public void LogoutCommand_StaticRun_NullcheckOptions() { Action a = () => LogoutCommand.Run(new HttpRequestData("GET", new Uri("http://localhost")), null, null); a.Should().Throw <ArgumentNullException>() .And.ParamName.Should().Be("options"); }
public void LogoutCommand_StaticRun_NullcheckRequest() { Action a = () => LogoutCommand.Run(null, null, StubFactory.CreateOptions()); a.Should().Throw <ArgumentNullException>() .And.ParamName.Should().Be("request"); }
public void LogoutCommand_Run_HandlesLogoutResponse_UsesReturnPathWhenStateDisabled() { var response = new Saml2LogoutResponse(Saml2StatusCode.Success) { DestinationUrl = new Uri("http://sp.example.com/path/Saml2/logout"), Issuer = new EntityId("https://idp.example.com"), InResponseTo = new Saml2Id(), SigningCertificate = SignedXmlHelper.TestCert, SigningAlgorithm = SecurityAlgorithms.RsaSha256Signature, RelayState = null }; var bindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Bind(response); var applicationPath = "http://sp-internal.example.com/path/Saml2/"; var returnPath = "http://sp-internal.example.com/path/anotherpath"; var request = new HttpRequestData("GET", bindResult.Location, applicationPath, null, null); var options = StubFactory.CreateOptions(); options.SPOptions.Compatibility.DisableLogoutStateCookie = true; var actual = LogoutCommand.Run(request, returnPath, options); var expected = new CommandResult { Location = new Uri(returnPath), HttpStatusCode = HttpStatusCode.SeeOther, ClearCookieName = null }; actual.Should().BeEquivalentTo(expected); }
protected async override Task ApplyResponseGrantAsync() { var revoke = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode); if (revoke != null) { var request = await Context.ToHttpRequestData(Options.DataProtector.Unprotect); var urls = new AuthServicesUrls(request, Options.SPOptions); string redirectUrl; if (Context.Response.StatusCode / 100 == 3) { var locationUrl = Context.Response.Headers["Location"]; redirectUrl = new Uri( new Uri(urls.ApplicationUrl.ToString().TrimEnd('/') + Context.Request.Path), locationUrl ).ToString(); } else { redirectUrl = new Uri( urls.ApplicationUrl, Context.Request.Path.ToUriComponent().TrimStart('/')) .ToString(); } LogoutCommand.Run(request, redirectUrl, Options) .Apply(Context, Options.DataProtector); } await AugmentAuthenticationGrantWithLogoutClaims(Context); }
protected async override Task ApplyResponseGrantAsync() { var revoke = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode); if (revoke != null) { var request = await Context.ToHttpRequestData(Options.DataProtector.Unprotect); var urls = new AuthServicesUrls(request, Options.SPOptions); string redirectUrl = revoke.Properties.RedirectUri; if (string.IsNullOrEmpty(redirectUrl)) { if (Context.Response.StatusCode / 100 == 3) { redirectUrl = Context.Response.Headers["Location"]; } else { redirectUrl = Context.Request.Path.ToUriComponent(); } } var result = LogoutCommand.Run(request, redirectUrl, Options); if (!result.HandledResult) { result.Apply(Context, Options.DataProtector); } } await AugmentAuthenticationGrantWithLogoutClaims(Context); }
protected async override Task ApplyResponseGrantAsync() { // Automatically sign out, even if passive because passive sign in and auto sign out // is typically most common scenario. Unless strict compatibility is set. var mode = Options.SPOptions.Compatibility.StrictOwinAuthenticationMode ? Options.AuthenticationMode : AuthenticationMode.Active; var revoke = Helper.LookupSignOut(Options.AuthenticationType, mode); if (revoke != null && Context.Request.Path.Value != (Options.SPOptions.ModulePath + "/Logout")) { var request = await Context.ToHttpRequestData(Options.CookieManager, Options.DataProtector.Unprotect); var urls = new Saml2Urls(request, Options); string redirectUrl = revoke.Properties.RedirectUri; if (string.IsNullOrEmpty(redirectUrl)) { if (Context.Response.StatusCode / 100 == 3) { redirectUrl = Context.Response.Headers["Location"]; } else { // ApplicationUrl is base path, after consideration taken to PublicOrigin. redirectUrl = urls.ApplicationUrl.AbsolutePath + Context.Request.Path.ToString().TrimStart('/'); } } var result = LogoutCommand.Run(request, redirectUrl, Options); if (!result.HandledResult) { result.Apply( Context, Options.DataProtector, Options.CookieManager, Options.Notifications.EmitSameSiteNone(Request.GetUserAgent())); } } await AugmentAuthenticationGrantWithLogoutClaims(Context); }
protected async override Task ApplyResponseGrantAsync() { // Automatically sign out, even if passive because passive sign in and auto sign out // is typically most common scenario. Unless strict compatibility is set. var mode = Options.SPOptions.Compatibility.StrictOwinAuthenticationMode ? Options.AuthenticationMode : AuthenticationMode.Active; var revoke = Helper.LookupSignOut(Options.AuthenticationType, mode); if (revoke != null) { var request = await Context.ToHttpRequestData(Options.DataProtector.Unprotect); var urls = new AuthServicesUrls(request, Options); string redirectUrl = revoke.Properties.RedirectUri; if (string.IsNullOrEmpty(redirectUrl)) { if (Context.Response.StatusCode / 100 == 3) { redirectUrl = Context.Response.Headers["Location"]; } else { redirectUrl = Context.Request.Path.ToUriComponent(); } } var result = LogoutCommand.Run(request, redirectUrl, Options); if (!result.HandledResult) { result.Apply(Context, Options.DataProtector); } } await AugmentAuthenticationGrantWithLogoutClaims(Context); }