public async Task CanCreateMeLoginAndCookieStopsWorkingAfterExpiration() { var clock = new TestClock(); var server = CreateServer(services => services.Configure<IdentityOptions>(options => { options.Cookies.ApplicationCookie.SystemClock = clock; options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromMinutes(10); options.Cookies.ApplicationCookie.SlidingExpiration = false; })); var transaction1 = await SendAsync(server, "http://example.com/createMe"); Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/false"); Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode); Assert.NotNull(transaction2.SetCookie); Assert.DoesNotContain("; expires=", transaction2.SetCookie); var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction3, ClaimTypes.Name)); Assert.Null(transaction3.SetCookie); clock.Add(TimeSpan.FromMinutes(7)); var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction4, ClaimTypes.Name)); Assert.Null(transaction4.SetCookie); clock.Add(TimeSpan.FromMinutes(7)); var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name)); Assert.Null(transaction5.SetCookie); }
public async Task CanAccessOldPrincipalDuringSecurityStampReplacement() { var clock = new TestClock(); var server = CreateServer(services => { services.Configure <SecurityStampValidatorOptions>(options => { options.OnRefreshingPrincipal = c => { var newId = new ClaimsIdentity(); newId.AddClaim(new Claim("PreviousName", c.CurrentPrincipal.Identity.Name)); c.NewPrincipal.AddIdentity(newId); return(Task.FromResult(0)); }; }); services.AddSingleton <ISystemClock>(clock); }); var transaction1 = await SendAsync(server, "http://example.com/createMe"); Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/false"); Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode); Assert.NotNull(transaction2.SetCookie); Assert.DoesNotContain("; expires=", transaction2.SetCookie); var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction3, ClaimTypes.Name)); Assert.Null(transaction3.SetCookie); // Make sure we don't get a new cookie yet clock.Add(TimeSpan.FromMinutes(10)); var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction4, ClaimTypes.Name)); Assert.Null(transaction4.SetCookie); // Go past SecurityStampValidation interval and ensure we get a new cookie clock.Add(TimeSpan.FromMinutes(21)); var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.NotNull(transaction5.SetCookie); Assert.Equal("hao", FindClaimValue(transaction5, ClaimTypes.Name)); Assert.Equal("hao", FindClaimValue(transaction5, "PreviousName")); // Make sure new cookie is valid var transaction6 = await SendAsync(server, "http://example.com/me", transaction5.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction6, ClaimTypes.Name)); }
public async Task CanCreateMeLoginAndSecurityStampExtendsExpiration(bool rememberMe) { var clock = new TestClock(); var server = CreateServer(services => services.Configure <IdentityOptions>(options => { options.Cookies.ApplicationCookie.SystemClock = clock; })); var transaction1 = await SendAsync(server, "http://example.com/createMe"); Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/" + rememberMe); Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode); Assert.NotNull(transaction2.SetCookie); if (rememberMe) { Assert.Contains("; expires=", transaction2.SetCookie); } else { Assert.DoesNotContain("; expires=", transaction2.SetCookie); } var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction3, ClaimTypes.Name)); Assert.Null(transaction3.SetCookie); // Make sure we don't get a new cookie yet clock.Add(TimeSpan.FromMinutes(10)); var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction4, ClaimTypes.Name)); Assert.Null(transaction4.SetCookie); // Go past SecurityStampValidation interval and ensure we get a new cookie clock.Add(TimeSpan.FromMinutes(21)); var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.NotNull(transaction5.SetCookie); Assert.Equal("hao", FindClaimValue(transaction5, ClaimTypes.Name)); // Make sure new cookie is valid var transaction6 = await SendAsync(server, "http://example.com/me", transaction5.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction6, ClaimTypes.Name)); }
public async Task TwoFactorRememberCookieVerification() { var clock = new TestClock(); var server = CreateServer(services => services.AddSingleton <ISystemClock>(clock)); var transaction1 = await SendAsync(server, "http://example.com/createMe"); Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/twofactorRememeber"); Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode); var setCookie = transaction2.SetCookie; Assert.Contains(IdentityConstants.TwoFactorRememberMeScheme + "=", setCookie); Assert.Contains("; expires=", setCookie); var transaction3 = await SendAsync(server, "http://example.com/isTwoFactorRememebered", transaction2.CookieNameValue); Assert.Equal(HttpStatusCode.OK, transaction3.Response.StatusCode); // Wait for validation interval clock.Add(TimeSpan.FromMinutes(30)); var transaction4 = await SendAsync(server, "http://example.com/isTwoFactorRememebered", transaction2.CookieNameValue); Assert.Equal(HttpStatusCode.OK, transaction4.Response.StatusCode); }
public async Task CanCreateMeLoginAndCookieStopsWorkingAfterExpiration() { var clock = new TestClock(); var server = CreateServer(services => { services.ConfigureApplicationCookie(options => { options.ExpireTimeSpan = TimeSpan.FromMinutes(10); options.SlidingExpiration = false; }); services.AddSingleton <ISystemClock>(clock); }); var transaction1 = await SendAsync(server, "http://example.com/createMe"); Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/false"); Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode); Assert.NotNull(transaction2.SetCookie); Assert.DoesNotContain("; expires=", transaction2.SetCookie); var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction3, ClaimTypes.Name)); Assert.Null(transaction3.SetCookie); clock.Add(TimeSpan.FromMinutes(7)); var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction4, ClaimTypes.Name)); Assert.Null(transaction4.SetCookie); clock.Add(TimeSpan.FromMinutes(7)); var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name)); Assert.Null(transaction5.SetCookie); }
public async Task TwoFactorRememberCookieClearedBySecurityStampChange() { var clock = new TestClock(); var server = CreateServer(services => services.AddSingleton <ISystemClock>(clock)); var transaction1 = await SendAsync(server, "http://example.com/createMe"); Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/twofactorRememeber"); Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode); var setCookie = transaction2.SetCookie; Assert.Contains(IdentityConstants.TwoFactorRememberMeScheme + "=", setCookie); Assert.Contains("; expires=", setCookie); var transaction3 = await SendAsync(server, "http://example.com/isTwoFactorRememebered", transaction2.CookieNameValue); Assert.Equal(HttpStatusCode.OK, transaction3.Response.StatusCode); var transaction4 = await SendAsync(server, "http://example.com/signoutEverywhere", transaction2.CookieNameValue); Assert.Equal(HttpStatusCode.OK, transaction4.Response.StatusCode); // Doesn't validate until after interval has passed var transaction5 = await SendAsync(server, "http://example.com/isTwoFactorRememebered", transaction2.CookieNameValue); Assert.Equal(HttpStatusCode.OK, transaction5.Response.StatusCode); // Wait for validation interval clock.Add(TimeSpan.FromMinutes(30)); var transaction6 = await SendAsync(server, "http://example.com/isTwoFactorRememebered", transaction2.CookieNameValue); Assert.Equal(HttpStatusCode.InternalServerError, transaction6.Response.StatusCode); }
public async Task CanCreateMeLoginAndSecurityStampExtendsExpiration(bool rememberMe) { var clock = new TestClock(); var server = CreateServer(services => services.Configure<IdentityOptions>(options => { options.Cookies.ApplicationCookie.SystemClock = clock; })); var transaction1 = await SendAsync(server, "http://example.com/createMe"); Assert.Equal(HttpStatusCode.OK, transaction1.Response.StatusCode); Assert.Null(transaction1.SetCookie); var transaction2 = await SendAsync(server, "http://example.com/pwdLogin/" + rememberMe); Assert.Equal(HttpStatusCode.OK, transaction2.Response.StatusCode); Assert.NotNull(transaction2.SetCookie); if (rememberMe) { Assert.Contains("; expires=", transaction2.SetCookie); } else { Assert.DoesNotContain("; expires=", transaction2.SetCookie); } var transaction3 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction3, ClaimTypes.Name)); Assert.Null(transaction3.SetCookie); // Make sure we don't get a new cookie yet clock.Add(TimeSpan.FromMinutes(10)); var transaction4 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction4, ClaimTypes.Name)); Assert.Null(transaction4.SetCookie); // Go past SecurityStampValidation interval and ensure we get a new cookie clock.Add(TimeSpan.FromMinutes(21)); var transaction5 = await SendAsync(server, "http://example.com/me", transaction2.CookieNameValue); Assert.NotNull(transaction5.SetCookie); Assert.Equal("hao", FindClaimValue(transaction5, ClaimTypes.Name)); // Make sure new cookie is valid var transaction6 = await SendAsync(server, "http://example.com/me", transaction5.CookieNameValue); Assert.Equal("hao", FindClaimValue(transaction6, ClaimTypes.Name)); }