public async Task AutoRedirectSessionEndpoint_AutoRedirectsValidatedGetLogoutRequests_ToApplicationsWithProfiles() { // Arrange var session = new Mock <IUserSession>(); session.Setup(s => s.GetUserAsync()).ReturnsAsync(new ClaimsPrincipal()); var endSessionValidator = new Mock <IEndSessionRequestValidator>(); endSessionValidator.Setup(esv => esv.ValidateAsync(It.IsAny <NameValueCollection>(), It.IsAny <ClaimsPrincipal>())) .ReturnsAsync(new EndSessionValidationResult() { IsError = false, ValidatedRequest = new ValidatedEndSessionRequest() { Client = ClientBuilder.IdentityServerSPA("MySPA").Build(), PostLogOutUri = "https://www.example.com/logout", State = "appState" } }); var identityServerOptions = Options.Create(new IdentityServerOptions()); identityServerOptions.Value.Authentication.CookieAuthenticationScheme = IdentityConstants.ApplicationScheme; identityServerOptions.Value.UserInteraction.LogoutUrl = "/Identity/Account/Logout"; identityServerOptions.Value.UserInteraction.ErrorUrl = "/Identity/Error"; var endpoint = new AutoRedirectEndSessionEndpoint(new TestLogger <AutoRedirectEndSessionEndpoint>(), endSessionValidator.Object, identityServerOptions, session.Object); var ctx = new DefaultHttpContext(); SetupRequestServices(ctx); ctx.Request.Method = HttpMethods.Get; // Act var response = await endpoint.ProcessAsync(ctx); // Assert Assert.NotNull(response); var redirect = Assert.IsType <AutoRedirectEndSessionEndpoint.RedirectResult>(response); Assert.Equal("https://www.example.com/logout?state=appState", redirect.Url); await response.ExecuteAsync(ctx); Assert.Equal(StatusCodes.Status302Found, ctx.Response.StatusCode); Assert.Equal("https://www.example.com/logout?state=appState", ctx.Response.Headers.Location); }
public async Task AutoRedirectSessionEndpoint_RedirectsToLogoutUri_WhenClientDoesntHaveAProfile() { // Arrange var session = new Mock <IUserSession>(); session.Setup(s => s.GetUserAsync()).ReturnsAsync(new ClaimsPrincipal()); var endSessionValidator = new Mock <IEndSessionRequestValidator>(); endSessionValidator.Setup(esv => esv.ValidateAsync(It.IsAny <NameValueCollection>(), It.IsAny <ClaimsPrincipal>())) .ReturnsAsync(new EndSessionValidationResult() { IsError = false, ValidatedRequest = new ValidatedEndSessionRequest() { Client = new Client() } }); var identityServerOptions = Options.Create(new IdentityServerOptions()); identityServerOptions.Value.Authentication.CookieAuthenticationScheme = IdentityConstants.ApplicationScheme; identityServerOptions.Value.UserInteraction.LogoutUrl = "/Identity/Account/Logout"; identityServerOptions.Value.UserInteraction.ErrorUrl = "/Identity/Error"; var endpoint = new AutoRedirectEndSessionEndpoint(new TestLogger <AutoRedirectEndSessionEndpoint>(), endSessionValidator.Object, identityServerOptions, session.Object); var ctx = new DefaultHttpContext(); SetupRequestServices(ctx); ctx.Request.Method = HttpMethods.Post; ctx.Request.ContentType = "application/x-www-form-urlencoded"; // Act var response = await endpoint.ProcessAsync(ctx); // Assert Assert.NotNull(response); var redirect = Assert.IsType <AutoRedirectEndSessionEndpoint.RedirectResult>(response); Assert.Equal("/Identity/Account/Logout", redirect.Url); await response.ExecuteAsync(ctx); Assert.Equal(StatusCodes.Status302Found, ctx.Response.StatusCode); Assert.Equal("/Identity/Account/Logout", ctx.Response.Headers.Location); }
public async Task AutoRedirectSessionEndpoint_ReturnsBadRequest_WhenCannotReadTheRequestBody() { // Arrange var session = new Mock <IUserSession>(); var endSessionValidator = new Mock <IEndSessionRequestValidator>(); var identityServerOptions = Options.Create(new IdentityServerOptions()); var endpoint = new AutoRedirectEndSessionEndpoint(new TestLogger <AutoRedirectEndSessionEndpoint>(), endSessionValidator.Object, identityServerOptions, session.Object); var ctx = new DefaultHttpContext(); SetupRequestServices(ctx); ctx.Request.Method = HttpMethods.Post; // Act & Assert var response = await endpoint.ProcessAsync(ctx); // Assert Assert.NotNull(response); var statusCode = Assert.IsType <StatusCodeResult>(response); Assert.Equal(StatusCodes.Status400BadRequest, statusCode.StatusCode); }