public async Task login_endpoint_with_existing_session_should_challenge()
{
await BffHost.BffLoginAsync("alice");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"));
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().StartWith(IdentityServerHost.Url("/connect/authorize"));
}
public async Task login_endpoint_should_challenge_and_redirect_to_root()
{
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login"));
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().StartWith(IdentityServerHost.Url("/connect/authorize"));
await IdentityServerHost.IssueSessionCookieAsync("alice");
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().StartWith(BffHost.Url("/signin-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().Be("/");
}
public async Task login_endpoint_should_challenge_and_redirect_to_root_with_custom_prefix_trailing_slash()
{
BffHost.BffOptions.ManagementBasePath = "/custom/bff/";
await BffHost.InitializeAsync();
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/custom/bff/login"));
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().StartWith(IdentityServerHost.Url("/connect/authorize"));
await IdentityServerHost.IssueSessionCookieAsync("alice");
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().StartWith(BffHost.Url("/signin-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().Be("/");
}
public async Task unauthenticated_non_bff_endpoint_should_return_302_for_login()
{
var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/always_fail_authz_non_bff_endpoint"));
req.Headers.Add("x-csrf", "1");
var response = await BffHost.BrowserClient.SendAsync(req);
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/authorize"));
}
public async Task logout_endpoint_should_accept_returnUrl()
{
await BffHost.BffLoginAsync("alice", "sid123");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=sid123&returnUrl=/foo");
response.StatusCode.Should().Be(302); // endsession
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.Should().Be(302); // logout
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/account/logout"));
response = await IdentityServerHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.Should().Be(302); // post logout redirect uri
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(BffHost.Url("/signout-callback-oidc"));
response = await BffHost.BrowserClient.GetAsync(response.Headers.Location.ToString());
response.StatusCode.Should().Be(302); // root
response.Headers.Location.ToString().ToLowerInvariant().Should().Be("/foo");
}
public async Task logout_endpoint_for_anonymous_user_without_sid_should_succeed()
{
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.Should().Be(302); // endsession
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
}
public async Task logout_endpoint_for_authenticated_when_require_otpion_is_false_should_not_require_sid()
{
await BffHost.BffLoginAsync("alice", "sid123");
BffHost.BffOptions.RequireLogoutSessionId = false;
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.Should().Be(302); // endsession
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
}
public async Task logout_endpoint_for_authenticated_user_without_sid_should_succeed()
{
// workaround for RevokeUserRefreshTokenAsync throwing when no RT in session
BffHost.BffOptions.RevokeRefreshTokenOnLogout = false;
await BffHost.InitializeAsync();
await BffHost.IssueSessionCookieAsync("alice");
var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout"));
response.StatusCode.Should().Be(302); // endsession
response.Headers.Location.ToString().ToLowerInvariant().Should().StartWith(IdentityServerHost.Url("/connect/endsession"));
}