This repository has been archived by the owner on Dec 27, 2024. It is now read-only.
forked from okta/okta-aspnet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathOktaMiddlewareShould.cs
78 lines (67 loc) · 2.62 KB
/
OktaMiddlewareShould.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.TestHost;
using Microsoft.Extensions.Configuration;
using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading.Tasks;
using Xunit;
namespace Okta.AspNetCore.WebApi.IntegrationTest
{
public class OktaMiddlewareShould : IDisposable
{
private readonly TestServer _server;
private string BaseUrl { get; set; }
private string ProtectedEndpoint { get; set; }
public IConfiguration Configuration { get; set; }
public OktaMiddlewareShould()
{
Configuration = TestConfiguration.GetConfiguration();
BaseUrl = "http://localhost:58533";
ProtectedEndpoint = $"{BaseUrl}/api/messages";
_server = new TestServer(new WebHostBuilder()
.UseStartup<Startup>()
.UseConfiguration(Configuration))
{
BaseAddress = new Uri(BaseUrl),
};
}
[Fact]
public async Task Returns401WhenAccessToProtectedRouteWithoutTokenAsync()
{
using (var client = new HttpClient(_server.CreateHandler()))
{
var response = await client.GetAsync(ProtectedEndpoint);
Assert.True(response.StatusCode == System.Net.HttpStatusCode.Unauthorized);
}
}
[Fact]
public async Task Returns401WhenAccessToProtectedRouteWithInvalidTokenAsync()
{
var accessToken = "thisIsAnInvalidToken";
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, ProtectedEndpoint);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using (var client = new HttpClient(_server.CreateHandler()))
{
var response = await client.SendAsync(request);
Assert.True(response.StatusCode == System.Net.HttpStatusCode.Unauthorized);
}
}
[Fact]
public async Task InvokeCustomEventsAsync()
{
var accessToken = "thisIsAnInvalidToken";
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, ProtectedEndpoint);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using (var client = new HttpClient(_server.CreateHandler()))
{
var response = await client.SendAsync(request);
Assert.True(response.Headers.Contains("myCustomHeader"));
}
}
public void Dispose()
{
_server.Dispose();
}
}
}