public async Task AutoRedirectSessionEndpoint_AutoRedirectsValidatedGetLogoutRequests_ToApplicationsWithProfiles()
{
// Arrange
var session = new Mock <IUserSession>();
session.Setup(s => s.GetUserAsync()).ReturnsAsync(new ClaimsPrincipal());
var endSessionValidator = new Mock <IEndSessionRequestValidator>();
endSessionValidator.Setup(esv => esv.ValidateAsync(It.IsAny <NameValueCollection>(), It.IsAny <ClaimsPrincipal>()))
.ReturnsAsync(new EndSessionValidationResult()
{
IsError = false,
ValidatedRequest = new ValidatedEndSessionRequest()
{
Client = ClientBuilder.IdentityServerSPA("MySPA").Build(),
PostLogOutUri = "https://www.example.com/logout",
State = "appState"
}
});
var identityServerOptions = Options.Create(new IdentityServerOptions());
identityServerOptions.Value.Authentication.CookieAuthenticationScheme = IdentityConstants.ApplicationScheme;
identityServerOptions.Value.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
identityServerOptions.Value.UserInteraction.ErrorUrl = "/Identity/Error";
var endpoint = new AutoRedirectEndSessionEndpoint(new TestLogger <AutoRedirectEndSessionEndpoint>(), endSessionValidator.Object, identityServerOptions, session.Object);
var ctx = new DefaultHttpContext();
SetupRequestServices(ctx);
ctx.Request.Method = HttpMethods.Get;
// Act
var response = await endpoint.ProcessAsync(ctx);
// Assert
Assert.NotNull(response);
var redirect = Assert.IsType <AutoRedirectEndSessionEndpoint.RedirectResult>(response);
Assert.Equal("https://www.example.com/logout?state=appState", redirect.Url);
await response.ExecuteAsync(ctx);
Assert.Equal(StatusCodes.Status302Found, ctx.Response.StatusCode);
Assert.Equal("https://www.example.com/logout?state=appState", ctx.Response.Headers.Location);
}
public async Task AutoRedirectSessionEndpoint_RedirectsToLogoutUri_WhenClientDoesntHaveAProfile()
{
// Arrange
var session = new Mock <IUserSession>();
session.Setup(s => s.GetUserAsync()).ReturnsAsync(new ClaimsPrincipal());
var endSessionValidator = new Mock <IEndSessionRequestValidator>();
endSessionValidator.Setup(esv => esv.ValidateAsync(It.IsAny <NameValueCollection>(), It.IsAny <ClaimsPrincipal>()))
.ReturnsAsync(new EndSessionValidationResult()
{
IsError = false,
ValidatedRequest = new ValidatedEndSessionRequest()
{
Client = new Client()
}
});
var identityServerOptions = Options.Create(new IdentityServerOptions());
identityServerOptions.Value.Authentication.CookieAuthenticationScheme = IdentityConstants.ApplicationScheme;
identityServerOptions.Value.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
identityServerOptions.Value.UserInteraction.ErrorUrl = "/Identity/Error";
var endpoint = new AutoRedirectEndSessionEndpoint(new TestLogger <AutoRedirectEndSessionEndpoint>(), endSessionValidator.Object, identityServerOptions, session.Object);
var ctx = new DefaultHttpContext();
SetupRequestServices(ctx);
ctx.Request.Method = HttpMethods.Post;
ctx.Request.ContentType = "application/x-www-form-urlencoded";
// Act
var response = await endpoint.ProcessAsync(ctx);
// Assert
Assert.NotNull(response);
var redirect = Assert.IsType <AutoRedirectEndSessionEndpoint.RedirectResult>(response);
Assert.Equal("/Identity/Account/Logout", redirect.Url);
await response.ExecuteAsync(ctx);
Assert.Equal(StatusCodes.Status302Found, ctx.Response.StatusCode);
Assert.Equal("/Identity/Account/Logout", ctx.Response.Headers[HeaderNames.Location]);
}
public async Task AutoRedirectSessionEndpoint_ReturnsBadRequest_WhenCannotReadTheRequestBody()
{
// Arrange
var session = new Mock <IUserSession>();
var endSessionValidator = new Mock <IEndSessionRequestValidator>();
var identityServerOptions = Options.Create(new IdentityServerOptions());
var endpoint = new AutoRedirectEndSessionEndpoint(new TestLogger <AutoRedirectEndSessionEndpoint>(), endSessionValidator.Object, identityServerOptions, session.Object);
var ctx = new DefaultHttpContext();
SetupRequestServices(ctx);
ctx.Request.Method = HttpMethods.Post;
// Act & Assert
var response = await endpoint.ProcessAsync(ctx);
// Assert
Assert.NotNull(response);
var statusCode = Assert.IsType <StatusCodeResult>(response);
Assert.Equal(StatusCodes.Status400BadRequest, statusCode.StatusCode);
}
