using System; using System.Linq; using System.Collections.Generic; using System.Net; using System.Net.Http; using System.Threading.Tasks; using Microsoft.AspNetCore.Http.Internal; using Microsoft.AspNetCore.WebUtilities; using Microsoft.Extensions.Logging; using Xunit; namespace E2ETests { public partial class Validator { public async Task LoginWithMicrosoftAccount() { _httpClientHandler = new HttpClientHandler() { AllowAutoRedirect = false }; _httpClient = new HttpClient(_httpClientHandler) { BaseAddress = new Uri(_deploymentResult.ApplicationBaseUri) }; var response = await DoGetAsync("Account/Login"); await ThrowIfResponseStatusNotOk(response); var responseContent = await response.Content.ReadAsStringAsync(); _logger.LogInformation("Signing in with Microsoft account"); var formParameters = new List> { new KeyValuePair("provider", "Microsoft"), new KeyValuePair("returnUrl", "/"), new KeyValuePair("__RequestVerificationToken", HtmlDOMHelper.RetrieveAntiForgeryToken(responseContent, "/Account/ExternalLogin")), }; var content = new FormUrlEncodedContent(formParameters.ToArray()); response = await DoPostAsync("Account/ExternalLogin", content); Assert.StartsWith("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", response.Headers.Location.ToString()); var queryItems = new QueryCollection(QueryHelpers.ParseQuery(response.Headers.Location.Query)); Assert.Equal("code", queryItems["response_type"]); Assert.Equal("[ClientId]", queryItems["client_id"]); Assert.Equal(_deploymentResult.ApplicationBaseUri + "signin-microsoft", queryItems["redirect_uri"]); Assert.Equal("https://graph.microsoft.com/user.read wl.basic wl.signin", queryItems["scope"]); Assert.Equal("ValidStateData", queryItems["state"]); Assert.Equal("custom", queryItems["custom_redirect_uri"]); //Check for the correlation cookie Assert.NotEmpty( _httpClientHandler.CookieContainer.GetCookies(new Uri(_deploymentResult.ApplicationBaseUri)) .Cast() .Where(cookie => cookie.Name.StartsWith(".AspNetCore.Correlation.Microsoft"))); //This is just to generate a correlation cookie. Previous step would generate this cookie, but we have reset the handler now. _httpClientHandler = new HttpClientHandler(); _httpClient = new HttpClient(_httpClientHandler) { BaseAddress = new Uri(_deploymentResult.ApplicationBaseUri) }; response = await DoGetAsync("Account/Login"); responseContent = await response.Content.ReadAsStringAsync(); formParameters = new List> { new KeyValuePair("provider", "Microsoft"), new KeyValuePair("returnUrl", "/"), new KeyValuePair("__RequestVerificationToken", HtmlDOMHelper.RetrieveAntiForgeryToken(responseContent, "/Account/ExternalLogin")), }; content = new FormUrlEncodedContent(formParameters.ToArray()); response = await DoPostAsync("Account/ExternalLogin", content); //Post a message to the MicrosoftAccount middleware response = await DoGetAsync("signin-microsoft?code=ValidCode&state=ValidStateData"); await ThrowIfResponseStatusNotOk(response); responseContent = await response.Content.ReadAsStringAsync(); //Correlation cookie not getting cleared after successful signin? Assert.Null(_httpClientHandler.CookieContainer.GetCookies(new Uri(_deploymentResult.ApplicationBaseUri)).GetCookieWithName(".AspNetCore.Correlation.Microsoft")); Assert.Equal(_deploymentResult.ApplicationBaseUri + "Account/ExternalLoginCallback?ReturnUrl=%2F", response.RequestMessage.RequestUri.AbsoluteUri); formParameters = new List> { new KeyValuePair("Email", "microsoft@test.com"), new KeyValuePair("__RequestVerificationToken", HtmlDOMHelper.RetrieveAntiForgeryToken(responseContent, "/Account/ExternalLoginConfirmation?ReturnUrl=%2F")), }; content = new FormUrlEncodedContent(formParameters.ToArray()); response = await DoPostAsync("Account/ExternalLoginConfirmation", content); await ThrowIfResponseStatusNotOk(response); responseContent = await response.Content.ReadAsStringAsync(); Assert.Contains(string.Format("Hello {0}!", "microsoft@test.com"), responseContent, StringComparison.OrdinalIgnoreCase); Assert.Contains("Log off", responseContent, StringComparison.OrdinalIgnoreCase); //Verify cookie sent Assert.NotNull(_httpClientHandler.CookieContainer.GetCookies(new Uri(_deploymentResult.ApplicationBaseUri)).GetCookieWithName(IdentityCookieName)); Assert.Null(_httpClientHandler.CookieContainer.GetCookies(new Uri(_deploymentResult.ApplicationBaseUri)).GetCookieWithName(ExternalLoginCookieName)); _logger.LogInformation("Successfully signed in with user '{email}'", "microsoft@test.com"); _logger.LogInformation("Verifying if the middleware events were fired"); //Check for a non existing item response = await DoGetAsync(string.Format("Admin/StoreManager/GetAlbumIdFromName?albumName={0}", "123")); //This action requires admin permissions. If events are fired this permission is granted _logger.LogInformation(await response.Content.ReadAsStringAsync()); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); _logger.LogInformation("Middleware events were fired successfully"); } } }