public ActionResult Index(string companyId, string userId) { Log.Add("Impersonate Logging in with companyId=" + (companyId ?? "") + ", userId=" + (userId ?? "")); var formsAuthenticationService = new FormsAuthenticationService(); formsAuthenticationService.SignOut(); var impersonateSettings = CreateImpersonateGuardSettings(); var allowedToImpersonate= new ImpersonateGuard(impersonateSettings).IsAllowed(Request.UrlReferrer); if (allowedToImpersonate == false) return null; AddCookieToShowWeAreInImpersonateMode(); var formsauthenticationService = new FormsAuthenticationService(); formsauthenticationService.SignIn(userId, true, companyId.ToString(CultureInfo.InvariantCulture)); new CacheHelper().RemoveUser(Guid.Parse(userId)); Log.Add("Impersonate Logged in."); // Hack for general user testing because not got home page for this user // This gapping hole has to change anyway if (userId == "E7385B71-ABFC-400A-8FB0-CC58ACA78E38") { return RedirectToAction("Index", "Company", new { id = companyId, area = "Company" }); } return RedirectToAction("Index", "TaskList", new { area = "TaskList" }); }
public void Given_impersonation_config_setting_is_not_set_When_IsAllowed_Then_should_return_false() { // Given var target = new ImpersonateGuard(new ImpersonateGuardSettings() { IsImpersonateOn = null, Environment = "CI", AllowedUrlReferrerHost = string.Empty }); // When var result = target.IsAllowed(new Uri("http://request.referrer.com")); // Then Assert.That(result, Is.False); }
public void Given_impersonation_is_on_and_environment_is_not_live_When_IsAllowed_Then_should_return_true() { // Given var target = new ImpersonateGuard(new ImpersonateGuardSettings() { IsImpersonateOn = "true", Environment = "UAT", AllowedUrlReferrerHost = string.Empty }); // When var result = target.IsAllowed(new Uri("http://request.referrer.com")); // Then Assert.That(result, Is.True); }
public void Given_impersonation_is_on_and_environment_is_live_and_allowed_url_referrer_is_set_and_does_match_request_url_referrer_When_IsAllowed_Then_should_return_true() { // Given var target = new ImpersonateGuard(new ImpersonateGuardSettings() { IsImpersonateOn = "true", Environment = "LIVE", AllowedUrlReferrerHost = "allowedreferrer.com" }); // When var result = target.IsAllowed(new Uri("http://allowedreferrer.com")); // Then Assert.That(result, Is.True); }
public void Given_impersonation_is_on_and_environment_is_live_and_allowed_url_referrer_is_set_but_request_url_referrer_not_set_When_IsAllowed_Then_should_return_false() { // Given var target = new ImpersonateGuard(new ImpersonateGuardSettings() { IsImpersonateOn = "true", Environment = "LIVE", AllowedUrlReferrerHost = "allowedreferrer.com" }); // When var result = target.IsAllowed(null); // Then Assert.That(result, Is.False); }