public void Should_not_set_username_in_context_with_broken_encryption_data()
{
var fakePipelines = new FakeApplicationPipelines();
var fakeMapper = A.Fake <IUsernameMapper>();
A.CallTo(() => fakeMapper.GetUsernameFromIdentifier(this.userGuid)).Returns("Bob");
this.config.UsernameMapper = fakeMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithBrokenEncryptedData);
var result = fakePipelines.BeforeRequest.Invoke(this.context);
context.Items.ContainsKey(Security.SecurityConventions.AuthenticatedUsernameKey).ShouldBeFalse();
}
public void Should_set_username_in_context_with_valid_cookie()
{
var fakePipelines = new FakeApplicationPipelines();
var fakeMapper = A.Fake <IUsernameMapper>();
A.CallTo(() => fakeMapper.GetUsernameFromIdentifier(this.userGuid)).Returns("Bob");
this.config.UsernameMapper = fakeMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue);
var result = fakePipelines.BeforeRequest.Invoke(this.context);
context.Items[Security.SecurityConventions.AuthenticatedUsernameKey].ShouldEqual("Bob");
}
public void Should_get_username_from_mapping_service_with_valid_cookie()
{
var fakePipelines = new FakeApplicationPipelines();
var mockMapper = A.Fake <IUsernameMapper>();
this.config.UsernameMapper = mockMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue);
fakePipelines.BeforeRequest.Invoke(this.context);
A.CallTo(() => mockMapper.GetUsernameFromIdentifier(this.userGuid))
.MustHaveHappened(Repeated.Exactly.Once);
}
public void Should_not_set_username_in_context_with_broken_encryption_data()
{
var fakePipelines = new FakeApplicationPipelines();
var fakeMapper = A.Fake <IUserMapper>();
var fakeUser = A.Fake <IUserIdentity>();
fakeUser.UserName = "******";
A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid)).Returns(fakeUser);
this.config.UserMapper = fakeMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithBrokenEncryptedData);
var result = fakePipelines.BeforeRequest.Invoke(this.context);
context.CurrentUser.ShouldBeNull();
}
public void Should_set_user_in_context_with_valid_cookie()
{
var fakePipelines = new FakeApplicationPipelines();
var fakeMapper = A.Fake <IUserMapper>();
var fakeUser = A.Fake <IUserIdentity>();
fakeUser.UserName = "******";
A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid)).Returns(fakeUser);
this.config.UserMapper = fakeMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue);
var result = fakePipelines.BeforeRequest.Invoke(this.context);
context.CurrentUser.ShouldBeSameAs(fakeUser);
}
public void Should_retain_querystring_when_redirecting_to_login_page()
{
// Given
var fakePipelines = new FakeApplicationPipelines();
FormsAuthentication.Enable(fakePipelines, this.config);
var queryContext = new NancyContext()
{
Request = new FakeRequest("GET", "/secure", "?foo=bar"),
Response = HttpStatusCode.Unauthorized
};
// When
fakePipelines.AfterRequest.Invoke(queryContext);
// Then
queryContext.Response.Headers["Location"].ShouldEqual("/login?returnUrl=/secure%3ffoo%3dbar");
}
public void Should_set_user_in_context_with_valid_username_in_auth_header()
{
// Given
var fakePipelines = new FakeApplicationPipelines();
var validator = A.Fake <IUserValidator>();
var fakeUser = A.Fake <IUserIdentity>();
A.CallTo(() => validator.Validate("foo", "bar")).Returns(fakeUser);
var cfg = new BasicAuthenticationConfiguration(validator, "realm");
var context = CreateContextWithHeader(
"Authorization", new [] { "Basic" + " " + EncodeCredentials("foo", "bar") });
BasicAuthentication.Enable(fakePipelines, cfg);
// When
fakePipelines.BeforeRequest.Invoke(context);
// Then
context.CurrentUser.ShouldBeSameAs(fakeUser);
}
public void Should_set_username_in_context_with_valid_cookie()
{
var fakePipelines = new FakeApplicationPipelines();
var fakeMapper = A.Fake<IUsernameMapper>();
A.CallTo(() => fakeMapper.GetUsernameFromIdentifier(this.userGuid)).Returns("Bob");
this.config.UsernameMapper = fakeMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue);
var result = fakePipelines.BeforeRequest.Invoke(this.context);
context.Items[Security.SecurityConventions.AuthenticatedUsernameKey].ShouldEqual("Bob");
}
public void Should_not_set_username_in_context_with_no_hmac()
{
var fakePipelines = new FakeApplicationPipelines();
var fakeMapper = A.Fake<IUsernameMapper>();
A.CallTo(() => fakeMapper.GetUsernameFromIdentifier(this.userGuid)).Returns("Bob");
this.config.UsernameMapper = fakeMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithNoHmac);
var result = fakePipelines.BeforeRequest.Invoke(this.context);
context.Items.ContainsKey(Security.SecurityConventions.AuthenticatedUsernameKey).ShouldBeFalse();
}
public void Should_get_username_from_mapping_service_with_valid_cookie()
{
var fakePipelines = new FakeApplicationPipelines();
var mockMapper = A.Fake<IUsernameMapper>();
this.config.UsernameMapper = mockMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue);
fakePipelines.BeforeRequest.Invoke(this.context);
A.CallTo(() => mockMapper.GetUsernameFromIdentifier(this.userGuid))
.MustHaveHappened(Repeated.Exactly.Once);
}
public void Should_set_username_in_context_with_valid_username_in_auth_header()
{
// Given
var fakePipelines = new FakeApplicationPipelines();
var validator = A.Fake<IUserValidator>();
A.CallTo(() => validator.Validate("foo", "bar")).Returns(true);
var cfg = new BasicAuthenticationConfiguration(validator, "realm");
var context = CreateContextWithHeader(
"Authorization", new [] { "Basic" + " " + EncodeCredentials("foo", "bar") });
BasicAuthentication.Enable(fakePipelines, cfg);
// When
fakePipelines.BeforeRequest.Invoke(context);
// Then
context.Items[SecurityConventions.AuthenticatedUsernameKey].ShouldEqual("foo");
}
public void Should_set_user_in_context_with_valid_cookie()
{
var fakePipelines = new FakeApplicationPipelines();
var fakeMapper = A.Fake<IUserMapper>();
var fakeUser = A.Fake<IUserIdentity>();
fakeUser.UserName = "******";
A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid)).Returns(fakeUser);
this.config.UserMapper = fakeMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue);
var result = fakePipelines.BeforeRequest.Invoke(this.context);
context.CurrentUser.ShouldBeSameAs(fakeUser);
}
public void Should_retain_querystring_when_redirecting_to_login_page()
{
// Given
var fakePipelines = new FakeApplicationPipelines();
FormsAuthentication.Enable(fakePipelines, this.config);
var queryContext = new NancyContext()
{
Request = new FakeRequest("GET", "/secure", "?foo=bar"),
Response = HttpStatusCode.Unauthorized
};
// When
fakePipelines.AfterRequest.Invoke(queryContext);
// Then
queryContext.Response.Headers["Location"].ShouldEqual("/login?returnUrl=/secure%3ffoo%3dbar");
}
public void Should_not_set_username_in_context_with_broken_encryption_data()
{
var fakePipelines = new FakeApplicationPipelines();
var fakeMapper = A.Fake<IUserMapper>();
var fakeUser = A.Fake<IUserIdentity>();
fakeUser.UserName = "******";
A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid)).Returns(fakeUser);
this.config.UserMapper = fakeMapper;
FormsAuthentication.Enable(fakePipelines, this.config);
this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithBrokenEncryptedData);
var result = fakePipelines.BeforeRequest.Invoke(this.context);
context.CurrentUser.ShouldBeNull();
}
