public void HeaderWithNameDfcSessionIsNotPrefixedWithPath() { using (var childHttpResponseMessage = new HttpResponseMessage()) { //Arrange var path = "path1"; A.CallTo(() => compositeDataProtectionDataProvider.Unprotect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString()); A.CallTo(() => compositeDataProtectionDataProvider.Protect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString()); A.CallTo(() => pathLocator.GetPath()).Returns(path); childHttpResponseMessage.Headers.Add(HeaderNames.SetCookie, new List <string>() { $"{Constants.DfcSession}=value1", "v2=value2" }); childHttpResponseMessage.Headers.Add(HeaderNames.Referer, "Referer1=Referer1Value"); //Act cookieHttpResponseMessageHandler.Process(childHttpResponseMessage); //Assert var shellResponseHeaders = httpContextAccessor.HttpContext.Response.Headers; var setCookieHeader = shellResponseHeaders[HeaderNames.SetCookie]; Assert.Equal(2, setCookieHeader.Count); Assert.StartsWith($"{Constants.DfcSession}=value1", setCookieHeader[0], StringComparison.OrdinalIgnoreCase); Assert.StartsWith($"{path}v2=value2", setCookieHeader[1], StringComparison.OrdinalIgnoreCase); } }
public void Process(HttpResponseMessage httpResponseMessage) { var headers = new Dictionary <string, int>(); foreach (var header in httpResponseMessage?.Headers.Where(x => x.Key == HeaderNames.SetCookie)) { foreach (var headerValue in header.Value) { var cookieSettings = setCookieParser.Parse(headerValue); var cookieKey = cookieSettings.Key; var prefix = headerRenamerService.Rename(cookieKey) ? pathLocator.GetPath() : string.Empty; var cookieKeyWithPrefix = string.Concat(prefix, cookieKey); var allowedHeaderCount = headerCountService.Count(cookieKey); var currentHeaderCount = GetHeaderCount(headers, cookieKey); var cookieValue = cookieSettings.Value; if (cookieSettings.Key == Constants.DfcSession) { cookieValue = compositeDataProtectionDataProvider.Protect(cookieValue); } if (currentHeaderCount < allowedHeaderCount) { RegisterHeader(headers, cookieKey); httpContextAccessor.HttpContext.Response.Cookies.Append(cookieKeyWithPrefix, cookieValue, cookieSettings.CookieOptions); AddToHttpContext(cookieKeyWithPrefix, cookieValue); } } } }
public async Task WhenShellAuthenticatedPassOnToken() { //Arrange var path1 = "path1"; var path2 = "path2"; var requestUrl = $"https://someurl.com/{path1}"; //Create fakes pathLocator = A.Fake <IPathLocator>(); httpContextAccessor = A.Fake <IHttpContextAccessor>(); compositeDataProtectionDataProvider = A.Fake <ICompositeDataProtectionDataProvider>(); //Fake calls A.CallTo(() => pathLocator.GetPath()).Returns(path1); A.CallTo(() => compositeDataProtectionDataProvider.Unprotect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString()); A.CallTo(() => compositeDataProtectionDataProvider.Protect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString()); //Set some headers on the incoming request httpContextAccessor.HttpContext = new DefaultHttpContext { User = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> { new Claim("bearer", "test") }, "mock")) }; httpContextAccessor.HttpContext.Request.Headers.Add(HeaderNames.Cookie, $"{Constants.DfcSession}=sessionId1;{path1}v1=value1;{path1}v2=value2;{path2}v3=value3;{path2}v4=value4"); httpContextAccessor.HttpContext.Session = new MockHttpSession(); //Create a get request that is used to send data to the child app var httpRequestChildMessage = new HttpRequestMessage(HttpMethod.Get, requestUrl); //Create handlers and set the inner handler handler = new CookieDelegatingHandler(httpContextAccessor, pathLocator, compositeDataProtectionDataProvider) { InnerHandler = new StatusOkDelegatingHandler(), }; //Act var invoker = new HttpMessageInvoker(handler); await invoker.SendAsync(httpRequestChildMessage, CancellationToken.None).ConfigureAwait(false); //Check that the values that are sent back are correct var headerValue = httpRequestChildMessage.Headers.Authorization; Assert.Equal("test", headerValue.Parameter); httpRequestChildMessage.Dispose(); invoker.Dispose(); }
public async Task CanCopyHeadersFromShellToChildApp() { //Arrange var path1 = "path1"; var path2 = "path2"; var requestUrl = $"https://someurl.com/{path1}"; //Create fakes pathLocator = A.Fake <IPathLocator>(); httpContextAccessor = A.Fake <IHttpContextAccessor>(); compositeDataProtectionDataProvider = A.Fake <ICompositeDataProtectionDataProvider>(); //Fake calls A.CallTo(() => pathLocator.GetPath()).Returns(path1); A.CallTo(() => compositeDataProtectionDataProvider.Unprotect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString()); A.CallTo(() => compositeDataProtectionDataProvider.Protect(A <string> .Ignored)).ReturnsLazily(x => x.Arguments.First().ToString()); //Set some headers on the incoming request httpContextAccessor.HttpContext = new DefaultHttpContext(); httpContextAccessor.HttpContext.Request.Headers.Add(HeaderNames.Cookie, $"{path1}v1=value1;{path1}v2=value2;{path2}v3=value3;{path2}v4=value4"); //Create a get request that is used to send data to the child app var httpRequestChildMessage = new HttpRequestMessage(HttpMethod.Get, requestUrl); //Create handlers and set the inner handler handler = new CookieDelegatingHandler(httpContextAccessor, pathLocator, compositeDataProtectionDataProvider) { InnerHandler = new StatusOkDelegatingHandler(), }; //Act var invoker = new HttpMessageInvoker(handler); await invoker.SendAsync(httpRequestChildMessage, CancellationToken.None).ConfigureAwait(false); //Check that the child app has the correct number of headers based on the incoming request Assert.Single(httpRequestChildMessage.Headers); //Check that the values that are sent back are correct var headerValue = httpRequestChildMessage.Headers.First().Value.ToList(); Assert.Equal("v1=value1", headerValue.First()); Assert.Equal("v2=value2", headerValue.Last()); httpRequestChildMessage.Dispose(); invoker.Dispose(); }