public void RenewCookieAfterHalfExpirationTime_HalfTimeHasNotPassed()
{
var testUser = new FakeUserInfo("TestUser");
var impersonateUserName = "******";
var options = new ImpersonationOptions {
CookieDurationMinutes = 3
};
var cookie = ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName, options);
var impersonationInfo = ImpersonationServiceHelper.DecryptCookieValue(cookie.Value);
AssertIsWithinOneSecond(DateTime.Now.AddMinutes(options.CookieDurationMinutes), impersonationInfo.Expires); // Reviewing the test setup.
// Half-time has not passed:
impersonationInfo.Expires = DateTime.Now.AddMinutes(options.CookieDurationMinutes / 2.0).AddSeconds(1);
cookie.Value = ImpersonationServiceHelper.EncryptCookieValue(impersonationInfo);
(var impersonationService, var httpContext, _) = ImpersonationServiceHelper.CreateImpersonationService(testUser, options);
httpContext.RequestCookies.Add(cookie);
var user = impersonationService.GetAuthenticationInfo();
// Impersonation should still be valid, the cookie should not be modified.
Assert.AreEqual(
"TestUser as TestImpersonatedUser, original TestUser",
ReportImpersonationStatus(user));
Assert.AreEqual(0, httpContext.ResponseCookies.Count);
}
private void AssertOptionsFields(ImpersonationOptions options, string targetPrincipal, TimeSpan lifetime, IEnumerable <string> delegateAccounts, IEnumerable <string> scopes)
{
Assert.Equal(targetPrincipal, options.TargetPrincipal);
Assert.Equal(delegateAccounts, options.DelegateAccounts);
Assert.Equal(scopes, options.Scopes);
Assert.Equal(lifetime, options.Lifetime);
}
public void Constructor_InvalidSourceCredential()
{
var sourceCredential = GoogleCredential.FromComputeCredential();
var options = new ImpersonationOptions("principal", null, null, null);
var initializer = new ImpersonatedCredential.Initializer(sourceCredential, options);
var ex = Assert.Throws <InvalidOperationException>(() => new ImpersonatedCredential(initializer));
Assert.Equal("The underlying credential of source credential must be UserCredential or ServiceAccountCredential.", ex.Message);
}
public void Impersonate()
{
var sourceCredential = GoogleCredential.FromJson(DummyServiceAccountCredentialFileContents);
var delegates = new[] { "delegate" };
var scopes = new[] { "scope" };
var targetPrincipal = "principal";
var lifetime = new TimeSpan(2, 0, 0);
var options = new ImpersonationOptions(targetPrincipal, lifetime, delegates, scopes);
var credential = sourceCredential.Impersonate(options);
var impersonatedCredential = (ImpersonatedCredential)credential.UnderlyingCredential;
Assert.Equal(delegates, impersonatedCredential.Options.DelegateAccounts);
Assert.Equal(scopes, impersonatedCredential.Options.Scopes);
Assert.Equal(targetPrincipal, impersonatedCredential.Options.TargetPrincipal);
Assert.Equal(lifetime, impersonatedCredential.Options.Lifetime);
}
CreateImpersonationService(IUserInfo testUser, ImpersonationOptions options = null)
{
options ??= new ImpersonationOptions();
var httpContextAccessor = new FakeHttpContextAccessor(testUser?.IsUserRecognized == true ? testUser.UserName : null);
var dataProtectionProvider = new FakeDataProtectionProvider();
BaseAuthentication baseUserInfo = new BaseAuthentication(new RhetosAspNetCoreIdentityUser(httpContextAccessor));
var log = new List <string>();
void logMonitor(EventType eventType, string eventName, Func <string> message) => log.Add($"[{eventType}] {eventName}: {message()}");
var logProvider = new ConsoleLogProvider(logMonitor);
var impersonationService = new ImpersonationService(httpContextAccessor, dataProtectionProvider, logProvider, options ?? new ImpersonationOptions(), baseUserInfo);
return(impersonationService, httpContextAccessor, log);
}
private static ImpersonatedCredential CreateImpersonatedCredentialForBody(object body, bool serializeBody = true, HttpStatusCode status = HttpStatusCode.OK)
{
var sourceCredential = CreateSourceCredential();
var content = "";
if (serializeBody)
{
content = NewtonsoftJsonSerializer.Instance.Serialize(body);
}
else
{
content = (string)body;
}
var messageHandler = new FakeHttpMessageHandler(status, content);
var options = new ImpersonationOptions("principal", null, null, new[] { "scope" });
var initializer = new ImpersonatedCredential.Initializer(sourceCredential, options)
{
Clock = _clock,
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
return(new ImpersonatedCredential(initializer));
}
public static FakeCookie SetImpersonation(IUserInfo testUser, string impersonateUserName, ImpersonationOptions options = null)
{
(var impersonationService, var httpContextAccessor, _) = CreateImpersonationService(testUser, options);
impersonationService.SetImpersonation(testUser, impersonateUserName);
return(httpContextAccessor.ResponseCookies.Single());
}
public void CreateForTargetPrincipal()
{
var options = ImpersonationOptions.CreateForTargetPrincipal(DefaultTargetPrincipal);
AssertOptionsFields(options, DefaultTargetPrincipal, _defaultLifetime, null, null);
}
