public void KnownUserFactory_OriginalUrl_InvalidUrl_Test()
{
//Arrange
string url = "http://q.queue-it.net/inqueue.aspx?q=yyyy&p=xxx&ts=345345&h=ttt";
string querystring = "q=yyyy&p=xxx&ts=345345&h=ttt";
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
//Act
try
{
KnownUserFactory.VerifyMd5Hash(SharedSecreteEventKey);
Assert.Fail();
}
catch (InvalidKnownUserUrlException ex)
{
Assert.AreEqual("http://q.queue-it.net/inqueue.aspx", ex.OriginalUrl);
}
catch (Exception)
{
Assert.Fail();
}
}
public void KnownUserFactory_VerifyMd5HashTest_BilletlugenUrl_Test()
{
//Arrange
int expectedPlaceInqueue = 7810;
Guid expectedQueueID = Guid.NewGuid();
string placeInQueueEncrypted = Hashing.EncryptPlaceInQueue(expectedPlaceInqueue);
long unixTimestamp = Hashing.GetTimestamp();
DateTime expectedTimeStamp = Hashing.TimestampToDateTime(unixTimestamp);
string urlNoHash = "http://www.billetlugen.dk/direkte/?token=ZBixHRJxbOeyWsfo3ynInq64Ngp10zvS5R2N0jaVJNijzuZpsJTfx4iwIkBpAK8q4bbgPpF2o5RRF4vlxn5OzgjBM%2ffiWNqZuvIjvyqQGbRekYeSkmd6TA%3d%3d&q=" + expectedQueueID +
"&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=";
Uri hashUri = new Uri(urlNoHash);
string hash = Hashing.GenerateMD5Hash(hashUri.AbsoluteUri, SharedSecreteEventKey);
string querystring = "token=ZBixHRJxbOeyWsfo3ynInq64Ngp10zvS5R2N0jaVJNijzuZpsJTfx4iwIkBpAK8q4bbgPpF2o5RRF4vlxn5OzgjBM%2ffiWNqZuvIjvyqQGbRekYeSkmd6TA%3d%3d&q=" + expectedQueueID + "&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=" + hash;
string url = urlNoHash + hash;
HttpRequest httpRequest = new HttpRequest(null, url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
//Act
IKnownUser knownUser = KnownUserFactory.VerifyMd5Hash(SharedSecreteEventKey);
//Assert
Assert.AreEqual(expectedQueueID, knownUser.QueueId);
Assert.IsTrue(knownUser.PlaceInQueue.HasValue);
Assert.AreEqual(expectedPlaceInqueue, knownUser.PlaceInQueue);
Assert.AreEqual(expectedTimeStamp, knownUser.TimeStamp);
}
public void KnownUserFactory_OriginalUrl_InvalidHash_Test()
{
//Arrange
Guid expectedQueueID = Guid.NewGuid();
int expectedPlaceInqueue = 7810;
string placeInQueueEncrypted = Hashing.EncryptPlaceInQueue(expectedPlaceInqueue);
long unixTimestamp = Hashing.GetTimestamp();
string urlNoHash = "http://q.queue-it.net/inqueue.aspx?q=" + expectedQueueID +
"&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=";
string hash = "f83ab33400a630043591196134a01c01"; //invalid
string querystring = "q=" + expectedQueueID + "&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=" + hash;
string url = urlNoHash + hash;
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
//Act
try
{
KnownUserFactory.VerifyMd5Hash(SharedSecreteEventKey);
Assert.Fail();
}
catch (InvalidKnownUserHashException ex)
{
Assert.AreEqual("http://q.queue-it.net/inqueue.aspx", ex.OriginalUrl);
}
catch (Exception)
{
Assert.Fail();
}
}
/// <summary>
/// Queue validation
/// </summary>
/// <remarks>
/// Please be aware that this this implementation is not done on error handling pages (e.g. Error.aspx) which will cause users to get looped arround.
/// </remarks>
protected override void OnPreInit(EventArgs e)
{
try
{
IKnownUser knownUser = KnownUserFactory.VerifyMd5Hash();
if (knownUser == null)
{
Response.Redirect("Link.aspx");
}
if (knownUser.TimeStamp < DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(3)))
{
Response.Redirect("Link.aspx");
}
PersistModel model = new PersistModel(
knownUser.QueueId,
knownUser.PlaceInQueue,
knownUser.TimeStamp);
model.Persist();
}
catch (KnownUserException ex)
{
UriBuilder targetUrl = new UriBuilder(Request.Url);
targetUrl.Path = "Link.aspx";
Response.Redirect("Error.aspx?queuename=link&t=" + HttpUtility.UrlEncode(targetUrl.Uri.AbsoluteUri));
}
base.OnPreInit(e);
}
public void CookieValidateResultRepository_SetValidationResult_CookieDomain_Test()
{
string secretKey = "acb";
string expectedCookieDomain = ".mydomain.com";
this._knownUser.Stub(knownUser => knownUser.CustomerId).Return("CustomerId");
this._knownUser.Stub(knownUser => knownUser.EventId).Return("EventId");
this._knownUser.Stub(knownUser => knownUser.QueueId).Return(Guid.NewGuid());
this._knownUser.Stub(knownUser => knownUser.OriginalUrl).Return("http://original.url/");
this._knownUser.Stub(knownUser => knownUser.PlaceInQueue).Return(5486);
this._knownUser.Stub(knownUser => knownUser.RedirectType).Return(RedirectType.Queue);
this._knownUser.Stub(knownUser => knownUser.TimeStamp).Return(DateTime.UtcNow);
this._queue.Stub(queue => queue.CustomerId).Return("CustomerId");
this._queue.Stub(queue => queue.EventId).Return("EventId");
CookieValidateResultRepository.Configure(expectedCookieDomain);
KnownUserFactory.Configure(secretKey);
CookieValidateResultRepository repository = new CookieValidateResultRepository();
AcceptedConfirmedResult result = new AcceptedConfirmedResult(this._queue, this._knownUser, true);
repository.SetValidationResult(this._queue, result);
Assert.AreEqual(1, this._response.Cookies.Count);
Assert.AreEqual(expectedCookieDomain, this._response.Cookies[0].Domain);
}
public void KnownUserFactory_OriginalUri_NoParameters_Test()
{
int expectedPlaceInqueue = 7810;
Guid expectedQueueID = Guid.NewGuid();
string placeInQueueEncrypted = Hashing.EncryptPlaceInQueue(expectedPlaceInqueue);
long unixTimestamp = Hashing.GetTimestamp();
string expectedCustomerId = "somecust";
string expectedEventId = "someevent";
Uri expectedOriginalUrl = new Uri("http://www.google.com/");
string urlNoHash = expectedOriginalUrl.OriginalString + "?q=" + expectedQueueID +
"&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&c=" + expectedCustomerId + "&e=" + expectedEventId + "&h=";
Uri hashUri = new Uri(urlNoHash);
string hash = Hashing.GenerateMD5Hash(hashUri.AbsoluteUri, SharedSecreteEventKey);
string querystring = "q=" + expectedQueueID + "&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&c=" + expectedCustomerId + "&e=" + expectedEventId + "&h=" + hash;
string url = urlNoHash + hash;
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
//Act
IKnownUser knownUser = KnownUserFactory.VerifyMd5Hash(SharedSecreteEventKey);
Assert.AreEqual(expectedOriginalUrl.AbsoluteUri.ToString(), knownUser.OriginalUrl);
}
public void CookieValidateResultRepository_SetValidationResult_CookieExpiration_Test()
{
DateTime testOffest = DateTime.UtcNow;
string secretKey = "acb";
this._knownUser.Stub(knownUser => knownUser.CustomerId).Return("CustomerId");
this._knownUser.Stub(knownUser => knownUser.EventId).Return("EventId");
this._knownUser.Stub(knownUser => knownUser.QueueId).Return(Guid.NewGuid());
this._knownUser.Stub(knownUser => knownUser.OriginalUrl).Return("http://original.url/");
this._knownUser.Stub(knownUser => knownUser.PlaceInQueue).Return(5486);
this._knownUser.Stub(knownUser => knownUser.RedirectType).Return(RedirectType.Queue);
this._knownUser.Stub(knownUser => knownUser.TimeStamp).Return(DateTime.UtcNow);
this._queue.Stub(queue => queue.CustomerId).Return("CustomerId");
this._queue.Stub(queue => queue.EventId).Return("EventId");
KnownUserFactory.Configure(secretKey);
CookieValidateResultRepository.Configure(cookieExpiration: TimeSpan.FromMinutes(5));
CookieValidateResultRepository repository = new CookieValidateResultRepository();
AcceptedConfirmedResult result = new AcceptedConfirmedResult(this._queue, this._knownUser, true);
repository.SetValidationResult(this._queue, result);
Assert.AreEqual(1, this._response.Cookies.Count);
Assert.IsTrue(this._response.Cookies[0].Expires >= testOffest.AddMinutes(5) &&
this._response.Cookies[0].Expires <= DateTime.UtcNow.AddMinutes(5));
}
public void SessionValidationController_ValidateRequest_KnownUserExpired_Test()
{
KnownUserFactory.Reset(false);
KnownUserFactory.Configure(SharedSecreteEventKey);
int expectedPlaceInqueue = 7810;
Guid expectedQueueId = Guid.NewGuid();
string placeInQueueEncrypted = Hashing.EncryptPlaceInQueue(expectedPlaceInqueue);
long unixTimestamp =
(long)(DateTime.UtcNow.AddMinutes(-4) - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds;
string urlNoHash = "http://q.queue-it.net/inqueue.aspx?c=somecust&e=someevent&q=" + expectedQueueId +
"&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=";
Uri hashUri = new Uri(urlNoHash);
string hash = Hashing.GenerateMD5Hash(hashUri.AbsoluteUri, SharedSecreteEventKey);
string querystring = "c=somecust&e=someevent&q=" + expectedQueueId +
"&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=" + hash;
string url = urlNoHash + hash;
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
SessionValidationController.ValidateRequest(
QueueFactory.CreateQueue("somecust", "someevent"));
}
public void CookieValidateResultRepository_GetValidationResult_ReadCookie_Test()
{
string secretKey = "acb";
string expectedCustomerId = "CustomerId";
string expectedEventId = "EventId";
Guid expectedQueueId = new Guid(4567846, 35, 87, 3, 5, 8, 6, 4, 8, 2, 3);
Uri expectedOriginalUrl = new Uri("http://original.url/");
int expectedPlaceInQueue = 5486;
RedirectType expectedRedirectType = RedirectType.Queue;
long expectedSecondsSince1970 = 5465468;
DateTime expectedTimeStamp = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(expectedSecondsSince1970);
string cookieName = "QueueITAccepted-SDFrts345E-" + expectedCustomerId.ToLower() + "-" + expectedEventId.ToLower();
DateTime expectedExpires = DateTime.UtcNow.AddMinutes(2);
string expectedHash = GenerateHash(
expectedQueueId.ToString(),
expectedOriginalUrl.AbsoluteUri,
expectedPlaceInQueue.ToString(),
expectedRedirectType,
expectedSecondsSince1970.ToString(),
expectedExpires,
string.Empty,
secretKey);
this._queue.Stub(queue => queue.CustomerId).Return(expectedCustomerId);
this._queue.Stub(queue => queue.EventId).Return(expectedEventId);
HttpCookie cookie = new HttpCookie(cookieName);
cookie.Values["QueueId"] = expectedQueueId.ToString();
cookie.Values["OriginalUrl"] = expectedOriginalUrl.AbsoluteUri;
cookie.Values["PlaceInQueue"] = Hashing.EncryptPlaceInQueue(expectedPlaceInQueue);
cookie.Values["RedirectType"] = expectedRedirectType.ToString();
cookie.Values["TimeStamp"] = expectedSecondsSince1970.ToString();
cookie.Values["Hash"] = expectedHash;
cookie.Values["Expires"] = expectedExpires.ToString("o");
cookie.HttpOnly = true;
this._request.Cookies.Add(cookie);
KnownUserFactory.Configure(secretKey);
CookieValidateResultRepository repository = new CookieValidateResultRepository();
AcceptedConfirmedResult actualResult = repository.GetValidationResult(this._queue) as AcceptedConfirmedResult;
Assert.IsNotNull(actualResult);
Assert.AreEqual(this._queue, actualResult.Queue);
Assert.AreEqual(expectedCustomerId, actualResult.KnownUser.CustomerId);
Assert.AreEqual(expectedEventId, actualResult.KnownUser.EventId);
Assert.AreEqual(expectedQueueId, actualResult.KnownUser.QueueId);
Assert.AreEqual(expectedOriginalUrl, actualResult.KnownUser.OriginalUrl);
Assert.AreEqual(expectedPlaceInQueue, actualResult.KnownUser.PlaceInQueue);
Assert.AreEqual(expectedRedirectType, actualResult.KnownUser.RedirectType);
Assert.AreEqual(expectedTimeStamp, actualResult.KnownUser.TimeStamp);
}
public void TestInitialize()
{
this._resultRepository = new MockValidationResultRepository();
KnownUserFactory.Reset(false);
KnownUserFactory.Configure(secretKey: SharedSecreteEventKey);
QueueFactory.Reset();
QueueFactory.Configure();
SessionValidationController.Configure(validationResultProviderFactory: () => this._resultRepository);
HttpContext.Current = new HttpContext(
new HttpRequest("", "http://some.url", "someprop=somevalue&another=value"),
new HttpResponse(null));
}
public void KnownUserFactory_VerifyMd5Hash_OnlyTSParameter_Test()
{
string sharedSecreteEventKey = "9d919dfb-00e2-4919-8695-469f5ebc91f7930edb9f-2339-4deb-864e-5f26269691b6";
string url =
"http://www.google.com/";
string querystring =
"ts=" + Hashing.GetTimestamp();
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
KnownUserFactory.VerifyMd5Hash(sharedSecreteEventKey);
}
public void CookieValidateResultRepository_GetValidationResult_NoCookie_Test()
{
string secretKey = "acb";
this._queue.Stub(queue => queue.CustomerId).Return("CustomerId");
this._queue.Stub(queue => queue.EventId).Return("EventId");
KnownUserFactory.Configure(secretKey);
CookieValidateResultRepository repository = new CookieValidateResultRepository();
IValidateResult actualResult = repository.GetValidationResult(this._queue);
Assert.IsNull(actualResult);
}
public void CookieValidateResultRepository_SetValidationResult_WriteCookie_Hash_Test()
{
string secretKey = "acb";
string expectedCustomerId = "CustomerId";
string expectedEventId = "EventId";
Guid expectedQueueId = Guid.Empty;
string expectedOriginalUrl = "http://original.url/";
int expectedPlaceInQueue = 0;
RedirectType expectedRedirectType = RedirectType.Idle;
long expectedSecondsSince1970 = 0;
DateTime expectedTimeStamp = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(expectedSecondsSince1970);
string expectedCookieName = "QueueITAccepted-SDFrts345E-" + expectedCustomerId.ToLower() + "-" + expectedEventId.ToLower();
DateTime expectedExpires = DateTime.UtcNow.AddMinutes(2);
string expectedHash = GenerateHash(
expectedQueueId.ToString(),
expectedOriginalUrl,
expectedPlaceInQueue.ToString(),
expectedRedirectType,
expectedSecondsSince1970.ToString(),
expectedExpires,
string.Empty,
secretKey);
this._knownUser.Stub(knownUser => knownUser.CustomerId).Return(expectedCustomerId);
this._knownUser.Stub(knownUser => knownUser.EventId).Return(expectedEventId);
this._knownUser.Stub(knownUser => knownUser.QueueId).Return(expectedQueueId);
this._knownUser.Stub(knownUser => knownUser.OriginalUrl).Return(expectedOriginalUrl);
this._knownUser.Stub(knownUser => knownUser.PlaceInQueue).Return(expectedPlaceInQueue);
this._knownUser.Stub(knownUser => knownUser.RedirectType).Return(expectedRedirectType);
this._knownUser.Stub(knownUser => knownUser.TimeStamp).Return(expectedTimeStamp);
this._queue.Stub(queue => queue.CustomerId).Return(expectedCustomerId);
this._queue.Stub(queue => queue.EventId).Return(expectedEventId);
CookieValidateResultRepository.Configure(null);
KnownUserFactory.Configure(secretKey);
CookieValidateResultRepository repository = new CookieValidateResultRepository();
AcceptedConfirmedResult result = new AcceptedConfirmedResult(this._queue, this._knownUser, true);
repository.SetValidationResult(this._queue, result, expectedExpires);
Assert.AreEqual(1, this._response.Cookies.Count);
Assert.AreEqual(expectedCookieName, this._response.Cookies[0].Name);
Assert.AreEqual(expectedHash, this._response.Cookies[0]["Hash"]);
}
public void KnownUserFactory_VerifyMd5Hash_NoParameters_Test()
{
string sharedSecreteEventKey = "9d919dfb-00e2-4919-8695-469f5ebc91f7930edb9f-2339-4deb-864e-5f26269691b6";
string url =
"http://www.google.com/";
string querystring =
"x=sdf";
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
IKnownUser knownUser = KnownUserFactory.VerifyMd5Hash(sharedSecreteEventKey);
Assert.IsNull(knownUser);
}
public void QueueFactory_GetQueueUrl_IncludeTarget_Test()
{
string expectedCustomerId = "customerid";
string expectedEventId = "eventid";
string expectedTarget = "http://target.url/?someprop=somevalue&another=value";
string expectedQueueUrl = "&t=" + HttpUtility.UrlEncode(expectedTarget);
KnownUserFactory.Configure(urlProviderFactory: () => new MockKnownUserUrlProvicer(expectedTarget));
IQueue queue = QueueFactory.CreateQueue(expectedCustomerId, expectedEventId);
string actualQueueUrl = queue.GetQueueUrl(includeTargetUrl: true);
Assert.IsTrue(actualQueueUrl.Contains(expectedQueueUrl));
}
public void KnownUserFactory_VerifyMd5Hash_EmptyQueueId_Test()
{
string sharedSecreteEventKey = "9d919dfb-00e2-4919-8695-469f5ebc91f7930edb9f-2339-4deb-864e-5f26269691b6";
string url =
"http://www.google.com/";
string querystring =
"q=00000000-0000-0000-0000-000000000000&p=ac498cf9-9b9d-4014-a9d5-6794af9bae43&ts=1346745696&h=8541c1937f5b7211a5008326e9d997dc";
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
IKnownUser knownUser = KnownUserFactory.VerifyMd5Hash(sharedSecreteEventKey);
Assert.AreEqual(Guid.Empty, knownUser.QueueId);
Assert.AreEqual(null, knownUser.PlaceInQueue);
}
public void CookieValidateResultRepository_SetValidationResult_WriteCookie_Test()
{
string secretKey = "acb";
string expectedCustomerId = "CustomerId";
string expectedEventId = "EventId";
Guid expectedQueueId = new Guid(4567846, 35, 87, 3, 5, 8, 6, 4, 8, 2, 3);
string expectedOriginalUrl = "http://original.url/";
int expectedPlaceInQueue = 5486;
RedirectType expectedRedirectType = RedirectType.Queue;
long expectedSecondsSince1970 = 5465468;
DateTime expectedTimeStamp = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(expectedSecondsSince1970);
string expectedCookieName = "QueueITAccepted-SDFrts345E-" + expectedCustomerId.ToLower() + "-" + expectedEventId.ToLower();
this._knownUser.Stub(knownUser => knownUser.CustomerId).Return(expectedCustomerId);
this._knownUser.Stub(knownUser => knownUser.EventId).Return(expectedEventId);
this._knownUser.Stub(knownUser => knownUser.QueueId).Return(expectedQueueId);
this._knownUser.Stub(knownUser => knownUser.OriginalUrl).Return(expectedOriginalUrl);
this._knownUser.Stub(knownUser => knownUser.PlaceInQueue).Return(expectedPlaceInQueue);
this._knownUser.Stub(knownUser => knownUser.RedirectType).Return(expectedRedirectType);
this._knownUser.Stub(knownUser => knownUser.TimeStamp).Return(expectedTimeStamp);
this._queue.Stub(queue => queue.CustomerId).Return(expectedCustomerId);
this._queue.Stub(queue => queue.EventId).Return(expectedEventId);
CookieValidateResultRepository.Configure(null);
KnownUserFactory.Configure(secretKey);
CookieValidateResultRepository repository = new CookieValidateResultRepository();
AcceptedConfirmedResult result = new AcceptedConfirmedResult(this._queue, this._knownUser, true);
repository.SetValidationResult(this._queue, result);
Assert.AreEqual(1, this._response.Cookies.Count);
Assert.AreEqual(expectedCookieName, this._response.Cookies[0].Name);
Assert.IsNull(this._response.Cookies[0].Domain);
Assert.IsTrue(this._response.Cookies[0].HttpOnly);
Assert.IsTrue(this._response.Cookies[0].Expires > DateTime.UtcNow.AddMinutes(19).AddSeconds(50));
Assert.IsTrue(this._response.Cookies[0].Expires < DateTime.UtcNow.AddMinutes(20).AddSeconds(10));
Assert.AreEqual(expectedQueueId.ToString(), this._response.Cookies[0]["QueueId"]);
Assert.AreEqual(expectedSecondsSince1970.ToString(), this._response.Cookies[0]["TimeStamp"]);
Assert.AreEqual(expectedRedirectType.ToString(), this._response.Cookies[0]["RedirectType"]);
Assert.AreEqual(expectedPlaceInQueue, Hashing.DecryptPlaceInQueue(this._response.Cookies[0]["PlaceInQueue"]));
}
private static void RunVerifyMd5HashTest(
bool configLoaded,
string sharedSecreteEventKey = null,
string prefix = null,
string redirectTypeString = null,
RedirectType redirectType = RedirectType.Unknown)
{
//Arrange
int expectedPlaceInqueue = 7810;
Guid expectedQueueId = Guid.NewGuid();
string placeInQueueEncrypted = Hashing.EncryptPlaceInQueue(expectedPlaceInqueue);
long unixTimestamp = Hashing.GetTimestamp();
DateTime expectedTimeStamp = Hashing.TimestampToDateTime(unixTimestamp);
string expectedCustomerId = "somecust";
string expectedEventId = "someevent";
string urlNoHash = "http://q.queue-it.net/inqueue.aspx?" + prefix + "c=somecust&" + prefix + "e=someevent&" + prefix + "q=" + expectedQueueId +
"&" + prefix + "p=" + placeInQueueEncrypted + "&" + prefix + "ts=" + unixTimestamp + "&" + prefix + "rt=" + redirectTypeString + "&" + prefix + "h=";
Uri hashUri = new Uri(urlNoHash);
string hash = Hashing.GenerateMD5Hash(hashUri.AbsoluteUri, SharedSecreteEventKey);
string querystring = prefix + "c=somecust&" + prefix + "e=someevent&" + prefix + "q=" + expectedQueueId +
"&" + prefix + "p=" + placeInQueueEncrypted + "&" + prefix + "ts=" + unixTimestamp + "&" + prefix + "rt=" + redirectTypeString + "&" + prefix + "h=" + hash;
string url = urlNoHash + hash;
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
//Act
IKnownUser knownUser = KnownUserFactory.VerifyMd5Hash(
configLoaded ? sharedSecreteEventKey : SharedSecreteEventKey,
querystringPrefix: configLoaded ? null : prefix);
//Assert
Assert.IsNotNull(knownUser);
Assert.AreEqual(expectedQueueId, knownUser.QueueId);
Assert.IsTrue(knownUser.PlaceInQueue.HasValue);
Assert.AreEqual(expectedPlaceInqueue, knownUser.PlaceInQueue);
Assert.AreEqual(expectedTimeStamp, knownUser.TimeStamp);
Assert.AreEqual(expectedCustomerId, knownUser.CustomerId);
Assert.AreEqual(redirectType, knownUser.RedirectType);
Assert.AreEqual(expectedEventId, knownUser.EventId);
}
public void KnownUserFactory_VerifyMd5HashTest_InvalidPlaceInQueue_Test()
{
//Arrange
Guid expectedQueueID = Guid.NewGuid();
string placeInQueueEncrypted = "b89a605c-8f51-4769-a1ee-5e22c30fd754"; //invalid
long unixTimestamp = Hashing.GetTimestamp();
string urlNoHash = "http://q.queue-it.net/inqueue.aspx?c=mpro&e=hashingtest&q=" + expectedQueueID +
"&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=";
Uri hashUri = new Uri(urlNoHash);
string hash = Hashing.GenerateMD5Hash(hashUri.AbsoluteUri, SharedSecreteEventKey);
string querystring = "c=mpro&e=hashingtest&q=" + expectedQueueID + "&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=" + hash;
string url = urlNoHash + hash;
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
//Act
KnownUserFactory.VerifyMd5Hash(SharedSecreteEventKey);
}
public void KnownUserFactory_VerifyMd5HashTest_InvalidHash_Test()
{
//Arrange
Guid expectedQueueID = Guid.NewGuid();
int expectedPlaceInqueue = 7810;
string placeInQueueEncrypted = Hashing.EncryptPlaceInQueue(expectedPlaceInqueue);
long unixTimestamp = Hashing.GetTimestamp();
string urlNoHash = "http://q.queue-it.net/inqueue.aspx?c=mpro&e=hashingtest&q=" + expectedQueueID +
"&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=";
string hash = "f83ab33400a630043591196134a01c01"; //invalid
string querystring = "c=mpro&e=hashingtest&q=" + expectedQueueID + "&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=" + hash;
string url = urlNoHash + hash;
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
//Act
KnownUserFactory.VerifyMd5Hash(SharedSecreteEventKey);
}
public void KnownUserFactory_VerifyMd5HashTest_InvalidTimeStamp_Test()
{
//Arrange
Guid expectedQueueID = Guid.NewGuid();
int expectedPlaceInqueue = 7810;
string placeInQueueEncrypted = Hashing.EncryptPlaceInQueue(expectedPlaceInqueue);
string urlNoHash = "http://q.queue-it.net/inqueue.aspx?c=mpro&e=hashingtest&q=" + expectedQueueID +
"&p=" + placeInQueueEncrypted + "&ts=invalid&h=";
Uri hashUri = new Uri(urlNoHash);
string hash = Hashing.GenerateMD5Hash(hashUri.AbsoluteUri, SharedSecreteEventKey);
string querystring = "c=mpro&e=hashingtest&q=" + expectedQueueID + "&p=" + placeInQueueEncrypted + "&ts=invalid&h=" + hash;
string url = urlNoHash + hash;
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
//Act
KnownUserFactory.VerifyMd5Hash(SharedSecreteEventKey);
}
public void CookieValidateResultRepository_SetValidationResult_NotAccepted_NoCookie_Test()
{
this._knownUser.Stub(knownUser => knownUser.CustomerId).Return("CustomerId");
this._knownUser.Stub(knownUser => knownUser.EventId).Return("EventId");
this._knownUser.Stub(knownUser => knownUser.QueueId).Return(Guid.NewGuid());
this._knownUser.Stub(knownUser => knownUser.OriginalUrl).Return("http://original.url/");
this._knownUser.Stub(knownUser => knownUser.PlaceInQueue).Return(5486);
this._knownUser.Stub(knownUser => knownUser.RedirectType).Return(RedirectType.Queue);
this._knownUser.Stub(knownUser => knownUser.TimeStamp).Return(DateTime.UtcNow);
this._queue.Stub(queue => queue.CustomerId).Return("CustomerId");
this._queue.Stub(queue => queue.EventId).Return("EventId");
KnownUserFactory.Configure("acb");
CookieValidateResultRepository repository = new CookieValidateResultRepository();
EnqueueResult result = new EnqueueResult(this._queue, "http://q.queue-it.net/");
repository.SetValidationResult(this._queue, result);
Assert.AreEqual(0, this._response.Cookies.Count);
}
public void SessionValidationController_ValidateRequest_KnownUserAccepted_Test()
{
KnownUserFactory.Reset(false);
KnownUserFactory.Configure(SharedSecreteEventKey);
int expectedPlaceInqueue = 7810;
Guid expectedQueueId = Guid.NewGuid();
string placeInQueueEncrypted = Hashing.EncryptPlaceInQueue(expectedPlaceInqueue);
long unixTimestamp = Hashing.GetTimestamp();
string urlNoHash = "http://q.queue-it.net/inqueue.aspx?c=somecust&e=someevent&q=" + expectedQueueId +
"&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=";
Uri hashUri = new Uri(urlNoHash);
string hash = Hashing.GenerateMD5Hash(hashUri.AbsoluteUri, SharedSecreteEventKey);
string querystring = "c=somecust&e=someevent&q=" + expectedQueueId +
"&p=" + placeInQueueEncrypted + "&ts=" + unixTimestamp + "&h=" + hash;
string url = urlNoHash + hash;
HttpRequest httpRequest = new HttpRequest("inqueue.aspx", url, querystring);
HttpContext.Current = new HttpContext(httpRequest, new HttpResponse(null));
AcceptedConfirmedResult firstResult = SessionValidationController.ValidateRequest(
QueueFactory.CreateQueue("somecust", "someevent")) as AcceptedConfirmedResult;
Assert.IsNotNull(firstResult);
Assert.AreEqual(true, firstResult.IsInitialValidationRequest);
Assert.AreEqual(expectedQueueId, firstResult.KnownUser.QueueId);
AcceptedConfirmedResult secondResult = SessionValidationController.ValidateRequest(
QueueFactory.CreateQueue("somecust", "someevent")) as AcceptedConfirmedResult;
Assert.IsNotNull(secondResult);
Assert.IsFalse(secondResult.IsInitialValidationRequest);
}
public void CookieValidateResultRepository_GetValidationResult_ModifiedCookie_Test()
{
string secretKey = "acb";
string expectedCustomerId = "CustomerId";
string expectedEventId = "EventId";
Guid expectedQueueId = new Guid(4567846, 35, 87, 3, 5, 8, 6, 4, 8, 2, 3);
Uri expectedOriginalUrl = new Uri("http://original.url/");
int expectedPlaceInQueue = 5486;
RedirectType expectedRedirectType = RedirectType.Queue;
long expectedSecondsSince1970 = 5465468;
DateTime expectedTimeStamp = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(expectedSecondsSince1970);
string cookieName = "QueueITAccepted-SDFrts345E-" + expectedCustomerId.ToLower() + "-" + expectedEventId.ToLower();
string expectedHash = "D5-48-23-FE-D0-42-D0-59-88-39-AB-D0-CA-A0-18-5D-B8-21-2C-A7-62-A9-65-73-62-68-74-C5-1C-50-09-BA";
this._queue.Stub(queue => queue.CustomerId).Return(expectedCustomerId);
this._queue.Stub(queue => queue.EventId).Return(expectedEventId);
HttpCookie cookie = new HttpCookie(cookieName);
cookie.Values["QueueId"] = expectedQueueId.ToString();
cookie.Values["OriginalUrl"] = expectedOriginalUrl.AbsoluteUri;
cookie.Values["PlaceInQueue"] = Hashing.EncryptPlaceInQueue(expectedPlaceInQueue - 10);
cookie.Values["RedirectType"] = expectedRedirectType.ToString();
cookie.Values["TimeStamp"] = expectedSecondsSince1970.ToString();
cookie.Values["Hash"] = expectedHash;
this._request.Cookies.Add(cookie);
KnownUserFactory.Configure(secretKey);
CookieValidateResultRepository repository = new CookieValidateResultRepository();
AcceptedConfirmedResult actualResult = repository.GetValidationResult(this._queue) as AcceptedConfirmedResult;
Assert.IsNull(actualResult);
}
/// <summary>
///
/// </summary>
/// <param name="filterContext">The Action Executing Filter Context</param>
public sealed override void OnActionExecuting(ActionExecutingContext filterContext)
{
try
{
IKnownUser knownUser = KnownUserFactory.VerifyMd5Hash();
if (knownUser == null)
{
throw new UnverifiedKnownUserException();
}
foreach (var value in filterContext.ActionParameters.Values)
{
if (value is KnownUserModel)
{
(value as KnownUserModel).KnownUser = knownUser;
}
}
}
catch (KnownUserException ex)
{
OnException(filterContext, ex);
}
}
public void CookieValidateResultRepository_GetValidationResult_IdleQueue_NoRenewCookie_Test()
{
string secretKey = "acb";
string expectedCustomerId = "CustomerId";
string expectedEventId = "EventId";
Guid expectedQueueId = Guid.Empty;
Uri expectedOriginalUrl = new Uri("http://original.url/");
int expectedPlaceInQueue = 0;
RedirectType expectedRedirectType = RedirectType.Idle;
long expectedSecondsSince1970 = 0;
string cookieName = "QueueITAccepted-SDFrts345E-" + expectedCustomerId.ToLower() + "-" + expectedEventId.ToLower();
string expectedHash = "17-77-3F-7D-2E-10-B1-F0-9B-41-5A-DD-37-BB-8E-3A-F7-0B-F2-9F-E3-3B-2B-F5-83-CE-88-C5-8C-15-26-B4";
this._queue.Stub(queue => queue.CustomerId).Return(expectedCustomerId);
this._queue.Stub(queue => queue.EventId).Return(expectedEventId);
HttpCookie cookie = new HttpCookie(cookieName);
cookie.Values["QueueId"] = expectedQueueId.ToString();
cookie.Values["OriginalUrl"] = expectedOriginalUrl.AbsoluteUri;
cookie.Values["PlaceInQueue"] = Hashing.EncryptPlaceInQueue(expectedPlaceInQueue);
cookie.Values["RedirectType"] = expectedRedirectType.ToString();
cookie.Values["TimeStamp"] = expectedSecondsSince1970.ToString();
cookie.Values["Hash"] = expectedHash;
this._request.Cookies.Add(cookie);
KnownUserFactory.Configure(secretKey);
CookieValidateResultRepository repository = new CookieValidateResultRepository();
repository.GetValidationResult(this._queue);
Assert.AreEqual(0, this._response.Cookies.Count);
}
static CodeOnlyController()
{
KnownUserFactory.Configure("a774b1e2-8da7-4d51-b1a9-7647147bb13bace77210-a488-4b6f-afc9-8ba94551a7d7");
}
public void KnownUserFactory_Configure_Test()
{
KnownUserFactory.Configure(SharedSecreteEventKey, querystringPrefix: "prefix");
RunVerifyMd5HashTest(false, null, "prefix");
}
public void KnownUserFactory_VerifyMd5HashTest_ConfigurationSection_Test()
{
KnownUserFactory.Reset(true);
RunVerifyMd5HashTest(true, null, "prefix");
}
static CodeOnly()
{
// Configure the shared key (should be done once - e.g. in global.asax)
KnownUserFactory.Configure("a774b1e2-8da7-4d51-b1a9-7647147bb13bace77210-a488-4b6f-afc9-8ba94551a7d7");
}
