public async Task when_setting_disabled_logout_should_not_revoke_refreshtoken() { BffHost.BffOptions.RevokeRefreshTokenOnLogout = false; await BffHost.InitializeAsync(); await BffHost.BffLoginAsync("alice", "sid"); { var store = IdentityServerHost.Resolve <IPersistedGrantStore>(); var grants = await store.GetAllAsync(new PersistedGrantFilter { SubjectId = "alice" }); var rt = grants.Single(x => x.Type == "refresh_token"); rt.Should().NotBeNull(); } await BffHost.BffLogoutAsync("sid"); { var store = IdentityServerHost.Resolve <IPersistedGrantStore>(); var grants = await store.GetAllAsync(new PersistedGrantFilter { SubjectId = "alice" }); var rt = grants.Single(x => x.Type == "refresh_token"); rt.Should().NotBeNull(); } }
public async Task custom_header_should_be_forwarded_and_xforwarded_headers_should_be_created() { BffHost.BffOptions.AddXForwardedHeaders = true; BffHost.BffOptions.ForwardedHeaders.Add("x-custom"); await BffHost.InitializeAsync(); var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test")); req.Headers.Add("x-csrf", "1"); req.Headers.Add("x-custom", "custom"); var response = await BffHost.BrowserClient.SendAsync(req); response.IsSuccessStatusCode.Should().BeTrue(); var json = await response.Content.ReadAsStringAsync(); var apiResult = JsonSerializer.Deserialize <ApiResponse>(json); apiResult.RequestHeaders.Count.Should().Be(4); apiResult.RequestHeaders["X-Forwarded-Host"].Single().Should().Be("app"); apiResult.RequestHeaders["X-Forwarded-Proto"].Single().Should().Be("https"); apiResult.RequestHeaders["Host"].Single().Should().Be("api"); apiResult.RequestHeaders["x-custom"].Single().Should().Be("custom"); }
public ServerSideTicketStoreTests() { BffHost.OnConfigureServices += services => { services.AddSingleton <IUserSessionStore>(_sessionStore); }; BffHost.InitializeAsync().Wait(); }
public ApiUseForwardedHeaders() { ApiHost = new ApiHost(IdentityServerHost, "scope1", useForwardedHeaders: true); ApiHost.InitializeAsync().Wait(); BffHost = new BffHost(IdentityServerHost, ApiHost, "spa", useForwardedHeaders: false); BffHost.InitializeAsync().Wait(); }
public async Task user_endpoint_when_uservalidate_renews_and_sliding_flag_is_passed_cookie_should_not_slide() { var shouldRenew = false; #if NET6_0_OR_GREATER BffHost.OnConfigureServices += services => { services.Configure <CookieAuthenticationOptions>("cookie", options => { options.Events.OnCheckSlidingExpiration = ctx => { ctx.ShouldRenew = shouldRenew; return(Task.CompletedTask); }; }); }; #else BffHost.OnConfigureServices += services => { services.Configure <CookieAuthenticationOptions>("cookie", options => { options.Events.OnValidatePrincipal = ctx => { ctx.ShouldRenew = shouldRenew; return(Task.CompletedTask); }; }); }; #endif await BffHost.InitializeAsync(); await BffHost.BffLoginAsync("alice"); var sessions = await _sessionStore.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" }); sessions.Count().Should().Be(1); var session = sessions.Single(); var ticketStore = BffHost.Resolve <IServerTicketStore>(); var firstTicket = await ticketStore.RetrieveAsync(session.Key); firstTicket.Should().NotBeNull(); shouldRenew = true; _clock.UtcNow = _clock.UtcNow.AddSeconds(1); (await BffHost.GetIsUserLoggedInAsync("slide=false")).Should().BeTrue(); var secondTicket = await ticketStore.RetrieveAsync(session.Key); secondTicket.Should().NotBeNull(); (secondTicket.Properties.IssuedUtc == firstTicket.Properties.IssuedUtc).Should().BeTrue(); (secondTicket.Properties.ExpiresUtc == firstTicket.Properties.ExpiresUtc).Should().BeTrue(); }
public async Task logout_endpoint_for_authenticated_user_without_sid_should_succeed() { // workaround for RevokeUserRefreshTokenAsync throwing when no RT in session BffHost.BffOptions.RevokeRefreshTokenOnLogout = false; await BffHost.InitializeAsync(); await BffHost.IssueSessionCookieAsync("alice"); var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout")); response.StatusCode.Should().Be(302); // endsession response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession")); }
public CookieSlidingTests() { BffHost.OnConfigureServices += services => { services.AddSingleton <IUserSessionStore>(_sessionStore); services.Configure <CookieAuthenticationOptions>("cookie", options => { options.SlidingExpiration = true; options.ExpireTimeSpan = TimeSpan.FromMinutes(10); }); services.AddSingleton <ISystemClock>(_clock); }; BffHost.InitializeAsync().Wait(); }
public async Task forwarded_host_name_with_header_forwarding_should_propagate_to_api() { await BffHost.InitializeAsync(); var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test")); req.Headers.Add("x-csrf", "1"); req.Headers.Add("X-Forwarded-Host", "external"); var response = await BffHost.BrowserClient.SendAsync(req); response.IsSuccessStatusCode.Should().BeTrue(); var json = await response.Content.ReadAsStringAsync(); var apiResult = JsonSerializer.Deserialize <ApiResponse>(json); var host = apiResult.RequestHeaders["Host"].Single(); host.Should().Be("external"); }
public async Task login_endpoint_should_challenge_and_redirect_to_root_with_root_prefix() { BffHost.BffOptions.ManagementBasePath = "/"; await BffHost.InitializeAsync(); var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/login")); response.StatusCode.Should().Be(HttpStatusCode.Redirect); response.Headers.Location.ToString().Should().StartWith(IdentityServerHost.Url("/connect/authorize")); await IdentityServerHost.IssueSessionCookieAsync("alice"); response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString()); response.StatusCode.Should().Be(HttpStatusCode.Redirect); response.Headers.Location.ToString().Should().StartWith(BffHost.Url("/signin-oidc")); response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString()); response.StatusCode.Should().Be(HttpStatusCode.Redirect); response.Headers.Location.ToString().Should().Be("/"); }