File: DefaultClaimUidExtractorTest.cs
Web Access
Project: src\src\Antiforgery\test\Microsoft.AspNetCore.Antiforgery.Test.csproj (Microsoft.AspNetCore.Antiforgery.Test)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System.Security.Claims;
using Microsoft.Extensions.ObjectPool;
using Moq;
 
namespace Microsoft.AspNetCore.Antiforgery.Internal;
 
public class DefaultClaimUidExtractorTest
{
    private static readonly ObjectPool<AntiforgerySerializationContext> _pool =
        new DefaultObjectPoolProvider().Create(new AntiforgerySerializationContextPooledObjectPolicy());
 
    [Fact]
    public void ExtractClaimUid_Unauthenticated()
    {
        // Arrange
        var extractor = new DefaultClaimUidExtractor(_pool);
 
        var mockIdentity = new Mock<ClaimsIdentity>();
        mockIdentity.Setup(o => o.IsAuthenticated)
                    .Returns(false);
 
        // Act
        var claimUid = extractor.ExtractClaimUid(new ClaimsPrincipal(mockIdentity.Object));
 
        // Assert
        Assert.Null(claimUid);
    }
 
    [Fact]
    public void ExtractClaimUid_ClaimsIdentity()
    {
        // Arrange
        var mockIdentity = new Mock<ClaimsIdentity>();
        mockIdentity.Setup(o => o.IsAuthenticated)
                    .Returns(true);
        mockIdentity.Setup(o => o.Claims).Returns(new Claim[] { new Claim(ClaimTypes.Name, "someName") });
 
        var extractor = new DefaultClaimUidExtractor(_pool);
 
        // Act
        var claimUid = extractor.ExtractClaimUid(new ClaimsPrincipal(mockIdentity.Object));
 
        // Assert
        Assert.NotNull(claimUid);
        Assert.Equal("yhXE+2v4zSXHtRHmzm4cmrhZca2J0g7yTUwtUerdeF4=", claimUid);
    }
 
    [Fact]
    public void DefaultUniqueClaimTypes_NotPresent_SerializesAllClaimTypes()
    {
        var identity = new ClaimsIdentity("someAuthentication");
        identity.AddClaim(new Claim(ClaimTypes.Email, "someone@antiforgery.com"));
        identity.AddClaim(new Claim(ClaimTypes.GivenName, "some"));
        identity.AddClaim(new Claim(ClaimTypes.Surname, "one"));
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, string.Empty));
 
        // Arrange
        var claimsIdentity = (ClaimsIdentity)identity;
 
        // Act
        var identiferParameters = DefaultClaimUidExtractor.GetUniqueIdentifierParameters(new ClaimsIdentity[] { claimsIdentity })!
                                                          .ToArray();
        var claims = claimsIdentity.Claims.ToList();
        claims.Sort((a, b) => string.Compare(a.Type, b.Type, StringComparison.Ordinal));
 
        // Assert
        int index = 0;
        foreach (var claim in claims)
        {
            Assert.Equal(identiferParameters[index++], claim.Type);
            Assert.Equal(identiferParameters[index++], claim.Value);
            Assert.Equal(identiferParameters[index++], claim.Issuer);
        }
    }
 
    [Fact]
    public void DefaultUniqueClaimTypes_Present()
    {
        // Arrange
        var identity = new ClaimsIdentity("someAuthentication");
        identity.AddClaim(new Claim("fooClaim", "fooClaimValue"));
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "nameIdentifierValue"));
 
        // Act
        var uniqueIdentifierParameters = DefaultClaimUidExtractor.GetUniqueIdentifierParameters(new ClaimsIdentity[] { identity });
 
        // Assert
        Assert.Equal(new string[]
        {
                ClaimTypes.NameIdentifier,
                "nameIdentifierValue",
                "LOCAL AUTHORITY",
        }, uniqueIdentifierParameters);
    }
 
    [Fact]
    public void GetUniqueIdentifierParameters_PrefersSubClaimOverNameIdentifierAndUpn()
    {
        // Arrange
        var identity = new ClaimsIdentity("someAuthentication");
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "nameIdentifierValue"));
        identity.AddClaim(new Claim("sub", "subClaimValue"));
        identity.AddClaim(new Claim(ClaimTypes.Upn, "upnClaimValue"));
 
        // Act
        var uniqueIdentifierParameters = DefaultClaimUidExtractor.GetUniqueIdentifierParameters(new ClaimsIdentity[] { identity });
 
        // Assert
        Assert.Equal(new string[]
        {
                "sub",
                "subClaimValue",
                "LOCAL AUTHORITY",
        }, uniqueIdentifierParameters);
    }
 
    [Fact]
    public void GetUniqueIdentifierParameters_PrefersNameIdentifierOverUpn()
    {
        // Arrange
        var identity = new ClaimsIdentity("someAuthentication");
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "nameIdentifierValue"));
        identity.AddClaim(new Claim(ClaimTypes.Upn, "upnClaimValue"));
 
        // Act
        var uniqueIdentifierParameters = DefaultClaimUidExtractor.GetUniqueIdentifierParameters(new ClaimsIdentity[] { identity });
 
        // Assert
        Assert.Equal(new string[]
        {
                ClaimTypes.NameIdentifier,
                "nameIdentifierValue",
                "LOCAL AUTHORITY",
        }, uniqueIdentifierParameters);
    }
 
    [Fact]
    public void GetUniqueIdentifierParameters_UsesUpnIfPresent()
    {
        // Arrange
        var identity = new ClaimsIdentity("someAuthentication");
        identity.AddClaim(new Claim("fooClaim", "fooClaimValue"));
        identity.AddClaim(new Claim(ClaimTypes.Upn, "upnClaimValue"));
 
        // Act
        var uniqueIdentifierParameters = DefaultClaimUidExtractor.GetUniqueIdentifierParameters(new ClaimsIdentity[] { identity });
 
        // Assert
        Assert.Equal(new string[]
        {
                ClaimTypes.Upn,
                "upnClaimValue",
                "LOCAL AUTHORITY",
        }, uniqueIdentifierParameters);
    }
 
    [Fact]
    public void GetUniqueIdentifierParameters_MultipleIdentities_UsesOnlyAuthenticatedIdentities()
    {
        // Arrange
        var identity1 = new ClaimsIdentity(); // no authentication
        identity1.AddClaim(new Claim("sub", "subClaimValue"));
        var identity2 = new ClaimsIdentity("someAuthentication");
        identity2.AddClaim(new Claim(ClaimTypes.NameIdentifier, "nameIdentifierValue"));
 
        // Act
        var uniqueIdentifierParameters = DefaultClaimUidExtractor.GetUniqueIdentifierParameters(new ClaimsIdentity[] { identity1, identity2 });
 
        // Assert
        Assert.Equal(new string[]
        {
                ClaimTypes.NameIdentifier,
                "nameIdentifierValue",
                "LOCAL AUTHORITY",
        }, uniqueIdentifierParameters);
    }
 
    [Fact]
    public void GetUniqueIdentifierParameters_NoKnownClaimTypesFound_SortsAndReturnsAllClaimsFromAuthenticatedIdentities()
    {
        // Arrange
        var identity1 = new ClaimsIdentity(); // no authentication
        identity1.AddClaim(new Claim("sub", "subClaimValue"));
        var identity2 = new ClaimsIdentity("someAuthentication");
        identity2.AddClaim(new Claim(ClaimTypes.Email, "email@domain.com"));
        var identity3 = new ClaimsIdentity("someAuthentication");
        identity3.AddClaim(new Claim(ClaimTypes.Country, "countryValue"));
        var identity4 = new ClaimsIdentity("someAuthentication");
        identity4.AddClaim(new Claim(ClaimTypes.Name, "claimName"));
 
        // Act
        var uniqueIdentifierParameters = DefaultClaimUidExtractor.GetUniqueIdentifierParameters(
            new ClaimsIdentity[] { identity1, identity2, identity3, identity4 });
 
        // Assert
        Assert.Equal(new List<string>
            {
                ClaimTypes.Country,
                "countryValue",
                "LOCAL AUTHORITY",
                ClaimTypes.Email,
                "email@domain.com",
                "LOCAL AUTHORITY",
                ClaimTypes.Name,
                "claimName",
                "LOCAL AUTHORITY",
            }, uniqueIdentifierParameters);
    }
 
    [Fact]
    public void GetUniqueIdentifierParameters_PrefersNameFromFirstIdentity_OverSubFromSecondIdentity()
    {
        // Arrange
        var identity1 = new ClaimsIdentity("someAuthentication");
        identity1.AddClaim(new Claim(ClaimTypes.NameIdentifier, "nameIdentifierValue"));
        var identity2 = new ClaimsIdentity("someAuthentication");
        identity2.AddClaim(new Claim("sub", "subClaimValue"));
 
        // Act
        var uniqueIdentifierParameters = DefaultClaimUidExtractor.GetUniqueIdentifierParameters(
            new ClaimsIdentity[] { identity1, identity2 });
 
        // Assert
        Assert.Equal(new string[]
        {
                ClaimTypes.NameIdentifier,
                "nameIdentifierValue",
                "LOCAL AUTHORITY",
        }, uniqueIdentifierParameters);
    }
 
    [Fact]
    public void GetUniqueIdentifierParameters_PrefersUpnFromFirstIdentity_OverNameFromSecondIdentity()
    {
        // Arrange
        var identity1 = new ClaimsIdentity("someAuthentication");
        identity1.AddClaim(new Claim(ClaimTypes.Upn, "upnValue"));
        var identity2 = new ClaimsIdentity("someAuthentication");
        identity2.AddClaim(new Claim(ClaimTypes.NameIdentifier, "nameIdentifierValue"));
 
        // Act
        var uniqueIdentifierParameters = DefaultClaimUidExtractor.GetUniqueIdentifierParameters(
            new ClaimsIdentity[] { identity1, identity2 });
 
        // Assert
        Assert.Equal(new string[]
        {
                ClaimTypes.Upn,
                "upnValue",
                "LOCAL AUTHORITY",
        }, uniqueIdentifierParameters);
    }
}