public void CreateSessionID_UserUnauthenticated_ReturnsAspNetSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(false);
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Create(It.IsAny <String>())).Throws <NotImplementedException>();
Assert.True(sessionIdManager.CreateSessionID(null).Length == 24, "Generated session id was not length 24, and propably not an ASP.NET session ID.");
}
public void CreateSessionID_UserAuthenticated_ReturnsUserSpecificAuthenticatedSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Create("klings")).Returns("secureid");
Assert.AreEqual("secureid", sessionIdManager.CreateSessionID(null));
}
public void Validate_UserUnauthenticated_DoesNotInvokeSessionHelper()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(false);
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
sessionIdManager.Validate("someid");
Mock.Get(_sessionIDHelper).Verify(s => s.Validate(It.IsAny <String>(), It.IsAny <String>()), Times.Never());
}
public void Validate_UserAuthenticated_ReturnsTrueOnValidAuthenticatedSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, _configEnabled, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Validate("klings", "secureid")).Returns(true);
Assert.True(sessionIdManager.Validate("secureid"));
}
public void Validate_DisabledInConfigUserAuthenticated_ReturnsTrueOnValidAspnetSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var config = new SessionSecurityConfigurationSection {
SessionIDAuthentication = { Enabled = false }
};
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, config, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Validate(It.IsAny <String>(), It.IsAny <String>())).Returns(false);
Assert.True(sessionIdManager.Validate("abcdefghijklmnopqrstuvwx"));
}
public void CreateSessionID_DisabledInConfigUserAuthenticated_ReturnsAspNetSessionID()
{
var mock = Mock.Get(_httpContext);
mock.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mock.Setup(c => c.User.Identity.Name).Returns("klings");
var config = new SessionSecurityConfigurationSection {
SessionIDAuthentication = { Enabled = false }
};
var sessionIdManager = new AuthenticatedSessionIDManager(_httpContext, config, _sessionIDHelper);
Mock.Get(_sessionIDHelper).Setup(s => s.Create("klings")).Returns("secureid");
Assert.True(sessionIdManager.CreateSessionID(null).Length == 24, "Generated session id was not length 24, and propably not an ASP.NET session ID.");
}
