Add scheme forwarding (authN policies) (#1625)
This commit is contained in:
Hao Kung
GitHub
parent
c1171cd3ff
commit
c0b8be58ba
|
|
@ -240,6 +240,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
|||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
var target = ResolveTarget(Options.ForwardSignIn);
|
||||
if (target != null)
|
||||
{
|
||||
await Context.SignInAsync(target, user, properties);
|
||||
return;
|
||||
}
|
||||
|
||||
properties = properties ?? new AuthenticationProperties();
|
||||
|
||||
_signInCalled = true;
|
||||
|
|
@ -322,6 +329,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
|||
|
||||
public async virtual Task SignOutAsync(AuthenticationProperties properties)
|
||||
{
|
||||
var target = ResolveTarget(Options.ForwardSignOut);
|
||||
if (target != null)
|
||||
{
|
||||
await Context.SignOutAsync(target, properties);
|
||||
return;
|
||||
}
|
||||
|
||||
properties = properties ?? new AuthenticationProperties();
|
||||
|
||||
_signOutCalled = true;
|
||||
|
|
|
|||
|
|
@ -155,6 +155,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
|
|||
/// <returns>A task executing the sign out procedure</returns>
|
||||
public async virtual Task SignOutAsync(AuthenticationProperties properties)
|
||||
{
|
||||
var target = ResolveTarget(Options.ForwardSignOut);
|
||||
if (target != null)
|
||||
{
|
||||
await Context.SignOutAsync(target, properties);
|
||||
return;
|
||||
}
|
||||
|
||||
properties = properties ?? new AuthenticationProperties();
|
||||
|
||||
Logger.EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(GetType().FullName);
|
||||
|
|
|
|||
|
|
@ -118,8 +118,24 @@ namespace Microsoft.AspNetCore.Authentication
|
|||
protected string BuildRedirectUri(string targetPath)
|
||||
=> Request.Scheme + "://" + Request.Host + OriginalPathBase + targetPath;
|
||||
|
||||
protected virtual string ResolveTarget(string scheme)
|
||||
{
|
||||
var target = scheme ?? Options.ForwardDefaultSelector?.Invoke(Context) ?? Options.ForwardDefault;
|
||||
|
||||
// Prevent self targetting
|
||||
return string.Equals(target, Scheme.Name, StringComparison.Ordinal)
|
||||
? null
|
||||
: target;
|
||||
}
|
||||
|
||||
public async Task<AuthenticateResult> AuthenticateAsync()
|
||||
{
|
||||
var target = ResolveTarget(Options.ForwardAuthenticate);
|
||||
if (target != null)
|
||||
{
|
||||
return await Context.AuthenticateAsync(target);
|
||||
}
|
||||
|
||||
// Calling Authenticate more than once should always return the original value.
|
||||
var result = await HandleAuthenticateOnceAsync();
|
||||
if (result?.Failure == null)
|
||||
|
|
@ -200,6 +216,13 @@ namespace Microsoft.AspNetCore.Authentication
|
|||
|
||||
public async Task ChallengeAsync(AuthenticationProperties properties)
|
||||
{
|
||||
var target = ResolveTarget(Options.ForwardChallenge);
|
||||
if (target != null)
|
||||
{
|
||||
await Context.ChallengeAsync(target, properties);
|
||||
return;
|
||||
}
|
||||
|
||||
properties = properties ?? new AuthenticationProperties();
|
||||
await HandleChallengeAsync(properties);
|
||||
Logger.AuthenticationSchemeChallenged(Scheme.Name);
|
||||
|
|
@ -207,6 +230,13 @@ namespace Microsoft.AspNetCore.Authentication
|
|||
|
||||
public async Task ForbidAsync(AuthenticationProperties properties)
|
||||
{
|
||||
var target = ResolveTarget(Options.ForwardForbid);
|
||||
if (target != null)
|
||||
{
|
||||
await Context.ForbidAsync(target, properties);
|
||||
return;
|
||||
}
|
||||
|
||||
properties = properties ?? new AuthenticationProperties();
|
||||
await HandleForbiddenAsync(properties);
|
||||
Logger.AuthenticationSchemeForbidden(Scheme.Name);
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace Microsoft.AspNetCore.Authentication
|
||||
{
|
||||
|
|
@ -36,5 +37,57 @@ namespace Microsoft.AspNetCore.Authentication
|
|||
/// If set, will be used as the service type to get the Events instance instead of the property.
|
||||
/// </summary>
|
||||
public Type EventsType { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// If set, this specifies a default scheme that authentication handlers should forward all authentication operations to
|
||||
/// by default. The default forwarding logic will check the most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut
|
||||
/// setting first, followed by checking the ForwardDefaultSelector, followed by ForwardDefault. The first non null result
|
||||
/// will be used as the target scheme to forward to.
|
||||
/// </summary>
|
||||
public string ForwardDefault { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// If set, this specifies the target scheme that this scheme should forward AuthenticateAsync calls to.
|
||||
/// For example Context.AuthenticateAsync("ThisScheme") => Context.AuthenticateAsync("ForwardAuthenticateValue");
|
||||
/// Set the target to the current scheme to disable forwarding and allow normal processing.
|
||||
/// </summary>
|
||||
public string ForwardAuthenticate { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// If set, this specifies the target scheme that this scheme should forward ChallengeAsync calls to.
|
||||
/// For example Context.ChallengeAsync("ThisScheme") => Context.ChallengeAsync("ForwardChallengeValue");
|
||||
/// Set the target to the current scheme to disable forwarding and allow normal processing.
|
||||
/// </summary>
|
||||
public string ForwardChallenge { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// If set, this specifies the target scheme that this scheme should forward ForbidAsync calls to.
|
||||
/// For example Context.ForbidAsync("ThisScheme") => Context.ForbidAsync("ForwardForbidValue");
|
||||
/// Set the target to the current scheme to disable forwarding and allow normal processing.
|
||||
/// </summary>
|
||||
public string ForwardForbid { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// If set, this specifies the target scheme that this scheme should forward SignInAsync calls to.
|
||||
/// For example Context.SignInAsync("ThisScheme") => Context.SignInAsync("ForwardSignInValue");
|
||||
/// Set the target to the current scheme to disable forwarding and allow normal processing.
|
||||
/// </summary>
|
||||
public string ForwardSignIn { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// If set, this specifies the target scheme that this scheme should forward SignOutAsync calls to.
|
||||
/// For example Context.SignOutAsync("ThisScheme") => Context.SignInAsync("ForwardSignOutValue");
|
||||
/// Set the target to the current scheme to disable forwarding and allow normal processing.
|
||||
/// </summary>
|
||||
public string ForwardSignOut { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Used to select a default scheme for the current request that authentication handlers should forward all authentication operations to
|
||||
/// by default. The default forwarding logic will check the most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut
|
||||
/// setting first, followed by checking the ForwardDefaultSelector, followed by ForwardDefault. The first non null result
|
||||
/// will be used as the target scheme to forward to.
|
||||
/// </summary>
|
||||
public Func<HttpContext, string> ForwardDefaultSelector { get; set; }
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System;
|
||||
using System.Diagnostics;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Net.Http;
|
||||
|
|
@ -11,6 +10,7 @@ using System.Security.Principal;
|
|||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using System.Xml.Linq;
|
||||
using Microsoft.AspNetCore.Authentication.Tests;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.DataProtection;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
|
|
@ -26,6 +26,416 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
|||
{
|
||||
private TestClock _clock = new TestClock();
|
||||
|
||||
[Fact]
|
||||
public async Task CanForwardDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("auth1", "auth1");
|
||||
})
|
||||
.AddCookie(o => o.ForwardDefault = "auth1");
|
||||
|
||||
var forwardDefault = new TestHandler();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, forwardDefault.SignOutCount);
|
||||
|
||||
await context.SignInAsync(new ClaimsPrincipal());
|
||||
Assert.Equal(1, forwardDefault.SignInCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignInWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddCookie(o =>
|
||||
{
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignIn = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.SignInAsync(new ClaimsPrincipal());
|
||||
Assert.Equal(1, specific.SignInCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignOutWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddCookie(o =>
|
||||
{
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardForbidWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddCookie(o =>
|
||||
{
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardAuthenticateWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddCookie(o =>
|
||||
{
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardChallengeWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
})
|
||||
.AddCookie(o =>
|
||||
{
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardChallenge = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSelectorWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddCookie(o =>
|
||||
{
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, selector.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, selector.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, selector.ChallengeCount);
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, selector.SignOutCount);
|
||||
|
||||
await context.SignInAsync(new ClaimsPrincipal());
|
||||
Assert.Equal(1, selector.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task NullForwardSelectorUsesDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddCookie(o =>
|
||||
{
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => null;
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, forwardDefault.SignOutCount);
|
||||
|
||||
await context.SignInAsync(new ClaimsPrincipal());
|
||||
Assert.Equal(1, forwardDefault.SignInCount);
|
||||
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task SpecificForwardWinsOverSelectorAndDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddCookie(o =>
|
||||
{
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
o.ForwardChallenge = "specific";
|
||||
o.ForwardSignIn = "specific";
|
||||
o.ForwardSignOut = "specific";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, specific.SignOutCount);
|
||||
|
||||
await context.SignInAsync(new ClaimsPrincipal());
|
||||
Assert.Equal(1, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task VerifySchemeDefaults()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -5,11 +5,13 @@ using System;
|
|||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Net.Http;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using System.Text.Encodings.Web;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OAuth;
|
||||
using Microsoft.AspNetCore.Authentication.Tests;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.DataProtection;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
|
|
@ -24,6 +26,401 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
|
|||
{
|
||||
public class FacebookTests
|
||||
{
|
||||
private void ConfigureDefaults(FacebookOptions o)
|
||||
{
|
||||
o.AppId = "whatever";
|
||||
o.AppSecret = "whatever";
|
||||
o.SignInScheme = "auth1";
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CanForwardDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("auth1", "auth1");
|
||||
})
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
});
|
||||
|
||||
var forwardDefault = new TestHandler();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignInThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignOutThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardForbidWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardAuthenticateWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardChallengeWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
})
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardChallenge = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSelectorWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, selector.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, selector.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, selector.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task NullForwardSelectorUsesDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => null;
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task SpecificForwardWinsOverSelectorAndDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
o.ForwardChallenge = "specific";
|
||||
o.ForwardSignIn = "specific";
|
||||
o.ForwardSignOut = "specific";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task VerifySignInSchemeCannotBeSetToSelf()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ using System.Text;
|
|||
using System.Text.Encodings.Web;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Authentication.OAuth;
|
||||
using Microsoft.AspNetCore.Authentication.Tests;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.DataProtection;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
|
|
@ -24,6 +25,401 @@ namespace Microsoft.AspNetCore.Authentication.Google
|
|||
{
|
||||
public class GoogleTests
|
||||
{
|
||||
private void ConfigureDefaults(GoogleOptions o)
|
||||
{
|
||||
o.ClientId = "whatever";
|
||||
o.ClientSecret = "whatever";
|
||||
o.SignInScheme = "auth1";
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CanForwardDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("auth1", "auth1");
|
||||
})
|
||||
.AddGoogle(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
});
|
||||
|
||||
var forwardDefault = new TestHandler();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignInThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddGoogle(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignOutThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddGoogle(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardForbidWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddGoogle(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardAuthenticateWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddGoogle(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardChallengeWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
})
|
||||
.AddGoogle(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardChallenge = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSelectorWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddGoogle(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, selector.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, selector.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, selector.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task NullForwardSelectorUsesDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddGoogle(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => null;
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task SpecificForwardWinsOverSelectorAndDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddGoogle(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
o.ForwardChallenge = "specific";
|
||||
o.ForwardSignIn = "specific";
|
||||
o.ForwardSignOut = "specific";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task VerifySignInSchemeCannotBeSetToSelf()
|
||||
{
|
||||
|
|
@ -1061,18 +1457,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
|
|||
.ConfigureServices(services =>
|
||||
{
|
||||
services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
|
||||
services.AddAuthentication("Auth")
|
||||
.AddVirtualScheme("Auth", "Auth", o =>
|
||||
{
|
||||
o.Default = TestExtensions.CookieAuthenticationScheme;
|
||||
o.Challenge = GoogleDefaults.AuthenticationScheme;
|
||||
})
|
||||
.AddCookie(TestExtensions.CookieAuthenticationScheme)
|
||||
services.AddAuthentication(TestExtensions.CookieAuthenticationScheme)
|
||||
.AddCookie(TestExtensions.CookieAuthenticationScheme, o => o.ForwardChallenge = GoogleDefaults.AuthenticationScheme)
|
||||
.AddGoogle(configureOptions)
|
||||
.AddFacebook(o =>
|
||||
{
|
||||
o.AppId = "Test AppId";
|
||||
o.AppSecret = "Test AppSecrent";
|
||||
o.ClientId = "Test ClientId";
|
||||
o.ClientSecret = "Test AppSecrent";
|
||||
});
|
||||
});
|
||||
return new TestServer(builder);
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Net.Http;
|
||||
|
|
@ -11,14 +10,13 @@ using System.Security.Claims;
|
|||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using System.Xml.Linq;
|
||||
using Microsoft.AspNetCore.Authentication.Tests;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.TestHost;
|
||||
using Microsoft.AspNetCore.Testing.xunit;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using Xunit;
|
||||
|
||||
|
|
@ -26,6 +24,401 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
|
|||
{
|
||||
public class JwtBearerTests
|
||||
{
|
||||
private void ConfigureDefaults(JwtBearerOptions o)
|
||||
{
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CanForwardDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("auth1", "auth1");
|
||||
})
|
||||
.AddJwtBearer(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
});
|
||||
|
||||
var forwardDefault = new TestHandler();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignInThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddJwtBearer(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignOutThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddJwtBearer(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardForbidWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
o.DefaultSignInScheme = "auth1";
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddJwtBearer(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardAuthenticateWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
o.DefaultSignInScheme = "auth1";
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddJwtBearer(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardChallengeWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
o.DefaultSignInScheme = "auth1";
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
})
|
||||
.AddJwtBearer(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardChallenge = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSelectorWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddJwtBearer(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, selector.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, selector.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, selector.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task NullForwardSelectorUsesDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddJwtBearer(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => null;
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task SpecificForwardWinsOverSelectorAndDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddJwtBearer(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
o.ForwardChallenge = "specific";
|
||||
o.ForwardSignIn = "specific";
|
||||
o.ForwardSignOut = "specific";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task VerifySchemeDefaults()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -27,6 +27,401 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
|
|||
{
|
||||
public class MicrosoftAccountTests
|
||||
{
|
||||
private void ConfigureDefaults(MicrosoftAccountOptions o)
|
||||
{
|
||||
o.ClientId = "whatever";
|
||||
o.ClientSecret = "whatever";
|
||||
o.SignInScheme = "auth1";
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CanForwardDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("auth1", "auth1");
|
||||
})
|
||||
.AddMicrosoftAccount(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
});
|
||||
|
||||
var forwardDefault = new TestHandler();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignInThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddMicrosoftAccount(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignOutThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddMicrosoftAccount(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardForbidWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddMicrosoftAccount(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardAuthenticateWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddMicrosoftAccount(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardChallengeWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
})
|
||||
.AddMicrosoftAccount(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardChallenge = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSelectorWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddMicrosoftAccount(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, selector.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, selector.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, selector.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task NullForwardSelectorUsesDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddMicrosoftAccount(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => null;
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task SpecificForwardWinsOverSelectorAndDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddMicrosoftAccount(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
o.ForwardChallenge = "specific";
|
||||
o.ForwardSignIn = "specific";
|
||||
o.ForwardSignOut = "specific";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task VerifySignInSchemeCannotBeSetToSelf()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -4,20 +4,416 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Net;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.Tests;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.TestHost;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Net.Http.Headers;
|
||||
using Xunit;
|
||||
|
||||
namespace Microsoft.AspNetCore.Authentication.OAuth
|
||||
{
|
||||
public class OAuthTests
|
||||
{
|
||||
[Fact]
|
||||
public async Task CanForwardDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = "default";
|
||||
o.AddScheme<TestHandler>("auth1", "auth1");
|
||||
})
|
||||
.AddOAuth("default", o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.SignInScheme = "auth1";
|
||||
o.ForwardDefault = "auth1";
|
||||
});
|
||||
|
||||
var forwardDefault = new TestHandler();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignInThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = "default";
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOAuth("default", o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.SignInScheme = "auth1";
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignOutThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = "default";
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOAuth("default", o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.SignInScheme = "auth1";
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardForbidWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = "default";
|
||||
o.DefaultSignInScheme = "auth1";
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOAuth("default", o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardAuthenticateWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = "default";
|
||||
o.DefaultSignInScheme = "auth1";
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOAuth("default", o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardChallengeWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = "default";
|
||||
o.DefaultSignInScheme = "auth1";
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
})
|
||||
.AddOAuth("default", o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardChallenge = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSelectorWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = "default";
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOAuth("default", o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, selector.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, selector.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, selector.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task NullForwardSelectorUsesDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = "default";
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOAuth("default", o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => null;
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task SpecificForwardWinsOverSelectorAndDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = "default";
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOAuth("default", o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
o.ForwardChallenge = "specific";
|
||||
o.ForwardSignIn = "specific";
|
||||
o.ForwardSignOut = "specific";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
}
|
||||
|
||||
|
||||
[Fact]
|
||||
public async Task VerifySignInSchemeCannotBeSetToSelf()
|
||||
{
|
||||
|
|
@ -131,12 +527,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
|
|||
"Weblie",
|
||||
opt =>
|
||||
{
|
||||
opt.ClientId = "Test Id";
|
||||
opt.ClientSecret = "secret";
|
||||
opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
opt.AuthorizationEndpoint = "https://example.com/provider/login";
|
||||
opt.TokenEndpoint = "https://example.com/provider/token";
|
||||
opt.CallbackPath = "/oauth-callback";
|
||||
ConfigureDefaults(opt);
|
||||
}),
|
||||
async ctx =>
|
||||
{
|
||||
|
|
@ -162,12 +553,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
|
|||
"Weblie",
|
||||
opt =>
|
||||
{
|
||||
opt.ClientId = "Test Id";
|
||||
opt.ClientSecret = "secret";
|
||||
opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
opt.AuthorizationEndpoint = "https://example.com/provider/login";
|
||||
opt.TokenEndpoint = "https://example.com/provider/token";
|
||||
opt.CallbackPath = "/oauth-callback";
|
||||
ConfigureDefaults(opt);
|
||||
opt.CorrelationCookie.Path = "/";
|
||||
}),
|
||||
async ctx =>
|
||||
|
|
@ -186,6 +572,16 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
|
|||
Assert.Contains("path=/", correlation);
|
||||
}
|
||||
|
||||
private void ConfigureDefaults(OAuthOptions o)
|
||||
{
|
||||
o.ClientId = "Test Id";
|
||||
o.ClientSecret = "secret";
|
||||
o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
o.AuthorizationEndpoint = "https://example.com/provider/login";
|
||||
o.TokenEndpoint = "https://example.com/provider/token";
|
||||
o.CallbackPath = "/oauth-callback";
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task RemoteAuthenticationFailed_OAuthError_IncludesProperties()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -3,10 +3,13 @@
|
|||
|
||||
using System;
|
||||
using System.Net;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
using Microsoft.AspNetCore.Authentication.Tests;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.TestHost;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Xunit;
|
||||
|
|
@ -15,6 +18,421 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
|
|||
{
|
||||
public class OpenIdConnectConfigurationTests
|
||||
{
|
||||
private void ConfigureDefaults(OpenIdConnectOptions o)
|
||||
{
|
||||
o.Authority = TestServerBuilder.DefaultAuthority;
|
||||
o.ClientId = "Test Id";
|
||||
o.ClientSecret = "Test Secret";
|
||||
o.SignInScheme = "auth1";
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CanForwardDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("auth1", "auth1");
|
||||
})
|
||||
.AddOpenIdConnect(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
});
|
||||
|
||||
var forwardDefault = new TestHandler();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, forwardDefault.SignOutCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignInThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOpenIdConnect(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignOutWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOpenIdConnect(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardForbidWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOpenIdConnect(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardAuthenticateWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOpenIdConnect(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardChallengeWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
})
|
||||
.AddOpenIdConnect(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardChallenge = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSelectorWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOpenIdConnect(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, selector.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, selector.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, selector.ChallengeCount);
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, selector.SignOutCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task NullForwardSelectorUsesDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOpenIdConnect(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => null;
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, forwardDefault.SignOutCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task SpecificForwardWinsOverSelectorAndDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddOpenIdConnect(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
o.ForwardChallenge = "specific";
|
||||
o.ForwardSignIn = "specific";
|
||||
o.ForwardSignOut = "specific";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
|
||||
await context.SignOutAsync();
|
||||
Assert.Equal(1, specific.SignOutCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task MetadataAddressIsGeneratedFromAuthorityWhenMissing()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -0,0 +1,115 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
|
||||
|
||||
using System.Security.Claims;
|
||||
using System.Text.Encodings.Web;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace Microsoft.AspNetCore.Authentication.Tests
|
||||
{
|
||||
public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>, IAuthenticationSignInHandler
|
||||
{
|
||||
public TestAuthHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
|
||||
{ }
|
||||
|
||||
public int SignInCount { get; set; }
|
||||
public int SignOutCount { get; set; }
|
||||
public int ForbidCount { get; set; }
|
||||
public int ChallengeCount { get; set; }
|
||||
public int AuthenticateCount { get; set; }
|
||||
|
||||
protected override Task HandleChallengeAsync(AuthenticationProperties properties)
|
||||
{
|
||||
ChallengeCount++;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
protected override Task HandleForbiddenAsync(AuthenticationProperties properties)
|
||||
{
|
||||
ForbidCount++;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
|
||||
{
|
||||
AuthenticateCount++;
|
||||
var principal = new ClaimsPrincipal();
|
||||
var id = new ClaimsIdentity();
|
||||
id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
|
||||
principal.AddIdentity(id);
|
||||
return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
|
||||
}
|
||||
|
||||
public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
|
||||
{
|
||||
SignInCount++;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
public Task SignOutAsync(AuthenticationProperties properties)
|
||||
{
|
||||
SignOutCount++;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
}
|
||||
|
||||
public class TestHandler : IAuthenticationSignInHandler
|
||||
{
|
||||
public AuthenticationScheme Scheme { get; set; }
|
||||
public int SignInCount { get; set; }
|
||||
public int SignOutCount { get; set; }
|
||||
public int ForbidCount { get; set; }
|
||||
public int ChallengeCount { get; set; }
|
||||
public int AuthenticateCount { get; set; }
|
||||
|
||||
public Task<AuthenticateResult> AuthenticateAsync()
|
||||
{
|
||||
AuthenticateCount++;
|
||||
var principal = new ClaimsPrincipal();
|
||||
var id = new ClaimsIdentity();
|
||||
id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
|
||||
principal.AddIdentity(id);
|
||||
return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
|
||||
}
|
||||
|
||||
public Task ChallengeAsync(AuthenticationProperties properties)
|
||||
{
|
||||
ChallengeCount++;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
public Task ForbidAsync(AuthenticationProperties properties)
|
||||
{
|
||||
ForbidCount++;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
|
||||
{
|
||||
Scheme = scheme;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
|
||||
{
|
||||
SignInCount++;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
public Task SignOutAsync(AuthenticationProperties properties)
|
||||
{
|
||||
SignOutCount++;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
}
|
||||
|
||||
public class TestHandler2 : TestHandler
|
||||
{
|
||||
}
|
||||
|
||||
public class TestHandler3 : TestHandler
|
||||
{
|
||||
}
|
||||
}
|
||||
|
|
@ -7,6 +7,7 @@ using System.Net.Http;
|
|||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Authentication.Tests;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
|
@ -19,6 +20,401 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
|
|||
{
|
||||
public class TwitterTests
|
||||
{
|
||||
private void ConfigureDefaults(TwitterOptions o)
|
||||
{
|
||||
o.ConsumerKey = "whatever";
|
||||
o.ConsumerSecret = "whatever";
|
||||
o.SignInScheme = "auth1";
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CanForwardDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("auth1", "auth1");
|
||||
})
|
||||
.AddTwitter(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
});
|
||||
|
||||
var forwardDefault = new TestHandler();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignInThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddTwitter(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSignOutThrows()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddTwitter(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardSignOut = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardForbidWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddTwitter(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardAuthenticateWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddTwitter(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardChallengeWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
})
|
||||
.AddTwitter(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardChallenge = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task ForwardSelectorWinsOverDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddTwitter(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, selector.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, selector.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, selector.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task NullForwardSelectorUsesDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddTwitter(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => null;
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, forwardDefault.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, forwardDefault.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, forwardDefault.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
Assert.Equal(0, specific.AuthenticateCount);
|
||||
Assert.Equal(0, specific.ForbidCount);
|
||||
Assert.Equal(0, specific.ChallengeCount);
|
||||
Assert.Equal(0, specific.SignInCount);
|
||||
Assert.Equal(0, specific.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task SpecificForwardWinsOverSelectorAndDefault()
|
||||
{
|
||||
var services = new ServiceCollection().AddLogging();
|
||||
services.AddAuthentication(o =>
|
||||
{
|
||||
o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
|
||||
o.AddScheme<TestHandler2>("auth1", "auth1");
|
||||
o.AddScheme<TestHandler3>("selector", "selector");
|
||||
o.AddScheme<TestHandler>("specific", "specific");
|
||||
})
|
||||
.AddTwitter(o =>
|
||||
{
|
||||
ConfigureDefaults(o);
|
||||
o.ForwardDefault = "auth1";
|
||||
o.ForwardDefaultSelector = _ => "selector";
|
||||
o.ForwardAuthenticate = "specific";
|
||||
o.ForwardChallenge = "specific";
|
||||
o.ForwardSignIn = "specific";
|
||||
o.ForwardSignOut = "specific";
|
||||
o.ForwardForbid = "specific";
|
||||
});
|
||||
|
||||
var specific = new TestHandler();
|
||||
services.AddSingleton(specific);
|
||||
var forwardDefault = new TestHandler2();
|
||||
services.AddSingleton(forwardDefault);
|
||||
var selector = new TestHandler3();
|
||||
services.AddSingleton(selector);
|
||||
|
||||
var sp = services.BuildServiceProvider();
|
||||
var context = new DefaultHttpContext();
|
||||
context.RequestServices = sp;
|
||||
|
||||
await context.AuthenticateAsync();
|
||||
Assert.Equal(1, specific.AuthenticateCount);
|
||||
|
||||
await context.ForbidAsync();
|
||||
Assert.Equal(1, specific.ForbidCount);
|
||||
|
||||
await context.ChallengeAsync();
|
||||
Assert.Equal(1, specific.ChallengeCount);
|
||||
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
|
||||
|
||||
Assert.Equal(0, forwardDefault.AuthenticateCount);
|
||||
Assert.Equal(0, forwardDefault.ForbidCount);
|
||||
Assert.Equal(0, forwardDefault.ChallengeCount);
|
||||
Assert.Equal(0, forwardDefault.SignInCount);
|
||||
Assert.Equal(0, forwardDefault.SignOutCount);
|
||||
Assert.Equal(0, selector.AuthenticateCount);
|
||||
Assert.Equal(0, selector.ForbidCount);
|
||||
Assert.Equal(0, selector.ChallengeCount);
|
||||
Assert.Equal(0, selector.SignInCount);
|
||||
Assert.Equal(0, selector.SignOutCount);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task VerifySignInSchemeCannotBeSetToSelf()
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue