Exemplo n.º 1
0
        public void RenewCookieAfterHalfExpirationTime_HalfTimeHasNotPassed()
        {
            var testUser            = new FakeUserInfo("TestUser");
            var impersonateUserName = "******";

            var options = new ImpersonationOptions {
                CookieDurationMinutes = 3
            };

            var cookie            = ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName, options);
            var impersonationInfo = ImpersonationServiceHelper.DecryptCookieValue(cookie.Value);

            AssertIsWithinOneSecond(DateTime.Now.AddMinutes(options.CookieDurationMinutes), impersonationInfo.Expires); // Reviewing the test setup.

            // Half-time has not passed:

            impersonationInfo.Expires = DateTime.Now.AddMinutes(options.CookieDurationMinutes / 2.0).AddSeconds(1);
            cookie.Value = ImpersonationServiceHelper.EncryptCookieValue(impersonationInfo);

            (var impersonationService, var httpContext, _) = ImpersonationServiceHelper.CreateImpersonationService(testUser, options);
            httpContext.RequestCookies.Add(cookie);

            var user = impersonationService.GetAuthenticationInfo();

            // Impersonation should still be valid, the cookie should not be modified.

            Assert.AreEqual(
                "TestUser as TestImpersonatedUser, original TestUser",
                ReportImpersonationStatus(user));

            Assert.AreEqual(0, httpContext.ResponseCookies.Count);
        }
Exemplo n.º 2
0
        public void StopImpersonating()
        {
            var initialUser         = new FakeUserInfo("TestUser");
            var impersonateUserName = "******";
            var initialCookie       = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Review test setup:

            Assert.AreEqual(
                "TestUser as TestImpersonatedUser, original TestUser",
                ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, initialCookie).AuthenticationInfo));

            // Stopping impersonation should expire the impersonation cookie:

            (var responseCookie, var log) = ImpersonationServiceHelper.RemoveImpersonation(initialUser, initialCookie);

            AssertIsBefore(responseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, responseCookie.Key);
            Assert.AreEqual(" as ",
                            ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(responseCookie.Value))); // No need for impersonation data in the cookie.

            TestUtility.AssertContains(
                string.Join(Environment.NewLine, log),
                "StopImpersonating: TestUser as TestImpersonatedUser");

            // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.

            Assert.AreEqual(
                "No impersonation, original TestUser",
                ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, responseCookie).AuthenticationInfo));
        }
Exemplo n.º 3
0
        public void StopImpersonating_EmptyUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");               // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:

            var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);

            AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
            Assert.AreEqual(" as ",
                            ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, removeResponse.Log),
                "Removing impersonation, the original user is no longer authenticated.");

            // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.

            var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);

            Assert.AreEqual(
                "No impersonation, original not recognized",
                ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
        }
Exemplo n.º 4
0
        public void StopImpersonating_DifferentUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");                // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid:

            var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie);

            AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key);
            Assert.AreEqual(" as ",
                            ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie.
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, removeResponse.Log),
                "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser).");

            // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again.

            var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie);

            Assert.AreEqual(
                "No impersonation, original CurrentUser",
                ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo));
            Assert.IsNull(authResponseAfterRemove.ResponseCookie, "There is no need to send the expired cookie again, client already has the expired one.");
        }
Exemplo n.º 5
0
        public void SetImpersonationAnonymous()
        {
            var testUser            = new FakeUserInfo(null, null, false);
            var impersonateUserName = "******";

            TestUtility.ShouldFail <UserException>(
                () => ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName),
                "You are not authorized");
        }
Exemplo n.º 6
0
        public void NoImpersonation()
        {
            var testUser = new FakeUserInfo("TestUser");

            var impersonationService = ImpersonationServiceHelper.CreateImpersonationService(testUser).ImpersonationService;

            var user = impersonationService.GetAuthenticationInfo();

            Assert.AreEqual(
                "No impersonation, original TestUser",
                ReportImpersonationStatus(user));
        }
Exemplo n.º 7
0
        public void SimpleImpersonation()
        {
            var testUser            = new FakeUserInfo("TestUser");
            var impersonateUserName = "******";
            var cookie = ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName);

            (var impersonationService, var httpContext, _) = ImpersonationServiceHelper.CreateImpersonationService(testUser);
            httpContext.RequestCookies.Add(cookie);
            var user = impersonationService.GetAuthenticationInfo();

            Assert.AreEqual(
                "TestUser as TestImpersonatedUser, original TestUser",
                ReportImpersonationStatus(user));
        }
Exemplo n.º 8
0
        public void InvalidImpersonationCookie()
        {
            var testUser      = new FakeUserInfo("TestUser");
            var invalidCookie = new FakeCookie(ImpersonationService.CookieKey, "abc", null);

            var response = ImpersonationServiceHelper.GetAuthenticationInfo(testUser, invalidCookie);

            Assert.AreEqual(
                "No impersonation, original TestUser",
                ReportImpersonationStatus(response.AuthenticationInfo));
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, response.Log),
                new[] {
                "Error decrypting 'rhetos_impersonation' cookie value.",
                "CryptographicException: An error occurred during a cryptographic operation."
            });
            AssertIsBefore(response.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, response.ResponseCookie.Key);
        }
Exemplo n.º 9
0
        public void AuthenticationContextChanged_EmptyUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");               // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Authentication process should invalidate the impersonation, because the user in no longer authenticated.

            var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie);

            Assert.AreEqual(
                "No impersonation, original not recognized",
                ReportImpersonationStatus(authResponse.AuthenticationInfo));
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, authResponse.Log),
                "Removing impersonation, the original user is no longer authenticated.");
            AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key);
        }
Exemplo n.º 10
0
        public void AuthenticationContextChanged_NullUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");                    // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo(null, null, false); // For example, if the user logged out.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Authentication process should invalidate the impersonation, because the user in no longer authenticated.

            var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie);

            Assert.AreEqual(
                "No impersonation, original not recognized", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation.
                ReportImpersonationStatus(authResponse.AuthenticationInfo));
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, authResponse.Log),
                "Removing impersonation, the original user is no longer authenticated.");
            AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key);
        }
Exemplo n.º 11
0
        public void AuthenticationContextChanged_DifferentUser()
        {
            var initialUser = new FakeUserInfo("InitialUser");                // User than started the impersonation.
            var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid.
            var impersonateUserName        = "******";
            var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName);

            // Authentication process should invalidate the impersonation, because the user context has changed.

            var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie);

            Assert.AreEqual(
                "No impersonation, original CurrentUser", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation.
                ReportImpersonationStatus(authResponse.AuthenticationInfo));
            TestUtility.AssertContains(
                string.Join(Environment.NewLine, authResponse.Log),
                "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser).");
            AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1));
            Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key);
        }