/// <summary>
/// Initialise and add cookie based session hooks to the application pipeine
/// </summary>
/// <param name="applicationPipelines">Application pipelines</param>
/// <param name="encryptionProvider">Encryption provider for encrypting cookies</param>
/// <param name="passPhrase">Encryption pass phrase</param>
/// <param name="salt">Encryption salt</param>
/// <returns>Formatter selector for choosing a non-default formatter</returns>
public static IFormatterSelector Enable(IApplicationPipelines applicationPipelines, IEncryptionProvider encryptionProvider, string passPhrase, string salt)
{
var sessionStore = new CookieBasedSessions(encryptionProvider, passPhrase, salt, new DefaultSessionObjectFormatter());
applicationPipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => LoadSession(ctx, sessionStore));
applicationPipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore));
return sessionStore;
}
public CookieBasedSessionsFixture()
{
this.fakeEncryptionProvider = A.Fake<IEncryptionProvider>();
this.fakeHmacProvider = A.Fake<IHmacProvider>();
this.cookieStore = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, new Fakes.FakeSessionObjectFormatter());
this.rijndaelEncryptionProvider = new RijndaelEncryptionProvider(new PassphraseKeyGenerator("password"));
this.defaultHmacProvider = new DefaultHmacProvider(new PassphraseKeyGenerator("anotherpassword"));
}
public CookieBasedSessionsFixture()
{
this.fakeEncryptionProvider = A.Fake<IEncryptionProvider>();
this.fakeHmacProvider = A.Fake<IHmacProvider>();
this.cookieStore = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, new Fakes.FakeObjectSerializer());
this.rijndaelEncryptionProvider = new RijndaelEncryptionProvider(new PassphraseKeyGenerator("password", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000));
this.defaultHmacProvider = new DefaultHmacProvider(new PassphraseKeyGenerator("anotherpassword", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000));
}
/// <summary>
/// Initialise and add cookie based session hooks to the application pipeine
/// </summary>
/// <param name="applicationPipelines">Application pipelines</param>
/// <param name="cryptographyConfiguration">Cryptography configuration</param>
/// <returns>Formatter selector for choosing a non-default serializer</returns>
public static IObjectSerializerSelector Enable(IApplicationPipelines applicationPipelines, CryptographyConfiguration cryptographyConfiguration)
{
var sessionStore = new CookieBasedSessions(cryptographyConfiguration.EncryptionProvider, cryptographyConfiguration.HmacProvider, new DefaultObjectSerializer());
applicationPipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => LoadSession(ctx, sessionStore));
applicationPipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore));
return sessionStore;
}
/// <summary>
/// Initialise and add cookie based session hooks to the application pipeline
/// </summary>
/// <param name="pipelines">Application pipelines</param>
/// <param name="configuration">Cookie based sessions configuration.</param>
/// <returns>Formatter selector for choosing a non-default serializer</returns>
public static IObjectSerializerSelector Enable(IPipelines pipelines, CookieBasedSessionsConfiguration configuration)
{
if (pipelines == null)
{
throw new ArgumentNullException("pipelines");
}
var sessionStore = new CookieBasedSessions(configuration);
pipelines.BeforeRequest.AddItemToStartOfPipeline(ctx => LoadSession(ctx, sessionStore));
pipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore));
return sessionStore;
}
public void Should_load_valid_test_data()
{
var inputValue = ValidHmac + ValidData;
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
var request = new Request("GET", "/", "http");
request.Cookies.Add(store.CookieName, inputValue);
var result = store.Load(request);
result.Count.ShouldEqual(1);
result.First().Value.ShouldBeOfType(typeof(DefaultSessionObjectFormatterFixture.Payload));
}
public void Should_be_able_to_load_an_object_previously_saved_to_session()
{
var response = new Response();
var session = new Session(new Dictionary<string, object>());
var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string");
var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
session["testObject"] = payload;
store.Save(session, response);
var request = new Request("GET", "/", "http");
request.Cookies.Add(Helpers.HttpUtility.UrlEncode(response.Cookies.First().Name), Helpers.HttpUtility.UrlEncode(response.Cookies.First().Value));
var result = store.Load(request);
result["testObject"].ShouldEqual(payload);
}
public void Should_be_able_to_save_a_complex_object_to_session()
{
var response = new Response();
var session = new Session(new Dictionary<string, object>());
var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string");
var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
session["testObject"] = payload;
store.Save(session, response);
response.Cookies.Count.ShouldEqual(1);
var cookie = response.Cookies.First();
cookie.Name.ShouldEqual(store.CookieName);
cookie.Value.ShouldNotBeNull();
cookie.Value.ShouldNotBeEmpty();
}
public void Should_call_the_formatter_on_save()
{
var response = new Response();
var session = new Session(new Dictionary<string, object>());
session["key1"] = "value1";
var fakeFormatter = A.Fake<IObjectSerializer>();
var store = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, fakeFormatter);
store.Save(session, response);
A.CallTo(() => fakeFormatter.Serialize("value1")).MustHaveHappened(Repeated.Exactly.Once);
}
public void Should_call_formatter_on_load()
{
var fakeFormatter = A.Fake<IObjectSerializer>();
A.CallTo(() => this.fakeEncryptionProvider.Decrypt("encryptedkey1=value1")).Returns("key1=value1;");
var store = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, fakeFormatter);
var request = CreateRequest("encryptedkey1=value1", false);
store.Load(request);
A.CallTo(() => fakeFormatter.Deserialize("value1")).MustHaveHappened(Repeated.Exactly.Once);
}
public void Should_use_CookieName_when_config_provides_cookiename_value()
{
//Given
var cryptoConfig = new CryptographyConfiguration(this.fakeEncryptionProvider, this.fakeHmacProvider);
var storeConfig = new CookieBasedSessionsConfiguration(cryptoConfig)
{
CookieName = "NamedCookie",
Serializer = this.fakeObjectSerializer
};
var store = new CookieBasedSessions(storeConfig);
//When
var response = new Response();
var session = new Session(new Dictionary<string, object>
{
{"key1", "val1"},
});
session["key2"] = "val2";
store.Save(session, response);
//Then
response.Cookies.ShouldHave(c => c.Name == storeConfig.CookieName);
}
public void Should_return_blank_session_if_hmac_changed()
{
var inputValue = "b" + ValidHmac.Substring(1) + ValidData;
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, new DefaultObjectSerializer());
var request = new Request("GET", "/", "http");
request.Cookies.Add(CookieBasedSessions.GetCookieName(), inputValue);
var result = store.Load(request);
result.Count.ShouldEqual(0);
}
/// <summary>
/// Saves the request session into the response
/// </summary>
/// <param name="context">Nancy context</param>
/// <param name="sessionStore">Session store</param>
private static void SaveSession(NancyContext context, CookieBasedSessions sessionStore)
{
sessionStore.Save(context.Request.Session, context.Response);
}
/// <summary>
/// Loads the request session
/// </summary>
/// <param name="context">Nancy context</param>
/// <param name="sessionStore">Session store</param>
/// <returns>Always returns null</returns>
private static Response LoadSession(NancyContext context, CookieBasedSessions sessionStore)
{
if (context.Request == null)
{
return null;
}
context.Request.Session = sessionStore.Load(context.Request);
return null;
}
/// <summary>
/// Saves the request session into the response
/// </summary>
/// <param name="context">Nancy context</param>
/// <param name="sessionStore">Session store</param>
private static void SaveSession(NancyContext context, CookieBasedSessions sessionStore)
{
sessionStore.Save(context.Request.Session, context.Response);
}
public void Should_return_blank_session_if_encrypted_data_modified()
{
var inputValue = ValidHmac + ValidData.Substring(0, ValidData.Length - 1) + "Z";
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
var request = new Request("GET", "/", "http");
request.Cookies.Add(store.CookieName, inputValue);
var result = store.Load(request);
result.Count.ShouldEqual(0);
}
public void Should_return_blank_session_if_encrypted_data_are_invalid_but_contain_semicolon_when_decrypted()
{
var bogusEncrypted = this.rijndaelEncryptionProvider.Encrypt("foo;bar");
var inputValue = ValidHmac + bogusEncrypted;
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
var request = new Request("GET", "/", "http");
request.Cookies.Add(store.CookieName, inputValue);
var result = store.Load(request);
result.Count.ShouldEqual(0);
}
public void Should_return_blank_session_if_hmac_missing()
{
var inputValue = ValidData;
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(this.aesEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
var request = new Request("GET", "/", "http");
request.Cookies.Add(store.CookieName, inputValue);
var result = store.Load(request);
result.Count.ShouldEqual(0);
}
public void Should_set_Path_when_config_provides_path_value()
{
//Given
var cryptoConfig = new CryptographyConfiguration(this.fakeEncryptionProvider, this.fakeHmacProvider);
var storeConfig = new CookieBasedSessionsConfiguration(cryptoConfig)
{
Path = "/",
Serializer = this.fakeObjectSerializer
};
var store = new CookieBasedSessions(storeConfig);
//When
var response = new Response();
var session = new Session(new Dictionary<string, object>
{
{"key1", "val1"},
});
session["key2"] = "val2";
store.Save(session, response);
//Then
var cookie = response.Cookies.First(c => c.Name == storeConfig.CookieName);
cookie.Path.ShouldEqual(storeConfig.Path);
}
public void Should_load_an_empty_session_if_session_cookie_is_invalid()
{
//given
var inputValue = ValidHmac.Substring(0, 5); //invalid Hmac
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
var request = new Request("GET", "/", "http");
request.Cookies.Add(store.CookieName, inputValue);
//when
var result = store.Load(request);
//then
result.Count.ShouldEqual(0);
}
