public async Task CanCreateMeLoginAndCookieStopsWorkingAfterExpiration()
{
var clock = new TestClock();
var server = CreateServer(services => services.ConfigureIdentityApplicationCookie(appCookieOptions =>
{
appCookieOptions.SystemClock = clock;
appCookieOptions.ExpireTimeSpan = TimeSpan.FromMinutes(10);
appCookieOptions.SlidingExpiration = false;
}));
var transaction1 = await SendAsync(server, "http://example.com/createMe");
transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
Assert.Null(transaction1.SetCookie);
var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/false");
transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
Assert.NotNull(transaction2.SetCookie);
transaction2.SetCookie.ShouldNotContain("; expires=");
var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("hao");
Assert.Null(transaction3.SetCookie);
clock.Add(TimeSpan.FromMinutes(7));
var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("hao");
Assert.Null(transaction4.SetCookie);
clock.Add(TimeSpan.FromMinutes(7));
var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe(null);
Assert.Null(transaction5.SetCookie);
}
public async Task CanCreateMeLoginAndCookieStopsWorkingAfterExpiration()
{
var clock = new TestClock();
var server = CreateServer(services => services.ConfigureIdentityApplicationCookie(appCookieOptions =>
{
appCookieOptions.SystemClock = clock;
appCookieOptions.ExpireTimeSpan = TimeSpan.FromMinutes(10);
appCookieOptions.SlidingExpiration = false;
}));
var transaction1 = await SendAsync(server, "http://example.com/createMe");
transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
Assert.Null(transaction1.SetCookie);
var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/false");
transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
Assert.NotNull(transaction2.SetCookie);
transaction2.SetCookie.ShouldNotContain("; expires=");
var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("hao");
Assert.Null(transaction3.SetCookie);
clock.Add(TimeSpan.FromMinutes(7));
var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("hao");
Assert.Null(transaction4.SetCookie);
clock.Add(TimeSpan.FromMinutes(7));
var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe(null);
Assert.Null(transaction5.SetCookie);
}
public async Task CanCreateMeLoginAndSecurityStampExtendsExpiration(bool rememberMe)
{
var clock = new TestClock();
var server = CreateServer(services => services.Configure <IdentityOptions>(options =>
{
options.Cookies.ApplicationCookie.SystemClock = clock;
}));
var transaction1 = await SendAsync(server, "http://example.com/createMe");
transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
Assert.Null(transaction1.SetCookie);
var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/" + rememberMe);
transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
Assert.NotNull(transaction2.SetCookie);
if (rememberMe)
{
transaction2.SetCookie.ShouldContain("; expires=");
}
else
{
transaction2.SetCookie.ShouldNotContain("; expires=");
}
var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("hao");
Assert.Null(transaction3.SetCookie);
// Make sure we don't get a new cookie yet
clock.Add(TimeSpan.FromMinutes(10));
var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("hao");
Assert.Null(transaction4.SetCookie);
// Go past SecurityStampValidation interval and ensure we get a new cookie
clock.Add(TimeSpan.FromMinutes(21));
var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
Assert.NotNull(transaction5.SetCookie);
FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe("hao");
// Make sure new cookie is valid
var transaction6 = await SendAsync(server, "http://example.com/me", transaction5.CookieNameValue);
FindClaimValue(transaction6, ClaimTypes.Name).ShouldBe("hao");
}
public async Task CanCreateMeLoginAndSecurityStampExtendsExpiration(bool rememberMe)
{
var clock = new TestClock();
var server = CreateServer(services => services.ConfigureIdentityApplicationCookie(appCookieOptions =>
{
appCookieOptions.SystemClock = clock;
}));
var transaction1 = await SendAsync(server, "http://example.com/createMe");
transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
Assert.Null(transaction1.SetCookie);
var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/" + rememberMe);
transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
Assert.NotNull(transaction2.SetCookie);
if (rememberMe)
{
transaction2.SetCookie.ShouldContain("; expires=");
}
else
{
transaction2.SetCookie.ShouldNotContain("; expires=");
}
var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("hao");
Assert.Null(transaction3.SetCookie);
// Make sure we don't get a new cookie yet
clock.Add(TimeSpan.FromMinutes(10));
var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("hao");
Assert.Null(transaction4.SetCookie);
// Go past SecurityStampValidation interval and ensure we get a new cookie
clock.Add(TimeSpan.FromMinutes(21));
var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
Assert.NotNull(transaction5.SetCookie);
FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe("hao");
// Make sure new cookie is valid
var transaction6 = await SendAsync(server, "http://example.com/me", transaction5.CookieNameValue);
FindClaimValue(transaction6, ClaimTypes.Name).ShouldBe("hao");
}