public virtual string ProtectToken(SessionToken token, string purpose)
{
Requires.NotNull(token, "token");
Requires.NotNullOrEmpty(purpose, "purpose");
byte[] encoded = token.EncodeToken();
return Protect(encoded, purpose);
}
public void FailsToUnprotectTokenIfPurposeIsDifferent()
{
// Arrange
var tokens = CreateService();
var expires = DateTime.UtcNow;
var token = new SessionToken(
new ReviewRPrincipal(
new ReviewRIdentity()
{
Email = "*****@*****.**",
DisplayName = "Swedish Chef",
Roles = new HashSet<string>()
}), expires);
// Act
string protectedToken = tokens.ProtectToken(token, "porpoise!");
Assert.Throws<InvalidDataException>(() => tokens.UnprotectToken(protectedToken, "notporpoise??!"));
}
public void CorrectlyUnprotectsProtectedTokenWithSamePurpose()
{
// Arrange
var tokens = CreateService();
var expires = DateTime.UtcNow;
var token = new SessionToken(
new ReviewRPrincipal(
new ReviewRIdentity()
{
Email = "*****@*****.**",
DisplayName = "Swedish Chef",
Roles = new HashSet<string>()
}), expires);
// Act
string protectedToken = tokens.ProtectToken(token, "porpoise!");
SessionToken unprotected = tokens.UnprotectToken(protectedToken, "porpoise!");
// Assert
Assert.Equal("Swedish Chef", unprotected.User.Identity.DisplayName);
Assert.Equal("*****@*****.**", unprotected.User.Identity.Email);
Assert.Equal(expires, unprotected.Expires);
}
public override string ProtectToken(SessionToken token, string purpose)
{
byte[] encoded = token.EncodeToken();
return purpose + "|" + Convert.ToBase64String(encoded);
}