Elgato_dark/products
1
0
Fork 0
mirror of https://github.com/DuendeSoftware/products synced 2026-05-24 09:28:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #2244 from DuendeSoftware/pg/test-revert

Browse source 
Revert "Merge pull request #2241 from DuendeSoftware/dh/ms-test-platform
This commit is contained in:
Pieter Germishuys 2025-10-15 19:34:50 +02:00 committed by GitHub
commit a909a6cf75
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
136 changed files with 1975 additions and 1870 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflow-gen/StepExtensions.cs vendored
View file

@ -18,7 +18,7 @@ public static class StepExtensions
job.Step()
.Name("Setup .NET")
.ActionsSetupDotNet("3e891b0cb619bf60e2c25674b222b8940e2c1c25", ["8.0.x", "9.0.203", "10.0.100-rc.2.25502.107"]);
.ActionsSetupDotNet("3e891b0cb619bf60e2c25674b222b8940e2c1c25", ["8.0.x", "9.0.203", "10.0.100-rc.1.25451.107"]);
// v4.1.0
}

8
.github/workflows/aspnetcore-authentication-jwtbearer-ci.yml vendored
View file

@ -53,7 +53,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore aspnetcore-authentication-jwtbearer.slnf
- name: Verify Formatting
@ -85,7 +85,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore aspnetcore-authentication-jwtbearer.slnf
- name: Build
@ -155,7 +155,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore aspnetcore-authentication-jwtbearer.slnf
- name: Build
@ -198,7 +198,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Tool restore
run: dotnet tool restore
- name: Pack aspnetcore-authentication-jwtbearer.slnf

4
.github/workflows/aspnetcore-authentication-jwtbearer-release.yml vendored
View file

@ -68,7 +68,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Pack aspnetcore-authentication-jwtbearer.slnf
run: dotnet pack -c Release aspnetcore-authentication-jwtbearer.slnf -o artifacts
- name: Tool restore
@ -110,7 +110,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: List files
run: tree
shell: bash

20
.github/workflows/bff-ci.yml vendored
View file

@ -53,7 +53,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore bff.slnf
- name: Verify Formatting
@ -85,7 +85,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore bff.slnf
- name: Build
@ -134,11 +134,15 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore bff.slnf
- name: Build
run: dotnet build bff.slnf --no-restore -c Release
# This build is using Debug config because of a known issue in net10.0 rc1
# https://github.com/dotnet/aspnetcore/issues/63364
# We do not intend to keep using Debug config after it is fixed in net10.0 rc2.
# Re-generating the workflows with workflow-gen will overwrite this.
run: dotnet build bff.slnf --no-restore -c Debug
- id: playwright-cache
name: Cache Playwright assets
uses: actions/cache@v4
@ -148,11 +152,11 @@ jobs:
restore-keys: playwright-${{ runner.os }}-
- name: Install Playwright
if: steps.playwright-cache.outputs.cache-hit != 'true'
run: pwsh test/Hosts.Tests/bin/Release/net10.0/playwright.ps1 install --with-deps
run: pwsh test/Hosts.Tests/bin/Debug/net10.0/playwright.ps1 install --with-deps
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/Hosts.Tests
run: dotnet test test/Hosts.Tests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/Hosts.Tests-tests.trx" --collect:"XPlat Code Coverage"
run: dotnet test test/Hosts.Tests -c Debug --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/Hosts.Tests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-Hosts-Tests
name: Test report - test/Hosts.Tests
if: github.event_name == 'push' && (success() || failure())
@ -202,7 +206,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore bff.slnf
- name: Build
@ -245,7 +249,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Tool restore
run: dotnet tool restore
- name: Pack bff.slnf

4
.github/workflows/bff-release.yml vendored
View file

@ -68,7 +68,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Pack bff.slnf
run: dotnet pack -c Release bff.slnf -o artifacts
- name: Tool restore
@ -110,7 +110,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: List files
run: tree
shell: bash

20
.github/workflows/identity-server-ci.yml vendored
View file

@ -53,7 +53,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore identity-server.slnf
- name: Verify Formatting
@ -85,7 +85,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore identity-server.slnf
- name: Build
@ -148,11 +148,15 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore identity-server.slnf
- name: Build
run: dotnet build identity-server.slnf --no-restore -c Release
# This build is using Debug config because of a known issue in net10.0 rc1
# https://github.com/dotnet/aspnetcore/issues/63364
# We do not intend to keep using Debug config after it is fixed in net10.0 rc2.
# Re-generating the workflows with workflow-gen will overwrite this.
run: dotnet build identity-server.slnf --no-restore -c Debug
- id: playwright-cache
name: Cache Playwright assets
uses: actions/cache@v4
@ -162,11 +166,11 @@ jobs:
restore-keys: playwright-${{ runner.os }}-
- name: Install Playwright
if: steps.playwright-cache.outputs.cache-hit != 'true'
run: pwsh test/IdentityServer.EndToEndTests/bin/Release/net10.0/playwright.ps1 install --with-deps
run: pwsh test/IdentityServer.EndToEndTests/bin/Debug/net10.0/playwright.ps1 install --with-deps
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/IdentityServer.EndToEndTests
run: dotnet test test/IdentityServer.EndToEndTests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/IdentityServer.EndToEndTests-tests.trx" --collect:"XPlat Code Coverage"
run: dotnet test test/IdentityServer.EndToEndTests -c Debug --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/IdentityServer.EndToEndTests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-IdentityServer-EndToEndTests
name: Test report - test/IdentityServer.EndToEndTests
if: github.event_name == 'push' && (success() || failure())
@ -216,7 +220,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Restore
run: dotnet restore identity-server.slnf
- name: Build
@ -259,7 +263,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Tool restore
run: dotnet tool restore
- name: Pack identity-server.slnf

4
.github/workflows/identity-server-release.yml vendored
View file

@ -68,7 +68,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Pack identity-server.slnf
run: dotnet pack -c Release identity-server.slnf -o artifacts
- name: Tool restore
@ -110,7 +110,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: List files
run: tree
shell: bash

4
.github/workflows/templates-release.yml vendored
View file

@ -46,7 +46,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: Checkout target branch
if: github.event.inputs.branch != 'main'
run: git checkout ${{ github.event.inputs.branch }}
@ -110,7 +110,7 @@ jobs:
dotnet-version: |-
8.0.x
9.0.203
10.0.100-rc.2.25502.107
10.0.100-rc.1.25451.107
- name: List files
run: tree
shell: bash

38
Directory.Packages.props
View file

@ -22,15 +22,15 @@
<LoggingAbstractionsVersion>9.0.9</LoggingAbstractionsVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(TargetFramework)' == 'net10.0'">
<FrameworkVersion>10.0.0-rc.2.25502.107</FrameworkVersion>
<EFCoreVersion>10.0.0-rc.2.25502.107</EFCoreVersion>
<IdentityEFCoreVersion>10.0.0-rc.2.25502.107</IdentityEFCoreVersion>
<RuntimeCompilationVersion>10.0.0-rc.2.25502.107</RuntimeCompilationVersion>
<AuthenticationCertificateVersion>10.0.0-rc.2.25502.107</AuthenticationCertificateVersion>
<FrameworkVersion>10.0.0-rc.1.25451.107</FrameworkVersion>
<EFCoreVersion>10.0.0-rc.1.25451.107</EFCoreVersion>
<IdentityEFCoreVersion>10.0.0-rc.1.25451.107</IdentityEFCoreVersion>
<RuntimeCompilationVersion>10.0.0-rc.1.25451.107</RuntimeCompilationVersion>
<AuthenticationCertificateVersion>10.0.0-rc.1.25451.107</AuthenticationCertificateVersion>
<IdentityModelVersion>8.0.1</IdentityModelVersion>
<CachingMemoryVersion>10.0.0-rc.2.25502.107</CachingMemoryVersion>
<SystemTextJsonVersion>10.0.0-rc.2.25502.107</SystemTextJsonVersion>
<LoggingAbstractionsVersion>10.0.0-rc.2.25502.107</LoggingAbstractionsVersion>
<CachingMemoryVersion>10.0.0-rc.1.25451.107</CachingMemoryVersion>
<SystemTextJsonVersion>10.0.0-rc.1.25451.107</SystemTextJsonVersion>
<LoggingAbstractionsVersion>10.0.0-rc.1.25451.107</LoggingAbstractionsVersion>
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="AngleSharp" Version="1.1.2" />
@ -39,6 +39,7 @@
<PackageVersion Include="Aspire.Hosting.SqlServer" Version="9.5.0" />
<PackageVersion Include="BenchmarkDotNet" Version="0.15.0" />
<PackageVersion Include="BullsEye" Version="5.0.0" />
<PackageVersion Include="coverlet.collector" Version="6.0.2" />
<!-- Added aspire transitive package to resolve package vulnerability -->
<PackageVersion Include="KubernetesClient" Version="17.0.14" />
<PackageVersion Include="Duende.AccessTokenManagement" Version="3.2.0" Condition="'$(IsBffProject)' == 'true'" />
@ -53,7 +54,7 @@
<PackageVersion Include="Duende.IdentityServer" Version="7.1.0" />
<PackageVersion Include="Duende.Private.Licensing" Version="1.0.0" />
<PackageVersion Include="IdentityModel.AspNetCore.OAuth2Introspection" Version="6.2.0" />
<PackageVersion Include="MartinCostello.Logging.XUnit.v3" Version="0.6.0" />
<PackageVersion Include="Meziantou.Extensions.Logging.Xunit" Version="1.0.8" />
<PackageVersion Include="Microsoft.AspNetCore.Authentication.Certificate" Version="$(AuthenticationCertificateVersion)" />
<PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="$(FrameworkVersion)" />
<PackageVersion Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="$(FrameworkVersion)" />
@ -97,10 +98,10 @@
<PackageVersion Include="Microsoft.IdentityModel.Logging" Version="$(IdentityModelVersion)" />
<PackageVersion Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelVersion)" />
<PackageVersion Include="Microsoft.Net.Http.Headers" Version="9.0.6" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
<PackageVersion Include="Microsoft.NETCore.Jit" Version="2.0.8" />
<PackageVersion Include="Microsoft.Playwright" Version="1.55.0" />
<PackageVersion Include="Microsoft.Playwright.Xunit.v3" Version="1.55.0" />
<PackageVersion Include="Microsoft.Testing.Platform.MSBuild" Version="1.8.4" />
<PackageVersion Include="Microsoft.Playwright.Xunit" Version="1.50.0" />
<PackageVersion Include="Microsoft.SourceLink.GitHub" Version="8.0.0" />
<PackageVersion Include="MinVer" Version="6.0.0" />
<PackageVersion Include="NBomber" Version="6.0.2" />
<PackageVersion Include="NBomber.Http" Version="6.0.2" />
@ -116,13 +117,13 @@
<PackageVersion Include="OpenTelemetry" Version="1.12.0" />
<PackageVersion Include="PublicApiGenerator" Version="11.1.0" />
<PackageVersion Include="RichardSzalay.MockHttp" Version="7.0.0" />
<PackageVersion Include="Serilog" Version="4.3.0" />
<PackageVersion Include="Serilog" Version="4.2.0" />
<PackageVersion Include="Serilog.AspNetCore" Version="8.0.3" />
<PackageVersion Include="Serilog.Sinks.Console" Version="6.0.0" />
<PackageVersion Include="Serilog.Sinks.File" Version="7.0.0" />
<PackageVersion Include="Serilog.Sinks.OpenTelemetry" Version="4.2.0" />
<PackageVersion Include="Serilog.Sinks.TextWriter" Version="3.0.0" />
<PackageVersion Include="Serilog.Sinks.XUnit3" Version="1.1.0" />
<PackageVersion Include="Serilog.Sinks.XUnit" Version="3.0.19" />
<PackageVersion Include="Serilog.Extensions.Logging" Version="9.0.2" />
<PackageVersion Include="Shouldly" Version="4.2.1" />
<PackageVersion Include="SimpleExec" Version="12.0.0" />
@ -130,11 +131,10 @@
<PackageVersion Include="System.Net.Http" Version="4.3.4" />
<PackageVersion Include="System.Text.Json" Version="$(SystemTextJsonVersion)" />
<PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
<PackageVersion Include="xunit.abstractions" Version="2.0.3" />
<PackageVersion Include="xunit.v3" Version="3.1.0" />
<PackageVersion Include="xunit.v3.core" Version="3.1.0" />
<PackageVersion Include="xunit.v3.extensibility.core" Version="3.1.0" />
<PackageVersion Include="Verify.XunitV3" Version="31.0.0" />
<PackageVersion Include="xunit.core" Version="2.9.3" />
<PackageVersion Include="xunit.runner.visualstudio" Version="2.8.2" />
<PackageVersion Include="Xunit.SkippableFact" Version="1.5.23" />
<PackageVersion Include="Verify.Xunit" Version="28.9.0" />
<PackageVersion Include="Vogen" Version="7.0.3" />
<PackageVersion Include="Yarp.ReverseProxy" Version="2.1.0" />
</ItemGroup>

2
aspnetcore-authentication-jwtbearer/src/AspNetCore.Authentication.JwtBearer/AspNetCore.Authentication.JwtBearer.csproj
View file

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFrameworks>net8.0;net9.0;net10</TargetFrameworks>
<TargetFrameworks>net8.0;net9.0</TargetFrameworks>
<Nullable>enable</Nullable>
<RootNamespace>Duende.AspNetCore.Authentication.JwtBearer</RootNamespace>
<AssemblyName>Duende.AspNetCore.Authentication.JwtBearer</AssemblyName>

6
aspnetcore-authentication-jwtbearer/test/AspNetCore.Authentication.JwtBearer.Tests/AspNetCore.Authentication.JwtBearer.Tests.csproj
View file

@ -1,7 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFrameworks>net8.0;net9.0;net10</TargetFrameworks>
<TargetFrameworks>net8.0;net9.0</TargetFrameworks>
<Nullable>enable</Nullable>
<AssemblyName>Duende.AspNetCore.Authentication.JwtBearer.Tests</AssemblyName>
<RootNameSpace>Duende.AspNetCore.Authentication.JwtBearer</RootNameSpace>
@ -15,8 +15,8 @@
<PackageReference Include="Duende.IdentityServer" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" />
<PackageReference Include="MartinCostello.Logging.XUnit.v3" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" VersionOverride="9.0.4" />
<PackageReference Include="Meziantou.Extensions.Logging.Xunit" />
<PackageReference Include="Microsoft.Extensions.TimeProvider.Testing" />
<PackageReference Include="NSubstitute" />
<PackageReference Include="RichardSzalay.MockHttp" />

11
aspnetcore-authentication-jwtbearer/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/ReplayTests.cs
View file

@ -7,15 +7,14 @@ namespace Duende.AspNetCore.Authentication.JwtBearer.DPoP;
public class ReplayTests : DPoPProofValidatorTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
[Trait("Category", "Unit")]
public async Task replays_detected_in_ValidateReplay_fail()
{
ReplayCache.Exists(TokenIdHash, _ct).Returns(true);
ReplayCache.Exists(TokenIdHash).Returns(true);
Result.TokenIdHash = TokenIdHash;
await ProofValidator.ValidateReplay(Context, Result, _ct);
await ProofValidator.ValidateReplay(Context, Result);
Result.ShouldBeInvalidProofWithDescription("Detected DPoP proof token replay.");
}
@ -29,7 +28,7 @@ public class ReplayTests : DPoPProofValidatorTestBase
[InlineData(true, true, ClockSkew * 2, ClockSkew * 2)]
public async Task new_proof_tokens_are_added_to_replay_cache(bool validateIat, bool validateNonce, int clientClockSkew, int serverClockSkew)
{
ReplayCache.Exists(TokenIdHash, _ct).Returns(false);
ReplayCache.Exists(TokenIdHash).Returns(false);
Options.ValidationMode = (validateIat && validateNonce) ? ExpirationValidationMode.Both
: validateIat ? ExpirationValidationMode.IssuedAt : ExpirationValidationMode.Nonce;
@ -39,7 +38,7 @@ public class ReplayTests : DPoPProofValidatorTestBase
Result.TokenIdHash = TokenIdHash;
await ProofValidator.ValidateReplay(Context, Result, _ct);
await ProofValidator.ValidateReplay(Context, Result);
Result.IsError.ShouldBeFalse();
var skew = validateIat && validateNonce
@ -48,6 +47,6 @@ public class ReplayTests : DPoPProofValidatorTestBase
var expectedExpiration = ProofValidator.TestTimeProvider.GetUtcNow()
.Add(TimeSpan.FromSeconds(skew * 2))
.Add(TimeSpan.FromSeconds(ValidFor));
await ReplayCache.Received().Add(TokenIdHash, expectedExpiration, _ct);
await ReplayCache.Received().Add(TokenIdHash, expectedExpiration);
}
}

38
aspnetcore-authentication-jwtbearer/test/AspNetCore.Authentication.JwtBearer.Tests/DPoPIntegrationTests.cs
View file

@ -16,13 +16,13 @@ using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Net.Http.Headers;
using Xunit.Abstractions;
namespace Duende.AspNetCore.Authentication.JwtBearer;
public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly Client DPoPOnlyClient = new()
private Client DPoPOnlyClient = new()
{
ClientId = "client1",
ClientSecrets = [new Secret("secret".ToSha256())],
@ -39,7 +39,7 @@ public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
{
var api = await CreateDPoPApi();
var result = await api.HttpClient.GetAsync("/", _ct);
var result = await api.HttpClient.GetAsync("/");
result.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
@ -52,7 +52,7 @@ public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
var bearerToken = "unimportant opaque value";
api.HttpClient.SetBearerToken(bearerToken);
var result = await api.HttpClient.GetAsync("/", _ct);
var result = await api.HttpClient.GetAsync("/");
result.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
@ -72,8 +72,8 @@ public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
// Login and get token for api call
await app.LoginAsync("sub");
var response = await app.BrowserClient.GetAsync(app.Url("/user_token"), _ct);
var token = await response.Content.ReadFromJsonAsync<UserToken>(_ct);
var response = await app.BrowserClient.GetAsync(app.Url("/user_token"));
var token = await response.Content.ReadFromJsonAsync<UserToken>();
token.ShouldNotBeNull();
token.AccessToken.ToString().ShouldNotBeNull();
token.DPoPJsonWebKey.ShouldNotBeNull();
@ -87,11 +87,11 @@ public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
DPoPProofKey = jwk,
Method = HttpMethod.Get,
Url = new Uri("http://localhost/")
}, _ct);
});
proof.ShouldNotBeNull();
api.HttpClient.DefaultRequestHeaders.Add(OidcConstants.HttpHeaders.DPoP, [proof.Value, proof.Value]);
var result = await api.HttpClient.GetAsync("/", _ct);
var result = await api.HttpClient.GetAsync("/");
result.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
var error = result.Headers.GetValues(HeaderNames.WWWAuthenticate).FirstOrDefault();
@ -117,8 +117,8 @@ public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
// Login and get token for api call
await app.LoginAsync("sub");
var response = await app.BrowserClient.GetAsync(app.Url("/user_token"), _ct);
var token = await response.Content.ReadFromJsonAsync<UserToken>(_ct);
var response = await app.BrowserClient.GetAsync(app.Url("/user_token"));
var token = await response.Content.ReadFromJsonAsync<UserToken>();
token.ShouldNotBeNull();
token.AccessToken.ToString().ShouldNotBeNull();
token.DPoPJsonWebKey.ShouldNotBeNull();
@ -132,11 +132,11 @@ public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
DPoPProofKey = jwk,
Method = HttpMethod.Get,
Url = new Uri("http://localhost/")
}, _ct);
});
proof.ShouldNotBeNull();
api.HttpClient.DefaultRequestHeaders.Add(OidcConstants.HttpHeaders.DPoP, proof.Value);
var result = await api.HttpClient.GetAsync("/", _ct);
var result = await api.HttpClient.GetAsync("/");
result.StatusCode.ShouldBe(HttpStatusCode.OK);
}
@ -156,14 +156,14 @@ public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
// Login and get token for api call
await app.LoginAsync("sub");
var response = await app.BrowserClient.GetAsync(app.Url("/user_token"), _ct);
var token = await response.Content.ReadFromJsonAsync<UserToken>(_ct);
var response = await app.BrowserClient.GetAsync(app.Url("/user_token"));
var token = await response.Content.ReadFromJsonAsync<UserToken>();
token.ShouldNotBeNull();
token.AccessToken.ToString().ShouldNotBeNull();
token.DPoPJsonWebKey.ShouldNotBeNull();
api.HttpClient.SetToken("DPoP", token.AccessToken);
var result = await api.HttpClient.GetAsync("/", _ct);
var result = await api.HttpClient.GetAsync("/");
result.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
var error = result.Headers.GetValues(HeaderNames.WWWAuthenticate).FirstOrDefault();
@ -189,8 +189,8 @@ public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
// Login and get token for api call
await app.LoginAsync("sub");
var response = await app.BrowserClient.GetAsync(app.Url("/user_token"), _ct);
var token = await response.Content.ReadFromJsonAsync<UserToken>(_ct);
var response = await app.BrowserClient.GetAsync(app.Url("/user_token"));
var token = await response.Content.ReadFromJsonAsync<UserToken>();
token.ShouldNotBeNull();
token.AccessToken.ToString().ShouldNotBeNull();
token.DPoPJsonWebKey.ShouldNotBeNull();
@ -205,11 +205,11 @@ public class DPoPIntegrationTests(ITestOutputHelper testOutputHelper)
Method = HttpMethod.Get,
Url = new Uri("http://localhost/"),
DPoPNonce = DPoPNonce.Parse(new string('x', maxLength + 1)) // <--- Most important part of the test
}, _ct);
});
proof.ShouldNotBeNull();
api.HttpClient.DefaultRequestHeaders.Add(OidcConstants.HttpHeaders.DPoP, proof.Value);
var result = await api.HttpClient.GetAsync("/", _ct);
var result = await api.HttpClient.GetAsync("/");
result.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}

1
aspnetcore-authentication-jwtbearer/test/AspNetCore.Authentication.JwtBearer.Tests/TestFramework/ApiHost.cs
View file

@ -4,6 +4,7 @@
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Xunit.Abstractions;
namespace Duende.AspNetCore.TestFramework;

1
aspnetcore-authentication-jwtbearer/test/AspNetCore.Authentication.JwtBearer.Tests/TestFramework/AppHost.cs
View file

@ -11,6 +11,7 @@ using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using RichardSzalay.MockHttp;
using Xunit.Abstractions;
namespace Duende.AspNetCore.TestFramework;

108
aspnetcore-authentication-jwtbearer/test/AspNetCore.Authentication.JwtBearer.Tests/TestFramework/GenericHost.cs
View file

@ -4,29 +4,18 @@
using System.Net;
using System.Reflection;
using System.Security.Claims;
using Meziantou.Extensions.Logging.Xunit;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.TestHost;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Xunit.Abstractions;
namespace Duende.AspNetCore.TestFramework;
public class GenericHost
{
protected readonly string _baseAddress;
private readonly ITestOutputHelper _testOutputHelper;
private IServiceProvider _appServices = default!;
private TestBrowserClient? _browserClient;
private HttpClient? _httpClient;
private AuthenticationProperties? _propsToSignIn;
private TestServer? _server;
private ClaimsPrincipal? _userToSignIn;
public GenericHost(ITestOutputHelper testOutputHelper, string baseAddress = "https://server")
{
if (baseAddress.EndsWith("/"))
@ -38,16 +27,20 @@ public class GenericHost
_testOutputHelper = testOutputHelper;
}
protected readonly string _baseAddress;
private IServiceProvider _appServices = default!;
public Assembly? HostAssembly { get; set; }
public bool IsDevelopment { get; set; }
private TestServer? _server;
public TestServer Server
{
get => _server ?? throw new InvalidOperationException(
$"Attempt to use {nameof(Server)} before it was initialized. Did you forget to call {nameof(Initialize)}");
$"Attempt to use {nameof(Server)} before it was initialized. Did you forget to call ${Initialize}?");
private set => _server = value;
}
private TestBrowserClient? _browserClient;
public TestBrowserClient BrowserClient
{
get =>
@ -56,6 +49,7 @@ public class GenericHost
private set => _browserClient = value;
}
private HttpClient? _httpClient;
public HttpClient HttpClient
{
get =>
@ -64,9 +58,17 @@ public class GenericHost
private set => _httpClient = value;
}
private readonly ITestOutputHelper _testOutputHelper;
public T Resolve<T>()
where T : notnull =>
// not calling dispose on scope on purpose
_appServices.GetRequiredService<IServiceScopeFactory>().CreateScope().ServiceProvider
.GetRequiredService<T>();
public string Url(string? path = null)
{
path ??= string.Empty;
path = path ?? string.Empty;
if (!path.StartsWith("/"))
{
path = "/" + path;
@ -102,7 +104,7 @@ public class GenericHost
private void ConfigureServices(IServiceCollection services)
{
// This adds log messages to the output of our tests when they fail.
// See https://github.com/martincostello/xunit-logging
// See https://www.meziantou.net/how-to-view-logs-from-ilogger-in-xunitdotnet.htm
services.AddLogging(options =>
{
// If you need different log output to understand a test failure, configure it here
@ -111,7 +113,10 @@ public class GenericHost
options.AddFilter("Duende.IdentityServer.License", LogLevel.Error);
options.AddFilter("Duende.IdentityServer.Startup", LogLevel.Error);
options.AddXUnit(_testOutputHelper);
options.AddProvider(new XUnitLoggerProvider(_testOutputHelper, new XUnitLoggerOptions
{
IncludeCategory = true,
}));
});
OnConfigureServices(services);
@ -126,41 +131,48 @@ public class GenericHost
ConfigureSignout(builder);
}
private void ConfigureSignout(WebApplication app) =>
app.Use(async (ctx, next) =>
{
if (ctx.Request.Path == "/__signout")
{
await ctx.SignOutAsync();
ctx.Response.StatusCode = 204;
return;
}
private void ConfigureSignout(WebApplication app) => app.Use(async (ctx, next) =>
{
if (ctx.Request.Path == "/__signout")
{
await ctx.SignOutAsync();
ctx.Response.StatusCode = 204;
return;
}
await next();
});
await next();
});
private void ConfigureSignin(WebApplication app) =>
app.Use(async (ctx, next) =>
{
if (ctx.Request.Path == "/__signin")
{
if (_userToSignIn is not object)
{
throw new Exception("No User Configured for SignIn");
}
public async Task RevokeSessionCookieAsync()
{
var response = await BrowserClient.GetAsync(Url("__signout"));
response.StatusCode.ShouldBe((HttpStatusCode)204);
}
var props = _propsToSignIn ?? new AuthenticationProperties();
await ctx.SignInAsync(_userToSignIn, props);
private void ConfigureSignin(WebApplication app) => app.Use(async (ctx, next) =>
{
if (ctx.Request.Path == "/__signin")
{
if (_userToSignIn is not object)
{
throw new Exception("No User Configured for SignIn");
}
_userToSignIn = null;
_propsToSignIn = null;
var props = _propsToSignIn ?? new AuthenticationProperties();
await ctx.SignInAsync(_userToSignIn, props);
ctx.Response.StatusCode = 204;
return;
}
_userToSignIn = null;
_propsToSignIn = null;
await next();
});
ctx.Response.StatusCode = 204;
return;
}
await next();
});
private ClaimsPrincipal? _userToSignIn;
private AuthenticationProperties? _propsToSignIn;
public async Task IssueSessionCookieAsync(params Claim[] claims)
{
@ -168,10 +180,10 @@ public class GenericHost
var response = await BrowserClient.GetAsync(Url("__signin"));
response.StatusCode.ShouldBe((HttpStatusCode)204);
}
public Task IssueSessionCookieAsync(AuthenticationProperties props, params Claim[] claims)
{
_propsToSignIn = props;
return IssueSessionCookieAsync(claims);
}
public Task IssueSessionCookieAsync(string sub, params Claim[] claims) => IssueSessionCookieAsync(claims.Append(new Claim("sub", sub)).ToArray());
}

1
aspnetcore-authentication-jwtbearer/test/AspNetCore.Authentication.JwtBearer.Tests/TestFramework/IdentityServerHost.cs
View file

@ -9,6 +9,7 @@ using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.IdentityModel.Tokens;
using Xunit.Abstractions;
namespace Duende.AspNetCore.TestFramework;

2
bff/test/Bff.Blazor.Client.UnitTests/Bff.Blazor.Client.UnitTests.csproj
View file

@ -13,7 +13,7 @@
<PackageReference Include="Microsoft.Extensions.TimeProvider.Testing" />
<PackageReference Include="NSubstitute" />
<PackageReference Include="PublicApiGenerator" />
<PackageReference Include="Verify.XunitV3" />
<PackageReference Include="Verify.Xunit" />
</ItemGroup>

18
bff/test/Bff.Blazor.UnitTests/Bff.Blazor.UnitTests.csproj
View file

@ -3,16 +3,28 @@
<PropertyGroup>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<IsPackable>false</IsPackable>
<IsTestProject>true</IsTestProject>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
</ItemGroup>
<ItemGroup>
<PackageReference Include="NSubstitute" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" />
<PackageReference Include="PublicApiGenerator" />
<PackageReference Include="Verify.XunitV3" />
<PackageReference Include="Verify.Xunit" />
</ItemGroup>
<ItemGroup>
<Using Include="Xunit" />
</ItemGroup>
<ItemGroup>
@ -20,8 +32,4 @@
<ProjectReference Include="..\Bff.Tests\Bff.Tests.csproj" />
</ItemGroup>
<ItemGroup>
<Using Include="Xunit" />
</ItemGroup>
</Project>

48
bff/test/Bff.Blazor.UnitTests/BffBlazorTests.cs
View file

@ -6,24 +6,24 @@ using Duende.Bff;
using Duende.Bff.Tests.TestHosts;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Services;
using Xunit.Abstractions;
namespace Bff.Blazor.UnitTests;
public class BffBlazorTests : OutputWritingTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerHost _identityServerHost;
private readonly ApiHost _apiHost;
private readonly BffBlazorHost _bffHost;
protected readonly IdentityServerHost IdentityServerHost;
protected ApiHost ApiHost;
protected BffBlazorHost BffHost;
public BffBlazorTests(ITestOutputHelper testOutputHelper) : base(testOutputHelper)
{
_identityServerHost = new IdentityServerHost(WriteLine);
_apiHost = new ApiHost(WriteLine, _identityServerHost, "scope1");
IdentityServerHost = new IdentityServerHost(WriteLine);
ApiHost = new ApiHost(WriteLine, IdentityServerHost, "scope1");
_bffHost = new BffBlazorHost(WriteLine, _identityServerHost, _apiHost, "spa");
BffHost = new BffBlazorHost(WriteLine, IdentityServerHost, ApiHost, "spa");
_identityServerHost.Clients.Add(new Client
IdentityServerHost.Clients.Add(new Client
{
ClientId = "spa",
ClientSecrets = { new Secret("secret".Sha256()) },
@ -37,11 +37,11 @@ public class BffBlazorTests : OutputWritingTestBase
_identityServerHost.OnConfigureServices += services =>
IdentityServerHost.OnConfigureServices += services =>
{
services.AddTransient<IBackChannelLogoutHttpClient>(provider =>
new DefaultBackChannelLogoutHttpClient(
_bffHost!.HttpClient,
BffHost!.HttpClient,
provider.GetRequiredService<ILoggerFactory>(),
provider.GetRequiredService<ICancellationTokenProvider>()));
@ -52,38 +52,38 @@ public class BffBlazorTests : OutputWritingTestBase
[Fact]
public async Task Can_get_home()
{
var response = await _bffHost.BrowserClient.GetAsync("/", _ct);
var response = await BffHost.BrowserClient.GetAsync("/");
response.StatusCode.ShouldBe(HttpStatusCode.OK);
}
[Fact]
public async Task Cannot_get_secure_without_logging_in()
public async Task Cannot_get_secure_without_loggin_in()
{
var response = await _bffHost.BrowserClient.GetAsync("/secure", _ct);
var response = await BffHost.BrowserClient.GetAsync("/secure");
response.StatusCode.ShouldBe(HttpStatusCode.Found, "this indicates we are redirecting to the login page");
}
[Fact]
public async Task Can_get_secure_when_logged_in()
{
await _bffHost.BffLoginAsync("sub");
var response = await _bffHost.BrowserClient.GetAsync("/secure", _ct);
await BffHost.BffLoginAsync("sub");
var response = await BffHost.BrowserClient.GetAsync("/secure");
response.StatusCode.ShouldBe(HttpStatusCode.OK);
}
public override async ValueTask InitializeAsync()
public override async Task InitializeAsync()
{
await _identityServerHost.InitializeAsync();
await _apiHost.InitializeAsync();
await _bffHost.InitializeAsync();
await IdentityServerHost.InitializeAsync();
await ApiHost.InitializeAsync();
await BffHost.InitializeAsync();
await base.InitializeAsync();
}
public override async ValueTask DisposeAsync()
public override async Task DisposeAsync()
{
await _apiHost.DisposeAsync();
await _bffHost.DisposeAsync();
await _identityServerHost.DisposeAsync();
await ApiHost.DisposeAsync();
await BffHost.DisposeAsync();
await IdentityServerHost.DisposeAsync();
await base.DisposeAsync();
}
}

3
bff/test/Bff.EntityFramework.Tests/Bff.EntityFramework.Tests.csproj
View file

@ -7,9 +7,8 @@
<ItemGroup>
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" />
<PackageReference Include="PublicApiGenerator" />
<PackageReference Include="Verify.XunitV3" />
<PackageReference Include="Verify.Xunit" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\src\Bff.EntityFramework\Bff.EntityFramework.csproj" />
</ItemGroup>

223
bff/test/Bff.EntityFramework.Tests/UserSessionStoreTests.cs
View file

@ -9,7 +9,6 @@ namespace Duende.Bff.EntityFramework.Tests;
public class UserSessionStoreTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IUserSessionStore _subject;
private readonly SessionDbContext _database;
@ -38,7 +37,7 @@ public class UserSessionStoreTests
Renewed = new DateTime(2021, 4, 2, 10, 13, 34, DateTimeKind.Utc),
Expires = new DateTime(2022, 5, 3, 11, 14, 35, DateTimeKind.Utc),
Ticket = "ticket"
}, _ct);
});
_database.UserSessions.Count().ShouldBe(1);
}
@ -56,9 +55,9 @@ public class UserSessionStoreTests
Renewed = new DateTime(2021, 4, 2, 10, 13, 34, DateTimeKind.Utc),
Expires = new DateTime(2022, 5, 3, 11, 14, 35, DateTimeKind.Utc),
Ticket = "ticket"
}, _ct);
});
var item = await _subject.GetUserSessionAsync("key123", _ct);
var item = await _subject.GetUserSessionAsync("key123");
item.ShouldNotBeNull();
item.Key.ShouldBe("key123");
@ -72,7 +71,7 @@ public class UserSessionStoreTests
[Fact]
public async Task GetUserSessionAsync_for_invalid_key_should_return_null()
{
var item = await _subject.GetUserSessionAsync("invalid", _ct);
var item = await _subject.GetUserSessionAsync("invalid");
item.ShouldBeNull();
}
@ -89,7 +88,7 @@ public class UserSessionStoreTests
Renewed = new DateTime(2021, 4, 2, 10, 13, 34, DateTimeKind.Utc),
Expires = new DateTime(2022, 5, 3, 11, 14, 35, DateTimeKind.Utc),
Ticket = "ticket"
}, _ct);
});
{
await _subject.UpdateUserSessionAsync("key123", new UserSessionUpdate
@ -100,9 +99,9 @@ public class UserSessionStoreTests
Created = new DateTime(2020, 3, 1, 9, 12, 33, DateTimeKind.Utc),
Renewed = new DateTime(2024, 1, 3, 5, 7, 9, DateTimeKind.Utc),
Expires = new DateTime(2025, 2, 4, 6, 8, 10, DateTimeKind.Utc)
}, _ct);
});
var item = await _subject.GetUserSessionAsync("key123", _ct);
var item = await _subject.GetUserSessionAsync("key123");
item.ShouldNotBeNull();
item.Key.ShouldBe("key123");
item.SubjectId.ShouldBe("sub");
@ -121,9 +120,9 @@ public class UserSessionStoreTests
Created = new DateTime(2022, 3, 1, 9, 12, 33, DateTimeKind.Utc),
Renewed = new DateTime(2024, 1, 3, 5, 7, 9, DateTimeKind.Utc),
Expires = new DateTime(2025, 2, 4, 6, 8, 10, DateTimeKind.Utc)
}, _ct);
});
var item = await _subject.GetUserSessionAsync("key123", _ct);
var item = await _subject.GetUserSessionAsync("key123");
item.ShouldNotBeNull();
item.Key.ShouldBe("key123");
item.SubjectId.ShouldBe("sub2");
@ -142,9 +141,9 @@ public class UserSessionStoreTests
Ticket = "ticket2",
Renewed = new DateTime(2024, 1, 3, 5, 7, 9, DateTimeKind.Utc),
Expires = new DateTime(2025, 2, 4, 6, 8, 10, DateTimeKind.Utc)
}, _ct);
});
var item = await _subject.GetUserSessionAsync("key123", _ct);
var item = await _subject.GetUserSessionAsync("key123");
item.ShouldBeNull();
}
@ -158,16 +157,15 @@ public class UserSessionStoreTests
SubjectId = "sub",
SessionId = "session",
Ticket = "ticket",
}, _ct);
});
_database.UserSessions.Count().ShouldBe(1);
await _subject.DeleteUserSessionAsync("key123", _ct);
await _subject.DeleteUserSessionAsync("key123");
_database.UserSessions.Count().ShouldBe(0);
}
[Fact]
public async Task DeleteUserSessionAsync_for_invalid_key_should_succeed()
=> await _subject.DeleteUserSessionAsync("invalid", _ct);
public async Task DeleteUserSessionAsync_for_invalid_key_should_succeed() => await _subject.DeleteUserSessionAsync("invalid");
[Fact]
@ -179,44 +177,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub2" }, _ct);
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub2" });
items.Count().ShouldBe(3);
items.Select(x => x.SubjectId).Distinct().ToArray().ShouldBeEquivalentTo(new[] { "sub2" });
items.Select(x => x.SessionId).ToArray().ShouldBeEquivalentTo(new[] { "sid2_1", "sid2_2", "sid2_3", });
@ -230,44 +228,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid" }, _ct);
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid" });
items.Count().ShouldBe(0);
}
[Fact]
@ -279,44 +277,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SessionId = "sid2_2" }, _ct);
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SessionId = "sid2_2" });
items.Count().ShouldBe(1);
items.Select(x => x.SubjectId).ToArray().ShouldBeEquivalentTo(new[] { "sub2" });
items.Select(x => x.SessionId).ToArray().ShouldBeEquivalentTo(new[] { "sid2_2" });
@ -330,44 +328,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SessionId = "invalid" }, _ct);
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SessionId = "invalid" });
items.Count().ShouldBe(0);
}
[Fact]
@ -379,44 +377,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub2", SessionId = "sid2_2" }, _ct);
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub2", SessionId = "sid2_2" });
items.Count().ShouldBe(1);
items.Select(x => x.SubjectId).ToArray().ShouldBeEquivalentTo(new[] { "sub2" });
items.Select(x => x.SessionId).ToArray().ShouldBeEquivalentTo(new[] { "sid2_2" });
@ -430,60 +428,60 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
{
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid", SessionId = "invalid" }, _ct);
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid", SessionId = "invalid" });
items.Count().ShouldBe(0);
}
{
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub1", SessionId = "invalid" }, _ct);
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub1", SessionId = "invalid" });
items.Count().ShouldBe(0);
}
{
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid", SessionId = "sid1_1" }, _ct);
var items = await _subject.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid", SessionId = "sid1_1" });
items.Count().ShouldBe(0);
}
}
[Fact]
public async Task GetUserSessionsAsync_for_missing_sub_and_sid_should_throw()
{
Func<Task> f = () => _subject.GetUserSessionsAsync(new UserSessionsFilter(), _ct);
Func<Task> f = () => _subject.GetUserSessionsAsync(new UserSessionsFilter());
await f.ShouldThrowAsync<Exception>();
}
@ -497,44 +495,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub2" }, _ct);
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub2" });
_database.UserSessions.Count().ShouldBe(3);
_database.UserSessions.Count(x => x.SubjectId == "sub2").ShouldBe(0);
}
@ -547,44 +545,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid" }, _ct);
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid" });
_database.UserSessions.Count().ShouldBe(6);
}
[Fact]
@ -596,47 +594,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter
{
SessionId = "sid2_2"
}, _ct);
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SessionId = "sid2_2" });
_database.UserSessions.Count().ShouldBe(5);
_database.UserSessions.Count(x => x.SessionId == "sid2_2").ShouldBe(0);
}
@ -649,44 +644,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SessionId = "invalid" }, _ct);
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SessionId = "invalid" });
_database.UserSessions.Count().ShouldBe(6);
}
[Fact]
@ -698,44 +693,44 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub2", SessionId = "sid2_2" }, _ct);
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub2", SessionId = "sid2_2" });
_database.UserSessions.Count().ShouldBe(5);
_database.UserSessions.Count(x => x.SubjectId == "sub2" && x.SessionId == "sid2_2").ShouldBe(0);
}
@ -748,60 +743,60 @@ public class UserSessionStoreTests
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub1",
SessionId = "sid1_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_1",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_2",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub2",
SessionId = "sid2_3",
}, _ct);
});
await _subject.CreateUserSessionAsync(new UserSession
{
Key = Guid.NewGuid().ToString(),
Ticket = "ticket",
SubjectId = "sub3",
SessionId = "sid3_1",
}, _ct);
});
{
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid", SessionId = "invalid" }, _ct);
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid", SessionId = "invalid" });
_database.UserSessions.Count().ShouldBe(6);
}
{
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub1", SessionId = "invalid" }, _ct);
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "sub1", SessionId = "invalid" });
_database.UserSessions.Count().ShouldBe(6);
}
{
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid", SessionId = "sid1_1" }, _ct);
await _subject.DeleteUserSessionsAsync(new UserSessionsFilter { SubjectId = "invalid", SessionId = "sid1_1" });
_database.UserSessions.Count().ShouldBe(6);
}
}
[Fact]
public async Task DeleteUserSessionsAsync_for_missing_sub_and_sid_should_throw()
{
Func<Task> f = () => _subject.DeleteUserSessionsAsync(new UserSessionsFilter(), _ct);
Func<Task> f = () => _subject.DeleteUserSessionsAsync(new UserSessionsFilter());
await f.ShouldThrowAsync<Exception>();
}
@ -825,7 +820,7 @@ public class UserSessionStoreTests
SubjectId = "sub",
SessionId = "sid",
});
await ctx0.SaveChangesAsync(_ct);
await ctx0.SaveChangesAsync();
using var scope1 = provider.CreateScope();
var ctx1 = scope1.ServiceProvider.GetRequiredService<SessionDbContext>();
@ -837,14 +832,14 @@ public class UserSessionStoreTests
var item2 = ctx2.UserSessions.Single(x => x.Key == key);
ctx2.UserSessions.Remove(item2);
await ctx1.SaveChangesAsync(_ct);
await ctx1.SaveChangesAsync();
Func<Task> f1 = async () => await ctx2.SaveChangesAsync(_ct);
Func<Task> f1 = async () => await ctx2.SaveChangesAsync();
await f1.ShouldThrowAsync<DbUpdateConcurrencyException>();
try
{
await ctx2.SaveChangesAsync(_ct);
await ctx2.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException ex)
{
@ -856,6 +851,6 @@ public class UserSessionStoreTests
}
// calling again to not throw
await ctx2.SaveChangesAsync(_ct);
await ctx2.SaveChangesAsync();
}
}

2
bff/test/Bff.Tests/Bff.Tests.csproj
View file

@ -11,7 +11,7 @@
<PackageReference Include="Microsoft.AspNetCore.TestHost" />
<PackageReference Include="Microsoft.Extensions.TimeProvider.Testing" />
<PackageReference Include="PublicApiGenerator" />
<PackageReference Include="Verify.XunitV3" />
<PackageReference Include="Verify.Xunit" />
</ItemGroup>
<ItemGroup>

10
bff/test/Bff.Tests/Endpoints/DpopRemoteEndpointTests.cs
View file

@ -7,13 +7,12 @@ using Duende.Bff.Tests.TestFramework;
using Duende.Bff.Tests.TestHosts;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Endpoints;
public class DpopRemoteEndpointTests : BffIntegrationTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
public DpopRemoteEndpointTests(ITestOutputHelper output) : base(output)
{
var rsaKey = new RsaSecurityKey(RSA.Create(2048));
@ -21,9 +20,9 @@ public class DpopRemoteEndpointTests : BffIntegrationTestBase
jsonWebKey.Alg = "PS256";
var jwk = JsonSerializer.Serialize(jsonWebKey);
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.PostConfigure<BffOptions>(opts =>
svcs.PostConfigure<BffOptions>(opts =>
{
opts.DPoPJsonWebKey = jwk;
});
@ -34,7 +33,8 @@ public class DpopRemoteEndpointTests : BffIntegrationTestBase
public async Task test_dpop()
{
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_client/test"), ct: _ct);
url: BffHost.Url("/api_client/test")
);
apiResult.RequestHeaders["DPoP"].First().ShouldNotBeNullOrEmpty();
apiResult.RequestHeaders["Authorization"].First().StartsWith("DPoP ").ShouldBeTrue();

67
bff/test/Bff.Tests/Endpoints/LocalEndpointTests.cs
View file

@ -6,21 +6,20 @@ using System.Net.Http.Json;
using Duende.Bff.Tests.TestFramework;
using Duende.Bff.Tests.TestHosts;
using Microsoft.Extensions.DependencyInjection;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Endpoints;
public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBase(output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task calls_to_authorized_local_endpoint_should_succeed()
{
await BffHost.BffLoginAsync("alice");
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/local_authz"),
ct: _ct);
url: BffHost.Url("/local_authz")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/local_authz");
@ -33,8 +32,8 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
await BffHost.BffLoginAsync("alice");
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/local_authz_no_csrf"),
ct: _ct);
url: BffHost.Url("/local_authz_no_csrf")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/local_authz_no_csrf");
@ -46,15 +45,15 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
{
var response = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/local_authz"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
}
[Fact]
public async Task calls_to_local_endpoint_should_require_antiforgery_header()
{
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_anon"));
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
@ -65,16 +64,16 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
{
var response = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/local_anon_no_csrf"),
expectedStatusCode: HttpStatusCode.OK,
ct: _ct);
expectedStatusCode: HttpStatusCode.OK
);
}
[Fact]
public async Task calls_to_anon_endpoint_should_allow_anonymous()
{
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/local_anon"),
ct: _ct);
url: BffHost.Url("/local_anon")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/local_anon");
@ -89,8 +88,8 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/local_authz"),
method: HttpMethod.Put,
content: JsonContent.Create(new TestPayload("hello test api")),
ct: _ct);
content: JsonContent.Create(new TestPayload("hello test api"))
);
apiResult.Method.ShouldBe("PUT");
apiResult.Path.ShouldBe("/local_authz");
@ -104,7 +103,7 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
{
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/always_fail_authz_non_bff_endpoint"));
req.Headers.Add("x-csrf", "1");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location
@ -115,21 +114,23 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
}
[Fact]
public async Task unauthenticated_api_call_should_return_401() =>
_ = await BffHost.BrowserClient.CallBffHostApi(
public async Task unauthenticated_api_call_should_return_401()
{
var response = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/always_fail_authz"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
}
[Fact]
public async Task forbidden_api_call_should_return_403()
{
await BffHost.BffLoginAsync("alice");
_ = await BffHost.BrowserClient.CallBffHostApi(
var response = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/always_fail_authz"),
expectedStatusCode: HttpStatusCode.Forbidden,
ct: _ct);
expectedStatusCode: HttpStatusCode.Forbidden
);
}
[Fact]
@ -138,10 +139,10 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
await BffHost.BffLoginAsync("alice");
BffHost.LocalApiResponseStatus = BffHost.ResponseStatus.Challenge;
_ = await BffHost.BrowserClient.CallBffHostApi(
var response = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/local_authz"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
}
[Fact]
@ -152,8 +153,8 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
var response = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/local_authz"),
expectedStatusCode: HttpStatusCode.Forbidden,
ct: _ct);
expectedStatusCode: HttpStatusCode.Forbidden
);
}
[Fact]
@ -164,16 +165,16 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
var response = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/local_anon_no_csrf_no_response_handling"),
expectedStatusCode: HttpStatusCode.Redirect,
ct: _ct);
expectedStatusCode: HttpStatusCode.Redirect
);
}
[Fact]
public async Task fallback_policy_should_not_fail()
{
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.AddAuthorization(opts =>
svcs.AddAuthorization(opts =>
{
opts.FallbackPolicy =
new Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder()
@ -183,7 +184,7 @@ public class LocalEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
};
await BffHost.InitializeAsync();
var response = await BffHost.HttpClient.GetAsync(BffHost.Url("/not-found"), _ct);
var response = await BffHost.HttpClient.GetAsync(BffHost.Url("/not-found"));
response.StatusCode.ShouldNotBe(HttpStatusCode.InternalServerError);
}
}

25
bff/test/Bff.Tests/Endpoints/Management/BackchannelLogoutEndpointTests.cs
View file

@ -4,19 +4,18 @@
using System.Net;
using Duende.Bff.Tests.TestHosts;
using Microsoft.Extensions.DependencyInjection;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Endpoints.Management;
public class BackchannelLogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestBase(output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task backchannel_logout_should_allow_anonymous()
{
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.AddAuthorization(opts =>
svcs.AddAuthorization(opts =>
{
opts.FallbackPolicy =
new Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder()
@ -26,7 +25,7 @@ public class BackchannelLogoutEndpointTests(ITestOutputHelper output) : BffInteg
};
await BffHost.InitializeAsync();
var response = await BffHost.HttpClient.PostAsync(BffHost.Url("/bff/backchannel"), null, _ct);
var response = await BffHost.HttpClient.PostAsync(BffHost.Url("/bff/backchannel"), null);
response.StatusCode.ShouldNotBe(HttpStatusCode.Unauthorized);
}
@ -76,9 +75,7 @@ public class BackchannelLogoutEndpointTests(ITestOutputHelper output) : BffInteg
{
var store = BffHost.Resolve<IUserSessionStore>();
var sessions = await store.GetUserSessionsAsync(
new UserSessionsFilter { SubjectId = "alice" },
_ct);
var sessions = await store.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });
sessions.Count().ShouldBe(2);
}
@ -86,9 +83,7 @@ public class BackchannelLogoutEndpointTests(ITestOutputHelper output) : BffInteg
{
var store = BffHost.Resolve<IUserSessionStore>();
var sessions = await store.GetUserSessionsAsync(
new UserSessionsFilter { SubjectId = "alice" },
_ct);
var sessions = await store.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });
var session = sessions.Single();
session.SessionId.ShouldBe("sid1");
}
@ -105,9 +100,7 @@ public class BackchannelLogoutEndpointTests(ITestOutputHelper output) : BffInteg
{
var store = BffHost.Resolve<IUserSessionStore>();
var sessions = await store.GetUserSessionsAsync(
new UserSessionsFilter { SubjectId = "alice" },
_ct);
var sessions = await store.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });
sessions.Count().ShouldBe(2);
}
@ -115,9 +108,7 @@ public class BackchannelLogoutEndpointTests(ITestOutputHelper output) : BffInteg
{
var store = BffHost.Resolve<IUserSessionStore>();
var sessions = await store.GetUserSessionsAsync(
new UserSessionsFilter { SubjectId = "alice" },
_ct);
var sessions = await store.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });
sessions.ShouldBeEmpty();
}
}

55
bff/test/Bff.Tests/Endpoints/Management/LoginEndpointTests.cs
View file

@ -4,19 +4,18 @@
using System.Net;
using Duende.Bff.Tests.TestHosts;
using Microsoft.Extensions.DependencyInjection;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Endpoints.Management;
public class LoginEndpointTests(ITestOutputHelper output) : BffIntegrationTestBase(output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task login_should_allow_anonymous()
{
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.AddAuthorization(opts =>
svcs.AddAuthorization(opts =>
{
opts.FallbackPolicy =
new Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder()
@ -26,23 +25,23 @@ public class LoginEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
};
await BffHost.InitializeAsync();
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"));
response.StatusCode.ShouldNotBe(HttpStatusCode.Unauthorized);
}
[Fact]
public async Task login_endpoint_should_challenge_and_redirect_to_root()
{
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"));
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(IdentityServerHost.Url("/connect/authorize"));
await IdentityServerHost.IssueSessionCookieAsync("alice");
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(BffHost.Url("/signin-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldBe("/");
}
@ -50,25 +49,25 @@ public class LoginEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
[Fact]
public async Task login_endpoint_should_challenge_and_redirect_to_root_with_custom_prefix()
{
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.Configure<BffOptions>(options =>
svcs.Configure<BffOptions>(options =>
{
options.ManagementBasePath = "/custom/bff";
});
};
await BffHost.InitializeAsync();
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/custom/bff/login"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/custom/bff/login"));
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(IdentityServerHost.Url("/connect/authorize"));
await IdentityServerHost.IssueSessionCookieAsync("alice");
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(BffHost.Url("/signin-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldBe("/");
}
@ -76,25 +75,25 @@ public class LoginEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
[Fact]
public async Task login_endpoint_should_challenge_and_redirect_to_root_with_custom_prefix_trailing_slash()
{
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.Configure<BffOptions>(options =>
svcs.Configure<BffOptions>(options =>
{
options.ManagementBasePath = "/custom/bff/";
});
};
await BffHost.InitializeAsync();
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/custom/bff/login"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/custom/bff/login"));
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(IdentityServerHost.Url("/connect/authorize"));
await IdentityServerHost.IssueSessionCookieAsync("alice");
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(BffHost.Url("/signin-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldBe("/");
}
@ -102,25 +101,25 @@ public class LoginEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
[Fact]
public async Task login_endpoint_should_challenge_and_redirect_to_root_with_root_prefix()
{
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.Configure<BffOptions>(options =>
svcs.Configure<BffOptions>(options =>
{
options.ManagementBasePath = "/";
});
};
await BffHost.InitializeAsync();
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/login"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/login"));
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(IdentityServerHost.Url("/connect/authorize"));
await IdentityServerHost.IssueSessionCookieAsync("alice");
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(BffHost.Url("/signin-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldBe("/");
}
@ -130,7 +129,7 @@ public class LoginEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
{
await BffHost.BffLoginAsync("alice");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"));
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(IdentityServerHost.Url("/connect/authorize"));
}
@ -138,16 +137,16 @@ public class LoginEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
[Fact]
public async Task login_endpoint_should_accept_returnUrl()
{
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login") + "?returnUrl=/foo", _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login") + "?returnUrl=/foo");
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(IdentityServerHost.Url("/connect/authorize"));
await IdentityServerHost.IssueSessionCookieAsync("alice");
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldStartWith(BffHost.Url("/signin-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location!.ToString().ShouldBe("/foo");
}
@ -155,7 +154,7 @@ public class LoginEndpointTests(ITestOutputHelper output) : BffIntegrationTestBa
[Fact]
public async Task login_endpoint_should_not_accept_non_local_returnUrl()
{
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login") + "?returnUrl=https://foo", _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login") + "?returnUrl=https://foo");
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
}
}

33
bff/test/Bff.Tests/Endpoints/Management/LogoutEndpointTests.cs
View file

@ -4,19 +4,18 @@
using System.Net;
using Duende.Bff.Tests.TestHosts;
using Microsoft.Extensions.DependencyInjection;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Endpoints.Management;
public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestBase(output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task logout_endpoint_should_allow_anonymous()
{
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.AddAuthorization(opts =>
svcs.AddAuthorization(opts =>
{
opts.FallbackPolicy =
new Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder()
@ -26,7 +25,7 @@ public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
};
await BffHost.InitializeAsync();
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.ShouldNotBe(HttpStatusCode.Unauthorized);
}
@ -45,7 +44,7 @@ public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
{
await BffHost.BffLoginAsync("alice", "sid123");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
(await BffHost.GetIsUserLoggedInAsync()).ShouldBeTrue();
@ -58,7 +57,7 @@ public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
BffHost.BffOptions.RequireLogoutSessionId = false;
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.ShouldBe(HttpStatusCode.Redirect); // endsession
response.Headers.Location!.ToString().ToLowerInvariant().ShouldStartWith(IdentityServerHost.Url("/connect/endsession"));
}
@ -67,9 +66,9 @@ public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
public async Task logout_endpoint_for_authenticated_user_without_sid_should_succeed()
{
// workaround for RevokeUserRefreshTokenAsync throwing when no RT in session
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.Configure<BffOptions>(options =>
svcs.Configure<BffOptions>(options =>
{
options.RevokeRefreshTokenOnLogout = false;
});
@ -78,7 +77,7 @@ public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.IssueSessionCookieAsync("alice");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.ShouldBe(HttpStatusCode.Redirect); // endsession
response.Headers.Location!.ToString().ToLowerInvariant().ShouldStartWith(IdentityServerHost.Url("/connect/endsession"));
}
@ -86,7 +85,7 @@ public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
[Fact]
public async Task logout_endpoint_for_anonymous_user_without_sid_should_succeed()
{
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"), _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.ShouldBe(HttpStatusCode.Redirect); // endsession
response.Headers.Location!.ToString().ToLowerInvariant().ShouldStartWith(IdentityServerHost.Url("/connect/endsession"));
}
@ -114,7 +113,7 @@ public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BffLogoutAsync("sid123");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=123", _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=123");
response.StatusCode.ShouldBe(HttpStatusCode.Redirect); // endsession
response.Headers.Location!.ToString().ToLowerInvariant().ShouldStartWith(IdentityServerHost.Url("/connect/endsession"));
@ -127,19 +126,19 @@ public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
{
await BffHost.BffLoginAsync("alice", "sid123");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=sid123&returnUrl=/foo", _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=sid123&returnUrl=/foo");
response.StatusCode.ShouldBe(HttpStatusCode.Redirect); // endsession
response.Headers.Location!.ToString().ToLowerInvariant().ShouldStartWith(IdentityServerHost.Url("/connect/endsession"));
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location!.ToString(), _ct);
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location!.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect); // logout
response.Headers.Location!.ToString().ToLowerInvariant().ShouldStartWith(IdentityServerHost.Url("/account/logout"));
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location!.ToString(), _ct);
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location!.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect); // post logout redirect uri
response.Headers.Location!.ToString().ToLowerInvariant().ShouldStartWith(BffHost.Url("/signout-callback-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location!.ToString(), _ct);
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location!.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect); // root
response.Headers.Location!.ToString().ToLowerInvariant().ShouldBe("/foo");
}
@ -149,7 +148,7 @@ public class LogoutEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
{
await BffHost.BffLoginAsync("alice", "sid123");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=sid123&returnUrl=https://foo", _ct);
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=sid123&returnUrl=https://foo");
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
}
}

9
bff/test/Bff.Tests/Endpoints/Management/ManagementBasePathTests.cs
View file

@ -5,13 +5,12 @@ using System.Net;
using Duende.Bff.Tests.TestHosts;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Endpoints.Management;
public class ManagementBasePathTests(ITestOutputHelper output) : BffIntegrationTestBase(output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Theory]
[InlineData(Constants.ManagementEndpoints.Login)]
[InlineData(Constants.ManagementEndpoints.Logout)]
@ -20,9 +19,9 @@ public class ManagementBasePathTests(ITestOutputHelper output) : BffIntegrationT
[InlineData(Constants.ManagementEndpoints.User)]
public async Task custom_ManagementBasePath_should_affect_basepath(string path)
{
BffHost.OnConfigureServices += services =>
BffHost.OnConfigureServices += svcs =>
{
services.Configure<BffOptions>(options =>
svcs.Configure<BffOptions>(options =>
{
options.ManagementBasePath = new PathString("/{path:regex(^[a-zA-Z\\d-]+$)}/bff");
});
@ -32,7 +31,7 @@ public class ManagementBasePathTests(ITestOutputHelper output) : BffIntegrationT
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/custom/bff" + path));
req.Headers.Add("x-csrf", "1");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.StatusCode.ShouldNotBe(HttpStatusCode.NotFound);
}

7
bff/test/Bff.Tests/Endpoints/Management/UserEndpointTests.cs
View file

@ -4,13 +4,12 @@
using System.Net;
using System.Security.Claims;
using Duende.Bff.Tests.TestHosts;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Endpoints.Management;
public class UserEndpointTests(ITestOutputHelper output) : BffIntegrationTestBase(output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task user_endpoint_for_authenticated_user_should_return_claims()
{
@ -55,7 +54,7 @@ public class UserEndpointTests(ITestOutputHelper output) : BffIntegrationTestBas
await BffHost.IssueSessionCookieAsync(new Claim("sub", "alice"), new Claim("foo", "foo1"), new Claim("foo", "foo2"));
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/bff/user"));
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
@ -65,7 +64,7 @@ public class UserEndpointTests(ITestOutputHelper output) : BffIntegrationTestBas
{
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/bff/user"));
req.Headers.Add("x-csrf", "1");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}

103
bff/test/Bff.Tests/Endpoints/RemoteEndpointTests.cs
View file

@ -6,19 +6,17 @@ using System.Net.Http.Json;
using System.Text.Json;
using Duende.Bff.Tests.TestFramework;
using Duende.Bff.Tests.TestHosts;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Endpoints;
public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestBase(output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task unauthenticated_calls_to_remote_endpoint_should_return_401()
=> await BffHost.BrowserClient.CallBffHostApi(
public async Task unauthenticated_calls_to_remote_endpoint_should_return_401() => await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user/test"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
[Fact]
public async Task calls_to_remote_endpoint_should_forward_user_to_api()
@ -26,8 +24,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BffLoginAsync("alice");
var (response, apiResult) = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user/test"),
ct: _ct);
url: BffHost.Url("/api_user/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -39,14 +37,15 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
}
[Fact]
public async Task calls_to_remote_endpoint_with_useraccesstokenparameters_having_stored_named_token_should_forward_user_to_api()
public async Task
calls_to_remote_endpoint_with_useraccesstokenparameters_having_stored_named_token_should_forward_user_to_api()
{
await BffHostWithNamedTokens.BffLoginAsync("alice");
ApiResponse apiResult = await BffHostWithNamedTokens.BrowserClient.CallBffHostApi(
url: BffHostWithNamedTokens.Url(
"/api_user_with_useraccesstokenparameters_having_stored_named_token/test"),
ct: _ct);
"/api_user_with_useraccesstokenparameters_having_stored_named_token/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -63,8 +62,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHostWithNamedTokens.BrowserClient.CallBffHostApi(
url: BffHostWithNamedTokens.Url(
"/api_user_with_useraccesstokenparameters_having_not_stored_named_token/test"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
}
[Fact]
@ -75,8 +74,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user/test"),
method: HttpMethod.Put,
content: JsonContent.Create(new TestPayload("hello test api")),
ct: _ct);
content: JsonContent.Create(new TestPayload("hello test api"))
);
apiResult.Method.ShouldBe("PUT");
apiResult.Path.ShouldBe("/test");
@ -94,8 +93,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user/test"),
method: HttpMethod.Post,
content: JsonContent.Create(new TestPayload("hello test api")),
ct: _ct);
content: JsonContent.Create(new TestPayload("hello test api"))
);
apiResult.Method.ShouldBe("POST");
apiResult.Path.ShouldBe("/test");
@ -110,8 +109,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
{
{
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user_or_anon/test"),
ct: _ct);
url: BffHost.Url("/api_user_or_anon/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -123,8 +122,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BffLoginAsync("alice");
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user_or_anon/test"),
ct: _ct);
url: BffHost.Url("/api_user_or_anon/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -139,8 +138,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BffLoginAsync("alice");
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_client/test"),
ct: _ct);
url: BffHost.Url("/api_client/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -155,8 +154,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_with_access_token_retrieval_that_fails"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
// user should be signed out
var result = await BffHost.GetIsUserLoggedInAsync();
@ -170,8 +169,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_forbidden"),
expectedStatusCode: HttpStatusCode.Forbidden,
ct: _ct);
expectedStatusCode: HttpStatusCode.Forbidden
);
}
[Fact]
@ -181,8 +180,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_unauthenticated"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
}
[Fact]
@ -191,8 +190,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BffLoginAsync("alice");
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_with_access_token_retriever"),
ct: _ct);
url: BffHost.Url("/api_with_access_token_retriever")
);
apiResult.Sub.ShouldBe("123");
apiResult.ClientId.ShouldBe("fake-client");
@ -203,8 +202,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
{
{
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user_or_client/test"),
ct: _ct);
url: BffHost.Url("/api_user_or_client/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -216,8 +215,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BffLoginAsync("alice");
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user_or_client/test"),
ct: _ct);
url: BffHost.Url("/api_user_or_client/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -231,8 +230,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
{
{
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_anon_only/test"),
ct: _ct);
url: BffHost.Url("/api_anon_only/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -244,8 +243,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BffLoginAsync("alice");
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_anon_only/test"),
ct: _ct);
url: BffHost.Url("/api_anon_only/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -262,13 +261,13 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user_or_client/test"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_client/test"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
}
[Fact]
@ -279,8 +278,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user/test"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
}
[Fact]
@ -291,14 +290,14 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user/test"),
expectedStatusCode: HttpStatusCode.Forbidden,
ct: _ct);
expectedStatusCode: HttpStatusCode.Forbidden
);
}
[Fact]
public async Task calls_to_remote_endpoint_should_require_csrf()
{
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_user_or_client/test"));
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
@ -309,8 +308,8 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
await BffHost.BffLoginAsync("alice");
ApiResponse apiResult = await BffHost.BrowserClient.CallBffHostApi(
url: BffHost.Url("/api_user_no_csrf/test"),
ct: _ct);
url: BffHost.Url("/api_user_no_csrf/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/test");
@ -326,11 +325,11 @@ public class RemoteEndpointTests(ITestOutputHelper output) : BffIntegrationTestB
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_custom_transform/test"));
req.Headers.Add("x-csrf", "1");
req.Headers.Add("my-header-to-be-copied-by-yarp", "copied-value");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.ShouldBeTrue();
response.Content.Headers.ContentType!.MediaType.ShouldBe("application/json");
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize<ApiResponse>(json).ShouldNotBeNull();
apiResult.RequestHeaders["my-header-to-be-copied-by-yarp"].First().ShouldBe("copied-value");

83
bff/test/Bff.Tests/Endpoints/YarpRemoteEndpointTests.cs
View file

@ -4,51 +4,46 @@
using System.Net;
using Duende.Bff.Tests.TestFramework;
using Duende.Bff.Tests.TestHosts;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Endpoints;
public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrationTestBase(output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task anonymous_call_with_no_csrf_header_to_no_token_requirement_no_csrf_route_should_succeed()
=> await YarpBasedBffHost.BrowserClient.CallBffHostApi(
public async Task anonymous_call_with_no_csrf_header_to_no_token_requirement_no_csrf_route_should_succeed() => await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_anon_no_csrf/test"),
expectedStatusCode: HttpStatusCode.OK,
ct: _ct);
expectedStatusCode: HttpStatusCode.OK
);
[Fact]
public async Task anonymous_call_with_no_csrf_header_to_csrf_route_should_fail()
{
var req = new HttpRequestMessage(HttpMethod.Get, YarpBasedBffHost.Url("/api_anon/test"));
var response = await YarpBasedBffHost.BrowserClient.SendAsync(req, _ct);
var response = await YarpBasedBffHost.BrowserClient.SendAsync(req);
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
[Fact]
public async Task anonymous_call_to_no_token_requirement_route_should_succeed()
=> await YarpBasedBffHost.BrowserClient.CallBffHostApi(
public async Task anonymous_call_to_no_token_requirement_route_should_succeed() => await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_anon/test"),
expectedStatusCode: HttpStatusCode.OK,
ct: _ct);
expectedStatusCode: HttpStatusCode.OK
);
[Fact]
public async Task anonymous_call_to_user_token_requirement_route_should_fail()
=> await YarpBasedBffHost.BrowserClient.CallBffHostApi(
public async Task anonymous_call_to_user_token_requirement_route_should_fail() => await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_user/test"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
[Fact]
public async Task anonymous_call_to_optional_user_token_route_should_succeed()
{
ApiResponse apiResult = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_optional_user/test"),
ct: _ct);
url: YarpBasedBffHost.Url("/api_optional_user/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/api_optional_user/test");
@ -60,8 +55,8 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
public async Task call_to_api_badly_cased_anti_forgery()
{
var result = await YarpBasedBffHost.BrowserClient.GetAsync(
new Uri(YarpBasedBffHost.Url("/api_badly_cased_anti_forgery/test")),
_ct);
new Uri(YarpBasedBffHost.Url("/api_badly_cased_anti_forgery/test"))
);
result.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
@ -72,9 +67,10 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
{
await YarpBasedBffHost.BffLoginAsync("alice");
ApiResponse apiResult = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
YarpBasedBffHost.Url("/api_badly_cased_optional_token/test"),
ct: _ct);
YarpBasedBffHost.Url("/api_badly_cased_optional_token/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Sub.ShouldBe("alice");
@ -90,8 +86,8 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
await YarpBasedBffHost.BffLoginAsync("alice");
ApiResponse apiResult = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url(route),
ct: _ct);
url: YarpBasedBffHost.Url(route)
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe(route);
@ -108,8 +104,8 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
ApiResponse apiResult = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url(route),
method: HttpMethod.Put,
ct: _ct);
method: HttpMethod.Put
);
apiResult.Method.ShouldBe("PUT");
apiResult.Path.ShouldBe(route);
@ -126,8 +122,8 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
ApiResponse apiResult = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url(route),
method: HttpMethod.Post,
ct: _ct);
method: HttpMethod.Post
);
apiResult.Method.ShouldBe("POST");
apiResult.Path.ShouldBe(route);
@ -141,8 +137,8 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
await YarpBasedBffHost.BffLoginAsync("alice");
ApiResponse apiResult = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_client/test"),
ct: _ct);
url: YarpBasedBffHost.Url("/api_client/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/api_client/test");
@ -155,8 +151,8 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
{
{
ApiResponse apiResult = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_user_or_client/test"),
ct: _ct);
url: YarpBasedBffHost.Url("/api_user_or_client/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/api_user_or_client/test");
@ -168,8 +164,8 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
await YarpBasedBffHost.BffLoginAsync("alice");
ApiResponse apiResult = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_user_or_client/test"),
ct: _ct);
url: YarpBasedBffHost.Url("/api_user_or_client/test")
);
apiResult.Method.ShouldBe("GET");
apiResult.Path.ShouldBe("/api_user_or_client/test");
@ -186,8 +182,8 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
var response = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_user/test"),
expectedStatusCode: HttpStatusCode.Unauthorized,
ct: _ct);
expectedStatusCode: HttpStatusCode.Unauthorized
);
}
[Fact]
@ -196,17 +192,18 @@ public class YarpRemoteEndpointTests(ITestOutputHelper output) : YarpBffIntegrat
await YarpBasedBffHost.BffLoginAsync("alice");
ApiHost.ApiStatusCodeToReturn = 403;
_ = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
var response = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_user/test"),
expectedStatusCode: HttpStatusCode.Forbidden,
ct: _ct);
expectedStatusCode: HttpStatusCode.Forbidden
);
}
[Fact]
public async Task invalid_configuration_of_routes_should_return_500()
=>
_ = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
{
var response = await YarpBasedBffHost.BrowserClient.CallBffHostApi(
url: YarpBasedBffHost.Url("/api_invalid/test"),
expectedStatusCode: HttpStatusCode.InternalServerError,
ct: _ct);
expectedStatusCode: HttpStatusCode.InternalServerError
);
}
}

5
bff/test/Bff.Tests/GenericHostTests.cs
View file

@ -4,13 +4,12 @@
using System.Net;
using Duende.Bff.Tests.TestFramework;
using Microsoft.AspNetCore.Builder;
using Xunit.Abstractions;
namespace Duende.Bff.Tests;
public class GenericHostTests(ITestOutputHelper output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task Test1()
{
@ -22,7 +21,7 @@ public class GenericHostTests(ITestOutputHelper output)
});
await host.InitializeAsync();
var response = await host.HttpClient.GetAsync("/test", _ct);
var response = await host.HttpClient.GetAsync("/test");
response.StatusCode.ShouldBe(HttpStatusCode.NoContent);
}

15
bff/test/Bff.Tests/Headers/ApiAndBffUseForwardedHeaders.cs
View file

@ -4,13 +4,12 @@
using System.Text.Json;
using Duende.Bff.Tests.TestFramework;
using Duende.Bff.Tests.TestHosts;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Headers;
public class ApiAndBffUseForwardedHeaders : BffIntegrationTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
public ApiAndBffUseForwardedHeaders(ITestOutputHelper output) : base(output)
{
BffHost.UseForwardedHeaders = true;
@ -22,10 +21,10 @@ public class ApiAndBffUseForwardedHeaders : BffIntegrationTestBase
{
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
req.Headers.Add("x-csrf", "1");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.ShouldBeTrue();
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize<ApiResponse>(json).ShouldNotBeNull();
var host = apiResult.RequestHeaders["Host"].Single();
@ -40,10 +39,10 @@ public class ApiAndBffUseForwardedHeaders : BffIntegrationTestBase
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
req.Headers.Add("x-csrf", "1");
req.Headers.Add("X-Forwarded-Host", "external");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.ShouldBeTrue();
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize<ApiResponse>(json).ShouldNotBeNull();
var host = apiResult.RequestHeaders["Host"].Single();
@ -58,10 +57,10 @@ public class ApiAndBffUseForwardedHeaders : BffIntegrationTestBase
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
req.Headers.Add("x-csrf", "1");
req.Headers.Add("X-Forwarded-Host", "external");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.ShouldBeTrue();
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize<ApiResponse>(json).ShouldNotBeNull();
var host = apiResult.RequestHeaders["Host"].Single();

14
bff/test/Bff.Tests/Headers/ApiUseForwardedHeaders.cs
View file

@ -4,25 +4,23 @@
using System.Text.Json;
using Duende.Bff.Tests.TestFramework;
using Duende.Bff.Tests.TestHosts;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Headers;
public class ApiUseForwardedHeaders : BffIntegrationTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
public ApiUseForwardedHeaders(ITestOutputHelper output)
: base(output) => ApiHost.UseForwardedHeaders = true;
public ApiUseForwardedHeaders(ITestOutputHelper output) : base(output) => ApiHost.UseForwardedHeaders = true;
[Fact]
public async Task bff_host_name_should_propagate_to_api()
{
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
req.Headers.Add("x-csrf", "1");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.ShouldBeTrue();
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize<ApiResponse>(json).ShouldNotBeNull();
var host = apiResult.RequestHeaders["Host"].Single();
@ -35,10 +33,10 @@ public class ApiUseForwardedHeaders : BffIntegrationTestBase
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
req.Headers.Add("x-csrf", "1");
req.Headers.Add("X-Forwarded-Host", "external");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.ShouldBeTrue();
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize<ApiResponse>(json).ShouldNotBeNull();
var host = apiResult.RequestHeaders["Host"].Single();

15
bff/test/Bff.Tests/Headers/General.cs
View file

@ -4,22 +4,21 @@
using System.Text.Json;
using Duende.Bff.Tests.TestFramework;
using Duende.Bff.Tests.TestHosts;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.Headers;
public class General(ITestOutputHelper output) : BffIntegrationTestBase(output)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task local_endpoint_should_receive_standard_headers()
{
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_anon"));
req.Headers.Add("x-csrf", "1");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.ShouldBeTrue();
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize<ApiResponse>(json).ShouldNotBeNull();
apiResult.RequestHeaders.Count.ShouldBe(2);
@ -35,10 +34,10 @@ public class General(ITestOutputHelper output) : BffIntegrationTestBase(output)
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
req.Headers.Add("x-csrf", "1");
req.Headers.Add("x-custom", "custom");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.ShouldBeTrue();
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize<ApiResponse>(json).ShouldNotBeNull();
apiResult.RequestHeaders["Host"].Single().ShouldBe("api");
@ -53,10 +52,10 @@ public class General(ITestOutputHelper output) : BffIntegrationTestBase(output)
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
req.Headers.Add("x-csrf", "1");
req.Headers.Add("x-custom", "custom");
var response = await BffHost.BrowserClient.SendAsync(req, _ct);
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.ShouldBeTrue();
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize<ApiResponse>(json).ShouldNotBeNull();
apiResult.RequestHeaders["X-Forwarded-Host"].Single().ShouldBe("app");

20
bff/test/Bff.Tests/IAccessTokenRetriever_Extensibility_tests.cs
View file

@ -6,6 +6,7 @@ using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Logging.Abstractions;
using Xunit.Abstractions;
namespace Duende.Bff.Tests;
@ -14,15 +15,14 @@ namespace Duende.Bff.Tests;
/// </summary>
public class IAccessTokenRetriever_Extensibility_tests : BffIntegrationTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private ContextCapturingAccessTokenRetriever CustomAccessTokenReceiver { get; } = new(NullLogger<DefaultAccessTokenRetriever>.Instance);
private ContextCapturingAccessTokenRetriever _customAccessTokenReceiver { get; } = new(NullLogger<DefaultAccessTokenRetriever>.Instance);
public IAccessTokenRetriever_Extensibility_tests(ITestOutputHelper output) : base(output)
{
BffHost.OnConfigureServices += services =>
{
services.AddSingleton(CustomAccessTokenReceiver);
services.AddSingleton(_customAccessTokenReceiver);
};
BffHost.OnConfigure += app =>
@ -55,9 +55,9 @@ public class IAccessTokenRetriever_Extensibility_tests : BffIntegrationTestBase
{
await BffHost.BffLoginAsync("alice");
await BffHost.BrowserClient.CallBffHostApi(BffHost.Url("/custom"), ct: _ct);
await BffHost.BrowserClient.CallBffHostApi(BffHost.Url("/custom"));
var usedContext = CustomAccessTokenReceiver.UsedContext.ShouldNotBeNull();
var usedContext = _customAccessTokenReceiver.UsedContext.ShouldNotBeNull();
usedContext.Metadata.RequiredTokenType.ShouldBe(TokenType.User);
@ -71,9 +71,9 @@ public class IAccessTokenRetriever_Extensibility_tests : BffIntegrationTestBase
{
await BffHost.BffLoginAsync("alice");
await BffHost.BrowserClient.CallBffHostApi(BffHost.Url("/subPath/custom_within_subpath"), ct: _ct);
await BffHost.BrowserClient.CallBffHostApi(BffHost.Url("/subPath/custom_within_subpath"));
var usedContext = CustomAccessTokenReceiver.UsedContext.ShouldNotBeNull();
var usedContext = _customAccessTokenReceiver.UsedContext.ShouldNotBeNull();
usedContext.ApiAddress.ShouldBe(new Uri(ApiHost.Url("/some/path")));
usedContext.LocalPath.ToString().ShouldBe("/custom_within_subpath");
@ -83,10 +83,12 @@ public class IAccessTokenRetriever_Extensibility_tests : BffIntegrationTestBase
/// <summary>
/// Captures the context in which the access token retriever is called, so we can assert on it
/// </summary>
private class ContextCapturingAccessTokenRetriever(ILogger<DefaultAccessTokenRetriever> logger)
: DefaultAccessTokenRetriever(logger)
private class ContextCapturingAccessTokenRetriever : DefaultAccessTokenRetriever
{
public AccessTokenRetrievalContext? UsedContext { get; private set; }
public ContextCapturingAccessTokenRetriever(ILogger<DefaultAccessTokenRetriever> logger) : base(logger)
{
}
public override Task<AccessTokenResult> GetAccessToken(AccessTokenRetrievalContext context)
{

51
bff/test/Bff.Tests/SessionManagement/CookieSlidingTests.cs
View file

@ -5,27 +5,26 @@ using Duende.Bff.Tests.TestHosts;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Time.Testing;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.SessionManagement;
public class CookieSlidingTests : BffIntegrationTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly InMemoryUserSessionStore _sessionStore = new();
private readonly FakeTimeProvider _clock = new(DateTime.UtcNow);
readonly InMemoryUserSessionStore _sessionStore = new();
readonly FakeTimeProvider _clock = new(DateTime.UtcNow);
public CookieSlidingTests(ITestOutputHelper output) : base(output)
=> BffHost.OnConfigureServices += services =>
{
services.AddSingleton<IUserSessionStore>(_sessionStore);
services.Configure<CookieAuthenticationOptions>("cookie", options =>
{
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
});
services.AddSingleton<TimeProvider>(_clock);
};
public CookieSlidingTests(ITestOutputHelper output) : base(output) => BffHost.OnConfigureServices += services =>
{
services.AddSingleton<IUserSessionStore>(_sessionStore);
services.Configure<CookieAuthenticationOptions>("cookie", options =>
{
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
});
services.AddSingleton<TimeProvider>(_clock);
};
private void SetClock(TimeSpan t) => _clock.SetUtcNow(_clock.GetUtcNow().Add(t));
@ -34,19 +33,19 @@ public class CookieSlidingTests : BffIntegrationTestBase
{
await BffHost.BffLoginAsync("alice");
var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" }, _ct);
var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });
sessions.Count().ShouldBe(1);
var session = sessions.Single();
var ticketStore = BffHost.Resolve<IServerTicketStore>();
var firstTicket = await ticketStore.RetrieveAsync(session.Key, _ct);
var firstTicket = await ticketStore.RetrieveAsync(session.Key);
firstTicket.ShouldNotBeNull();
SetClock(TimeSpan.FromMinutes(8));
(await BffHost.GetIsUserLoggedInAsync()).ShouldBeTrue();
var secondTicket = await ticketStore.RetrieveAsync(session.Key, _ct);
var secondTicket = await ticketStore.RetrieveAsync(session.Key);
secondTicket.ShouldNotBeNull();
(secondTicket.Properties.IssuedUtc > firstTicket.Properties.IssuedUtc).ShouldBeTrue();
@ -58,19 +57,19 @@ public class CookieSlidingTests : BffIntegrationTestBase
{
await BffHost.BffLoginAsync("alice");
var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" }, _ct);
var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });
sessions.Count().ShouldBe(1);
var session = sessions.Single();
var ticketStore = BffHost.Resolve<IServerTicketStore>();
var firstTicket = await ticketStore.RetrieveAsync(session.Key, _ct);
var firstTicket = await ticketStore.RetrieveAsync(session.Key);
firstTicket.ShouldNotBeNull();
SetClock(TimeSpan.FromMinutes(8));
(await BffHost.GetIsUserLoggedInAsync("slide=false")).ShouldBeTrue();
var secondTicket = await ticketStore.RetrieveAsync(session.Key, _ct);
var secondTicket = await ticketStore.RetrieveAsync(session.Key);
secondTicket.ShouldNotBeNull();
(secondTicket.Properties.IssuedUtc == firstTicket.Properties.IssuedUtc).ShouldBeTrue();
@ -97,20 +96,20 @@ public class CookieSlidingTests : BffIntegrationTestBase
await BffHost.BffLoginAsync("alice");
var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" }, _ct);
var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });
sessions.Count().ShouldBe(1);
var session = sessions.Single();
var ticketStore = BffHost.Resolve<IServerTicketStore>();
var firstTicket = await ticketStore.RetrieveAsync(session.Key, _ct);
var firstTicket = await ticketStore.RetrieveAsync(session.Key);
firstTicket.ShouldNotBeNull();
shouldRenew = true;
SetClock(TimeSpan.FromSeconds(1));
(await BffHost.GetIsUserLoggedInAsync()).ShouldBeTrue();
var secondTicket = await ticketStore.RetrieveAsync(session.Key, _ct);
var secondTicket = await ticketStore.RetrieveAsync(session.Key);
secondTicket.ShouldNotBeNull();
(secondTicket.Properties.IssuedUtc > firstTicket.Properties.IssuedUtc).ShouldBeTrue();
@ -138,20 +137,20 @@ public class CookieSlidingTests : BffIntegrationTestBase
await BffHost.BffLoginAsync("alice");
var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" }, _ct);
var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });
sessions.Count().ShouldBe(1);
var session = sessions.Single();
var ticketStore = BffHost.Resolve<IServerTicketStore>();
var firstTicket = await ticketStore.RetrieveAsync(session.Key, _ct);
var firstTicket = await ticketStore.RetrieveAsync(session.Key);
firstTicket.ShouldNotBeNull();
shouldRenew = true;
SetClock(TimeSpan.FromSeconds(1));
(await BffHost.GetIsUserLoggedInAsync("slide=false")).ShouldBeTrue();
var secondTicket = await ticketStore.RetrieveAsync(session.Key, _ct);
var secondTicket = await ticketStore.RetrieveAsync(session.Key);
secondTicket.ShouldNotBeNull();
(secondTicket.Properties.IssuedUtc == firstTicket.Properties.IssuedUtc).ShouldBeTrue();

1
bff/test/Bff.Tests/SessionManagement/RevokeRefreshTokenTests.cs
View file

@ -4,6 +4,7 @@
using Duende.Bff.Tests.TestHosts;
using Duende.IdentityServer.Stores;
using Microsoft.Extensions.DependencyInjection;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.SessionManagement;

18
bff/test/Bff.Tests/SessionManagement/ServerSideTicketStoreTests.cs
View file

@ -3,19 +3,18 @@
using Duende.Bff.Tests.TestHosts;
using Microsoft.Extensions.DependencyInjection;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.SessionManagement;
public class ServerSideTicketStoreTests : BffIntegrationTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
readonly InMemoryUserSessionStore _sessionStore = new();
public ServerSideTicketStoreTests(ITestOutputHelper output) : base(output)
=> BffHost.OnConfigureServices += services =>
{
services.AddSingleton<IUserSessionStore>(_sessionStore);
};
public ServerSideTicketStoreTests(ITestOutputHelper output) : base(output) => BffHost.OnConfigureServices += services =>
{
services.AddSingleton<IUserSessionStore>(_sessionStore);
};
[Fact]
public async Task StoreAsync_should_remove_conflicting_entries_prior_to_creating_new_entry()
@ -23,13 +22,10 @@ public class ServerSideTicketStoreTests : BffIntegrationTestBase
await BffHost.BffLoginAsync("alice");
BffHost.BrowserClient.RemoveCookie("bff");
var userSessionsFilter = new UserSessionsFilter { SubjectId = "alice" };
var result = await _sessionStore.GetUserSessionsAsync(userSessionsFilter, _ct);
result.Count.ShouldBe(1);
(await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" })).Count().ShouldBe(1);
await BffHost.BffOidcLoginAsync();
result = await _sessionStore.GetUserSessionsAsync(userSessionsFilter, _ct);
result.Count.ShouldBe(1);
(await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" })).Count().ShouldBe(1);
}
}

2
bff/test/Bff.Tests/TestFramework/GenericHost.cs
View file

@ -46,7 +46,7 @@ public class GenericHost(WriteTestOutput writeOutput, string baseAddress = "http
return _baseAddress + path;
}
public async ValueTask InitializeAsync()
public async Task InitializeAsync()
{
var hostBuilder = new HostBuilder()
.ConfigureWebHost(builder =>

15
bff/test/Bff.Tests/TestHosts/BffIntegrationTestBase.cs
View file

@ -6,17 +6,18 @@ using Duende.IdentityServer.Models;
using Duende.IdentityServer.Services;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.TestHosts;
public class BffIntegrationTestBase : OutputWritingTestBase
{
protected readonly IdentityServerHost IdentityServerHost;
protected readonly ApiHost ApiHost;
protected readonly BffHost BffHost;
protected readonly BffHostUsingResourceNamedTokens BffHostWithNamedTokens;
protected ApiHost ApiHost;
protected BffHost BffHost;
protected BffHostUsingResourceNamedTokens BffHostWithNamedTokens;
protected BffIntegrationTestBase(ITestOutputHelper output) : base(output)
public BffIntegrationTestBase(ITestOutputHelper output) : base(output)
{
IdentityServerHost = new IdentityServerHost(WriteLine);
ApiHost = new ApiHost(WriteLine, IdentityServerHost, "scope1");
@ -46,11 +47,12 @@ public class BffIntegrationTestBase : OutputWritingTestBase
services.AddSingleton<DefaultAccessTokenRetriever>();
};
}
public async Task Login(string sub) => await IdentityServerHost.IssueSessionCookieAsync(new Claim("sub", sub));
public override async ValueTask InitializeAsync()
public override async Task InitializeAsync()
{
await IdentityServerHost.InitializeAsync();
await ApiHost.InitializeAsync();
@ -59,12 +61,13 @@ public class BffIntegrationTestBase : OutputWritingTestBase
await base.InitializeAsync();
}
public override async ValueTask DisposeAsync()
public override async Task DisposeAsync()
{
await ApiHost.DisposeAsync();
await BffHost.DisposeAsync();
await BffHostWithNamedTokens.DisposeAsync();
await IdentityServerHost.DisposeAsync();
await base.DisposeAsync();
}
}

15
bff/test/Bff.Tests/TestHosts/OutputWritingTestBase.cs
View file

@ -2,16 +2,15 @@
// See LICENSE in the project root for license information.
using System.Text;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.TestHosts;
public class OutputWritingTestBase(ITestOutputHelper testOutputHelper) : IAsyncLifetime
{
private readonly StringBuilder _output = new();
private readonly StringBuilder _output = new StringBuilder();
public virtual ValueTask InitializeAsync() => default;
protected void WriteLine(string message)
public void WriteLine(string message)
{
lock (_output)
{
@ -19,12 +18,16 @@ public class OutputWritingTestBase(ITestOutputHelper testOutputHelper) : IAsyncL
}
}
public virtual ValueTask DisposeAsync()
public virtual Task InitializeAsync() => Task.CompletedTask;
public virtual Task DisposeAsync()
{
lock (_output)
{
testOutputHelper.WriteLine(_output.ToString());
}
return default;
return Task.CompletedTask;
}
}

5
bff/test/Bff.Tests/TestHosts/YarpBffIntegrationTestBase.cs
View file

@ -6,6 +6,7 @@ using Duende.IdentityServer.Models;
using Duende.IdentityServer.Services;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Xunit.Abstractions;
namespace Duende.Bff.Tests.TestHosts;
@ -50,7 +51,7 @@ public class YarpBffIntegrationTestBase : OutputWritingTestBase
public async Task Login(string sub) => await _identityServerHost.IssueSessionCookieAsync(new Claim("sub", sub));
public override async ValueTask InitializeAsync()
public override async Task InitializeAsync()
{
await _identityServerHost.InitializeAsync();
await ApiHost.InitializeAsync();
@ -59,7 +60,7 @@ public class YarpBffIntegrationTestBase : OutputWritingTestBase
await base.InitializeAsync();
}
public override async ValueTask DisposeAsync()
public override async Task DisposeAsync()
{
await _identityServerHost.DisposeAsync();
await ApiHost.DisposeAsync();

3
bff/test/Hosts.Tests/BffBlazorWebAssemblyTests.cs
View file

@ -4,6 +4,7 @@
using Hosts.ServiceDefaults;
using Hosts.Tests.PageModels;
using Hosts.Tests.TestInfra;
using Xunit.Abstractions;
namespace Hosts.Tests;
@ -19,7 +20,7 @@ public class BffBlazorWebAssemblyTests(ITestOutputHelper output, AppHostFixture
};
}
[Fact]
[SkippableFact]
public async Task Can_login_and_load_local_api()
{
await Warmup();

20
bff/test/Hosts.Tests/BffTests.cs
View file

@ -3,12 +3,12 @@
using Hosts.ServiceDefaults;
using Hosts.Tests.TestInfra;
using Xunit.Abstractions;
namespace Hosts.Tests;
public class BffTests : IntegrationTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly HttpClient _httpClient;
private readonly BffClient _bffClient;
@ -18,28 +18,28 @@ public class BffTests : IntegrationTestBase
_bffClient = new BffClient(CreateHttpClient(AppHostServices.Bff));
}
[Fact]
[SkippableFact]
public async Task Can_invoke_home()
{
var response = await _httpClient.GetAsync("/", _ct);
var response = await _httpClient.GetAsync("/");
response.StatusCode.ShouldBe(HttpStatusCode.OK);
}
[Fact]
[SkippableFact]
public async Task Can_initiate_login()
{
var response = await _httpClient.GetAsync("/", _ct);
var response = await _httpClient.GetAsync("/");
response.StatusCode.ShouldBe(HttpStatusCode.OK);
await _bffClient.TriggerLogin(ct: _ct);
await _bffClient.TriggerLogin();
// Verify that there are user claims
var claims = await _bffClient.GetUserClaims();
claims.Any().ShouldBeTrue();
}
[Theory]
[SkippableTheory]
[InlineData("/local/self-contained")]
[InlineData("/local/invokes-external-api")]
[InlineData("/api/user-token")]
@ -51,14 +51,14 @@ public class BffTests : IntegrationTestBase
[InlineData("/api/audience-constrained")]
public async Task Once_authenticated_can_call_proxied_urls(string url)
{
await _bffClient.TriggerLogin(ct: _ct);
await _bffClient.TriggerLogin();
await _bffClient.InvokeApi(url);
}
[Fact]
[SkippableFact]
public async Task Can_logout()
{
await _bffClient.TriggerLogin(ct: _ct);
await _bffClient.TriggerLogin();
await _bffClient.TriggerLogout();
await _bffClient.InvokeApi(url: "/local/self-contained", expectedResponse: HttpStatusCode.Unauthorized);

3
bff/test/Hosts.Tests/BlazorPerComponentTests.cs
View file

@ -4,6 +4,7 @@
using Hosts.ServiceDefaults;
using Hosts.Tests.PageModels;
using Hosts.Tests.TestInfra;
using Xunit.Abstractions;
namespace Hosts.Tests;
@ -20,7 +21,7 @@ public class BlazorPerComponentTests(ITestOutputHelper output, AppHostFixture fi
};
}
[Fact]
[SkippableFact]
public async Task Can_load_blazor_webassembly_app()
{
await Warmup();

19
bff/test/Hosts.Tests/Hosts.Tests.csproj
View file

@ -13,25 +13,30 @@
</PropertyGroup>
<ItemGroup>
<PackageReference Include="AngleSharp" />
<PackageReference Include="Aspire.Hosting.Testing" />
<PackageReference Include="Serilog" />
<PackageReference Include="Serilog.Extensions.Logging" />
<PackageReference Include="Serilog.Sinks.TextWriter" />
<PackageReference Include="Serilog.Sinks.XUnit3" />
<PackageReference Include="Serilog.Sinks.XUnit" />
<PackageReference Include="Serilog.AspNetCore" />
<PackageReference Include="Microsoft.Playwright.Xunit.v3" />
<PackageReference Include="Aspire.Hosting.Testing" />
<PackageReference Include="Xunit.SkippableFact" />
<PackageReference Include="Microsoft.Playwright.Xunit" />
</ItemGroup>
<ItemGroup Condition="'$(Configuration)' != 'Debug_NCrunch'">
<ProjectReference Include="..\..\hosts\Hosts.AppHost\Hosts.AppHost.csproj" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\hosts\Hosts.AppHost\Hosts.AppHost.csproj" />
<Using Include="Aspire.Hosting.ApplicationModel" />
<Using Include="Aspire.Hosting.Testing" />
<Using Include="Microsoft.Extensions.DependencyInjection" />
</ItemGroup>
<ItemGroup>
<Using Include="System.Net" />
<Using Include="Microsoft.Extensions.DependencyInjection" />
<Using Include="Xunit" />
</ItemGroup>

21
bff/test/Hosts.Tests/PlaywrightTestBase.cs
View file

@ -4,8 +4,9 @@
using System.Reflection;
using Hosts.Tests.TestInfra;
using Microsoft.Playwright;
using Microsoft.Playwright.Xunit.v3;
using Xunit.v3;
using Microsoft.Playwright.Xunit;
using Xunit.Abstractions;
using Xunit.Sdk;
namespace Hosts.Tests;
@ -30,12 +31,12 @@ public class PlaywrightTestBase : PageTest, IDisposable
#if DEBUG_NCRUNCH
// Running in NCrunch. NCrunch cannot build the aspire project, so it needs
// to be started manually.
Assert.Skip("When running the Host.Tests using NCrunch, you must start the Hosts.AppHost project manually. IE: dotnet run -p bff/samples/Hosts.AppHost. Or start without debugging from the UI. ");
Skip.If(true, "When running the Host.Tests using NCrunch, you must start the Hosts.AppHost project manually. IE: dotnet run -p bff/samples/Hosts.AppHost. Or start without debugging from the UI. ");
#endif
}
}
public override async ValueTask InitializeAsync()
public override async Task InitializeAsync()
{
await base.InitializeAsync();
Context.SetDefaultTimeout(10_000);
@ -48,7 +49,7 @@ public class PlaywrightTestBase : PageTest, IDisposable
});
}
public override async ValueTask DisposeAsync()
public override async Task DisposeAsync()
{
var path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) ?? Environment.CurrentDirectory;
// if path ends with /bin/{build configuration}/{dotnetversion}, then strip that from the path.
@ -58,6 +59,7 @@ public class PlaywrightTestBase : PageTest, IDisposable
path = Path.GetFullPath(Path.Combine(path, "../../../"));
}
await Context.Tracing.StopAsync(new()
{
Path = Path.Combine(
@ -104,17 +106,18 @@ public class PlaywrightTestBase : PageTest, IDisposable
public HttpClient CreateHttpClient(string clientName) => Fixture.CreateHttpClient(clientName);
}
public class WithTestNameAttribute : Attribute, IBeforeAfterTestAttribute
public class WithTestNameAttribute : BeforeAfterTestAttribute
{
public static string CurrentTestName = string.Empty;
public static string CurrentClassName = string.Empty;
public void Before(MethodInfo methodInfo, IXunitTest _)
public override void Before(MethodInfo methodInfo)
{
CurrentTestName = methodInfo.Name;
CurrentClassName = methodInfo.DeclaringType!.Name;
}
public void After(MethodInfo methodInfo, IXunitTest _)
{ }
public override void After(MethodInfo methodInfo)
{
}
}

6
bff/test/Hosts.Tests/TestInfra/AppHostFixture.cs
View file

@ -51,7 +51,7 @@ public class AppHostFixture : IAsyncLifetime
public bool UsingAlreadyRunningInstance { get; private set; }
public string StartupLogs => _startupLogs.ToString() ?? string.Empty;
public async ValueTask InitializeAsync()
public async Task InitializeAsync()
{
using var startupLogWriter = ConnectLogger(s => _startupLogs.Write(s));
@ -130,7 +130,7 @@ public class AppHostFixture : IAsyncLifetime
}
public async ValueTask DisposeAsync()
public async Task DisposeAsync()
{
if (_app != null)
{
@ -272,7 +272,7 @@ public class AppHostFixture : IAsyncLifetime
return _app.GetEndpoint(clientName);
#else
Assert.Skip("When running the Host.Tests using NCrunch, you must start the Hosts.AppHost project manually. IE: dotnet run -p bff/samples/Hosts.AppHost. Or start without debugging from the UI. ");
Skip.If(true, "When running the Host.Tests using NCrunch, you must start the Hosts.AppHost project manually. IE: dotnet run -p bff/samples/Hosts.AppHost. Or start without debugging from the UI. ");
return null!;
#endif
}

3
bff/test/Hosts.Tests/TestInfra/IntegrationTestBase.cs
View file

@ -1,6 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
using Xunit.Abstractions;
namespace Hosts.Tests.TestInfra;
@ -23,7 +24,7 @@ public class IntegrationTestBase : IDisposable
#if DEBUG_NCRUNCH
// Running in NCrunch. NCrunch cannot build the aspire project, so it needs
// to be started manually.
Assert.Skip("When running the Host.Tests using NCrunch, you must start the Hosts.AppHost project manually. IE: dotnet run -p bff/samples/Hosts.AppHost. Or start without debugging from the UI. ");
Skip.If(true, "When running the Host.Tests using NCrunch, you must start the Hosts.AppHost project manually. IE: dotnet run -p bff/samples/Hosts.AppHost. Or start without debugging from the UI. ");
#endif
}
}

2
global.json vendored
View file

@ -1,6 +1,6 @@
{
"sdk": {
"version": "10.0.100-rc.2.25502.107",
"version": "10.0.100-rc.1.25451.107",
"rollForward": "latestMajor",
"allowPrerelease": true
}

4
identity-server/test/IdentityServer.EndToEndTests/IdentityServer.EndToEndTests.csproj
View file

@ -12,9 +12,11 @@
<PackageReference Include="Serilog" />
<PackageReference Include="Serilog.Extensions.Logging" />
<PackageReference Include="Serilog.Sinks.TextWriter" />
<PackageReference Include="Serilog.Sinks.XUnit3" />
<PackageReference Include="Serilog.Sinks.XUnit" />
<PackageReference Include="Serilog.AspNetCore" />
<PackageReference Include="Aspire.Hosting.Testing" />
<PackageReference Include="Xunit.SkippableFact" />
<PackageReference Include="Microsoft.Playwright.Xunit" />
</ItemGroup>
<ItemGroup>

7
identity-server/test/IdentityServer.EndToEndTests/IdentityServerTests.cs
View file

@ -5,6 +5,7 @@ using Duende.IdentityServer.EndToEndTests.TestInfra;
using Duende.Xunit.Playwright;
using Projects;
using ServiceDefaults;
using Xunit.Abstractions;
namespace Duende.IdentityServer.EndToEndTests;
@ -12,8 +13,6 @@ namespace Duende.IdentityServer.EndToEndTests;
public class IdentityServerTests(ITestOutputHelper output, IdentityServerHostTestFixture fixture)
: PlaywrightTestBase<All>(output, fixture)
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Theory]
[InlineData(AppHostServices.MvcAutomaticTokenManagement)]
[InlineData(AppHostServices.MvcCode)]
@ -25,7 +24,7 @@ public class IdentityServerTests(ITestOutputHelper output, IdentityServerHostTes
public async Task clients_can_login_use_tokens_and_logout(string clientName)
{
await Page.GotoAsync(Fixture.GetUrlTo(clientName).ToString());
await Page.Login(ct: _ct);
await Page.Login();
await Page.CallApi();
await Page.RenewTokens();
await Page.CallApi();
@ -42,7 +41,7 @@ public class IdentityServerTests(ITestOutputHelper output, IdentityServerHostTes
public async Task templates_can_serve_discovery(string templateName)
{
var client = CreateHttpClient(templateName);
var response = await client.GetAsync(".well-known/openid-configuration", _ct);
var response = await client.GetAsync(".well-known/openid-configuration");
response.IsSuccessStatusCode.ShouldBeTrue();
}
}

1
identity-server/test/IdentityServer.EndToEndTests/TestInfra/IdentityServerPlaywrightTestBase.cs
View file

@ -3,6 +3,7 @@
using Duende.Xunit.Playwright;
using Projects;
using Xunit.Abstractions;
namespace Duende.IdentityServer.EndToEndTests.TestInfra;

16
identity-server/test/IdentityServer.IntegrationTests/Clients/ClientAssertionClient.cs
View file

@ -1,6 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
@ -18,7 +19,6 @@ namespace Duende.IdentityServer.IntegrationTests.Clients;
public class ClientAssertionClient
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string TokenEndpoint = "https://idsvr4/connect/token";
private const string ClientId = "certificate_base64_valid";
@ -74,7 +74,7 @@ public class ClientAssertionClient
},
Scope = "api1"
}, _ct);
});
AssertValidToken(response);
}
@ -97,7 +97,7 @@ public class ClientAssertionClient
},
Scope = "api1"
}, _ct);
});
AssertValidToken(response);
}
@ -120,7 +120,7 @@ public class ClientAssertionClient
},
Scope = "api1"
}, _ct);
});
AssertValidToken(response);
@ -138,7 +138,7 @@ public class ClientAssertionClient
},
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBeTrue();
response.Error.ShouldBe("invalid_client");
@ -160,7 +160,7 @@ public class ClientAssertionClient
},
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(true);
response.Error.ShouldBe(OidcConstants.TokenErrors.InvalidClient);
@ -186,7 +186,7 @@ public class ClientAssertionClient
},
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(true);
response.Error.ShouldBe(OidcConstants.TokenErrors.InvalidClient);
@ -195,7 +195,7 @@ public class ClientAssertionClient
private async Task<TokenResponse> GetToken(FormUrlEncodedContent body)
{
var response = await _client.PostAsync(TokenEndpoint, body, _ct);
var response = await _client.PostAsync(TokenEndpoint, body);
return await ProtocolResponse.FromHttpResponseAsync<TokenResponse>(response);
}

9
identity-server/test/IdentityServer.IntegrationTests/Clients/ClientCredentialsAndResourceOwnerClient.cs
View file

@ -12,7 +12,6 @@ namespace Duende.IdentityServer.IntegrationTests.Clients;
public class ClientCredentialsandResourceOwnerClient
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string TokenEndpoint = "https://server/connect/token";
private readonly HttpClient _client;
@ -40,7 +39,7 @@ public class ClientCredentialsandResourceOwnerClient
ClientId = "client.and.ro",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(false);
}
@ -54,7 +53,7 @@ public class ClientCredentialsandResourceOwnerClient
ClientId = "client.and.ro",
ClientSecret = "secret",
Scope = "openid api1"
}, _ct);
});
response.IsError.ShouldBe(true);
}
@ -71,7 +70,7 @@ public class ClientCredentialsandResourceOwnerClient
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBe(false);
}
@ -88,7 +87,7 @@ public class ClientCredentialsandResourceOwnerClient
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBe(false);
}

37
identity-server/test/IdentityServer.IntegrationTests/Clients/ClientCredentialsClient.cs
View file

@ -16,7 +16,6 @@ namespace Duende.IdentityServer.IntegrationTests.Clients;
public class ClientCredentialsClient
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string TokenEndpoint = "https://server/connect/token";
private readonly HttpClient _client;
@ -44,7 +43,7 @@ public class ClientCredentialsClient
ClientId = "client",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Http);
@ -61,7 +60,7 @@ public class ClientCredentialsClient
ClientId = "client",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -91,7 +90,7 @@ public class ClientCredentialsClient
ClientId = "client",
ClientSecret = "secret",
Scope = "api1 other_api"
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -125,7 +124,7 @@ public class ClientCredentialsClient
ClientId = "client.cnf",
ClientSecret = "foo",
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -158,7 +157,7 @@ public class ClientCredentialsClient
ClientId = "client",
ClientSecret = "secret",
Scope = "api1 api2"
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -189,7 +188,7 @@ public class ClientCredentialsClient
Address = TokenEndpoint,
ClientId = "client",
ClientSecret = "secret"
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -225,7 +224,7 @@ public class ClientCredentialsClient
Address = TokenEndpoint,
ClientId = "client.no_default_scopes",
ClientSecret = "secret"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ExpiresIn.ShouldBe(0);
@ -246,7 +245,7 @@ public class ClientCredentialsClient
Scope = "api1",
ClientCredentialStyle = ClientCredentialStyle.PostBody
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -273,7 +272,7 @@ public class ClientCredentialsClient
Address = TokenEndpoint,
ClientId = "client.no_secret",
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBeTrue();
response.Error.ShouldBe("invalid_client");
@ -288,7 +287,7 @@ public class ClientCredentialsClient
ClientId = "client",
ClientSecret = "invalid",
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(true);
response.Error.ShouldBe("invalid_client");
@ -303,7 +302,7 @@ public class ClientCredentialsClient
ClientId = "invalid",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -319,7 +318,7 @@ public class ClientCredentialsClient
Address = TokenEndpoint,
ClientId = "implicit",
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -336,7 +335,7 @@ public class ClientCredentialsClient
ClientId = "implicit_and_client_creds",
ClientSecret = "invalid",
Scope = "api1"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -354,7 +353,7 @@ public class ClientCredentialsClient
ClientId = "client",
ClientSecret = "secret",
Scope = "unknown"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -371,7 +370,7 @@ public class ClientCredentialsClient
ClientId = "client.identityscopes",
ClientSecret = "secret",
Scope = "openid api1"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -388,7 +387,7 @@ public class ClientCredentialsClient
ClientId = "client",
ClientSecret = "secret",
Scope = "api1 offline_access"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -405,7 +404,7 @@ public class ClientCredentialsClient
ClientId = "client",
ClientSecret = "secret",
Scope = "api3"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -422,7 +421,7 @@ public class ClientCredentialsClient
ClientId = "client",
ClientSecret = "secret",
Scope = "api1 api3"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);

11
identity-server/test/IdentityServer.IntegrationTests/Clients/CustomTokenRequestValidatorClient.cs
View file

@ -14,7 +14,6 @@ namespace Duende.IdentityServer.IntegrationTests.Clients;
public class CustomTokenRequestValidatorClient
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string TokenEndpoint = "https://server/connect/token";
private readonly HttpClient _client;
@ -46,7 +45,7 @@ public class CustomTokenRequestValidatorClient
ClientId = "client",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
var fields = GetFields(response);
fields["custom"].GetString().ShouldBe("custom");
@ -65,7 +64,7 @@ public class CustomTokenRequestValidatorClient
UserName = "bob",
Password = "bob"
}, _ct);
});
var fields = GetFields(response);
fields["custom"].GetString().ShouldBe("custom");
@ -84,7 +83,7 @@ public class CustomTokenRequestValidatorClient
UserName = "bob",
Password = "bob"
}, _ct);
});
response = await _client.RequestRefreshTokenAsync(new RefreshTokenRequest
{
@ -93,7 +92,7 @@ public class CustomTokenRequestValidatorClient
ClientSecret = "secret",
RefreshToken = response.RefreshToken
}, _ct);
});
var fields = GetFields(response);
fields["custom"].GetString().ShouldBe("custom");
@ -115,7 +114,7 @@ public class CustomTokenRequestValidatorClient
{ "scope", "api1" },
{ "custom_credential", "custom credential"}
}
}, _ct);
});
var fields = GetFields(response);
fields["custom"].GetString().ShouldBe("custom");

9
identity-server/test/IdentityServer.IntegrationTests/Clients/CustomTokenResponseClients.cs
View file

@ -16,7 +16,6 @@ namespace Duende.IdentityServer.IntegrationTests.Clients;
public class CustomTokenResponseClients
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string TokenEndpoint = "https://server/connect/token";
private readonly HttpClient _client;
@ -47,7 +46,7 @@ public class CustomTokenResponseClients
UserName = "bob",
Password = "bob",
Scope = "api1"
}, _ct);
});
// raw fields
var fields = GetFields(response);
@ -110,7 +109,7 @@ public class CustomTokenResponseClients
UserName = "bob",
Password = "invalid",
Scope = "api1"
}, _ct);
});
// raw fields
var fields = GetFields(response);
@ -162,7 +161,7 @@ public class CustomTokenResponseClients
{ "scope", "api1" },
{ "outcome", "succeed"}
}
}, _ct);
});
// raw fields
@ -230,7 +229,7 @@ public class CustomTokenResponseClients
{ "scope", "api1" },
{ "outcome", "fail"}
}
}, _ct);
});
// raw fields

4
identity-server/test/IdentityServer.IntegrationTests/Clients/DiscoveryClient.cs
View file

@ -13,7 +13,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients;
public class DiscoveryClientTests
{
private const string DiscoveryEndpoint = "https://server/.well-known/openid-configuration";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly HttpClient _client;
public DiscoveryClientTests()
@ -40,7 +40,7 @@ public class DiscoveryClientTests
{
ValidateIssuerName = false
}
}, _ct);
});
// endpoints
doc.TokenEndpoint.ShouldBe("https://server/connect/token");

32
identity-server/test/IdentityServer.IntegrationTests/Clients/ExtensionGrantClient.cs
View file

@ -18,7 +18,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients;
public class ExtensionGrantClient
{
private const string TokenEndpoint = "https://server/connect/token";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly HttpClient _client;
public ExtensionGrantClient()
@ -51,7 +51,7 @@ public class ExtensionGrantClient
{ "custom_credential", "custom credential"},
{ "scope", "api1" }
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -96,7 +96,7 @@ public class ExtensionGrantClient
{ "extra_claim", "extra_value" },
{ "scope", "api1" }
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -148,7 +148,7 @@ public class ExtensionGrantClient
{ "extra_claim", "extra_value" },
{ "scope", "api1 offline_access" }
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -165,7 +165,7 @@ public class ExtensionGrantClient
ClientSecret = "secret",
RefreshToken = response.RefreshToken
}, _ct);
});
refreshResponse.IsError.ShouldBeFalse();
refreshResponse.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -215,7 +215,7 @@ public class ExtensionGrantClient
{ "custom_credential", "custom credential"},
{ "scope", "api1" }
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -250,7 +250,7 @@ public class ExtensionGrantClient
{
{ "custom_credential", "custom credential"}
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -296,7 +296,7 @@ public class ExtensionGrantClient
{
{ "scope", "api1" }
}
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -320,7 +320,7 @@ public class ExtensionGrantClient
{ "custom_credential", "custom credential"},
{ "scope", "api1" }
}
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -344,7 +344,7 @@ public class ExtensionGrantClient
{ "custom_credential", "custom credential"},
{ "scope", "api1" }
}
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -370,7 +370,7 @@ public class ExtensionGrantClient
{ "lifetime", "5000"},
{ "sub", "818727"}
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -421,7 +421,7 @@ public class ExtensionGrantClient
{ "type", "jwt"},
{ "sub", "818727"}
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -452,7 +452,7 @@ public class ExtensionGrantClient
{ "impersonated_client", "impersonated_client_id"},
{ "sub", "818727"}
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -485,7 +485,7 @@ public class ExtensionGrantClient
{ "type", "reference"},
{ "sub", "818727"}
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -515,7 +515,7 @@ public class ExtensionGrantClient
{ "claim", "extra_claim"},
{ "sub", "818727"}
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);
@ -561,7 +561,7 @@ public class ExtensionGrantClient
{ "claim", "extra_claim"},
}
}, _ct);
});
response.IsError.ShouldBeFalse();
response.HttpStatusCode.ShouldBe(HttpStatusCode.OK);

34
identity-server/test/IdentityServer.IntegrationTests/Clients/RefreshTokenClient.cs
View file

@ -14,7 +14,7 @@ public class RefreshTokenClient
{
private const string TokenEndpoint = "https://server/connect/token";
private const string RevocationEndpoint = "https://server/connect/revocation";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly HttpClient _client;
public RefreshTokenClient()
@ -43,7 +43,7 @@ public class RefreshTokenClient
Scope = "api1 offline_access",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -58,7 +58,7 @@ public class RefreshTokenClient
ClientSecret = "secret",
RefreshToken = response.RefreshToken
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -79,7 +79,7 @@ public class RefreshTokenClient
Scope = "openid api1 offline_access",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -94,7 +94,7 @@ public class RefreshTokenClient
ClientSecret = "secret",
RefreshToken = response.RefreshToken
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -115,7 +115,7 @@ public class RefreshTokenClient
Scope = "openid api1 offline_access",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -132,7 +132,7 @@ public class RefreshTokenClient
ClientSecret = "secret",
RefreshToken = response.RefreshToken
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -157,7 +157,7 @@ public class RefreshTokenClient
Scope = "openid api1 offline_access",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -174,7 +174,7 @@ public class RefreshTokenClient
ClientSecret = "secret",
RefreshToken = response.RefreshToken
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -200,7 +200,7 @@ public class RefreshTokenClient
Scope = "openid api1 offline_access",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -218,7 +218,7 @@ public class RefreshTokenClient
ClientSecret = "secret",
RefreshToken = response.RefreshToken
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -234,7 +234,7 @@ public class RefreshTokenClient
ClientSecret = "secret",
RefreshToken = rt1
}, _ct);
});
response.IsError.ShouldBeTrue();
response.Error.ShouldBe("invalid_grant");
@ -253,7 +253,7 @@ public class RefreshTokenClient
Scope = "openid api1 offline_access",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -271,7 +271,7 @@ public class RefreshTokenClient
ClientSecret = "secret",
RefreshToken = rt1
}, _ct);
});
response.IsError.ShouldBeFalse();
}
@ -289,7 +289,7 @@ public class RefreshTokenClient
Scope = "openid api1 offline_access",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
response.ExpiresIn.ShouldBe(3600);
@ -309,7 +309,7 @@ public class RefreshTokenClient
Token = rt1,
TokenTypeHint = "refresh_token"
}, _ct);
});
revocationResponse.IsError.ShouldBe(false);
@ -321,7 +321,7 @@ public class RefreshTokenClient
ClientSecret = "secret",
RefreshToken = rt1
}, _ct);
});
response.IsError.ShouldBeTrue();
response.Error.ShouldBe("invalid_grant");

16
identity-server/test/IdentityServer.IntegrationTests/Clients/ResourceOwnerClient.cs
View file

@ -17,7 +17,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients;
public class ResourceOwnerClient
{
private const string TokenEndpoint = "https://server/connect/token";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly HttpClient _client;
public ResourceOwnerClient()
@ -46,7 +46,7 @@ public class ResourceOwnerClient
Scope = "api1",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -85,7 +85,7 @@ public class ResourceOwnerClient
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -132,7 +132,7 @@ public class ResourceOwnerClient
Scope = "openid email api1",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -174,7 +174,7 @@ public class ResourceOwnerClient
Scope = "openid email api1 offline_access",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBe(false);
response.ExpiresIn.ShouldBe(3600);
@ -217,7 +217,7 @@ public class ResourceOwnerClient
Scope = "api1",
UserName = "unknown",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);
@ -236,7 +236,7 @@ public class ResourceOwnerClient
Scope = "api1",
UserName = "bob_no_password"
}, _ct);
});
response.IsError.ShouldBe(false);
}
@ -255,7 +255,7 @@ public class ResourceOwnerClient
Scope = "api1",
UserName = "bob",
Password = password
}, _ct);
});
response.IsError.ShouldBe(true);
response.ErrorType.ShouldBe(ResponseErrorType.Protocol);

12
identity-server/test/IdentityServer.IntegrationTests/Clients/RevocationClient.cs
View file

@ -15,7 +15,7 @@ public class RevocationClient
private const string TokenEndpoint = "https://server/connect/token";
private const string RevocationEndpoint = "https://server/connect/revocation";
private const string IntrospectionEndpoint = "https://server/connect/introspect";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly HttpClient _client;
public RevocationClient()
@ -35,7 +35,7 @@ public class RevocationClient
[Fact]
public async Task Revoking_reference_token_should_invalidate_token()
{
// request access token
// request acccess token
var response = await _client.RequestPasswordTokenAsync(new PasswordTokenRequest
{
Address = TokenEndpoint,
@ -45,7 +45,7 @@ public class RevocationClient
Scope = "api1",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
@ -57,7 +57,7 @@ public class RevocationClient
ClientSecret = "secret",
Token = response.AccessToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(true);
@ -69,7 +69,7 @@ public class RevocationClient
ClientSecret = "secret",
Token = response.AccessToken
}, _ct);
});
// introspect - should be inactive
introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
@ -79,7 +79,7 @@ public class RevocationClient
ClientSecret = "secret",
Token = response.AccessToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(false);
}

24
identity-server/test/IdentityServer.IntegrationTests/Clients/UserInfoClient.cs
View file

@ -19,7 +19,7 @@ public class UserInfoEndpointClient
{
private const string TokenEndpoint = "https://server/connect/token";
private const string UserInfoEndpoint = "https://server/connect/userinfo";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly HttpClient _client;
public UserInfoEndpointClient()
@ -48,7 +48,7 @@ public class UserInfoEndpointClient
Scope = "openid email api1",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
@ -56,7 +56,7 @@ public class UserInfoEndpointClient
{
Address = UserInfoEndpoint,
Token = response.AccessToken
}, _ct);
});
userInfo.IsError.ShouldBeFalse();
userInfo.Claims.Count().ShouldBe(3);
@ -78,7 +78,7 @@ public class UserInfoEndpointClient
Scope = "openid address",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
@ -86,7 +86,7 @@ public class UserInfoEndpointClient
{
Address = UserInfoEndpoint,
Token = response.AccessToken
}, _ct);
});
userInfo.IsError.ShouldBeFalse();
userInfo.Claims.First().Value.ShouldBe("{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118, 'country': 'Germany' }");
@ -104,7 +104,7 @@ public class UserInfoEndpointClient
Scope = "api1",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
@ -112,7 +112,7 @@ public class UserInfoEndpointClient
{
Address = UserInfoEndpoint,
Token = response.AccessToken
}, _ct);
});
userInfo.IsError.ShouldBeTrue();
userInfo.HttpStatusCode.ShouldBe(HttpStatusCode.Forbidden);
@ -130,7 +130,7 @@ public class UserInfoEndpointClient
Scope = "email api1",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
@ -138,7 +138,7 @@ public class UserInfoEndpointClient
{
Address = UserInfoEndpoint,
Token = response.AccessToken
}, _ct);
});
userInfo.IsError.ShouldBeTrue();
userInfo.HttpStatusCode.ShouldBe(HttpStatusCode.Forbidden);
@ -151,7 +151,7 @@ public class UserInfoEndpointClient
{
Address = UserInfoEndpoint,
Token = "invalid"
}, _ct);
});
userInfo.IsError.ShouldBeTrue();
userInfo.HttpStatusCode.ShouldBe(HttpStatusCode.Unauthorized);
@ -169,7 +169,7 @@ public class UserInfoEndpointClient
Scope = "openid email api1 api4.with.roles roles",
UserName = "bob",
Password = "bob"
}, _ct);
});
response.IsError.ShouldBeFalse();
@ -192,7 +192,7 @@ public class UserInfoEndpointClient
{
Address = UserInfoEndpoint,
Token = response.AccessToken
}, _ct);
});
roles = userInfo.Json?.TryGetStringArray("role").ToList();
roles.Count.ShouldBe(2);

6
identity-server/test/IdentityServer.IntegrationTests/Configuration/DynamicClientRegistrationTests.cs
View file

@ -11,8 +11,6 @@ namespace Duende.IdentityServer.IntegrationTests.Configuration;
public class DynamicClientRegistrationTests : ConfigurationIntegrationTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task valid_request_creates_new_client()
{
@ -27,9 +25,9 @@ public class DynamicClientRegistrationTests : ConfigurationIntegrationTestBase
DefaultMaxAge = 10000,
Scope = "api1 openid profile"
};
var httpResponse = await ConfigurationHost.HttpClient!.PostAsJsonAsync("/connect/dcr", request, _ct);
var httpResponse = await ConfigurationHost.HttpClient!.PostAsJsonAsync("/connect/dcr", request);
var response = await httpResponse.Content.ReadFromJsonAsync<DynamicClientRegistrationResponse>(_ct);
var response = await httpResponse.Content.ReadFromJsonAsync<DynamicClientRegistrationResponse>();
response.ShouldNotBeNull();
var newClient = await IdentityServerHost.GetClientAsync(response!.ClientId); // Not null already asserted
newClient.ShouldNotBeNull();

31
identity-server/test/IdentityServer.IntegrationTests/Configuration/DynamicClientRegistrationValidationTests.cs
View file

@ -12,12 +12,10 @@ namespace Duende.IdentityServer.IntegrationTests.Configuration;
public class DynamicClientRegistrationValidationTests : ConfigurationIntegrationTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
public async Task http_get_method_should_fail()
{
var response = await ConfigurationHost.HttpClient!.GetAsync("/connect/dcr", _ct);
var response = await ConfigurationHost.HttpClient!.GetAsync("/connect/dcr");
response.StatusCode.ShouldBe(HttpStatusCode.MethodNotAllowed);
}
@ -28,7 +26,7 @@ public class DynamicClientRegistrationValidationTests : ConfigurationIntegration
{ "redirect_uris", "https://example.com/callback" },
{ "grant_types", "authorization_code" }
});
var response = await ConfigurationHost.HttpClient!.PostAsync("/connect/dcr", content, _ct);
var response = await ConfigurationHost.HttpClient!.PostAsync("/connect/dcr", content);
response.StatusCode.ShouldBe(HttpStatusCode.UnsupportedMediaType);
}
@ -38,10 +36,10 @@ public class DynamicClientRegistrationValidationTests : ConfigurationIntegration
var response = await ConfigurationHost.HttpClient!.PostAsJsonAsync("/connect/dcr", new
{
redirect_uris = new[] { "https://example.com/callback" }
}, _ct);
});
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>(_ct);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>();
error?.Error.ShouldBe("invalid_client_metadata");
}
@ -52,10 +50,10 @@ public class DynamicClientRegistrationValidationTests : ConfigurationIntegration
{
redirect_uris = new[] { "https://example.com/callback" },
grant_types = new[] { "password" }
}, _ct);
});
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>(_ct);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>();
error?.Error.ShouldBe("invalid_client_metadata");
}
@ -66,10 +64,10 @@ public class DynamicClientRegistrationValidationTests : ConfigurationIntegration
{
redirect_uris = new[] { "https://example.com/callback" },
grant_types = new[] { "client_credentials" }
}, _ct);
});
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>(_ct);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>();
error?.Error.ShouldBe("invalid_redirect_uri");
}
@ -79,10 +77,10 @@ public class DynamicClientRegistrationValidationTests : ConfigurationIntegration
var response = await ConfigurationHost.HttpClient!.PostAsJsonAsync("/connect/dcr", new
{
grant_types = new[] { "authorization_code", "client_credentials" }
}, _ct);
});
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>(_ct);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>();
error?.Error.ShouldBe("invalid_redirect_uri");
}
@ -92,10 +90,10 @@ public class DynamicClientRegistrationValidationTests : ConfigurationIntegration
var response = await ConfigurationHost.HttpClient!.PostAsJsonAsync("/connect/dcr", new
{
grant_types = new[] { "client_credentials", "refresh_token" }
}, _ct);
});
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>(_ct);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>();
error?.Error.ShouldBe("invalid_client_metadata");
}
@ -108,10 +106,11 @@ public class DynamicClientRegistrationValidationTests : ConfigurationIntegration
GrantTypes = { "client_credentials" },
Jwks = new KeySet(Array.Empty<string>()),
JwksUri = new Uri("https://example.com")
}, _ct);
}
);
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>(_ct);
var error = await response.Content.ReadFromJsonAsync<DynamicClientRegistrationError>();
error?.Error.ShouldBe("invalid_client_metadata");
}
}

12
identity-server/test/IdentityServer.IntegrationTests/Conformance/Basic/ClientAuthenticationTests.cs
View file

@ -13,8 +13,8 @@ namespace Duende.IdentityServer.IntegrationTests.Conformance.Basic;
public class ClientAuthenticationTests
{
private const string Category = "Conformance.Basic.ClientAuthenticationTests";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _pipeline = new IdentityServerPipeline();
private IdentityServerPipeline _pipeline = new IdentityServerPipeline();
public ClientAuthenticationTests()
{
@ -70,7 +70,7 @@ public class ClientAuthenticationTests
scope: "openid",
redirectUri: "https://code_pipeline.Client/callback?foo=bar&baz=quux",
nonce: nonce);
var response = await _pipeline.BrowserClient.GetAsync(url, _ct);
var response = await _pipeline.BrowserClient.GetAsync(url);
var authorization = _pipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString());
authorization.Code.ShouldNotBeNull();
@ -88,7 +88,7 @@ public class ClientAuthenticationTests
Code = code,
RedirectUri = "https://code_pipeline.Client/callback?foo=bar&baz=quux"
}, _ct);
});
tokenResult.IsError.ShouldBeFalse();
tokenResult.HttpErrorReason.ShouldBe("OK");
@ -116,7 +116,7 @@ public class ClientAuthenticationTests
scope: "openid",
redirectUri: "https://code_pipeline.Client/callback?foo=bar&baz=quux",
nonce: nonce);
var response = await _pipeline.BrowserClient.GetAsync(url, _ct);
var response = await _pipeline.BrowserClient.GetAsync(url);
var authorization = _pipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString());
authorization.Code.ShouldNotBeNull();
@ -135,7 +135,7 @@ public class ClientAuthenticationTests
Code = code,
RedirectUri = "https://code_pipeline.Client/callback?foo=bar&baz=quux"
}, _ct);
});
tokenResult.IsError.ShouldBeFalse();
tokenResult.HttpErrorReason.ShouldBe("OK");

9
identity-server/test/IdentityServer.IntegrationTests/Conformance/Basic/CodeFlowTests.cs
View file

@ -14,7 +14,6 @@ namespace Duende.IdentityServer.IntegrationTests.Conformance.Basic;
public class CodeFlowTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Conformance.Basic.CodeFlowTests";
private IdentityServerPipeline _pipeline = new IdentityServerPipeline();
@ -73,7 +72,7 @@ public class CodeFlowTests
scope: "openid",
redirectUri: "https://code_pipeline.Client/callback?foo=bar&baz=quux",
nonce: nonce);
var response = await _pipeline.BrowserClient.GetAsync(url, _ct);
var response = await _pipeline.BrowserClient.GetAsync(url);
var authorization = _pipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString());
authorization.Code.ShouldNotBeNull();
@ -91,7 +90,7 @@ public class CodeFlowTests
Code = code,
RedirectUri = "https://code_pipeline.Client/callback?foo=bar&baz=quux"
}, _ct);
});
tokenResult.IsError.ShouldBeFalse();
tokenResult.HttpErrorReason.ShouldBe("OK");
@ -126,7 +125,7 @@ public class CodeFlowTests
redirectUri: "https://code_pipeline.Client/callback?foo=bar&baz=quux",
state: "state",
nonce: nonce);
var response = await _pipeline.BrowserClient.GetAsync(url, _ct);
var response = await _pipeline.BrowserClient.GetAsync(url);
var authorization = _pipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString());
authorization.Code.ShouldNotBeNull();
@ -144,7 +143,7 @@ public class CodeFlowTests
Code = code,
RedirectUri = "https://code_pipeline.Client/callback?foo=bar&baz=quux"
}, _ct);
});
tokenResult.IsError.ShouldBeFalse();
tokenResult.HttpErrorReason.ShouldBe("OK");

12
identity-server/test/IdentityServer.IntegrationTests/Conformance/Basic/RedirectUriTests.cs
View file

@ -13,8 +13,8 @@ namespace Duende.IdentityServer.IntegrationTests.Conformance.Basic;
public class RedirectUriTests
{
private const string Category = "Conformance.Basic.RedirectUriTests";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
public RedirectUriTests()
{
@ -72,7 +72,7 @@ public class RedirectUriTests
redirectUri: "https://bad",
state: state,
nonce: nonce);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request");
@ -95,7 +95,7 @@ public class RedirectUriTests
redirectUri: null,
state: state,
nonce: nonce);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request");
@ -118,7 +118,7 @@ public class RedirectUriTests
redirectUri: "https://code_client/callback?foo=bar&baz=quux",
state: state,
nonce: nonce);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://code_client/callback?");
@ -146,7 +146,7 @@ public class RedirectUriTests
redirectUri: "https://code_client/callback?baz=quux&foo=bar",
state: state,
nonce: nonce);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request");

10
identity-server/test/IdentityServer.IntegrationTests/Conformance/Basic/ResponseTypeResponseModeTests.cs
View file

@ -15,8 +15,8 @@ namespace Duende.IdentityServer.IntegrationTests.Conformance.Basic;
public class ResponseTypeResponseModeTests
{
private const string Category = "Conformance.Basic.ResponseTypeResponseModeTests";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
public ResponseTypeResponseModeTests()
{
@ -63,7 +63,7 @@ public class ResponseTypeResponseModeTests
{
await _mockPipeline.LoginAsync("bob");
var metadata = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.DiscoveryEndpoint, _ct);
var metadata = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.DiscoveryEndpoint);
metadata.StatusCode.ShouldBe(HttpStatusCode.OK);
var state = Guid.NewGuid().ToString();
@ -76,7 +76,7 @@ public class ResponseTypeResponseModeTests
redirectUri: "https://code_client/callback",
state: state,
nonce: nonce);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
var authorization = new AuthorizeResponse(response.Headers.Location.ToString());
@ -109,7 +109,7 @@ public class ResponseTypeResponseModeTests
var url = request.Create(values);
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
var _ = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var _ = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
}

33
identity-server/test/IdentityServer.IntegrationTests/Conformance/Pkce/PkceTests.cs
View file

@ -15,19 +15,22 @@ namespace Duende.IdentityServer.IntegrationTests.Conformance.Pkce;
public class PkceTests
{
private const string Category = "PKCE";
private IdentityServerPipeline _pipeline = new IdentityServerPipeline();
private Client client;
private const string client_id = "code_client";
private const string client_id_optional = "code_client_optional";
private const string client_id_plain = "code_plain_client";
private const string client_id_pkce = "codewithproofkey_client";
private const string client_id_pkce_plain = "codewithproofkey_plain_client";
private const string client_secret = "secret";
private const string code_verifier = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
private const string redirect_uri = "https://code_client/callback";
private const string response_type = "code";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private Client client;
private readonly IdentityServerPipeline _pipeline = new IdentityServerPipeline();
private string redirect_uri = "https://code_client/callback";
private string code_verifier = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
private string client_secret = "secret";
private string response_type = "code";
public PkceTests()
{
@ -205,7 +208,7 @@ public class PkceTests
Code = code,
RedirectUri = redirect_uri,
CodeVerifier = code_verifier
}, _ct);
});
tokenResponse.IsError.ShouldBeFalse();
tokenResponse.TokenType.ShouldBe("Bearer");
@ -245,7 +248,7 @@ public class PkceTests
Code = code,
RedirectUri = redirect_uri,
CodeVerifier = code_verifier
}, _ct);
});
tokenResponse.IsError.ShouldBeFalse();
tokenResponse.TokenType.ShouldBe("Bearer");
@ -298,7 +301,7 @@ public class PkceTests
Code = code,
RedirectUri = redirect_uri,
CodeVerifier = code_verifier
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
}
@ -314,6 +317,7 @@ public class PkceTests
await _pipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
var code_challenge = code_verifier;
var authorizeResponse = await _pipeline.RequestAuthorizationEndpointAsync(clientId,
response_type,
IdentityServerConstants.StandardScopes.OpenId,
@ -336,6 +340,7 @@ public class PkceTests
await _pipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
var code_challenge = code_verifier;
var authorizeResponse = await _pipeline.RequestAuthorizationEndpointAsync(clientId,
response_type,
IdentityServerConstants.StandardScopes.OpenId,
@ -402,7 +407,7 @@ public class PkceTests
Code = code,
RedirectUri = redirect_uri,
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant);
@ -439,7 +444,7 @@ public class PkceTests
Code = code,
RedirectUri = redirect_uri,
CodeVerifier = "a"
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant);
@ -476,7 +481,7 @@ public class PkceTests
Code = code,
RedirectUri = redirect_uri,
CodeVerifier = new string('a', _pipeline.Options.InputLengthRestrictions.CodeVerifierMaxLength + 1)
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant);
@ -513,7 +518,7 @@ public class PkceTests
Code = code,
RedirectUri = redirect_uri,
CodeVerifier = "mismatched_code_verifier"
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant);

159
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Authorize/AuthorizeTests.cs
View file

@ -22,14 +22,15 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Authorize;
public class AuthorizeTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Authorize endpoint";
private readonly IdentityServerPipeline _mockPipeline = new();
private readonly Client _client1;
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private Client _client1;
public AuthorizeTests()
{
_mockPipeline.Clients.AddRange([
_mockPipeline.Clients.AddRange(new Client[] {
_client1 = new Client
{
ClientId = "client1",
@ -71,9 +72,9 @@ public class AuthorizeTests
RequirePkce = false,
AllowedScopes = new List<string> { "openid", "profile", "api1", "api2" },
RedirectUris = new List<string> { "https://client4/callback" },
}
},
]);
});
_mockPipeline.Users.Add(new TestUser
{
@ -81,8 +82,8 @@ public class AuthorizeTests
Username = "bob",
Claims = new Claim[]
{
new("name", "Bob Loblaw"),
new("email", "bob@loblaw.com"),
new Claim("name", "Bob Loblaw"),
new Claim("email", "bob@loblaw.com"),
new Claim("role", "Attorney")
}
});
@ -133,7 +134,7 @@ public class AuthorizeTests
[Trait("Category", Category)]
public async Task get_request_should_not_return_404()
{
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.AuthorizeEndpoint, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.AuthorizeEndpoint);
response.StatusCode.ShouldNotBe(HttpStatusCode.NotFound);
}
@ -142,7 +143,7 @@ public class AuthorizeTests
[Trait("Category", Category)]
public async Task post_request_without_form_should_return_415()
{
var response = await _mockPipeline.BrowserClient.PostAsync(IdentityServerPipeline.AuthorizeEndpoint, new StringContent("foo"), _ct);
var response = await _mockPipeline.BrowserClient.PostAsync(IdentityServerPipeline.AuthorizeEndpoint, new StringContent("foo"));
response.StatusCode.ShouldBe(HttpStatusCode.UnsupportedMediaType);
}
@ -153,7 +154,7 @@ public class AuthorizeTests
{
var response = await _mockPipeline.BrowserClient.PostAsync(IdentityServerPipeline.AuthorizeEndpoint,
new FormUrlEncodedContent(
new Dictionary<string, string> { }), _ct);
new Dictionary<string, string> { }));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
}
@ -162,7 +163,7 @@ public class AuthorizeTests
[Trait("Category", Category)]
public async Task get_request_should_not_return_500()
{
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.AuthorizeEndpoint, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.AuthorizeEndpoint);
((int)response.StatusCode).ShouldBeLessThan(500);
}
@ -178,7 +179,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
}
@ -214,7 +215,7 @@ public class AuthorizeTests
ui_locales = "ui_locale_value",
custom_foo = "foo_value"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url + "&foo=foo1&foo=foo2", _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url + "&foo=foo1&foo=foo2");
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe("client1");
@ -242,7 +243,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client1/callback");
@ -268,7 +269,7 @@ public class AuthorizeTests
redirectUri: "https://client4/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client4/callback");
@ -298,7 +299,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client1/callback");
@ -329,7 +330,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client1/callback");
@ -372,7 +373,7 @@ public class AuthorizeTests
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client2/callback");
@ -397,7 +398,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
acrValues: "idp:google");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.IdP.ShouldBe("google");
@ -415,7 +416,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
acrValues: "idp:facebook");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.IdP.ShouldBeNull();
@ -434,7 +435,7 @@ public class AuthorizeTests
redirectUri: "https://client3/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.IdP.ShouldBeNull();
@ -455,7 +456,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
acrValues: "idp:idp2");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.IdP.ShouldBe("idp2");
@ -478,7 +479,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
acrValues: "tenant:t2");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.Tenant.ShouldBe("t2");
@ -500,7 +501,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
acrValues: "tenant:t2");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeFalse();
}
@ -518,7 +519,7 @@ public class AuthorizeTests
redirectUri: "https://invalid",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.ClientId.ShouldBeNull();
@ -537,7 +538,7 @@ public class AuthorizeTests
redirectUri: "https://invalid",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.ClientId.ShouldBe("client1");
@ -556,7 +557,7 @@ public class AuthorizeTests
redirectUri: "https://invalid",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -576,7 +577,7 @@ public class AuthorizeTests
redirectUri: "https://invalid",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -596,7 +597,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient);
@ -615,7 +616,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -635,7 +636,7 @@ public class AuthorizeTests
//redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient);
@ -655,7 +656,7 @@ public class AuthorizeTests
//redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -675,7 +676,7 @@ public class AuthorizeTests
redirectUri: "invalid-uri",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient);
@ -697,7 +698,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient);
@ -718,7 +719,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -740,7 +741,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient);
@ -762,7 +763,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -782,7 +783,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnsupportedResponseType);
@ -801,7 +802,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -822,7 +823,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -843,7 +844,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -864,7 +865,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnsupportedResponseType);
@ -885,7 +886,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -905,7 +906,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -925,7 +926,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -946,7 +947,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.RedirectUri.ShouldBeNull();
@ -966,7 +967,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -988,7 +989,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -1011,7 +1012,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope);
@ -1034,7 +1035,7 @@ public class AuthorizeTests
state: "123_state"
//nonce: "123_nonce"
);
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -1056,7 +1057,7 @@ public class AuthorizeTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: new string('x', 500));
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -1079,7 +1080,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
extra: new { ui_locales = new string('x', 500) });
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -1102,7 +1103,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
extra: new { max_age = "invalid" });
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -1125,7 +1126,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
extra: new { max_age = "-10" });
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -1148,7 +1149,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
loginHint: new string('x', 500));
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -1171,7 +1172,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce",
acrValues: new string('x', 500));
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -1199,7 +1200,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce");
Func<Task> a = () => _mockPipeline.BrowserClient.GetAsync(url, _ct);
Func<Task> a = () => _mockPipeline.BrowserClient.GetAsync(url);
await a.ShouldThrowAsync<Exception>();
}
@ -1218,7 +1219,7 @@ public class AuthorizeTests
nonce: "123_nonce",
acrValues: new string('x', 500),
extra: new { ui_locales = "fr-FR" });
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.UiLocales.ShouldBe("fr-FR");
@ -1239,7 +1240,7 @@ public class AuthorizeTests
nonce: "123_nonce",
acrValues: new string('x', 500),
extra: new { display = "popup" });
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.DisplayMode.ShouldBe("popup");
@ -1258,7 +1259,7 @@ public class AuthorizeTests
nonce: "123_nonce");
url = url.Replace(IdentityServerPipeline.BaseUrl, "https://грант.рф");
var result = await _mockPipeline.BackChannelClient.GetAsync(url, _ct);
var result = await _mockPipeline.BackChannelClient.GetAsync(url);
result.Headers.Location.Authority.ShouldBe("xn--80af5akm.xn--p1ai");
}
@ -1275,7 +1276,7 @@ public class AuthorizeTests
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
}
@ -1294,7 +1295,7 @@ public class AuthorizeTests
nonce: "123_nonce",
extra: new { prompt = "login" }
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.PromptModes.ShouldContain("login");
@ -1315,7 +1316,7 @@ public class AuthorizeTests
nonce: "123_nonce",
extra: new { max_age = "0" }
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
}
@ -1336,11 +1337,11 @@ public class AuthorizeTests
extra: new { prompt = "login" }
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
// this simulates the login page returning to the returnUrl which is the authorize callback page
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.BaseUrl + _mockPipeline.LoginReturnUrl, _ct);
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.BaseUrl + _mockPipeline.LoginReturnUrl);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client1/callback");
response.Headers.Location.ToString().ShouldContain("id_token=");
@ -1362,11 +1363,11 @@ public class AuthorizeTests
extra: new { max_age = "0" }
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
// this simulates the login page returning to the returnUrl which is the authorize callback page
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.BaseUrl + _mockPipeline.LoginReturnUrl, _ct);
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.BaseUrl + _mockPipeline.LoginReturnUrl);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client1/callback");
response.Headers.Location.ToString().ShouldContain("id_token=");
@ -1385,7 +1386,7 @@ public class AuthorizeTests
nonce: "123_nonce",
extra: new { prompt = "unknown" }
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
}
@ -1403,7 +1404,7 @@ public class AuthorizeTests
nonce: "123_nonce",
extra: new { prompt = "create" }
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
}
@ -1432,7 +1433,7 @@ public class AuthorizeTests
nonce: "123_nonce",
extra: new { prompt = "create" }
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.CreateAccountWasCalled.ShouldBeTrue();
_mockPipeline.CreateAccountRequest.PromptModes.ShouldContain("create");
@ -1462,7 +1463,7 @@ public class AuthorizeTests
nonce: "123_nonce",
extra: new { prompt = "create login" }
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
}
@ -1511,7 +1512,7 @@ public class AuthorizeTests
ui_locales = "ui_locale_value",
custom_foo = "foo_value"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url + "&foo=bar", _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url + "&foo=bar");
_mockPipeline.CustomWasCalled.ShouldBeTrue();
@ -1545,7 +1546,7 @@ public class AuthorizeTests
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
Func<Task> a = () => _mockPipeline.BrowserClient.GetAsync(url, _ct);
Func<Task> a = () => _mockPipeline.BrowserClient.GetAsync(url);
await a.ShouldThrowAsync<Exception>();
}
@ -1576,7 +1577,7 @@ public class AuthorizeTests
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.Headers.Location.GetLeftPart(UriPartial.Path).ShouldBe("https://server/custom");
mockAuthzInteractionService.Request.PromptModes.ShouldContain("custom-prompt");
mockAuthzInteractionService.Request.PromptModes.Count().ShouldBe(1);
@ -1598,7 +1599,7 @@ public class AuthorizeTests
ui_locales = "nb-NO"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.ShouldBeTrue();
@ -1625,7 +1626,7 @@ public class AuthorizeTests
ui_locales = "nb-NO"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ConsentWasCalled.ShouldBeTrue();
@ -1662,7 +1663,7 @@ public class AuthorizeTests
ui_locales = "nb-NO"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.CreateAccountWasCalled.ShouldBeTrue();
@ -1686,7 +1687,7 @@ public class AuthorizeTests
ui_locales = "nb-NO"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();

21
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Authorize/ConsentTests.cs
View file

@ -19,7 +19,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Authorize;
public class ConsentTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Authorize and consent tests";
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
@ -111,7 +110,7 @@ public class ConsentTests
state: "123_state",
nonce: "123_nonce"
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ConsentWasCalled.ShouldBeTrue();
}
@ -150,7 +149,7 @@ public class ConsentTests
custom_foo = "foo_value"
}
);
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ConsentRequest.ShouldNotBeNull();
_mockPipeline.ConsentRequest.Client.ClientId.ShouldBe("client2");
@ -194,7 +193,7 @@ public class ConsentTests
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client2/callback");
@ -226,12 +225,12 @@ public class ConsentTests
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://server/consent");
response = await _mockPipeline.BrowserClient.GetAsync(response.Headers.Location.ToString(), _ct);
response = await _mockPipeline.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("/connect/authorize/callback");
@ -239,7 +238,7 @@ public class ConsentTests
var modifiedAuthorizeCallback = "https://server" + response.Headers.Location;
modifiedAuthorizeCallback = modifiedAuthorizeCallback.Replace("api2", "api1%20api2");
response = await _mockPipeline.BrowserClient.GetAsync(modifiedAuthorizeCallback, _ct);
response = await _mockPipeline.BrowserClient.GetAsync(modifiedAuthorizeCallback);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://server/consent");
}
@ -263,7 +262,7 @@ public class ConsentTests
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client2/callback");
@ -305,7 +304,7 @@ public class ConsentTests
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client2/callback");
@ -348,7 +347,7 @@ public class ConsentTests
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://client2/callback");
@ -408,7 +407,7 @@ public class ConsentTests
nonce: "123_nonce"
);
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
// The existing legacy consent should apply - user isn't show consent screen
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);

63
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Authorize/JwtRequestAuthorizeTests.cs
View file

@ -1,6 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
using System.IdentityModel.Tokens.Jwt;
using System.Net;
using System.Net.Http.Headers;
@ -23,7 +24,7 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Authorize;
public class JwtRequestAuthorizeTests
{
private const string Category = "Authorize endpoint with JWT requests";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private readonly Client _client;
@ -208,7 +209,7 @@ public class JwtRequestAuthorizeTests
nonce: "123nonce",
redirectUri: "https://client/callback");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Client must use request object, but no request or request_uri parameter present");
@ -244,7 +245,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe(_client.ClientId);
@ -292,7 +293,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe(_client.ClientId);
@ -339,7 +340,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe(_client.ClientId);
@ -392,7 +393,7 @@ public class JwtRequestAuthorizeTests
var url = _mockPipeline.CreateAuthorizeUrl(
clientId: _client.ClientId,
requestUri: parResponse.RootElement.GetProperty("request_uri").GetString());
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe(_client.ClientId);
@ -451,7 +452,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe(_client.ClientId);
@ -504,7 +505,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe(_client.ClientId);
@ -553,7 +554,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request_object");
_mockPipeline.LoginRequest.ShouldBeNull();
@ -596,7 +597,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
@ -645,7 +646,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Invalid client_id");
@ -680,7 +681,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request_object");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Invalid JWT request");
@ -717,7 +718,7 @@ public class JwtRequestAuthorizeTests
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request_object");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Invalid JWT request");
@ -754,7 +755,7 @@ public class JwtRequestAuthorizeTests
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request_object");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Invalid JWT request");
@ -791,7 +792,7 @@ public class JwtRequestAuthorizeTests
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request_object");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Invalid JWT request");
@ -828,7 +829,7 @@ public class JwtRequestAuthorizeTests
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request_object");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Invalid JWT request");
@ -864,7 +865,7 @@ public class JwtRequestAuthorizeTests
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Invalid JWT request");
@ -901,7 +902,7 @@ public class JwtRequestAuthorizeTests
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Invalid JWT request");
@ -938,7 +939,7 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
_ = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
_ = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request_object");
_mockPipeline.ErrorMessage.ErrorDescription.ShouldBe("Invalid JWT request");
@ -983,7 +984,7 @@ public class JwtRequestAuthorizeTests
{
request_uri = "http://client_jwt"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.JwtRequestMessageHandler.InvokeWasCalled.ShouldBeFalse();
@ -1029,7 +1030,7 @@ public class JwtRequestAuthorizeTests
{
request_uri = "http://client_jwt"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe(_client.ClientId);
@ -1098,7 +1099,7 @@ public class JwtRequestAuthorizeTests
{
request_uri = "http://client_jwt"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe(_client.ClientId);
@ -1159,7 +1160,7 @@ public class JwtRequestAuthorizeTests
{
request_uri = "http://client_jwt"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginRequest.ShouldNotBeNull();
_mockPipeline.LoginRequest.Client.ClientId.ShouldBe(_client.ClientId);
@ -1214,7 +1215,7 @@ public class JwtRequestAuthorizeTests
{
request_uri = "http://client_jwt"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_request_uri");
_mockPipeline.LoginRequest.ShouldBeNull();
@ -1236,7 +1237,7 @@ public class JwtRequestAuthorizeTests
{
request_uri = "http://client_jwt"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.ShouldBeNull();
@ -1259,7 +1260,7 @@ public class JwtRequestAuthorizeTests
{
request_uri = "http://client_jwt"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.ShouldBeNull();
@ -1280,7 +1281,7 @@ public class JwtRequestAuthorizeTests
{
request_uri = "http://" + new string('x', 512)
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.ShouldBeNull();
@ -1321,7 +1322,7 @@ public class JwtRequestAuthorizeTests
request = requestJwt,
request_uri = "http://client_jwt"
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.LoginRequest.ShouldBeNull();
@ -1367,11 +1368,11 @@ public class JwtRequestAuthorizeTests
{
request = requestJwt
});
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
// this simulates the login page returning to the returnUrl which is the authorize callback page
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.BaseUrl + _mockPipeline.LoginReturnUrl, _ct);
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.BaseUrl + _mockPipeline.LoginReturnUrl);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
response.Headers.Location!.ToString().ShouldSatisfyAllConditions(
@ -1427,7 +1428,7 @@ public class JwtRequestAuthorizeTests
};
_mockPipeline.BrowserClient.StopRedirectingAfter = 2;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);

23
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Authorize/PushedAuthorizationTests.cs
View file

@ -18,10 +18,9 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Authorize;
public class PushedAuthorizationTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new();
private Client _client;
private readonly string clientSecret = Guid.NewGuid().ToString();
private string clientSecret = Guid.NewGuid().ToString();
private Client _client2;
private WilsonJsonWebKey _privateKey;
@ -59,7 +58,7 @@ public class PushedAuthorizationTests
var authorizeUrl = _mockPipeline.CreateAuthorizeUrl(
clientId: "client1",
requestUri: parJson.RootElement.GetProperty("request_uri").GetString());
var response = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
response.Headers.Location!.AbsoluteUri.ShouldMatch($"{expectedCallback}.*");
@ -90,7 +89,7 @@ public class PushedAuthorizationTests
var authorizeUrl = _mockPipeline.CreateAuthorizeUrl(
clientId: "client2",
requestUri: parJson.RootElement.GetProperty("request_uri").GetString());
var response = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
response.Headers.Location!.AbsoluteUri.ShouldMatch($"{expectedCallback}.*");
@ -142,7 +141,7 @@ public class PushedAuthorizationTests
redirectUri: "https://client1/callback",
nonce: "123_nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
// We expect to be redirected to the error page, as this is an interactive
// call to authorize
@ -164,7 +163,7 @@ public class PushedAuthorizationTests
redirectUri: "https://client1/callback",
nonce: "123_nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
// We expect to be redirected to the error page, as this is an interactive
// call to authorize
@ -192,7 +191,7 @@ public class PushedAuthorizationTests
// call to authorize. We don't want to follow redirects. Instead we'll just
// check for a 302 to the error page
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var authorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl, _ct);
var authorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl);
authorizeResponse.StatusCode.ShouldBe(HttpStatusCode.Found);
authorizeResponse.Headers.Location!.ToString().ShouldMatch(".*/error.*");
@ -214,8 +213,8 @@ public class PushedAuthorizationTests
requestUri: parJson.RootElement.GetProperty("request_uri").GetString());
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var firstAuthorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl, _ct);
var secondAuthorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl, _ct);
var firstAuthorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl);
var secondAuthorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl);
secondAuthorizeResponse.StatusCode.ShouldBe(HttpStatusCode.Found);
secondAuthorizeResponse.Headers.Location!.ToString().ShouldMatch(".*/error.*");
@ -269,7 +268,7 @@ public class PushedAuthorizationTests
var authorizeUrl = _mockPipeline.CreateAuthorizeUrl(
clientId: "client1",
requestUri: parJson.RootElement.GetProperty("request_uri").GetString());
var authorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl, _ct);
var authorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl);
// Verify that authorize redirects to login
authorizeResponse.StatusCode.ShouldBe(HttpStatusCode.Found);
@ -278,14 +277,14 @@ public class PushedAuthorizationTests
authorizeResponse.Headers.Location.ToString().ToLower().ShouldMatch($"{expectedLocation.ToLower()}*");
// Verify that the UI prompts the user at this point
var uiResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeResponse.Headers.Location, _ct);
var uiResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeResponse.Headers.Location);
uiResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
// Now login and return to the return url we were given
var returnPath = isPromptCreate ? _mockPipeline.CreateAccountReturnUrl : _mockPipeline.LoginReturnUrl;
var returnUrl = new Uri(new Uri(IdentityServerPipeline.BaseUrl), returnPath);
await _mockPipeline.LoginAsync("bob");
var authorizeCallbackResponse = await _mockPipeline.BrowserClient.GetAsync(returnUrl, _ct);
var authorizeCallbackResponse = await _mockPipeline.BrowserClient.GetAsync(returnUrl);
// The authorize callback should continue back to the application (the prompt parameter is processed so we don't go back to the UI)
authorizeCallbackResponse.StatusCode.ShouldBe(HttpStatusCode.Found);

49
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Authorize/ResourceTests.cs
View file

@ -14,7 +14,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Authorize;
public class ResourceTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Authorize endpoint";
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
@ -152,7 +151,7 @@ public class ResourceTests
url += "&resource=urn:resource1";
url += "&resource=urn:resource3";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -162,7 +161,7 @@ public class ResourceTests
ClientSecret = "secret",
Code = code,
RedirectUri = "https://client1/callback"
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -187,7 +186,7 @@ public class ResourceTests
url += "&resource= ";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -201,7 +200,7 @@ public class ResourceTests
{
{ "resource", " " }
}
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -227,7 +226,7 @@ public class ResourceTests
url += "&resource=urn:resource1";
url += "&resource=urn:resource3";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -241,7 +240,7 @@ public class ResourceTests
{
{ "resource", " " }
}
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -267,7 +266,7 @@ public class ResourceTests
url += "&resource=urn:resource1";
url += "&resource=urn:resource3";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -281,7 +280,7 @@ public class ResourceTests
{
{ "resource", "urn:resource1" }
}
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -307,7 +306,7 @@ public class ResourceTests
url += "&resource=urn:resource1";
url += "&resource=urn:resource3";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -317,7 +316,7 @@ public class ResourceTests
ClientSecret = "secret",
Code = code,
RedirectUri = "https://client1/callback"
}, _ct);
});
tokenResponse = await _mockPipeline.BackChannelClient.RequestRefreshTokenAsync(new RefreshTokenRequest
{
@ -329,7 +328,7 @@ public class ResourceTests
{
{ "resource", "urn:resource1" }
}
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -355,7 +354,7 @@ public class ResourceTests
url += "&resource=urn:resource1";
url += "&resource=urn:resource3";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -365,7 +364,7 @@ public class ResourceTests
ClientSecret = "secret",
Code = code,
RedirectUri = "https://client1/callback"
}, _ct);
});
tokenResponse = await _mockPipeline.BackChannelClient.RequestRefreshTokenAsync(new RefreshTokenRequest
{
@ -373,7 +372,7 @@ public class ResourceTests
ClientId = "client1",
ClientSecret = "secret",
RefreshToken = tokenResponse.RefreshToken,
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -398,7 +397,7 @@ public class ResourceTests
url += "&resource=urn:resource1";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -412,7 +411,7 @@ public class ResourceTests
{
{ "resource", "urn:resource1" }
}
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -437,7 +436,7 @@ public class ResourceTests
url += "&resource=urn:resource1";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -451,7 +450,7 @@ public class ResourceTests
{
// no resource param
}
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -476,7 +475,7 @@ public class ResourceTests
url += "&resource=urn:resource3";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -490,7 +489,7 @@ public class ResourceTests
{
// no resource param
}
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -508,7 +507,7 @@ public class ResourceTests
{
{ "resource", "urn:resource3" }
}
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -533,7 +532,7 @@ public class ResourceTests
url += "&resource=urn:resource3";
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var code = GetCode(response);
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
@ -547,7 +546,7 @@ public class ResourceTests
{
{ "resource", "urn:resource3" }
}
}, _ct);
});
{
var claims = ParseAccessTokenClaims(tokenResponse);
@ -572,7 +571,7 @@ public class ResourceTests
url += "&resource=urn:resource1";
url += "&resource=urn:resource3";
await _mockPipeline.BrowserClient.GetAsync(url, _ct);
await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
_mockPipeline.ErrorMessage.Error.ShouldBe("invalid_target");
}

23
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Authorize/RestrictAccessTokenViaBrowserTests.cs
View file

@ -13,9 +13,10 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Authorize;
public class RestrictAccessTokenViaBrowserTests
{
private const string Category = "RestrictAccessTokenViaBrowserTests";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private readonly ClaimsPrincipal _user = new IdentityServerUser("bob").CreatePrincipal();
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private ClaimsPrincipal _user = new IdentityServerUser("bob").CreatePrincipal();
public RestrictAccessTokenViaBrowserTests()
{
@ -91,7 +92,7 @@ public class RestrictAccessTokenViaBrowserTests
"id_token", "openid", "https://client1/callback", "state", "nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
response.Headers.Location.AbsoluteUri.ShouldStartWith("https://client1/callback");
@ -110,7 +111,7 @@ public class RestrictAccessTokenViaBrowserTests
"id_token token", "openid", "https://client1/callback", "state", "nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
response.Headers.Location.AbsoluteUri.ShouldStartWith("https://client1/callback");
@ -129,7 +130,7 @@ public class RestrictAccessTokenViaBrowserTests
"id_token", "openid", "https://client2/callback", "state", "nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
response.Headers.Location.AbsoluteUri.ShouldStartWith("https://client2/callback");
@ -148,7 +149,7 @@ public class RestrictAccessTokenViaBrowserTests
"id_token token", "openid", "https://client2/callback", "state", "nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
}
@ -162,7 +163,7 @@ public class RestrictAccessTokenViaBrowserTests
"code id_token", "openid", "https://client3/callback", "state", "nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
response.Headers.Location.AbsoluteUri.ShouldStartWith("https://client3/callback");
@ -182,7 +183,7 @@ public class RestrictAccessTokenViaBrowserTests
"code id_token token", "openid", "https://client3/callback", "state", "nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
response.Headers.Location.AbsoluteUri.ShouldStartWith("https://client3/callback");
@ -203,7 +204,7 @@ public class RestrictAccessTokenViaBrowserTests
"code id_token", "openid", "https://client4/callback", "state", "nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.ShouldBe(HttpStatusCode.Found);
response.Headers.Location.AbsoluteUri.ShouldStartWith("https://client4/callback");
@ -223,7 +224,7 @@ public class RestrictAccessTokenViaBrowserTests
"code id_token token", "openid", "https://client4/callback", "state", "nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.ShouldBeTrue();
}
}

6
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Authorize/SessionIdTests.cs
View file

@ -12,8 +12,8 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Authorize;
public class SessionIdTests
{
private const string Category = "SessionIdTests";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
public SessionIdTests()
{
@ -84,7 +84,7 @@ public class SessionIdTests
_mockPipeline.RemoveSessionCookie();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.DiscoveryEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.DiscoveryEndpoint);
var sid2 = _mockPipeline.GetSessionCookie().Value;
sid2.ShouldBe(sid1);

6
identity-server/test/IdentityServer.IntegrationTests/Endpoints/CheckSession/CheckSessionTests.cs
View file

@ -9,17 +9,17 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.CheckSession;
public class CheckSessionTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private const string Category = "Check session endpoint";
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
public CheckSessionTests() => _mockPipeline.Initialize();
[Fact]
[Trait("Category", Category)]
public async Task get_request_should_not_return_404()
{
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.CheckSessionEndpoint, _ct);
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.CheckSessionEndpoint);
response.StatusCode.ShouldNotBe(HttpStatusCode.NotFound);
}

219
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Ciba/CibaTests.cs
View file

@ -19,7 +19,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Ciba;
public class CibaTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Backchannel Authentication (CIBA) endpoint";
private IdentityServerPipeline _mockPipeline = new();
@ -159,7 +158,7 @@ public class CibaTests
[Trait("Category", Category)]
public async Task get_request_should_return_error()
{
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.BackchannelAuthenticationEndpoint, _ct);
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.BackchannelAuthenticationEndpoint);
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
}
@ -170,8 +169,7 @@ public class CibaTests
{
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new StringContent("invalid"),
_ct);
new StringContent("invalid"));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
}
@ -195,8 +193,7 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -236,8 +233,7 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
// The custom validator was invoked with the request parameters and mapped the custom input
var validatedRequest = _mockCustomBackchannelAuthenticationValidator.Context.ValidationResult.ValidatedRequest;
@ -276,12 +272,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
// Custom request properties are not included automatically in the response to the client
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var responseContent = await response.Content.ReadAsStringAsync(_ct);
var responseContent = await response.Content.ReadAsStringAsync();
var json = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(responseContent);
json.ShouldNotBeNull();
json.ShouldNotContainKey("complex");
@ -311,12 +306,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("auth_req_id").ShouldBeTrue();
@ -347,12 +341,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("auth_req_id").ShouldBeTrue();
@ -380,12 +373,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -415,12 +407,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -450,12 +441,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -484,12 +474,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -520,12 +509,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -556,12 +544,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -594,12 +581,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -633,11 +619,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body), _ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -668,12 +654,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -704,12 +689,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -740,8 +724,7 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
}
@ -766,8 +749,7 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -798,12 +780,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -830,12 +811,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -866,12 +846,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(code);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -896,12 +875,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -928,12 +906,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -957,12 +934,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -988,12 +964,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1018,12 +993,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1049,12 +1023,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1080,12 +1053,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1111,12 +1083,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1147,12 +1118,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1178,12 +1148,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1211,12 +1180,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1244,8 +1212,7 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
}
@ -1269,12 +1236,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1302,8 +1268,7 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -1330,12 +1295,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1357,12 +1321,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1384,11 +1347,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body), _ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1413,12 +1376,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1443,12 +1405,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1473,12 +1434,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1503,12 +1463,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1533,12 +1492,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1571,8 +1529,7 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -1599,8 +1556,7 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -1627,12 +1583,11 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -1657,15 +1612,15 @@ public class CibaTests
var response = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(body),
_ct);
new FormUrlEncodedContent(body));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
values["error"].ToString().ShouldBe("invalid_binding_message");
}
}

21
identity-server/test/IdentityServer.IntegrationTests/Endpoints/DeviceAuthorization/DeviceAuthorizationTests.cs
View file

@ -13,7 +13,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.DeviceAuthorization;
public class DeviceAuthorizationTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Device authorization endpoint";
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
@ -39,10 +38,10 @@ public class DeviceAuthorizationTests
[Trait("Category", Category)]
public async Task get_should_return_InvalidRequest()
{
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.DeviceAuthorization, _ct);
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.DeviceAuthorization);
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var resultDto = ParseJsonBody<ErrorResultDto>(await response.Content.ReadAsStreamAsync(_ct));
var resultDto = ParseJsonBody<ErrorResultDto>(await response.Content.ReadAsStreamAsync());
resultDto.ShouldNotBeNull();
resultDto.error.ShouldBe(OidcConstants.TokenErrors.InvalidRequest);
@ -57,11 +56,11 @@ public class DeviceAuthorizationTests
{"client_id", Guid.NewGuid().ToString()}
};
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.DeviceAuthorization,
new StringContent(@"{""client_id"": ""client1""}", Encoding.UTF8, "application/json"), _ct);
new StringContent(@"{""client_id"": ""client1""}", Encoding.UTF8, "application/json"));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var resultDto = ParseJsonBody<ErrorResultDto>(await response.Content.ReadAsStreamAsync(_ct));
var resultDto = ParseJsonBody<ErrorResultDto>(await response.Content.ReadAsStreamAsync());
resultDto.ShouldNotBeNull();
resultDto.error.ShouldBe(OidcConstants.TokenErrors.InvalidRequest);
@ -72,11 +71,11 @@ public class DeviceAuthorizationTests
public async Task empty_request_should_return_InvalidRequest()
{
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.DeviceAuthorization,
new FormUrlEncodedContent(new Dictionary<string, string>()), _ct);
new FormUrlEncodedContent(new Dictionary<string, string>()));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var resultDto = ParseJsonBody<ErrorResultDto>(await response.Content.ReadAsStreamAsync(_ct));
var resultDto = ParseJsonBody<ErrorResultDto>(await response.Content.ReadAsStreamAsync());
resultDto.ShouldNotBeNull();
resultDto.error.ShouldBe(OidcConstants.TokenErrors.InvalidRequest);
@ -90,11 +89,11 @@ public class DeviceAuthorizationTests
{
{"client_id", "client1"}
};
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.DeviceAuthorization, new FormUrlEncodedContent(form), _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.DeviceAuthorization, new FormUrlEncodedContent(form));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var resultDto = ParseJsonBody<ErrorResultDto>(await response.Content.ReadAsStreamAsync(_ct));
var resultDto = ParseJsonBody<ErrorResultDto>(await response.Content.ReadAsStreamAsync());
resultDto.ShouldNotBeNull();
resultDto.error.ShouldBe(OidcConstants.TokenErrors.InvalidClient);
@ -109,12 +108,12 @@ public class DeviceAuthorizationTests
{"client_id", "client1"},
{"client_secret", "secret" }
};
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.DeviceAuthorization, new FormUrlEncodedContent(form), _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.DeviceAuthorization, new FormUrlEncodedContent(form));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
response.Content.Headers.ContentType.MediaType.ShouldBe("application/json");
var resultDto = ParseJsonBody<ResultDto>(await response.Content.ReadAsStreamAsync(_ct));
var resultDto = ParseJsonBody<ResultDto>(await response.Content.ReadAsStreamAsync());
resultDto.ShouldNotBeNull();

53
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Discovery/DiscoveryEndpointTests.cs
View file

@ -18,7 +18,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Discovery;
public class DiscoveryEndpointTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Discovery endpoint";
[Fact]
@ -28,9 +27,9 @@ public class DiscoveryEndpointTests
var pipeline = new IdentityServerPipeline();
pipeline.Initialize("/ROOT");
var result = await pipeline.BackChannelClient.GetAsync("HTTPS://SERVER/ROOT/.WELL-KNOWN/OPENID-CONFIGURATION", _ct);
var result = await pipeline.BackChannelClient.GetAsync("HTTPS://SERVER/ROOT/.WELL-KNOWN/OPENID-CONFIGURATION");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data["issuer"].GetString().ShouldBe("https://server/root");
}
@ -44,9 +43,9 @@ public class DiscoveryEndpointTests
pipeline.Options.LowerCaseIssuerUri = false;
var result = await pipeline.BackChannelClient.GetAsync("HTTPS://SERVER/ROOT/.WELL-KNOWN/OPENID-CONFIGURATION", _ct);
var result = await pipeline.BackChannelClient.GetAsync("HTTPS://SERVER/ROOT/.WELL-KNOWN/OPENID-CONFIGURATION");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data["issuer"].GetString().ShouldBe("https://server/ROOT");
}
@ -69,7 +68,7 @@ public class DiscoveryEndpointTests
};
pipeline.Initialize();
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration", _ct);
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration");
var algorithmsSupported = result.TryGetStringArray("id_token_signing_alg_values_supported");
@ -111,9 +110,9 @@ public class DiscoveryEndpointTests
pipeline.Initialize("/ROOT");
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
var keys = data["keys"].EnumerateArray().ToList();
@ -131,9 +130,9 @@ public class DiscoveryEndpointTests
var pipeline = new IdentityServerPipeline();
pipeline.Initialize("/ROOT");
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
var keys = data["keys"];
@ -160,9 +159,9 @@ public class DiscoveryEndpointTests
};
pipeline.Initialize("/ROOT");
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var jwks = new JsonWebKeySet(json);
var parsedKeys = jwks.GetSigningKeys();
@ -186,9 +185,9 @@ public class DiscoveryEndpointTests
};
pipeline.Initialize("/ROOT");
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var jwks = new JsonWebKeySet(json);
jwks.Keys.ShouldContain(x => x.KeyId == ecdsaKey.KeyId && x.Alg == "ES256");
@ -212,7 +211,7 @@ public class DiscoveryEndpointTests
RequireHttps = false,
RequireKeySet = false
}
}, _ct);
});
result.Issuer.ShouldBe("https://грант.рф");
}
@ -225,9 +224,9 @@ public class DiscoveryEndpointTests
var pipeline = new IdentityServerPipeline();
pipeline.Initialize();
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/openid-configuration", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/openid-configuration");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
var prompts = data["prompt_values_supported"].EnumerateArray()
.Select(x => x.GetString()).ToList();
@ -249,9 +248,9 @@ public class DiscoveryEndpointTests
pipeline.Initialize();
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/openid-configuration", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/openid-configuration");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
var prompts = data["prompt_values_supported"].EnumerateArray()
.Select(x => x.GetString()).ToList();
@ -266,9 +265,9 @@ public class DiscoveryEndpointTests
pipeline.Initialize();
pipeline.Options.Endpoints.EnableAuthorizeEndpoint = false;
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/openid-configuration", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/openid-configuration");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data.ContainsKey("prompt_values_supported").ShouldBeFalse();
}
@ -285,7 +284,7 @@ public class DiscoveryEndpointTests
pipeline.Options.Preview.DiscoveryDocumentCacheDuration = TimeSpan.FromSeconds(1);
// cache
_ = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration", _ct);
_ = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration");
// add new entry
pipeline.Options.Discovery.CustomEntries = new() {
@ -293,9 +292,9 @@ public class DiscoveryEndpointTests
};
// get cached document
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
// we got a result back
@ -333,7 +332,7 @@ public class DiscoveryEndpointTests
pipeline.Options.Preview.EnableDiscoveryDocumentCache = enableCache;
pipeline.Options.Discovery.CustomEntries.Add("foo", "bar");
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration", _ct);
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration");
result.TryGetString("foo").ShouldBe("bar");
}
@ -352,7 +351,7 @@ public class DiscoveryEndpointTests
pipeline.Initialize();
pipeline.Options.Preview.EnableDiscoveryDocumentCache = enableCache;
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration", _ct);
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration");
if (enableCache)
{
@ -374,7 +373,7 @@ public class DiscoveryEndpointTests
pipeline.Options.MutualTls.Enabled = true;
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration", _ct);
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration");
result.MtlsEndpointAliases.PushedAuthorizationRequestEndpoint.ShouldNotBeNull();
}
}

13
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Discovery/DiscoveryEndpointTests_dpop_signing_algs_supported.cs
View file

@ -12,7 +12,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Discovery;
public class DiscoveryEndpointTests_dpop_signing_alg_values_supported
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Discovery endpoint - dpop_signing_alg_values_supported";
[Fact]
@ -31,7 +30,7 @@ public class DiscoveryEndpointTests_dpop_signing_alg_values_supported
var result =
await pipeline.BackChannelClient.GetDiscoveryDocumentAsync(
"https://server/.well-known/openid-configuration", _ct);
"https://server/.well-known/openid-configuration");
var supportedAlgorithmsFromResponse =
result.TryGetStringArray(OidcConstants.Discovery.DPoPSigningAlgorithmsSupported);
@ -44,9 +43,9 @@ public class DiscoveryEndpointTests_dpop_signing_alg_values_supported
var pipeline = new IdentityServerPipeline();
pipeline.Initialize();
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync(
"https://server/.well-known/openid-configuration",
_ct);
var result =
await pipeline.BackChannelClient.GetDiscoveryDocumentAsync(
"https://server/.well-known/openid-configuration");
var algorithmsSupported = result.TryGetStringArray("dpop_signing_alg_values_supported");
algorithmsSupported.Count().ShouldBe(9);
@ -72,8 +71,8 @@ public class DiscoveryEndpointTests_dpop_signing_alg_values_supported
pipeline.Options.DPoP.SupportedDPoPSigningAlgorithms = algorithms;
var result = await pipeline.BackChannelClient
.GetAsync("https://server/.well-known/openid-configuration", _ct);
var json = await result.Content.ReadAsStringAsync(_ct);
.GetAsync("https://server/.well-known/openid-configuration");
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data.ShouldNotContainKey(OidcConstants.Discovery.DPoPSigningAlgorithmsSupported);

15
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Discovery/DiscoveryEndpointTests_token_endpoint_auth_signing_algs_supported.cs
View file

@ -12,7 +12,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Discovery;
public class DiscoveryEndpointTests_token_endpoint_auth_signing_alg_values_supported
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Discovery endpoint - token_endpoint_auth_signing_alg_values_supported";
[Fact]
@ -30,7 +29,7 @@ public class DiscoveryEndpointTests_token_endpoint_auth_signing_alg_values_suppo
];
var disco = await pipeline.BackChannelClient
.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration", _ct);
.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration");
disco.IsError.ShouldBeFalse();
var algorithmsSupported = disco.TokenEndpointAuthenticationSigningAlgorithmsSupported;
@ -49,9 +48,9 @@ public class DiscoveryEndpointTests_token_endpoint_auth_signing_alg_values_suppo
svcs.AddIdentityServerBuilder().AddJwtBearerClientAuthentication();
pipeline.Initialize();
var result = await pipeline.BackChannelClient.GetDiscoveryDocumentAsync(
"https://server/.well-known/openid-configuration",
_ct);
var result =
await pipeline.BackChannelClient.GetDiscoveryDocumentAsync(
"https://server/.well-known/openid-configuration");
result.IsError.ShouldBeFalse();
var algorithmsSupported = result.TokenEndpointAuthenticationSigningAlgorithmsSupported;
@ -78,7 +77,7 @@ public class DiscoveryEndpointTests_token_endpoint_auth_signing_alg_values_suppo
pipeline.Options.SupportedClientAssertionSigningAlgorithms = [SecurityAlgorithms.RsaSha256];
var disco = await pipeline.BackChannelClient
.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration", _ct);
.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration");
// Verify assumptions
disco.IsError.ShouldBeFalse();
@ -103,8 +102,8 @@ public class DiscoveryEndpointTests_token_endpoint_auth_signing_alg_values_suppo
pipeline.Options.SupportedClientAssertionSigningAlgorithms = algorithms;
var result = await pipeline.BackChannelClient
.GetAsync("https://server/.well-known/openid-configuration", _ct);
var json = await result.Content.ReadAsStringAsync(_ct);
.GetAsync("https://server/.well-known/openid-configuration");
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data.ShouldNotContainKey(OidcConstants.Discovery.TokenEndpointAuthSigningAlgorithmsSupported);

12
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Discovery/DiscoveryEndpoint_request_object_auth_signing_algs_supported.cs
View file

@ -10,7 +10,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Discovery;
public class DiscoveryEndpoint_request_object_auth_signing_algs_supported_Tests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "Discovery endpoint - request_object_signing_algs_supported";
[Fact]
@ -26,8 +25,9 @@ public class DiscoveryEndpoint_request_object_auth_signing_algs_supported_Tests
SecurityAlgorithms.EcdsaSha256
];
var result = await pipeline.BackChannelClient
.GetDiscoveryDocumentAsync("https://server/.well-known/openid-configuration", _ct);
var result =
await pipeline.BackChannelClient.GetDiscoveryDocumentAsync(
"https://server/.well-known/openid-configuration");
var algorithmsSupported = result.TryGetStringArray("request_object_signing_alg_values_supported");
algorithmsSupported.Count().ShouldBe(2);
@ -46,8 +46,8 @@ public class DiscoveryEndpoint_request_object_auth_signing_algs_supported_Tests
pipeline.Options.SupportedRequestObjectSigningAlgorithms = algorithms;
var result = await pipeline.BackChannelClient
.GetAsync("https://server/.well-known/openid-configuration", _ct);
var json = await result.Content.ReadAsStringAsync(_ct);
.GetAsync("https://server/.well-known/openid-configuration");
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data.ShouldNotContainKey("request_object_signing_alg_values_supported");
@ -62,7 +62,7 @@ public class DiscoveryEndpoint_request_object_auth_signing_algs_supported_Tests
var result =
await pipeline.BackChannelClient.GetDiscoveryDocumentAsync(
"https://server/.well-known/openid-configuration", _ct);
"https://server/.well-known/openid-configuration");
var algorithmsSupported = result.TryGetStringArray("request_object_signing_alg_values_supported");
algorithmsSupported.ShouldBe([

87
identity-server/test/IdentityServer.IntegrationTests/Endpoints/EndSession/EndSessionTests.cs
View file

@ -22,7 +22,7 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.EndSession;
public class EndSessionTests
{
private const string Category = "End session endpoint";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private Client _wsfedClient;
@ -116,7 +116,7 @@ public class EndSessionTests
[Trait("Category", Category)]
public async Task get_request_should_not_return_404()
{
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
response.StatusCode.ShouldNotBe(HttpStatusCode.NotFound);
}
@ -125,7 +125,7 @@ public class EndSessionTests
[Trait("Category", Category)]
public async Task signout_request_should_redirect_to_logout_page()
{
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.LogoutWasCalled.ShouldBeTrue();
}
@ -148,12 +148,13 @@ public class EndSessionTests
nonce: "123_nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var authorization = new Duende.IdentityModel.Client.AuthorizeResponse(response.Headers.Location.ToString());
var id_token = authorization.IdentityToken;
response = await _mockPipeline.BrowserClient
.GetAsync(IdentityServerPipeline.EndSessionEndpoint + "?id_token_hint=" + id_token + "&post_logout_redirect_uri=https://client1/signout-callback", _ct);
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client1/signout-callback");
response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ShouldStartWith("https://server/logout?id=");
@ -178,7 +179,7 @@ public class EndSessionTests
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client2/signout-callback2" +
"&ui_locales=fr-FR fr-CA", _ct);
"&ui_locales=fr-FR fr-CA");
_mockPipeline.LogoutWasCalled.ShouldBeTrue();
_mockPipeline.LogoutRequest.ShouldNotBeNull();
@ -211,7 +212,7 @@ public class EndSessionTests
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client2/signout-callback2" +
"&ui_locales=" + new string('x', 101), _ct);
"&ui_locales=" + new string('x', 101));
_mockPipeline.LogoutWasCalled.ShouldBeTrue();
_mockPipeline.LogoutRequest.ShouldNotBeNull();
@ -239,7 +240,7 @@ public class EndSessionTests
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client2/signout-callback2" +
"&ui_locales=nb-NO", _ct);
"&ui_locales=nb-NO");
_mockPipeline.LogoutWasCalled.ShouldBeTrue();
var cookie = _mockPipeline.BrowserClient.GetCookie("http://server", CookieRequestCultureProvider.DefaultCookieName);
@ -267,7 +268,7 @@ public class EndSessionTests
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client2/signout-callback2", _ct);
"&post_logout_redirect_uri=https://client2/signout-callback2");
_mockPipeline.LogoutWasCalled.ShouldBeTrue();
_mockPipeline.LogoutRequest.ShouldNotBeNull();
@ -291,7 +292,7 @@ public class EndSessionTests
nonce: "123_nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var authorization = new Duende.IdentityModel.Client.AuthorizeResponse(response.Headers.Location.ToString());
var id_token = authorization.IdentityToken;
@ -301,7 +302,7 @@ public class EndSessionTests
values.Add(new KeyValuePair<string, string>("id_token_hint", id_token));
values.Add(new KeyValuePair<string, string>("post_logout_redirect_uri", "https://client1/signout-callback"));
var content = new FormUrlEncodedContent(values);
response = await _mockPipeline.BrowserClient.PostAsync(IdentityServerPipeline.EndSessionEndpoint, content, _ct);
response = await _mockPipeline.BrowserClient.PostAsync(IdentityServerPipeline.EndSessionEndpoint, content);
_mockPipeline.LogoutWasCalled.ShouldBeTrue();
_mockPipeline.LogoutRequest.ShouldNotBeNull();
@ -318,7 +319,7 @@ public class EndSessionTests
[Trait("Category", Category)]
public async Task signout_callback_without_params_should_return_400()
{
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.EndSessionCallbackEndpoint, _ct);
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.EndSessionCallbackEndpoint);
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
}
@ -338,7 +339,7 @@ public class EndSessionTests
nonce: "123_nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var authorization = new Duende.IdentityModel.Client.AuthorizeResponse(response.Headers.Location.ToString());
var id_token = authorization.IdentityToken;
@ -346,11 +347,11 @@ public class EndSessionTests
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client1/signout-callback-not-valid", _ct);
"&post_logout_redirect_uri=https://client1/signout-callback-not-valid");
var signoutFrameUrl = _mockPipeline.LogoutRequest.SignOutIFrameUrl;
response = await _mockPipeline.BrowserClient.GetAsync(signoutFrameUrl, _ct);
response = await _mockPipeline.BrowserClient.GetAsync(signoutFrameUrl);
_mockPipeline.LogoutRequest.ClientId.ShouldNotBeNull();
_mockPipeline.LogoutRequest.PostLogoutRedirectUri.ShouldBeNull();
@ -371,7 +372,7 @@ public class EndSessionTests
nonce: "123_nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var authorization = new Duende.IdentityModel.Client.AuthorizeResponse(response.Headers.Location.ToString());
var id_token = authorization.IdentityToken;
@ -381,7 +382,7 @@ public class EndSessionTests
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client1/signout-callback", _ct);
"&post_logout_redirect_uri=https://client1/signout-callback");
_mockPipeline.LogoutRequest.ClientId.ShouldBeNull();
_mockPipeline.LogoutRequest.PostLogoutRedirectUri.ShouldBeNull();
@ -402,14 +403,14 @@ public class EndSessionTests
nonce: "123_nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
var signoutFrameUrl = _mockPipeline.LogoutRequest.SignOutIFrameUrl;
response = await _mockPipeline.BrowserClient.GetAsync(signoutFrameUrl, _ct);
response = await _mockPipeline.BrowserClient.GetAsync(signoutFrameUrl);
response.StatusCode.ShouldBe(HttpStatusCode.OK);
response.Content.Headers.ContentType.MediaType.ShouldBe("text/html");
}
@ -429,7 +430,7 @@ public class EndSessionTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var url2 = _mockPipeline.CreateAuthorizeUrl(
clientId: "client2",
@ -438,15 +439,15 @@ public class EndSessionTests
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce");
var response2 = await _mockPipeline.BrowserClient.GetAsync(url2, _ct);
var response2 = await _mockPipeline.BrowserClient.GetAsync(url2);
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
var signoutFrameUrl = _mockPipeline.LogoutRequest.SignOutIFrameUrl;
response = await _mockPipeline.BrowserClient.GetAsync(signoutFrameUrl, _ct);
var html = await response.Content.ReadAsStringAsync(_ct);
response = await _mockPipeline.BrowserClient.GetAsync(signoutFrameUrl);
var html = await response.Content.ReadAsStringAsync();
html.ShouldContain(HtmlEncoder.Default.Encode("https://client1/signout?sid=" + sid + "&iss=" + UrlEncoder.Default.Encode("https://server")));
html.ShouldContain(HtmlEncoder.Default.Encode("https://client2/signout?sid=" + sid + "&iss=" + UrlEncoder.Default.Encode("https://server")));
}
@ -466,10 +467,10 @@ public class EndSessionTests
redirectUri: "https://client4/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
var signoutFrameUrl = _mockPipeline.LogoutRequest.SignOutIFrameUrl;
@ -477,8 +478,8 @@ public class EndSessionTests
// at signout to use ws-fed so we can test the iframe params
_wsfedClient.ProtocolType = IdentityServerConstants.ProtocolTypes.WsFederation;
response = await _mockPipeline.BrowserClient.GetAsync(signoutFrameUrl, _ct);
var html = await response.Content.ReadAsStringAsync(_ct);
response = await _mockPipeline.BrowserClient.GetAsync(signoutFrameUrl);
var html = await response.Content.ReadAsStringAsync();
html.ShouldContain("https://client4/signout?wa=wsignoutcleanup1.0");
}
@ -496,13 +497,13 @@ public class EndSessionTests
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var authorization = new Duende.IdentityModel.Client.AuthorizeResponse(response.Headers.Location.ToString());
var id_token = authorization.IdentityToken;
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token, _ct);
"?id_token_hint=" + id_token);
_mockPipeline.LogoutRequest.PostLogoutRedirectUri.ShouldBeNull();
}
@ -521,13 +522,13 @@ public class EndSessionTests
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url, _ct);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var authorization = new Duende.IdentityModel.Client.AuthorizeResponse(response.Headers.Location.ToString());
var id_token = authorization.IdentityToken;
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token, _ct);
"?id_token_hint=" + id_token);
_mockPipeline.LogoutRequest.PostLogoutRedirectUri.ShouldBeNull();
}
@ -547,7 +548,7 @@ public class EndSessionTests
nonce: "123_nonce");
response.ShouldNotBeNull();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.LogoutWasCalled.ShouldBeTrue();
_mockPipeline.LogoutRequest.SignOutIFrameUrl.ShouldNotBeNull();
@ -559,7 +560,7 @@ public class EndSessionTests
{
await _mockPipeline.LoginAsync("bob");
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.LogoutWasCalled.ShouldBeTrue();
_mockPipeline.LogoutRequest.SignOutIFrameUrl.ShouldBeNull();
@ -608,7 +609,7 @@ public class EndSessionTests
nonce: "123_nonce");
response.ShouldNotBeNull();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.BackChannelMessageHandler.InvokeWasCalled.ShouldBeTrue();
}
@ -646,7 +647,7 @@ public class EndSessionTests
nonce: "123_nonce");
response.ShouldNotBeNull();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.BackChannelMessageHandler.InvokeWasCalled.ShouldBeTrue();
}
@ -686,7 +687,7 @@ public class EndSessionTests
nonce: "123_nonce");
response.ShouldNotBeNull();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.BackChannelMessageHandler.InvokeWasCalled.ShouldBeTrue();
}
@ -708,7 +709,7 @@ public class EndSessionTests
nonce: "123_nonce");
response.ShouldNotBeNull();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.BackChannelMessageHandler.InvokeWasCalled.ShouldBeTrue();
}
@ -733,7 +734,7 @@ public class EndSessionTests
nonce: "123_nonce");
response.ShouldNotBeNull();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.BackChannelMessageHandler.InvokeWasCalled.ShouldBeTrue();
}
@ -758,7 +759,7 @@ public class EndSessionTests
nonce: "123_nonce");
response.ShouldNotBeNull();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.BackChannelMessageHandler.InvokeWasCalled.ShouldBeTrue();
}
@ -781,7 +782,7 @@ public class EndSessionTests
nonce: "123_nonce");
response.ShouldNotBeNull();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint, _ct);
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
_mockPipeline.BackChannelMessageHandler.InvokeWasCalled.ShouldBeTrue();
}

128
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Introspection/IntrospectionTests.cs
View file

@ -24,7 +24,7 @@ public class IntrospectionTests
private const string IntrospectionEndpoint = "https://server/connect/introspect";
private const string TokenEndpoint = "https://server/connect/token";
private const string RevocationEndpoint = "https://server/connect/revocation";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly HttpClient _client;
private readonly HttpMessageHandler _handler;
@ -49,7 +49,7 @@ public class IntrospectionTests
{
var form = new Dictionary<string, string>();
var response = await _client.PostAsync(IntrospectionEndpoint, new FormUrlEncodedContent(form), _ct);
var response = await _client.PostAsync(IntrospectionEndpoint, new FormUrlEncodedContent(form));
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
@ -61,7 +61,7 @@ public class IntrospectionTests
var form = new Dictionary<string, string>();
_client.SetBasicAuthentication("unknown", "invalid");
var response = await _client.PostAsync(IntrospectionEndpoint, new FormUrlEncodedContent(form), _ct);
var response = await _client.PostAsync(IntrospectionEndpoint, new FormUrlEncodedContent(form));
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
@ -73,7 +73,7 @@ public class IntrospectionTests
var form = new Dictionary<string, string>();
_client.SetBasicAuthentication("api1", "invalid");
var response = await _client.PostAsync(IntrospectionEndpoint, new FormUrlEncodedContent(form), _ct);
var response = await _client.PostAsync(IntrospectionEndpoint, new FormUrlEncodedContent(form));
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
@ -85,7 +85,7 @@ public class IntrospectionTests
var form = new Dictionary<string, string>();
_client.SetBasicAuthentication("api1", "secret");
var response = await _client.PostAsync(IntrospectionEndpoint, new FormUrlEncodedContent(form), _ct);
var response = await _client.PostAsync(IntrospectionEndpoint, new FormUrlEncodedContent(form));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
}
@ -101,7 +101,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = "invalid"
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(false);
introspectionResponse.IsError.ShouldBe(false);
@ -117,7 +117,7 @@ public class IntrospectionTests
ClientId = "client1",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
var data = new
{
@ -129,7 +129,7 @@ public class IntrospectionTests
var client = new HttpClient(_handler);
var response = await client.PostAsync(IntrospectionEndpoint,
new StringContent(json, Encoding.UTF8, "application/json"), _ct);
new StringContent(json, Encoding.UTF8, "application/json"));
response.StatusCode.ShouldBe(HttpStatusCode.UnsupportedMediaType);
}
@ -143,7 +143,7 @@ public class IntrospectionTests
ClientId = "client1",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -153,7 +153,7 @@ public class IntrospectionTests
Token = tokenResponse.AccessToken,
TokenTypeHint = "invalid"
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(true);
introspectionResponse.IsError.ShouldBe(false);
@ -176,7 +176,9 @@ public class IntrospectionTests
[InlineData("api1", "bogus")]
public async Task Access_tokens_can_be_introspected_with_any_hint(string introspectedBy, string hint)
{
var tokenResponse = await _client.RequestPasswordTokenAsync(new PasswordTokenRequest
TokenResponse tokenResponse;
tokenResponse = await _client.RequestPasswordTokenAsync(new PasswordTokenRequest
{
Address = TokenEndpoint,
ClientId = "ro.client",
@ -184,7 +186,7 @@ public class IntrospectionTests
UserName = "bob",
Password = "bob",
Scope = "api1 offline_access"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -194,7 +196,7 @@ public class IntrospectionTests
Token = tokenResponse.AccessToken,
TokenTypeHint = hint
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(true);
introspectionResponse.IsError.ShouldBe(false);
@ -221,7 +223,9 @@ public class IntrospectionTests
public async Task Refresh_tokens_can_be_introspected_by_their_client_with_any_hint(string introspectedBy,
string hint, bool isActive)
{
var tokenResponse = await _client.RequestPasswordTokenAsync(new PasswordTokenRequest
TokenResponse tokenResponse;
tokenResponse = await _client.RequestPasswordTokenAsync(new PasswordTokenRequest
{
Address = TokenEndpoint,
ClientId = "ro.client",
@ -229,7 +233,7 @@ public class IntrospectionTests
UserName = "bob",
Password = "bob",
Scope = "api1 offline_access"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -239,7 +243,7 @@ public class IntrospectionTests
Token = tokenResponse.RefreshToken,
TokenTypeHint = hint
}, _ct);
});
if (isActive)
{
@ -270,7 +274,7 @@ public class IntrospectionTests
ClientId = "client1",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -279,7 +283,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(true);
introspectionResponse.IsError.ShouldBe(false);
@ -302,7 +306,7 @@ public class IntrospectionTests
ClientId = "client1",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -311,7 +315,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
var values = GetFields(introspectionResponse);
@ -340,7 +344,7 @@ public class IntrospectionTests
Password = "bob",
Scope = "api1",
}, _ct);
});
tokenResponse.IsError.ShouldBeFalse();
@ -351,7 +355,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
var values = GetFields(introspectionResponse);
@ -378,7 +382,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Scope = "api2 api3-a api3-b",
}, _ct);
});
tokenResponse.IsError.ShouldBeFalse();
@ -389,7 +393,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
var values = GetFields(introspectionResponse);
@ -423,7 +427,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Scope = "api3-a api3-b",
}, _ct);
});
tokenResponse.IsError.ShouldBeFalse();
@ -434,7 +438,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
var values = GetFields(introspectionResponse);
@ -461,7 +465,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Scope = "api1 api2 api3-a",
}, _ct);
});
tokenResponse.IsError.ShouldBeFalse();
@ -472,7 +476,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBeTrue();
introspectionResponse.IsError.ShouldBeFalse();
@ -496,7 +500,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Scope = "api1 api2",
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -505,7 +509,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(true);
introspectionResponse.IsError.ShouldBe(false);
@ -529,7 +533,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Scope = "api1",
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -538,7 +542,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(false);
introspectionResponse.IsError.ShouldBe(false);
@ -554,7 +558,7 @@ public class IntrospectionTests
ClientId = "client1",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -563,7 +567,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBeTrue();
introspectionResponse.IsError.ShouldBeFalse();
@ -582,7 +586,7 @@ public class IntrospectionTests
UserName = "bob",
Password = "bob",
Scope = "api1 offline_access"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -591,7 +595,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.RefreshToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBeTrue();
introspectionResponse.IsError.ShouldBeFalse();
@ -613,7 +617,7 @@ public class IntrospectionTests
UserName = "bob",
Password = "bob",
Scope = "api1 offline_access"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -622,7 +626,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.RefreshToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBeFalse();
introspectionResponse.IsError.ShouldBeFalse();
@ -640,7 +644,7 @@ public class IntrospectionTests
UserName = "bob",
Password = "bob",
Scope = "api1 offline_access"
}, _ct);
});
var revocationResponse = await _client.RevokeTokenAsync(new TokenRevocationRequest
{
@ -649,7 +653,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.RefreshToken
}, _ct);
});
revocationResponse.IsError.ShouldBeFalse();
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
@ -659,7 +663,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.RefreshToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBeFalse();
introspectionResponse.IsError.ShouldBeFalse();
@ -675,7 +679,7 @@ public class IntrospectionTests
ClientId = "client1",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -684,7 +688,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBeFalse();
introspectionResponse.IsError.ShouldBeFalse();
@ -702,7 +706,7 @@ public class IntrospectionTests
UserName = "bob",
Password = "bob",
Scope = "api1 offline_access"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -711,7 +715,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.RefreshToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBeFalse();
introspectionResponse.IsError.ShouldBeFalse();
@ -729,7 +733,7 @@ public class IntrospectionTests
UserName = "bob",
Password = "bob",
Scope = "api1 offline_access"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -740,7 +744,7 @@ public class IntrospectionTests
Token = tokenResponse.AccessToken,
TokenTypeHint = Constants.TokenTypeHints.AccessToken,
ResponseFormat = ResponseFormat.Jwt
}, _ct);
});
introspectionResponse.HttpResponse.Content.Headers.ContentType.MediaType.ShouldBe($"application/{JwtClaimTypes.JwtTypes.IntrospectionJwtResponse}");
}
@ -757,7 +761,7 @@ public class IntrospectionTests
UserName = "bob",
Password = "bob",
Scope = "api1 offline_access"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -768,7 +772,7 @@ public class IntrospectionTests
Token = tokenResponse.AccessToken,
TokenTypeHint = Constants.TokenTypeHints.AccessToken,
ResponseFormat = ResponseFormat.Jwt
}, _ct);
});
var handler = new JwtSecurityTokenHandler();
var jwt = handler.ReadJwtToken(introspectionResponse.Raw);
@ -800,7 +804,7 @@ public class IntrospectionTests
UserName = "bob",
Password = "bob",
Scope = "api1 offline_access"
}, _ct);
});
var revocationResponse = await _client.RevokeTokenAsync(new TokenRevocationRequest
{
@ -809,7 +813,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.RefreshToken
}, _ct);
});
revocationResponse.IsError.ShouldBeFalse();
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
@ -821,7 +825,7 @@ public class IntrospectionTests
Token = tokenResponse.AccessToken,
TokenTypeHint = Constants.TokenTypeHints.AccessToken,
ResponseFormat = ResponseFormat.Jwt
}, _ct);
});
var handler = new JwtSecurityTokenHandler();
var jwt = handler.ReadJwtToken(introspectionResponse.Raw);
@ -846,7 +850,7 @@ public class IntrospectionTests
Token = "invalid",
ResponseFormat = ResponseFormat.Jwt
}, _ct);
});
var handler = new JwtSecurityTokenHandler();
var jwt = handler.ReadJwtToken(introspectionResponse.Raw);
@ -872,7 +876,7 @@ public class IntrospectionTests
Scope = "api1 offline_access roles address",
UserName = "bob",
Password = "bob"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -883,7 +887,7 @@ public class IntrospectionTests
Token = tokenResponse.AccessToken,
TokenTypeHint = Constants.TokenTypeHints.AccessToken,
ResponseFormat = ResponseFormat.Jwt
}, _ct);
});
introspectionResponse.Json.ShouldNotBeNull();
var addressClaim = introspectionResponse.Json.Value.TryGetString("address");
@ -903,7 +907,7 @@ public class IntrospectionTests
Scope = "api1 offline_access roles",
UserName = "bob",
Password = "bob"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -914,7 +918,7 @@ public class IntrospectionTests
Token = tokenResponse.AccessToken,
TokenTypeHint = Constants.TokenTypeHints.AccessToken,
ResponseFormat = ResponseFormat.Jwt
}, _ct);
});
introspectionResponse.Json.ShouldNotBeNull();
var rolesClaim = introspectionResponse.Json.Value.TryGetStringArray("role").ToList();
@ -935,7 +939,7 @@ public class IntrospectionTests
ClientId = "client1",
ClientSecret = "secret",
Scope = "api1"
}, _ct);
});
var introspectionResponse = await _client.IntrospectTokenAsync(new TokenIntrospectionRequest
{
@ -944,7 +948,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = tokenResponse.AccessToken
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(true);
introspectionResponse.IsError.ShouldBe(false);
@ -967,7 +971,7 @@ public class IntrospectionTests
ClientSecret = "secret",
Token = "invalid"
}, _ct);
});
introspectionResponse.IsActive.ShouldBe(false);
introspectionResponse.IsError.ShouldBe(false);
@ -989,8 +993,8 @@ public class IntrospectionTests
{ "client_secret", "secret" },
{ "token", "" }
});
var rawIntrospectionResponse = await _client.PostAsync(IntrospectionEndpoint, requestContent, _ct);
var introspectionResponse = await rawIntrospectionResponse.Content.ReadFromJsonAsync<TokenIntrospectionResponse>(_ct);
var rawIntrospectionResponse = await _client.PostAsync(IntrospectionEndpoint, requestContent);
var introspectionResponse = await rawIntrospectionResponse.Content.ReadFromJsonAsync<TokenIntrospectionResponse>();
introspectionResponse.IsActive.ShouldBe(false);
introspectionResponse.IsError.ShouldBe(false);

33
identity-server/test/IdentityServer.IntegrationTests/Endpoints/OAuthMetadata/OAuthMetadataTests.cs
View file

@ -13,7 +13,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.OAuthMetadata;
public class OAuthMetadataTests
{
private const string Category = "OAuth Metadata endpoint";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
[Fact]
[Trait("Category", Category)]
@ -22,7 +21,7 @@ public class OAuthMetadataTests
var pipeline = new IdentityServerPipeline();
pipeline.Initialize();
var result = await pipeline.BackChannelClient.PostAsync("https://server/.well-known/oauth-authorization-server", null, _ct);
var result = await pipeline.BackChannelClient.PostAsync("https://server/.well-known/oauth-authorization-server", null);
result.StatusCode.ShouldBe(HttpStatusCode.MethodNotAllowed);
}
@ -34,9 +33,9 @@ public class OAuthMetadataTests
var pipeline = new IdentityServerPipeline();
pipeline.Initialize();
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data["issuer"].GetString().ShouldBe("https://server");
}
@ -50,9 +49,9 @@ public class OAuthMetadataTests
pipeline.Initialize();
pipeline.Options.IssuerUri = "https://server/identity";
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/identity", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/identity");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data["issuer"].GetString().ShouldBe("https://server/identity");
}
@ -66,9 +65,9 @@ public class OAuthMetadataTests
pipeline.Initialize();
pipeline.Options.IssuerUri = "https://server/identity";
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/identity?query=string", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/identity?query=string");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data["issuer"].GetString().ShouldBe("https://server/identity");
}
@ -82,9 +81,9 @@ public class OAuthMetadataTests
pipeline.Initialize();
pipeline.Options.IssuerUri = "https://server/identity";
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/identity#fragment", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/identity#fragment");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data["issuer"].GetString().ShouldBe("https://server/identity");
}
@ -97,9 +96,9 @@ public class OAuthMetadataTests
pipeline.Initialize();
pipeline.Options.IssuerUri = "https://server/explicit";
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/explicit", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/explicit");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data["issuer"].GetString().ShouldBe("https://server/explicit");
}
@ -112,7 +111,7 @@ public class OAuthMetadataTests
pipeline.Initialize();
pipeline.Options.IssuerUri = "https://example.com/explicit";
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server");
result.StatusCode.ShouldBe(HttpStatusCode.NotFound);
}
@ -124,7 +123,7 @@ public class OAuthMetadataTests
var pipeline = new IdentityServerPipeline();
pipeline.Initialize("/identity");
var result = await pipeline.BackChannelClient.GetAsync("https://server/identity/.well-known/oauth-authorization-server", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/identity/.well-known/oauth-authorization-server");
result.StatusCode.ShouldBe(HttpStatusCode.NotFound);
}
@ -138,7 +137,7 @@ public class OAuthMetadataTests
pipeline.Initialize();
pipeline.Options.IssuerUri = "https://server/identity";
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/wrong", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/wrong");
result.StatusCode.ShouldBe(HttpStatusCode.NotFound);
}
@ -152,9 +151,9 @@ public class OAuthMetadataTests
pipeline.Initialize();
pipeline.Options.IssuerUri = "https://server/identity";
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/identity", _ct);
var result = await pipeline.BackChannelClient.GetAsync("https://server/.well-known/oauth-authorization-server/identity");
var json = await result.Content.ReadAsStringAsync(_ct);
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
data["issuer"].GetString().ShouldBe("https://server/identity");

54
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Revocation/RevocationTests.cs
View file

@ -14,13 +14,15 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Revocation;
public class RevocationTests
{
private const string Category = "RevocationTests endpoint";
private const string client_id = "client";
private const string client_secret = "secret";
private const string redirect_uri = "https://client/callback";
private const string scope_name = "api";
private const string scope_secret = "api_secret";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private string client_id = "client";
private string client_secret = "secret";
private string redirect_uri = "https://client/callback";
private string scope_name = "api";
private string scope_secret = "api_secret";
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
public RevocationTests()
{
@ -195,7 +197,7 @@ public class RevocationTests
[Trait("Category", Category)]
public async Task Get_request_should_return_405()
{
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.RevocationEndpoint, _ct);
var response = await _mockPipeline.BackChannelClient.GetAsync(IdentityServerPipeline.RevocationEndpoint);
response.StatusCode.ShouldBe(HttpStatusCode.MethodNotAllowed);
}
@ -204,7 +206,7 @@ public class RevocationTests
[Trait("Category", Category)]
public async Task Post_without_form_urlencoded_should_return_415()
{
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, null, _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, null);
response.StatusCode.ShouldBe(HttpStatusCode.UnsupportedMediaType);
}
@ -223,7 +225,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens.AccessToken
}, _ct);
});
result.IsError.ShouldBeFalse();
(await IsAccessTokenValidAsync(tokens)).ShouldBeFalse();
@ -243,7 +245,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens.AccessToken
}, _ct);
});
result.IsError.ShouldBeFalse();
(await IsAccessTokenValidAsync(tokens)).ShouldBeTrue();
@ -263,7 +265,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens.RefreshToken
}, _ct);
});
result.IsError.ShouldBeFalse();
@ -284,7 +286,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens.RefreshToken
}, _ct);
});
result.IsError.ShouldBeFalse();
@ -309,7 +311,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens1.RefreshToken
}, _ct);
});
result.IsError.ShouldBeFalse();
@ -331,7 +333,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens.AccessToken
}, _ct);
});
result.IsError.ShouldBeFalse();
@ -344,7 +346,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens.AccessToken
}, _ct);
});
result.IsError.ShouldBeFalse();
}
@ -363,7 +365,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens.RefreshToken
}, _ct);
});
result.IsError.ShouldBeFalse();
@ -376,7 +378,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens.RefreshToken
}, _ct);
});
result.IsError.ShouldBeFalse();
}
@ -395,7 +397,7 @@ public class RevocationTests
ClientSecret = client_secret,
Token = tokens.AccessToken
}, _ct);
});
result.IsError.ShouldBeTrue();
result.Error.ShouldBe("invalid_client");
@ -415,7 +417,7 @@ public class RevocationTests
ClientSecret = "not_valid",
Token = tokens.AccessToken
}, _ct);
});
result.IsError.ShouldBeTrue();
result.Error.ShouldBe("invalid_client");
@ -431,7 +433,7 @@ public class RevocationTests
{ "client_secret", client_secret }
};
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data), _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var result = await ProtocolResponse.FromHttpResponseAsync<TokenRevocationResponse>(response);
@ -454,7 +456,7 @@ public class RevocationTests
{ "token_type_hint", "not_valid" }
};
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data), _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var result = await ProtocolResponse.FromHttpResponseAsync<TokenRevocationResponse>(response);
@ -476,7 +478,7 @@ public class RevocationTests
{ "token", tokens.AccessToken }
};
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data), _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
(await IsAccessTokenValidAsync(tokens)).ShouldBeFalse();
@ -496,7 +498,7 @@ public class RevocationTests
{ "token", tokens.RefreshToken }
};
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data), _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
(await UseRefreshTokenAsync(tokens)).ShouldBeFalse();
@ -516,7 +518,7 @@ public class RevocationTests
(await IsAccessTokenValidAsync(token)).ShouldBeTrue();
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data), _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data));
response.StatusCode.ShouldBe(HttpStatusCode.OK);
(await IsAccessTokenValidAsync(token)).ShouldBeFalse();
}
@ -535,7 +537,7 @@ public class RevocationTests
(await IsAccessTokenValidAsync(token)).ShouldBeTrue();
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data), _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.RevocationEndpoint, new FormUrlEncodedContent(data));
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
(await IsAccessTokenValidAsync(token)).ShouldBeTrue();
}

164
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Token/CibaTokenEndpointTests.cs
View file

@ -1,6 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
using System.Net;
using System.Security.Claims;
using System.Text.Json;
@ -15,14 +16,13 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Token;
public class CibaTokenEndpointTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private const string Category = "CIBA Token endpoint";
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private MockCibaUserValidator _mockCibaUserValidator = new MockCibaUserValidator();
private MockCibaUserNotificationService _mockCibaUserNotificationService = new MockCibaUserNotificationService();
private readonly TestUser _user;
private TestUser _user;
private Client _cibaClient;
public CibaTokenEndpointTests()
@ -138,8 +138,7 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -159,8 +158,7 @@ public class CibaTokenEndpointTests
// token request
var body = await cibaResponse.Content.ReadAsStringAsync(_ct);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(body);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
var tokenBody = new Dictionary<string, string>
@ -173,8 +171,7 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
}
@ -199,14 +196,13 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
// token request
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync(_ct));
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
var tokenBody = new Dictionary<string, string>
@ -219,12 +215,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -250,8 +245,7 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -271,7 +265,7 @@ public class CibaTokenEndpointTests
// token request
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync(_ct));
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
var tokenBody = new Dictionary<string, string>
@ -284,12 +278,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -315,8 +308,7 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -336,8 +328,7 @@ public class CibaTokenEndpointTests
// token request
var body = await cibaResponse.Content.ReadAsStringAsync(_ct);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(body);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
var tokenBody = new Dictionary<string, string>
@ -350,12 +341,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -381,8 +371,7 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -402,8 +391,7 @@ public class CibaTokenEndpointTests
// token request
var body = await cibaResponse.Content.ReadAsStringAsync(_ct);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(body);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
var tokenBody = new Dictionary<string, string>
@ -416,12 +404,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -447,10 +434,10 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
// user auth/consent
var cibaService = _mockPipeline.Resolve<IBackchannelAuthenticationInteractionService>();
var request = await cibaService.GetLoginRequestByInternalIdAsync(_mockCibaUserNotificationService.LoginRequest.InternalId);
@ -469,7 +456,7 @@ public class CibaTokenEndpointTests
// token request
_user.IsActive = false;
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync(_ct));
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
var tokenBody = new Dictionary<string, string>
@ -482,12 +469,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -517,8 +503,7 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
@ -540,8 +525,7 @@ public class CibaTokenEndpointTests
// token request
clock.UtcNow = DateTimeOffset.UtcNow.AddHours(1);
var body = await cibaResponse.Content.ReadAsStringAsync(_ct);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(body);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
var tokenBody = new Dictionary<string, string>
@ -554,12 +538,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -589,13 +572,12 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
// token request
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync(_ct));
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
{
@ -609,12 +591,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -631,12 +612,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -667,14 +647,12 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
// token request
var body = await cibaResponse.Content.ReadAsStringAsync(_ct);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(body);
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
{
@ -688,12 +666,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -710,11 +687,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody), _ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -734,12 +711,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -756,12 +732,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -794,13 +769,12 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
// token request
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync(_ct));
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
{
@ -814,12 +788,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -836,12 +809,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -861,12 +833,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -886,12 +857,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -908,12 +878,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -946,13 +915,12 @@ public class CibaTokenEndpointTests
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody),
_ct);
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
// token request
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync(_ct));
var values = JsonSerializer.Deserialize<Dictionary<string, object>>(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
{
@ -966,12 +934,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();
@ -991,12 +958,11 @@ public class CibaTokenEndpointTests
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody),
_ct);
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await tokenResponse.Content.ReadAsStringAsync(_ct);
var json = await tokenResponse.Content.ReadAsStringAsync();
values = JsonSerializer.Deserialize<Dictionary<string, object>>(json);
values.ContainsKey("error").ShouldBeTrue();

17
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Token/DPoPPushedAuthorizationEndpointTests.cs
View file

@ -17,8 +17,7 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Token;
/// </summary>
public class DPoPPushedAuthorizationEndpointTests : DPoPEndpointTestBase
{
private const string Category = "DPoP PAR endpoint";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
protected const string Category = "DPoP PAR endpoint";
private PushedAuthorizationRequest CreatePushedAuthorizationRequest(
string proofToken = null, bool omitDPoPProof = false, string dpopKeyThumprint = null
@ -48,7 +47,7 @@ public class DPoPPushedAuthorizationEndpointTests : DPoPEndpointTestBase
{
Payload.Add("foo", new string('x', 3000));
var request = CreatePushedAuthorizationRequest();
var response = await Pipeline.BackChannelClient.PushAuthorizationAsync(request, _ct);
var response = await Pipeline.BackChannelClient.PushAuthorizationAsync(request);
response.IsError.ShouldBeTrue();
response.Error.ShouldBe("invalid_dpop_proof");
}
@ -62,12 +61,12 @@ public class DPoPPushedAuthorizationEndpointTests : DPoPEndpointTestBase
// Initial request succeeds
var firstRequest = CreatePushedAuthorizationRequest(dpopToken);
var firstResponse = await Pipeline.BackChannelClient.PushAuthorizationAsync(firstRequest, _ct);
var firstResponse = await Pipeline.BackChannelClient.PushAuthorizationAsync(firstRequest);
firstResponse.IsError.ShouldBeFalse();
// Second request fails
var secondRequest = CreatePushedAuthorizationRequest(dpopToken);
var secondResponse = await Pipeline.BackChannelClient.PushAuthorizationAsync(secondRequest, _ct);
var secondResponse = await Pipeline.BackChannelClient.PushAuthorizationAsync(secondRequest);
secondResponse.IsError.ShouldBeTrue();
secondResponse.Error.ShouldBe("invalid_dpop_proof");
}
@ -77,7 +76,7 @@ public class DPoPPushedAuthorizationEndpointTests : DPoPEndpointTestBase
public async Task invalid_dpop_request_should_fail()
{
var request = CreatePushedAuthorizationRequest(proofToken: "malformed");
var response = await Pipeline.BackChannelClient.PushAuthorizationAsync(request, _ct);
var response = await Pipeline.BackChannelClient.PushAuthorizationAsync(request);
response.IsError.ShouldBeTrue();
response.Error.ShouldBe("invalid_dpop_proof");
}
@ -90,7 +89,7 @@ public class DPoPPushedAuthorizationEndpointTests : DPoPEndpointTestBase
request.Headers.Add("DPoP", dpopToken);
request.Headers.Add("DPoP", dpopToken);
var response = await Pipeline.BackChannelClient.PushAuthorizationAsync(request, _ct);
var response = await Pipeline.BackChannelClient.PushAuthorizationAsync(request);
response.IsError.ShouldBeTrue();
response.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -104,7 +103,7 @@ public class DPoPPushedAuthorizationEndpointTests : DPoPEndpointTestBase
oldThumbprint.ShouldNotBe(JKT);
var request = CreatePushedAuthorizationRequest(dpopKeyThumprint: oldThumbprint);
var response = await Pipeline.BackChannelClient.PushAuthorizationAsync(request, _ct);
var response = await Pipeline.BackChannelClient.PushAuthorizationAsync(request);
response.IsError.ShouldBeTrue();
response.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -145,7 +144,7 @@ public class DPoPPushedAuthorizationEndpointTests : DPoPEndpointTestBase
tokenClient.DefaultRequestHeaders.Add("DPoP", proofToken);
var request = CreatePushedAuthorizationRequest(proofToken);
var response = await tokenClient.PushAuthorizationAsync(request, _ct);
var response = await tokenClient.PushAuthorizationAsync(request);
response.IsError.ShouldBeFalse();
}

73
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Token/DPoPTokenEndpointTests.cs
View file

@ -18,7 +18,6 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Token;
public class DPoPTokenEndpointTests : DPoPEndpointTestBase
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
protected const string Category = "DPoP Token endpoint";
private ClientCredentialsTokenRequest CreateClientCredentialsTokenRequest(
@ -62,7 +61,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
{
var request = CreateClientCredentialsTokenRequest();
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request, _ct);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request);
response.IsError.ShouldBeFalse();
response.TokenType.ShouldBe("DPoP");
@ -79,7 +78,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
Payload.Add("key_ops", new string[] { "sign", "verify" });
var request = CreateClientCredentialsTokenRequest();
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request, _ct);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request);
response.IsError.ShouldBeFalse();
response.TokenType.ShouldBe("DPoP");
@ -94,7 +93,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
Payload.Add("foo", new string('x', 3000));
var request = CreateClientCredentialsTokenRequest();
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request, _ct);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request);
response.IsError.ShouldBeTrue();
}
@ -108,7 +107,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
// Initial request succeeds
var firstRequest = CreateClientCredentialsTokenRequest(dpopToken);
var firstResponse = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(firstRequest, _ct);
var firstResponse = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(firstRequest);
firstResponse.IsError.ShouldBeFalse();
firstResponse.TokenType.ShouldBe("DPoP");
var jkt = GetJKTFromAccessToken(firstResponse);
@ -117,7 +116,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
// Second request fails
var secondRequest = CreateClientCredentialsTokenRequest(dpopToken);
secondRequest.Headers.Add("DPoP", dpopToken);
var secondResponse = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(secondRequest, _ct);
var secondResponse = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(secondRequest);
secondResponse.IsError.ShouldBeTrue();
}
@ -127,7 +126,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
{
var request = CreateClientCredentialsTokenRequest(proofToken: "malformed");
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request, _ct);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request);
response.IsError.ShouldBeTrue();
response.Error.ShouldBe("invalid_dpop_proof");
@ -140,7 +139,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
ConfidentialClient.RequireDPoP = true;
var request = CreateClientCredentialsTokenRequest(omitDPoPProof: true);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request, _ct);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request);
response.IsError.ShouldBeTrue();
response.Error.ShouldBe("invalid_request");
@ -155,7 +154,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
request.Headers.Add("DPoP", dpopToken);
request.Headers.Add("DPoP", dpopToken);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request, _ct);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request);
response.IsError.ShouldBeTrue();
response.Error.ShouldBe("invalid_request");
@ -167,11 +166,11 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
public async Task valid_dpop_request_should_return_bound_refresh_token(ParMode parMode)
{
var codeRequest = await CreateAuthCodeTokenRequestAsync(parMode: parMode);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.ShouldHaveDPoPThumbprint(JKT);
var rtRequest = CreateRefreshTokenRequest(codeResponse);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest, _ct);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest);
rtResponse.ShouldHaveDPoPThumbprint(JKT);
}
@ -181,11 +180,11 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
public async Task confidential_client_dpop_proof_should_be_required_on_renewal(ParMode parMode)
{
var codeRequest = await CreateAuthCodeTokenRequestAsync(parMode: parMode);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.ShouldHaveDPoPThumbprint(JKT);
var rtRequest = CreateRefreshTokenRequest(codeResponse, omitDPoPProof: true);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest, _ct);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest);
rtResponse.IsError.ShouldBeTrue();
rtResponse.Error.ShouldBe("invalid_request");
}
@ -196,11 +195,11 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
public async Task public_client_dpop_proof_should_be_required_on_renewal(ParMode parMode)
{
var codeRequest = await CreateAuthCodeTokenRequestAsync(clientId: "client2", parMode: parMode);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.ShouldHaveDPoPThumbprint(JKT);
var rtRequest = CreateRefreshTokenRequest(codeResponse, clientId: "client2", omitDPoPProof: true);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest, _ct);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest);
rtResponse.IsError.ShouldBeTrue();
rtResponse.Error.ShouldBe("invalid_request");
}
@ -213,13 +212,13 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
{
// Initial code flow doesn't use dpop
var codeRequest = await CreateAuthCodeTokenRequestAsync(omitDPoPProofAtTokenEndpoint: true, parMode: parMode);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.IsError.ShouldBeFalse();
// Subsequent refresh token request tries to use dpop
var rtRequest = CreateRefreshTokenRequest(codeResponse, omitDPoPProof: false);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest, _ct);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest);
rtResponse.IsError.ShouldBeTrue();
}
@ -229,13 +228,13 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
public async Task confidential_client_should_be_able_to_use_different_dpop_key_for_refresh_token_request(ParMode parMode)
{
var codeRequest = await CreateAuthCodeTokenRequestAsync(parMode: parMode);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.ShouldHaveDPoPThumbprint(JKT);
CreateNewRSAKey();
var rtRequest = CreateRefreshTokenRequest(codeResponse);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest, _ct);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest);
rtResponse.ShouldHaveDPoPThumbprint(JKT);
}
@ -245,13 +244,13 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
public async Task public_client_should_not_be_able_to_use_different_dpop_key_for_refresh_token_request(ParMode parMode)
{
var codeRequest = await CreateAuthCodeTokenRequestAsync(clientId: "client2", parMode: parMode);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.ShouldHaveDPoPThumbprint(JKT);
CreateNewRSAKey();
var rtRequest = CreateRefreshTokenRequest(codeResponse, clientId: "client2");
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest, _ct);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest);
rtResponse.IsError.ShouldBeTrue();
rtResponse.Error.ShouldBe("invalid_dpop_proof");
}
@ -262,15 +261,15 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
public async Task public_client_using_same_dpop_key_for_refresh_token_request_should_succeed(ParMode parMode)
{
var codeRequest = await CreateAuthCodeTokenRequestAsync(clientId: "client2", parMode: parMode);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.ShouldHaveDPoPThumbprint(JKT);
var firstRefreshRequest = CreateRefreshTokenRequest(codeResponse, clientId: "client2");
var firstRefreshResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(firstRefreshRequest, _ct);
var firstRefreshResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(firstRefreshRequest);
firstRefreshResponse.ShouldHaveDPoPThumbprint(JKT);
var secondRefreshRequest = CreateRefreshTokenRequest(codeResponse, clientId: "client2");
var secondRefreshResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(secondRefreshRequest, _ct);
var secondRefreshResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(secondRefreshRequest);
secondRefreshResponse.ShouldHaveDPoPThumbprint(JKT);
}
@ -283,11 +282,11 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
ConfidentialClient.RequireDPoP = true;
var codeRequest = await CreateAuthCodeTokenRequestAsync(parMode: parMode);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.ShouldHaveDPoPThumbprint(JKT);
var rtRequest = CreateRefreshTokenRequest(codeResponse, omitDPoPProof: true);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest, _ct);
var rtResponse = await Pipeline.BackChannelClient.RequestRefreshTokenAsync(rtRequest);
rtResponse.IsError.ShouldBeTrue();
rtResponse.Error.ShouldBe("invalid_request");
}
@ -300,7 +299,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
{
ConfidentialClient.AccessTokenType = accessTokenType;
var codeRequest = await CreateAuthCodeTokenRequestAsync();
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
var introspectionRequest = new TokenIntrospectionRequest
{
@ -309,7 +308,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
ClientSecret = "secret",
Token = codeResponse.AccessToken,
};
var introspectionResponse = await Pipeline.BackChannelClient.IntrospectTokenAsync(introspectionRequest, _ct);
var introspectionResponse = await Pipeline.BackChannelClient.IntrospectTokenAsync(introspectionRequest);
introspectionResponse.IsError.ShouldBeFalse();
GetJKTFromCnfClaim(introspectionResponse.Claims).ShouldBe(JKT);
}
@ -320,7 +319,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
{
var codeRequest = await CreateAuthCodeTokenRequestAsync(dpopJkt: JKT);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.ShouldHaveDPoPThumbprint(JKT);
}
@ -338,7 +337,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
{
dpop_jkt = new string('x', 101)
});
await Pipeline.BrowserClient.GetAsync(url, _ct);
await Pipeline.BrowserClient.GetAsync(url);
Pipeline.ErrorWasCalled.ShouldBeTrue();
}
@ -357,7 +356,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
JKT.ShouldNotBe(oldJkt);
var codeRequest = await CreateAuthCodeTokenRequestAsync(parMode: parMode, dpopJkt: oldJkt, dpopProof: oldProof);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.IsError.ShouldBeTrue();
codeResponse.Error.ShouldBe("invalid_dpop_proof");
}
@ -387,7 +386,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
{
return;
}
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest, _ct);
var codeResponse = await Pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(codeRequest);
codeResponse.IsError.ShouldBeTrue();
codeResponse.Error.ShouldBe(OidcConstants.TokenErrors.UseDPoPNonce);
codeResponse.DPoPNonce.ShouldBe(expectedNonce);
@ -429,10 +428,10 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
};
var form = new FormUrlEncodedContent(formParams);
var response = await tokenClient.PostAsync(IdentityServerPipeline.TokenMtlsEndpoint, form, _ct);
var response = await tokenClient.PostAsync(IdentityServerPipeline.TokenMtlsEndpoint, form);
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
json.ShouldContain("access_token");
json.ShouldContain("\"token_type\":\"DPoP\"");
}
@ -486,7 +485,7 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
var proofToken = CreateDPoPProofToken(alg);
var request = CreateClientCredentialsTokenRequest(proofToken);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request, _ct);
var response = await Pipeline.BackChannelClient.RequestClientCredentialsTokenAsync(request);
response.IsError.ShouldBeFalse();
response.TokenType.ShouldBe("DPoP");
@ -534,11 +533,11 @@ public class DPoPTokenEndpointTests : DPoPEndpointTestBase
var form = new FormUrlEncodedContent(formParams);
tokenClient.DefaultRequestHeaders.Add("DPoP", CreateDPoPProofToken(htu: IdentityServerPipeline.TokenMtlsEndpoint));
var response = await tokenClient.PostAsync(IdentityServerPipeline.TokenMtlsEndpoint, form, _ct);
var response = await tokenClient.PostAsync(IdentityServerPipeline.TokenMtlsEndpoint, form);
response.StatusCode.ShouldBe(System.Net.HttpStatusCode.OK);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
json.ShouldContain("access_token");
json.ShouldContain("\"token_type\":\"DPoP\"");
}

12
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Token/MtlsTokenEndpointTests.cs
View file

@ -10,8 +10,8 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Token;
public class MtlsTokenEndpointTests
{
private const string Category = "mTLS Token endpoint";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _pipeline = new IdentityServerPipeline();
private IdentityServerPipeline _pipeline = new IdentityServerPipeline();
[Fact]
[Trait("Category", Category)]
@ -57,12 +57,12 @@ public class MtlsTokenEndpointTests
};
var form = new FormUrlEncodedContent(formParams);
var response = await tokenClient.PostAsync(IdentityServerPipeline.TokenMtlsEndpoint, form, _ct);
var response = await tokenClient.PostAsync(IdentityServerPipeline.TokenMtlsEndpoint, form);
// Assert
response.StatusCode.ShouldBe(System.Net.HttpStatusCode.OK);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
json.ShouldContain("access_token");
json.ShouldContain("\"token_type\":\"Bearer\"");
}
@ -99,12 +99,12 @@ public class MtlsTokenEndpointTests
};
var form = new FormUrlEncodedContent(formParams);
var response = await tokenClient.PostAsync(IdentityServerPipeline.TokenEndpoint, form, _ct);
var response = await tokenClient.PostAsync(IdentityServerPipeline.TokenEndpoint, form);
// Assert
response.StatusCode.ShouldBe(System.Net.HttpStatusCode.OK);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
json.ShouldContain("access_token");
json.ShouldContain("\"token_type\":\"Bearer\"");
}

17
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Token/RefreshTokenTests.cs
View file

@ -15,11 +15,12 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Token;
public class RefreshTokenTests
{
private const string Category = "Refresh Token Tests";
private const string client_id = "client";
private const string client_secret = "secret";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly Client _client;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private string client_id = "client";
private string client_secret = "secret";
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
public RefreshTokenTests()
{
@ -90,7 +91,7 @@ public class RefreshTokenTests
Code = code,
RedirectUri = "https://client/callback"
}, _ct);
});
tokenResult1.IsError.ShouldBeFalse();
tokenResult1.AccessToken.ShouldNotBeNull();
@ -108,7 +109,7 @@ public class RefreshTokenTests
ClientCredentialStyle = ClientCredentialStyle.PostBody,
RefreshToken = tokenResult1.RefreshToken
}, _ct);
});
tokenResult2.IsError.ShouldBeFalse();
tokenResult2.AccessToken.ShouldNotBeNull();
@ -148,7 +149,7 @@ public class RefreshTokenTests
Code = code,
RedirectUri = "https://client/callback"
}, _ct);
});
tokenResult1.IsError.ShouldBeFalse();
tokenResult1.AccessToken.ShouldNotBeNull();
@ -166,7 +167,7 @@ public class RefreshTokenTests
ClientCredentialStyle = ClientCredentialStyle.PostBody,
RefreshToken = tokenResult1.RefreshToken
}, _ct);
});
tokenResult2.IsError.ShouldBeFalse();
tokenResult2.AccessToken.ShouldNotBeNull();

92
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Token/ResourceTests.cs
View file

@ -14,13 +14,13 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Token;
public class ResourceTests
{
private const string Category = "Token endpoint";
private const string client_id = "client";
private const string client_secret = "secret";
private const string username = "bob";
private const string password = "password";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private string client_id = "client";
private string client_secret = "secret";
private string username = "bob";
private string password = "password";
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
public ResourceTests()
{
@ -33,6 +33,7 @@ public class ResourceTests
AllowOfflineAccess = true,
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
@ -86,13 +87,12 @@ public class ResourceTests
Address = IdentityServerPipeline.TokenEndpoint,
ClientId = client_id,
ClientSecret = client_secret,
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1", "urn:api2"]);
claims.Where(x => x.Type == "scope").Select(x => x.Value).ShouldBe(["scope1", "scope2", "scope3", "scope4"]);
}
[Fact]
[Trait("Category", Category)]
public async Task client_credentials_with_resource_without_scope_should_succeed()
@ -107,7 +107,7 @@ public class ResourceTests
{
{ "resource", "urn:api1" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1"]);
@ -123,7 +123,7 @@ public class ResourceTests
{
{ "resource", "urn:api2" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api2"]);
@ -139,14 +139,13 @@ public class ResourceTests
{
{ "resource", "urn:api3" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api3"]);
claims.Where(x => x.Type == "scope").Select(x => x.Value).ShouldBe(["scope1", "scope3"]);
}
}
[Fact]
[Trait("Category", Category)]
public async Task client_credentials_without_resource_with_scope_should_succeed()
@ -157,13 +156,12 @@ public class ResourceTests
ClientId = client_id,
ClientSecret = client_secret,
Scope = "scope1",
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1"]);
claims.Where(x => x.Type == "scope").Select(x => x.Value).ShouldBe(["scope1"]);
}
[Fact]
[Trait("Category", Category)]
public async Task client_credentials_with_resource_with_scope_should_succeed()
@ -179,7 +177,7 @@ public class ResourceTests
{
{ "resource", "urn:api1" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1"]);
@ -196,14 +194,13 @@ public class ResourceTests
{
{ "resource", "urn:api3" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api3"]);
claims.Where(x => x.Type == "scope").Select(x => x.Value).ShouldBe(["scope1"]);
}
}
[Fact]
[Trait("Category", Category)]
public async Task client_credentials_with_invalid_resource_and_scope_should_fail()
@ -219,7 +216,7 @@ public class ResourceTests
{
{ "resource", "urn:api2" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
@ -234,7 +231,7 @@ public class ResourceTests
{
{ "resource", "urn:api3" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
@ -249,7 +246,7 @@ public class ResourceTests
{
{ "resource", "urn:api4" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
@ -263,13 +260,14 @@ public class ResourceTests
{
{ "resource", "urn:api4" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
}
[Fact]
[Trait("Category", Category)]
public async Task client_credentials_with_empty_resource_should_be_treated_as_if_no_resource_and_succeed()
@ -283,7 +281,7 @@ public class ResourceTests
{
{ "resource", " " }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1", "urn:api2"]);
@ -301,13 +299,12 @@ public class ResourceTests
ClientSecret = client_secret,
UserName = username,
Password = password,
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1", "urn:api2"]);
claims.Where(x => x.Type == "scope").Select(x => x.Value).ShouldBe(["scope1", "scope2", "scope3", "scope4", "offline_access"]);
}
[Fact]
[Trait("Category", Category)]
public async Task refresh_token_requested_with_resource_without_scope_should_succeed()
@ -324,7 +321,7 @@ public class ResourceTests
{
{ "resource", "urn:api1" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1"]);
@ -343,7 +340,7 @@ public class ResourceTests
{
{ "resource", "urn:api2" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api2"]);
@ -362,14 +359,13 @@ public class ResourceTests
{
{ "resource", "urn:api3" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api3"]);
claims.Where(x => x.Type == "scope").Select(x => x.Value).ShouldBe(["scope1", "scope3", "offline_access"]);
}
}
[Fact]
[Trait("Category", Category)]
public async Task refresh_token_requested_without_resource_with_scope_should_succeed()
@ -382,13 +378,12 @@ public class ResourceTests
UserName = username,
Password = password,
Scope = "scope1 offline_access"
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1"]);
claims.Where(x => x.Type == "scope").Select(x => x.Value).ShouldBe(["scope1", "offline_access"]);
}
[Fact]
[Trait("Category", Category)]
public async Task refresh_token_requested_with_resource_with_scope_should_succeed()
@ -406,7 +401,7 @@ public class ResourceTests
{
{ "resource", "urn:api1" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1"]);
@ -425,14 +420,13 @@ public class ResourceTests
{
{ "resource", "urn:api3" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api3"]);
claims.Where(x => x.Type == "scope").Select(x => x.Value).ShouldBe(["scope1", "offline_access"]);
}
}
[Fact]
[Trait("Category", Category)]
public async Task refresh_token_requested_with_invalid_resource_and_scope_should_fail()
@ -450,7 +444,7 @@ public class ResourceTests
{
{ "resource", "urn:api2" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
@ -467,7 +461,7 @@ public class ResourceTests
{
{ "resource", "urn:api3" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
@ -484,7 +478,7 @@ public class ResourceTests
{
{ "resource", "urn:api4" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
@ -501,13 +495,14 @@ public class ResourceTests
{
{ "resource", "urn:api4" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
}
[Fact]
[Trait("Category", Category)]
public async Task refresh_token_exchange_with_resource_should_succeed()
@ -520,7 +515,7 @@ public class ResourceTests
UserName = username,
Password = password,
Scope = "scope1 scope2 scope3 scope4 offline_access",
}, _ct);
});
{
tokenResponse = await _mockPipeline.BackChannelClient.RequestRefreshTokenAsync(new RefreshTokenRequest
@ -529,7 +524,7 @@ public class ResourceTests
ClientId = client_id,
ClientSecret = client_secret,
RefreshToken = tokenResponse.RefreshToken,
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1", "urn:api2"]);
@ -546,7 +541,7 @@ public class ResourceTests
{
{ "resource", "urn:api1" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api1"]);
@ -563,7 +558,7 @@ public class ResourceTests
{
{ "resource", "urn:api2" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(["urn:api2"]);
@ -580,14 +575,13 @@ public class ResourceTests
{
{ "resource", "urn:api3" }
}
}, _ct);
});
var claims = ParseAccessTokenClaims(tokenResponse);
claims.Where(x => x.Type == "aud").Select(x => x.Value).ShouldBe(new[] { "urn:api3" });
claims.Where(x => x.Type == "scope").Select(x => x.Value).ShouldBe(new[] { "scope1", "scope3", "offline_access" });
}
}
[Fact]
[Trait("Category", Category)]
public async Task refresh_token_exchange_with_invalid_resource_should_fail()
@ -601,7 +595,7 @@ public class ResourceTests
UserName = username,
Password = password,
Scope = "scope1 scope2 scope3 scope4 offline_access",
}, _ct);
});
tokenResponse = await _mockPipeline.BackChannelClient.RequestRefreshTokenAsync(new RefreshTokenRequest
{
Address = IdentityServerPipeline.TokenEndpoint,
@ -612,7 +606,7 @@ public class ResourceTests
{
{ "resource", "urn:api4" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
@ -627,7 +621,7 @@ public class ResourceTests
UserName = username,
Password = password,
Scope = "scope2 offline_access",
}, _ct);
});
tokenResponse = await _mockPipeline.BackChannelClient.RequestRefreshTokenAsync(new RefreshTokenRequest
{
Address = IdentityServerPipeline.TokenEndpoint,
@ -638,7 +632,7 @@ public class ResourceTests
{
{ "resource", "urn:api1" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}
@ -652,7 +646,7 @@ public class ResourceTests
UserName = username,
Password = password,
Scope = "scope4 offline_access",
}, _ct);
});
tokenResponse = await _mockPipeline.BackChannelClient.RequestRefreshTokenAsync(new RefreshTokenRequest
{
Address = IdentityServerPipeline.TokenEndpoint,
@ -663,7 +657,7 @@ public class ResourceTests
{
{ "resource", "urn:api1" }
}
}, _ct);
});
tokenResponse.IsError.ShouldBeTrue();
tokenResponse.Error.ShouldBe("invalid_target");
}

26
identity-server/test/IdentityServer.IntegrationTests/Endpoints/Token/TokenEndpointTests.cs
View file

@ -15,12 +15,14 @@ namespace Duende.IdentityServer.IntegrationTests.Endpoints.Token;
public class TokenEndpointTests
{
private const string Category = "Token endpoint";
private const string client_id = "client";
private const string client_secret = "secret";
private const string scope_name = "api";
private const string scope_secret = "api_secret";
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
private string client_id = "client";
private string client_secret = "secret";
private string scope_name = "api";
private string scope_secret = "api_secret";
private IdentityServerPipeline _mockPipeline = new IdentityServerPipeline();
public TokenEndpointTests()
{
@ -82,10 +84,10 @@ public class TokenEndpointTests
};
var form = new FormUrlEncodedContent(data);
_mockPipeline.BackChannelClient.DefaultRequestHeaders.Add("Referer", "http://127.0.0.1:33086/appservice/appservice?t=1564165664142?load");
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.TokenEndpoint, form, _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.TokenEndpoint, form);
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var result = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
result.ContainsKey("error").ShouldBeFalse();
}
@ -105,10 +107,10 @@ public class TokenEndpointTests
};
var form = new FormUrlEncodedContent(data);
_mockPipeline.BackChannelClient.DefaultRequestHeaders.Add("Referer", "http://127.0.0.1:33086/appservice/appservice?t=1564165664142?load");
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.TokenEndpoint, form, _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.TokenEndpoint, form);
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var result = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
result.ContainsKey("error").ShouldBeFalse();
}
@ -120,10 +122,10 @@ public class TokenEndpointTests
var text = $"grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}&scope=%00";
var content = new StringContent(text, Encoding.UTF8, "application/x-www-form-urlencoded");
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.TokenEndpoint, content, _ct);
var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.TokenEndpoint, content);
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var json = await response.Content.ReadAsStringAsync(_ct);
var json = await response.Content.ReadAsStringAsync();
var result = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
var error = result["error"].GetString();
error.ShouldBe("invalid_request");

5
identity-server/test/IdentityServer.IntegrationTests/EntityFramework/EntityFrameworkBasedLogoutTests.cs
View file

@ -20,7 +20,6 @@ namespace Duende.IdentityServer.IntegrationTests.EntityFramework;
public class EntityFrameworkBasedLogoutTests
{
private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
private readonly IdentityServerPipeline _mockPipeline = new();
private static readonly ICollection<Client> _clients =
@ -75,7 +74,7 @@ public class EntityFrameworkBasedLogoutTests
var options = DatabaseProviderBuilder.BuildSqlite<PersistedGrantDbContext, OperationalStoreOptions>("NotUsed", new OperationalStoreOptions(),
TimeSpan.FromMilliseconds(1));
await using var context = new PersistedGrantDbContext(options);
await context.Database.EnsureCreatedAsync(_ct);
await context.Database.EnsureCreatedAsync();
_mockPipeline.OnPostConfigureServices += services =>
{
@ -99,7 +98,7 @@ public class EntityFrameworkBasedLogoutTests
ClientId = client.ClientId,
Code = authzResponse.Code,
RedirectUri = client.RedirectUris.First()
}, _ct);
});
}
//Clear cache to simulate needing to load from db when creating logout notifications to send

8
identity-server/test/IdentityServer.IntegrationTests/EntityFramework/IntegrationTest.cs
View file

@ -15,13 +15,12 @@ namespace Duende.IdentityServer.IntegrationTests.EntityFramework;
/// <typeparam name="TDbContext">The type of the database context.</typeparam>
/// <typeparam name="TStoreOption">The type of the store option.</typeparam>
/// <seealso cref="DatabaseProviderFixture{T}" />
public abstract class IntegrationTest<TClass, TDbContext, TStoreOption> : IClassFixture<DatabaseProviderFixture<TDbContext>>
public class IntegrationTest<TClass, TDbContext, TStoreOption> : IClassFixture<DatabaseProviderFixture<TDbContext>>
where TDbContext : DbContext
where TStoreOption : class
{
public static readonly TheoryData<DbContextOptions<TDbContext>> TestDatabaseProviders;
protected static readonly TStoreOption StoreOptions = Activator.CreateInstance<TStoreOption>();
protected static TStoreOption StoreOptions = Activator.CreateInstance<TStoreOption>();
static IntegrationTest()
{
@ -51,6 +50,5 @@ public abstract class IntegrationTest<TClass, TDbContext, TStoreOption> : IClass
}
}
protected IntegrationTest(DatabaseProviderFixture<TDbContext> fixture)
=> fixture.Options = TestDatabaseProviders.Select(row => row.Data).ToList();
protected IntegrationTest(DatabaseProviderFixture<TDbContext> fixture) => fixture.Options = TestDatabaseProviders.ToList<DbContextOptions<TDbContext>>();
}

Some files were not shown because too many files have changed in this diff Show more