public void Should_not_set_username_in_context_with_broken_encryption_data() { var fakePipelines = new FakeApplicationPipelines(); var fakeMapper = A.Fake <IUsernameMapper>(); A.CallTo(() => fakeMapper.GetUsernameFromIdentifier(this.userGuid)).Returns("Bob"); this.config.UsernameMapper = fakeMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithBrokenEncryptedData); var result = fakePipelines.BeforeRequest.Invoke(this.context); context.Items.ContainsKey(Security.SecurityConventions.AuthenticatedUsernameKey).ShouldBeFalse(); }
public void Should_set_username_in_context_with_valid_cookie() { var fakePipelines = new FakeApplicationPipelines(); var fakeMapper = A.Fake <IUsernameMapper>(); A.CallTo(() => fakeMapper.GetUsernameFromIdentifier(this.userGuid)).Returns("Bob"); this.config.UsernameMapper = fakeMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue); var result = fakePipelines.BeforeRequest.Invoke(this.context); context.Items[Security.SecurityConventions.AuthenticatedUsernameKey].ShouldEqual("Bob"); }
public void Should_get_username_from_mapping_service_with_valid_cookie() { var fakePipelines = new FakeApplicationPipelines(); var mockMapper = A.Fake <IUsernameMapper>(); this.config.UsernameMapper = mockMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue); fakePipelines.BeforeRequest.Invoke(this.context); A.CallTo(() => mockMapper.GetUsernameFromIdentifier(this.userGuid)) .MustHaveHappened(Repeated.Exactly.Once); }
public void Should_not_set_username_in_context_with_broken_encryption_data() { var fakePipelines = new FakeApplicationPipelines(); var fakeMapper = A.Fake <IUserMapper>(); var fakeUser = A.Fake <IUserIdentity>(); fakeUser.UserName = "******"; A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid)).Returns(fakeUser); this.config.UserMapper = fakeMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithBrokenEncryptedData); var result = fakePipelines.BeforeRequest.Invoke(this.context); context.CurrentUser.ShouldBeNull(); }
public void Should_set_user_in_context_with_valid_cookie() { var fakePipelines = new FakeApplicationPipelines(); var fakeMapper = A.Fake <IUserMapper>(); var fakeUser = A.Fake <IUserIdentity>(); fakeUser.UserName = "******"; A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid)).Returns(fakeUser); this.config.UserMapper = fakeMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue); var result = fakePipelines.BeforeRequest.Invoke(this.context); context.CurrentUser.ShouldBeSameAs(fakeUser); }
public void Should_retain_querystring_when_redirecting_to_login_page() { // Given var fakePipelines = new FakeApplicationPipelines(); FormsAuthentication.Enable(fakePipelines, this.config); var queryContext = new NancyContext() { Request = new FakeRequest("GET", "/secure", "?foo=bar"), Response = HttpStatusCode.Unauthorized }; // When fakePipelines.AfterRequest.Invoke(queryContext); // Then queryContext.Response.Headers["Location"].ShouldEqual("/login?returnUrl=/secure%3ffoo%3dbar"); }
public void Should_set_user_in_context_with_valid_username_in_auth_header() { // Given var fakePipelines = new FakeApplicationPipelines(); var validator = A.Fake <IUserValidator>(); var fakeUser = A.Fake <IUserIdentity>(); A.CallTo(() => validator.Validate("foo", "bar")).Returns(fakeUser); var cfg = new BasicAuthenticationConfiguration(validator, "realm"); var context = CreateContextWithHeader( "Authorization", new [] { "Basic" + " " + EncodeCredentials("foo", "bar") }); BasicAuthentication.Enable(fakePipelines, cfg); // When fakePipelines.BeforeRequest.Invoke(context); // Then context.CurrentUser.ShouldBeSameAs(fakeUser); }
public void Should_set_username_in_context_with_valid_cookie() { var fakePipelines = new FakeApplicationPipelines(); var fakeMapper = A.Fake<IUsernameMapper>(); A.CallTo(() => fakeMapper.GetUsernameFromIdentifier(this.userGuid)).Returns("Bob"); this.config.UsernameMapper = fakeMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue); var result = fakePipelines.BeforeRequest.Invoke(this.context); context.Items[Security.SecurityConventions.AuthenticatedUsernameKey].ShouldEqual("Bob"); }
public void Should_not_set_username_in_context_with_no_hmac() { var fakePipelines = new FakeApplicationPipelines(); var fakeMapper = A.Fake<IUsernameMapper>(); A.CallTo(() => fakeMapper.GetUsernameFromIdentifier(this.userGuid)).Returns("Bob"); this.config.UsernameMapper = fakeMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithNoHmac); var result = fakePipelines.BeforeRequest.Invoke(this.context); context.Items.ContainsKey(Security.SecurityConventions.AuthenticatedUsernameKey).ShouldBeFalse(); }
public void Should_get_username_from_mapping_service_with_valid_cookie() { var fakePipelines = new FakeApplicationPipelines(); var mockMapper = A.Fake<IUsernameMapper>(); this.config.UsernameMapper = mockMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue); fakePipelines.BeforeRequest.Invoke(this.context); A.CallTo(() => mockMapper.GetUsernameFromIdentifier(this.userGuid)) .MustHaveHappened(Repeated.Exactly.Once); }
public void Should_set_username_in_context_with_valid_username_in_auth_header() { // Given var fakePipelines = new FakeApplicationPipelines(); var validator = A.Fake<IUserValidator>(); A.CallTo(() => validator.Validate("foo", "bar")).Returns(true); var cfg = new BasicAuthenticationConfiguration(validator, "realm"); var context = CreateContextWithHeader( "Authorization", new [] { "Basic" + " " + EncodeCredentials("foo", "bar") }); BasicAuthentication.Enable(fakePipelines, cfg); // When fakePipelines.BeforeRequest.Invoke(context); // Then context.Items[SecurityConventions.AuthenticatedUsernameKey].ShouldEqual("foo"); }
public void Should_set_user_in_context_with_valid_cookie() { var fakePipelines = new FakeApplicationPipelines(); var fakeMapper = A.Fake<IUserMapper>(); var fakeUser = A.Fake<IUserIdentity>(); fakeUser.UserName = "******"; A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid)).Returns(fakeUser); this.config.UserMapper = fakeMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue); var result = fakePipelines.BeforeRequest.Invoke(this.context); context.CurrentUser.ShouldBeSameAs(fakeUser); }
public void Should_not_set_username_in_context_with_broken_encryption_data() { var fakePipelines = new FakeApplicationPipelines(); var fakeMapper = A.Fake<IUserMapper>(); var fakeUser = A.Fake<IUserIdentity>(); fakeUser.UserName = "******"; A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid)).Returns(fakeUser); this.config.UserMapper = fakeMapper; FormsAuthentication.Enable(fakePipelines, this.config); this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithBrokenEncryptedData); var result = fakePipelines.BeforeRequest.Invoke(this.context); context.CurrentUser.ShouldBeNull(); }