public ActionResult Index(string companyId, string userId)
{
Log.Add("Impersonate Logging in with companyId=" + (companyId ?? "") + ", userId=" + (userId ?? ""));
var formsAuthenticationService = new FormsAuthenticationService();
formsAuthenticationService.SignOut();
var impersonateSettings = CreateImpersonateGuardSettings();
var allowedToImpersonate= new ImpersonateGuard(impersonateSettings).IsAllowed(Request.UrlReferrer);
if (allowedToImpersonate == false)
return null;
AddCookieToShowWeAreInImpersonateMode();
var formsauthenticationService = new FormsAuthenticationService();
formsauthenticationService.SignIn(userId, true, companyId.ToString(CultureInfo.InvariantCulture));
new CacheHelper().RemoveUser(Guid.Parse(userId));
Log.Add("Impersonate Logged in.");
// Hack for general user testing because not got home page for this user
// This gapping hole has to change anyway
if (userId == "E7385B71-ABFC-400A-8FB0-CC58ACA78E38")
{
return RedirectToAction("Index", "Company", new { id = companyId, area = "Company" });
}
return RedirectToAction("Index", "TaskList", new { area = "TaskList" });
}
public void Given_impersonation_config_setting_is_not_set_When_IsAllowed_Then_should_return_false()
{
// Given
var target = new ImpersonateGuard(new ImpersonateGuardSettings()
{
IsImpersonateOn = null,
Environment = "CI",
AllowedUrlReferrerHost = string.Empty
});
// When
var result = target.IsAllowed(new Uri("http://request.referrer.com"));
// Then
Assert.That(result, Is.False);
}
public void Given_impersonation_is_on_and_environment_is_not_live_When_IsAllowed_Then_should_return_true()
{
// Given
var target = new ImpersonateGuard(new ImpersonateGuardSettings()
{
IsImpersonateOn = "true",
Environment = "UAT",
AllowedUrlReferrerHost = string.Empty
});
// When
var result = target.IsAllowed(new Uri("http://request.referrer.com"));
// Then
Assert.That(result, Is.True);
}
public void Given_impersonation_is_on_and_environment_is_live_and_allowed_url_referrer_is_set_and_does_match_request_url_referrer_When_IsAllowed_Then_should_return_true()
{
// Given
var target = new ImpersonateGuard(new ImpersonateGuardSettings()
{
IsImpersonateOn = "true",
Environment = "LIVE",
AllowedUrlReferrerHost = "allowedreferrer.com"
});
// When
var result = target.IsAllowed(new Uri("http://allowedreferrer.com"));
// Then
Assert.That(result, Is.True);
}
public void Given_impersonation_is_on_and_environment_is_live_and_allowed_url_referrer_is_set_but_request_url_referrer_not_set_When_IsAllowed_Then_should_return_false()
{
// Given
var target = new ImpersonateGuard(new ImpersonateGuardSettings()
{
IsImpersonateOn = "true",
Environment = "LIVE",
AllowedUrlReferrerHost = "allowedreferrer.com"
});
// When
var result = target.IsAllowed(null);
// Then
Assert.That(result, Is.False);
}
