private void CopyCookies(HttpResponseMessage response, HttpRequestMessage request)
{
var cookies = SetCookieHeaderValue.ParseList(response.Headers.GetValues(HeaderNames.SetCookie).ToList());
foreach (var cookie in cookies)
{
if (cookie.Value.HasValue)
{
request.Headers.Add(HeaderNames.Cookie, new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
}
}
}
public async Task BadCallbackCallsRemoteAuthFailedWithState()
{
using var host = await CreateHost(o =>
{
o.ConsumerKey = "Test Consumer Key";
o.ConsumerSecret = "Test Consumer Secret";
o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = BackchannelRequestToken
};
o.Events = new TwitterEvents()
{
OnRemoteFailure = context =>
{
Assert.NotNull(context.Failure);
Assert.Equal("Access was denied by the resource owner or by the remote server.", context.Failure.Message);
Assert.NotNull(context.Properties);
Assert.Equal("testvalue", context.Properties.Items["testkey"]);
context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
context.HandleResponse();
return(Task.CompletedTask);
}
};
},
async context =>
{
var properties = new AuthenticationProperties();
properties.Items["testkey"] = "testvalue";
await context.ChallengeAsync("Twitter", properties);
return(true);
});
using var server = host.GetTestServer();
var transaction = await server.SendAsync("http://example.com/challenge");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
var location = transaction.Response.Headers.Location.AbsoluteUri;
Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
Assert.Single(setCookieValues);
var setCookieValue = setCookieValues.Single();
var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");
request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
var client = server.CreateClient();
var response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.NotAcceptable, response.StatusCode);
}
public async Task CookiePolicyAppliesToCookieAuthChunks()
{
var builder = new WebHostBuilder()
.ConfigureServices(services =>
{
services.AddAuthentication().AddCookie(o =>
{
o.Cookie.Name = "TestCookie";
o.Cookie.HttpOnly = false;
o.Cookie.SecurePolicy = CookieSecurePolicy.None;
});
})
.Configure(app =>
{
app.UseCookiePolicy(new CookiePolicyOptions
{
HttpOnly = HttpOnlyPolicy.Always,
Secure = CookieSecurePolicy.Always,
});
app.UseAuthentication();
app.Run(context =>
{
return(context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity(new string('c', 1024 * 5), "Cookies")))));
});
});
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com/login");
Assert.NotNull(transaction.SetCookie);
Assert.Equal(3, transaction.SetCookie.Count);
var cookie = SetCookieHeaderValue.Parse(transaction.SetCookie[0]);
Assert.Equal("TestCookie", cookie.Name);
Assert.Equal("chunks-2", cookie.Value);
Assert.True(cookie.HttpOnly);
Assert.True(cookie.Secure);
Assert.Equal("/", cookie.Path);
cookie = SetCookieHeaderValue.Parse(transaction.SetCookie[1]);
Assert.Equal("TestCookieC1", cookie.Name);
Assert.True(cookie.HttpOnly);
Assert.True(cookie.Secure);
Assert.Equal("/", cookie.Path);
cookie = SetCookieHeaderValue.Parse(transaction.SetCookie[2]);
Assert.Equal("TestCookieC2", cookie.Name);
Assert.True(cookie.HttpOnly);
Assert.True(cookie.Secure);
Assert.Equal("/", cookie.Path);
}
/// <inheritdoc />
public void Append(string key, string value)
{
var setCookieHeaderValue = new SetCookieHeaderValue(
_enableCookieNameEncoding ? Uri.EscapeDataString(key) : key,
Uri.EscapeDataString(value))
{
Path = "/"
};
var cookieValue = setCookieHeaderValue.ToString();
Headers[HeaderNames.SetCookie] = StringValues.Concat(Headers[HeaderNames.SetCookie], cookieValue);
}
public async Task ExpiredSession_LogsWarning()
{
var sink = new TestSink();
var loggerFactory = new TestLoggerFactory(sink, enabled: true);
using (var server = TestServer.Create(app =>
{
app.UseSession();
app.Run(context =>
{
int?value = context.Session.GetInt32("Key");
if (context.Request.Path == new PathString("/first"))
{
Assert.False(value.HasValue);
value = 1;
context.Session.SetInt32("Key", 1);
}
else if (context.Request.Path == new PathString("/second"))
{
Assert.False(value.HasValue);
value = 2;
}
return(context.Response.WriteAsync(value.Value.ToString()));
});
},
services =>
{
services.AddInstance(typeof(ILoggerFactory), loggerFactory);
services.AddCaching();
services.AddSession(o => o.IdleTimeout = TimeSpan.FromMilliseconds(30));
}))
{
var client = server.CreateClient();
var response = await client.GetAsync("first");
response.EnsureSuccessStatusCode();
client = server.CreateClient();
var cookie = SetCookieHeaderValue.ParseList(response.Headers.GetValues("Set-Cookie").ToList()).First();
client.DefaultRequestHeaders.Add("Cookie", new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
Thread.Sleep(50);
Assert.Equal("2", await client.GetStringAsync("/second"));
var sessionLogMessages = sink.Writes.OnlyMessagesFromSource <DistributedSession>().ToArray();
Assert.Equal(2, sessionLogMessages.Length);
Assert.Contains("started", sessionLogMessages[0].State.ToString());
Assert.Contains("expired", sessionLogMessages[1].State.ToString());
Assert.Equal(LogLevel.Information, sessionLogMessages[0].LogLevel);
Assert.Equal(LogLevel.Warning, sessionLogMessages[1].LogLevel);
}
}
public async Task Redirect_RetainsTempData_EvenIfAccessed_AndSetsAppropriateCookieValues()
{
// Arrange
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("value", "Foo"),
};
var content = new FormUrlEncodedContent(nameValueCollection);
// Act 1
var response = await Client.PostAsync("/TempData/SetTempData", content);
// Assert 1
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
IEnumerable <string> setCookieValues;
Assert.True(response.Headers.TryGetValues(HeaderNames.SetCookie, out setCookieValues));
var setCookieHeader = setCookieValues
.Select(setCookieValue => SetCookieHeaderValue.Parse(setCookieValue))
.FirstOrDefault(setCookieHeaderValue => setCookieHeaderValue.Name == CookieTempDataProvider.CookieName);
Assert.NotNull(setCookieHeader);
Assert.Equal("/", setCookieHeader.Path);
Assert.Null(setCookieHeader.Domain);
Assert.False(setCookieHeader.Secure);
Assert.Null(setCookieHeader.Expires);
// Act 2
var redirectResponse = await Client.SendAsync(GetRequest("/TempData/GetTempDataAndRedirect", response));
// Assert 2
Assert.Equal(HttpStatusCode.Redirect, redirectResponse.StatusCode);
// Act 3
response = await Client.SendAsync(GetRequest(redirectResponse.Headers.Location.ToString(), response));
// Assert 3
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var body = await response.Content.ReadAsStringAsync();
Assert.Equal("Foo", body);
Assert.True(response.Headers.TryGetValues(HeaderNames.SetCookie, out setCookieValues));
setCookieHeader = setCookieValues
.Select(setCookieValue => SetCookieHeaderValue.Parse(setCookieValue))
.FirstOrDefault(setCookieHeaderValue => setCookieHeaderValue.Name == CookieTempDataProvider.CookieName);
Assert.NotNull(setCookieHeader);
Assert.Equal(string.Empty, setCookieHeader.Value);
Assert.Equal("/", setCookieHeader.Path);
Assert.Null(setCookieHeader.Domain);
Assert.NotNull(setCookieHeader.Expires);
Assert.True(setCookieHeader.Expires < DateTimeOffset.Now); // expired cookie
}
public async Task ClearedItemsCannotBeAccessedAgain()
{
var builder = new WebHostBuilder()
.Configure(app =>
{
app.UseSession();
app.Run(context =>
{
int?value = context.Session.GetInt32("Key");
if (context.Request.Path == new PathString("/first"))
{
Assert.False(value.HasValue);
value = 0;
context.Session.SetInt32("Key", 1);
}
else if (context.Request.Path == new PathString("/second"))
{
Assert.True(value.HasValue);
Assert.Equal(1, value);
context.Session.Clear();
}
else if (context.Request.Path == new PathString("/third"))
{
Assert.False(value.HasValue);
value = 2;
}
return(context.Response.WriteAsync(value.Value.ToString()));
});
})
.ConfigureServices(services =>
{
services.AddMemoryCache();
services.AddDistributedMemoryCache();
services.AddSession();
});
using (var server = new TestServer(builder))
{
var client = server.CreateClient();
var response = await client.GetAsync("first");
response.EnsureSuccessStatusCode();
Assert.Equal("0", await response.Content.ReadAsStringAsync());
client = server.CreateClient();
var cookie = SetCookieHeaderValue.ParseList(response.Headers.GetValues("Set-Cookie").ToList()).First();
client.DefaultRequestHeaders.Add("Cookie", new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
Assert.Equal("1", await client.GetStringAsync("/second"));
Assert.Equal("2", await client.GetStringAsync("/third"));
}
}
private static SetCookieHeaderValue TryGetAntiForgeryCookie(HttpResponseMessage response)
{
if (response.Headers.TryGetValues("Set-Cookie", out IEnumerable <string> values))
{
return(SetCookieHeaderValue.ParseList(values.ToList())
.SingleOrDefault(
c => c.Name.StartsWith(
".AspNetCore.AntiForgery.",
StringComparison.InvariantCultureIgnoreCase)));
}
return(null);
}
private HttpRequestMessage GetRequest(string path, HttpResponseMessage response)
{
var request = new HttpRequestMessage(HttpMethod.Get, path);
IEnumerable <string> values;
if (response.Headers.TryGetValues("Set-Cookie", out values))
{
var cookie = SetCookieHeaderValue.ParseList(values.ToList()).First();
request.Headers.Add("Cookie", new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
}
return(request);
}
private static string ExtractAntiForgeryCookieValueFrom(HttpResponseMessage response)
{
string antiForgeryCookie = response.Headers.GetValues("Set-Cookie")
.FirstOrDefault(x => x.Contains(AntiForgeryCookieName));
if (antiForgeryCookie is null)
{
throw new ArgumentException($"Cookie '{AntiForgeryCookieName}' not found in HTTP response", nameof(response));
}
string antiForgeryCookieValue = SetCookieHeaderValue.Parse(antiForgeryCookie).Value.ToString();
return(antiForgeryCookieValue);
}
protected HttpRequestMessage PutRequest(string path, object obj, HttpResponseMessage response)
{
var request = new HttpRequestMessage(HttpMethod.Put, path);
request.Content = MakeJsonContent(obj);
if (response.Headers.TryGetValues("Set-Cookie", out var values))
{
var cookie = SetCookieHeaderValue.ParseList(values.ToList()).First();
request.Headers.Add("Cookie", new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
}
return(request);
}
public static IEnumerable <SetCookieHeaderValue> GetSetCookieHeaderValues(this HttpResponseMessage subject)
{
subject = subject ?? throw new ArgumentNullException(nameof(subject));
IEnumerable <string> values;
if (!subject.Headers.TryGetValues("Set-Cookie", out values))
{
return(Enumerable.Empty <SetCookieHeaderValue>());
}
return(SetCookieHeaderValue.ParseList(values.ToList()).ToList());
}
public HttpClient CreateAuthenticatedClient(User user)
{
var client = base.CreateClient();
var viewModel = UserFactory.SigninViewModel(user);
var response = client.PostAsJsonAsync("signin", viewModel).Result;
var header = response.Headers.GetValues("Set-Cookie");
var cookies = SetCookieHeaderValue.ParseList(header.ToList());
var cookie = cookies.Single();
client.DefaultRequestHeaders.Add("Cookie", cookie.ToString());
return(client);
}
// <summary>
// extract cookies from response and set them to request message
// </summary>
public static HttpRequestMessage SetCookiesFromResponse(this HttpRequestMessage request, HttpResponseMessage response)
{
IEnumerable <string> values;
if (response.Headers.TryGetValues("Set-Cookie", out values))
{
var setCookieHeaderValues = SetCookieHeaderValue.ParseList(values.ToList());
var cookiesValues = setCookieHeaderValues.Select(c => new CookieHeaderValue(c.Name, c.Value).ToString());
var cookieHeaderValue = string.Join("; ", cookiesValues);
request.Headers.Add("Cookie", cookieHeaderValue);
}
return(request);
}
/// <summary>
/// Login and return authentication cookie. This cookie must be passed with subsequent requests
/// </summary>
/// <param name="Client"></param>
/// <returns></returns>
public static async Task <SetCookieHeaderValue> Login(this HttpClient Client)
{
//pw for in-memory account, created in Startup.cs
string pw = "QWErty!@#$%^12345";
var result = await Client.GetAsync("/Account/Login");
IEnumerable <string> values;
result.Headers.TryGetValues("Set-Cookie", out values);
Assert.NotNull(values);
Assert.NotEmpty(values);
//find the validation token
//< input name = "__RequestVerificationToken" type = "hidden" value = "CfDJ8BQFQUk1PV9Fusy3dPMxl5Uu-rriBM3Ad5zCQGNf6fv_bkRBpTo7gfQAlYLPGyROR15d4NpLJ_AZN7mWKXKBqvOw-MAyMMEeLSeAeNadgxG_8sGgvJBYKGdtLn5PO9YO3jSNz_zQRuuTLjEmyTiPDCc" >
string tokenPattern = "<input name=\\\"__RequestVerificationToken\\\" type=\\\"hidden\\\" value=\\\"([\\w\\W\\d\\D]*)\\\">";
var body = await result.Content.ReadAsStringAsync();
var match = Regex.Match(body, tokenPattern);
Assert.NotEmpty(match.Groups[1].Value);
//get request token to pass back to login
var token = match.Groups[1].Value;
var post = new
{
Password = pw,
Email = "*****@*****.**",
__RequestVerificationToken = token
};
HttpRequestMessage message = new HttpRequestMessage();
result = await Client.GetResponseFromFormEncodedPost("/Account/Login", post, null, null, false);
body = await result.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.Redirect, result.StatusCode);
//get the cookies sent in response from the login
Assert.True(result.Headers.TryGetValues("Set-Cookie", out values));
Assert.NotNull(values);
var cookies = SetCookieHeaderValue.ParseList(values.ToList());
Assert.Equal(1, cookies.Count);
return(cookies.FirstOrDefault());
}
private HttpRequestMessage GetRequest(string path, HttpResponseMessage response)
{
var request = new HttpRequestMessage(HttpMethod.Get, path);
IEnumerable <string> values;
if (response.Headers.TryGetValues("Set-Cookie", out values))
{
var setCookieHeaderValues = SetCookieHeaderValue.ParseList(values.ToList());
var cookiesValues = setCookieHeaderValues.Select(c => new CookieHeaderValue(c.Name, c.Value).ToString());
var cookieHeaderValue = string.Join("; ", cookiesValues);
request.Headers.Add("Cookie", cookieHeaderValue);
}
return(request);
}
public async Task CookiePolicyAppliesToCookieAuth()
{
using var host = new HostBuilder()
.ConfigureWebHost(webHostBuilder =>
{
webHostBuilder
.Configure(app =>
{
app.UseCookiePolicy(new CookiePolicyOptions
{
HttpOnly = HttpOnlyPolicy.Always,
Secure = CookieSecurePolicy.Always,
OnAppendCookie = c => c.CookieOptions.Extensions.Add("extension")
});
app.UseAuthentication();
app.Run(context =>
{
return(context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("TestUser", "Cookies")))));
});
})
.UseTestServer();
})
.ConfigureServices(services =>
{
services.AddAuthentication().AddCookie(o =>
{
o.Cookie.Name = "TestCookie";
o.Cookie.HttpOnly = false;
o.Cookie.SecurePolicy = CookieSecurePolicy.None;
});
})
.Build();
var server = host.GetTestServer();
await host.StartAsync();
var transaction = await server.SendAsync("http://example.com/login");
Assert.NotNull(transaction.SetCookie);
Assert.Equal(1, transaction.SetCookie.Count);
var cookie = SetCookieHeaderValue.Parse(transaction.SetCookie[0]);
Assert.Equal("TestCookie", cookie.Name);
Assert.True(cookie.HttpOnly);
Assert.True(cookie.Secure);
Assert.Equal("/", cookie.Path);
Assert.Contains("extension", cookie.Extensions);
}
// Inspired from:
// https://github.com/aspnet/Mvc/blob/538cd9c19121f8d3171cbfddd5d842cbb756df3e/test/Microsoft.AspNet.Mvc.FunctionalTests/TempDataTest.cs#L201-L202
public static IDictionary <string, string> ExtractCookiesFromResponse(HttpResponseMessage response)
{
var result = new Dictionary <string, string>();
IEnumerable <string> values;
if (response.Headers.TryGetValues("Set-Cookie", out values))
{
SetCookieHeaderValue.ParseList(values.ToList()).ToList().ForEach(cookie =>
{
result.Add(cookie.Name, cookie.Value);
});
}
return(result);
}
private static async Task TestSyncWithTestServer()
{
var builder = new WebHostBuilder()
.UseKestrel()
.UseUrls("http://127.0.0.1:0/")
.Configure(app =>
{
app.UseSession();
app.Run(context =>
{
int?value = context.Session.GetInt32("Key");
if (context.Request.Path == new PathString("/first"))
{
Console.WriteLine("value.HasValue : " + value.HasValue);
value = 0;
}
Console.WriteLine("value.HasValue " + value.HasValue);
context.Session.SetInt32("Key", value.Value + 1);
return(context.Response.WriteAsync(value.Value.ToString()));
});
})
.ConfigureServices(services =>
{
services.AddDistributedMemoryCache();
services.AddSession();
});
using (var server = new TestServer(builder))
{
var client = server.CreateClient();
// Nothing here seems to work
// client.BaseAddress = new Uri("http://localhost.fiddler/");
var response = await client.GetAsync("first");
response.EnsureSuccessStatusCode();
Console.WriteLine("Server result : " + await response.Content.ReadAsStringAsync());
client = server.CreateClient();
var cookie = SetCookieHeaderValue.ParseList(response.Headers.GetValues("Set-Cookie").ToList()).First();
client.DefaultRequestHeaders.Add("Cookie", new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
Console.WriteLine("Server result : " + await client.GetStringAsync("/"));
Console.WriteLine("Server result : " + await client.GetStringAsync("/"));
Console.WriteLine("Server result : " + await client.GetStringAsync("/"));
}
}
private void SetCookieHeaders(HttpRequestMessage request, HttpResponseMessage response)
{
IEnumerable <string> values;
if (response.Headers.TryGetValues("Set-Cookie", out values))
{
foreach (var cookie in SetCookieHeaderValue.ParseList(values.ToList()))
{
if (cookie.Expires == null || cookie.Expires >= DateTimeOffset.UtcNow)
{
request.Headers.Add("Cookie", new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
}
}
}
}
public static RequestBuilder WithCookiesFrom(this RequestBuilder request, HttpResponseMessage response)
{
if (!response.Headers.TryGetValues(HeaderNames.SetCookie, out var cookies))
{
return(request);
}
var responseCookieHeaders = SetCookieHeaderValue.ParseList(cookies.ToList());
foreach (var cookie in responseCookieHeaders)
{
request.WithCookie(cookie.Name.ToString(), cookie.Value.ToString());
}
return(request);
}
public TestHttpRequestBuilder WithCookieFrom(HttpResponseMessage prevResponse)
{
if (!prevResponse.Headers.TryGetValues(HeaderNames.SetCookie, out var cookies))
{
return(this);
}
var responseCookieHeaders = SetCookieHeaderValue.ParseList(cookies.ToList());
foreach (var cookie in responseCookieHeaders)
{
WithCookie(cookie.Name.ToString(), cookie.Value.ToString());
}
return(this);
}
public async Task SessionCanBeAccessedOnTheNextRequest()
{
using var host = new HostBuilder()
.ConfigureWebHost(webHostBuilder =>
{
webHostBuilder
.UseTestServer()
.Configure(app =>
{
app.UseSession();
app.Run(context =>
{
int?value = context.Session.GetInt32("Key");
if (context.Request.Path == new PathString("/first"))
{
Assert.False(value.HasValue);
value = 0;
}
Assert.True(value.HasValue);
context.Session.SetInt32("Key", value.Value + 1);
return(context.Response.WriteAsync(value.Value.ToString(CultureInfo.InvariantCulture)));
});
})
.ConfigureServices(services =>
{
services.AddDistributedMemoryCache();
services.AddSession();
});
}).Build();
await host.StartAsync();
using (var server = host.GetTestServer())
{
var client = server.CreateClient();
var response = await client.GetAsync("first");
response.EnsureSuccessStatusCode();
Assert.Equal("0", await response.Content.ReadAsStringAsync());
client = server.CreateClient();
var cookie = SetCookieHeaderValue.ParseList(response.Headers.GetValues("Set-Cookie").ToList()).First();
client.DefaultRequestHeaders.Add("Cookie", new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
Assert.Equal("1", await client.GetStringAsync("/"));
Assert.Equal("2", await client.GetStringAsync("/"));
Assert.Equal("3", await client.GetStringAsync("/"));
}
}
private static async Task <HttpClient> GetAsyncAndSetCookie(this HttpClient client, string requestUri)
{
var cookieContainer = new CookieContainer();
var response = await client.GetAsync(requestUri);
if (response.Headers.TryGetValues(HeaderNames.SetCookie, out var responseCookies))
{
var cookieHeaders = SetCookieHeaderValue.ParseList(responseCookies.ToList()).ToList();
cookieHeaders.ForEach(
c => cookieContainer.Add(client.BaseAddress, new Cookie(c.Name.Value, c.Value.Value, c.Path.Value))
);
}
client.DefaultRequestHeaders.Add(HeaderNames.Cookie, cookieContainer.GetCookieHeader(client.BaseAddress));
return(client);
}
private static async Task <IList <string> > SendAndGetCookies(AspNetCore.TestHost.TestServer server, string uri)
{
var request = new HttpRequestMessage(HttpMethod.Get, uri);
var response = await server.CreateClient().SendAsync(request);
if (response.Headers.Contains("Set-Cookie"))
{
IList <string> cookieHeaders = new List <string>();
foreach (var cookie in SetCookieHeaderValue.ParseList(response.Headers.GetValues("Set-Cookie").ToList()))
{
cookieHeaders.Add(cookie.Name + "=" + cookie.Value);
}
return(cookieHeaders);
}
return(null);
}
public static SetCookieHeaderValue HasCookie(string name, HttpResponseMessage response, CookieComparison comparison)
{
var setCookieHeaderValue = new SetCookieHeaderValue(new StringSegment(name));
var foundCookie = HasCookieCore(setCookieHeaderValue, response, new SetCookieComparer(comparison));
if (foundCookie != null)
{
return(foundCookie);
}
var suffix = comparison.HasFlag(CookieComparison.NameStartsWith) ? "starting with" : "";
Assert.True(false, $"Couldn't find a cookie with a name {suffix} '{name}'");
return(null);
}
private HttpRequestMessage GetRequest(string path, HttpResponseMessage response)
{
var request = new HttpRequestMessage(HttpMethod.Get, path);
if (response.Headers.TryGetValues("Set-Cookie", out var values))
{
foreach (var cookie in SetCookieHeaderValue.ParseList(values.ToList()))
{
if (cookie.Expires == null || cookie.Expires >= DateTimeOffset.UtcNow)
{
request.Headers.Add("Cookie", new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
}
}
}
return(request);
}
public async Task CreateConsentCookieAppliesPolicy()
{
var httpContext = await RunTestAsync(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = Http.SameSiteMode.Strict;
options.OnAppendCookie = context =>
{
Assert.Equal(".AspNet.Consent", context.CookieName);
Assert.Equal("yes", context.CookieValue);
Assert.Equal(Http.SameSiteMode.Strict, context.CookieOptions.SameSite);
context.CookieName += "1";
context.CookieValue += "1";
};
},
requestContext => { },
context =>
{
var feature = context.Features.Get <ITrackingConsentFeature>();
Assert.True(feature.IsConsentNeeded);
Assert.False(feature.HasConsent);
Assert.False(feature.CanTrack);
feature.GrantConsent();
Assert.True(feature.IsConsentNeeded);
Assert.True(feature.HasConsent);
Assert.True(feature.CanTrack);
var cookie = feature.CreateConsentCookie();
context.Response.Headers["ManualCookie"] = cookie;
return(Task.CompletedTask);
});
var cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers[HeaderNames.SetCookie]);
Assert.Equal(1, cookies.Count);
var consentCookie = cookies[0];
Assert.Equal(".AspNet.Consent1", consentCookie.Name);
Assert.Equal("yes1", consentCookie.Value);
Assert.Equal(Net.Http.Headers.SameSiteMode.Strict, consentCookie.SameSite);
Assert.NotNull(consentCookie.Expires);
Assert.Equal(httpContext.Response.Headers[HeaderNames.SetCookie], httpContext.Response.Headers["ManualCookie"]);
}
public async Task CreateConsentCookieMatchesGrantConsentCookieWhenCookieValueIsCustom()
{
var httpContext = await RunTestAsync(options =>
{
options.CheckConsentNeeded = context => true;
options.ConsentCookieValue = "true";
},
requestContext => { },
context =>
{
var feature = context.Features.Get <ITrackingConsentFeature>();
Assert.True(feature.IsConsentNeeded);
Assert.False(feature.HasConsent);
Assert.False(feature.CanTrack);
feature.GrantConsent();
Assert.True(feature.IsConsentNeeded);
Assert.True(feature.HasConsent);
Assert.True(feature.CanTrack);
var cookie = feature.CreateConsentCookie();
context.Response.Headers["ManualCookie"] = cookie;
return(Task.CompletedTask);
});
var cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers.SetCookie);
Assert.Equal(1, cookies.Count);
var consentCookie = cookies[0];
Assert.Equal(".AspNet.Consent", consentCookie.Name);
Assert.Equal("true", consentCookie.Value);
Assert.Equal(Net.Http.Headers.SameSiteMode.Unspecified, consentCookie.SameSite);
Assert.NotNull(consentCookie.Expires);
cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers["ManualCookie"]);
Assert.Equal(1, cookies.Count);
var manualCookie = cookies[0];
Assert.Equal(consentCookie.Name, manualCookie.Name);
Assert.Equal(consentCookie.Value, manualCookie.Value);
Assert.Equal(consentCookie.SameSite, manualCookie.SameSite);
Assert.NotNull(manualCookie.Expires); // Expires may not exactly match to the second.
}
public static HttpRequestMessage CreatePostRequestWithCookiesFromResponse(string path, Dictionary <string, string> formPostBodyData, HttpResponseMessage response)
{
var httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, path)
{
Content = new FormUrlEncodedContent(formPostBodyData)
};
if (response.Headers.TryGetValues("Set-Cookie", out var responseValues))
{
SetCookieHeaderValue.ParseList(responseValues.ToList()).ToList().ForEach(cookie =>
{
httpRequestMessage.Headers.Add("Cookie", new CookieHeaderValue(cookie.Name.Value, cookie.Value.Value).ToString());
});
}
return(httpRequestMessage);
}
