public void HeaderWithNameDfcSessionIsNotPrefixedWithPath()
{
using (var childHttpResponseMessage = new HttpResponseMessage())
{
//Arrange
var path = "path1";
A.CallTo(() => compositeDataProtectionDataProvider.Unprotect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
A.CallTo(() => compositeDataProtectionDataProvider.Protect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
A.CallTo(() => pathLocator.GetPath()).Returns(path);
childHttpResponseMessage.Headers.Add(HeaderNames.SetCookie, new List <string>()
{
$"{Constants.DfcSession}=value1", "v2=value2"
});
childHttpResponseMessage.Headers.Add(HeaderNames.Referer, "Referer1=Referer1Value");
//Act
cookieHttpResponseMessageHandler.Process(childHttpResponseMessage);
//Assert
var shellResponseHeaders = httpContextAccessor.HttpContext.Response.Headers;
var setCookieHeader = shellResponseHeaders[HeaderNames.SetCookie];
Assert.Equal(2, setCookieHeader.Count);
Assert.StartsWith($"{Constants.DfcSession}=value1", setCookieHeader[0], StringComparison.OrdinalIgnoreCase);
Assert.StartsWith($"{path}v2=value2", setCookieHeader[1], StringComparison.OrdinalIgnoreCase);
}
}
public async Task WhenShellAuthenticatedPassOnToken()
{
//Arrange
var path1 = "path1";
var path2 = "path2";
var requestUrl = $"https://someurl.com/{path1}";
//Create fakes
pathLocator = A.Fake <IPathLocator>();
httpContextAccessor = A.Fake <IHttpContextAccessor>();
compositeDataProtectionDataProvider = A.Fake <ICompositeDataProtectionDataProvider>();
//Fake calls
A.CallTo(() => pathLocator.GetPath()).Returns(path1);
A.CallTo(() => compositeDataProtectionDataProvider.Unprotect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
A.CallTo(() => compositeDataProtectionDataProvider.Protect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
//Set some headers on the incoming request
httpContextAccessor.HttpContext = new DefaultHttpContext {
User = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> {
new Claim("bearer", "test")
}, "mock"))
};
httpContextAccessor.HttpContext.Request.Headers.Add(HeaderNames.Cookie, $"{Constants.DfcSession}=sessionId1;{path1}v1=value1;{path1}v2=value2;{path2}v3=value3;{path2}v4=value4");
httpContextAccessor.HttpContext.Session = new MockHttpSession();
//Create a get request that is used to send data to the child app
var httpRequestChildMessage = new HttpRequestMessage(HttpMethod.Get, requestUrl);
//Create handlers and set the inner handler
handler = new CookieDelegatingHandler(httpContextAccessor, pathLocator, compositeDataProtectionDataProvider)
{
InnerHandler = new StatusOkDelegatingHandler(),
};
//Act
var invoker = new HttpMessageInvoker(handler);
await invoker.SendAsync(httpRequestChildMessage, CancellationToken.None).ConfigureAwait(false);
//Check that the values that are sent back are correct
var headerValue = httpRequestChildMessage.Headers.Authorization;
Assert.Equal("test", headerValue.Parameter);
httpRequestChildMessage.Dispose();
invoker.Dispose();
}
public async Task CanCopyHeadersFromShellToChildApp()
{
//Arrange
var path1 = "path1";
var path2 = "path2";
var requestUrl = $"https://someurl.com/{path1}";
//Create fakes
pathLocator = A.Fake <IPathLocator>();
httpContextAccessor = A.Fake <IHttpContextAccessor>();
compositeDataProtectionDataProvider = A.Fake <ICompositeDataProtectionDataProvider>();
//Fake calls
A.CallTo(() => pathLocator.GetPath()).Returns(path1);
A.CallTo(() => compositeDataProtectionDataProvider.Unprotect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
A.CallTo(() => compositeDataProtectionDataProvider.Protect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString());
//Set some headers on the incoming request
httpContextAccessor.HttpContext = new DefaultHttpContext();
httpContextAccessor.HttpContext.Request.Headers.Add(HeaderNames.Cookie, $"{path1}v1=value1;{path1}v2=value2;{path2}v3=value3;{path2}v4=value4");
//Create a get request that is used to send data to the child app
var httpRequestChildMessage = new HttpRequestMessage(HttpMethod.Get, requestUrl);
//Create handlers and set the inner handler
handler = new CookieDelegatingHandler(httpContextAccessor, pathLocator, compositeDataProtectionDataProvider)
{
InnerHandler = new StatusOkDelegatingHandler(),
};
//Act
var invoker = new HttpMessageInvoker(handler);
await invoker.SendAsync(httpRequestChildMessage, CancellationToken.None).ConfigureAwait(false);
//Check that the child app has the correct number of headers based on the incoming request
Assert.Single(httpRequestChildMessage.Headers);
//Check that the values that are sent back are correct
var headerValue = httpRequestChildMessage.Headers.First().Value.ToList();
Assert.Equal("v1=value1", headerValue.First());
Assert.Equal("v2=value2", headerValue.Last());
httpRequestChildMessage.Dispose();
invoker.Dispose();
}
private string GetCookieValue(string key, string value)
{
var result = string.Empty;
var startPosition = value.IndexOf("=", StringComparison.OrdinalIgnoreCase);
if (startPosition != -1)
{
result = value.Substring(startPosition + 1);
result = Uri.UnescapeDataString(result);
}
if (!string.IsNullOrWhiteSpace(result) && key == Constants.DfcSession)
{
result = compositeDataProtectionDataProvider.Unprotect(result);
}
return(result);
}