/// <summary> /// Initialise and add cookie based session hooks to the application pipeine /// </summary> /// <param name="applicationPipelines">Application pipelines</param> /// <param name="encryptionProvider">Encryption provider for encrypting cookies</param> /// <param name="passPhrase">Encryption pass phrase</param> /// <param name="salt">Encryption salt</param> /// <returns>Formatter selector for choosing a non-default formatter</returns> public static IFormatterSelector Enable(IApplicationPipelines applicationPipelines, IEncryptionProvider encryptionProvider, string passPhrase, string salt) { var sessionStore = new CookieBasedSessions(encryptionProvider, passPhrase, salt, new DefaultSessionObjectFormatter()); applicationPipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => LoadSession(ctx, sessionStore)); applicationPipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore)); return sessionStore; }
public CookieBasedSessionsFixture() { this.fakeEncryptionProvider = A.Fake<IEncryptionProvider>(); this.fakeHmacProvider = A.Fake<IHmacProvider>(); this.cookieStore = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, new Fakes.FakeSessionObjectFormatter()); this.rijndaelEncryptionProvider = new RijndaelEncryptionProvider(new PassphraseKeyGenerator("password")); this.defaultHmacProvider = new DefaultHmacProvider(new PassphraseKeyGenerator("anotherpassword")); }
public CookieBasedSessionsFixture() { this.fakeEncryptionProvider = A.Fake<IEncryptionProvider>(); this.fakeHmacProvider = A.Fake<IHmacProvider>(); this.cookieStore = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, new Fakes.FakeObjectSerializer()); this.rijndaelEncryptionProvider = new RijndaelEncryptionProvider(new PassphraseKeyGenerator("password", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000)); this.defaultHmacProvider = new DefaultHmacProvider(new PassphraseKeyGenerator("anotherpassword", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000)); }
/// <summary> /// Initialise and add cookie based session hooks to the application pipeine /// </summary> /// <param name="applicationPipelines">Application pipelines</param> /// <param name="cryptographyConfiguration">Cryptography configuration</param> /// <returns>Formatter selector for choosing a non-default serializer</returns> public static IObjectSerializerSelector Enable(IApplicationPipelines applicationPipelines, CryptographyConfiguration cryptographyConfiguration) { var sessionStore = new CookieBasedSessions(cryptographyConfiguration.EncryptionProvider, cryptographyConfiguration.HmacProvider, new DefaultObjectSerializer()); applicationPipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => LoadSession(ctx, sessionStore)); applicationPipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore)); return sessionStore; }
/// <summary> /// Initialise and add cookie based session hooks to the application pipeline /// </summary> /// <param name="pipelines">Application pipelines</param> /// <param name="configuration">Cookie based sessions configuration.</param> /// <returns>Formatter selector for choosing a non-default serializer</returns> public static IObjectSerializerSelector Enable(IPipelines pipelines, CookieBasedSessionsConfiguration configuration) { if (pipelines == null) { throw new ArgumentNullException("pipelines"); } var sessionStore = new CookieBasedSessions(configuration); pipelines.BeforeRequest.AddItemToStartOfPipeline(ctx => LoadSession(ctx, sessionStore)); pipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore)); return sessionStore; }
public void Should_load_valid_test_data() { var inputValue = ValidHmac + ValidData; inputValue = HttpUtility.UrlEncode(inputValue); var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer); var request = new Request("GET", "/", "http"); request.Cookies.Add(store.CookieName, inputValue); var result = store.Load(request); result.Count.ShouldEqual(1); result.First().Value.ShouldBeOfType(typeof(DefaultSessionObjectFormatterFixture.Payload)); }
public void Should_be_able_to_load_an_object_previously_saved_to_session() { var response = new Response(); var session = new Session(new Dictionary<string, object>()); var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string"); var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer); session["testObject"] = payload; store.Save(session, response); var request = new Request("GET", "/", "http"); request.Cookies.Add(Helpers.HttpUtility.UrlEncode(response.Cookies.First().Name), Helpers.HttpUtility.UrlEncode(response.Cookies.First().Value)); var result = store.Load(request); result["testObject"].ShouldEqual(payload); }
public void Should_be_able_to_save_a_complex_object_to_session() { var response = new Response(); var session = new Session(new Dictionary<string, object>()); var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string"); var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer); session["testObject"] = payload; store.Save(session, response); response.Cookies.Count.ShouldEqual(1); var cookie = response.Cookies.First(); cookie.Name.ShouldEqual(store.CookieName); cookie.Value.ShouldNotBeNull(); cookie.Value.ShouldNotBeEmpty(); }
public void Should_call_the_formatter_on_save() { var response = new Response(); var session = new Session(new Dictionary<string, object>()); session["key1"] = "value1"; var fakeFormatter = A.Fake<IObjectSerializer>(); var store = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, fakeFormatter); store.Save(session, response); A.CallTo(() => fakeFormatter.Serialize("value1")).MustHaveHappened(Repeated.Exactly.Once); }
public void Should_call_formatter_on_load() { var fakeFormatter = A.Fake<IObjectSerializer>(); A.CallTo(() => this.fakeEncryptionProvider.Decrypt("encryptedkey1=value1")).Returns("key1=value1;"); var store = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, fakeFormatter); var request = CreateRequest("encryptedkey1=value1", false); store.Load(request); A.CallTo(() => fakeFormatter.Deserialize("value1")).MustHaveHappened(Repeated.Exactly.Once); }
public void Should_use_CookieName_when_config_provides_cookiename_value() { //Given var cryptoConfig = new CryptographyConfiguration(this.fakeEncryptionProvider, this.fakeHmacProvider); var storeConfig = new CookieBasedSessionsConfiguration(cryptoConfig) { CookieName = "NamedCookie", Serializer = this.fakeObjectSerializer }; var store = new CookieBasedSessions(storeConfig); //When var response = new Response(); var session = new Session(new Dictionary<string, object> { {"key1", "val1"}, }); session["key2"] = "val2"; store.Save(session, response); //Then response.Cookies.ShouldHave(c => c.Name == storeConfig.CookieName); }
public void Should_return_blank_session_if_hmac_changed() { var inputValue = "b" + ValidHmac.Substring(1) + ValidData; inputValue = HttpUtility.UrlEncode(inputValue); var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, new DefaultObjectSerializer()); var request = new Request("GET", "/", "http"); request.Cookies.Add(CookieBasedSessions.GetCookieName(), inputValue); var result = store.Load(request); result.Count.ShouldEqual(0); }
/// <summary> /// Saves the request session into the response /// </summary> /// <param name="context">Nancy context</param> /// <param name="sessionStore">Session store</param> private static void SaveSession(NancyContext context, CookieBasedSessions sessionStore) { sessionStore.Save(context.Request.Session, context.Response); }
/// <summary> /// Loads the request session /// </summary> /// <param name="context">Nancy context</param> /// <param name="sessionStore">Session store</param> /// <returns>Always returns null</returns> private static Response LoadSession(NancyContext context, CookieBasedSessions sessionStore) { if (context.Request == null) { return null; } context.Request.Session = sessionStore.Load(context.Request); return null; }
public void Should_return_blank_session_if_encrypted_data_modified() { var inputValue = ValidHmac + ValidData.Substring(0, ValidData.Length - 1) + "Z"; inputValue = HttpUtility.UrlEncode(inputValue); var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer); var request = new Request("GET", "/", "http"); request.Cookies.Add(store.CookieName, inputValue); var result = store.Load(request); result.Count.ShouldEqual(0); }
public void Should_return_blank_session_if_encrypted_data_are_invalid_but_contain_semicolon_when_decrypted() { var bogusEncrypted = this.rijndaelEncryptionProvider.Encrypt("foo;bar"); var inputValue = ValidHmac + bogusEncrypted; inputValue = HttpUtility.UrlEncode(inputValue); var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer); var request = new Request("GET", "/", "http"); request.Cookies.Add(store.CookieName, inputValue); var result = store.Load(request); result.Count.ShouldEqual(0); }
public void Should_return_blank_session_if_hmac_missing() { var inputValue = ValidData; inputValue = HttpUtility.UrlEncode(inputValue); var store = new CookieBasedSessions(this.aesEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer); var request = new Request("GET", "/", "http"); request.Cookies.Add(store.CookieName, inputValue); var result = store.Load(request); result.Count.ShouldEqual(0); }
public void Should_set_Path_when_config_provides_path_value() { //Given var cryptoConfig = new CryptographyConfiguration(this.fakeEncryptionProvider, this.fakeHmacProvider); var storeConfig = new CookieBasedSessionsConfiguration(cryptoConfig) { Path = "/", Serializer = this.fakeObjectSerializer }; var store = new CookieBasedSessions(storeConfig); //When var response = new Response(); var session = new Session(new Dictionary<string, object> { {"key1", "val1"}, }); session["key2"] = "val2"; store.Save(session, response); //Then var cookie = response.Cookies.First(c => c.Name == storeConfig.CookieName); cookie.Path.ShouldEqual(storeConfig.Path); }
public void Should_load_an_empty_session_if_session_cookie_is_invalid() { //given var inputValue = ValidHmac.Substring(0, 5); //invalid Hmac inputValue = HttpUtility.UrlEncode(inputValue); var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer); var request = new Request("GET", "/", "http"); request.Cookies.Add(store.CookieName, inputValue); //when var result = store.Load(request); //then result.Count.ShouldEqual(0); }