private IList <SetCookieHeaderValue> GetAllCookies()
        {
            this.ContainingHeader(HttpHeader.SetCookie);
            var cookieHeader = this.httpResponse.Headers[HttpHeader.SetCookie];

            if (!cookieHeader.Any())
            {
                this.ThrowNewHttpResponseAssertionException(
                    "to have",
                    "set cookies",
                    "none were found");
            }

            IList <SetCookieHeaderValue> setCookieHeaderValue;

            if (!SetCookieHeaderValue.TryParseList(cookieHeader, out setCookieHeaderValue))
            {
                this.ThrowNewHttpResponseAssertionException(
                    "to have",
                    "valid cookie values",
                    "some of them were invalid");
            }

            return(setCookieHeaderValue);
        }
        private async Task <IList <SetCookieHeaderValue> > RequestCookiesAsync(CancellationToken cancellationToken)
        {
            var authEndpoint = _credentials.BaseAddress
                               .AppendPathSegment(_options.JdaCookieAuthPath);

            var credentials = new Dictionary <string, string>
            {
                { "loginName", _credentials.Username },
                { "password", _credentials.Password }
            };

            var content = new FormUrlEncodedContent(credentials);
            var request = new HttpRequestMessage(HttpMethod.Post, authEndpoint)
            {
                Content = content
            };
            var response = await base.SendAsync(request, cancellationToken);

            if (response.StatusCode == HttpStatusCode.OK &&
                response.Headers.TryGetValues(HeaderNames.SetCookie, out var values) &&
                SetCookieHeaderValue.TryParseList(values.ToList(), out var cookies))
            {
                _cookieCache[_teamId] = cookies;

                return(cookies);
            }
            else
            {
                throw new UnauthorizedAccessException("Invalid JDA access credentials.");
            }
        }
예제 #3
0
    public void SetCookieHeaderValue_TryParseList_ExcludesInvalidValues(IList <SetCookieHeaderValue> cookies, string[] input)
    {
        bool result = SetCookieHeaderValue.TryParseList(input, out var results);

        Assert.Equal(cookies, results);
        Assert.Equal(cookies?.Count > 0, result);
    }
예제 #4
0
    public void SetCookieHeaderValue_TryParseList_AcceptsValidValues(IList <SetCookieHeaderValue> cookies, string[] input)
    {
        bool result = SetCookieHeaderValue.TryParseList(input, out var results);

        Assert.True(result);

        Assert.Equal(cookies, results);
    }
예제 #5
0
        public async Task BadCallbackCallsRemoteAuthFailedWithState()
        {
            using var host = await CreateHost(o =>
            {
                o.ConsumerKey            = "Test Consumer Key";
                o.ConsumerSecret         = "Test Consumer Secret";
                o.BackchannelHttpHandler = new TestHttpMessageHandler
                {
                    Sender = BackchannelRequestToken
                };
                o.Events = new TwitterEvents()
                {
                    OnRemoteFailure = context =>
                    {
                        Assert.NotNull(context.Failure);
                        Assert.Equal("Access was denied by the resource owner or by the remote server.", context.Failure.Message);
                        Assert.NotNull(context.Properties);
                        Assert.Equal("testvalue", context.Properties.Items["testkey"]);
                        context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
                        context.HandleResponse();
                        return(Task.CompletedTask);
                    }
                };
            },
                                              async context =>
            {
                var properties = new AuthenticationProperties();
                properties.Items["testkey"] = "testvalue";
                await context.ChallengeAsync("Twitter", properties);
                return(true);
            });

            using var server = host.GetTestServer();
            var transaction = await server.SendAsync("http://example.com/challenge");

            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
            var location = transaction.Response.Headers.Location.AbsoluteUri;

            Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
            Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
            Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
            Assert.Single(setCookieValues);
            var setCookieValue = setCookieValues.Single();
            var cookie         = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);

            var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");

            request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
            var client   = server.CreateClient();
            var response = await client.SendAsync(request);

            Assert.Equal(HttpStatusCode.NotAcceptable, response.StatusCode);
        }
예제 #6
0
        public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySet()
        {
            using var host = await CreateHost(o =>
            {
                o.ConsumerKey            = "Test Consumer Key";
                o.ConsumerSecret         = "Test Consumer Secret";
                o.BackchannelHttpHandler = new TestHttpMessageHandler
                {
                    Sender = BackchannelRequestToken
                };
                o.AccessDeniedPath       = "/access-denied";
                o.Events.OnRemoteFailure = context => throw new InvalidOperationException("This event should not be called.");
            },
                                              async context =>
            {
                var properties = new AuthenticationProperties();
                properties.Items["testkey"] = "testvalue";
                await context.ChallengeAsync("Twitter", properties);
                return(true);
            });

            using var server = host.GetTestServer();
            var transaction = await server.SendAsync("http://example.com/challenge");

            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
            var location = transaction.Response.Headers.Location.AbsoluteUri;

            Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
            Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
            Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
            Assert.Single(setCookieValues);
            var setCookieValue = setCookieValues.Single();
            var cookie         = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);

            var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");

            request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
            var client   = server.CreateClient();
            var response = await client.SendAsync(request);

            Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
            Assert.Equal("http://localhost/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());
        }