public void Test_ReturnsSuccessIfValidCookieEsists()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var serializedTicket = serializer.Serialize(ticket);
var protectedTicket = dataProtector.Protect(serializedTicket);
var encodedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES),
Value = encodedTicket
};
cookies.Set(cookie);
browser.SetupGet(b => b.Cookies).Returns(true);
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.True(result.Succeeded);
Assert.Equal("Foo User", result.Principal.Identity.Name);
}
public void Test_ReturnsFailureIf_InValidCookieEsistsOrIfCookieIsDamaged()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var serializedTicket = serializer.Serialize(ticket);
var protectedTicket = dataProtector.Protect(serializedTicket);
var encodedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES),
Value = encodedTicket + "Corrupt"
};
cookies.Set(cookie);
browser.SetupGet(b => b.Cookies).Returns(true);
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.False(result.Succeeded);
Assert.Equal($"Unable to extract cookie '{AuthConstants.AUTH_COOKIE_NM}', cookie might be damaged/modified", result.Failure.Message);
}
public void Test_SignIn_AddsCookie_IfAuthResultIsSuccess()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var serializedTicket = serializer.Serialize(ticket);
var protectedTicket = dataProtector.Protect(serializedTicket);
var encodedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES),
Value = encodedTicket
};
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
authenticator.SignIn(AuthenticateResult.Success(ticket), context.Object);
response.Verify(r => r.AppendCookie(It.Is <HttpCookie>(c => Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(c.Value))) == Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(encodedTicket))) &&
c.Expires.Date.Minute == DateTime.Now.AddMinutes(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES).Date.Minute)), Times.Once);
}
public ActionResult Logout()
{
IAuthenticator authenticator = new CookieAuthenticator();
authenticator.SignOut();
return(Redirect("/"));
}
public void Test_ReturnsNoResultIfBrowserDoesNotSupportCookies()
{
browser.SetupGet(b => b.Cookies).Returns(false);
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
Assert.False(authenticator.Authenticate(context.Object).Succeeded);
}
public ActionResult ConfirmLogout()
{
var authenticator = new CookieAuthenticator();
authenticator.SignOut();
return(this.RedirectToHome());
}
public void Test_SignIn_DoesNotAddCookie_IfAuthResultIsNotSuccess()
{
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
authenticator.SignIn(AuthenticateResult.NoResult(), context.Object);
var authCookie = context.Object.Response.Cookies.Get(AuthConstants.AUTH_COOKIE_NM);
Assert.Null(authCookie);
}
public void Test_ReturnsNoResultOrNotSuccessIf_CookieDoesNotEsist()
{
browser.SetupGet(b => b.Cookies).Returns(true);
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.False(result.Succeeded);
}
public ActionResult VerifySignInWith(AuthenticationProvider provider)
{
var result = AuthenticationService.FinalizeAuthentication(provider);
if (result.IsSuccessful)
{
if (result.IsRegisteredDeveloper)
{
var authenticator = new CookieAuthenticator();
authenticator.SetCookie(result.Developer.Username, true);
return(this.RedirectToDeveloperHome(result.Developer.Username));
}
else
{
TempData["authenticationResult"] = result;
return(RedirectToAction("Create", "Developer"));
}
}
return(new HttpUnauthorizedResult("HAL: Without your space helmet, Dave? You're going to find that rather difficult."));
}
private static void CreateAuthenticationTicket(string Username, bool IsImagemakers)
{
IAuthenticator authenticator = new CookieAuthenticator();
authenticator.SetCookie(Username, false, (IsImagemakers) ? new string[] { "IM" } : null);
}
public ActionResult Login(LoginModel user)
{
if (ModelState.IsValid)
{
string password;
try
{
var rsaProvider = new RSACryptoServiceProvider();
rsaProvider.FromXmlString(Session["Encryption"].ToString());
password = Encoding.ASCII.GetString(
rsaProvider.Decrypt(Convert.FromBase64String(user.Password), false)
);
}
catch (Exception ex)
{
ModelState.AddModelError("Invalid", "Invalid email address and/or password");
GenerateRsaInformation();
return(View());
}
int?adminUserID;
var response = AttemptLogin(user.Username, password, out adminUserID);
if (response == AuthenticationResponse.ImagemakersSuccess ||
response == AuthenticationResponse.LocalSuccess)
{
if (response == AuthenticationResponse.ImagemakersSuccess)
{
IAuthenticator authenticator = new CookieAuthenticator();
var guid = authenticator.SetCookie(user.Username, false, new string[] { "IM", "Admin" });
_sessionRepo.Add(user.Username, UserIP, guid);
}
if (response == AuthenticationResponse.LocalSuccess)
{
var dbUser = _repo.FindByEmailAddress(user.Username);
IAuthenticator authenticator = new CookieAuthenticator();
var guid = authenticator.SetCookie(user.Username, false, dbUser.Roles.Select(x => x.Name).ToArray());
_sessionRepo.Add(user.Username, UserIP, guid, adminUserID);
}
_uow.Commit();
if (!String.IsNullOrEmpty(Request.QueryString["ReturnUrl"]) &&
Url.IsLocalUrl(Request.QueryString["ReturnUrl"]))
{
return(Redirect(Request.QueryString["ReturnUrl"]));
}
else
{
return(Redirect("/"));
}
}
ModelState.AddModelError(
"Invalid",
response == AuthenticationResponse.LockedOut
? "Looks like you've tried logging in too many times. Try again in a few minutes."
: "Invalid username and/or password");
}
GenerateRsaInformation();
return(View());
}
