Esempio n. 1
0
        public async Task when_setting_disabled_logout_should_not_revoke_refreshtoken()
        {
            BffHost.BffOptions.RevokeRefreshTokenOnLogout = false;
            await BffHost.InitializeAsync();

            await BffHost.BffLoginAsync("alice", "sid");

            {
                var store  = IdentityServerHost.Resolve <IPersistedGrantStore>();
                var grants = await store.GetAllAsync(new PersistedGrantFilter
                {
                    SubjectId = "alice"
                });

                var rt = grants.Single(x => x.Type == "refresh_token");
                rt.Should().NotBeNull();
            }

            await BffHost.BffLogoutAsync("sid");

            {
                var store  = IdentityServerHost.Resolve <IPersistedGrantStore>();
                var grants = await store.GetAllAsync(new PersistedGrantFilter
                {
                    SubjectId = "alice"
                });

                var rt = grants.Single(x => x.Type == "refresh_token");
                rt.Should().NotBeNull();
            }
        }
Esempio n. 2
0
        static IdentityServerHostTests()
        {
            var apiResources = new[]
            {
                new ApiResource("identityserverhost")
                {
                    Scopes = new List <Scope> {
                        new Scope("identityserverhost")
                    },
                    ApiSecrets = new List <Secret> {
                        new Secret("testsecret".Sha256())
                    }
                }
            };

            var clients = new[]
            {
                new Client
                {
                    ClientId          = "testclient",
                    ClientSecrets     = new[] { new Secret("clientsecret".Sha256()) },
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    AllowedScopes     = new[] { "identityserverhost" }
                }
            };

            var configuration = new IdentityServerHostConfiguration().AddApiResources(apiResources).AddClients(clients);

            identityServerHost = new IdentityServerHost(configuration);
            identityServerHost.Start();
        }
Esempio n. 3
0
        public static TokenClient GetTokenClient(this IdentityServerHost identityServerHost)
        {
            var discoveryClient = identityServerHost.GetDiscoveryClient();
            var doc             = discoveryClient.GetAsync().Result;

            return(new TokenClient(doc.TokenEndpoint, "testclient", "clientsecret"));
        }
        public async Task when_BackchannelLogoutAllUserSessions_is_true_backchannel_logout_should_logout_all_sessions()
        {
            BffHost.BffOptions.BackchannelLogoutAllUserSessions = true;

            await BffHost.BffLoginAsync("alice", "sid1");

            BffHost.BrowserClient.RemoveCookie("bff");
            await BffHost.BffLoginAsync("alice", "sid2");

            {
                var store    = BffHost.Resolve <IUserSessionStore>();
                var sessions = await store.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });

                sessions.Count().Should().Be(2);
            }

            await IdentityServerHost.RevokeSessionCookieAsync();

            {
                var store    = BffHost.Resolve <IUserSessionStore>();
                var sessions = await store.GetUserSessionsAsync(new UserSessionsFilter { SubjectId = "alice" });

                sessions.Should().BeEmpty();
            }
        }
Esempio n. 5
0
        public static IntrospectionClient GetIntroClient(this IdentityServerHost identityServerHost)
        {
            var discoveryClient = identityServerHost.GetDiscoveryClient();
            var doc             = discoveryClient.GetAsync().Result;

            return(new IntrospectionClient(doc.IntrospectionEndpoint, "identityserverhost", "testsecret"));
        }
Esempio n. 6
0
        public async Task backchannel_logout_endpoint_should_revoke_refreshtoken()
        {
            await BffHost.BffLoginAsync("alice", "sid123");

            {
                var store  = IdentityServerHost.Resolve <IPersistedGrantStore>();
                var grants = await store.GetAllAsync(new PersistedGrantFilter
                {
                    SubjectId = "alice"
                });

                var rt = grants.Single(x => x.Type == "refresh_token");
                rt.Should().NotBeNull();
            }

            await IdentityServerHost.RevokeSessionCookieAsync();

            {
                var store  = IdentityServerHost.Resolve <IPersistedGrantStore>();
                var grants = await store.GetAllAsync(new PersistedGrantFilter
                {
                    SubjectId = "alice"
                });

                var rt = grants.Should().BeEmpty();
            }
        }
        public async Task backchannel_logout_endpoint_should_signout()
        {
            await BffHost.BffLoginAsync("alice", "sid123");

            await IdentityServerHost.RevokeSessionCookieAsync();

            (await BffHost.GetIsUserLoggedInAsync()).Should().BeFalse();
        }
Esempio n. 8
0
        public async Task login_endpoint_with_existing_session_should_challenge()
        {
            await BffHost.BffLoginAsync("alice");

            var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"));

            response.StatusCode.Should().Be(HttpStatusCode.Redirect);
            response.Headers.Location.ToString().Should().StartWith(IdentityServerHost.Url("/connect/authorize"));
        }
        public async Task backchannel_logout_endpoint_for_incorrect_sid_should_not_logout_user()
        {
            await BffHost.BffLoginAsync("alice", "sid123");

            await IdentityServerHost.CreateIdentityServerSessionCookieAsync("alice", "sid999");

            await IdentityServerHost.RevokeSessionCookieAsync();

            (await BffHost.GetIsUserLoggedInAsync()).Should().BeTrue();
        }
Esempio n. 10
0
        public async Task login_endpoint_should_challenge_and_redirect_to_root()
        {
            var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"));

            response.StatusCode.Should().Be(HttpStatusCode.Redirect);
            response.Headers.Location.ToString().Should().StartWith(IdentityServerHost.Url("/connect/authorize"));

            await IdentityServerHost.IssueSessionCookieAsync("alice");

            response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());

            response.StatusCode.Should().Be(HttpStatusCode.Redirect);
            response.Headers.Location.ToString().Should().StartWith(BffHost.Url("/signin-oidc"));

            response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());

            response.StatusCode.Should().Be(HttpStatusCode.Redirect);
            response.Headers.Location.ToString().Should().Be("/");
        }
Esempio n. 11
0
        public async Task login_endpoint_should_challenge_and_redirect_to_root_with_custom_prefix_trailing_slash()
        {
            BffHost.BffOptions.ManagementBasePath = "/custom/bff/";
            await BffHost.InitializeAsync();

            var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/custom/bff/login"));

            response.StatusCode.Should().Be(HttpStatusCode.Redirect);
            response.Headers.Location.ToString().Should().StartWith(IdentityServerHost.Url("/connect/authorize"));

            await IdentityServerHost.IssueSessionCookieAsync("alice");

            response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());

            response.StatusCode.Should().Be(HttpStatusCode.Redirect);
            response.Headers.Location.ToString().Should().StartWith(BffHost.Url("/signin-oidc"));

            response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());

            response.StatusCode.Should().Be(HttpStatusCode.Redirect);
            response.Headers.Location.ToString().Should().Be("/");
        }
Esempio n. 12
0
 public static DiscoveryClient GetDiscoveryClient(this IdentityServerHost identityServerHost)
 => new DiscoveryClient(identityServerHost.BaseAddress.ToString());
Esempio n. 13
0
        public async Task unauthenticated_non_bff_endpoint_should_return_302_for_login()
        {
            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/always_fail_authz_non_bff_endpoint"));

            req.Headers.Add("x-csrf", "1");
            var response = await BffHost.BrowserClient.SendAsync(req);

            response.StatusCode.Should().Be(HttpStatusCode.Redirect);
            response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/authorize"));
        }
Esempio n. 14
0
        public async Task logout_endpoint_for_authenticated_user_without_sid_should_succeed()
        {
            // workaround for RevokeUserRefreshTokenAsync throwing when no RT in session
            BffHost.BffOptions.RevokeRefreshTokenOnLogout = false;
            await BffHost.InitializeAsync();

            await BffHost.IssueSessionCookieAsync("alice");

            var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));

            response.StatusCode.Should().Be(302); // endsession
            response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
        }
Esempio n. 15
0
        public async Task logout_endpoint_should_accept_returnUrl()
        {
            await BffHost.BffLoginAsync("alice", "sid123");

            var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=sid123&returnUrl=/foo");

            response.StatusCode.Should().Be(302); // endsession
            response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));

            response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());

            response.StatusCode.Should().Be(302); // logout
            response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/account/logout"));

            response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());

            response.StatusCode.Should().Be(302); // post logout redirect uri
            response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(BffHost.Url("/signout-callback-oidc"));

            response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());

            response.StatusCode.Should().Be(302); // root
            response.Headers.Location.ToString().ToLowerInvariant().Should().Be("/foo");
        }
Esempio n. 16
0
        public async Task logout_endpoint_for_anonymous_user_without_sid_should_succeed()
        {
            var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));

            response.StatusCode.Should().Be(302); // endsession
            response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
        }
Esempio n. 17
0
        public async Task logout_endpoint_for_authenticated_when_require_otpion_is_false_should_not_require_sid()
        {
            await BffHost.BffLoginAsync("alice", "sid123");

            BffHost.BffOptions.RequireLogoutSessionId = false;

            var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));

            response.StatusCode.Should().Be(302); // endsession
            response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
        }