public void RenewCookieAfterHalfExpirationTime_HalfTimeHasNotPassed()
{
var testUser = new FakeUserInfo("TestUser");
var impersonateUserName = "******";
var options = new ImpersonationOptions {
CookieDurationMinutes = 3
};
var cookie = ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName, options);
var impersonationInfo = ImpersonationServiceHelper.DecryptCookieValue(cookie.Value);
AssertIsWithinOneSecond(DateTime.Now.AddMinutes(options.CookieDurationMinutes), impersonationInfo.Expires); // Reviewing the test setup.
// Half-time has not passed:
impersonationInfo.Expires = DateTime.Now.AddMinutes(options.CookieDurationMinutes / 2.0).AddSeconds(1);
cookie.Value = ImpersonationServiceHelper.EncryptCookieValue(impersonationInfo);
(var impersonationService, var httpContext, _) = ImpersonationServiceHelper.CreateImpersonationService(testUser, options);
httpContext.RequestCookies.Add(cookie);
var user = impersonationService.GetAuthenticationInfo();
// Impersonation should still be valid, the cookie should not be modified.
Assert.AreEqual(
"TestUser as TestImpersonatedUser, original TestUser",
ReportImpersonationStatus(user));
Assert.AreEqual(0, httpContext.ResponseCookies.Count);
}
public void StopImpersonating()
{
var initialUser = new FakeUserInfo("TestUser");
var impersonateUserName = "******";
var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);
// Review test setup:
Assert.AreEqual(
"TestUser as TestImpersonatedUser, original TestUser",
ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, initialCookie).AuthenticationInfo));
// Stopping impersonation should expire the impersonation cookie:
(var responseCookie, var log) = ImpersonationServiceHelper.RemoveImpersonation(initialUser, initialCookie);
AssertIsBefore(responseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, responseCookie.Key);
Assert.AreEqual(" as ",
ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(responseCookie.Value))); // No need for impersonation data in the cookie.
TestUtility.AssertContains(
string.Join(Environment.NewLine, log),
"StopImpersonating: TestUser as TestImpersonatedUser");
// Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.
Assert.AreEqual(
"No impersonation, original TestUser",
ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, responseCookie).AuthenticationInfo));
}
public void StopImpersonating_EmptyUser()
{
var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation.
var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management.
var impersonateUserName = "******";
var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);
// Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:
var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);
AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
Assert.AreEqual(" as ",
ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
TestUtility.AssertContains(
string.Join(Environment.NewLine, removeResponse.Log),
"Removing impersonation, the original user is no longer authenticated.");
// Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.
var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);
Assert.AreEqual(
"No impersonation, original not recognized",
ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
}
public void StopImpersonating_DifferentUser()
{
var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation.
var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid.
var impersonateUserName = "******";
var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);
// Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:
var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);
AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
Assert.AreEqual(" as ",
ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
TestUtility.AssertContains(
string.Join(Environment.NewLine, removeResponse.Log),
"Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser).");
// Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.
var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);
Assert.AreEqual(
"No impersonation, original CurrentUser",
ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
Assert.IsNull(authResponseAfterRemove.ResponseCookie, "There is no need to send the expired cookie again, client already has the expired one.");
}
public void SetImpersonationAnonymous()
{
var testUser = new FakeUserInfo(null, null, false);
var impersonateUserName = "******";
TestUtility.ShouldFail <UserException>(
() => ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName),
"You are not authorized");
}
public void NoImpersonation()
{
var testUser = new FakeUserInfo("TestUser");
var impersonationService = ImpersonationServiceHelper.CreateImpersonationService(testUser).ImpersonationService;
var user = impersonationService.GetAuthenticationInfo();
Assert.AreEqual(
"No impersonation, original TestUser",
ReportImpersonationStatus(user));
}
public void SimpleImpersonation()
{
var testUser = new FakeUserInfo("TestUser");
var impersonateUserName = "******";
var cookie = ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName);
(var impersonationService, var httpContext, _) = ImpersonationServiceHelper.CreateImpersonationService(testUser);
httpContext.RequestCookies.Add(cookie);
var user = impersonationService.GetAuthenticationInfo();
Assert.AreEqual(
"TestUser as TestImpersonatedUser, original TestUser",
ReportImpersonationStatus(user));
}
public void InvalidImpersonationCookie()
{
var testUser = new FakeUserInfo("TestUser");
var invalidCookie = new FakeCookie(ImpersonationService.CookieKey, "abc", null);
var response = ImpersonationServiceHelper.GetAuthenticationInfo(testUser, invalidCookie);
Assert.AreEqual(
"No impersonation, original TestUser",
ReportImpersonationStatus(response.AuthenticationInfo));
TestUtility.AssertContains(
string.Join(Environment.NewLine, response.Log),
new[] {
"Error decrypting 'rhetos_impersonation' cookie value.",
"CryptographicException: An error occurred during a cryptographic operation."
});
AssertIsBefore(response.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, response.ResponseCookie.Key);
}
public void AuthenticationContextChanged_EmptyUser()
{
var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation.
var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management.
var impersonateUserName = "******";
var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);
// Authentication process should invalidate the impersonation, because the user in no longer authenticated.
var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie);
Assert.AreEqual(
"No impersonation, original not recognized",
ReportImpersonationStatus(authResponse.AuthenticationInfo));
TestUtility.AssertContains(
string.Join(Environment.NewLine, authResponse.Log),
"Removing impersonation, the original user is no longer authenticated.");
AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key);
}
public void AuthenticationContextChanged_NullUser()
{
var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation.
var currentlyAuthenticatedUser = new FakeUserInfo(null, null, false); // For example, if the user logged out.
var impersonateUserName = "******";
var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);
// Authentication process should invalidate the impersonation, because the user in no longer authenticated.
var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie);
Assert.AreEqual(
"No impersonation, original not recognized", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation.
ReportImpersonationStatus(authResponse.AuthenticationInfo));
TestUtility.AssertContains(
string.Join(Environment.NewLine, authResponse.Log),
"Removing impersonation, the original user is no longer authenticated.");
AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key);
}
public void AuthenticationContextChanged_DifferentUser()
{
var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation.
var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid.
var impersonateUserName = "******";
var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);
// Authentication process should invalidate the impersonation, because the user context has changed.
var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie);
Assert.AreEqual(
"No impersonation, original CurrentUser", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation.
ReportImpersonationStatus(authResponse.AuthenticationInfo));
TestUtility.AssertContains(
string.Join(Environment.NewLine, authResponse.Log),
"Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser).");
AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key);
}
