public async Task user_endpoint_for_authenticated_user_without_csrf_header_should_fail()
{
await BffHost.IssueSessionCookieAsync(new Claim("sub", "alice"), new Claim("foo", "foo1"), new Claim("foo", "foo2"));
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/bff/user"));
var response = await BffHost.BrowserClient.SendAsync(req);
response.StatusCode.Should().Be(401);
}
public async Task logout_endpoint_for_authenticated_user_without_sid_should_succeed()
{
await BffHost.IssueSessionCookieAsync("alice");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.Should().Be(302); // endsession
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
}
public async Task user_endpoint_for_authenticated_user_should_return_claims()
{
await BffHost.IssueSessionCookieAsync(new Claim("sub", "alice"), new Claim("foo", "foo1"), new Claim("foo", "foo2"));
var claims = await BffHost.GetUserClaimsAsync();
claims.Length.Should().Be(3);
claims.Should().Contain(new ClaimRecord("sub", "alice"));
claims.Should().Contain(new ClaimRecord("foo", "foo1"));
claims.Should().Contain(new ClaimRecord("foo", "foo2"));
}
public async Task logout_endpoint_for_authenticated_user_without_sid_should_succeed()
{
// workaround for RevokeUserRefreshTokenAsync throwing when no RT in session
BffHost.BffOptions.RevokeRefreshTokenOnLogout = false;
await BffHost.InitializeAsync();
await BffHost.IssueSessionCookieAsync("alice");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.Should().Be(302); // endsession
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
}
public async Task user_endpoint_for_authenticated_user_with_sid_should_return_claims_including_logout()
{
await BffHost.IssueSessionCookieAsync(
new Claim("sub", "alice"),
new Claim("sid", "123"));
var data = await BffHost.CallUserEndpointAsync();
data.Count.Should().Be(4);
data.First(d => d.type == "sub").value.GetString().Should().Be("alice");
data.First(d => d.type == "sid").value.GetString().Should().Be("123");
data.First(d => d.type == Constants.ClaimTypes.LogoutUrl).value.GetString().Should().Be("/bff/logout?sid=123");
data.First(d => d.type == Constants.ClaimTypes.SessionExpiresIn).value.GetInt32().Should().BePositive();
}
public async Task user_endpoint_for_authenticated_user_should_return_claims()
{
await BffHost.IssueSessionCookieAsync(
new Claim("sub", "alice"),
new Claim("foo", "foo1"),
new Claim("foo", "foo2"));
var data = await BffHost.CallUserEndpointAsync();
data.Count.Should().Be(4);
data.First(d => d.type == "sub").value.GetString().Should().Be("alice");
var foos = data.Where(d => d.type == "foo");
foos.Count().Should().Be(2);
foos.First().value.GetString().Should().Be("foo1");
foos.Skip(1).First().value.GetString().Should().Be("foo2");
data.First(d => d.type == Constants.ClaimTypes.SessionExpiresIn).value.GetInt32().Should().BePositive();
}
