示例#1
0
        public void Should_not_expire_token_when_key_expiration_has_lapsed_but_token_expiration_has_not()
        {
            var tokenizer = CreateTokenizer(cfg =>
            {
                cfg.TokenExpiration(() => TimeSpan.FromMilliseconds(50));
                cfg.KeyExpiration(() => TimeSpan.FromMilliseconds(100));
            });

            var identity = new FakeUserIdentity
            {
                UserName = "******",
                Claims   = new[] { "claim1", "claim2" }
            };

            tokenizer.Tokenize(identity, context); // prime the pump to generate a key

            Thread.Sleep(75);                      // key is 75% to its expiration

            var token = tokenizer.Tokenize(identity, context);

            Thread.Sleep(25); // key is now expired but should not be purged until token expiration lapses

            var detokenizedIdentity = tokenizer.Detokenize(token, context);

            detokenizedIdentity.ShouldNotBeNull();
        }
示例#2
0
        public void Should_store_keys_when_a_key_is_purged()
        {
            var keyCache = A.Fake <ITokenKeyStore>();

            var tokenizer = CreateTokenizer(cfg =>
            {
                cfg.TokenExpiration(() => TimeSpan.FromMilliseconds(1));
                cfg.KeyExpiration(() => TimeSpan.FromMilliseconds(2));
                cfg.WithKeyCache(keyCache);
            });

            var identity = new FakeUserIdentity
            {
                UserName = "******",
                Claims   = new[] { "claim1", "claim2" }
            };

            tokenizer.Tokenize(identity, context);

            Thread.Sleep(5);

            tokenizer.Tokenize(identity, context);

            A.CallTo(() => keyCache.Store(A <IDictionary <DateTime, byte[]> > .Ignored)).MustHaveHappened(Repeated.AtLeast.Once);
        }
示例#3
0
        public void Should_fail_to_detokenize_when_additional_items_do_not_match()
        {
            var tokenizer = CreateTokenizer();

            var identity = new FakeUserIdentity
            {
                UserName = "******",
                Claims   = new[] { "claim1", "claim2" }
            };

            var token = tokenizer.Tokenize(identity, context);

            var badRequest = new FakeRequest("GET", "/",
                                             new Dictionary <string, IEnumerable <string> >
            {
                { "User-Agent", new[] { "uh oh! no matchey!" } }
            });
            var badContext = new NancyContext
            {
                Request = badRequest
            };

            var detokenizedIdentity = tokenizer.Detokenize(token, badContext);

            detokenizedIdentity.ShouldBeNull();
        }
        private static IUserIdentity GetFakeUser(string userName, IEnumerable <string> claims = null)
        {
            var ret = new FakeUserIdentity();

            ret.UserName = userName;
            ret.Claims   = claims;

            return(ret);
        }
示例#5
0
        public void Should_be_able_to_create_token_from_user_identity()
        {
            var tokenizer = CreateTokenizer();

            var identity = new FakeUserIdentity
            {
                UserName = "******",
                Claims   = new[] { "claim1", "claim2" }
            };

            var token = tokenizer.Tokenize(identity, context);

            token.ShouldNotBeNull();
        }
示例#6
0
        public void Should_store_keys_when_the_first_token_is_tokenized()
        {
            var keyCache = A.Fake <ITokenKeyStore>();

            var tokenizer = CreateTokenizer(cfg => cfg.WithKeyCache(keyCache));

            var identity = new FakeUserIdentity
            {
                UserName = "******",
                Claims   = new[] { "claim1", "claim2" }
            };

            tokenizer.Tokenize(identity, this.context);

            A.CallTo(() => keyCache.Store(A <IDictionary <DateTime, byte[]> > .Ignored)).MustHaveHappened(Repeated.Exactly.Once);
        }
        public void Should_not_set_username_in_context_with_broken_encryption_data()
        {
            var fakePipelines = new Pipelines();
            var fakeMapper    = A.Fake <IUserMapper>();
            var fakeUser      = new FakeUserIdentity {
                UserName = "******"
            };

            A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid, this.context)).Returns(fakeUser);
            this.config.UserMapper = fakeMapper;
            FormsAuthentication.Enable(fakePipelines, this.config);
            this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithBrokenEncryptedData);

            var result = fakePipelines.BeforeRequest.Invoke(this.context, new CancellationToken());

            context.CurrentUser.ShouldBeNull();
        }
        public void Should_set_user_in_context_with_valid_cookie()
        {
            var fakePipelines = new Pipelines();
            var fakeMapper    = A.Fake <IUserMapper>();
            var fakeUser      = new FakeUserIdentity {
                UserName = "******"
            };

            A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid, this.context)).Returns(fakeUser);
            this.config.UserMapper = fakeMapper;
            FormsAuthentication.Enable(fakePipelines, this.config);
            this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.validCookieValue);

            var result = fakePipelines.BeforeRequest.Invoke(this.context, new CancellationToken());

            context.CurrentUser.ShouldBeSameAs(fakeUser);
        }
        public void Should_not_set_user_in_context_with_no_hmac()
        {
            var fakePipelines = new Pipelines();
            var fakeMapper    = A.Fake <IUserMapper>();
            var fakeUser      = new FakeUserIdentity {
                UserName = "******"
            };

            A.CallTo(() => fakeMapper.GetUserFromIdentifier(this.userGuid, this.context)).Returns(fakeUser);
            this.config.UserMapper = fakeMapper;
            FormsAuthentication.Enable(fakePipelines, this.config);
            this.context.Request.Cookies.Add(FormsAuthentication.FormsAuthenticationCookieName, this.cookieWithNoHmac);

            var result = fakePipelines.BeforeRequest.Invoke(this.context);

            context.CurrentUser.ShouldBeNull();
        }
示例#10
0
        public void Should_expire_token_when_expiration_has_lapsed()
        {
            var tokenizer = CreateTokenizer(cfg => cfg.TokenExpiration(() => TimeSpan.FromMilliseconds(10)));

            var identity = new FakeUserIdentity
            {
                UserName = "******",
                Claims   = new[] { "claim1", "claim2" }
            };

            var token = tokenizer.Tokenize(identity, context);

            Thread.Sleep(20);

            var detokenizedIdentity = tokenizer.Detokenize(token, context);

            detokenizedIdentity.ShouldBeNull();
        }
示例#11
0
        public void Should_be_able_to_extract_user_identity_from_token()
        {
            var tokenizer = CreateTokenizer();

            var identity = new FakeUserIdentity
            {
                UserName = "******",
                Claims   = new[] { "claim1", "claim2" }
            };

            var token = tokenizer.Tokenize(identity, context);

            var detokenizedIdentity = tokenizer.Detokenize(token, context);

            detokenizedIdentity.ShouldNotBeNull();

            detokenizedIdentity.UserName.ShouldEqual("joe");

            detokenizedIdentity.Claims.ShouldEqualSequence(new[] { "claim1", "claim2" });
        }
示例#12
0
        public void Should_generate_new_token_after_previous_key_has_expired()
        {
            var tokenizer = CreateTokenizer(cfg =>
            {
                cfg.TokenExpiration(() => TimeSpan.FromMilliseconds(50));
                cfg.KeyExpiration(() => TimeSpan.FromMilliseconds(100));
                cfg.TokenStamp(() => new DateTime(2014, 1, 1));
            });

            var identity = new FakeUserIdentity
            {
                UserName = "******",
                Claims   = new[] { "claim1", "claim2" }
            };

            var token = tokenizer.Tokenize(identity, context); // prime the pump to generate a key

            Thread.Sleep(120);                                 // expire the key

            var secondToken = tokenizer.Tokenize(identity, context);

            token.ShouldNotEqual(secondToken);
        }
示例#13
0
        public void Should_not_be_able_to_extract_user_identity_from_modified_token()
        {
            var tokenizer = CreateTokenizer();

            var identity = new FakeUserIdentity
            {
                UserName = "******",
                Claims   = new[] { "claim1", "claim2" }
            };

            var token = tokenizer.Tokenize(identity, context);
            var parts = token.Split(new[] { ":" }, StringSplitOptions.RemoveEmptyEntries);
            var bytes = Convert.FromBase64String(parts[0]);

            var tweak = new List <byte>(bytes);

            tweak.Add(Encoding.UTF8.GetBytes("X")[0]);

            var badToken = Convert.ToBase64String(tweak.ToArray()) + ":" + parts[1];

            var detokenizedIdentity = tokenizer.Detokenize(badToken, context);

            detokenizedIdentity.ShouldBeNull();
        }