public async Task AccessToken_Delete_ByContent()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId1 = 42;
var userId2 = 43;
var contentId1 = 142;
var contentId2 = 143;
var timeout = TimeSpan.FromMinutes(10);
var shortTimeout = TimeSpan.FromSeconds(1);
var savedTokens = new[]
{
await AccessTokenVault.CreateTokenAsync(userId1, timeout, contentId1, CancellationToken.None),
await AccessTokenVault.CreateTokenAsync(userId1, shortTimeout, contentId2, CancellationToken.None),
await AccessTokenVault.CreateTokenAsync(userId2, timeout, contentId1, CancellationToken.None),
await AccessTokenVault.CreateTokenAsync(userId2, shortTimeout, contentId2, CancellationToken.None),
};
// ACTION
Thread.Sleep(1100);
await AccessTokenVault.DeleteTokensByContentAsync(contentId1, CancellationToken.None);
// ASSERT
Assert.IsNull(await AccessTokenVault.GetTokenByIdAsync(savedTokens[0].Id, CancellationToken.None));
Assert.IsNotNull(await AccessTokenVault.GetTokenByIdAsync(savedTokens[1].Id, CancellationToken.None));
Assert.IsNull(await AccessTokenVault.GetTokenByIdAsync(savedTokens[2].Id, CancellationToken.None));
Assert.IsNotNull(await AccessTokenVault.GetTokenByIdAsync(savedTokens[3].Id, CancellationToken.None));
});
}
private void AccessToken_GetOrAdd(int userId, int contentId = 0, string feature = null)
{
var timeout1 = TimeSpan.FromMinutes(3);
var timeout2 = TimeSpan.FromMinutes(10);
var timeout3 = TimeSpan.FromMinutes(20);
// create three different tokens
var savedToken1 = AccessTokenVault.CreateToken(userId, timeout1, contentId, feature);
var savedToken2 = AccessTokenVault.CreateToken(userId, timeout2, contentId, feature);
var savedToken3 = AccessTokenVault.CreateToken(userId, timeout3, contentId, feature);
// ACTION: get a token with the same parameters
var token = AccessTokenVault.GetOrAddToken(userId, timeout3, contentId, feature);
// ASSERT: we should get the last one
AssertTokensAreEqual(savedToken3, token);
// ACTION: get a token with shorter expiration time
token = AccessTokenVault.GetOrAddToken(userId, timeout2, contentId, feature);
// ASSERT: we should get the previous one
AssertTokensAreEqual(savedToken2, token);
// ACTION: get a token with an even shorter expiration time
token = AccessTokenVault.GetOrAddToken(userId, TimeSpan.FromMinutes(7), contentId, feature);
// ASSERT: we should get a totally new one, because the first
// token (savedToken1) expires too soon.
Assert.AreNotEqual(savedToken1.Value, token.Value);
Assert.AreNotEqual(savedToken2.Value, token.Value);
Assert.AreNotEqual(savedToken3.Value, token.Value);
Assert.IsTrue(token.ExpirationDate < savedToken2.ExpirationDate);
}
public void AccessToken_Delete_ByContent()
{
var userId1 = 42;
var userId2 = 43;
var contentId1 = 142;
var contentId2 = 143;
var timeout = TimeSpan.FromMinutes(10);
var shortTimeout = TimeSpan.FromSeconds(1);
var savedTokens = new[]
{
AccessTokenVault.CreateToken(userId1, timeout, contentId1),
AccessTokenVault.CreateToken(userId1, shortTimeout, contentId2),
AccessTokenVault.CreateToken(userId2, timeout, contentId1),
AccessTokenVault.CreateToken(userId2, shortTimeout, contentId2),
};
// ACTION
Thread.Sleep(1100);
AccessTokenVault.DeleteTokensByContent(contentId1);
// ASSERT
Assert.IsNull(AccessTokenVault.GetTokenById(savedTokens[0].Id));
Assert.IsNotNull(AccessTokenVault.GetTokenById(savedTokens[1].Id));
Assert.IsNull(AccessTokenVault.GetTokenById(savedTokens[2].Id));
Assert.IsNotNull(AccessTokenVault.GetTokenById(savedTokens[3].Id));
}
private async Task <IUser> GetCurrentUserAsync(WopiRequest wopiRequest, CancellationToken cancellationToken)
{
var tokenValue = wopiRequest.AccessTokenValue;
var contentId = wopiRequest is FilesRequest fileRequest?int.Parse(fileRequest.FileId) : 0;
var token = await AccessTokenVault.GetTokenAsync(tokenValue, contentId, AccessTokenFeatureName, cancellationToken)
.ConfigureAwait(false);
if (token == null)
{
throw new UnauthorizedAccessException(); // 404
}
using (new SystemAccount())
{
if (await Node.LoadNodeAsync(token.UserId, cancellationToken).ConfigureAwait(false) is IUser user)
{
// TODO: This method only sets the User.Current property in sensenet, not the
// main context User in Asp.Net. Check if it would be better if we changed
// or modified the context user earlier in the pipeline.
return(user);
}
}
return(null);
}
public void AccessToken_Exists_Missing()
{
// ACTION
var isExists = AccessTokenVault.TokenExists("asdf");
// ASSERT
Assert.IsFalse(isExists);
}
/// <summary>
/// Logs out the current user.
/// </summary>
/// <param name="ultimateLogout">Whether this should be an ultimate logout. If set to True, the user will be logged out from all clients.</param>
public static void Logout(bool ultimateLogout = false)
{
var user = User.Current;
var info = new CancellableLoginInfo {
UserName = user.Username
};
LoginExtender.OnLoggingOut(info);
if (info.Cancel)
{
return;
}
FormsAuthentication.SignOut();
AccessTokenVault.DeleteTokensByUser(user.Id);
SnLog.WriteAudit(AuditEvent.Logout,
new Dictionary <string, object>
{
{ "UserName", user.Username },
{ "ClientAddress", RepositoryTools.GetClientIpAddress() }
});
LoginExtender.OnLoggedOut(new LoginInfo {
UserName = user.Username
});
if (HttpContext.Current != null)
{
if (HttpContext.Current.Session != null)
{
HttpContext.Current.Session.Abandon();
}
// remove session cookie
var sessionCookie = new HttpCookie(GetSessionIdCookieName(), string.Empty)
{
Expires = DateTime.UtcNow.AddDays(-1)
};
HttpContext.Current.Response.Cookies.Add(sessionCookie);
// in case of ultimate logout saves the time on user
if (ultimateLogout || Configuration.Security.DefaultUltimateLogout)
{
using (new SystemAccount())
{
if (user is User userNode)
{
userNode.LastLoggedOut = DateTime.UtcNow;
userNode.Save(SavingMode.KeepVersion);
}
}
}
}
}
public void AccessToken_UpdateExpired()
{
var userId = 42;
var timeout = TimeSpan.FromMilliseconds(1);
var savedToken = AccessTokenVault.CreateToken(userId, timeout);
// ACTION
Thread.Sleep(1100);
AccessTokenVault.UpdateToken(savedToken.Value, DateTime.UtcNow.AddMinutes(30.0d));
}
public void AccessToken_AssertExists_Expired()
{
var userId = 42;
var timeout = TimeSpan.FromMilliseconds(1);
var savedToken = AccessTokenVault.CreateToken(userId, timeout);
// ACTION
Thread.Sleep(1100);
AccessTokenVault.AssertTokenExists(savedToken.Value);
}
public void AccessToken_Create_ForUser_ValueLength()
{
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
// ACTION
var token = AccessTokenVault.CreateToken(userId, timeout);
// ASSERT
Assert.IsTrue(token.Value.Length >= 50);
}
public void AccessToken_AssertExists()
{
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
var savedToken = AccessTokenVault.CreateToken(userId, timeout);
// ACTION
AccessTokenVault.AssertTokenExists(savedToken.Value);
//Assert.AllRight() :)
}
public async Tasks.Task AccessToken_AssertExists_Expired()
{
var userId = 42;
var timeout = TimeSpan.FromMilliseconds(1);
var savedToken = AccessTokenVault.CreateToken(userId, timeout);
// ACTION
Thread.Sleep(1100);
await AccessTokenVault.AssertTokenExistsAsync(savedToken.Value, CancellationToken.None);
}
public void AccessToken_Exists()
{
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
var savedToken = AccessTokenVault.CreateToken(userId, timeout);
// ACTION
var isExists = AccessTokenVault.TokenExists(savedToken.Value);
// ASSERT
Assert.IsTrue(isExists);
}
public void AccessToken_Get_ForUser()
{
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
var savedToken = AccessTokenVault.CreateToken(userId, timeout);
// ACTION
var token = AccessTokenVault.GetToken(savedToken.Value);
// ASSERT
AssertTokensAreEqual(savedToken, token);
}
public void UT_AccessToken_GetOrAdd_MaxTimeOut()
{
var dataProvider = new InMemoryDataProvider();
dataProvider.SetExtension(typeof(IAccessTokenDataProviderExtension), new InMemoryAccessTokenDataProvider());
Providers.Instance.DataProvider = dataProvider;
// ACTION
var token = AccessTokenVault.GetOrAddToken(1, TimeSpan.MaxValue);
// ASSERT
Assert.AreEqual(DateTime.MaxValue, token.ExpirationDate);
}
public void UT_AccessToken_GetOrAdd_MaxTimeOut()
{
Providers.Instance = new Providers(new ServiceCollection()
.AddSingleton <DataProvider, InMemoryDataProvider>()
.AddSingleton <IAccessTokenDataProvider, InMemoryAccessTokenDataProvider>()
.BuildServiceProvider());
// ACTION
var token = AccessTokenVault.GetOrAddToken(1, TimeSpan.MaxValue);
// ASSERT
Assert.AreEqual(DateTime.MaxValue, token.ExpirationDate);
}
public void UT_AccessToken_Create_MaxTimeOut()
{
Providers.Instance = new Providers(new ServiceCollection()
.AddSingleton <DataProvider, InMemoryDataProvider>()
.AddSingleton <IAccessTokenDataProvider, InMemoryAccessTokenDataProvider>()
.BuildServiceProvider());
// ACTION
var token = AccessTokenVault.CreateTokenAsync(1, TimeSpan.MaxValue, CancellationToken.None).Result;
// ASSERT
Assert.AreEqual(DateTime.MaxValue, token.ExpirationDate);
}
public async Task AccessToken_Exists_Missing()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
// ACTION
var isExists = await AccessTokenVault.TokenExistsAsync("asdf", CancellationToken.None);
// ASSERT
Assert.IsFalse(isExists);
});
}
public void AccessToken_Create_ForUser_Twice()
{
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
// ACTION
var token1 = AccessTokenVault.CreateToken(userId, timeout);
var token2 = AccessTokenVault.CreateToken(userId, timeout);
// ASSERT
Assert.AreNotEqual(token1.Id, token2.Id);
Assert.AreNotEqual(token1.Value, token2.Value);
}
public void UT_AccessToken_Create_MaxTimeOut()
{
var dataProvider = new InMemoryDataProvider();
dataProvider.SetExtension(typeof(IAccessTokenDataProviderExtension), new InMemoryAccessTokenDataProvider());
Providers.Instance.DataProvider = dataProvider;
// ACTION
var token = AccessTokenVault.CreateTokenAsync(1, TimeSpan.MaxValue, CancellationToken.None).Result;
// ASSERT
Assert.AreEqual(DateTime.MaxValue, token.ExpirationDate);
}
public void AccessToken_Get_Expired()
{
var userId = 42;
var timeout = TimeSpan.FromMilliseconds(1);
var savedToken = AccessTokenVault.CreateToken(userId, timeout);
// ACTION
Thread.Sleep(10);
var token = AccessTokenVault.GetToken(savedToken.Value);
// ASSERT
Assert.IsNull(token);
}
public void AccessToken_Get_ForUserAndContent()
{
var userId = 42;
var contentId = 142;
var timeout = TimeSpan.FromMinutes(10);
var savedToken = AccessTokenVault.CreateToken(userId, timeout, contentId);
// ACTION
var token = AccessTokenVault.GetToken(savedToken.Value, contentId);
// ASSERT
AssertTokensAreEqual(savedToken, token);
Assert.IsNull(AccessTokenVault.GetToken(savedToken.Value));
}
public void AccessToken_Get_ForUserAndFeature()
{
var userId = 42;
var feature = "Feature1";
var timeout = TimeSpan.FromMinutes(10);
var savedToken = AccessTokenVault.CreateToken(userId, timeout, 0, feature);
// ACTION
var token = AccessTokenVault.GetToken(savedToken.Value, 0, feature);
// ASSERT
AssertTokensAreEqual(savedToken, token);
Assert.IsNull(AccessTokenVault.GetToken(savedToken.Value));
}
public async Task AccessToken_Create_ForUser_ValueLength()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
// ACTION
var token = await AccessTokenVault.CreateTokenAsync(userId, timeout, CancellationToken.None);
// ASSERT
Assert.IsTrue(token.Value.Length >= 50);
});
}
public async Task AccessToken_AssertExists()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
var savedToken = await AccessTokenVault.CreateTokenAsync(userId, timeout, CancellationToken.None);
// ACTION
AccessTokenVault.AssertTokenExists(savedToken.Value);
//Assert.AllRight() :)
});
}
public async Task AccessToken_Get_ForUser()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
var savedToken = await AccessTokenVault.CreateTokenAsync(userId, timeout, CancellationToken.None);
// ACTION
var token = await AccessTokenVault.GetTokenAsync(savedToken.Value, CancellationToken.None);
// ASSERT
AssertTokensAreEqual(savedToken, token);
});
}
public async Task AccessToken_Exists()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
var savedToken = await AccessTokenVault.CreateTokenAsync(userId, timeout, CancellationToken.None);
// ACTION
var isExists = await AccessTokenVault.TokenExistsAsync(savedToken.Value, CancellationToken.None);
// ASSERT
Assert.IsTrue(isExists);
});
}
public void AccessToken_Update()
{
var userId = 42;
var timeout = TimeSpan.FromMinutes(10.0d);
var savedToken = AccessTokenVault.CreateToken(userId, timeout);
Assert.IsTrue(savedToken.ExpirationDate < DateTime.UtcNow.AddMinutes(20.0d));
// ACTION
AccessTokenVault.UpdateToken(savedToken.Value, DateTime.UtcNow.AddMinutes(30.0d));
// ASSERT
var loadedToken = AccessTokenVault.GetToken(savedToken.Value);
Assert.IsNotNull(loadedToken);
Assert.IsTrue(loadedToken.ExpirationDate > DateTime.UtcNow.AddMinutes(20.0d));
}
public async Task AccessToken_UpdateMissing()
{
await NoRepoIntegrationTestAsync(async() =>
{
try
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
await AccessTokenVault.UpdateTokenAsync("asdf", DateTime.UtcNow.AddMinutes(30.0d), CancellationToken.None);
Assert.Fail("Expected InvalidAccessTokenException was not thrown.");
}
catch (InvalidAccessTokenException)
{
// do nothing
}
});
}
public async Task AccessToken_Create_ForUser_Twice()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
// ACTION
var token1 = await AccessTokenVault.CreateTokenAsync(userId, timeout, CancellationToken.None);
var token2 = await AccessTokenVault.CreateTokenAsync(userId, timeout, CancellationToken.None);
// ASSERT
Assert.AreNotEqual(token1.Id, token2.Id);
Assert.AreNotEqual(token1.Value, token2.Value);
});
}
public void AccessToken_Create_ForUser()
{
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
// ACTION
var token = AccessTokenVault.CreateToken(userId, timeout);
// ASSERT
Assert.IsTrue(token.Id > 0);
Assert.IsNotNull(token.Value);
Assert.AreEqual(userId, token.UserId);
Assert.AreEqual(0, token.ContentId);
Assert.IsNull(token.Feature);
Assert.IsTrue((DateTime.UtcNow - token.CreationDate).TotalMilliseconds < 1000);
Assert.IsTrue((token.ExpirationDate - DateTime.UtcNow - timeout).TotalMilliseconds < 1000);
}