Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extensibility tests: Issuer - SAML and SAML2 #3026

Merged
merged 6 commits into from
Nov 25, 2024
Merged

Extensibility tests: Issuer - SAML and SAML2 #3026

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8eac6d6
Rename JWT issuer extensibility tests to better align on the solution…
iNinja Nov 17, 2024
8823943
Handle potential exceptions thrown by the issuer validator in SAML an…
iNinja Nov 17, 2024
8aa63cf
Added extensibility tests for issuer validation on SAML and SAML2
iNinja Nov 17, 2024
487477e
Updated validation failure type position in tests
iNinja Nov 21, 2024
a33ef39
Merge branch 'dev' into iinglese/extensibility-tests-saml-issuer
iNinja Nov 22, 2024
d449bab
Merge branch 'dev' into iinglese/extensibility-tests-saml-issuer
iNinja Nov 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 21 additions & 9 deletions ...crosoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateToken.Internal.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,17 +63,29 @@ internal async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync(
if (!conditionsResult.IsValid)
return conditionsResult.UnwrapError().AddCurrentStackFrame();

ValidationResult<ValidatedIssuer> issuerValidationResult = await validationParameters.IssuerValidatorAsync(
samlToken.Issuer,
samlToken,
validationParameters,
callContext,
cancellationToken).ConfigureAwait(false);
try
{
ValidationResult<ValidatedIssuer> issuerValidationResult = await validationParameters.IssuerValidatorAsync(
samlToken.Issuer,
samlToken,
validationParameters,
callContext,
cancellationToken).ConfigureAwait(false);

if (!issuerValidationResult.IsValid)
if (!issuerValidationResult.IsValid)
return issuerValidationResult.UnwrapError().AddCurrentStackFrame();
}
#pragma warning disable CA1031 // Do not catch general exception types
catch (Exception ex)
#pragma warning restore CA1031 // Do not catch general exception types
{
StackFrames.IssuerValidationFailed ??= new StackFrame(true);
return issuerValidationResult.UnwrapError().AddStackFrame(StackFrames.IssuerValidationFailed);
return new IssuerValidationError(
new MessageDetail(Tokens.LogMessages.IDX10269),
ValidationFailureType.IssuerValidatorThrew,
typeof(SecurityTokenInvalidIssuerException),
ValidationError.GetCurrentStackFrame(),
samlToken.Issuer,
ex);
}

if (samlToken.Assertion.Conditions is not null)
Expand Down
30 changes: 21 additions & 9 deletions ...osoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateToken.Internal.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,17 +67,29 @@ internal async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync(
if (!conditionsResult.IsValid)
return conditionsResult.UnwrapError().AddCurrentStackFrame();

ValidationResult<ValidatedIssuer> validatedIssuerResult = await validationParameters.IssuerValidatorAsync(
samlToken.Issuer,
samlToken,
validationParameters,
callContext,
cancellationToken).ConfigureAwait(false);
try
{
ValidationResult<ValidatedIssuer> issuerValidationResult = await validationParameters.IssuerValidatorAsync(
samlToken.Issuer,
samlToken,
validationParameters,
callContext,
cancellationToken).ConfigureAwait(false);

if (!validatedIssuerResult.IsValid)
if (!issuerValidationResult.IsValid)
return issuerValidationResult.UnwrapError().AddCurrentStackFrame();
}
#pragma warning disable CA1031 // Do not catch general exception types
catch (Exception ex)
#pragma warning restore CA1031 // Do not catch general exception types
{
StackFrames.IssuerValidationFailed ??= new StackFrame(true);
return validatedIssuerResult.UnwrapError().AddStackFrame(StackFrames.IssuerValidationFailed);
return new IssuerValidationError(
new MessageDetail(Tokens.LogMessages.IDX10269),
ValidationFailureType.IssuerValidatorThrew,
typeof(SecurityTokenInvalidIssuerException),
ValidationError.GetCurrentStackFrame(),
samlToken.Issuer,
ex);
}

if (samlToken.Assertion.Conditions is not null)
Expand Down
100 changes: 39 additions & 61 deletions ...onWebTokenHandler.Issuer.Extensibility.cs → ...onWebTokenHandler.Extensibility.Issuer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
// Licensed under the MIT License.

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.IdentityModel.JsonWebTokens.Tests;
using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.TestUtils;
using Microsoft.IdentityModel.Tokens;
using Microsoft.IdentityModel.Tokens.Json.Tests;
Expand All @@ -22,8 +22,8 @@ public async Task ValidateTokenAsync_IssuerValidator_Extensibility(IssuerExtensi
{
var context = TestUtilities.WriteHeader($"{this}.{nameof(ValidateTokenAsync_IssuerValidator_Extensibility)}", theoryData);
context.IgnoreType = false;
for (int i = 1; i < theoryData.StackFrames.Count; i++)
theoryData.IssuerValidationError!.AddStackFrame(theoryData.StackFrames[i]);
for (int i = 0; i < theoryData.ExtraStackFrames; i++)
theoryData.IssuerValidationError!.AddStackFrame(new StackFrame(false));

try
{
Expand Down Expand Up @@ -69,11 +69,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
"CustomIssuerValidatorDelegate",
issuerGuid,
CustomIssuerValidationDelegates.CustomIssuerValidatorDelegateAsync,
[
new StackFrame("CustomIssuerValidationDelegates", 88),
new StackFrame(false),
new StackFrame(false)
])
extraStackFrames: 2)
{
ExpectedException = new ExpectedException(
typeof(SecurityTokenInvalidIssuerException),
Expand All @@ -83,7 +79,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorDelegateAsync), null),
ValidationFailureType.IssuerValidationFailed,
typeof(SecurityTokenInvalidIssuerException),
new StackFrame("CustomIssuerValidationDelegates", 88),
new StackFrame("CustomIssuerValidationDelegates.cs", 88),
issuerGuid)
});

Expand All @@ -92,11 +88,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
"CustomIssuerValidatorCustomExceptionDelegate",
issuerGuid,
CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync,
[
new StackFrame("CustomIssuerValidationDelegates", 107),
new StackFrame(false),
new StackFrame(false)
])
extraStackFrames: 2)
{
ExpectedException = new ExpectedException(
typeof(CustomSecurityTokenInvalidIssuerException),
Expand All @@ -106,7 +98,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync), null),
ValidationFailureType.IssuerValidationFailed,
typeof(CustomSecurityTokenInvalidIssuerException),
new StackFrame("CustomIssuerValidationDelegates", 107),
new StackFrame("CustomIssuerValidationDelegates.cs", 107),
issuerGuid),
});

Expand All @@ -115,21 +107,20 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
"CustomIssuerValidatorUnknownExceptionDelegate",
issuerGuid,
CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync,
[
new StackFrame("CustomIssuerValidationDelegates", 139),
new StackFrame(false),
new StackFrame(false)
])
extraStackFrames: 2)
{
ExpectedException = new ExpectedException(
typeof(SecurityTokenException),
nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync)),
// CustomIssuerValidationError does not handle the exception type 'NotSupportedException'
ExpectedException = ExpectedException.SecurityTokenException(
LogHelper.FormatInvariant(
Tokens.LogMessages.IDX10002, // "IDX10002: Unknown exception type returned. Type: '{0}'. Message: '{1}'.";
typeof(NotSupportedException),
nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync))),
IssuerValidationError = new CustomIssuerValidationError(
new MessageDetail(
nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync), null),
ValidationFailureType.IssuerValidationFailed,
typeof(NotSupportedException),
new StackFrame("CustomIssuerValidationDelegates", 139),
new StackFrame("CustomIssuerValidationDelegates.cs", 139),
issuerGuid),
});

Expand All @@ -138,11 +129,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
"CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegate",
issuerGuid,
CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync,
[
new StackFrame("CustomIssuerValidationDelegates", 123),
new StackFrame(false),
new StackFrame(false)
])
extraStackFrames: 2)
{
ExpectedException = new ExpectedException(
typeof(CustomSecurityTokenInvalidIssuerException),
Expand All @@ -152,7 +139,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync), null),
CustomIssuerValidationError.CustomIssuerValidationFailureType,
typeof(CustomSecurityTokenInvalidIssuerException),
new StackFrame("CustomIssuerValidationDelegates", 123),
new StackFrame("CustomIssuerValidationDelegates.cs", 123),
issuerGuid,
null),
});
Expand All @@ -165,11 +152,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
"IssuerValidatorDelegate",
issuerGuid,
CustomIssuerValidationDelegates.IssuerValidatorDelegateAsync,
[
new StackFrame("CustomIssuerValidationDelegates", 169),
new StackFrame(false),
new StackFrame(false)
])
extraStackFrames: 2)
{
ExpectedException = new ExpectedException(
typeof(SecurityTokenInvalidIssuerException),
Expand All @@ -179,7 +162,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
nameof(CustomIssuerValidationDelegates.IssuerValidatorDelegateAsync), null),
ValidationFailureType.IssuerValidationFailed,
typeof(SecurityTokenInvalidIssuerException),
new StackFrame("CustomIssuerValidationDelegates", 169),
new StackFrame("CustomIssuerValidationDelegates.cs", 169),
issuerGuid)
});

Expand All @@ -188,21 +171,20 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
"IssuerValidatorCustomIssuerExceptionTypeDelegate",
issuerGuid,
CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync,
[
new StackFrame("CustomIssuerValidationDelegates", 196),
new StackFrame(false),
new StackFrame(false)
])
extraStackFrames: 2)
{
ExpectedException = new ExpectedException(
typeof(SecurityTokenException),
nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync)),
// IssuerValidationError does not handle the exception type 'CustomSecurityTokenInvalidIssuerException'
ExpectedException = ExpectedException.SecurityTokenException(
LogHelper.FormatInvariant(
Tokens.LogMessages.IDX10002, // "IDX10002: Unknown exception type returned. Type: '{0}'. Message: '{1}'.";
typeof(CustomSecurityTokenInvalidIssuerException),
nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync))),
IssuerValidationError = new IssuerValidationError(
new MessageDetail(
nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync), null),
ValidationFailureType.IssuerValidationFailed,
typeof(CustomSecurityTokenInvalidIssuerException),
new StackFrame("CustomIssuerValidationDelegates", 196),
new StackFrame("CustomIssuerValidationDelegates.cs", 196),
issuerGuid)
});

Expand All @@ -211,21 +193,20 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
"IssuerValidatorCustomExceptionTypeDelegate",
issuerGuid,
CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync,
[
new StackFrame("CustomIssuerValidationDelegates", 210),
new StackFrame(false),
new StackFrame(false)
])
extraStackFrames: 2)
{
ExpectedException = new ExpectedException(
typeof(SecurityTokenException),
nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync)),
// IssuerValidationError does not handle the exception type 'CustomSecurityTokenException'
ExpectedException = ExpectedException.SecurityTokenException(
LogHelper.FormatInvariant(
Tokens.LogMessages.IDX10002, // "IDX10002: Unknown exception type returned. Type: '{0}'. Message: '{1}'.";
typeof(CustomSecurityTokenException),
nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync))),
IssuerValidationError = new IssuerValidationError(
new MessageDetail(
nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync), null),
ValidationFailureType.IssuerValidationFailed,
typeof(CustomSecurityTokenException),
new StackFrame("CustomIssuerValidationDelegates", 210),
new StackFrame("CustomIssuerValidationDelegates.cs", 210),
issuerGuid)
});

Expand All @@ -234,10 +215,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest
"IssuerValidatorThrows",
issuerGuid,
CustomIssuerValidationDelegates.IssuerValidatorThrows,
[
new StackFrame("JsonWebTokenHandler.ValidateToken.Internal.cs", 300),
new StackFrame(false)
])
extraStackFrames: 1)
{
ExpectedException = new ExpectedException(
typeof(SecurityTokenInvalidIssuerException),
Expand All @@ -261,7 +239,7 @@ public static TheoryData<IssuerExtensibilityTheoryData> Issuer_ExtensibilityTest

public class IssuerExtensibilityTheoryData : ValidateTokenAsyncBaseTheoryData
{
internal IssuerExtensibilityTheoryData(string testId, string issuer, IssuerValidationDelegateAsync issuerValidator, IList<StackFrame> stackFrames) : base(testId)
internal IssuerExtensibilityTheoryData(string testId, string issuer, IssuerValidationDelegateAsync issuerValidator, int extraStackFrames) : base(testId)
{
JsonWebToken = JsonUtilities.CreateUnsignedJsonWebToken("iss", issuer);
ValidationParameters = new ValidationParameters
Expand All @@ -276,7 +254,7 @@ internal IssuerExtensibilityTheoryData(string testId, string issuer, IssuerValid
TokenTypeValidator = SkipValidationDelegates.SkipTokenTypeValidation
};

StackFrames = stackFrames;
ExtraStackFrames = extraStackFrames;
}

public JsonWebToken JsonWebToken { get; }
Expand All @@ -289,7 +267,7 @@ internal IssuerExtensibilityTheoryData(string testId, string issuer, IssuerValid

internal IssuerValidationError? IssuerValidationError { get; set; }

internal IList<StackFrame> StackFrames { get; }
internal int ExtraStackFrames { get; }
}
}
}
Expand Down
Loading
Loading