public void CommandResultExtensions_DoesNotApplyCookieWhenNoNameSet()
{
var cr = new CommandResult()
{
RequestState = new StoredRequestState(
new EntityId("http://idp.example.com"),
new Uri("http://sp.example.com/loggedout"),
new Saml2Id("id123"),
null),
SetCookieName = null
};
var context = OwinTestHelpers.CreateOwinContext();
var dataProtector = new StubDataProtector();
cr.Apply(context, dataProtector);
var setCookieHeader = context.Response.Headers["Set-Cookie"];
var protectedData = HttpRequestData.ConvertBinaryData(
StubDataProtector.Protect(cr.GetSerializedRequestState()));
setCookieHeader.Should().Be(null);
}
public void CommandREsultExtensions_Apply_Cookie_EmitSameSiteNone_AndSecure()
{
var cr = new CommandResult()
{
RequestState = new StoredRequestState(
new EntityId("http://idp.example.com"),
new Uri("http://sp.example.com/loggedout"),
new Saml2Id("id123"),
null),
SetCookieName = "CookieName",
SetCookieSecureFlag = true,
};
var context = OwinTestHelpers.CreateOwinContext();
var dataProtector = new StubDataProtector();
cr.Apply(context, dataProtector, new CookieManager(), true);
var setCookieHeader = context.Response.Headers["Set-Cookie"];
var protectedData = HttpRequestData.ConvertBinaryData(
StubDataProtector.Protect(cr.GetSerializedRequestState()));
var expected = $"CookieName={protectedData}; path=/; secure; HttpOnly; SameSite=None";
setCookieHeader.Should().Be(expected);
}
public void CommandResultExtensions_Apply_Cookie()
{
var cr = new CommandResult()
{
RequestState = new StoredRequestState(
new EntityId("http://idp.example.com"),
new Uri("http://sp.example.com/loggedout"),
new Saml2Id("id123"),
null),
SetCookieName = "CookieName",
SetCookieSecureFlag = false,
};
var context = OwinTestHelpers.CreateOwinContext();
var mockCookieManager = Substitute.For <ICookieManager>();
var dataProtector = new StubDataProtector();
cr.Apply(context, dataProtector, mockCookieManager, false);
var protectedData = HttpRequestData.ConvertBinaryData(
StubDataProtector.Protect(cr.GetSerializedRequestState()));
mockCookieManager.Received().AppendResponseCookie(
context,
"CookieName",
protectedData,
Arg.Is <CookieOptions>(c => c.HttpOnly && c.Path == "/")
);
}
public void OwinContextExtensions_ToHttpRequestData_HandlesRelayStateWithoutCookie()
{
var ctx = OwinTestHelpers.CreateOwinContext();
ctx.Request.QueryString = new QueryString("RelayState", "SomeState");
ctx.Invoking(async c => await c.ToHttpRequestData(null))
.ShouldNotThrow();
}
public async Task OwinContextExtensions_ToHttpRequestData_ApplicationNotInRoot()
{
var ctx = OwinTestHelpers.CreateOwinContext();
ctx.Request.PathBase = new PathString("/ApplicationPath");
var actual = await ctx.ToHttpRequestData(null);
actual.ApplicationUrl.Should().Be(new Uri("http://sp.example.com/ApplicationPath"));
}
public async Task Saml2Urls_Ctor_FromOwinHttpRequestData_PublicOrigin()
{
var ctx = OwinTestHelpers.CreateOwinContext();
var options = StubFactory.CreateOptionsPublicOrigin(new Uri("https://my.public.origin:8443/"));
var subject = await ctx.ToHttpRequestData(null, Options.FromConfiguration.Notifications?.GetRelayState);
var urls = new Saml2Urls(subject, options);
urls.AssertionConsumerServiceUrl.ShouldBeEquivalentTo("https://my.public.origin:8443/Saml2/Acs");
urls.SignInUrl.ShouldBeEquivalentTo("https://my.public.origin:8443/Saml2/SignIn");
}
public void CommandResult_Apply_Headers()
{
var cr = new CommandResult();
cr.Headers.Add("header", "value");
var context = OwinTestHelpers.CreateOwinContext();
cr.Apply(context, null);
context.Response.Headers["header"].Should().Be("value");
}
public async Task Saml2Urls_Ctor_FromOwinHttpRequestData_PublicOrigin()
{
var ctx = OwinTestHelpers.CreateOwinContext();
var options = StubFactory.CreateOptionsPublicOrigin(new Uri("https://my.public.origin:8443/"));
var subject = await ctx.ToHttpRequestData(Substitute.For <ICookieManager>(), null);
var urls = new Saml2Urls(subject, options);
urls.AssertionConsumerServiceUrl.Should().BeEquivalentTo(
new Uri("https://my.public.origin:8443/Saml2/Acs"));
urls.SignInUrl.Should().BeEquivalentTo(
new Uri("https://my.public.origin:8443/Saml2/SignIn"));
}
public void CommandResultExtensions_Apply_Redirect()
{
string redirectUrl = "http://somewhere.else.example.com?Foo=Bar%20XYZ";
var cr = new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = new Uri(redirectUrl)
};
var context = OwinTestHelpers.CreateOwinContext();
cr.Apply(context, null);
context.Response.StatusCode.Should().Be(303);
context.Response.Headers["Location"].Should().Be(redirectUrl);
}
public void CommandResultExtensions_Apply_ClearCookie()
{
var cr = new CommandResult()
{
ClearCookieName = "CookieName"
};
var context = OwinTestHelpers.CreateOwinContext();
var dataProtector = new StubDataProtector();
cr.Apply(context, dataProtector);
var setCookieHeader = context.Response.Headers["Set-Cookie"];
var expected = "CookieName=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT";
setCookieHeader.Should().Be(expected);
}
public async Task OwinContextExtensions_ToHttpRequestData_ReadsRelayStateCookie()
{
var ctx = OwinTestHelpers.CreateOwinContext();
ctx.Request.QueryString = new QueryString("RelayState", "SomeState");
var storedRequestState = new StoredRequestState(
null, new Uri("http://sp.example.com"), null, null);
var cookieData = HttpRequestData.ConvertBinaryData(
StubDataProtector.Protect(storedRequestState.Serialize()));
ctx.Request.Headers["Cookie"] = $"{StoredRequestState.CookieNameBase}SomeState={cookieData}";
var actual = await ctx.ToHttpRequestData(StubDataProtector.Unprotect);
actual.StoredRequestState.ShouldBeEquivalentTo(storedRequestState);
}
public void CommandResultExtensions_Apply_ClearCookie()
{
var cr = new CommandResult()
{
ClearCookieName = "CookieName"
};
var context = OwinTestHelpers.CreateOwinContext();
var dataProtector = new StubDataProtector();
var mockCookieManager = Substitute.For <ICookieManager>();
cr.Apply(context, dataProtector, mockCookieManager, true);
mockCookieManager.Received().DeleteCookie(
context,
"CookieName",
Arg.Is <CookieOptions>(c => c.Path == "/" && !c.Expires.HasValue)
);
}
public async Task OwinContextExtensions_ToHttpRequestData()
{
var ctx = OwinTestHelpers.CreateOwinContext();
ctx.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes("Input1=Value1&Input2=Value2"));
ctx.Request.Method = "POST";
ctx.Request.ContentType = "application/x-www-form-urlencoded";
ctx.Request.Path = new PathString("/somePath");
ctx.Request.QueryString = new QueryString("param=value");
var actual = await ctx.ToHttpRequestData(StubDataProtector.Unprotect);
actual.Url.Should().Be(ctx.Request.Uri);
actual.Form.Count.Should().Be(2);
actual.Form["Input1"].Should().Be("Value1");
actual.Form["Input2"].Should().Be("Value2");
actual.HttpMethod.Should().Be("POST");
actual.ApplicationUrl.Should().Be(new Uri("http://sp.example.com/"));
}
public async Task OwinContextExtensions_ToHttpRequestData_ReadsRelayStateCookie()
{
var ctx = OwinTestHelpers.CreateOwinContext();
ctx.Request.QueryString = new QueryString("RelayState", "SomeState");
var storedRequestState = new StoredRequestState(
null, new Uri("http://sp.example.com"), null, null);
var cookieName = $"{StoredRequestState.CookieNameBase}SomeState";
var cookieData = HttpRequestData.ConvertBinaryData(
StubDataProtector.Protect(storedRequestState.Serialize()));
var cookieManager = Substitute.For <ICookieManager>();
cookieManager.GetRequestCookie(ctx, cookieName).Returns(cookieData);
var actual = await ctx.ToHttpRequestData(cookieManager, StubDataProtector.Unprotect);
actual.StoredRequestState.Should().BeEquivalentTo(storedRequestState);
}
public void CommandResultExtensions_Apply_Content()
{
var cr = new CommandResult()
{
Content = "Some Content!",
ContentType = "application/whatever+text"
};
var context = OwinTestHelpers.CreateOwinContext();
cr.Apply(context, null);
context.Response.StatusCode.Should().Be(200);
context.Response.ContentType.Should().Be("application/whatever+text");
context.Response.Body.Seek(0, SeekOrigin.Begin);
using (var reader = new StreamReader(context.Response.Body))
{
var bodyText = reader.ReadToEnd();
bodyText.Should().Be("Some Content!");
}
}
public void CommandResultExtensions_Apply_NullCheck_CommandResult()
{
Action a = () => ((CommandResult)null).Apply(OwinTestHelpers.CreateOwinContext(), null);
a.Should().Throw <ArgumentNullException>().And.ParamName.Should().Be("commandResult");
}
