/// <summary>
/// Save the session identifier in the specified context.
/// </summary>
/// <param name="sessionId">The identifier of the session.</param>
/// <param name="context">The current context.</param>
public void SaveSessionId(SessionId sessionId, NancyContext context)
{
if (sessionId == null)
{
throw new ArgumentNullException("sessionId");
}
if (context == null)
{
throw new ArgumentNullException("context");
}
if (context.Response == null)
{
throw new ArgumentException("The specified context does not contain a response to modify", "context");
}
if (sessionId.IsEmpty)
{
throw new ArgumentException("The specified session id cannot be empty", "sessionId");
}
var encryptedSessionId = _encryptionProvider.Encrypt(sessionId.Value.ToString());
var hmacBytes = _hmacProvider.GenerateHmac(encryptedSessionId);
var sessionIdentificationData = new SessionIdentificationData {
SessionId = encryptedSessionId, Hmac = hmacBytes
};
var cookie = _cookieFactory.CreateCookie(CookieName, Domain, Path, sessionIdentificationData);
context.Response.WithCookie(cookie);
}
public void ModifyResponseToRedirectToSessionAwareUrl(NancyContext context, SessionIdentificationData sessionIdentificationData, string parameterName) {
if (context == null) throw new ArgumentNullException("context");
if (sessionIdentificationData == null) throw new ArgumentNullException("sessionIdentificationData");
if (string.IsNullOrWhiteSpace(parameterName)) throw new ArgumentNullException("parameterName");
if (context.Request == null) throw new ArgumentException("The specified context does not contain a request", "context");
if (context.Response == null) throw new ArgumentException("The specified context does not contain a response", "context");
var originalUri = (Uri) context.Request.Url;
var uriBuilder = new UriBuilder(originalUri);
var queryParameters = HttpUtility.ParseQueryString(uriBuilder.Query);
queryParameters.Set(parameterName, sessionIdentificationData.ToString());
var newQueryString = string.Empty;
if (queryParameters.Count > 0) {
var newQueryBuilder = new StringBuilder();
foreach (var paramName in queryParameters.AllKeys) {
newQueryBuilder.Append(string.Format("{0}={1}&", paramName, HttpUtility.UrlEncode(queryParameters[paramName])));
}
newQueryString = newQueryBuilder.ToString().TrimEnd('&');
}
uriBuilder.Query = newQueryString;
var redirectUrl = uriBuilder.ToString();
context.Response.StatusCode = HttpStatusCode.Found;
context.Response.Headers["Location"] = redirectUrl;
}
public ResponseManipulatorForSessionFixture() {
_responseManipulatorForSession = new ResponseManipulatorForSession();
_context = new NancyContext {Response = new Response(), Request = new Request("GET", "http://www.google.be")};
_sessionIdentificationData = new SessionIdentificationData {SessionId = "01SessionId", Hmac = new byte[] {211, 81, 204, 0, 47, 124}};
_parameterName = "SID";
}
/// <summary>
/// Save the session identifier in the specified context.
/// </summary>
/// <param name="sessionId">The identifier of the session.</param>
/// <param name="context">The current context.</param>
public void SaveSessionId(SessionId sessionId, NancyContext context)
{
if (sessionId == null)
{
throw new ArgumentNullException("sessionId");
}
if (context == null)
{
throw new ArgumentNullException("context");
}
if (context.Request == null)
{
throw new ArgumentException("The specified context does not contain a request", "context");
}
if (sessionId.IsEmpty)
{
throw new ArgumentException("The specified session id cannot be empty", "sessionId");
}
// Redirect the client to the same url, with the session Id as a query string parameter, if needed
if (sessionId.IsNew)
{
var encryptedSessionId = _encryptionProvider.Encrypt(sessionId.Value.ToString());
var hmacBytes = _hmacProvider.GenerateHmac(encryptedSessionId);
var sessionIdentificationData = new SessionIdentificationData {
SessionId = encryptedSessionId, Hmac = hmacBytes
};
_responseManipulatorForSession.ModifyResponseToRedirectToSessionAwareUrl(context, sessionIdentificationData, ParameterName);
}
}
public CookieFactoryFixture() {
_cookieFactory = new CookieFactory();
_cookieName = "TheCookieName";
_cookieValue = "01HMAC98%02SessionId";
_cookieValueEncoded = "01HMAC98%2502SessionId";
_sessionIdentificationData = new SessionIdentificationData {SessionId = "%02SessionId", Hmac = new byte[] {211, 81, 204, 0, 47, 124}};
_cookieDomain = ".nascar.com";
_cookiePath = "/schedule/";
}
public ResponseManipulatorForSessionFixture()
{
_responseManipulatorForSession = new ResponseManipulatorForSession();
_context = new NancyContext {
Response = new Response(), Request = new Request("GET", "http://www.google.be")
};
_sessionIdentificationData = new SessionIdentificationData {
SessionId = "01SessionId", Hmac = new byte[] { 211, 81, 204, 0, 47, 124 }
};
_parameterName = "SID";
}
public CookieFactoryFixture()
{
_cookieFactory = new CookieFactory();
_cookieName = "TheCookieName";
_cookieValue = "01HMAC98%02SessionId";
_cookieValueEncoded = "01HMAC98%2502SessionId";
_sessionIdentificationData = new SessionIdentificationData {
SessionId = "%02SessionId", Hmac = new byte[] { 211, 81, 204, 0, 47, 124 }
};
_cookieDomain = ".nascar.com";
_cookiePath = "/schedule/";
}
public SessionIdentificationDataProviderFixture() {
_parameterName = "TheParamName";
_hmacProvider = A.Fake<IHmacProvider>();
_sessionIdentificationDataProvider = new SessionIdentificationDataProvider(_hmacProvider);
_hmacString = "01HMAC98";
_encryptedSessionIdString = "s%26%c2%a7%c2%a7ionId";
_validRequest = new Request("GET", string.Format("http://www.google.be?{0}={1}{2}", _parameterName, _hmacString, _encryptedSessionIdString));
_expectedResult = new SessionIdentificationData {SessionId = "s&§§ionId", Hmac = new byte[] {211, 81, 204, 0, 47, 124}};
A.CallTo(() => _hmacProvider.HmacLength).Returns(6);
}
public SessionIdentificationDataProviderFixture() {
_cookieName = "TheCookieName";
_hmacProvider = A.Fake<IHmacProvider>();
_sessionIdentificationDataProvider = new SessionIdentificationDataProvider(_hmacProvider);
_validRequest = new Request("GET", "http://www.google.be");
_hmacString = "01HMAC98";
_encryptedSessionIdString = "%02Session+Id";
_validRequest.Cookies.Add(_cookieName, _hmacString + _encryptedSessionIdString);
_expectedResult = new SessionIdentificationData {SessionId = "%02Session+Id", Hmac = new byte[] {211, 81, 204, 0, 47, 124}};
A.CallTo(() => _hmacProvider.HmacLength).Returns(6);
}
public void When_cookie_does_not_have_a_valid_hmac_then_returns_new_session_id()
{
var cookieData = new SessionIdentificationData {
SessionId = "ABCSomeEncryptedSessionIdXYZ", Hmac = new byte[] { 1, 2, 3 }
};
A.CallTo(() => _fakeSessionIdentificationDataProvider.ProvideDataFromCookie(_context.Request, _cookieName)).Returns(cookieData);
A.CallTo(() => _fakeHmacValidator.IsValidHmac(cookieData)).Returns(false);
var actual = _bySessionIdCookieIdentificationMethod.GetCurrentSessionId(_context);
Assert.Equal(_newSessionId, actual);
A.CallTo(() => _fakeSessionIdFactory.CreateNew()).MustHaveHappened();
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(A <string> ._)).MustNotHaveHappened();
}
public SessionIdentificationDataProviderFixture()
{
_parameterName = "TheParamName";
_hmacProvider = A.Fake <IHmacProvider>();
_sessionIdentificationDataProvider = new SessionIdentificationDataProvider(_hmacProvider);
_hmacString = "01HMAC98";
_encryptedSessionIdString = "s%26%c2%a7%c2%a7ionId";
_validRequest = new Request("GET", string.Format("http://www.google.be?{0}={1}{2}", _parameterName, _hmacString, _encryptedSessionIdString));
_expectedResult = new SessionIdentificationData {
SessionId = "s&§§ionId", Hmac = new byte[] { 211, 81, 204, 0, 47, 124 }
};
A.CallTo(() => _hmacProvider.HmacLength).Returns(6);
}
public void When_decrypted_session_id_is_not_valid_then_returns_new_session_id()
{
var sessionIdentificationData = new SessionIdentificationData {
SessionId = "ABCSomeEncryptedSessionIdXYZ", Hmac = new byte[] { 1, 2, 3 }
};
A.CallTo(() => _fakeSessionIdentificationDataProvider.ProvideDataFromQuery(_context.Request, _parameterName)).Returns(sessionIdentificationData);
A.CallTo(() => _fakeHmacValidator.IsValidHmac(sessionIdentificationData)).Returns(true);
A.CallTo(() => _fakeEncryptionProvider.Decrypt(sessionIdentificationData.SessionId)).Returns(string.Empty);
var actual = _byQueryStringParamIdentificationMethod.GetCurrentSessionId(_context);
Assert.Equal(_newSessionId, actual);
A.CallTo(() => _fakeSessionIdFactory.CreateNew()).MustHaveHappened();
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(A <string> ._)).MustNotHaveHappened();
}
public SessionIdentificationDataProviderFixture()
{
_cookieName = "TheCookieName";
_hmacProvider = A.Fake <IHmacProvider>();
_sessionIdentificationDataProvider = new SessionIdentificationDataProvider(_hmacProvider);
_validRequest = new Request("GET", "http://www.google.be");
_hmacString = "01HMAC98";
_encryptedSessionIdString = "%02Session+Id";
_validRequest.Cookies.Add(_cookieName, _hmacString + _encryptedSessionIdString);
_expectedResult = new SessionIdentificationData {
SessionId = "%02Session+Id", Hmac = new byte[] { 211, 81, 204, 0, 47, 124 }
};
A.CallTo(() => _hmacProvider.HmacLength).Returns(6);
}
public void ModifyResponseToRedirectToSessionAwareUrl(NancyContext context, SessionIdentificationData sessionIdentificationData, string parameterName)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
if (sessionIdentificationData == null)
{
throw new ArgumentNullException("sessionIdentificationData");
}
if (string.IsNullOrWhiteSpace(parameterName))
{
throw new ArgumentNullException("parameterName");
}
if (context.Request == null)
{
throw new ArgumentException("The specified context does not contain a request", "context");
}
if (context.Response == null)
{
throw new ArgumentException("The specified context does not contain a response", "context");
}
var originalUri = (Uri)context.Request.Url;
var uriBuilder = new UriBuilder(originalUri);
var queryParameters = HttpUtility.ParseQueryString(uriBuilder.Query);
queryParameters.Set(parameterName, sessionIdentificationData.ToString());
var newQueryString = string.Empty;
if (queryParameters.Count > 0)
{
var newQueryBuilder = new StringBuilder();
foreach (var paramName in queryParameters.AllKeys)
{
newQueryBuilder.Append(string.Format("{0}={1}&", paramName, HttpUtility.UrlEncode(queryParameters[paramName])));
}
newQueryString = newQueryBuilder.ToString().TrimEnd('&');
}
uriBuilder.Query = newQueryString;
var redirectUrl = uriBuilder.ToString();
context.Response.StatusCode = HttpStatusCode.Found;
context.Response.Headers["Location"] = redirectUrl;
}
public void When_decrypted_session_id_is_not_a_valid_guid_then_returns_new_session_id()
{
const string invalidDecryptedSessionId = "This is not a valid guid!";
var cookieData = new SessionIdentificationData {
SessionId = "ABCSomeEncryptedSessionIdXYZ", Hmac = new byte[] { 1, 2, 3 }
};
A.CallTo(() => _fakeSessionIdentificationDataProvider.ProvideDataFromCookie(_context.Request, _cookieName)).Returns(cookieData);
A.CallTo(() => _fakeHmacValidator.IsValidHmac(cookieData)).Returns(true);
A.CallTo(() => _fakeEncryptionProvider.Decrypt(cookieData.SessionId)).Returns(invalidDecryptedSessionId);
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(invalidDecryptedSessionId)).Returns(null);
var actual = _bySessionIdCookieIdentificationMethod.GetCurrentSessionId(_context);
Assert.Equal(_newSessionId, actual);
A.CallTo(() => _fakeSessionIdFactory.CreateNew()).MustHaveHappened();
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(invalidDecryptedSessionId)).MustHaveHappened();
}
public void When_decrypted_session_id_is_valid_then_returns_session_id_from_cookie()
{
var expectedSessionId = new SessionId(Guid.NewGuid(), false);
var decryptedSessionId = expectedSessionId.Value.ToString();
var cookieData = new SessionIdentificationData {
SessionId = "ABCSomeEncryptedSessionIdXYZ", Hmac = new byte[] { 1, 2, 3 }
};
A.CallTo(() => _fakeSessionIdentificationDataProvider.ProvideDataFromCookie(_context.Request, _cookieName)).Returns(cookieData);
A.CallTo(() => _fakeHmacValidator.IsValidHmac(cookieData)).Returns(true);
A.CallTo(() => _fakeEncryptionProvider.Decrypt(cookieData.SessionId)).Returns(decryptedSessionId);
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(decryptedSessionId)).Returns(expectedSessionId);
var actual = _bySessionIdCookieIdentificationMethod.GetCurrentSessionId(_context);
Assert.Equal(expectedSessionId, actual);
A.CallTo(() => _fakeSessionIdFactory.CreateNew()).MustNotHaveHappened();
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(decryptedSessionId)).MustHaveHappened();
}
public INancyCookie CreateCookie(string cookieName, string cookieDomain, string cookiePath, SessionIdentificationData sessionIdentificationData)
{
if (sessionIdentificationData == null)
{
throw new ArgumentNullException("sessionIdentificationData");
}
if (string.IsNullOrWhiteSpace(cookieName))
{
throw new ArgumentNullException("cookieName");
}
return(new NancyCookie(cookieName, sessionIdentificationData.ToString(), true)
{
Domain = cookieDomain, Path = cookiePath
});
}
public void When_decrypted_session_id_is_not_valid_then_returns_new_session_id() {
var cookieData = new SessionIdentificationData {SessionId = "ABCSomeEncryptedSessionIdXYZ", Hmac = new byte[] {1, 2, 3}};
A.CallTo(() => _fakeSessionIdentificationDataProvider.ProvideDataFromCookie(_context.Request, _cookieName)).Returns(cookieData);
A.CallTo(() => _fakeHmacValidator.IsValidHmac(cookieData)).Returns(true);
A.CallTo(() => _fakeEncryptionProvider.Decrypt(cookieData.SessionId)).Returns(string.Empty);
var actual = _bySessionIdCookieIdentificationMethod.GetCurrentSessionId(_context);
Assert.Equal(_newSessionId, actual);
A.CallTo(() => _fakeSessionIdFactory.CreateNew()).MustHaveHappened();
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(A<string>._)).MustNotHaveHappened();
}
public INancyCookie CreateCookie(string cookieName, string cookieDomain, string cookiePath, SessionIdentificationData sessionIdentificationData) {
if (sessionIdentificationData == null) throw new ArgumentNullException("sessionIdentificationData");
if (string.IsNullOrWhiteSpace(cookieName)) throw new ArgumentNullException("cookieName");
return new NancyCookie(cookieName, sessionIdentificationData.ToString(), true) {Domain = cookieDomain, Path = cookiePath};
}
/// <summary>
/// Save the session identifier in the specified context.
/// </summary>
/// <param name="sessionId">The identifier of the session.</param>
/// <param name="context">The current context.</param>
public void SaveSessionId(SessionId sessionId, NancyContext context) {
if (sessionId == null) throw new ArgumentNullException("sessionId");
if (context == null) throw new ArgumentNullException("context");
if (context.Request == null) throw new ArgumentException("The specified context does not contain a request", "context");
if (sessionId.IsEmpty) throw new ArgumentException("The specified session id cannot be empty", "sessionId");
// Redirect the client to the same url, with the session Id as a query string parameter, if needed
if (sessionId.IsNew) {
var encryptedSessionId = _encryptionProvider.Encrypt(sessionId.Value.ToString());
var hmacBytes = _hmacProvider.GenerateHmac(encryptedSessionId);
var sessionIdentificationData = new SessionIdentificationData {SessionId = encryptedSessionId, Hmac = hmacBytes};
_responseManipulatorForSession.ModifyResponseToRedirectToSessionAwareUrl(context, sessionIdentificationData, ParameterName);
}
}
/// <summary>
/// Save the session identifier in the specified context.
/// </summary>
/// <param name="sessionId">The identifier of the session.</param>
/// <param name="context">The current context.</param>
public void SaveSessionId(SessionId sessionId, NancyContext context) {
if (sessionId == null) throw new ArgumentNullException("sessionId");
if (context == null) throw new ArgumentNullException("context");
if (context.Response == null) throw new ArgumentException("The specified context does not contain a response to modify", "context");
if (sessionId.IsEmpty) throw new ArgumentException("The specified session id cannot be empty", "sessionId");
var encryptedSessionId = _encryptionProvider.Encrypt(sessionId.Value.ToString());
var hmacBytes = _hmacProvider.GenerateHmac(encryptedSessionId);
var sessionIdentificationData = new SessionIdentificationData {SessionId = encryptedSessionId, Hmac = hmacBytes};
var cookie = _cookieFactory.CreateCookie(CookieName, Domain, Path, sessionIdentificationData);
context.Response.WithCookie(cookie);
}
public void When_querystring_does_not_have_a_valid_hmac_then_returns_new_session_id() {
var sessionIdentificationData = new SessionIdentificationData {SessionId = "ABCSomeEncryptedSessionIdXYZ", Hmac = new byte[] {1, 2, 3}};
A.CallTo(() => _fakeSessionIdentificationDataProvider.ProvideDataFromQuery(_context.Request, _parameterName)).Returns(sessionIdentificationData);
A.CallTo(() => _fakeHmacValidator.IsValidHmac(sessionIdentificationData)).Returns(false);
var actual = _byQueryStringParamIdentificationMethod.GetCurrentSessionId(_context);
Assert.Equal(_newSessionId, actual);
A.CallTo(() => _fakeSessionIdFactory.CreateNew()).MustHaveHappened();
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(A<string>._)).MustNotHaveHappened();
}
public void When_decrypted_session_id_is_not_a_valid_guid_then_returns_new_session_id() {
const string invalidDecryptedSessionId = "This is not a valid guid!";
var sessionIdentificationData = new SessionIdentificationData {SessionId = "ABCSomeEncryptedSessionIdXYZ", Hmac = new byte[] {1, 2, 3}};
A.CallTo(() => _fakeSessionIdentificationDataProvider.ProvideDataFromQuery(_context.Request, _parameterName)).Returns(sessionIdentificationData);
A.CallTo(() => _fakeHmacValidator.IsValidHmac(sessionIdentificationData)).Returns(true);
A.CallTo(() => _fakeEncryptionProvider.Decrypt(sessionIdentificationData.SessionId)).Returns(invalidDecryptedSessionId);
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(invalidDecryptedSessionId)).Returns(null);
var actual = _byQueryStringParamIdentificationMethod.GetCurrentSessionId(_context);
Assert.Equal(_newSessionId, actual);
A.CallTo(() => _fakeSessionIdFactory.CreateNew()).MustHaveHappened();
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(invalidDecryptedSessionId)).MustHaveHappened();
}
public void When_decrypted_session_id_is_valid_then_returns_session_id_from_querystring() {
var expectedSessionId = new SessionId(Guid.NewGuid(), false);
var decryptedSessionId = expectedSessionId.Value.ToString();
var sessionIdentificationData = new SessionIdentificationData {SessionId = "ABCSomeEncryptedSessionIdXYZ", Hmac = new byte[] {1, 2, 3}};
A.CallTo(() => _fakeSessionIdentificationDataProvider.ProvideDataFromQuery(_context.Request, _parameterName)).Returns(sessionIdentificationData);
A.CallTo(() => _fakeHmacValidator.IsValidHmac(sessionIdentificationData)).Returns(true);
A.CallTo(() => _fakeEncryptionProvider.Decrypt(sessionIdentificationData.SessionId)).Returns(decryptedSessionId);
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(decryptedSessionId)).Returns(expectedSessionId);
var actual = _byQueryStringParamIdentificationMethod.GetCurrentSessionId(_context);
Assert.Equal(expectedSessionId, actual);
A.CallTo(() => _fakeSessionIdFactory.CreateNew()).MustNotHaveHappened();
A.CallTo(() => _fakeSessionIdFactory.CreateFrom(decryptedSessionId)).MustHaveHappened();
}
