public void HeaderWithNameDfcSessionIsNotPrefixedWithPath()
{
using (var childHttpResponseMessage = new HttpResponseMessage())
{
//Arrange
var path = "path1";
A.CallTo(() => compositeDataProtectionDataProvider.Unprotect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
A.CallTo(() => compositeDataProtectionDataProvider.Protect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
A.CallTo(() => pathLocator.GetPath()).Returns(path);
childHttpResponseMessage.Headers.Add(HeaderNames.SetCookie, new List <string>()
{
$"{Constants.DfcSession}=value1", "v2=value2"
});
childHttpResponseMessage.Headers.Add(HeaderNames.Referer, "Referer1=Referer1Value");
//Act
cookieHttpResponseMessageHandler.Process(childHttpResponseMessage);
//Assert
var shellResponseHeaders = httpContextAccessor.HttpContext.Response.Headers;
var setCookieHeader = shellResponseHeaders[HeaderNames.SetCookie];
Assert.Equal(2, setCookieHeader.Count);
Assert.StartsWith($"{Constants.DfcSession}=value1", setCookieHeader[0], StringComparison.OrdinalIgnoreCase);
Assert.StartsWith($"{path}v2=value2", setCookieHeader[1], StringComparison.OrdinalIgnoreCase);
}
}
public void Process(HttpResponseMessage httpResponseMessage)
{
var headers = new Dictionary <string, int>();
foreach (var header in httpResponseMessage?.Headers.Where(x => x.Key == HeaderNames.SetCookie))
{
foreach (var headerValue in header.Value)
{
var cookieSettings = setCookieParser.Parse(headerValue);
var cookieKey = cookieSettings.Key;
var prefix = headerRenamerService.Rename(cookieKey) ? pathLocator.GetPath() : string.Empty;
var cookieKeyWithPrefix = string.Concat(prefix, cookieKey);
var allowedHeaderCount = headerCountService.Count(cookieKey);
var currentHeaderCount = GetHeaderCount(headers, cookieKey);
var cookieValue = cookieSettings.Value;
if (cookieSettings.Key == Constants.DfcSession)
{
cookieValue = compositeDataProtectionDataProvider.Protect(cookieValue);
}
if (currentHeaderCount < allowedHeaderCount)
{
RegisterHeader(headers, cookieKey);
httpContextAccessor.HttpContext.Response.Cookies.Append(cookieKeyWithPrefix, cookieValue, cookieSettings.CookieOptions);
AddToHttpContext(cookieKeyWithPrefix, cookieValue);
}
}
}
}
public async Task WhenShellAuthenticatedPassOnToken()
{
//Arrange
var path1 = "path1";
var path2 = "path2";
var requestUrl = $"https://someurl.com/{path1}";
//Create fakes
pathLocator = A.Fake <IPathLocator>();
httpContextAccessor = A.Fake <IHttpContextAccessor>();
compositeDataProtectionDataProvider = A.Fake <ICompositeDataProtectionDataProvider>();
//Fake calls
A.CallTo(() => pathLocator.GetPath()).Returns(path1);
A.CallTo(() => compositeDataProtectionDataProvider.Unprotect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
A.CallTo(() => compositeDataProtectionDataProvider.Protect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
//Set some headers on the incoming request
httpContextAccessor.HttpContext = new DefaultHttpContext {
User = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> {
new Claim("bearer", "test")
}, "mock"))
};
httpContextAccessor.HttpContext.Request.Headers.Add(HeaderNames.Cookie, $"{Constants.DfcSession}=sessionId1;{path1}v1=value1;{path1}v2=value2;{path2}v3=value3;{path2}v4=value4");
httpContextAccessor.HttpContext.Session = new MockHttpSession();
//Create a get request that is used to send data to the child app
var httpRequestChildMessage = new HttpRequestMessage(HttpMethod.Get, requestUrl);
//Create handlers and set the inner handler
handler = new CookieDelegatingHandler(httpContextAccessor, pathLocator, compositeDataProtectionDataProvider)
{
InnerHandler = new StatusOkDelegatingHandler(),
};
//Act
var invoker = new HttpMessageInvoker(handler);
await invoker.SendAsync(httpRequestChildMessage, CancellationToken.None).ConfigureAwait(false);
//Check that the values that are sent back are correct
var headerValue = httpRequestChildMessage.Headers.Authorization;
Assert.Equal("test", headerValue.Parameter);
httpRequestChildMessage.Dispose();
invoker.Dispose();
}
public async Task CanCopyHeadersFromShellToChildApp()
{
//Arrange
var path1 = "path1";
var path2 = "path2";
var requestUrl = $"https://someurl.com/{path1}";
//Create fakes
pathLocator = A.Fake <IPathLocator>();
httpContextAccessor = A.Fake <IHttpContextAccessor>();
compositeDataProtectionDataProvider = A.Fake <ICompositeDataProtectionDataProvider>();
//Fake calls
A.CallTo(() => pathLocator.GetPath()).Returns(path1);
A.CallTo(() => compositeDataProtectionDataProvider.Unprotect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
A.CallTo(() => compositeDataProtectionDataProvider.Protect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
//Set some headers on the incoming request
httpContextAccessor.HttpContext = new DefaultHttpContext();
httpContextAccessor.HttpContext.Request.Headers.Add(HeaderNames.Cookie, $"{path1}v1=value1;{path1}v2=value2;{path2}v3=value3;{path2}v4=value4");
//Create a get request that is used to send data to the child app
var httpRequestChildMessage = new HttpRequestMessage(HttpMethod.Get, requestUrl);
//Create handlers and set the inner handler
handler = new CookieDelegatingHandler(httpContextAccessor, pathLocator, compositeDataProtectionDataProvider)
{
InnerHandler = new StatusOkDelegatingHandler(),
};
//Act
var invoker = new HttpMessageInvoker(handler);
await invoker.SendAsync(httpRequestChildMessage, CancellationToken.None).ConfigureAwait(false);
//Check that the child app has the correct number of headers based on the incoming request
Assert.Single(httpRequestChildMessage.Headers);
//Check that the values that are sent back are correct
var headerValue = httpRequestChildMessage.Headers.First().Value.ToList();
Assert.Equal("v1=value1", headerValue.First());
Assert.Equal("v2=value2", headerValue.Last());
httpRequestChildMessage.Dispose();
invoker.Dispose();
}