1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
//-----------------------------------------------------------------------
// <copyright file="AuthenticationRequestTests.cs" company="Andrew Arnott">
// Copyright (c) Andrew Arnott. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Linq;
using System.Text;
using System.Web;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.DiscoveryServices;
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.Messages;
using DotNetOpenAuth.OpenId.RelyingParty;
using Microsoft.VisualStudio.TestTools.UnitTesting;
[TestClass]
public class AuthenticationRequestTests : OpenIdTestBase {
private readonly Realm realm = new Realm("http://localhost/rp.aspx");
private readonly Identifier claimedId = "http://claimedId";
private readonly Identifier delegatedLocalId = "http://localId";
private readonly Protocol protocol = Protocol.Default;
private Uri returnTo;
[TestInitialize]
public override void SetUp() {
base.SetUp();
this.returnTo = new Uri("http://localhost/rp.aspx");
}
/// <summary>
/// Verifies IsDirectedIdentity returns true when appropriate.
/// </summary>
[TestMethod]
public void IsDirectedIdentity() {
var iauthRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
Assert.IsFalse(iauthRequest.IsDirectedIdentity);
iauthRequest = this.CreateAuthenticationRequest(IdentifierSelect, IdentifierSelect);
Assert.IsTrue(iauthRequest.IsDirectedIdentity);
}
/// <summary>
/// Verifies ClaimedIdentifier behavior.
/// </summary>
[TestMethod]
public void ClaimedIdentifier() {
var iauthRequest = this.CreateAuthenticationRequest(this.claimedId, this.delegatedLocalId);
Assert.AreEqual(this.claimedId, iauthRequest.ClaimedIdentifier);
iauthRequest = this.CreateAuthenticationRequest(IdentifierSelect, IdentifierSelect);
Assert.IsNull(iauthRequest.ClaimedIdentifier, "In directed identity mode, the ClaimedIdentifier should be null.");
}
/// <summary>
/// Verifies ProviderVersion behavior.
/// </summary>
[TestMethod]
public void ProviderVersion() {
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
Assert.AreEqual(this.protocol.Version, authRequest.DiscoveryResult.ProviderEndpoint.GetProtocol().Version);
}
/// <summary>
/// Verifies RedirectingResponse.
/// </summary>
[TestMethod]
public void CreateRequestMessage() {
OpenIdCoordinator coordinator = new OpenIdCoordinator(
rp => {
Identifier id = this.GetMockIdentifier(ProtocolVersion.V20);
IAuthenticationRequest authRequest = rp.CreateRequest(id, this.realm, this.returnTo);
// Add some callback arguments
authRequest.AddCallbackArguments("a", "b");
authRequest.AddCallbackArguments(new Dictionary<string, string> { { "c", "d" }, { "e", "f" } });
// Assembly an extension request.
ClaimsRequest sregRequest = new ClaimsRequest();
sregRequest.Nickname = DemandLevel.Request;
authRequest.AddExtension(sregRequest);
// Construct the actual authentication request message.
var authRequestAccessor = AuthenticationRequest_Accessor.AttachShadow(authRequest);
var req = authRequestAccessor.CreateRequestMessage();
Assert.IsNotNull(req);
// Verify that callback arguments were included.
NameValueCollection callbackArguments = HttpUtility.ParseQueryString(req.ReturnTo.Query);
Assert.AreEqual("b", callbackArguments["a"]);
Assert.AreEqual("d", callbackArguments["c"]);
Assert.AreEqual("f", callbackArguments["e"]);
// Verify that extensions were included.
Assert.AreEqual(1, req.Extensions.Count);
Assert.IsTrue(req.Extensions.Contains(sregRequest));
},
AutoProvider);
coordinator.Run();
}
/// <summary>
/// Verifies that delegating authentication requests are filtered out when configured to do so.
/// </summary>
[TestMethod]
public void CreateFiltersDelegatingIdentifiers() {
Identifier id = GetMockIdentifier(ProtocolVersion.V20, false, true);
var rp = CreateRelyingParty();
// First verify that delegating identifiers work
Assert.IsTrue(AuthenticationRequest.Create(id, rp, realm, returnTo, false).Any(), "The delegating identifier should have not generated any results.");
// Now disable them and try again.
rp.SecuritySettings.RejectDelegatingIdentifiers = true;
Assert.IsFalse(AuthenticationRequest.Create(id, rp, realm, returnTo, false).Any(), "The delegating identifier should have not generated any results.");
}
/// <summary>
/// Verifies the Provider property returns non-null.
/// </summary>
[TestMethod]
public void Provider() {
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
Assert.IsNotNull(authRequest.Provider);
Assert.AreEqual(OPUri, authRequest.Provider.Uri);
Assert.AreEqual(this.protocol.Version, authRequest.Provider.Version);
}
/// <summary>
/// Verifies that AddCallbackArguments adds query arguments to the return_to URL of the message.
/// </summary>
[TestMethod]
public void AddCallbackArgument() {
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
Assert.AreEqual(this.returnTo, authRequest.ReturnToUrl);
authRequest.AddCallbackArguments("p1", "v1");
var req = (SignedResponseRequest)authRequest.RedirectingResponse.OriginalMessage;
NameValueCollection query = HttpUtility.ParseQueryString(req.ReturnTo.Query);
Assert.AreEqual("v1", query["p1"]);
}
/// <summary>
/// Verifies that AddCallbackArguments replaces pre-existing parameter values
/// rather than appending them.
/// </summary>
[TestMethod]
public void AddCallbackArgumentClearsPreviousArgument() {
UriBuilder returnToWithArgs = new UriBuilder(this.returnTo);
returnToWithArgs.AppendQueryArgs(new Dictionary<string, string> { { "p1", "v1" } });
this.returnTo = returnToWithArgs.Uri;
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
authRequest.AddCallbackArguments("p1", "v2");
var req = (SignedResponseRequest)authRequest.RedirectingResponse.OriginalMessage;
NameValueCollection query = HttpUtility.ParseQueryString(req.ReturnTo.Query);
Assert.AreEqual("v2", query["p1"]);
}
/// <summary>
/// Verifies identity-less checkid_* request behavior.
/// </summary>
[TestMethod]
public void NonIdentityRequest() {
var authRequest = this.CreateAuthenticationRequest(this.claimedId, this.claimedId);
authRequest.IsExtensionOnly = true;
Assert.IsTrue(authRequest.IsExtensionOnly);
var req = (SignedResponseRequest)authRequest.RedirectingResponse.OriginalMessage;
Assert.IsNotInstanceOfType(req, typeof(CheckIdRequest), "An unexpected SignedResponseRequest derived type was generated.");
}
/// <summary>
/// Verifies that authentication requests are generated first for OPs that respond
/// to authentication requests.
/// </summary>
[TestMethod, Ignore]
public void UnresponsiveProvidersComeLast() {
// TODO: code here
Assert.Inconclusive("Not yet implemented.");
}
private AuthenticationRequest CreateAuthenticationRequest(Identifier claimedIdentifier, Identifier providerLocalIdentifier) {
ProviderEndpointDescription providerEndpoint = new ProviderEndpointDescription(OPUri, this.protocol.Version);
IIdentifierDiscoveryResult endpoint = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, providerLocalIdentifier, providerEndpoint, 10, 5);
OpenIdRelyingParty rp = this.CreateRelyingParty();
return AuthenticationRequest.CreateForTest(endpoint, this.realm, this.returnTo, rp);
}
}
}
|
