public void CreateSessionID_UserUnauthenticated_ReturnsAspNetSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(false);
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Create(It.IsAny<String>())).Throws<NotImplementedException>();
Assert.True(sessionIdManager.CreateSessionID(null).Length == 24, "Generated session id was not length 24, and propably not an ASP.NET session ID.");
}
public void CreateSessionID_UserAuthenticated_ReturnsUserSpecificAuthenticatedSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Create("klings")).Returns("secureid");
Assert.AreEqual("secureid", sessionIdManager.CreateSessionID(null));
}
public void Validate_DisabledInConfigUserAuthenticated_ReturnsTrueOnValidAspnetSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var config = new SessionSecurityConfigurationSection {SessionIDAuthentication = {Enabled = false}};
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, config, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Validate(It.IsAny<String>(), It.IsAny<String>())).Returns(false);
Assert.True(sessionIdManager.Validate("abcdefghijklmnopqrstuvwx"));
}
public void CreateSessionID_DisabledInConfigUserAuthenticated_ReturnsAspNetSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var config = new SessionSecurityConfigurationSection {SessionIDAuthentication = {Enabled = false}};
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, config, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Create("klings")).Returns("secureid");
Assert.True(sessionIdManager.CreateSessionID(null).Length == 24, "Generated session id was not length 24, and propably not an ASP.NET session ID.");
}
public void Validate_UserAuthenticated_ReturnsFalseOnInvalidAuthenticatedSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Validate("klings", "secureid")).Returns(true);
Assert.False(sessionIdManager.Validate("somerandomid"));
}
public void Validate_UserUnauthenticated_DoesNotInvokeSessionHelper()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(false);
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
sessionIdManager.Validate("someid");
Mock.Get(_sessionIDHelper).Verify(s => s.Validate(It.IsAny<String>(), It.IsAny<String>()), Times.Never());
}