public async Task AllowCookieJsonRequestWithCorrectGroup() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { var group = await _fixture.TestDirectory.CreateGroupAsync("adminIT", "Stormpath.AspNetCore test group"); cleanup.MarkForDeletion(group); var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account = await _fixture.TestApplication.CreateAccountAsync( nameof(AllowCookieJsonRequestWithCorrectGroup), nameof(GroupsRequirementShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account); await account.AddGroupAsync(group); var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!"); var request = new HttpRequestMessage(HttpMethod.Get, "/requireGroup"); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request.Headers.Add("Cookie", new[] { $"access_token={accessToken}" }); // Act var response = await client.SendAsync(request); // Assert response.StatusCode.Should().Be(HttpStatusCode.OK); } }
public async Task HandleConcurrentRequests() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account1 = await _fixture.TestApplication.CreateAccountAsync( nameof(HandleConcurrentRequests), nameof(CustomDataRequirementShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account1); account1.CustomData["testing"] = "rocks!"; await account1.SaveAsync(); var account2 = await _fixture.TestApplication.CreateAccountAsync( $"{nameof(HandleConcurrentRequests)} #2", nameof(CustomDataRequirementShould), $"its-{_fixture.TestKey}[email protected]", "Changeme123!!"); cleanup.MarkForDeletion(account2); var accessToken1 = await _fixture.GetAccessToken(account1, "Changeme123!!"); var accessToken2 = await _fixture.GetAccessToken(account2, "Changeme123!!"); var request1 = new HttpRequestMessage(HttpMethod.Get, "/requireCustomData"); request1.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html")); request1.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken1); var request2 = new HttpRequestMessage(HttpMethod.Get, "/requireCustomData"); request2.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html")); request2.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken2); // Act var responses = await Task.WhenAll( client.SendAsync(request1), client.SendAsync(request2)); // Assert responses[0].StatusCode.Should().Be(HttpStatusCode.OK); responses[1].StatusCode.Should().Be(HttpStatusCode.Redirect); } }
public async Task HandleConcurrentAuthenticatedRequests() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account1 = await _fixture.TestApplication.CreateAccountAsync( nameof(HandleConcurrentAuthenticatedRequests), nameof(GetUserShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account1); var account2 = await _fixture.TestApplication.CreateAccountAsync( $"{nameof(HandleConcurrentAuthenticatedRequests)} #2", nameof(GetUserShould), $"its-{_fixture.TestKey}[email protected]", "Changeme123!!"); cleanup.MarkForDeletion(account2); var accessToken1 = await _fixture.GetAccessToken(account1, "Changeme123!!"); var accessToken2 = await _fixture.GetAccessToken(account2, "Changeme123!!"); var request1 = new HttpRequestMessage(HttpMethod.Get, "/user"); request1.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request1.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken1); var request2 = new HttpRequestMessage(HttpMethod.Get, "/user"); request2.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request2.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken2); // Act var responses = await Task.WhenAll( client.SendAsync(request1), client.SendAsync(request2)); // Assert responses[0].StatusCode.Should().Be(HttpStatusCode.OK); (await responses[0].Content.ReadAsStringAsync()).Should().Be(account1.Href); responses[1].StatusCode.Should().Be(HttpStatusCode.OK); (await responses[1].Content.ReadAsStringAsync()).Should().Be(account2.Href); } }
public async Task RedirectCookieBrowserRequestUsingRefreshToken() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account = await _fixture.TestApplication.CreateAccountAsync( nameof(RedirectCookieBrowserRequestUsingRefreshToken), nameof(GroupsRequirementShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account); var grantResult = await _fixture.GetGrantResult(account, "Changeme123!!"); var refreshToken = grantResult.RefreshTokenString; var request = new HttpRequestMessage(HttpMethod.Get, "/requireGroup"); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html")); request.Headers.Add("Cookie", new[] { $"refresh_token={refreshToken}" }); // Act var response = await client.SendAsync(request); // Assert response.StatusCode.Should().Be(HttpStatusCode.Redirect); } }
public async Task RedirectBearerBrowserRequestWithoutGroup() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account = await _fixture.TestApplication.CreateAccountAsync( nameof(RedirectBearerBrowserRequestWithoutGroup), nameof(GroupsRequirementShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account); var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!"); var request = new HttpRequestMessage(HttpMethod.Get, "/requireGroup"); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html")); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); // Act var response = await client.SendAsync(request); // Assert response.StatusCode.Should().Be(HttpStatusCode.Redirect); } }
public async Task AllowJsonRequestWithMatchingCustomData() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account = await _fixture.TestApplication.CreateAccountAsync( nameof(AllowJsonRequestWithMatchingCustomData), nameof(CustomDataRequirementShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account); account.CustomData["testing"] = "rocks!"; await account.SaveAsync(); var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!"); var request = new HttpRequestMessage(HttpMethod.Get, "/requireCustomData"); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); // Act var response = await client.SendAsync(request); // Assert response.StatusCode.Should().Be(HttpStatusCode.OK); } }
public async Task AllowBrowserRequestAuthorizedWithCookie() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account = await _fixture.TestApplication.CreateAccountAsync( nameof(AllowBrowserRequestAuthorizedWithCookie), nameof(AuthorizeAttributeShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account); var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!"); var request = new HttpRequestMessage(HttpMethod.Get, "/protected"); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html")); request.Headers.Add("Cookie", $"access_token={accessToken}"); // Act var response = await client.SendAsync(request); // Assert response.StatusCode.Should().Be(HttpStatusCode.OK); } }
public async Task GetUserAuthenticatedByCookie() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account = await _fixture.TestApplication.CreateAccountAsync( nameof(GetUserAuthenticatedByHeader), nameof(GetUserShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account); var accessToken = await _fixture.GetAccessToken(account, "Changeme123!!"); var request = new HttpRequestMessage(HttpMethod.Get, "/user"); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request.Headers.Add("Cookie", $"access_token={accessToken}"); // Act var response = await client.SendAsync(request); // Assert response.StatusCode.Should().Be(HttpStatusCode.OK); (await response.Content.ReadAsStringAsync()).Should().Be(account.Href); } }
public async Task DeleteCookiesProperly() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { // Create a user var application = await _fixture.Client.GetApplicationAsync(_fixture.TestApplication.Href); var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account = await application.CreateAccountAsync( nameof(DeleteCookiesProperly), nameof(LogoutRouteShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account); // Get a token var payload = new Dictionary <string, string> { ["grant_type"] = "password", ["username"] = email, ["password"] = "******" }; var tokenResponse = await client.PostAsync("/oauth/token", new FormUrlEncodedContent(payload)); tokenResponse.EnsureSuccessStatusCode(); var tokenResponseContent = JsonConvert.DeserializeObject <Dictionary <string, string> >(await tokenResponse.Content.ReadAsStringAsync()); var accessToken = tokenResponseContent["access_token"]; var refreshToken = tokenResponseContent["refresh_token"]; // Create a logout request var logoutRequest = new HttpRequestMessage(HttpMethod.Post, "/logout"); logoutRequest.Headers.Add("Cookie", $"access_token={accessToken}"); logoutRequest.Headers.Add("Cookie", $"refresh_token={refreshToken}"); logoutRequest.Content = new FormUrlEncodedContent(new KeyValuePair <string, string> [0]); // Act var logoutResponse = await client.SendAsync(logoutRequest); logoutResponse.EnsureSuccessStatusCode(); // Assert var setCookieHeaders = logoutResponse.Headers.GetValues("Set-Cookie").ToArray(); setCookieHeaders.Length.Should().Be(2); setCookieHeaders.Should().Contain("access_token=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly"); setCookieHeaders.Should().Contain("refresh_token=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly"); } }
public async Task HandleConcurrentRequests() { // Arrange var client = new TestHttpClient(_fixture); using (var cleanup = new AutoCleanup(_fixture.Client)) { var group = await _fixture.TestDirectory.CreateGroupAsync("adminIT", "Stormpath.AspNetCore test group"); cleanup.MarkForDeletion(group); var email = $"its-{_fixture.TestKey}@testmail.stormpath.com"; var account = await _fixture.TestApplication.CreateAccountAsync( nameof(HandleConcurrentRequests), nameof(GroupsRequirementShould), email, "Changeme123!!"); cleanup.MarkForDeletion(account); await account.AddGroupAsync(group); var account2 = await _fixture.TestApplication.CreateAccountAsync( $"{nameof(HandleConcurrentRequests)} #2", nameof(GroupsRequirementShould), $"its-{_fixture.TestKey}[email protected]", "Changeme123!!"); cleanup.MarkForDeletion(account2); var accessToken1 = await _fixture.GetAccessToken(account, "Changeme123!!"); var accessToken2 = await _fixture.GetAccessToken(account2, "Changeme123!!"); var request1 = new HttpRequestMessage(HttpMethod.Get, "/requireGroup"); request1.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html")); request1.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken1); var request2 = new HttpRequestMessage(HttpMethod.Get, "/requireGroup"); request2.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html")); request2.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken2); var grantResult3 = await _fixture.GetGrantResult(account, "Changeme123!!"); var refreshToken3 = grantResult3.RefreshTokenString; var request3 = new HttpRequestMessage(HttpMethod.Get, "/requireGroup"); request3.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("text/html")); request3.Headers.Add("Cookie", new[] { $"refresh_token={refreshToken3}" }); // Act var responses = await Task.WhenAll( client.SendAsync(request1), client.SendAsync(request2), client.SendAsync(request3)); // Assert responses[0].StatusCode.Should().Be(HttpStatusCode.OK); responses[1].StatusCode.Should().Be(HttpStatusCode.Redirect); responses[2].StatusCode.Should().Be(HttpStatusCode.OK); } }