Skip to content

Regression tests: Issuer #2868

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Oct 15, 2024
Merged

Regression tests: Issuer #2868

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
e20bc67
Renamed CreateToken methods in audience and lifetime regression tests
iNinja Oct 3, 2024
0c4f236
Added custom ValidationError class for issuer errors. Updated IssuerV…
iNinja Oct 3, 2024
15fc33c
Added JWT issuer regression tests
iNinja Oct 3, 2024
2ce7d30
Update test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenH…
iNinja Oct 11, 2024
02db527
Merge branch 'dev' into iinglese/regression-tests-issuer
iNinja Oct 11, 2024
e6adf5a
Added IssuerValidationError to InternalAPI.Unshipped. Made constructo…
iNinja Oct 11, 2024
7531d9e
Updated exception creation in IssuerValidationError
iNinja Oct 11, 2024
06d8afb
Merge branch 'dev' into iinglese/regression-tests-issuer
iNinja Oct 14, 2024
b6747af
Merge branch 'dev' into iinglese/regression-tests-issuer
iNinja Oct 14, 2024
276b7da
Adjusted unshipped API contents with the IDE suggestions
iNinja Oct 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

using System;
using System.Diagnostics;

#nullable enable
namespace Microsoft.IdentityModel.Tokens
{
internal class IssuerValidationError : ValidationError
{
private string? _invalidIssuer;

public IssuerValidationError(
MessageDetail messageDetail,
Type exceptionType,
StackFrame stackFrame,
string? invalidIssuer)
: base(messageDetail, ValidationFailureType.IssuerValidationFailed, exceptionType, stackFrame)
{
_invalidIssuer = invalidIssuer;
}

internal override void AddAdditionalInformation(ISecurityTokenException exception)
{
if (exception is SecurityTokenInvalidIssuerException invalidIssuerException)
invalidIssuerException.InvalidIssuer = _invalidIssuer;
}
}
}
#nullable restore
18 changes: 9 additions & 9 deletions src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,11 +61,11 @@ internal static async Task<ValidationResult<ValidatedIssuer>> ValidateIssuerAsyn
{
if (string.IsNullOrWhiteSpace(issuer))
{
return new ValidationError(
return new IssuerValidationError(
new MessageDetail(LogMessages.IDX10211),
ValidationFailureType.IssuerValidationFailed,
typeof(SecurityTokenInvalidIssuerException),
new StackFrame(true));
new StackFrame(true),
issuer);
}

if (validationParameters == null)
Expand All @@ -84,11 +84,11 @@ internal static async Task<ValidationResult<ValidatedIssuer>> ValidateIssuerAsyn

// Return failed IssuerValidationResult if all possible places to validate against are null or empty.
if (validationParameters.ValidIssuers.Count == 0 && string.IsNullOrWhiteSpace(configuration?.Issuer))
return new ValidationError(
return new IssuerValidationError(
new MessageDetail(LogMessages.IDX10211),
ValidationFailureType.IssuerValidationFailed,
typeof(SecurityTokenInvalidIssuerException),
new StackFrame(true));
new StackFrame(true),
issuer);

if (configuration != null)
{
Expand Down Expand Up @@ -130,15 +130,15 @@ internal static async Task<ValidationResult<ValidatedIssuer>> ValidateIssuerAsyn
}
}

return new ValidationError(
return new IssuerValidationError(
new MessageDetail(
LogMessages.IDX10212,
LogHelper.MarkAsNonPII(issuer),
LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validationParameters.ValidIssuers)),
LogHelper.MarkAsNonPII(configuration?.Issuer)),
ValidationFailureType.IssuerValidationFailed,
typeof(SecurityTokenInvalidIssuerException),
new StackFrame(true));
new StackFrame(true),
issuer);
}
}
}
Expand Down
4 changes: 2 additions & 2 deletions ...IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ public async Task ValidateTokenAsync_Audience(ValidateTokenAsyncAudienceTheoryDa
{
var context = TestUtilities.WriteHeader($"{this}.ValidateTokenAsync_Audience", theoryData);

string jwtString = CreateToken(theoryData.Audience);
string jwtString = CreateTokenWithAudience(theoryData.Audience);

await ValidateAndCompareResults(jwtString, theoryData, context);

Expand Down Expand Up @@ -155,7 +155,7 @@ public ValidateTokenAsyncAudienceTheoryData(string testId) : base(testId) { }
public string? Audience { get; internal set; } = Default.Audience;
}

private static string CreateToken(string? audience)
private static string CreateTokenWithAudience(string? audience)
{
JsonWebTokenHandler jsonWebTokenHandler = new JsonWebTokenHandler();

Expand Down
149 changes: 149 additions & 0 deletions ...t.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

#nullable enable
using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.TestUtils;
using Microsoft.IdentityModel.Tokens;
using Xunit;

namespace Microsoft.IdentityModel.JsonWebTokens.Tests
{
public partial class JsonWebTokenHandlerValidateTokenAsyncTests
{
[Theory, MemberData(nameof(ValidateTokenAsync_IssuerTestCases))]
public async Task ValidateTokenAsync_Issuer(ValidateTokenAsyncIssuerTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.ValidateTokenAsync_Issuer", theoryData);

string jwtString = CreateTokenWithIssuer(theoryData.TokenIssuer);

await ValidateAndCompareResults(jwtString, theoryData, context);

TestUtilities.AssertFailIfErrors(context);
}

public static TheoryData<ValidateTokenAsyncIssuerTheoryData> ValidateTokenAsync_IssuerTestCases
{
get
{
return new TheoryData<ValidateTokenAsyncIssuerTheoryData>
{
new ValidateTokenAsyncIssuerTheoryData("Valid_IssuerIsValidIssuer")
{
TokenIssuer = Default.Issuer,
TokenValidationParameters = CreateTokenValidationParameters(validIssuer: Default.Issuer),
ValidationParameters = CreateValidationParameters(validIssuer: Default.Issuer),
},
new ValidateTokenAsyncIssuerTheoryData("Valid_IssuerIsConfigurationIssuer")
{
TokenIssuer = Default.Issuer,
TokenValidationParameters = CreateTokenValidationParameters(configurationIssuer: Default.Issuer),
ValidationParameters = CreateValidationParameters(configurationIssuer: Default.Issuer),
},
new ValidateTokenAsyncIssuerTheoryData("Invalid_IssuerIsNotValid")
{
TokenIssuer = "InvalidIssuer",
TokenValidationParameters = CreateTokenValidationParameters(validIssuer: Default.Issuer),
ValidationParameters = CreateValidationParameters(validIssuer: Default.Issuer),
ExpectedIsValid = false,
ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10205:"),
ExpectedExceptionValidationParameters = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10212:"),
},
new ValidateTokenAsyncIssuerTheoryData("Invalid_IssuerIsNull")
{
TokenIssuer = null,
TokenValidationParameters = CreateTokenValidationParameters(validIssuer: Default.Issuer),
ValidationParameters = CreateValidationParameters(validIssuer: Default.Issuer),
ExpectedIsValid = false,
ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10211:"),
},
new ValidateTokenAsyncIssuerTheoryData("Invalid_IssuerIsEmpty")
{
TokenIssuer = string.Empty,
TokenValidationParameters = CreateTokenValidationParameters(validIssuer: Default.Issuer),
ValidationParameters = CreateValidationParameters(validIssuer: Default.Issuer),
ExpectedIsValid = false,
ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10211:"),
},
new ValidateTokenAsyncIssuerTheoryData("Invalid_NoValidIssuersProvided")
{
TokenIssuer = Default.Issuer,
TokenValidationParameters = CreateTokenValidationParameters(),
ValidationParameters = CreateValidationParameters(),
ExpectedIsValid = false,
ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10204:"),
ExpectedExceptionValidationParameters = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10211:"),
},
};

static TokenValidationParameters CreateTokenValidationParameters(
string? validIssuer = null, string? configurationIssuer = null)
{
var tokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = true,
ValidateIssuer = true,
ValidateLifetime = true,
ValidateTokenReplay = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = Default.AsymmetricSigningKey,
ValidAudiences = [Default.Audience],
ValidIssuer = validIssuer
};

if (configurationIssuer is not null)
{
var validConfig = new OpenIdConnectConfiguration() { Issuer = configurationIssuer };
tokenValidationParameters.ConfigurationManager = new MockConfigurationManager<OpenIdConnectConfiguration>(validConfig);
}

return tokenValidationParameters;
}

static ValidationParameters CreateValidationParameters(
string? validIssuer = null, string? configurationIssuer = null)
{
ValidationParameters validationParameters = new ValidationParameters();
validationParameters.ValidAudiences.Add(Default.Audience);
validationParameters.IssuerSigningKeys.Add(Default.AsymmetricSigningKey);

if (configurationIssuer is not null)
{
var validConfig = new OpenIdConnectConfiguration() { Issuer = configurationIssuer };
validationParameters.ConfigurationManager = new MockConfigurationManager<OpenIdConnectConfiguration>(validConfig);
}

if (validIssuer is not null)
validationParameters.ValidIssuers.Add(validIssuer);

return validationParameters;
}
}
}

public class ValidateTokenAsyncIssuerTheoryData : ValidateTokenAsyncBaseTheoryData
{
public ValidateTokenAsyncIssuerTheoryData(string testId) : base(testId) { }

public string? TokenIssuer { get; set; }
}

private static string CreateTokenWithIssuer(string? issuer)
{
JsonWebTokenHandler jsonWebTokenHandler = new JsonWebTokenHandler();

SecurityTokenDescriptor securityTokenDescriptor = new SecurityTokenDescriptor
{
Subject = Default.ClaimsIdentity,
SigningCredentials = Default.AsymmetricSigningCredentials,
Audience = Default.Audience,
Issuer = issuer,
};

return jsonWebTokenHandler.CreateToken(securityTokenDescriptor);
}
}
}
#nullable restore
4 changes: 2 additions & 2 deletions ...IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ public async Task ValidateTokenAsync_Lifetime(ValidateTokenAsyncLifetimeTheoryDa
{
var context = TestUtilities.WriteHeader($"{this}.ValidateTokenAsync_Lifetime", theoryData);

string jwtString = CreateToken(theoryData.IssuedAt, theoryData.NotBefore, theoryData.Expires);
string jwtString = CreateTokenWithLifetime(theoryData.IssuedAt, theoryData.NotBefore, theoryData.Expires);

await ValidateAndCompareResults(jwtString, theoryData, context);

Expand Down Expand Up @@ -155,7 +155,7 @@ public ValidateTokenAsyncLifetimeTheoryData(string testId) : base(testId) { }
public DateTime? Expires { get; set; }
}

private static string CreateToken(DateTime? issuedAt, DateTime? notBefore, DateTime? expires)
private static string CreateTokenWithLifetime(DateTime? issuedAt, DateTime? notBefore, DateTime? expires)
{
JsonWebTokenHandler jsonWebTokenHandler = new JsonWebTokenHandler();
jsonWebTokenHandler.SetDefaultTimesOnTokenCreation = false; // Allow for null values to be passed in to validate.
Expand Down
Loading