75 lines
3.3 KiB
C#
75 lines
3.3 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Security.Claims;
|
|
using StellaOps.Auth.Abstractions;
|
|
using Xunit;
|
|
|
|
namespace StellaOps.Auth.Abstractions.Tests;
|
|
|
|
public class StellaOpsPrincipalBuilderTests
|
|
{
|
|
[Fact]
|
|
public void NormalizedScopes_AreSortedDeduplicatedLowerCased()
|
|
{
|
|
var builder = new StellaOpsPrincipalBuilder()
|
|
.WithScopes(new[] { "Concelier.Jobs.Trigger", " concelier.jobs.trigger ", "AUTHORITY.USERS.MANAGE" })
|
|
.WithAudiences(new[] { " api://concelier ", "api://cli", "api://concelier" });
|
|
|
|
Assert.Equal(
|
|
new[] { "authority.users.manage", "concelier.jobs.trigger" },
|
|
builder.NormalizedScopes);
|
|
|
|
Assert.Equal(
|
|
new[] { "api://cli", "api://concelier" },
|
|
builder.Audiences);
|
|
}
|
|
|
|
[Fact]
|
|
public void Build_ConstructsClaimsPrincipalWithNormalisedValues()
|
|
{
|
|
var now = DateTimeOffset.UtcNow;
|
|
var builder = new StellaOpsPrincipalBuilder()
|
|
.WithSubject(" user-1 ")
|
|
.WithClientId(" cli-01 ")
|
|
.WithTenant(" default ")
|
|
.WithName(" Jane Doe ")
|
|
.WithIdentityProvider(" internal ")
|
|
.WithSessionId(" session-123 ")
|
|
.WithTokenId(Guid.NewGuid().ToString("N"))
|
|
.WithAuthenticationMethod("password")
|
|
.WithAuthenticationType(" custom ")
|
|
.WithScopes(new[] { "Concelier.Jobs.Trigger", "AUTHORITY.USERS.MANAGE" })
|
|
.WithAudience(" api://concelier ")
|
|
.WithIssuedAt(now)
|
|
.WithExpires(now.AddMinutes(5))
|
|
.AddClaim(" custom ", " value ");
|
|
|
|
var principal = builder.Build();
|
|
var identity = Assert.IsType<ClaimsIdentity>(principal.Identity);
|
|
|
|
Assert.Equal("custom", identity.AuthenticationType);
|
|
Assert.Equal("Jane Doe", identity.Name);
|
|
Assert.Equal("user-1", principal.FindFirstValue(StellaOpsClaimTypes.Subject));
|
|
Assert.Equal("cli-01", principal.FindFirstValue(StellaOpsClaimTypes.ClientId));
|
|
Assert.Equal("default", principal.FindFirstValue(StellaOpsClaimTypes.Tenant));
|
|
Assert.Equal("internal", principal.FindFirstValue(StellaOpsClaimTypes.IdentityProvider));
|
|
Assert.Equal("session-123", principal.FindFirstValue(StellaOpsClaimTypes.SessionId));
|
|
Assert.Equal("value", principal.FindFirstValue("custom"));
|
|
|
|
var scopeClaims = principal.Claims.Where(claim => claim.Type == StellaOpsClaimTypes.ScopeItem).Select(claim => claim.Value).ToArray();
|
|
Assert.Equal(new[] { "authority.users.manage", "concelier.jobs.trigger" }, scopeClaims);
|
|
|
|
var scopeList = principal.FindFirstValue(StellaOpsClaimTypes.Scope);
|
|
Assert.Equal("authority.users.manage concelier.jobs.trigger", scopeList);
|
|
|
|
var audienceClaims = principal.Claims.Where(claim => claim.Type == StellaOpsClaimTypes.Audience).Select(claim => claim.Value).ToArray();
|
|
Assert.Equal(new[] { "api://concelier" }, audienceClaims);
|
|
|
|
var issuedAt = principal.FindFirstValue("iat");
|
|
Assert.Equal(now.ToUnixTimeSeconds().ToString(), issuedAt);
|
|
|
|
var expires = principal.FindFirstValue("exp");
|
|
Assert.Equal(now.AddMinutes(5).ToUnixTimeSeconds().ToString(), expires);
|
|
}
|
|
}
|