-
Notifications
You must be signed in to change notification settings - Fork 453
Regression tests: Token Type #2932
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 9 commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
b8cd288
Renamed ValidationParameters.TypeValidator to ValidationParameters.To…
iNinja 884930f
Removed log from TokenType validation
iNinja 350dde0
Added TokenTypeValidationError to create the exception and assign the…
iNinja 1153353
Adjusted the creation of SecurityTokenInvalidTypeException to return …
iNinja 3b772fb
Added regression/comparison tests around token type validation scenarios
iNinja 0394f34
Added test for valid scenario where there are no valid types specified
iNinja 34cf766
Return null for the invalid token type if the type is an empty string…
iNinja e5ec3b0
Merge branch 'dev' into iinglese/regression-tests-token-type
iNinja 5de77c0
Updated renamed variable
iNinja 38613a8
Merge branch 'dev' into iinglese/regression-tests-token-type
iNinja 41a2123
Addressed post merge issues
iNinja File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/TokenTypeValidationError.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| // Copyright (c) Microsoft Corporation. All rights reserved. | ||
| // Licensed under the MIT License. | ||
|
|
||
| using System; | ||
| using System.Diagnostics; | ||
|
|
||
| #nullable enable | ||
| namespace Microsoft.IdentityModel.Tokens | ||
| { | ||
| internal class TokenTypeValidationError : ValidationError | ||
| { | ||
| protected string? _invalidTokenType; | ||
|
|
||
| internal TokenTypeValidationError( | ||
| MessageDetail messageDetail, | ||
| Type exceptionType, | ||
| StackFrame stackFrame, | ||
| string? invalidTokenType) | ||
| : base(messageDetail, ValidationFailureType.TokenTypeValidationFailed, exceptionType, stackFrame) | ||
| { | ||
| _invalidTokenType = invalidTokenType; | ||
| } | ||
|
|
||
| internal override Exception GetException() | ||
| { | ||
| if (ExceptionType == typeof(SecurityTokenInvalidTypeException)) | ||
| { | ||
| SecurityTokenInvalidTypeException exception = new(MessageDetail.Message, InnerException) | ||
| { | ||
| InvalidType = _invalidTokenType | ||
| }; | ||
|
|
||
| return exception; | ||
| } | ||
|
|
||
| return base.GetException(); | ||
| } | ||
| } | ||
| } | ||
| #nullable restore |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
142 changes: 142 additions & 0 deletions
142
...dentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.TokenType.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,142 @@ | ||
| // Copyright (c) Microsoft Corporation. All rights reserved. | ||
| // Licensed under the MIT License. | ||
|
|
||
| #nullable enable | ||
| using System.Threading.Tasks; | ||
| using Microsoft.IdentityModel.TestUtils; | ||
| using Microsoft.IdentityModel.Tokens; | ||
| using Xunit; | ||
|
|
||
| namespace Microsoft.IdentityModel.JsonWebTokens.Tests | ||
| { | ||
| public partial class JsonWebTokenHandlerValidateTokenAsyncTests | ||
| { | ||
| [Theory, MemberData(nameof(ValidateTokenAsync_TokenTypeTestCases), DisableDiscoveryEnumeration = true)] | ||
| public async Task ValidateTokenAsync_TokenType(ValidateTokenAsyncTokenTypeTheoryData theoryData) | ||
| { | ||
| var context = TestUtilities.WriteHeader($"{this}.ValidateTokenAsync_TokenType", theoryData); | ||
|
|
||
| string jwtString = CreateTokenForTokenTypeValidation(theoryData.UseEmptyType, theoryData.CustomTokenType); | ||
|
|
||
| await ValidateAndCompareResults(jwtString, theoryData, context); | ||
|
|
||
| TestUtilities.AssertFailIfErrors(context); | ||
| } | ||
|
|
||
| public static TheoryData<ValidateTokenAsyncTokenTypeTheoryData> ValidateTokenAsync_TokenTypeTestCases | ||
| { | ||
| get | ||
| { | ||
| var theoryData = new TheoryData<ValidateTokenAsyncTokenTypeTheoryData>(); | ||
|
|
||
| theoryData.Add(new ValidateTokenAsyncTokenTypeTheoryData("Valid_JwtToken") | ||
| { | ||
| TokenValidationParameters = CreateTokenValidationParameters(), | ||
| ValidationParameters = CreateValidationParameters(), | ||
| }); | ||
|
|
||
| theoryData.Add(new ValidateTokenAsyncTokenTypeTheoryData("Valid_UnknownTokenType_NoValidTokenTypes") | ||
| { | ||
| // If there are no valid token types, any token type is valid | ||
| CustomTokenType = "SomeUnknownType", | ||
| TokenValidationParameters = CreateTokenValidationParameters(null), | ||
| ValidationParameters = CreateValidationParameters(null), | ||
| }); | ||
|
|
||
| theoryData.Add(new ValidateTokenAsyncTokenTypeTheoryData("Valid_CustomToken_AddedAsValidTokenType") | ||
| { | ||
| CustomTokenType = "PPT", | ||
| TokenValidationParameters = CreateTokenValidationParameters(validTokenType: "PPT"), | ||
| ValidationParameters = CreateValidationParameters(validTokenType: "PPT"), | ||
| }); | ||
|
|
||
| theoryData.Add(new ValidateTokenAsyncTokenTypeTheoryData("Invalid_CustomToken_NotAddedAsValidTokenType") | ||
| { | ||
| CustomTokenType = "PPT", | ||
| TokenValidationParameters = CreateTokenValidationParameters(), | ||
| ValidationParameters = CreateValidationParameters(), | ||
| ExpectedIsValid = false, | ||
| ExpectedException = ExpectedException.SecurityTokenInvalidTypeException("IDX10257:"), | ||
| }); | ||
|
|
||
| theoryData.Add(new ValidateTokenAsyncTokenTypeTheoryData("Invalid_EmptyTokenType") | ||
| { | ||
| UseEmptyType = true, | ||
| TokenValidationParameters = CreateTokenValidationParameters(), | ||
| ValidationParameters = CreateValidationParameters(), | ||
| ExpectedIsValid = false, | ||
| ExpectedException = ExpectedException.SecurityTokenInvalidTypeException("IDX10256:"), | ||
| }); | ||
|
|
||
| return theoryData; | ||
|
|
||
| static TokenValidationParameters CreateTokenValidationParameters(string? validTokenType = "JWT") | ||
| { | ||
| // only validate the signature and issuer signing key | ||
| var tokenValidationParameters = new TokenValidationParameters() | ||
| { | ||
| ValidateAudience = false, | ||
| ValidateIssuer = false, | ||
| ValidateLifetime = false, | ||
| ValidateTokenReplay = false, | ||
| ValidateIssuerSigningKey = false, | ||
| RequireSignedTokens = false, | ||
| }; | ||
|
|
||
| if (validTokenType is not null) | ||
| tokenValidationParameters.ValidTypes = [validTokenType]; | ||
|
|
||
| return tokenValidationParameters; | ||
| } | ||
|
|
||
| static ValidationParameters CreateValidationParameters(string? validTokenType = "JWT") | ||
| { | ||
| ValidationParameters validationParameters = new ValidationParameters(); | ||
|
|
||
| // Skip all validations except token type | ||
| validationParameters.AlgorithmValidator = SkipValidationDelegates.SkipAlgorithmValidation; | ||
| validationParameters.AudienceValidator = SkipValidationDelegates.SkipAudienceValidation; | ||
| validationParameters.IssuerSigningKeyValidator = SkipValidationDelegates.SkipIssuerSigningKeyValidation; | ||
| validationParameters.IssuerValidatorAsync = SkipValidationDelegates.SkipIssuerValidation; | ||
| validationParameters.LifetimeValidator = SkipValidationDelegates.SkipLifetimeValidation; | ||
| validationParameters.SignatureValidator = SkipValidationDelegates.SkipSignatureValidation; | ||
| validationParameters.TokenReplayValidator = SkipValidationDelegates.SkipTokenReplayValidation; | ||
|
|
||
| if (validTokenType is not null) | ||
| validationParameters.ValidTypes.Add(validTokenType); | ||
|
|
||
| return validationParameters; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| public class ValidateTokenAsyncTokenTypeTheoryData : ValidateTokenAsyncBaseTheoryData | ||
| { | ||
| public ValidateTokenAsyncTokenTypeTheoryData(string testId) : base(testId) { } | ||
|
|
||
| public bool UseEmptyType { get; set; } = false; | ||
|
|
||
| public string? CustomTokenType { get; set; } = null; | ||
| } | ||
|
|
||
| // Custom JWT with empty string for type | ||
| private static string emptyTypeJWT = "eyJ0eXAiOiIiLCJhbGciOiJub25lIn0.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTcyOTY5NDI1OCwiZXhwIjoxNzI5Njk3ODU4fQ."; | ||
|
|
||
| private static string CreateTokenForTokenTypeValidation(bool useEmptyType = false, string? tokenType = null) | ||
| { | ||
| if (useEmptyType) | ||
| return emptyTypeJWT; | ||
|
|
||
| JsonWebTokenHandler jsonWebTokenHandler = new JsonWebTokenHandler(); | ||
|
|
||
| SecurityTokenDescriptor securityTokenDescriptor = new SecurityTokenDescriptor | ||
| { | ||
| Subject = Default.ClaimsIdentity, | ||
| TokenType = tokenType ?? "JWT", | ||
| }; | ||
|
|
||
| return jsonWebTokenHandler.CreateToken(securityTokenDescriptor); | ||
| } | ||
| } | ||
| } | ||
| #nullable restore |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.