().Respond();
+ });
+ coordinator.Run();
+ }
+
+ [Test]
+ public void CreateAccessTokenSeesAuthorizingUserResourceOwnerGrant() {
+ var authServerMock = CreateAuthorizationServerMock();
+ authServerMock
+ .Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
+ .Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
+ var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
+ Assert.That(req.UserName, Is.EqualTo(ResourceOwnerUsername));
+ return response;
+ });
+ var coordinator = new OAuth2Coordinator<WebServerClient>(
+ AuthorizationServerDescription,
+ authServerMock.Object,
+ new WebServerClient(AuthorizationServerDescription),
+ client => {
+ var authState = new AuthorizationState(TestScopes) {
+ Callback = ClientCallback,
+ };
+ var result = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, TestScopes);
+ Assert.That(result.AccessToken, Is.Not.Null);
+ },
+ server => {
+ server.HandleTokenRequest().Respond();
+ });
+ coordinator.Run();
+ }
+
+ [Test]
+ public void CreateAccessTokenSeesAuthorizingUserClientCredentialGrant() {
+ var authServerMock = CreateAuthorizationServerMock();
+ authServerMock
+ .Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny<IAccessTokenRequest>()))
+ .Returns<IAccessTokenRequest>(req => {
+ Assert.That(req.UserName, Is.Null);
+ return new AutomatedAuthorizationCheckResponse(req, true);
+ });
+ var coordinator = new OAuth2Coordinator<WebServerClient>(
+ AuthorizationServerDescription,
+ authServerMock.Object,
+ new WebServerClient(AuthorizationServerDescription),
+ client => {
+ var authState = new AuthorizationState(TestScopes) {
+ Callback = ClientCallback,
+ };
+ var result = client.GetClientAccessToken(TestScopes);
+ Assert.That(result.AccessToken, Is.Not.Null);
+ },
+ server => {
+ server.HandleTokenRequest().Respond();
+ });
+ coordinator.Run();
+ }
+
+ [Test]
+ public void CreateAccessTokenSeesAuthorizingUserAuthorizationCodeGrant() {
+ var authServerMock = CreateAuthorizationServerMock();
+ authServerMock
+ .Setup(a => a.IsAuthorizationValid(It.IsAny<IAuthorizationDescription>()))
+ .Returns<IAuthorizationDescription>(req => {
+ Assert.That(req.User, Is.EqualTo(ResourceOwnerUsername));
+ return true;
+ });
+ var coordinator = new OAuth2Coordinator<WebServerClient>(
+ AuthorizationServerDescription,
+ authServerMock.Object,
+ new WebServerClient(AuthorizationServerDescription),
+ client => {
+ var authState = new AuthorizationState(TestScopes) {
+ Callback = ClientCallback,
+ };
+ client.PrepareRequestUserAuthorization(authState).Respond();
+ var result = client.ProcessUserAuthorization();
+ Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
+ Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty);
+ },
+ server => {
+ var request = server.ReadAuthorizationRequest();
+ Assert.That(request, Is.Not.Null);
+ server.ApproveAuthorizationRequest(request, ResourceOwnerUsername);
+ server.HandleTokenRequest().Respond();
+ });
+ coordinator.Run();
+ }
+
+ [Test]
+ public void ClientCredentialScopeOverride() {
+ var clientRequestedScopes = new[] { "scope1", "scope2" };
+ var serverOverriddenScopes = new[] { "scope1", "differentScope" };
+ var authServerMock = CreateAuthorizationServerMock();
+ authServerMock
+ .Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny<IAccessTokenRequest>()))
+ .Returns<IAccessTokenRequest>(req => {
+ var response = new AutomatedAuthorizationCheckResponse(req, true);
+ response.ApprovedScope.Clear();
+ response.ApprovedScope.UnionWith(serverOverriddenScopes);
+ return response;
+ });
+ var coordinator = new OAuth2Coordinator<WebServerClient>(
+ AuthorizationServerDescription,
+ authServerMock.Object,
+ new WebServerClient(AuthorizationServerDescription),
+ client => {
+ var authState = new AuthorizationState(TestScopes) {
+ Callback = ClientCallback,
+ };
+ var result = client.GetClientAccessToken(clientRequestedScopes);
+ Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
+ },
+ server => {
+ server.HandleTokenRequest().Respond();
+ });
+ coordinator.Run();
+ }
}
}
diff --git a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
index b9e32fe..395b18c 100644
--- a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
+++ b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
@@ -56,8 +56,9 @@ namespace DotNetOpenAuth.Test.OAuth2 {
d =>
d.ClientIdentifier == ClientId && d.User == ResourceOwnerUsername &&
MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))).Returns(true);
- string canonicalUserName = ResourceOwnerUsername;
- authHostMock.Setup(m => m.TryAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>(), out canonicalUserName)).Returns(true);
+ authHostMock
+ .Setup(m => m.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
+ .Returns<string, string, IAccessTokenRequest>((p1, p2, p3) => new AutomatedUserAuthorizationCheckResponse(p3, true, ResourceOwnerUsername));
authHostMock.Setup(m => m.CreateAccessToken(It.IsAny<IAccessTokenRequest>())).Returns(new AccessTokenResult(new AuthorizationServerAccessToken() { AccessTokenSigningKey = AsymmetricKey }));
return authHostMock;
}
diff --git a/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs b/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs
index a4d09de..80a8392 100644
--- a/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs
+++ b/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs
@@ -87,8 +87,8 @@ namespace DotNetOpenAuth.Test.OAuth2 {
a => a.IsAuthorizationValid(It.Is<IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns(true);
authServer.Setup(
- a => a.TryAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
- .Returns(true);
+ a => a.CheckAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
+ .Returns<IAccessTokenRequest>(req => new AutomatedAuthorizationCheckResponse(req, true));
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServer.Object,
diff --git a/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs b/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs
index 9a9c078..8b8b29c 100644
--- a/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs
+++ b/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs
@@ -84,8 +84,8 @@ namespace DotNetOpenAuth.Test.OAuth2 {
a => a.IsAuthorizationValid(It.Is<IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns(true);
authServer.Setup(
- a => a.TryAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
- .Returns(true);
+ a => a.CheckAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
+ .Returns<IAccessTokenRequest>(req => new AutomatedAuthorizationCheckResponse(req, true));
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServer.Object,
@@ -102,6 +102,34 @@ namespace DotNetOpenAuth.Test.OAuth2 {
}
[Test]
+ public void GetClientAccessTokenReturnsApprovedScope() {
+ string[] approvedScopes = new[] { "Scope2", "Scope3" };
+ var authServer = CreateAuthorizationServerMock();
+ authServer.Setup(
+ a => a.IsAuthorizationValid(It.Is<IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
+ .Returns(true);
+ authServer.Setup(
+ a => a.CheckAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
+ .Returns<IAccessTokenRequest>(req => {
+ var response = new AutomatedAuthorizationCheckResponse(req, true);
+ response.ApprovedScope.ResetContents(approvedScopes);
+ return response;
+ });
+ var coordinator = new OAuth2Coordinator<WebServerClient>(
+ AuthorizationServerDescription,
+ authServer.Object,
+ new WebServerClient(AuthorizationServerDescription),
+ client => {
+ var authState = client.GetClientAccessToken(TestScopes);
+ Assert.That(authState.Scope, Is.EquivalentTo(approvedScopes));
+ },
+ server => {
+ server.HandleTokenRequest().Respond();
+ });
+ coordinator.Run();
+ }
+
+ [Test]
public void CreateAuthorizingHandlerBearer() {
var client = new WebServerClient(AuthorizationServerDescription);
string bearerToken = "mytoken";
generated by cgit v1.1 at 2025-06-08 21:25:39 +0000