summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.Test
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth.Test')
-rw-r--r--src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj1
-rw-r--r--src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs41
-rw-r--r--src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs5
-rw-r--r--src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs110
4 files changed, 155 insertions, 2 deletions
diff --git a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
index b58aa17..189a569 100644
--- a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
+++ b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
@@ -249,6 +249,7 @@
<Compile Include="Mocks\TestMessageFactory.cs" />
<Compile Include="OAuth2\AuthorizationServerTests.cs" />
<Compile Include="OAuth2\MessageFactoryTests.cs" />
+ <Compile Include="OAuth2\ResourceServerTests.cs" />
<Compile Include="OAuth2\UserAgentClientAuthorizeTests.cs" />
<Compile Include="OAuth2\OAuth2Coordinator.cs" />
<Compile Include="OAuth2\OAuth2TestBase.cs" />
diff --git a/src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs b/src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs
index 5c3870c..8620b93 100644
--- a/src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs
+++ b/src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs
@@ -9,13 +9,17 @@ namespace DotNetOpenAuth.Test.Messaging {
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Diagnostics;
+ using System.Globalization;
using System.IO;
+ using System.Linq;
using System.Net;
+ using System.Net.Http;
using System.Text;
using System.Text.RegularExpressions;
using System.Web;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.Test.Mocks;
+ using Moq;
using NUnit.Framework;
[TestFixture]
@@ -63,6 +67,41 @@ namespace DotNetOpenAuth.Test.Messaging {
}
[Test]
+ public void AsHttpResponseMessage() {
+ var responseContent = new byte[10];
+ (new Random()).NextBytes(responseContent);
+ var responseStream = new MemoryStream(responseContent);
+ var outgoingResponse = new OutgoingWebResponse();
+ outgoingResponse.Headers.Add("X-SOME-HEADER", "value");
+ outgoingResponse.Headers.Add("Content-Length", responseContent.Length.ToString(CultureInfo.InvariantCulture));
+ outgoingResponse.ResponseStream = responseStream;
+
+ var httpResponseMessage = outgoingResponse.AsHttpResponseMessage();
+ Assert.That(httpResponseMessage, Is.Not.Null);
+ Assert.That(httpResponseMessage.Headers.GetValues("X-SOME-HEADER").ToList(), Is.EqualTo(new[] { "value" }));
+ Assert.That(
+ httpResponseMessage.Content.Headers.GetValues("Content-Length").ToList(),
+ Is.EqualTo(new[] { responseContent.Length.ToString(CultureInfo.InvariantCulture) }));
+ var actualContent = new byte[responseContent.Length + 1]; // give the opportunity to provide a bit more data than we expect.
+ var bytesRead = httpResponseMessage.Content.ReadAsStreamAsync().Result.Read(actualContent, 0, actualContent.Length);
+ Assert.That(bytesRead, Is.EqualTo(responseContent.Length)); // verify that only the data we expected came back.
+ var trimmedActualContent = new byte[bytesRead];
+ Array.Copy(actualContent, trimmedActualContent, bytesRead);
+ Assert.That(trimmedActualContent, Is.EqualTo(responseContent));
+ }
+
+ [Test]
+ public void AsHttpResponseMessageNoContent() {
+ var outgoingResponse = new OutgoingWebResponse();
+ outgoingResponse.Headers.Add("X-SOME-HEADER", "value");
+
+ var httpResponseMessage = outgoingResponse.AsHttpResponseMessage();
+ Assert.That(httpResponseMessage, Is.Not.Null);
+ Assert.That(httpResponseMessage.Headers.GetValues("X-SOME-HEADER").ToList(), Is.EqualTo(new[] { "value" }));
+ Assert.That(httpResponseMessage.Content, Is.Null);
+ }
+
+ [Test]
public void ToDictionary() {
NameValueCollection nvc = new NameValueCollection();
nvc["a"] = "b";
@@ -151,7 +190,7 @@ namespace DotNetOpenAuth.Test.Messaging {
var httpHandler = new TestWebRequestHandler();
bool callbackTriggered = false;
httpHandler.Callback = req => {
- Match m = Regex.Match(req.ContentType, "multipart/form-data; boundary=(.+)");
+ var m = Regex.Match(req.ContentType, "multipart/form-data; boundary=(.+)");
Assert.IsTrue(m.Success, "Content-Type HTTP header not set correctly.");
string boundary = m.Groups[1].Value;
boundary = boundary.Substring(0, boundary.IndexOf(';')); // trim off charset
diff --git a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
index f43a349..b9e32fe 100644
--- a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
+++ b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs
@@ -8,6 +8,7 @@ namespace DotNetOpenAuth.Test.OAuth2 {
using System;
using System.Collections.Generic;
using System.Linq;
+ using System.Security.Cryptography;
using System.Text;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.Messaging.Bindings;
@@ -29,6 +30,8 @@ namespace DotNetOpenAuth.Test.OAuth2 {
protected static readonly Uri ClientCallback = new Uri("http://client/callback");
+ protected static readonly RSACryptoServiceProvider AsymmetricKey = new RSACryptoServiceProvider(512);
+
protected static readonly AuthorizationServerDescription AuthorizationServerDescription = new AuthorizationServerDescription {
AuthorizationEndpoint = new Uri("https://authserver/authorize"),
TokenEndpoint = new Uri("https://authserver/token"),
@@ -55,7 +58,7 @@ namespace DotNetOpenAuth.Test.OAuth2 {
MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))).Returns(true);
string canonicalUserName = ResourceOwnerUsername;
authHostMock.Setup(m => m.TryAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>(), out canonicalUserName)).Returns(true);
- authHostMock.Setup(m => m.CreateAccessToken(It.IsAny<IAccessTokenRequest>())).Returns(new AccessTokenResult(new AuthorizationServerAccessToken()));
+ authHostMock.Setup(m => m.CreateAccessToken(It.IsAny<IAccessTokenRequest>())).Returns(new AccessTokenResult(new AuthorizationServerAccessToken() { AccessTokenSigningKey = AsymmetricKey }));
return authHostMock;
}
}
diff --git a/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs b/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs
new file mode 100644
index 0000000..a4d09de
--- /dev/null
+++ b/src/DotNetOpenAuth.Test/OAuth2/ResourceServerTests.cs
@@ -0,0 +1,110 @@
+//-----------------------------------------------------------------------
+// <copyright file="ResourceServerTests.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.OAuth2 {
+ using System;
+ using System.Collections.Generic;
+ using System.Collections.Specialized;
+ using System.Linq;
+ using System.Security.Cryptography;
+ using System.Text;
+ using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.OAuth2;
+ using DotNetOpenAuth.OAuth2.ChannelElements;
+ using DotNetOpenAuth.OAuth2.Messages;
+ using Moq;
+ using NUnit.Framework;
+
+ [TestFixture]
+ public class ResourceServerTests : OAuth2TestBase {
+ [Test]
+ public void GetAccessTokenWithMissingAccessToken() {
+ var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));
+
+ var requestHeaders = new NameValueCollection {
+ { "Authorization", "Bearer " },
+ };
+ var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
+ Assert.That(() => resourceServer.GetAccessToken(request), Throws.InstanceOf<ProtocolException>());
+ }
+
+ [Test]
+ public void GetPrincipalWithMissingAccessToken() {
+ var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));
+
+ var requestHeaders = new NameValueCollection {
+ { "Authorization", "Bearer " },
+ };
+ var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
+ Assert.That(() => resourceServer.GetPrincipal(request), Throws.InstanceOf<ProtocolException>());
+ }
+
+ [Test]
+ public void GetAccessTokenWithTotallyFakeToken() {
+ var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));
+
+ var requestHeaders = new NameValueCollection {
+ { "Authorization", "Bearer foobar" },
+ };
+ var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
+ Assert.That(() => resourceServer.GetAccessToken(request), Throws.InstanceOf<ProtocolException>());
+ }
+
+ [Test]
+ public void GetAccessTokenWithCorruptedToken() {
+ var accessToken = this.ObtainValidAccessToken();
+
+ var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));
+
+ var requestHeaders = new NameValueCollection {
+ { "Authorization", "Bearer " + accessToken.Substring(0, accessToken.Length - 1) + "zzz" },
+ };
+ var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
+ Assert.That(() => resourceServer.GetAccessToken(request), Throws.InstanceOf<ProtocolException>());
+ }
+
+ [Test]
+ public void GetAccessTokenWithValidToken() {
+ var accessToken = this.ObtainValidAccessToken();
+
+ var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));
+
+ var requestHeaders = new NameValueCollection {
+ { "Authorization", "Bearer " + accessToken },
+ };
+ var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
+ var resourceServerDecodedToken = resourceServer.GetAccessToken(request);
+ Assert.That(resourceServerDecodedToken, Is.Not.Null);
+ }
+
+ private string ObtainValidAccessToken() {
+ string accessToken = null;
+ var authServer = CreateAuthorizationServerMock();
+ authServer.Setup(
+ a => a.IsAuthorizationValid(It.Is<IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
+ .Returns(true);
+ authServer.Setup(
+ a => a.TryAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
+ .Returns(true);
+ var coordinator = new OAuth2Coordinator<WebServerClient>(
+ AuthorizationServerDescription,
+ authServer.Object,
+ new WebServerClient(AuthorizationServerDescription),
+ client => {
+ var authState = client.GetClientAccessToken(TestScopes);
+ Assert.That(authState.AccessToken, Is.Not.Null.And.Not.Empty);
+ Assert.That(authState.RefreshToken, Is.Null);
+ accessToken = authState.AccessToken;
+ },
+ server => {
+ server.HandleTokenRequest().Respond();
+ });
+ coordinator.Run();
+
+ return accessToken;
+ }
+ }
+}
generated by cgit v1.1 at 2025-05-28 21:43:33 +0000