100 lines
6.0 KiB
C#
100 lines
6.0 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Collections.Generic;
|
|
using System.Net;
|
|
using System.Net.Http;
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNetCore.Http.Internal;
|
|
using Microsoft.AspNetCore.WebUtilities;
|
|
using Microsoft.Extensions.Logging;
|
|
using Xunit;
|
|
|
|
namespace E2ETests
|
|
{
|
|
public partial class Validator
|
|
{
|
|
public async Task LoginWithMicrosoftAccount()
|
|
{
|
|
_httpClientHandler = new HttpClientHandler() { AllowAutoRedirect = false };
|
|
_httpClient = new HttpClient(_httpClientHandler) { BaseAddress = new Uri(_deploymentResult.ApplicationBaseUri) };
|
|
|
|
var response = await DoGetAsync("Account/Login");
|
|
await ThrowIfResponseStatusNotOk(response);
|
|
var responseContent = await response.Content.ReadAsStringAsync();
|
|
_logger.LogInformation("Signing in with Microsoft account");
|
|
var formParameters = new List<KeyValuePair<string, string>>
|
|
{
|
|
new KeyValuePair<string, string>("provider", "Microsoft"),
|
|
new KeyValuePair<string, string>("returnUrl", "/"),
|
|
new KeyValuePair<string, string>("__RequestVerificationToken", HtmlDOMHelper.RetrieveAntiForgeryToken(responseContent, "/Account/ExternalLogin")),
|
|
};
|
|
|
|
var content = new FormUrlEncodedContent(formParameters.ToArray());
|
|
response = await DoPostAsync("Account/ExternalLogin", content);
|
|
Assert.StartsWith("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", response.Headers.Location.ToString());
|
|
var queryItems = new QueryCollection(QueryHelpers.ParseQuery(response.Headers.Location.Query));
|
|
Assert.Equal<string>("code", queryItems["response_type"]);
|
|
Assert.Equal<string>("[ClientId]", queryItems["client_id"]);
|
|
Assert.Equal<string>(_deploymentResult.ApplicationBaseUri + "signin-microsoft", queryItems["redirect_uri"]);
|
|
Assert.Equal<string>("https://graph.microsoft.com/user.read wl.basic wl.signin", queryItems["scope"]);
|
|
Assert.Equal<string>("ValidStateData", queryItems["state"]);
|
|
Assert.Equal<string>("custom", queryItems["custom_redirect_uri"]);
|
|
|
|
//Check for the correlation cookie
|
|
Assert.NotEmpty(
|
|
_httpClientHandler.CookieContainer.GetCookies(new Uri(_deploymentResult.ApplicationBaseUri))
|
|
.Cast<Cookie>()
|
|
.Where(cookie => cookie.Name.StartsWith(".AspNetCore.Correlation.Microsoft")));
|
|
|
|
//This is just to generate a correlation cookie. Previous step would generate this cookie, but we have reset the handler now.
|
|
_httpClientHandler = new HttpClientHandler();
|
|
_httpClient = new HttpClient(_httpClientHandler) { BaseAddress = new Uri(_deploymentResult.ApplicationBaseUri) };
|
|
|
|
response = await DoGetAsync("Account/Login");
|
|
responseContent = await response.Content.ReadAsStringAsync();
|
|
formParameters = new List<KeyValuePair<string, string>>
|
|
{
|
|
new KeyValuePair<string, string>("provider", "Microsoft"),
|
|
new KeyValuePair<string, string>("returnUrl", "/"),
|
|
new KeyValuePair<string, string>("__RequestVerificationToken", HtmlDOMHelper.RetrieveAntiForgeryToken(responseContent, "/Account/ExternalLogin")),
|
|
};
|
|
|
|
content = new FormUrlEncodedContent(formParameters.ToArray());
|
|
response = await DoPostAsync("Account/ExternalLogin", content);
|
|
//Post a message to the MicrosoftAccount middleware
|
|
response = await DoGetAsync("signin-microsoft?code=ValidCode&state=ValidStateData");
|
|
await ThrowIfResponseStatusNotOk(response);
|
|
responseContent = await response.Content.ReadAsStringAsync();
|
|
|
|
//Correlation cookie not getting cleared after successful signin?
|
|
Assert.Null(_httpClientHandler.CookieContainer.GetCookies(new Uri(_deploymentResult.ApplicationBaseUri)).GetCookieWithName(".AspNetCore.Correlation.Microsoft"));
|
|
Assert.Equal(_deploymentResult.ApplicationBaseUri + "Account/ExternalLoginCallback?ReturnUrl=%2F", response.RequestMessage.RequestUri.AbsoluteUri);
|
|
|
|
formParameters = new List<KeyValuePair<string, string>>
|
|
{
|
|
new KeyValuePair<string, string>("Email", "microsoft@test.com"),
|
|
new KeyValuePair<string, string>("__RequestVerificationToken", HtmlDOMHelper.RetrieveAntiForgeryToken(responseContent, "/Account/ExternalLoginConfirmation?ReturnUrl=%2F")),
|
|
};
|
|
|
|
content = new FormUrlEncodedContent(formParameters.ToArray());
|
|
response = await DoPostAsync("Account/ExternalLoginConfirmation", content);
|
|
await ThrowIfResponseStatusNotOk(response);
|
|
responseContent = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.Contains(string.Format("Hello {0}!", "microsoft@test.com"), responseContent, StringComparison.OrdinalIgnoreCase);
|
|
Assert.Contains("Log off", responseContent, StringComparison.OrdinalIgnoreCase);
|
|
//Verify cookie sent
|
|
Assert.NotNull(_httpClientHandler.CookieContainer.GetCookies(new Uri(_deploymentResult.ApplicationBaseUri)).GetCookieWithName(IdentityCookieName));
|
|
Assert.Null(_httpClientHandler.CookieContainer.GetCookies(new Uri(_deploymentResult.ApplicationBaseUri)).GetCookieWithName(ExternalLoginCookieName));
|
|
_logger.LogInformation("Successfully signed in with user '{email}'", "microsoft@test.com");
|
|
|
|
_logger.LogInformation("Verifying if the middleware events were fired");
|
|
//Check for a non existing item
|
|
response = await DoGetAsync(string.Format("Admin/StoreManager/GetAlbumIdFromName?albumName={0}", "123"));
|
|
//This action requires admin permissions. If events are fired this permission is granted
|
|
_logger.LogInformation(await response.Content.ReadAsStringAsync());
|
|
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
|
_logger.LogInformation("Middleware events were fired successfully");
|
|
}
|
|
}
|
|
} |