public void StopImpersonating_EmptyUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid: var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie); AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key); Assert.AreEqual(" as ", ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie. TestUtility.AssertContains( string.Join(Environment.NewLine, removeResponse.Log), "Removing impersonation, the original user is no longer authenticated."); // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again. var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie); Assert.AreEqual( "No impersonation, original not recognized", ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo)); }
public void StopImpersonating() { var initialUser = new FakeUserInfo("TestUser"); var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Review test setup: Assert.AreEqual( "TestUser as TestImpersonatedUser, original TestUser", ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, initialCookie).AuthenticationInfo)); // Stopping impersonation should expire the impersonation cookie: (var responseCookie, var log) = ImpersonationServiceHelper.RemoveImpersonation(initialUser, initialCookie); AssertIsBefore(responseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, responseCookie.Key); Assert.AreEqual(" as ", ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(responseCookie.Value))); // No need for impersonation data in the cookie. TestUtility.AssertContains( string.Join(Environment.NewLine, log), "StopImpersonating: TestUser as TestImpersonatedUser"); // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again. Assert.AreEqual( "No impersonation, original TestUser", ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, responseCookie).AuthenticationInfo)); }
public void StopImpersonating_DifferentUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid: var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie); AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key); Assert.AreEqual(" as ", ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie. TestUtility.AssertContains( string.Join(Environment.NewLine, removeResponse.Log), "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser)."); // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again. var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie); Assert.AreEqual( "No impersonation, original CurrentUser", ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo)); Assert.IsNull(authResponseAfterRemove.ResponseCookie, "There is no need to send the expired cookie again, client already has the expired one."); }
public void InvalidImpersonationCookie() { var testUser = new FakeUserInfo("TestUser"); var invalidCookie = new FakeCookie(ImpersonationService.CookieKey, "abc", null); var response = ImpersonationServiceHelper.GetAuthenticationInfo(testUser, invalidCookie); Assert.AreEqual( "No impersonation, original TestUser", ReportImpersonationStatus(response.AuthenticationInfo)); TestUtility.AssertContains( string.Join(Environment.NewLine, response.Log), new[] { "Error decrypting 'rhetos_impersonation' cookie value.", "CryptographicException: An error occurred during a cryptographic operation." }); AssertIsBefore(response.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, response.ResponseCookie.Key); }
public void AuthenticationContextChanged_EmptyUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Authentication process should invalidate the impersonation, because the user in no longer authenticated. var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie); Assert.AreEqual( "No impersonation, original not recognized", ReportImpersonationStatus(authResponse.AuthenticationInfo)); TestUtility.AssertContains( string.Join(Environment.NewLine, authResponse.Log), "Removing impersonation, the original user is no longer authenticated."); AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key); }
public void AuthenticationContextChanged_NullUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo(null, null, false); // For example, if the user logged out. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Authentication process should invalidate the impersonation, because the user in no longer authenticated. var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie); Assert.AreEqual( "No impersonation, original not recognized", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation. ReportImpersonationStatus(authResponse.AuthenticationInfo)); TestUtility.AssertContains( string.Join(Environment.NewLine, authResponse.Log), "Removing impersonation, the original user is no longer authenticated."); AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key); }
public void AuthenticationContextChanged_DifferentUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Authentication process should invalidate the impersonation, because the user context has changed. var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie); Assert.AreEqual( "No impersonation, original CurrentUser", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation. ReportImpersonationStatus(authResponse.AuthenticationInfo)); TestUtility.AssertContains( string.Join(Environment.NewLine, authResponse.Log), "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser)."); AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key); }