Exemplo n.º 1
0
    public async Task AutoRedirectSessionEndpoint_AutoRedirectsValidatedGetLogoutRequests_ToApplicationsWithProfiles()
    {
        // Arrange
        var session = new Mock <IUserSession>();

        session.Setup(s => s.GetUserAsync()).ReturnsAsync(new ClaimsPrincipal());

        var endSessionValidator = new Mock <IEndSessionRequestValidator>();

        endSessionValidator.Setup(esv => esv.ValidateAsync(It.IsAny <NameValueCollection>(), It.IsAny <ClaimsPrincipal>()))
        .ReturnsAsync(new EndSessionValidationResult()
        {
            IsError          = false,
            ValidatedRequest = new ValidatedEndSessionRequest()
            {
                Client        = ClientBuilder.IdentityServerSPA("MySPA").Build(),
                PostLogOutUri = "https://www.example.com/logout",
                State         = "appState"
            }
        });

        var identityServerOptions = Options.Create(new IdentityServerOptions());

        identityServerOptions.Value.Authentication.CookieAuthenticationScheme = IdentityConstants.ApplicationScheme;
        identityServerOptions.Value.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
        identityServerOptions.Value.UserInteraction.ErrorUrl  = "/Identity/Error";

        var endpoint = new AutoRedirectEndSessionEndpoint(new TestLogger <AutoRedirectEndSessionEndpoint>(), endSessionValidator.Object, identityServerOptions, session.Object);
        var ctx      = new DefaultHttpContext();

        SetupRequestServices(ctx);
        ctx.Request.Method = HttpMethods.Get;

        // Act
        var response = await endpoint.ProcessAsync(ctx);

        // Assert
        Assert.NotNull(response);
        var redirect = Assert.IsType <AutoRedirectEndSessionEndpoint.RedirectResult>(response);

        Assert.Equal("https://www.example.com/logout?state=appState", redirect.Url);

        await response.ExecuteAsync(ctx);

        Assert.Equal(StatusCodes.Status302Found, ctx.Response.StatusCode);
        Assert.Equal("https://www.example.com/logout?state=appState", ctx.Response.Headers.Location);
    }
Exemplo n.º 2
0
    public async Task AutoRedirectSessionEndpoint_RedirectsToLogoutUri_WhenClientDoesntHaveAProfile()
    {
        // Arrange
        var session = new Mock <IUserSession>();

        session.Setup(s => s.GetUserAsync()).ReturnsAsync(new ClaimsPrincipal());

        var endSessionValidator = new Mock <IEndSessionRequestValidator>();

        endSessionValidator.Setup(esv => esv.ValidateAsync(It.IsAny <NameValueCollection>(), It.IsAny <ClaimsPrincipal>()))
        .ReturnsAsync(new EndSessionValidationResult()
        {
            IsError          = false,
            ValidatedRequest = new ValidatedEndSessionRequest()
            {
                Client = new Client()
            }
        });

        var identityServerOptions = Options.Create(new IdentityServerOptions());

        identityServerOptions.Value.Authentication.CookieAuthenticationScheme = IdentityConstants.ApplicationScheme;
        identityServerOptions.Value.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
        identityServerOptions.Value.UserInteraction.ErrorUrl  = "/Identity/Error";

        var endpoint = new AutoRedirectEndSessionEndpoint(new TestLogger <AutoRedirectEndSessionEndpoint>(), endSessionValidator.Object, identityServerOptions, session.Object);
        var ctx      = new DefaultHttpContext();

        SetupRequestServices(ctx);
        ctx.Request.Method      = HttpMethods.Post;
        ctx.Request.ContentType = "application/x-www-form-urlencoded";

        // Act
        var response = await endpoint.ProcessAsync(ctx);

        // Assert
        Assert.NotNull(response);
        var redirect = Assert.IsType <AutoRedirectEndSessionEndpoint.RedirectResult>(response);

        Assert.Equal("/Identity/Account/Logout", redirect.Url);
        await response.ExecuteAsync(ctx);

        Assert.Equal(StatusCodes.Status302Found, ctx.Response.StatusCode);
        Assert.Equal("/Identity/Account/Logout", ctx.Response.Headers.Location);
    }
Exemplo n.º 3
0
    public async Task AutoRedirectSessionEndpoint_ReturnsBadRequest_WhenCannotReadTheRequestBody()
    {
        // Arrange
        var session               = new Mock <IUserSession>();
        var endSessionValidator   = new Mock <IEndSessionRequestValidator>();
        var identityServerOptions = Options.Create(new IdentityServerOptions());

        var endpoint = new AutoRedirectEndSessionEndpoint(new TestLogger <AutoRedirectEndSessionEndpoint>(), endSessionValidator.Object, identityServerOptions, session.Object);
        var ctx      = new DefaultHttpContext();

        SetupRequestServices(ctx);
        ctx.Request.Method = HttpMethods.Post;

        // Act & Assert
        var response = await endpoint.ProcessAsync(ctx);

        // Assert
        Assert.NotNull(response);
        var statusCode = Assert.IsType <StatusCodeResult>(response);

        Assert.Equal(StatusCodes.Status400BadRequest, statusCode.StatusCode);
    }