public void LogoutCommand_StaticRun_NullcheckOptions()
{
Action a = () => LogoutCommand.Run(new HttpRequestData("GET", new Uri("http://localhost")), null, null);
a.Should().Throw <ArgumentNullException>()
.And.ParamName.Should().Be("options");
}
public void LogoutCommand_StaticRun_NullcheckRequest()
{
Action a = () => LogoutCommand.Run(null, null, StubFactory.CreateOptions());
a.Should().Throw <ArgumentNullException>()
.And.ParamName.Should().Be("request");
}
public void LogoutCommand_Run_HandlesLogoutResponse_UsesReturnPathWhenStateDisabled()
{
var response = new Saml2LogoutResponse(Saml2StatusCode.Success)
{
DestinationUrl = new Uri("http://sp.example.com/path/Saml2/logout"),
Issuer = new EntityId("https://idp.example.com"),
InResponseTo = new Saml2Id(),
SigningCertificate = SignedXmlHelper.TestCert,
SigningAlgorithm = SecurityAlgorithms.RsaSha256Signature,
RelayState = null
};
var bindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Bind(response);
var applicationPath = "http://sp-internal.example.com/path/Saml2/";
var returnPath = "http://sp-internal.example.com/path/anotherpath";
var request = new HttpRequestData("GET", bindResult.Location, applicationPath, null, null);
var options = StubFactory.CreateOptions();
options.SPOptions.Compatibility.DisableLogoutStateCookie = true;
var actual = LogoutCommand.Run(request, returnPath, options);
var expected = new CommandResult
{
Location = new Uri(returnPath),
HttpStatusCode = HttpStatusCode.SeeOther,
ClearCookieName = null
};
actual.Should().BeEquivalentTo(expected);
}
protected async override Task ApplyResponseGrantAsync()
{
var revoke = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode);
if (revoke != null)
{
var request = await Context.ToHttpRequestData(Options.DataProtector.Unprotect);
var urls = new AuthServicesUrls(request, Options.SPOptions);
string redirectUrl;
if (Context.Response.StatusCode / 100 == 3)
{
var locationUrl = Context.Response.Headers["Location"];
redirectUrl = new Uri(
new Uri(urls.ApplicationUrl.ToString().TrimEnd('/') + Context.Request.Path),
locationUrl
).ToString();
}
else
{
redirectUrl = new Uri(
urls.ApplicationUrl,
Context.Request.Path.ToUriComponent().TrimStart('/'))
.ToString();
}
LogoutCommand.Run(request, redirectUrl, Options)
.Apply(Context, Options.DataProtector);
}
await AugmentAuthenticationGrantWithLogoutClaims(Context);
}
protected async override Task ApplyResponseGrantAsync()
{
var revoke = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode);
if (revoke != null)
{
var request = await Context.ToHttpRequestData(Options.DataProtector.Unprotect);
var urls = new AuthServicesUrls(request, Options.SPOptions);
string redirectUrl = revoke.Properties.RedirectUri;
if (string.IsNullOrEmpty(redirectUrl))
{
if (Context.Response.StatusCode / 100 == 3)
{
redirectUrl = Context.Response.Headers["Location"];
}
else
{
redirectUrl = Context.Request.Path.ToUriComponent();
}
}
var result = LogoutCommand.Run(request, redirectUrl, Options);
if (!result.HandledResult)
{
result.Apply(Context, Options.DataProtector);
}
}
await AugmentAuthenticationGrantWithLogoutClaims(Context);
}
protected async override Task ApplyResponseGrantAsync()
{
// Automatically sign out, even if passive because passive sign in and auto sign out
// is typically most common scenario. Unless strict compatibility is set.
var mode = Options.SPOptions.Compatibility.StrictOwinAuthenticationMode ?
Options.AuthenticationMode : AuthenticationMode.Active;
var revoke = Helper.LookupSignOut(Options.AuthenticationType, mode);
if (revoke != null && Context.Request.Path.Value != (Options.SPOptions.ModulePath + "/Logout"))
{
var request = await Context.ToHttpRequestData(Options.CookieManager, Options.DataProtector.Unprotect);
var urls = new Saml2Urls(request, Options);
string redirectUrl = revoke.Properties.RedirectUri;
if (string.IsNullOrEmpty(redirectUrl))
{
if (Context.Response.StatusCode / 100 == 3)
{
redirectUrl = Context.Response.Headers["Location"];
}
else
{
// ApplicationUrl is base path, after consideration taken to PublicOrigin.
redirectUrl = urls.ApplicationUrl.AbsolutePath + Context.Request.Path.ToString().TrimStart('/');
}
}
var result = LogoutCommand.Run(request, redirectUrl, Options);
if (!result.HandledResult)
{
result.Apply(
Context,
Options.DataProtector,
Options.CookieManager,
Options.Notifications.EmitSameSiteNone(Request.GetUserAgent()));
}
}
await AugmentAuthenticationGrantWithLogoutClaims(Context);
}
protected async override Task ApplyResponseGrantAsync()
{
// Automatically sign out, even if passive because passive sign in and auto sign out
// is typically most common scenario. Unless strict compatibility is set.
var mode = Options.SPOptions.Compatibility.StrictOwinAuthenticationMode ?
Options.AuthenticationMode : AuthenticationMode.Active;
var revoke = Helper.LookupSignOut(Options.AuthenticationType, mode);
if (revoke != null)
{
var request = await Context.ToHttpRequestData(Options.DataProtector.Unprotect);
var urls = new AuthServicesUrls(request, Options);
string redirectUrl = revoke.Properties.RedirectUri;
if (string.IsNullOrEmpty(redirectUrl))
{
if (Context.Response.StatusCode / 100 == 3)
{
redirectUrl = Context.Response.Headers["Location"];
}
else
{
redirectUrl = Context.Request.Path.ToUriComponent();
}
}
var result = LogoutCommand.Run(request, redirectUrl, Options);
if (!result.HandledResult)
{
result.Apply(Context, Options.DataProtector);
}
}
await AugmentAuthenticationGrantWithLogoutClaims(Context);
}
