public async Task Instance_Post_WithQueryParamInvalidCsrf_AuthCookie()
{
string token = PrincipalUtil.GetToken(1);
HttpClient client = SetupUtil.GetTestClient(_factory, "tdd", "endring-av-navn");
HttpRequestMessage httpRequestMessageHome = new HttpRequestMessage(HttpMethod.Get, "/tdd/endring-av-navn/")
{
};
SetupUtil.AddAuthCookie(httpRequestMessageHome, token);
HttpResponseMessage responseHome = await client.SendAsync(httpRequestMessageHome);
string xsrfToken = SetupUtil.GetXsrfCookieValue(responseHome);
HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, "/tdd/endring-av-navn/instances?instanceOwnerPartyId=1000")
{
};
xsrfToken = xsrfToken + "THIS_MAKE_THE_TOKEN_INVALID";
SetupUtil.AddAuthCookie(httpRequestMessage, token, xsrfToken);
HttpResponseMessage response = await client.SendAsync(httpRequestMessage);
string responseContent = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
public async Task Instance_Post_WithQueryParamOk_AuthCookie()
{
string token = PrincipalUtil.GetToken(1337);
HttpClient client = SetupUtil.GetTestClient(_factory, "tdd", "endring-av-navn");
HttpRequestMessage httpRequestMessageHome = new HttpRequestMessage(HttpMethod.Get, "/tdd/endring-av-navn/")
{
};
SetupUtil.AddAuthCookie(httpRequestMessageHome, token);
HttpResponseMessage responseHome = await client.SendAsync(httpRequestMessageHome);
string xsrfToken = SetupUtil.GetXsrfCookieValue(responseHome);
HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, "/tdd/endring-av-navn/instances?instanceOwnerPartyId=1337")
{
};
SetupUtil.AddAuthCookie(httpRequestMessage, token, xsrfToken);
HttpResponseMessage response = await client.SendAsync(httpRequestMessage);
string responseContent = await response.Content.ReadAsStringAsync();
Instance instance = JsonConvert.DeserializeObject <Instance>(responseContent);
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
Assert.NotNull(instance);
Assert.Equal("1337", instance.InstanceOwner.PartyId);
TestDataUtil.DeleteInstanceAndData("tdd", "endring-av-navn", 1337, new Guid(instance.Id.Split('/')[1]));
}
public async Task Logout_FrontChannelOK()
{
List <Claim> claims = new List <Claim>();
string issuer = "www.altinn.no";
claims.Add(new Claim("originaliss", "uidp", ClaimValueTypes.String, issuer));
string token = PrincipalUtil.GetToken(1337, claims);
HttpClient client = GetTestClient(_cookieDecryptionService.Object, _userProfileService.Object);
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "/authentication/api/v1/frontchannel_logout");
SetupUtil.AddAuthCookie(requestMessage, token);
// Act
HttpResponseMessage response = await client.SendAsync(requestMessage);
// Assert
Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode);
IEnumerable <string> values;
if (response.Headers.TryGetValues("Set-Cookie", out values))
{
Assert.Equal(".ASPXAUTH=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=localhost; path=/; secure; httponly", values.First());
Assert.Equal("AltinnStudioRuntime=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=localhost; path=/; secure; httponly", values.Last());
}
}
public async Task GetHome_OK_WithAuthCookie()
{
string token = PrincipalUtil.GetToken(1337);
HttpClient client = SetupUtil.GetTestClient(_factory, "tdd", "endring-av-navn");
HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, "/tdd/endring-av-navn/");
SetupUtil.AddAuthCookie(httpRequestMessage, token);
HttpResponseMessage response = await client.SendAsync(httpRequestMessage);
string responseContent = await response.Content.ReadAsStringAsync();
IEnumerable <string> cookieHeaders = response.Headers.GetValues("Set-Cookie");
// Verify that
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(2, cookieHeaders.Count());
Assert.StartsWith("AS-", cookieHeaders.ElementAt(0));
Assert.StartsWith("XSR", cookieHeaders.ElementAt(1));
}
public async Task Logout_LogedIn_RedirectToSBL()
{
string token = PrincipalUtil.GetToken(1337, null);
HttpClient client = GetTestClient(_cookieDecryptionService.Object, _userProfileService.Object);
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "/authentication/api/v1/logout");
SetupUtil.AddAuthCookie(requestMessage, token);
// Act
HttpResponseMessage response = await client.SendAsync(requestMessage);
// Assert
Assert.Equal(System.Net.HttpStatusCode.Found, response.StatusCode);
IEnumerable <string> values;
if (response.Headers.TryGetValues("location", out values))
{
Assert.Equal("http://localhost/ui/authentication/logout", values.First());
}
}
