public void Should_be_able_to_load_an_object_previously_saved_to_session()
{
var response = new Response();
var session = new Session(new Dictionary<string, object>());
var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string");
var store = new CookieBasedSessions(new DefaultEncryptionProvider(), "the passphrase", "the salt", new DefaultSessionObjectFormatter());
session["testObject"] = payload;
store.Save(session, response);
var request = new Request("GET", "/", "http");
request.Cookies.Add(Helpers.HttpUtility.UrlEncode(response.Cookies.First().Name), Helpers.HttpUtility.UrlEncode(response.Cookies.First().Value));
var result = store.Load(request);
result["testObject"].ShouldEqual(payload);
}
public void Should_load_valid_test_data()
{
var inputValue = ValidHmac + ValidData;
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(this.aesEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
var request = new Request("GET", "/", "http");
request.Cookies.Add(store.CookieName, inputValue);
var result = store.Load(request);
result.Count.ShouldEqual(1);
result.First().Value.ShouldBeOfType(typeof(DefaultSessionObjectFormatterFixture.Payload));
}
public void Should_return_blank_session_if_encrypted_data_are_invalid_but_contain_semicolon_when_decrypted()
{
var bogusEncrypted = this.aesEncryptionProvider.Encrypt("foo;bar");
var inputValue = ValidHmac + bogusEncrypted;
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(this.aesEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
var request = new Request("GET", "/", "http");
request.Cookies.Add(store.CookieName, inputValue);
var result = store.Load(request);
result.Count.ShouldEqual(0);
}
protected override void InitialiseInternal(TinyIoC.TinyIoCContainer container)
{
base.InitialiseInternal(container);
CookieBasedSessions.Enable(this, "MyPassPhrase", "MySaltIsReallyGood", "MyHmacPassphrase");
this.AfterRequest += (ctx) =>
{
var username = ctx.Request.Query.pirate;
if (username.HasValue)
{
ctx.Response = new HereBeAResponseYouScurvyDog(ctx.Response);
}
};
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
// Enable cookie sessions
CookieBasedSessions.Enable(pipelines);
// Enable authentication
StatelessAuthentication.Enable(pipelines, new StatelessAuthenticationConfiguration(ctx =>
{
// Take API from query string
var apiKey = (string)ctx.Request.Query.apiKey.Value;
// get user identity
return(ApiClientAuthenticationService.ResolveClientIdentity(apiKey));
}));
}
public void Should_load_an_empty_session_if_session_cookie_is_invalid()
{
//given
var inputValue = ValidHmac.Substring(0, 5); //invalid Hmac
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(this.aesEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
var request = new Request("GET", "/", "http");
request.Cookies.Add(store.CookieName, inputValue);
//when
var result = store.Load(request);
//then
result.Count.ShouldEqual(0);
}
public void Should_be_able_to_load_an_object_previously_saved_to_session()
{
var response = new Response();
var session = new Session(new Dictionary <string, object>());
var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string");
var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
session["testObject"] = payload;
store.Save(session, response);
var request = new Request("GET", "/", "http");
request.Cookies.Add(Helpers.HttpUtility.UrlEncode(response.Cookies.First().Name), Helpers.HttpUtility.UrlEncode(response.Cookies.First().Value));
var result = store.Load(request);
result["testObject"].ShouldEqual(payload);
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
// Connect to database
ServerContext.ConnectDatabase();
// TODO (Disabled): Load plugins
// Enable cookie sessions
CookieBasedSessions.Enable(pipelines);
// Enable authentication
StatelessAuthentication.Enable(pipelines, new StatelessAuthenticationConfiguration(ctx =>
{
// Take API from query string
var apiKey = (string)ctx.Request.Query.apikey.Value;
// get user identity
var authenticator = new StatelessAuthenticationService <NAAccessKey, NAApiAccessScope>(ServerContext);
return(authenticator.ResolveClientIdentity(apiKey));
}));
// Enable CORS
pipelines.AfterRequest.AddItemToEndOfPipeline((ctx) =>
{
foreach (var origin in ServerContext.Parameters.CorsOrigins)
{
ctx.Response.WithHeader("Access-Control-Allow-Origin", origin);
}
ctx.Response
.WithHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE")
.WithHeader("Access-Control-Allow-Headers", "Accept, Origin, Content-type");
});
// Initialize object data mapper
Mapper.Initialize(cfg =>
{
// Create maps
cfg.CreateMap <LogRequest, HitRequest>();
cfg.CreateMap <HitRequest, FetchScriptRequest>();
cfg.CreateMap <LogRequest, RedirectRequest>();
cfg.CreateMap <LogRequest, TagRequest>();
});
}
public void Should_be_able_to_save_a_complex_object_to_session()
{
var response = new Response();
var session = new Session(new Dictionary <string, object>());
var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string");
var store = new CookieBasedSessions(new DefaultEncryptionProvider(), new DefaultHmacProvider(), "the passphrase", "the salt", "hmac passphrase", new DefaultSessionObjectFormatter());
session["testObject"] = payload;
store.Save(session, response);
response.Cookies.Count.ShouldEqual(1);
var cookie = response.Cookies.First();
cookie.Name.ShouldEqual(Nancy.Session.CookieBasedSessions.GetCookieName());
cookie.Value.ShouldNotBeNull();
cookie.Value.ShouldNotBeEmpty();
}
public void Should_be_able_to_save_a_complex_object_to_session()
{
var response = new Response();
var session = new Session(new Dictionary <string, object>());
var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string");
var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
session["testObject"] = payload;
store.Save(session, response);
response.Cookies.Count.ShouldEqual(1);
var cookie = response.Cookies.First();
cookie.Name.ShouldEqual(store.CookieName);
cookie.Value.ShouldNotBeNull();
cookie.Value.ShouldNotBeEmpty();
}
private Request CreateRequest(string sessionValue, bool load = true)
{
var headers = new Dictionary <string, IEnumerable <string> >(1);
if (!string.IsNullOrEmpty(sessionValue))
{
headers.Add("cookie", new[] { CookieBasedSessions.GetCookieName() + "=" + HttpUtility.UrlEncode(sessionValue) });
}
var request = new Request("GET", "http://goku.power:9001/", headers, CreateRequestStream(), "http");
if (load)
{
cookieStore.Load(request);
}
return(request);
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
// Connect to database
ServerContext.ConnectDatabase();
// TODO (Disabled): Load plugins
// Enable cookie sessions
CookieBasedSessions.Enable(pipelines);
// Enable authentication
StatelessAuthentication.Enable(pipelines, new StatelessAuthenticationConfiguration(ctx =>
{
// Take API from query string
var apiKey = (string)ctx.Request.Query.apikey.Value;
// get user identity
var authenticator = new StatelessAuthenticationService <HUAccessKey, HUApiAccessScope>(ServerContext);
var identity = authenticator.ResolveClientIdentity(apiKey);
if (identity == null)
{
// Use user identity
var userAuthValidator = new UserApiLoginValidator(ServerContext);
identity = userAuthValidator.ResolveClientIdentity(apiKey);
}
return(identity);
}));
// Enable CORS
pipelines.AfterRequest.AddItemToEndOfPipeline((ctx) =>
{
foreach (var origin in ServerContext.Parameters.CorsOrigins)
{
ctx.Response.WithHeader("Access-Control-Allow-Origin", origin);
}
ctx.Response
.WithHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE")
.WithHeader("Access-Control-Allow-Headers", "Accept, Origin, Content-type");
});
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
Csrf.Enable(pipelines);
this.Conventions.StaticContentsConventions.Add(StaticContentConventionBuilder.AddDirectory("moo", "Content"));
CookieBasedSessions.Enable(pipelines);
pipelines.AfterRequest += (ctx) =>
{
var username = ctx.Request.Query.pirate;
if (username.HasValue)
{
ctx.Response = new HereBeAResponseYouScurvyDog(ctx.Response);
}
};
}
protected override void ApplicationStartup(Nancy.TinyIoc.TinyIoCContainer container, Nancy.Bootstrapper.IPipelines pipelines)
{
//跨域
pipelines.AfterRequest.AddItemToEndOfPipeline((ctx) =>
{
ctx.Response.WithHeader("Access-Control-Allow-Origin", "*")
.WithHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS")
.WithHeader("Access-Control-Allow-Headers", "Accept, Origin, Content-type");
});
//全局错误日志
//pipelines.OnError += (ctx, ex) =>
//{
// Console.WriteLine(ex.Message);
// return new Response();
//};
CookieBasedSessions.Enable(pipelines);
base.ApplicationStartup(container, pipelines);
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
SwaggerMetadataProvider.SetInfo("IDP Job APIs", "v0.1", "Our job service", new Contact()
{
EmailAddress = "*****@*****.**"
});
pipelines.AfterRequest.AddItemToEndOfPipeline(x => x.Response.Headers.Add("Access-Control-Allow-Origin", "*"));
CookieBasedSessions.Enable(pipelines);
pipelines.EnableBasicAuthentication(new BasicAuthenticationConfiguration(
container.Resolve <IUserValidator>(),
"IDPJobManager"));
ResourceViewLocationProvider.RootNamespaces.Add(Assembly.GetExecutingAssembly(), "IDPJobManager.Web.Views");
ResourceViewLocationProvider.Ignore.Add(typeof(Nancy.ViewEngines.Razor.RazorViewEngine).Assembly);
}
protected override void InitialiseInternal(TinyIoC.TinyIoCContainer container)
{
base.InitialiseInternal(container);
StaticConfiguration.DisableErrorTraces = false;
this.Conventions.StaticContentsConventions.Add(StaticContentConventionBuilder.AddDirectory("moo", "Content"));
CookieBasedSessions.Enable(this);
this.AfterRequest += (ctx) =>
{
var username = ctx.Request.Query.pirate;
if (username.HasValue)
{
ctx.Response = new HereBeAResponseYouScurvyDog(ctx.Response);
}
};
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
PerformanceData.Run();
var host = TinyIoCContainer.Current.Resolve <IHost>();
pipelines.EnableBasicAuthentication(new BasicAuthenticationConfiguration(container.Resolve <IUserValidator>(), "Servant"));
CookieBasedSessions.Enable(pipelines);
var sw = new Stopwatch();
pipelines.BeforeRequest.InsertBefore("DebuggingStart", nancyContext =>
{
sw.Reset();
sw.Start();
return(nancyContext.Response);
});
// Irriterede mig at den ikke returnerede UTF8
pipelines.AfterRequest.InsertAfter("EncodingFix", nancyContext =>
{
if (nancyContext.Response.ContentType == "text/html")
{
nancyContext.Response.ContentType = "text/html; charset=utf8";
}
});
pipelines.AfterRequest.InsertAfter("DebuggingEnd", ctx =>
{
sw.Stop();
if (host.Debug)
{
Console.ForegroundColor = ConsoleColor.DarkGray;
Console.WriteLine(DateTime.Now.ToLongTimeString() + ": " + ctx.Request.Method + " " + ctx.Request.Url + "(" + sw.ElapsedMilliseconds + "ms)");
Console.ResetColor();
}
});
base.ApplicationStartup(container, pipelines);
}
protected override void ApplicationStartup(Nancy.TinyIoc.TinyIoCContainer container, Nancy.Bootstrapper.IPipelines pipelines)
{
// Cache the settings from the config file in memory
SettingsRequest.RetrieveSettings();
// Cache the brandings from the config file in memory
BrandingsRequest.RetrieveBrandings();
// Enable cookie based sessions
CookieBasedSessions.Enable(pipelines);
base.ApplicationStartup(container, pipelines);
var authenticationConfiguration =
new FormsAuthenticationConfiguration
{
RedirectUrl = "~/login",
UserMapper = container.Resolve <IUserMapper>(),
};
FormsAuthentication.Enable(pipelines, authenticationConfiguration);
}
public void Should_save_the_session_cookie()
{
var response = new Response();
var session = new Session(new Dictionary <string, object>
{
{ "key1", "val1" },
});
session["key2"] = "val2";
A.CallTo(() => this.fakeEncryptionProvider.Encrypt("key1=val1;key2=val2;")).Returns("encrypted=key1=val1;key2=val2;");
cookieStore.Save(session, response);
response.Cookies.Count.ShouldEqual(1);
var cookie = response.Cookies.First();
cookie.Name.ShouldEqual(CookieBasedSessions.GetCookieName());
cookie.Value.ShouldEqual("encrypted=key1=val1;key2=val2;");
cookie.Expires.ShouldBeNull();
cookie.Path.ShouldBeNull();
cookie.Domain.ShouldBeNull();
}
/// <summary>
/// Add Form Authentication to Bootstrap
/// </summary>
/// <param name="container"></param>
/// <param name="pipelines"></param>
protected override void ApplicationStartup(Nancy.TinyIoc.TinyIoCContainer container, Nancy.Bootstrapper.IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
// Enable Cookie Based Session
CookieBasedSessions.Enable(pipelines);
// Set Cryptography Configuration
var cryptographyConfiguration = new CryptographyConfiguration(
new RijndaelEncryptionProvider(new PassphraseKeyGenerator(DOLNancyWebInit.WEB_SERVER_COOKIE_CRYPT_SECRET, new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 })),
new DefaultHmacProvider(new PassphraseKeyGenerator(DOLNancyWebInit.WEB_SERVER_COOKIE_CRYPT_HASH_SECRET, new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 })));
// Set Form Authentication Configuration
var formsAuthConfiguration = new FormsAuthenticationConfiguration
{
CryptographyConfiguration = cryptographyConfiguration,
RedirectUrl = "~/login",
UserMapper = container.Resolve <IUserMapper>(),
};
FormsAuthentication.Enable(pipelines, formsAuthConfiguration);
}
public void Should_set_formatter_when_using_formatter_selector()
{
var beforePipeline = new BeforePipeline();
var afterPipeline = new AfterPipeline();
var hooks = A.Fake <IPipelines>();
A.CallTo(() => hooks.BeforeRequest).Returns(beforePipeline);
A.CallTo(() => hooks.AfterRequest).Returns(afterPipeline);
var fakeFormatter = A.Fake <IObjectSerializer>();
A.CallTo(() => this.fakeEncryptionProvider.Decrypt("encryptedkey1=value1")).Returns("key1=value1;");
CookieBasedSessions.Enable(hooks, new CryptographyConfiguration(this.fakeEncryptionProvider, this.fakeHmacProvider)).WithSerializer(fakeFormatter);
var request = CreateRequest("encryptedkey1=value1");
var nancyContext = new NancyContext()
{
Request = request
};
beforePipeline.Invoke(nancyContext, new CancellationToken());
A.CallTo(() => fakeFormatter.Deserialize(A <string> .Ignored)).MustHaveHappened(Repeated.Exactly.Once);
}
public void Should_set_formatter_when_using_formatter_selector()
{
var beforePipeline = new BeforePipeline();
var afterPipeline = new AfterPipeline();
var hooks = A.Fake <IApplicationPipelines>();
A.CallTo(() => hooks.BeforeRequest).Returns(beforePipeline);
A.CallTo(() => hooks.AfterRequest).Returns(afterPipeline);
var fakeFormatter = A.Fake <ISessionObjectFormatter>();
A.CallTo(() => this.encryptionProvider.Decrypt("encryptedkey1=value1", A <string> .Ignored, A <byte[]> .Ignored)).Returns("key1=value1;");
CookieBasedSessions.Enable(hooks, encryptionProvider, hmacProvider, "this passphrase", "this is a salt", "hmac passphrase").WithFormatter(fakeFormatter);
var request = CreateRequest("encryptedkey1=value1");
var nancyContext = new NancyContext()
{
Request = request
};
beforePipeline.Invoke(nancyContext);
A.CallTo(() => fakeFormatter.Deserialize(A <string> .Ignored)).MustHaveHappened(Repeated.Exactly.Once);
}
public void Should_use_CookieName_when_config_provides_cookiename_value()
{
//Given
var cryptoConfig = new CryptographyConfiguration(this.fakeEncryptionProvider, this.fakeHmacProvider);
var storeConfig = new CookieBasedSessionsConfiguration(cryptoConfig)
{
CookieName = "NamedCookie",
Serializer = this.fakeObjectSerializer
};
var store = new CookieBasedSessions(storeConfig);
//When
var response = new Response();
var session = new Session(new Dictionary <string, object>
{
{ "key1", "val1" },
});
session["key2"] = "val2";
store.Save(session, response);
//Then
response.Cookies.ShouldHave(c => c.Name == storeConfig.CookieName);
}
public void Should_only_not_add_response_cookie_if_it_has_not_changed()
{
var beforePipeline = new BeforePipeline();
var afterPipeline = new AfterPipeline();
var hooks = A.Fake <IPipelines>();
A.CallTo(() => hooks.BeforeRequest).Returns(beforePipeline);
A.CallTo(() => hooks.AfterRequest).Returns(afterPipeline);
CookieBasedSessions.Enable(hooks, new CryptographyConfiguration(this.fakeEncryptionProvider, this.fakeHmacProvider)).WithSerializer(this.fakeObjectSerializer);
var request = CreateRequest("encryptedkey1=value1");
A.CallTo(() => this.fakeEncryptionProvider.Decrypt("encryptedkey1=value1")).Returns("key1=value1;");
var response = A.Fake <Response>();
var nancyContext = new NancyContext()
{
Request = request, Response = response
};
beforePipeline.Invoke(nancyContext, new CancellationToken());
afterPipeline.Invoke(nancyContext, new CancellationToken());
response.Cookies.Count.ShouldEqual(0);
}
public void Should_only_not_add_response_cookie_if_it_has_not_changed()
{
var beforePipeline = new BeforePipeline();
var afterPipeline = new AfterPipeline();
var hooks = A.Fake <IApplicationPipelines>();
A.CallTo(() => hooks.BeforeRequest).Returns(beforePipeline);
A.CallTo(() => hooks.AfterRequest).Returns(afterPipeline);
CookieBasedSessions.Enable(hooks, encryptionProvider, hmacProvider, "this passphrase", "this is a salt", "hmac passphrase").WithFormatter(new Fakes.FakeSessionObjectFormatter());
var request = CreateRequest("encryptedkey1=value1");
A.CallTo(() => this.encryptionProvider.Decrypt("encryptedkey1=value1", A <string> .Ignored, A <byte[]> .Ignored)).Returns("key1=value1;");
var response = A.Fake <Response>();
var nancyContext = new NancyContext()
{
Request = request, Response = response
};
beforePipeline.Invoke(nancyContext);
afterPipeline.Invoke(nancyContext);
response.Cookies.Count.ShouldEqual(0);
}
protected override void ApplicationStartup(TinyIoc.TinyIoCContainer container, Bootstrapper.IPipelines pipelines)
{
//启用session
CookieBasedSessions.Enable(pipelines);
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
CookieBasedSessions.Enable(pipelines);
}
public void Should_load_valid_test_data()
{
var inputValue = ValidHmac + ValidData;
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(new DefaultEncryptionProvider(), new DefaultHmacProvider(), ValidDataPass, ValidDataSalt, ValidDataHmacPassphrase, new DefaultSessionObjectFormatter());
var request = new Request("GET", "/", "http");
request.Cookies.Add(CookieBasedSessions.GetCookieName(), inputValue);
var result = store.Load(request);
result.Count.ShouldEqual(1);
result.First().Value.ShouldBeOfType(typeof(DefaultSessionObjectFormatterFixture.Payload));
}
public void Should_return_blank_session_if_hmac_missing()
{
var inputValue = ValidData;
inputValue = HttpUtility.UrlEncode(inputValue);
var store = new CookieBasedSessions(new DefaultEncryptionProvider(), new DefaultHmacProvider(), ValidDataPass, ValidDataSalt, ValidDataHmacPassphrase, new DefaultSessionObjectFormatter());
var request = new Request("GET", "/", "http");
request.Cookies.Add(CookieBasedSessions.GetCookieName(), inputValue);
var result = store.Load(request);
result.Count.ShouldEqual(0);
}
public void Should_be_able_to_save_a_complex_object_to_session()
{
var response = new Response();
var session = new Session(new Dictionary<string, object>());
var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string");
var store = new CookieBasedSessions(new DefaultEncryptionProvider(), "the passphrase", "the salt", new DefaultSessionObjectFormatter());
session["testObject"] = payload;
store.Save(session, response);
response.Cookies.Count.ShouldEqual(1);
var cookie = response.Cookies.First();
cookie.Name.ShouldEqual(Nancy.Session.CookieBasedSessions.GetCookieName());
cookie.Value.ShouldNotBeNull();
cookie.Value.ShouldNotBeEmpty();
}
protected override void InitialiseInternal(TinyIoC.TinyIoCContainer container)
{
base.InitialiseInternal(container);
CookieBasedSessions.Enable(this, "MyPassPhrase", "MySaltIsReallyGood", "MyHmacPassphrase");
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
//enable the cookie
CookieBasedSessions.Enable(pipelines);
//Prevent errors on Linux
}
protected override void ApplicationStartup(ILifetimeScope container, IPipelines pipelines)
{
Csrf.Enable(pipelines);
FruitOfTheDay.Enable(pipelines);
CookieBasedSessions.Enable(pipelines);
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
// Enable Session where data can be stored
CookieBasedSessions.Enable(pipelines);
}
