public async Task CanCreateMeLoginAndCookieStopsWorkingAfterExpiration() { var clock = new TestClock(); var server = CreateServer(services => services.ConfigureIdentityApplicationCookie(appCookieOptions => { appCookieOptions.SystemClock = clock; appCookieOptions.ExpireTimeSpan = TimeSpan.FromMinutes(10); appCookieOptions.SlidingExpiration = false; })); var transaction1 = await SendAsync(server, "http://example.com/createMe"); transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.OK); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/false"); transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.OK); Assert.NotNull(transaction2.SetCookie); transaction2.SetCookie.ShouldNotContain("; expires="); var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("hao"); Assert.Null(transaction3.SetCookie); clock.Add(TimeSpan.FromMinutes(7)); var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("hao"); Assert.Null(transaction4.SetCookie); clock.Add(TimeSpan.FromMinutes(7)); var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe(null); Assert.Null(transaction5.SetCookie); }
public async Task CanCreateMeLoginAndSecurityStampExtendsExpiration(bool rememberMe) { var clock = new TestClock(); var server = CreateServer(services => services.Configure <IdentityOptions>(options => { options.Cookies.ApplicationCookie.SystemClock = clock; })); var transaction1 = await SendAsync(server, "http://example.com/createMe"); transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.OK); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/" + rememberMe); transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.OK); Assert.NotNull(transaction2.SetCookie); if (rememberMe) { transaction2.SetCookie.ShouldContain("; expires="); } else { transaction2.SetCookie.ShouldNotContain("; expires="); } var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("hao"); Assert.Null(transaction3.SetCookie); // Make sure we don't get a new cookie yet clock.Add(TimeSpan.FromMinutes(10)); var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("hao"); Assert.Null(transaction4.SetCookie); // Go past SecurityStampValidation interval and ensure we get a new cookie clock.Add(TimeSpan.FromMinutes(21)); var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.NotNull(transaction5.SetCookie); FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe("hao"); // Make sure new cookie is valid var transaction6 = await SendAsync(server, "http://example.com/me", transaction5.CookieNameValue); FindClaimValue(transaction6, ClaimTypes.Name).ShouldBe("hao"); }
public async Task CanCreateMeLoginAndSecurityStampExtendsExpiration(bool rememberMe) { var clock = new TestClock(); var server = CreateServer(services => services.ConfigureIdentityApplicationCookie(appCookieOptions => { appCookieOptions.SystemClock = clock; })); var transaction1 = await SendAsync(server, "http://example.com/createMe"); transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.OK); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/" + rememberMe); transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.OK); Assert.NotNull(transaction2.SetCookie); if (rememberMe) { transaction2.SetCookie.ShouldContain("; expires="); } else { transaction2.SetCookie.ShouldNotContain("; expires="); } var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("hao"); Assert.Null(transaction3.SetCookie); // Make sure we don't get a new cookie yet clock.Add(TimeSpan.FromMinutes(10)); var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("hao"); Assert.Null(transaction4.SetCookie); // Go past SecurityStampValidation interval and ensure we get a new cookie clock.Add(TimeSpan.FromMinutes(21)); var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.NotNull(transaction5.SetCookie); FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe("hao"); // Make sure new cookie is valid var transaction6 = await SendAsync(server, "http://example.com/me", transaction5.CookieNameValue); FindClaimValue(transaction6, ClaimTypes.Name).ShouldBe("hao"); }