We did custom authorization attribute and want this to be covered by unit test. Unfortunately I don't have any idea how to unit test such kind of staff. Could you advise please?
public override void OnAuthorization(HttpActionContext actionContext)
{
var ts = GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(TokenService));
try
{
var token = GetHeader(actionContext.Request);
if (token == null)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("Token not found")
};
return;
}
else
{
var tks = ts as TokenService;
var tkn = Task.Run(() => tks.FindToken(token)).Result;
if (tkn.ValidTill > DateTime.Now)
{
var us = GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(UserService));
var uss = us as UserService;
var user = Task.Run(() => uss.FindByTokenValue(token)).Result;
if (user != null)
{
if (!_roles.Contains(user.RoleName))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden)
{
Content = new StringContent("You role permission is not enough")
};
return;
}
var identity = new Identity { Name = user.Login, IsAuthenticated = true };
var principal = new GenericPrincipal(identity, new[] { user.RoleName });
actionContext.RequestContext.Principal = principal;
Thread.CurrentPrincipal = principal;
base.OnAuthorization(actionContext);
_roles = null;
}
else
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("User not found")
};
return;
}
}
else
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent($"Token valid till {tkn.ValidTill}")
};
return;
}
}
}
catch (Exception ex)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent($"Authorization error: {ex.Message}")
};
return;
}
}
Test that should be passed:
- Token is exist.
- Token is valid for this DateTime.
- User role is valid.
P.S. Please don't ask me why we did this instead of using ASP.NET Identity, that's was not my solution, I prefer ASP.NET Identity.
Well there is nothing really special about this. So for example using Moq:
[Test]
public void OnAuthorization_ReturnsErrorWhenThereIsNoToken()
{
var resolver = new Mock<IDependencyResolver>();
resolver.Setup(x => x.GetService(It.IsAny<Type>())).Returns(
(Type t) =>
{
if (t == typeof(TokenService))
{
return new TokenService();
}
if (t == typeof(TokenService))
{
return new UserService();
}
return null;
});
var original = GlobalConfiguration.Configuration.DependencyResolver;
GlobalConfiguration.Configuration.DependencyResolver = resolver.Object;
var ctx = new HttpActionContext
{
ControllerContext =
new HttpControllerContext { Request = new HttpRequestMessage() }
};
var target = new Attrr();
target.OnAuthorization(ctx); // no token
Assert.AreEqual(HttpStatusCode.Unauthorized, ctx.Response.StatusCode);
Assert.AreEqual("Token not found", (ctx.Response.Content as StringContent).ReadAsStringAsync().Result);
// we need this to ensure the test state is restored after test
GlobalConfiguration.Configuration.DependencyResolver = original;
}
Obviously then you need to keep replicating behaviours (i'm hoping your TokenService and UserService are actually interface'd.
Related
I've implemented Identity Server and it's working also.
One of my client is an MVC client and during authentication, I want to show the consent screen. For this on the client config I added 'RequireConsent=true'
Now it shows consent screen but the issue is, There it shows only permissions for 'openid' and 'profile' scopes.
I have several other custom scopes like 'Api1.read', 'Api1.write' which are not fetching on Authorization request while Identity Server builds view modal for concent screen.
What I'm doing wrong.
On the client AllowedScopes contains =
{ 'openid', 'profile', 'Api1.read', 'Api1.write' }
When it hits the consent page ApiResources and ApiScopes are empty but openid and profile are available inside IdentityResources
This is how I'm configuring IdentityServer on Startup
services.AddIdentityServer(options =>
{
options.Authentication.CookieLifetime = TimeSpan.FromSeconds(config.IdentityServerCookieLifetime);
})
.AddDeveloperSigningCredential()
.AddCorsPolicyService<MyCORSPolicy>()
.AddResourceStore<MyResourceStore>()
.AddClientStore<MyClientStore>()
.AddProfileService<ProfileService>()
.AddDeveloperSigningCredential();
I'm using IClientStore and IResourceStore to implement fetching details from a database instead of static configuration in appsettings.json
I also don't want to use Entity Framework core for this. I prefer using my own custom table schemas and Dapper.
Here's the Startup config on MVC application
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
//Add Support for OAuth 2.0 Code-Grant With Identity Server 4
services.AddAuthentication(opt =>
{
opt.DefaultScheme = "Cookies";
opt.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", opt =>
{
opt.SignInScheme = "Cookies";
opt.Authority = "https://localhost:5005";
opt.ClientId = "mvc-client";
opt.ResponseType = "code";
opt.ClientSecret = "MVCSecret";
opt.UseTokenLifetime = true;
opt.SaveTokens = true;
});
}
This is my ResourceStore Implementation
public class MyResourceStore : IResourceStore
{
private readonly IConfiguration config;
private readonly string connectionString;
public MyResourceStore(IConfiguration config)
{
this.config = config;
this.connectionString = config.GetConnectionString("AuthConfigDatabase");
}
public async Task<IEnumerable<IdentityServer4.Models.ApiResource>> FindApiResourcesByNameAsync(IEnumerable<string> apiResourceNames)
{
var apis = SqlHelper.Query<AuthApiResources>($"SELECT * FROM AuthApiResources WHERE Name='{apiResourceNames}' AND IsActive=1", connectionString);
if (apis != null)
{
var result = new List<IdentityServer4.Models.ApiResource>();
foreach (var api in apis)
{
var availableScopes = new List<string>() { "openid", "profile" };
availableScopes.AddRange(api.SupportedScopes.Split(",").ToList());
result.Add(new IdentityServer4.Models.ApiResource
{
Name = api.Name,
DisplayName = api.DisplayName,
Scopes = availableScopes
});
}
return result;
}
return null;
}
public async Task<IEnumerable<IdentityServer4.Models.ApiResource>> FindApiResourcesByScopeNameAsync(IEnumerable<string> scopesList)
{
var scopeNames = scopesList.ToList();
var likeStatements = "";
for (var i = 0; i < scopeNames.Count(); i++)
{
if (i == scopeNames.Count() - 1)
{
likeStatements += $"SupportedScopes LIKE '%{scopeNames[i]}%'";
}
else
{
likeStatements += $"SupportedScopes LIKE '%{scopeNames[i]}%' OR ";
}
}
var apis = SqlHelper.Query<AuthApiResources>($"SELECT * FROM AuthApiResources WHERE ({likeStatements}) AND IsActive=1", connectionString);
if (apis != null)
{
var result = new List<IdentityServer4.Models.ApiResource>();
foreach (var api in apis)
{
var availableScopes = new List<string>() { "openid", "profile" };
availableScopes.AddRange(api.SupportedScopes.Split(",").ToList());
result.Add(new IdentityServer4.Models.ApiResource
{
Name = api.Name,
DisplayName = api.DisplayName,
Scopes = availableScopes
});
}
return result;
}
return null;
}
public async Task<IEnumerable<ApiScope>> FindApiScopesByNameAsync(IEnumerable<string> scopesList)
{
var scopeNames = scopesList.ToList();
var likeStatements = "";
for (var i = 0; i < scopeNames.Count(); i++)
{
if (i == scopeNames.Count() - 1)
{
likeStatements += $"ScopeName='{scopeNames[i]}'";
}
else
{
likeStatements += $"ScopeName='{scopeNames[i]}' OR ";
}
}
var scopes = SqlHelper.Query<AuthScope>($"SELECT * FROM AuthScopes WHERE ({likeStatements})", connectionString);
if (scopes != null)
{
var result = new List<IdentityServer4.Models.ApiScope>();
foreach (var scope in scopes)
{
result.Add(new IdentityServer4.Models.ApiScope
{
Name = scope.ScopeName,
DisplayName = scope.ScopeDescription
});
}
return result;
}
return null;
}
public async Task<IEnumerable<IdentityResource>> FindIdentityResourcesByScopeNameAsync(IEnumerable<string> scopeNames)
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
}
public async Task<Resources> GetAllResourcesAsync()
{
var allResources = new Resources();
allResources.IdentityResources =
new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
var apis = SqlHelper.Query<AuthApiResources>($"SELECT * FROM AuthApiResources WHERE IsActive=1", connectionString);
if (apis != null)
{
var result = new List<IdentityServer4.Models.ApiResource>();
foreach (var api in apis)
{
var availableScopes = new List<string>() { "openid", "profile" };
availableScopes.AddRange(api.SupportedScopes.Split(",").ToList());
result.Add(new IdentityServer4.Models.ApiResource
{
Name = api.Name,
DisplayName = api.DisplayName,
Scopes = availableScopes
});
}
allResources.ApiResources = result;
}
var scopes = SqlHelper.Query<AuthScope>($"SELECT * FROM AuthScopes", connectionString);
if (scopes != null)
{
var result = new List<IdentityServer4.Models.ApiScope>();
foreach (var scope in scopes)
{
result.Add(new IdentityServer4.Models.ApiScope
{
Name = scope.ScopeName,
DisplayName = scope.ScopeDescription
});
}
allResources.ApiScopes = result;
}
return allResources;
}
}
And here's a sample of database schema
What am I doing wrong
In your client, inside the AddOpenIdConnect method, you need to also define what scopes you want to have access to, like:
.AddOpenIdConnect(options =>
{
...
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("employee_info");
...
}
I have this method:
[HttpPut]
[AuthorizeClaim("field:write")]
[ApiConventionMethod(typeof(AttemptApiConventions), nameof(AttemptApiConventions.AttemptPut))]
public override async Task<ActionResult<Field>> UpdateAsync(Field model)
{
var getAttempt = await Mediator.Send(new GenericGet<Field>(model.Id));
if (getAttempt.Failure) return Ok(getAttempt);
var field = getAttempt.Result;
if (!field.IsSpecification && !User.IsInRole("Administrator"))
return Ok(new ForbiddenError(string.Format(Resources.PermissionError, "this field")).ToAttempt<Field>());
if (!field.IsSpecification && model.Name != field.Name)
return Ok(new ValidationError(string.Format(Resources.CannotBeChanged, nameof(Field.Name))).ToAttempt<Field>());
return await base.UpdateAsync(model);
}
As you can see, I check if the User.IsInRole to display a different error message when they are trying to change a field.
The problem is, I have this unit test:
[Test]
public async Task ReturnBadRequestIfSpecificationFieldNameChanges()
{
// Assemble
var model = new Field {Id = 1, IsSpecification = false, Name = "Test"};
var services = FieldsControllerContext.GivenServices();
var controller = services.WhenCreateController("Administrator");
services.Mediator.Send(Arg.Any<GenericGet<Field>>())
.Returns(new Field {Id = 1, IsSpecification = false, Name = "Old"});
// Act
var actionResult = await controller.UpdateAsync(model);
// Assert
actionResult.ShouldBeBadRequest(string.Format(Sxp.Web.Properties.Resources.CannotBeChanged, nameof(Field.Name)));
}
Take a look at the line services.WhenCreateController("Administrator");. It is passing the role I want the mocked user to be a member of. This is set like this:
public static class ControllerExtensions
{
public static T WithUser<T>(this T controller, string roles = null) where T: ControllerBase
{
var id = Guid.NewGuid().ToString();
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, "example name"),
new Claim(ClaimTypes.NameIdentifier, id),
new Claim(JwtClaimTypes.Subject, id),
};
if (!string.IsNullOrEmpty(roles))
{
var r = roles.Split(",");
claims.AddRange(r.Select(role => new Claim(JwtClaimTypes.Role, role)));
}
var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "mock"));
controller.ControllerContext = new ControllerContext
{
HttpContext = new DefaultHttpContext
{
User = user
}
};
return controller;
}
}
When I debug my test, I can see this:
Can anyone tell me why?
I found the answer. This line was to blame:
claims.AddRange(r.Select(role => new Claim(JwtClaimTypes.Role, role)));
It isn't JwtClaimTypes that it checks, it actually checks for:
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
I have a web api end point that i want to unit test. I have a custom SwaggerUploadFile attribute that allows a file upload button on the swagger page. But for unit testing I cant figure out how to pass in a file.
For unit testing I am using: Xunit, Moq and Fluent Assertions
Below is my controller with the endpoint:
public class MyAppController : ApiController
{
private readonly IMyApp _myApp;
public MyAppController(IMyApp myApp)
{
if (myApp == null) throw new ArgumentNullException(nameof(myApp));
_myApp = myApp;
}
[HttpPost]
[ResponseType(typeof(string))]
[Route("api/myApp/UploadFile")]
[SwaggerUploadFile("myFile", "Upload a .zip format file", Required = true, Type = "file")]
public async Task<IHttpActionResult> UploadFile()
{
if (!Request.Content.IsMimeMultipartContent())
{
throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
}
var provider = await Request.Content.ReadAsMultipartAsync();
var bytes = await provider.Contents.First().ReadAsByteArrayAsync();
try
{
var retVal = _myApp.CheckAndSaveByteStreamAsync(bytes).Result;
if(retVal)
{
return
ResponseMessage(
new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(
new WebApiResponse
{
Message = "File has been saved"
}), Encoding.UTF8, "application/json")
});
}
return ResponseMessage(
new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(JsonConvert.SerializeObject(
new WebApiResponse
{
Message = "The file could not be saved"
}), Encoding.UTF8, "application/json")
});
}
catch (Exception e)
{
//log error
return BadRequest("Oops...something went wrong");
}
}
}
Unit test I have so far:
[Fact]
[Trait("Category", "MyAppController")]
public void UploadFileTestWorks()
{
//Arrange
_myApp.Setup(x => x.CheckAndSaveByteStreamAsync(It.IsAny<byte[]>())).ReturnsAsync(() => true);
var expected = JsonConvert.SerializeObject(
new WebApiResponse
{
Message = "The file has been saved"
});
var _sut = new MyAppController(_myApp.Object);
//Act
var retVal = _sut.UploadFile();
var content = (ResponseMessageResult)retVal.Result;
var contentResult = content.Response.Content.ReadAsStringAsync().Result;
//Assert
contentResult.Should().Be(expected);
}
The above fails as when it hits this line if(!Request.Content.IsMimeMultipartContent()) we get a NullReferenceException > "{"Object reference not set to an instance of an object."}"
Best Answer Implemented:
Created an interface:
public interface IApiRequestProvider
{
Task<MultipartMemoryStreamProvider> ReadAsMultiPartAsync();
bool IsMimeMultiPartContent();
}
Then an implementation:
public class ApiRequestProvider : ApiController, IApiRequestProvider
{
public Task<MultipartMemoryStreamProvider> ReadAsMultiPartAsync()
{
return Request.Content.ReadAsMultipartAsync();
}
public bool IsMimeMultiPartContent()
{
return Request.Content.IsMimeMultipartContent();
}
}
Now my controller uses constructor injection to get the RequestProvider:
private readonly IMyApp _myApp;
private readonly IApiRequestProvider _apiRequestProvider;
public MyAppController(IMyApp myApp, IApiRequestProvider apiRequestProvider)
{
if (myApp == null) throw new ArgumentNullException(nameof(myApp));
_myApp = myApp;
if (apiRequestProvider== null) throw new ArgumentNullException(nameof(apiRequestProvider));
_apiRequestProvider= apiRequestProvider;
}
New implementation on method:
[HttpPost]
[ResponseType(typeof(string))]
[Route("api/myApp/UploadFile")]
[SwaggerUploadFile("myFile", "Upload a .zip format file", Required = true, Type = "file")]
public async Task<IHttpActionResult> UploadFile()
{
if (!_apiRequestProvider.IsMimeMultiPartContent())
{
throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
}
var provider = await _apiRequestProvider.ReadAsMultiPartAsync();
var bytes = await provider.Contents.First().ReadAsByteArrayAsync();
try
{
var retVal = _myApp.CheckAndSaveByteStreamAsync(bytes).Result;
if(retVal)
{
return
ResponseMessage(
new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(
new WebApiResponse
{
Message = "File has been saved"
}), Encoding.UTF8, "application/json")
});
}
return ResponseMessage(
new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(JsonConvert.SerializeObject(
new WebApiResponse
{
Message = "The file could not be saved"
}), Encoding.UTF8, "application/json")
});
}
catch (Exception e)
{
//log error
return BadRequest("Oops...something went wrong");
}
}
}
And my unit test that mocks the ApiController Request:
[Fact]
[Trait("Category", "MyAppController")]
public void UploadFileTestWorks()
{
//Arrange
_apiRequestProvider = new Mock<IApiRequestProvider>();
_myApp = new Mock<IMyApp>();
MultipartMemoryStreamProvider fakeStream = new MultipartMemoryStreamProvider();
fakeStream.Contents.Add(CreateFakeMultiPartFormData());
_apiRequestProvider.Setup(x => x.IsMimeMultiPartContent()).Returns(true);
_apiRequestProvider.Setup(x => x.ReadAsMultiPartAsync()).ReturnsAsync(()=>fakeStream);
_myApp.Setup(x => x.CheckAndSaveByteStreamAsync(It.IsAny<byte[]>())).ReturnsAsync(() => true);
var expected = JsonConvert.SerializeObject(
new WebApiResponse
{
Message = "The file has been saved"
});
var _sut = new MyAppController(_myApp.Object, _apiRequestProvider.Object);
//Act
var retVal = _sut.UploadFile();
var content = (ResponseMessageResult)retVal.Result;
var contentResult = content.Response.Content.ReadAsStringAsync().Result;
//Assert
contentResult.Should().Be(expected);
}
Thanks to #Badulake for the idea
You should do a better separation in the logic of the method.
Refactor your method so it does not depends on any class related to your web framework , in this case the Request class. Your upload code does not need to know anything about it.
As a hint:
var provider = await Request.Content.ReadAsMultipartAsync();
could be transformed to:
var provider = IProviderExtracter.Extract();
public interface IProviderExtracter
{
Task<provider> Extract();
}
public class RequestProviderExtracter:IProviderExtracter
{
public Task<provider> Extract()
{
return Request.Content.ReadAsMultipartAsync();
}
}
In your tests you can easely mock IProviderExtracter and focus in which work is doing each part of your code.
The idea is you get the most decoupled code so your worries are focused only in mocking the classes you have developed, no the ones the framework forces you to use.
The below was how I initially solved it but after Badulake's answer i implemented that where i abstracted the api request to an interface/class and Mocked it out with Moq. I edited my question and put the best implementation there, but i left this answer here for people who dont want to go to the trouble of mocking it
I used part of this guide but I made a simpler solution:
New unit test:
[Fact]
[Trait("Category", "MyAppController")]
public void UploadFileTestWorks()
{
//Arrange
var multiPartContent = CreateFakeMultiPartFormData();
_myApp.Setup(x => x.CheckAndSaveByteStreamAsync(It.IsAny<byte[]>())).ReturnsAsync(() => true);
var expected = JsonConvert.SerializeObject(
new WebApiResponse
{
Message = "The file has been saved"
});
_sut = new MyAppController(_myApp.Object);
//Sets a controller request message content to
_sut.Request = new HttpRequestMessage()
{
Method = HttpMethod.Post,
Content = multiPartContent
};
//Act
var retVal = _sut.UploadFile();
var content = (ResponseMessageResult)retVal.Result;
var contentResult = content.Response.Content.ReadAsStringAsync().Result;
//Assert
contentResult.Should().Be(expected);
}
Private support method:
private static MultipartFormDataContent CreateFakeMultiPartFormData()
{
byte[] data = { 1, 2, 3, 4, 5 };
ByteArrayContent byteContent = new ByteArrayContent(data);
StringContent stringContent = new StringContent(
"blah blah",
System.Text.Encoding.UTF8);
MultipartFormDataContent multipartContent = new MultipartFormDataContent { byteContent, stringContent };
return multipartContent;
}
I'm currently working on an OWIN OAuth implementation which uses JWT and supports token refreshing. I'm having intermittent problems with the token refresh process. The process works reliably on my development environment, but when published onto our Azure Service Fabric test environment, which is setup in a 3-node load-balanced configuration, the refresh token request often fails (not always!), and I get the infamous "invalid_grant" error.
I've found that the refresh token works successfully when being handled by the same service fabric node that issued it originally. However, it always fails when handled by a different node.
My understanding is that by using JWT, having a micro-service infrastructure deliver a load-balanced authentication server get's around the "machine-key" related issues that arise from using the OOTB access token format provided by OWIN.
Failed refresh tokens are making their way into the IAuthenticationTokenProvider.ReceiveAsync method, but the OAuthAuthorizationServerProvider.GrantRefreshToken method is never being hit, suggesting something in the OWIN middle-ware is not happy with the refresh token. Can anyone offer any insight into what the cause may be?
Now for the code, there's quite a bit - apologies for all the reading!
The authentication server is a service fabric stateless service, here's the ConfigureApp method:
protected override void ConfigureApp(IAppBuilder appBuilder)
{
appBuilder.UseCors(CorsOptions.AllowAll);
var oAuthAuthorizationServerOptions = InjectionContainer.GetInstance<OAuthAuthorizationServerOptions>();
appBuilder.UseOAuthAuthorizationServer(oAuthAuthorizationServerOptions);
appBuilder.UseJwtBearerAuthentication(InjectionContainer.GetInstance<JwtBearerAuthenticationOptions>());
appBuilder.UseWebApi(GetHttpConfiguration(InjectionContainer));
}
Here's the implementation of OAuthAuthorizationServerOptions:
public class AppOAuthOptions : OAuthAuthorizationServerOptions
{
public AppOAuthOptions(IAppJwtConfiguration configuration,
IAuthenticationTokenProvider authenticationTokenProvider,
IOAuthAuthorizationServerProvider authAuthorizationServerProvider)
{
AllowInsecureHttp = true;
TokenEndpointPath = "/token";
AccessTokenExpireTimeSpan = configuration.ExpirationMinutes;
AccessTokenFormat = new AppJwtWriterFormat(this, configuration);
Provider = authAuthorizationServerProvider;
RefreshTokenProvider = authenticationTokenProvider;
}
}
And here's the JwtBearerAuthenticationOptions implementation:
public class AppJwtOptions : JwtBearerAuthenticationOptions
{
public AppJwtOptions(IAppJwtConfiguration config)
{
AuthenticationMode = AuthenticationMode.Active;
AllowedAudiences = new[] {config.JwtAudience};
IssuerSecurityTokenProviders = new[]
{
new SymmetricKeyIssuerSecurityTokenProvider(
config.JwtIssuer,
Convert.ToBase64String(Encoding.UTF8.GetBytes(config.JwtKey)))
};
}
}
public class InMemoryJwtConfiguration : IAppJwtConfiguration
{
AppSettings _appSettings;
public InMemoryJwtConfiguration(AppSettings appSettings)
{
_appSettings = appSettings;
}
public int ExpirationMinutes
{
get { return 15; }
set { }
}
public string JwtAudience
{
get { return "CENSORED AUDIENCE"; }
set { }
}
public string JwtIssuer
{
get { return "CENSORED ISSUER"; }
set { }
}
public string JwtKey
{
get { return "CENSORED KEY :)"; }
set { }
}
public int RefreshTokenExpirationMinutes
{
get { return 60; }
set { }
}
public string TokenPath
{
get { return "/token"; }
set { }
}
}
And the ISecureData implementation:
public class AppJwtWriterFormat : ISecureDataFormat<AuthenticationTicket>
{
public AppJwtWriterFormat(
OAuthAuthorizationServerOptions options,
IAppJwtConfiguration configuration)
{
_options = options;
_configuration = configuration;
}
public string Protect(AuthenticationTicket data)
{
if (data == null)
throw new ArgumentNullException(nameof(data));
var now = DateTime.UtcNow;
var expires = now.AddMinutes(_options.AccessTokenExpireTimeSpan.TotalMinutes);
var symmetricKey = Encoding.UTF8.GetBytes(_configuration.JwtKey);
var signingCredentials = new SigningCredentials(
new InMemorySymmetricSecurityKey(symmetricKey),
SignatureAlgorithm, DigestAlgorithm);
var token = new JwtSecurityToken(
_configuration.JwtIssuer,
_configuration.JwtAudience,
data.Identity.Claims,
now,
expires,
signingCredentials);
return new JwtSecurityTokenHandler().WriteToken(token);
}
public AuthenticationTicket Unprotect(string protectedText)
{
throw new NotImplementedException();
}
}
This is the IAuthenticationTokenProvider implementation:
public class RefreshTokenProvider : IAuthenticationTokenProvider
{
private readonly IAppJwtConfiguration _configuration;
private readonly IContainer _container;
public RefreshTokenProvider(IAppJwtConfiguration configuration, IContainer container)
{
_configuration = configuration;
_container = container;
_telemetry = telemetry;
}
public void Create(AuthenticationTokenCreateContext context)
{
CreateAsync(context).Wait();
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
try
{
var refreshTokenId = Guid.NewGuid().ToString("n");
var now = DateTime.UtcNow;
using (var container = _container.GetNestedContainer())
{
var hashLogic = container.GetInstance<IHashLogic>();
var tokenStoreLogic = container.GetInstance<ITokenStoreLogic>();
var userName = context.Ticket.Identity.FindFirst(ClaimTypes.UserData).Value;
var userToken = new UserToken
{
Email = userName,
RefreshTokenIdHash = hashLogic.HashInput(refreshTokenId),
Subject = context.Ticket.Identity.Name,
RefreshTokenExpiresUtc =
now.AddMinutes(Convert.ToDouble(_configuration.RefreshTokenExpirationMinutes)),
AccessTokenExpirationDateTime =
now.AddMinutes(Convert.ToDouble(_configuration.ExpirationMinutes))
};
context.Ticket.Properties.IssuedUtc = now;
context.Ticket.Properties.ExpiresUtc = userToken.RefreshTokenExpiresUtc;
context.Ticket.Properties.AllowRefresh = true;
userToken.RefreshToken = context.SerializeTicket();
await tokenStoreLogic.CreateUserTokenAsync(userToken);
context.SetToken(refreshTokenId);
}
}
catch (Exception ex)
{
// exception logging removed for brevity
throw;
}
}
public void Receive(AuthenticationTokenReceiveContext context)
{
ReceiveAsync(context).Wait();
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
try
{
using (var container = _container.GetNestedContainer())
{
var hashLogic = container.GetInstance<IHashLogic>();
var tokenStoreLogic = container.GetInstance<ITokenStoreLogic>();
var hashedTokenId = hashLogic.HashInput(context.Token);
var refreshToken = await tokenStoreLogic.FindRefreshTokenAsync(hashedTokenId);
if (refreshToken == null)
{
return;
}
context.DeserializeTicket(refreshToken.RefreshToken);
await tokenStoreLogic.DeleteRefreshTokenAsync(hashedTokenId);
}
}
catch (Exception ex)
{
// exception logging removed for brevity
throw;
}
}
}
And finally, this is the OAuthAuthorizationServerProvider implementation:
public class AppOAuthProvider : OAuthAuthorizationServerProvider
{
public override Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
if (context.ClientId != null)
{
context.Rejected();
return Task.FromResult(0);
}
// Change authentication ticket for refresh token requests
var newIdentity = new ClaimsIdentity(context.Ticket.Identity);
newIdentity.AddClaim(new Claim("newClaim", "refreshToken"));
var newTicket = new AuthenticationTicket(newIdentity, context.Ticket.Properties);
context.Validated(newTicket);
return Task.FromResult(0);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (var container = _container.GetNestedContainer())
{
var requestedAuthenticationType = context.Request.Query["type"];
var requiredAuthenticationType = (int)AuthenticationType.None;
if (string.IsNullOrEmpty(requestedAuthenticationType) || !int.TryParse(requestedAuthenticationType, out requiredAuthenticationType))
{
context.SetError("Authentication Type Missing", "Type parameter is required to check which type of user you are trying to authenticate with.");
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
var authenticationWorker = GetInstance<IAuthenticationWorker>(container);
var result = await authenticationWorker.AuthenticateAsync(new AuthenticationRequestViewModel
{
UserName = context.UserName,
Password = context.Password,
IpAddress = context.Request.RemoteIpAddress ?? "",
UserAgent = context.Request.Headers.ContainsKey("User-Agent") ? context.Request.Headers["User-Agent"] : ""
});
if (result.SignInStatus != SignInStatus.Success)
{
context.SetError(result.SignInStatus.ToString(), result.Message);
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return;
}
// After we have successfully logged in. Check the authentication type for the just authenticated user
var userAuthenticationType = (int)result.AuthenticatedUserViewModel.Type;
// Check if the auth types match
if (userAuthenticationType != requiredAuthenticationType)
{
context.SetError("Invalid Account", "InvalidAccountForPortal");
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return;
}
var identity = SetClaimsIdentity(context, result.AuthenticatedUserViewModel);
context.Validated(identity);
}
}
public override async Task TokenEndpointResponse(OAuthTokenEndpointResponseContext context)
{
using (var container = GetNestedContainer())
{
var email = context.Identity.FindFirst(ClaimTypes.UserData).Value;
var accessTokenHash = _hashLogic.HashInput(context.AccessToken);
var tokenStoreLogic = GetInstance<ITokenStoreLogic>(container);
await tokenStoreLogic.UpdateUserTokenAsync(email, accessTokenHash);
var authLogic = GetInstance<IAuthenticationLogic>(container);
var userDetail = await authLogic.GetDetailsAsync(email);
context.AdditionalResponseParameters.Add("user_id", email);
context.AdditionalResponseParameters.Add("user_name", userDetail.Name);
context.AdditionalResponseParameters.Add("user_known_as", userDetail.KnownAs);
context.AdditionalResponseParameters.Add("authentication_type", userDetail.Type);
}
await base.TokenEndpointResponse(context);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
return Task.FromResult(0);
}
private ClaimsIdentity SetClaimsIdentity(OAuthGrantResourceOwnerCredentialsContext context, AuthenticatedUserViewModel user)
{
var identity = new ClaimsIdentity(
new[]
{
new Claim(ClaimTypes.Name, context.UserName),
new Claim(ClaimTypes.SerialNumber, user.SerialNumber),
new Claim(ClaimTypes.UserData, user.Email.ToString(CultureInfo.InvariantCulture)),
new Claim(ClaimTypeUrls.AdminScope, user.Scope.ToString()),
new Claim(ClaimTypeUrls.DriverId, user.DriverId.ToString(CultureInfo.InvariantCulture)),
new Claim(ClaimTypeUrls.AdministratorId, user.AdministratorId.ToString(CultureInfo.InvariantCulture))
},
_authenticationType
);
//add roles
var roles = user.Roles;
foreach (var role in roles)
identity.AddClaim(new Claim(ClaimTypes.Role, role));
return identity;
}
}
How can I use Microsoft Fakes to mock User.Identity.Name when unit testing MVC 4 application with Visual Studio 2012.
I'm writing unit test for item create action method.
[HttpPost]
public ActionResult Create([Bind(Include = "Name")]Category category)
{
if (categoryService.IsNameExists(category.Name))
{
ModelState.AddModelError("Name", "Category name already exists!");
return View(category);
}
try
{
if (ModelState.IsValid)
{
UserProfile p = new UserProfile();
p.UserName = User.Identity.Name;
category.CreatedBy = p;
category.CreatedDate = DateTime.Now;
category.Active = true;
category.DeletedBy = null;
category = categoryService.SaveCategory(category);
return RedirectToAction("Index");
}
return View(category);
}
catch (DataException dex)
{
}
}
[TestMethod]
public void Create()
{
Category createdCategory = new Category();
ICategoryService service = new StubICategoryService()
{
SaveCategoryCategory = (category) => { return category; }
};
CategoryController controller = new CategoryController(service);
using (ShimsContext.Create())
{
System.Fakes.ShimDateTime.NowGet = () =>
{ return new DateTime(2000, 1, 1); };
ViewResult result = controller.Create(createdCategory) as ViewResult;
Assert.IsNotNull(result);
}
}
These are the action method and test method I have written. If there is better way to do this other than MS Fakes please tell me, (not another mocking framework).
Assuming you've added Fakes references for System.Web and System, you can do something like this inside your using (ShimsContext.Create()) block:
var context = new System.Web.Fakes.ShimHttpContext();
var user = new StubIPrincipal
{
IdentityGet = () =>
{
var identity = new StubIIdentity {NameGet = () => "foo"};
return identity;
}
};
context.UserGet = () => principal;
System.Web.Fakes.ShimHttpContext.CurrentGet = () => { return context; };
User is actually HttpContext.User. So you could use System.Fakes.ShimHttpContext to return a custom implementation of the whole IPrincipal containing the right Identity.Name...
I ended up with a similar answer to #Sven, but ended up stubbing the context instead of using a shim.
using (AccountController controller = new AccountController())
{
StubHttpContextBase stubHttpContext = new StubHttpContextBase();
controller.ControllerContext = new ControllerContext(stubHttpContext, new RouteData(), controller);
StubIPrincipal principal = new StubIPrincipal();
principal.IdentityGet = () =>
{
return new StubIIdentity
{
NameGet = () => "bob"
};
};
stubHttpContext.UserGet = () => principal;
}