public async Task SessionMiddleware_WonfigureCookieLifetime_ShouldSetCookieExpiration()
{
var options = new SessionMiddlewareOptions();
options.CookieLifetime = TimeSpan.FromHours(1);
using (var server = TestServer.Create(Startup(options)))
{
var response = await server.CreateRequest("/").GetAsync();
var cookie = response.Headers.GetValues("Set-Cookie").First();
var match = Regex.Match(cookie, CookieRegex);
Assert.That(match.Success, Is.True, "Cookie didn't match regex");
Assert.That(match.Groups["domain"].Success, Is.False, "Domain should not be set");
Assert.That(match.Groups["path"].Value, Is.EqualTo("/"), "Invalid path value");
Assert.That(match.Groups["expires"].Success, Is.True, "Expires not found");
Assert.That(match.Groups["secure"].Success, Is.True, "Secure flag not found");
Assert.That(match.Groups["httponly"].Success, Is.True, "HttpOnly flag not found");
DateTimeOffset expiresAt;
Assert.That(DateTimeOffset.TryParse(match.Groups["expires"].Value, out expiresAt), Is.True, "Failed to parse expires field");
var difference = expiresAt - DateTime.UtcNow - TimeSpan.FromHours(1);
Assert.That(difference.TotalSeconds, Is.GreaterThan(-1).And.LessThanOrEqualTo(0));
}
}
public async Task SessionMiddleware_RequestWithoutSessionCookie_ShouldNotLookupSessionInStore()
{
var options = new SessionMiddlewareOptions();
options.Store = _storeMock.Object;
using (var server = TestServer.Create(Startup(options)))
await server.CreateRequest("/").GetAsync();
_storeMock.Verify(x => x.FindById(It.IsAny <string>()), Times.Never);
}
public async Task SessionMiddleware_RequestWithoutSessionCookie_NotAddingProperties_ShouldNotAddSessionToStore()
{
var options = new SessionMiddlewareOptions();
options.Store = _storeMock.Object;
using (var server = TestServer.Create(Startup(options)))
await server.CreateRequest("/").GetAsync();
_storeMock.Verify(x => x.Add(It.IsAny <string>(), It.IsAny <IEnumerable <KeyValuePair <string, object> > >()), Times.Never);
_storeMock.Verify(x => x.Update(It.IsAny <string>(), It.IsAny <IEnumerable <KeyValuePair <string, object> > >()), Times.Never);
_storeMock.Verify(x => x.Delete(It.IsAny <string>()), Times.Never);
}
public async Task SessionMiddleware_RequestWithoutSessionCookie_AddPropertyToSession_ShouldAddSessionToStore()
{
var options = new SessionMiddlewareOptions();
options.Store = _storeMock.Object;
options.UniqueSessionIdGenerator = () => "abc123";
using (var server = TestServer.Create(Startup(options, ctx => ctx.GetSessionContext().AddOrUpdate("A", 1))))
await server.CreateRequest("/").GetAsync();
_storeMock.Verify(x => x.Add("abc123", new[] { Kvp("A", 1) }), Times.Once);
_storeMock.Verify(x => x.Update(It.IsAny <string>(), It.IsAny <IEnumerable <KeyValuePair <string, object> > >()), Times.Never);
_storeMock.Verify(x => x.Delete(It.IsAny <string>()), Times.Never);
}
public async Task SessionMiddleware_RequestWithSessionCookie_ShouldLookupSessionForGivenSessionIdInStore()
{
var options = new SessionMiddlewareOptions();
options.Store = _storeMock.Object;
using (var server = TestServer.Create(Startup(options)))
{
var cookie = $"{SessionMiddlewareDefaults.CookieName}=09e160b22b2d4ab5b2d09d43ddf5e39d.y62hp8MafL0%3D";
await server.CreateRequest("/").AddHeader("Cookie", cookie).GetAsync();
}
_storeMock.Verify(x => x.FindById("09e160b22b2d4ab5b2d09d43ddf5e39d.y62hp8MafL0="), Times.Once);
}
public async Task SessionMiddleware_RequestWithSessionCookie_AddPropertyToSession_ShouldUpdateSessionInStore()
{
var options = new SessionMiddlewareOptions();
options.Store = _storeMock.Object;
using (var server = TestServer.Create(Startup(options, ctx => ctx.GetSessionContext().AddOrUpdate("B", 2))))
{
var cookie = $"{SessionMiddlewareDefaults.CookieName}=09e160b22b2d4ab5b2d09d43ddf5e39d.y62hp8MafL0%3D";
await server.CreateRequest("/").AddHeader("Cookie", cookie).GetAsync();
}
_storeMock.Verify(x => x.Update("09e160b22b2d4ab5b2d09d43ddf5e39d.y62hp8MafL0=", new[] { Kvp("B", 2) }), Times.Once);
_storeMock.Verify(x => x.Add(It.IsAny <string>(), It.IsAny <IEnumerable <KeyValuePair <string, object> > >()), Times.Never);
_storeMock.Verify(x => x.Delete(It.IsAny <string>()), Times.Never);
}
private static Action <IAppBuilder> Startup(SessionMiddlewareOptions options = null, Action <IOwinContext> handler = null) =>
app =>
{
app.UseSessionMiddleware(options);
app.Use(async(ctx, next) =>
{
if (ctx.Request.Path.Equals(new PathString("/")))
{
handler?.Invoke(ctx);
ctx.Response.StatusCode = (int)HttpStatusCode.OK;
return;
}
await next();
});
};
public async Task SessionMiddleware_ConfigureInsecureCookie_ShouldSetCookieWithoutSecureFlag()
{
var options = new SessionMiddlewareOptions();
options.UseSecureCookie = false;
using (var server = TestServer.Create(Startup(options)))
{
var response = await server.CreateRequest("/").GetAsync();
var cookie = response.Headers.GetValues("Set-Cookie").First();
var match = Regex.Match(cookie, CookieRegex);
Assert.That(match.Success, Is.True, "Cookie didn't match regex");
Assert.That(match.Groups["domain"].Success, Is.False, "Domain should not be set");
Assert.That(match.Groups["path"].Value, Is.EqualTo("/"), "Invalid path value");
Assert.That(match.Groups["expires"].Success, Is.False, "Expires should not be set");
Assert.That(match.Groups["secure"].Success, Is.False, "Secure flag was set");
Assert.That(match.Groups["httponly"].Success, Is.True, "HttpOnly flag not found");
}
}
