private IList <SetCookieHeaderValue> GetAllCookies()
{
this.ContainingHeader(HttpHeader.SetCookie);
var cookieHeader = this.httpResponse.Headers[HttpHeader.SetCookie];
if (!cookieHeader.Any())
{
this.ThrowNewHttpResponseAssertionException(
"to have",
"set cookies",
"none were found");
}
IList <SetCookieHeaderValue> setCookieHeaderValue;
if (!SetCookieHeaderValue.TryParseList(cookieHeader, out setCookieHeaderValue))
{
this.ThrowNewHttpResponseAssertionException(
"to have",
"valid cookie values",
"some of them were invalid");
}
return(setCookieHeaderValue);
}
private async Task <IList <SetCookieHeaderValue> > RequestCookiesAsync(CancellationToken cancellationToken)
{
var authEndpoint = _credentials.BaseAddress
.AppendPathSegment(_options.JdaCookieAuthPath);
var credentials = new Dictionary <string, string>
{
{ "loginName", _credentials.Username },
{ "password", _credentials.Password }
};
var content = new FormUrlEncodedContent(credentials);
var request = new HttpRequestMessage(HttpMethod.Post, authEndpoint)
{
Content = content
};
var response = await base.SendAsync(request, cancellationToken);
if (response.StatusCode == HttpStatusCode.OK &&
response.Headers.TryGetValues(HeaderNames.SetCookie, out var values) &&
SetCookieHeaderValue.TryParseList(values.ToList(), out var cookies))
{
_cookieCache[_teamId] = cookies;
return(cookies);
}
else
{
throw new UnauthorizedAccessException("Invalid JDA access credentials.");
}
}
public void SetCookieHeaderValue_TryParseList_ExcludesInvalidValues(IList <SetCookieHeaderValue> cookies, string[] input)
{
bool result = SetCookieHeaderValue.TryParseList(input, out var results);
Assert.Equal(cookies, results);
Assert.Equal(cookies?.Count > 0, result);
}
public void SetCookieHeaderValue_TryParseList_AcceptsValidValues(IList <SetCookieHeaderValue> cookies, string[] input)
{
bool result = SetCookieHeaderValue.TryParseList(input, out var results);
Assert.True(result);
Assert.Equal(cookies, results);
}
public async Task BadCallbackCallsRemoteAuthFailedWithState()
{
using var host = await CreateHost(o =>
{
o.ConsumerKey = "Test Consumer Key";
o.ConsumerSecret = "Test Consumer Secret";
o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = BackchannelRequestToken
};
o.Events = new TwitterEvents()
{
OnRemoteFailure = context =>
{
Assert.NotNull(context.Failure);
Assert.Equal("Access was denied by the resource owner or by the remote server.", context.Failure.Message);
Assert.NotNull(context.Properties);
Assert.Equal("testvalue", context.Properties.Items["testkey"]);
context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
context.HandleResponse();
return(Task.CompletedTask);
}
};
},
async context =>
{
var properties = new AuthenticationProperties();
properties.Items["testkey"] = "testvalue";
await context.ChallengeAsync("Twitter", properties);
return(true);
});
using var server = host.GetTestServer();
var transaction = await server.SendAsync("http://example.com/challenge");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
var location = transaction.Response.Headers.Location.AbsoluteUri;
Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
Assert.Single(setCookieValues);
var setCookieValue = setCookieValues.Single();
var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");
request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
var client = server.CreateClient();
var response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.NotAcceptable, response.StatusCode);
}
public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySet()
{
using var host = await CreateHost(o =>
{
o.ConsumerKey = "Test Consumer Key";
o.ConsumerSecret = "Test Consumer Secret";
o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = BackchannelRequestToken
};
o.AccessDeniedPath = "/access-denied";
o.Events.OnRemoteFailure = context => throw new InvalidOperationException("This event should not be called.");
},
async context =>
{
var properties = new AuthenticationProperties();
properties.Items["testkey"] = "testvalue";
await context.ChallengeAsync("Twitter", properties);
return(true);
});
using var server = host.GetTestServer();
var transaction = await server.SendAsync("http://example.com/challenge");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
var location = transaction.Response.Headers.Location.AbsoluteUri;
Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
Assert.Single(setCookieValues);
var setCookieValue = setCookieValues.Single();
var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");
request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
var client = server.CreateClient();
var response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
Assert.Equal("http://localhost/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());
}