public async Task RedirectCookieBrowserRequestUsingRefreshToken()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account = await _fixture.TestApplication.CreateAccountAsync(
nameof(RedirectCookieBrowserRequestUsingRefreshToken),
nameof(GroupsRequirementShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account);
var grantResult = await _fixture.GetGrantResult(account, "Changeme123!!");
var refreshToken = grantResult.RefreshTokenString;
var request = new HttpRequestMessage(HttpMethod.Get, "/requireGroup");
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html"));
request.Headers.Add("Cookie", new[] { $"refresh_token={refreshToken}" });
// Act
var response = await client.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
}
}
public async Task AllowCookieJsonRequestWithCorrectGroup()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
var group = await _fixture.TestDirectory.CreateGroupAsync("adminIT", "Stormpath.AspNetCore test group");
cleanup.MarkForDeletion(group);
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account = await _fixture.TestApplication.CreateAccountAsync(
nameof(AllowCookieJsonRequestWithCorrectGroup),
nameof(GroupsRequirementShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account);
await account.AddGroupAsync(group);
var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!");
var request = new HttpRequestMessage(HttpMethod.Get, "/requireGroup");
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request.Headers.Add("Cookie", new[] { $"access_token={accessToken}" });
// Act
var response = await client.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.OK);
}
}
public async Task AllowJsonRequestWithMatchingCustomData()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account = await _fixture.TestApplication.CreateAccountAsync(
nameof(AllowJsonRequestWithMatchingCustomData),
nameof(CustomDataRequirementShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account);
account.CustomData["testing"] = "rocks!";
await account.SaveAsync();
var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!");
var request = new HttpRequestMessage(HttpMethod.Get, "/requireCustomData");
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
// Act
var response = await client.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.OK);
}
}
public async Task RedirectBearerBrowserRequestWithoutGroup()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account = await _fixture.TestApplication.CreateAccountAsync(
nameof(RedirectBearerBrowserRequestWithoutGroup),
nameof(GroupsRequirementShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account);
var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!");
var request = new HttpRequestMessage(HttpMethod.Get, "/requireGroup");
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html"));
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
// Act
var response = await client.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
}
}
public async Task AllowBrowserRequestAuthorizedWithCookie()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account = await _fixture.TestApplication.CreateAccountAsync(
nameof(AllowBrowserRequestAuthorizedWithCookie),
nameof(AuthorizeAttributeShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account);
var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!");
var request = new HttpRequestMessage(HttpMethod.Get, "/protected");
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html"));
request.Headers.Add("Cookie", $"access_token={accessToken}");
// Act
var response = await client.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.OK);
}
}
public async Task GetUserAuthenticatedByCookie()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account = await _fixture.TestApplication.CreateAccountAsync(
nameof(GetUserAuthenticatedByHeader),
nameof(GetUserShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account);
var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!");
var request = new HttpRequestMessage(HttpMethod.Get, "/user");
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request.Headers.Add("Cookie", $"access_token={accessToken}");
// Act
var response = await client.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.OK);
(await response.Content.ReadAsStringAsync()).Should().Be(account.Href);
}
}
public async Task DeleteCookiesProperly()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
// Create a user
var application = await _fixture.Client.GetApplicationAsync(_fixture.TestApplication.Href);
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account = await application.CreateAccountAsync(
nameof(DeleteCookiesProperly),
nameof(LogoutRouteShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account);
// Get a token
var payload = new Dictionary <string, string>
{
["grant_type"] = "password",
["username"] = email,
["password"] = "******"
};
var tokenResponse = await client.PostAsync("/oauth/token", new FormUrlEncodedContent(payload));
tokenResponse.EnsureSuccessStatusCode();
var tokenResponseContent = JsonConvert.DeserializeObject <Dictionary <string, string> >(await tokenResponse.Content.ReadAsStringAsync());
var accessToken = tokenResponseContent["access_token"];
var refreshToken = tokenResponseContent["refresh_token"];
// Create a logout request
var logoutRequest = new HttpRequestMessage(HttpMethod.Post, "/logout");
logoutRequest.Headers.Add("Cookie", $"access_token={accessToken}");
logoutRequest.Headers.Add("Cookie", $"refresh_token={refreshToken}");
logoutRequest.Content = new FormUrlEncodedContent(new KeyValuePair <string, string> [0]);
// Act
var logoutResponse = await client.SendAsync(logoutRequest);
logoutResponse.EnsureSuccessStatusCode();
// Assert
var setCookieHeaders = logoutResponse.Headers.GetValues("Set-Cookie").ToArray();
setCookieHeaders.Length.Should().Be(2);
setCookieHeaders.Should().Contain("access_token=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly");
setCookieHeaders.Should().Contain("refresh_token=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly");
}
}
public async Task HandleConcurrentRequests()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account1 = await _fixture.TestApplication.CreateAccountAsync(
nameof(HandleConcurrentRequests),
nameof(CustomDataRequirementShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account1);
account1.CustomData["testing"] = "rocks!";
await account1.SaveAsync();
var account2 = await _fixture.TestApplication.CreateAccountAsync(
$"{nameof(HandleConcurrentRequests)} #2",
nameof(CustomDataRequirementShould),
$"its-{_fixture.TestKey}[email protected]",
"Changeme123!!");
cleanup.MarkForDeletion(account2);
var accessToken1 = await _fixture.GetAccessToken(account1, "Changeme123!!");
var accessToken2 = await _fixture.GetAccessToken(account2, "Changeme123!!");
var request1 = new HttpRequestMessage(HttpMethod.Get, "/requireCustomData");
request1.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html"));
request1.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken1);
var request2 = new HttpRequestMessage(HttpMethod.Get, "/requireCustomData");
request2.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html"));
request2.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken2);
// Act
var responses = await Task.WhenAll(
client.SendAsync(request1),
client.SendAsync(request2));
// Assert
responses[0].StatusCode.Should().Be(HttpStatusCode.OK);
responses[1].StatusCode.Should().Be(HttpStatusCode.Redirect);
}
}
public async Task HandleConcurrentAuthenticatedRequests()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account1 = await _fixture.TestApplication.CreateAccountAsync(
nameof(HandleConcurrentAuthenticatedRequests),
nameof(GetUserShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account1);
var account2 = await _fixture.TestApplication.CreateAccountAsync(
$"{nameof(HandleConcurrentAuthenticatedRequests)} #2",
nameof(GetUserShould),
$"its-{_fixture.TestKey}[email protected]",
"Changeme123!!");
cleanup.MarkForDeletion(account2);
var accessToken1 = await _fixture.GetAccessToken(account1, "Changeme123!!");
var accessToken2 = await _fixture.GetAccessToken(account2, "Changeme123!!");
var request1 = new HttpRequestMessage(HttpMethod.Get, "/user");
request1.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request1.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken1);
var request2 = new HttpRequestMessage(HttpMethod.Get, "/user");
request2.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request2.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken2);
// Act
var responses = await Task.WhenAll(
client.SendAsync(request1),
client.SendAsync(request2));
// Assert
responses[0].StatusCode.Should().Be(HttpStatusCode.OK);
(await responses[0].Content.ReadAsStringAsync()).Should().Be(account1.Href);
responses[1].StatusCode.Should().Be(HttpStatusCode.OK);
(await responses[1].Content.ReadAsStringAsync()).Should().Be(account2.Href);
}
}
public async Task HandleConcurrentRequests()
{
// Arrange
var client = new TestHttpClient(_fixture);
using (var cleanup = new AutoCleanup(_fixture.Client))
{
var group = await _fixture.TestDirectory.CreateGroupAsync("adminIT", "Stormpath.AspNetCore test group");
cleanup.MarkForDeletion(group);
var email = $"its-{_fixture.TestKey}@testmail.stormpath.com";
var account = await _fixture.TestApplication.CreateAccountAsync(
nameof(HandleConcurrentRequests),
nameof(GroupsRequirementShould),
email,
"Changeme123!!");
cleanup.MarkForDeletion(account);
await account.AddGroupAsync(group);
var account2 = await _fixture.TestApplication.CreateAccountAsync(
$"{nameof(HandleConcurrentRequests)} #2",
nameof(GroupsRequirementShould),
$"its-{_fixture.TestKey}[email protected]",
"Changeme123!!");
cleanup.MarkForDeletion(account2);
var accessToken1 = await _fixture.GetAccessToken(account, "Changeme123!!");
var accessToken2 = await _fixture.GetAccessToken(account2, "Changeme123!!");
var request1 = new HttpRequestMessage(HttpMethod.Get, "/requireGroup");
request1.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html"));
request1.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken1);
var request2 = new HttpRequestMessage(HttpMethod.Get, "/requireGroup");
request2.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html"));
request2.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken2);
var grantResult3 = await _fixture.GetGrantResult(account, "Changeme123!!");
var refreshToken3 = grantResult3.RefreshTokenString;
var request3 = new HttpRequestMessage(HttpMethod.Get, "/requireGroup");
request3.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html"));
request3.Headers.Add("Cookie", new[] { $"refresh_token={refreshToken3}" });
// Act
var responses = await Task.WhenAll(
client.SendAsync(request1),
client.SendAsync(request2),
client.SendAsync(request3));
// Assert
responses[0].StatusCode.Should().Be(HttpStatusCode.OK);
responses[1].StatusCode.Should().Be(HttpStatusCode.Redirect);
responses[2].StatusCode.Should().Be(HttpStatusCode.OK);
}
}
