public async Task when_setting_disabled_logout_should_not_revoke_refreshtoken()
{
BffHost.BffOptions.RevokeRefreshTokenOnLogout = false;
await BffHost.InitializeAsync();
await BffHost.BffLoginAsync("alice", "sid");
{
var store = IdentityServerHost.Resolve <IPersistedGrantStore>();
var grants = await store.GetAllAsync(new PersistedGrantFilter
{
SubjectId = "alice"
});
var rt = grants.Single(x => x.Type == "refresh_token");
rt.Should().NotBeNull();
}
await BffHost.BffLogoutAsync("sid");
{
var store = IdentityServerHost.Resolve <IPersistedGrantStore>();
var grants = await store.GetAllAsync(new PersistedGrantFilter
{
SubjectId = "alice"
});
var rt = grants.Single(x => x.Type == "refresh_token");
rt.Should().NotBeNull();
}
}
public async Task custom_header_should_be_forwarded_and_xforwarded_headers_should_be_created()
{
BffHost.BffOptions.AddXForwardedHeaders = true;
BffHost.BffOptions.ForwardedHeaders.Add("x-custom");
await BffHost.InitializeAsync();
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
req.Headers.Add("x-csrf", "1");
req.Headers.Add("x-custom", "custom");
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.Should().BeTrue();
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize <ApiResponse>(json);
apiResult.RequestHeaders.Count.Should().Be(4);
apiResult.RequestHeaders["X-Forwarded-Host"].Single().Should().Be("app");
apiResult.RequestHeaders["X-Forwarded-Proto"].Single().Should().Be("https");
apiResult.RequestHeaders["Host"].Single().Should().Be("api");
apiResult.RequestHeaders["x-custom"].Single().Should().Be("custom");
}
public ServerSideTicketStoreTests()
{
BffHost.OnConfigureServices += services =>
{
services.AddSingleton <IUserSessionStore>(_sessionStore);
};
BffHost.InitializeAsync().Wait();
}
public ApiUseForwardedHeaders()
{
ApiHost = new ApiHost(IdentityServerHost, "scope1", useForwardedHeaders: true);
ApiHost.InitializeAsync().Wait();
BffHost = new BffHost(IdentityServerHost, ApiHost, "spa", useForwardedHeaders: false);
BffHost.InitializeAsync().Wait();
}
public async Task user_endpoint_when_uservalidate_renews_and_sliding_flag_is_passed_cookie_should_not_slide()
{
var shouldRenew = false;
#if NET6_0_OR_GREATER
BffHost.OnConfigureServices += services =>
{
services.Configure <CookieAuthenticationOptions>("cookie", options =>
{
options.Events.OnCheckSlidingExpiration = ctx =>
{
ctx.ShouldRenew = shouldRenew;
return(Task.CompletedTask);
};
});
};
#else
BffHost.OnConfigureServices += services =>
{
services.Configure <CookieAuthenticationOptions>("cookie", options =>
{
options.Events.OnValidatePrincipal = ctx =>
{
ctx.ShouldRenew = shouldRenew;
return(Task.CompletedTask);
};
});
};
#endif
await BffHost.InitializeAsync();
await BffHost.BffLoginAsync("alice");
var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });
sessions.Count().Should().Be(1);
var session = sessions.Single();
var ticketStore = BffHost.Resolve <IServerTicketStore>();
var firstTicket = await ticketStore.RetrieveAsync(session.Key);
firstTicket.Should().NotBeNull();
shouldRenew = true;
_clock.UtcNow = _clock.UtcNow.AddSeconds(1);
(await BffHost.GetIsUserLoggedInAsync("slide=false")).Should().BeTrue();
var secondTicket = await ticketStore.RetrieveAsync(session.Key);
secondTicket.Should().NotBeNull();
(secondTicket.Properties.IssuedUtc == firstTicket.Properties.IssuedUtc).Should().BeTrue();
(secondTicket.Properties.ExpiresUtc == firstTicket.Properties.ExpiresUtc).Should().BeTrue();
}
public async Task logout_endpoint_for_authenticated_user_without_sid_should_succeed()
{
// workaround for RevokeUserRefreshTokenAsync throwing when no RT in session
BffHost.BffOptions.RevokeRefreshTokenOnLogout = false;
await BffHost.InitializeAsync();
await BffHost.IssueSessionCookieAsync("alice");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.Should().Be(302); // endsession
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
}
public CookieSlidingTests()
{
BffHost.OnConfigureServices += services =>
{
services.AddSingleton <IUserSessionStore>(_sessionStore);
services.Configure <CookieAuthenticationOptions>("cookie", options =>
{
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
});
services.AddSingleton <ISystemClock>(_clock);
};
BffHost.InitializeAsync().Wait();
}
public async Task forwarded_host_name_with_header_forwarding_should_propagate_to_api()
{
await BffHost.InitializeAsync();
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
req.Headers.Add("x-csrf", "1");
req.Headers.Add("X-Forwarded-Host", "external");
var response = await BffHost.BrowserClient.SendAsync(req);
response.IsSuccessStatusCode.Should().BeTrue();
var json = await response.Content.ReadAsStringAsync();
var apiResult = JsonSerializer.Deserialize <ApiResponse>(json);
var host = apiResult.RequestHeaders["Host"].Single();
host.Should().Be("external");
}
public async Task login_endpoint_should_challenge_and_redirect_to_root_with_root_prefix()
{
BffHost.BffOptions.ManagementBasePath = "/";
await BffHost.InitializeAsync();
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/login"));
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().StartWith(IdentityServerHost.Url("/connect/authorize"));
await IdentityServerHost.IssueSessionCookieAsync("alice");
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().StartWith(BffHost.Url("/signin-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().Be("/");
}
