Ejemplo n.º 1
0
        public async Task Instance_Post_WithQueryParamInvalidCsrf_AuthCookie()
        {
            string token = PrincipalUtil.GetToken(1);

            HttpClient         client = SetupUtil.GetTestClient(_factory, "tdd", "endring-av-navn");
            HttpRequestMessage httpRequestMessageHome = new HttpRequestMessage(HttpMethod.Get, "/tdd/endring-av-navn/")
            {
            };

            SetupUtil.AddAuthCookie(httpRequestMessageHome, token);

            HttpResponseMessage responseHome = await client.SendAsync(httpRequestMessageHome);

            string             xsrfToken          = SetupUtil.GetXsrfCookieValue(responseHome);
            HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, "/tdd/endring-av-navn/instances?instanceOwnerPartyId=1000")
            {
            };

            xsrfToken = xsrfToken + "THIS_MAKE_THE_TOKEN_INVALID";
            SetupUtil.AddAuthCookie(httpRequestMessage, token, xsrfToken);

            HttpResponseMessage response = await client.SendAsync(httpRequestMessage);

            string responseContent = await response.Content.ReadAsStringAsync();

            Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
        }
Ejemplo n.º 2
0
        public async Task Instance_Post_WithQueryParamOk_AuthCookie()
        {
            string token = PrincipalUtil.GetToken(1337);

            HttpClient         client = SetupUtil.GetTestClient(_factory, "tdd", "endring-av-navn");
            HttpRequestMessage httpRequestMessageHome = new HttpRequestMessage(HttpMethod.Get, "/tdd/endring-av-navn/")
            {
            };

            SetupUtil.AddAuthCookie(httpRequestMessageHome, token);

            HttpResponseMessage responseHome = await client.SendAsync(httpRequestMessageHome);

            string             xsrfToken          = SetupUtil.GetXsrfCookieValue(responseHome);
            HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, "/tdd/endring-av-navn/instances?instanceOwnerPartyId=1337")
            {
            };

            SetupUtil.AddAuthCookie(httpRequestMessage, token, xsrfToken);

            HttpResponseMessage response = await client.SendAsync(httpRequestMessage);

            string responseContent = await response.Content.ReadAsStringAsync();

            Instance instance = JsonConvert.DeserializeObject <Instance>(responseContent);

            Assert.Equal(HttpStatusCode.Created, response.StatusCode);
            Assert.NotNull(instance);
            Assert.Equal("1337", instance.InstanceOwner.PartyId);

            TestDataUtil.DeleteInstanceAndData("tdd", "endring-av-navn", 1337, new Guid(instance.Id.Split('/')[1]));
        }
Ejemplo n.º 3
0
        public async Task Logout_FrontChannelOK()
        {
            List <Claim> claims = new List <Claim>();
            string       issuer = "www.altinn.no";

            claims.Add(new Claim("originaliss", "uidp", ClaimValueTypes.String, issuer));

            string token = PrincipalUtil.GetToken(1337, claims);

            HttpClient client = GetTestClient(_cookieDecryptionService.Object, _userProfileService.Object);

            HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "/authentication/api/v1/frontchannel_logout");

            SetupUtil.AddAuthCookie(requestMessage, token);

            // Act
            HttpResponseMessage response = await client.SendAsync(requestMessage);

            // Assert
            Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode);

            IEnumerable <string> values;

            if (response.Headers.TryGetValues("Set-Cookie", out values))
            {
                Assert.Equal(".ASPXAUTH=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=localhost; path=/; secure; httponly", values.First());
                Assert.Equal("AltinnStudioRuntime=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=localhost; path=/; secure; httponly", values.Last());
            }
        }
        public async Task GetHome_OK_WithAuthCookie()
        {
            string token = PrincipalUtil.GetToken(1337);

            HttpClient         client             = SetupUtil.GetTestClient(_factory, "tdd", "endring-av-navn");
            HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, "/tdd/endring-av-navn/");

            SetupUtil.AddAuthCookie(httpRequestMessage, token);

            HttpResponseMessage response = await client.SendAsync(httpRequestMessage);

            string responseContent = await response.Content.ReadAsStringAsync();

            IEnumerable <string> cookieHeaders = response.Headers.GetValues("Set-Cookie");

            // Verify that
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            Assert.Equal(2, cookieHeaders.Count());
            Assert.StartsWith("AS-", cookieHeaders.ElementAt(0));
            Assert.StartsWith("XSR", cookieHeaders.ElementAt(1));
        }
Ejemplo n.º 5
0
        public async Task Logout_LogedIn_RedirectToSBL()
        {
            string token = PrincipalUtil.GetToken(1337, null);

            HttpClient client = GetTestClient(_cookieDecryptionService.Object, _userProfileService.Object);

            HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "/authentication/api/v1/logout");

            SetupUtil.AddAuthCookie(requestMessage, token);

            // Act
            HttpResponseMessage response = await client.SendAsync(requestMessage);

            // Assert
            Assert.Equal(System.Net.HttpStatusCode.Found, response.StatusCode);

            IEnumerable <string> values;

            if (response.Headers.TryGetValues("location", out values))
            {
                Assert.Equal("http://localhost/ui/authentication/logout", values.First());
            }
        }