public async Task Instance_Post_WithQueryParamInvalidCsrf_AuthCookie() { string token = PrincipalUtil.GetToken(1); HttpClient client = SetupUtil.GetTestClient(_factory, "tdd", "endring-av-navn"); HttpRequestMessage httpRequestMessageHome = new HttpRequestMessage(HttpMethod.Get, "/tdd/endring-av-navn/") { }; SetupUtil.AddAuthCookie(httpRequestMessageHome, token); HttpResponseMessage responseHome = await client.SendAsync(httpRequestMessageHome); string xsrfToken = SetupUtil.GetXsrfCookieValue(responseHome); HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, "/tdd/endring-av-navn/instances?instanceOwnerPartyId=1000") { }; xsrfToken = xsrfToken + "THIS_MAKE_THE_TOKEN_INVALID"; SetupUtil.AddAuthCookie(httpRequestMessage, token, xsrfToken); HttpResponseMessage response = await client.SendAsync(httpRequestMessage); string responseContent = await response.Content.ReadAsStringAsync(); Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); }
public async Task Instance_Post_WithQueryParamOk_AuthCookie() { string token = PrincipalUtil.GetToken(1337); HttpClient client = SetupUtil.GetTestClient(_factory, "tdd", "endring-av-navn"); HttpRequestMessage httpRequestMessageHome = new HttpRequestMessage(HttpMethod.Get, "/tdd/endring-av-navn/") { }; SetupUtil.AddAuthCookie(httpRequestMessageHome, token); HttpResponseMessage responseHome = await client.SendAsync(httpRequestMessageHome); string xsrfToken = SetupUtil.GetXsrfCookieValue(responseHome); HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, "/tdd/endring-av-navn/instances?instanceOwnerPartyId=1337") { }; SetupUtil.AddAuthCookie(httpRequestMessage, token, xsrfToken); HttpResponseMessage response = await client.SendAsync(httpRequestMessage); string responseContent = await response.Content.ReadAsStringAsync(); Instance instance = JsonConvert.DeserializeObject <Instance>(responseContent); Assert.Equal(HttpStatusCode.Created, response.StatusCode); Assert.NotNull(instance); Assert.Equal("1337", instance.InstanceOwner.PartyId); TestDataUtil.DeleteInstanceAndData("tdd", "endring-av-navn", 1337, new Guid(instance.Id.Split('/')[1])); }
public async Task Logout_FrontChannelOK() { List <Claim> claims = new List <Claim>(); string issuer = "www.altinn.no"; claims.Add(new Claim("originaliss", "uidp", ClaimValueTypes.String, issuer)); string token = PrincipalUtil.GetToken(1337, claims); HttpClient client = GetTestClient(_cookieDecryptionService.Object, _userProfileService.Object); HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "/authentication/api/v1/frontchannel_logout"); SetupUtil.AddAuthCookie(requestMessage, token); // Act HttpResponseMessage response = await client.SendAsync(requestMessage); // Assert Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode); IEnumerable <string> values; if (response.Headers.TryGetValues("Set-Cookie", out values)) { Assert.Equal(".ASPXAUTH=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=localhost; path=/; secure; httponly", values.First()); Assert.Equal("AltinnStudioRuntime=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=localhost; path=/; secure; httponly", values.Last()); } }
public async Task GetHome_OK_WithAuthCookie() { string token = PrincipalUtil.GetToken(1337); HttpClient client = SetupUtil.GetTestClient(_factory, "tdd", "endring-av-navn"); HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, "/tdd/endring-av-navn/"); SetupUtil.AddAuthCookie(httpRequestMessage, token); HttpResponseMessage response = await client.SendAsync(httpRequestMessage); string responseContent = await response.Content.ReadAsStringAsync(); IEnumerable <string> cookieHeaders = response.Headers.GetValues("Set-Cookie"); // Verify that Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal(2, cookieHeaders.Count()); Assert.StartsWith("AS-", cookieHeaders.ElementAt(0)); Assert.StartsWith("XSR", cookieHeaders.ElementAt(1)); }
public async Task Logout_LogedIn_RedirectToSBL() { string token = PrincipalUtil.GetToken(1337, null); HttpClient client = GetTestClient(_cookieDecryptionService.Object, _userProfileService.Object); HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "/authentication/api/v1/logout"); SetupUtil.AddAuthCookie(requestMessage, token); // Act HttpResponseMessage response = await client.SendAsync(requestMessage); // Assert Assert.Equal(System.Net.HttpStatusCode.Found, response.StatusCode); IEnumerable <string> values; if (response.Headers.TryGetValues("location", out values)) { Assert.Equal("http://localhost/ui/authentication/logout", values.First()); } }