1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
//-----------------------------------------------------------------------
// <copyright file="AuthenticationRequestTests.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Linq;
using System.Text;
using System.Web;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.Messages;
using DotNetOpenAuth.OpenId.RelyingParty;
using DotNetOpenAuth.Test.Mocks;
using NUnit.Framework;
[TestFixture]
public class AuthenticationRequestTests : OpenIdTestBase {
private readonly Realm realm = new Realm("http://localhost/rp.aspx");
private readonly Identifier claimedId = "http://claimedId";
private readonly Identifier delegatedLocalId = "http://localId";
private readonly Protocol protocol = Protocol.Default;
private Uri returnTo;
[SetUp]
public override void SetUp() {
base.SetUp();
this.returnTo = new Uri("http://localhost/rp.aspx");
}
/// <summary>
/// Verifies IsDirectedIdentity returns true when appropriate.
/// </summary>
[TestCase]
public void IsDirectedIdentity() {
var iauthRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
Assert.IsFalse(iauthRequest.IsDirectedIdentity);
iauthRequest = this.CreateAuthenticationRequest(IdentifierSelect, IdentifierSelect);
Assert.IsTrue(iauthRequest.IsDirectedIdentity);
}
/// <summary>
/// Verifies ClaimedIdentifier behavior.
/// </summary>
[TestCase]
public void ClaimedIdentifier() {
var iauthRequest = this.CreateAuthenticationRequest(this.claimedId, this.delegatedLocalId);
Assert.AreEqual(this.claimedId, iauthRequest.ClaimedIdentifier);
iauthRequest = this.CreateAuthenticationRequest(IdentifierSelect, IdentifierSelect);
Assert.IsNull(iauthRequest.ClaimedIdentifier, "In directed identity mode, the ClaimedIdentifier should be null.");
}
/// <summary>
/// Verifies ProviderVersion behavior.
/// </summary>
[TestCase]
public void ProviderVersion() {
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
Assert.AreEqual(this.protocol.Version, authRequest.DiscoveryResult.Version);
}
/// <summary>
/// Verifies RedirectingResponse.
/// </summary>
[TestCase]
public void CreateRequestMessage() {
OpenIdCoordinator coordinator = new OpenIdCoordinator(
rp => {
Identifier id = this.GetMockIdentifier(ProtocolVersion.V20);
IAuthenticationRequest authRequest = rp.CreateRequest(id, this.realm, this.returnTo);
// Add some callback arguments
authRequest.AddCallbackArguments("a", "b");
authRequest.AddCallbackArguments(new Dictionary<string, string> { { "c", "d" }, { "e", "f" } });
// Assembly an extension request.
ClaimsRequest sregRequest = new ClaimsRequest();
sregRequest.Nickname = DemandLevel.Request;
authRequest.AddExtension(sregRequest);
// Construct the actual authentication request message.
var authRequestAccessor = (AuthenticationRequest)authRequest;
var req = authRequestAccessor.CreateRequestMessageTestHook();
Assert.IsNotNull(req);
// Verify that callback arguments were included.
NameValueCollection callbackArguments = HttpUtility.ParseQueryString(req.ReturnTo.Query);
Assert.AreEqual("b", callbackArguments["a"]);
Assert.AreEqual("d", callbackArguments["c"]);
Assert.AreEqual("f", callbackArguments["e"]);
// Verify that extensions were included.
Assert.AreEqual(1, req.Extensions.Count);
Assert.IsTrue(req.Extensions.Contains(sregRequest));
},
AutoProvider);
coordinator.Run();
}
/// <summary>
/// Verifies that delegating authentication requests are filtered out when configured to do so.
/// </summary>
[TestCase]
public void CreateFiltersDelegatingIdentifiers() {
Identifier id = GetMockIdentifier(ProtocolVersion.V20, false, true);
var rp = CreateRelyingParty();
// First verify that delegating identifiers work
Assert.IsTrue(AuthenticationRequest.Create(id, rp, this.realm, this.returnTo, false).Any(), "The delegating identifier should have not generated any results.");
// Now disable them and try again.
rp.SecuritySettings.RejectDelegatingIdentifiers = true;
Assert.IsFalse(AuthenticationRequest.Create(id, rp, this.realm, this.returnTo, false).Any(), "The delegating identifier should have not generated any results.");
}
/// <summary>
/// Verifies the Provider property returns non-null.
/// </summary>
[TestCase]
public void Provider() {
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
Assert.IsNotNull(authRequest.Provider);
Assert.AreEqual(OPUri, authRequest.Provider.Uri);
Assert.AreEqual(this.protocol.Version, authRequest.Provider.Version);
}
/// <summary>
/// Verifies that AddCallbackArguments adds query arguments to the return_to URL of the message.
/// </summary>
[TestCase]
public void AddCallbackArgument() {
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
Assert.AreEqual(this.returnTo, authRequest.ReturnToUrl);
authRequest.AddCallbackArguments("p1", "v1");
var req = (SignedResponseRequest)authRequest.RedirectingResponse.OriginalMessage;
NameValueCollection query = HttpUtility.ParseQueryString(req.ReturnTo.Query);
Assert.AreEqual("v1", query["p1"]);
}
/// <summary>
/// Verifies that AddCallbackArguments replaces pre-existing parameter values
/// rather than appending them.
/// </summary>
[TestCase]
public void AddCallbackArgumentClearsPreviousArgument() {
UriBuilder returnToWithArgs = new UriBuilder(this.returnTo);
returnToWithArgs.AppendQueryArgs(new Dictionary<string, string> { { "p1", "v1" } });
this.returnTo = returnToWithArgs.Uri;
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
authRequest.AddCallbackArguments("p1", "v2");
var req = (SignedResponseRequest)authRequest.RedirectingResponse.OriginalMessage;
NameValueCollection query = HttpUtility.ParseQueryString(req.ReturnTo.Query);
Assert.AreEqual("v2", query["p1"]);
}
/// <summary>
/// Verifies identity-less checkid_* request behavior.
/// </summary>
[TestCase]
public void NonIdentityRequest() {
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
authRequest.IsExtensionOnly = true;
Assert.IsTrue(authRequest.IsExtensionOnly);
var req = (SignedResponseRequest)authRequest.RedirectingResponse.OriginalMessage;
Assert.IsNotInstanceOf<CheckIdRequest>(req, "An unexpected SignedResponseRequest derived type was generated.");
}
/// <summary>
/// Verifies that discovery on identifiers that serve as OP identifiers and claimed identifiers
/// only generate OP Identifier auth requests.
/// </summary>
[TestCase]
public void DualIdentifierUsedOnlyAsOPIdentifierForAuthRequest() {
var rp = this.CreateRelyingParty(true);
var results = AuthenticationRequest.Create(GetMockDualIdentifier(), rp, this.realm, this.returnTo, false).ToList();
Assert.AreEqual(1, results.Count);
Assert.IsTrue(results[0].IsDirectedIdentity);
// Also test when dual identiifer support is turned on.
rp.SecuritySettings.AllowDualPurposeIdentifiers = true;
results = AuthenticationRequest.Create(GetMockDualIdentifier(), rp, this.realm, this.returnTo, false).ToList();
Assert.AreEqual(1, results.Count);
Assert.IsTrue(results[0].IsDirectedIdentity);
}
/// <summary>
/// Verifies that authentication requests are generated first for OPs that respond
/// to authentication requests.
/// </summary>
[TestCase, Ignore("Not yet implemented")]
public void UnresponsiveProvidersComeLast() {
// TODO: code here
Assert.Inconclusive("Not yet implemented.");
}
private AuthenticationRequest CreateAuthenticationRequest(Identifier claimedIdentifier, Identifier providerLocalIdentifier) {
ProviderEndpointDescription providerEndpoint = new ProviderEndpointDescription(OPUri, this.protocol.Version);
IdentifierDiscoveryResult endpoint = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, providerLocalIdentifier, providerEndpoint, 10, 5);
OpenIdRelyingParty rp = this.CreateRelyingParty();
return AuthenticationRequest.CreateForTest(endpoint, this.realm, this.returnTo, rp);
}
}
}
|
