public async Task SessionMiddleware_WonfigureCookieLifetime_ShouldSetCookieExpiration() { var options = new SessionMiddlewareOptions(); options.CookieLifetime = TimeSpan.FromHours(1); using (var server = TestServer.Create(Startup(options))) { var response = await server.CreateRequest("/").GetAsync(); var cookie = response.Headers.GetValues("Set-Cookie").First(); var match = Regex.Match(cookie, CookieRegex); Assert.That(match.Success, Is.True, "Cookie didn't match regex"); Assert.That(match.Groups["domain"].Success, Is.False, "Domain should not be set"); Assert.That(match.Groups["path"].Value, Is.EqualTo("/"), "Invalid path value"); Assert.That(match.Groups["expires"].Success, Is.True, "Expires not found"); Assert.That(match.Groups["secure"].Success, Is.True, "Secure flag not found"); Assert.That(match.Groups["httponly"].Success, Is.True, "HttpOnly flag not found"); DateTimeOffset expiresAt; Assert.That(DateTimeOffset.TryParse(match.Groups["expires"].Value, out expiresAt), Is.True, "Failed to parse expires field"); var difference = expiresAt - DateTime.UtcNow - TimeSpan.FromHours(1); Assert.That(difference.TotalSeconds, Is.GreaterThan(-1).And.LessThanOrEqualTo(0)); } }
public async Task SessionMiddleware_RequestWithoutSessionCookie_ShouldNotLookupSessionInStore() { var options = new SessionMiddlewareOptions(); options.Store = _storeMock.Object; using (var server = TestServer.Create(Startup(options))) await server.CreateRequest("/").GetAsync(); _storeMock.Verify(x => x.FindById(It.IsAny <string>()), Times.Never); }
public async Task SessionMiddleware_RequestWithoutSessionCookie_NotAddingProperties_ShouldNotAddSessionToStore() { var options = new SessionMiddlewareOptions(); options.Store = _storeMock.Object; using (var server = TestServer.Create(Startup(options))) await server.CreateRequest("/").GetAsync(); _storeMock.Verify(x => x.Add(It.IsAny <string>(), It.IsAny <IEnumerable <KeyValuePair <string, object> > >()), Times.Never); _storeMock.Verify(x => x.Update(It.IsAny <string>(), It.IsAny <IEnumerable <KeyValuePair <string, object> > >()), Times.Never); _storeMock.Verify(x => x.Delete(It.IsAny <string>()), Times.Never); }
public async Task SessionMiddleware_RequestWithoutSessionCookie_AddPropertyToSession_ShouldAddSessionToStore() { var options = new SessionMiddlewareOptions(); options.Store = _storeMock.Object; options.UniqueSessionIdGenerator = () => "abc123"; using (var server = TestServer.Create(Startup(options, ctx => ctx.GetSessionContext().AddOrUpdate("A", 1)))) await server.CreateRequest("/").GetAsync(); _storeMock.Verify(x => x.Add("abc123", new[] { Kvp("A", 1) }), Times.Once); _storeMock.Verify(x => x.Update(It.IsAny <string>(), It.IsAny <IEnumerable <KeyValuePair <string, object> > >()), Times.Never); _storeMock.Verify(x => x.Delete(It.IsAny <string>()), Times.Never); }
public async Task SessionMiddleware_RequestWithSessionCookie_ShouldLookupSessionForGivenSessionIdInStore() { var options = new SessionMiddlewareOptions(); options.Store = _storeMock.Object; using (var server = TestServer.Create(Startup(options))) { var cookie = $"{SessionMiddlewareDefaults.CookieName}=09e160b22b2d4ab5b2d09d43ddf5e39d.y62hp8MafL0%3D"; await server.CreateRequest("/").AddHeader("Cookie", cookie).GetAsync(); } _storeMock.Verify(x => x.FindById("09e160b22b2d4ab5b2d09d43ddf5e39d.y62hp8MafL0="), Times.Once); }
public async Task SessionMiddleware_RequestWithSessionCookie_AddPropertyToSession_ShouldUpdateSessionInStore() { var options = new SessionMiddlewareOptions(); options.Store = _storeMock.Object; using (var server = TestServer.Create(Startup(options, ctx => ctx.GetSessionContext().AddOrUpdate("B", 2)))) { var cookie = $"{SessionMiddlewareDefaults.CookieName}=09e160b22b2d4ab5b2d09d43ddf5e39d.y62hp8MafL0%3D"; await server.CreateRequest("/").AddHeader("Cookie", cookie).GetAsync(); } _storeMock.Verify(x => x.Update("09e160b22b2d4ab5b2d09d43ddf5e39d.y62hp8MafL0=", new[] { Kvp("B", 2) }), Times.Once); _storeMock.Verify(x => x.Add(It.IsAny <string>(), It.IsAny <IEnumerable <KeyValuePair <string, object> > >()), Times.Never); _storeMock.Verify(x => x.Delete(It.IsAny <string>()), Times.Never); }
private static Action <IAppBuilder> Startup(SessionMiddlewareOptions options = null, Action <IOwinContext> handler = null) => app => { app.UseSessionMiddleware(options); app.Use(async(ctx, next) => { if (ctx.Request.Path.Equals(new PathString("/"))) { handler?.Invoke(ctx); ctx.Response.StatusCode = (int)HttpStatusCode.OK; return; } await next(); }); };
public async Task SessionMiddleware_ConfigureInsecureCookie_ShouldSetCookieWithoutSecureFlag() { var options = new SessionMiddlewareOptions(); options.UseSecureCookie = false; using (var server = TestServer.Create(Startup(options))) { var response = await server.CreateRequest("/").GetAsync(); var cookie = response.Headers.GetValues("Set-Cookie").First(); var match = Regex.Match(cookie, CookieRegex); Assert.That(match.Success, Is.True, "Cookie didn't match regex"); Assert.That(match.Groups["domain"].Success, Is.False, "Domain should not be set"); Assert.That(match.Groups["path"].Value, Is.EqualTo("/"), "Invalid path value"); Assert.That(match.Groups["expires"].Success, Is.False, "Expires should not be set"); Assert.That(match.Groups["secure"].Success, Is.False, "Secure flag was set"); Assert.That(match.Groups["httponly"].Success, Is.True, "HttpOnly flag not found"); } }