Example #1
0
        public async Task CanCreateMeLoginAndCookieStopsWorkingAfterExpiration()
        {
            var clock = new TestClock();
            var server = CreateServer(services => services.Configure<IdentityOptions>(options =>
            {
                options.Cookies.ApplicationCookie.SystemClock = clock;
                options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                options.Cookies.ApplicationCookie.SlidingExpiration = false;
            }));

            var transaction1 = await SendAsync(server, "http://example.com/createMe");
            Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode);
            Assert.Null(transaction1.SetCookie);

            var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/false");
            Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode);
            Assert.NotNull(transaction2.SetCookie);
            Assert.DoesNotContain("; expires=", transaction2.SetCookie);

            var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
            Assert.Equal("hao", FindClaimValue(transaction3, ClaimTypes.Name));
            Assert.Null(transaction3.SetCookie);

            clock.Add(TimeSpan.FromMinutes(7));

            var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
            Assert.Equal("hao", FindClaimValue(transaction4, ClaimTypes.Name));
            Assert.Null(transaction4.SetCookie);

            clock.Add(TimeSpan.FromMinutes(7));

            var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
            Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name));
            Assert.Null(transaction5.SetCookie);
        }
Example #2
0
        public async Task CanChangePasswordOptions()
        {
            var clock = new TestClock();
            var server = CreateServer(services => services.Configure<IdentityOptions>(options =>
            {
                options.Password.RequireUppercase = false;
                options.Password.RequireNonAlphanumeric = false;
                options.Password.RequireDigit = false;
            }));

            var transaction1 = await SendAsync(server, "http://example.com/createSimple");

            // Assert
            Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode);
            Assert.Null(transaction1.SetCookie);
        }
        public async Task TwoFactorRememberCookieClearedBySecurityStampChange()
        {
            var clock  = new TestClock();
            var server = CreateServer(services => services.AddSingleton <ISystemClock>(clock));

            var transaction1 = await SendAsync(server, "http://example.com/createMe");

            Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode);
            Assert.Null(transaction1.SetCookie);

            var transaction2 = await SendAsync(server, "http://example.com/twofactorRememeber");

            Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode);

            var setCookie = transaction2.SetCookie;

            Assert.Contains(IdentityConstants.TwoFactorRememberMeScheme + "=", setCookie);
            Assert.Contains("; expires=", setCookie);

            var transaction3 = await SendAsync(server, "http://example.com/isTwoFactorRememebered", transaction2.CookieNameValue);

            Assert.Equal(HttpStatusCode.OK, transaction3.Response.StatusCode);

            var transaction4 = await SendAsync(server, "http://example.com/signoutEverywhere", transaction2.CookieNameValue);

            Assert.Equal(HttpStatusCode.OK, transaction4.Response.StatusCode);

            // Doesn't validate until after interval has passed
            var transaction5 = await SendAsync(server, "http://example.com/isTwoFactorRememebered", transaction2.CookieNameValue);

            Assert.Equal(HttpStatusCode.OK, transaction5.Response.StatusCode);

            // Wait for validation interval
            clock.Add(TimeSpan.FromMinutes(30));

            var transaction6 = await SendAsync(server, "http://example.com/isTwoFactorRememebered", transaction2.CookieNameValue);

            Assert.Equal(HttpStatusCode.InternalServerError, transaction6.Response.StatusCode);
        }
        public async Task CookieContainsRoleClaim()
        {
            var clock  = new TestClock();
            var server = await CreateServer(null, null, null, testCore : true);

            var transaction1 = await SendAsync(server, "http://example.com/createMe");

            Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode);
            Assert.Null(transaction1.SetCookie);

            var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/false");

            Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode);
            Assert.NotNull(transaction2.SetCookie);
            Assert.DoesNotContain("; expires=", transaction2.SetCookie);

            var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);

            Assert.Equal("hao", FindClaimValue(transaction3, ClaimTypes.Name));
            Assert.Equal("role", FindClaimValue(transaction3, ClaimTypes.Role));
            Assert.Null(transaction3.SetCookie);
        }
Example #5
0
        public async Task CanCreateMeLoginAndSecurityStampExtendsExpiration(bool rememberMe)
        {
            var clock = new TestClock();
            var server = CreateServer(services => services.Configure<IdentityOptions>(options =>
            {
                options.Cookies.ApplicationCookie.SystemClock = clock;
            }));

            var transaction1 = await SendAsync(server, "http://example.com/createMe");
            Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode);
            Assert.Null(transaction1.SetCookie);

            var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/" + rememberMe);
            Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode);
            Assert.NotNull(transaction2.SetCookie);
            if (rememberMe)
            {
                Assert.Contains("; expires=", transaction2.SetCookie);
            }
            else
            {
                Assert.DoesNotContain("; expires=", transaction2.SetCookie);
            }

            var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
            Assert.Equal("hao", FindClaimValue(transaction3, ClaimTypes.Name));
            Assert.Null(transaction3.SetCookie);

            // Make sure we don't get a new cookie yet
            clock.Add(TimeSpan.FromMinutes(10));
            var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
            Assert.Equal("hao", FindClaimValue(transaction4, ClaimTypes.Name));
            Assert.Null(transaction4.SetCookie);

            // Go past SecurityStampValidation interval and ensure we get a new cookie
            clock.Add(TimeSpan.FromMinutes(21));

            var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue);
            Assert.NotNull(transaction5.SetCookie);
            Assert.Equal("hao", FindClaimValue(transaction5, ClaimTypes.Name));

            // Make sure new cookie is valid
            var transaction6 = await SendAsync(server, "http://example.com/me", transaction5.CookieNameValue);
            Assert.Equal("hao", FindClaimValue(transaction6, ClaimTypes.Name));
        }