public void RenewCookieAfterHalfExpirationTime_HalfTimeHasNotPassed() { var testUser = new FakeUserInfo("TestUser"); var impersonateUserName = "******"; var options = new ImpersonationOptions { CookieDurationMinutes = 3 }; var cookie = ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName, options); var impersonationInfo = ImpersonationServiceHelper.DecryptCookieValue(cookie.Value); AssertIsWithinOneSecond(DateTime.Now.AddMinutes(options.CookieDurationMinutes), impersonationInfo.Expires); // Reviewing the test setup. // Half-time has not passed: impersonationInfo.Expires = DateTime.Now.AddMinutes(options.CookieDurationMinutes / 2.0).AddSeconds(1); cookie.Value = ImpersonationServiceHelper.EncryptCookieValue(impersonationInfo); (var impersonationService, var httpContext, _) = ImpersonationServiceHelper.CreateImpersonationService(testUser, options); httpContext.RequestCookies.Add(cookie); var user = impersonationService.GetAuthenticationInfo(); // Impersonation should still be valid, the cookie should not be modified. Assert.AreEqual( "TestUser as TestImpersonatedUser, original TestUser", ReportImpersonationStatus(user)); Assert.AreEqual(0, httpContext.ResponseCookies.Count); }
public void StopImpersonating() { var initialUser = new FakeUserInfo("TestUser"); var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Review test setup: Assert.AreEqual( "TestUser as TestImpersonatedUser, original TestUser", ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, initialCookie).AuthenticationInfo)); // Stopping impersonation should expire the impersonation cookie: (var responseCookie, var log) = ImpersonationServiceHelper.RemoveImpersonation(initialUser, initialCookie); AssertIsBefore(responseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, responseCookie.Key); Assert.AreEqual(" as ", ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(responseCookie.Value))); // No need for impersonation data in the cookie. TestUtility.AssertContains( string.Join(Environment.NewLine, log), "StopImpersonating: TestUser as TestImpersonatedUser"); // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again. Assert.AreEqual( "No impersonation, original TestUser", ReportImpersonationStatus(ImpersonationServiceHelper.GetAuthenticationInfo(initialUser, responseCookie).AuthenticationInfo)); }
public void StopImpersonating_EmptyUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid: var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie); AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key); Assert.AreEqual(" as ", ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie. TestUtility.AssertContains( string.Join(Environment.NewLine, removeResponse.Log), "Removing impersonation, the original user is no longer authenticated."); // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again. var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie); Assert.AreEqual( "No impersonation, original not recognized", ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo)); }
public void StopImpersonating_DifferentUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Stopping impersonation should expire the impersonation cookie, even if the authentication context is invalid: var removeResponse = ImpersonationServiceHelper.RemoveImpersonation(currentlyAuthenticatedUser, initialCookie); AssertIsBefore(removeResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, removeResponse.ResponseCookie.Key); Assert.AreEqual(" as ", ReportImpersonationInfo(ImpersonationServiceHelper.DecryptCookieValue(removeResponse.ResponseCookie.Value))); // No need for impersonation data in the cookie. TestUtility.AssertContains( string.Join(Environment.NewLine, removeResponse.Log), "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser)."); // Next request with expired cookie should be without impersonation, even if the expired cookie is sent again. var authResponseAfterRemove = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, removeResponse.ResponseCookie); Assert.AreEqual( "No impersonation, original CurrentUser", ReportImpersonationStatus(authResponseAfterRemove.AuthenticationInfo)); Assert.IsNull(authResponseAfterRemove.ResponseCookie, "There is no need to send the expired cookie again, client already has the expired one."); }
public void SetImpersonationAnonymous() { var testUser = new FakeUserInfo(null, null, false); var impersonateUserName = "******"; TestUtility.ShouldFail <UserException>( () => ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName), "You are not authorized"); }
public void NoImpersonation() { var testUser = new FakeUserInfo("TestUser"); var impersonationService = ImpersonationServiceHelper.CreateImpersonationService(testUser).ImpersonationService; var user = impersonationService.GetAuthenticationInfo(); Assert.AreEqual( "No impersonation, original TestUser", ReportImpersonationStatus(user)); }
public void SimpleImpersonation() { var testUser = new FakeUserInfo("TestUser"); var impersonateUserName = "******"; var cookie = ImpersonationServiceHelper.SetImpersonation(testUser, impersonateUserName); (var impersonationService, var httpContext, _) = ImpersonationServiceHelper.CreateImpersonationService(testUser); httpContext.RequestCookies.Add(cookie); var user = impersonationService.GetAuthenticationInfo(); Assert.AreEqual( "TestUser as TestImpersonatedUser, original TestUser", ReportImpersonationStatus(user)); }
public void InvalidImpersonationCookie() { var testUser = new FakeUserInfo("TestUser"); var invalidCookie = new FakeCookie(ImpersonationService.CookieKey, "abc", null); var response = ImpersonationServiceHelper.GetAuthenticationInfo(testUser, invalidCookie); Assert.AreEqual( "No impersonation, original TestUser", ReportImpersonationStatus(response.AuthenticationInfo)); TestUtility.AssertContains( string.Join(Environment.NewLine, response.Log), new[] { "Error decrypting 'rhetos_impersonation' cookie value.", "CryptographicException: An error occurred during a cryptographic operation." }); AssertIsBefore(response.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, response.ResponseCookie.Key); }
public void AuthenticationContextChanged_EmptyUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("", "", true); // Unexpected authentication context, similar to anonymous user. Testing for robust impersonation management. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Authentication process should invalidate the impersonation, because the user in no longer authenticated. var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie); Assert.AreEqual( "No impersonation, original not recognized", ReportImpersonationStatus(authResponse.AuthenticationInfo)); TestUtility.AssertContains( string.Join(Environment.NewLine, authResponse.Log), "Removing impersonation, the original user is no longer authenticated."); AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key); }
public void AuthenticationContextChanged_NullUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo(null, null, false); // For example, if the user logged out. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Authentication process should invalidate the impersonation, because the user in no longer authenticated. var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie); Assert.AreEqual( "No impersonation, original not recognized", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation. ReportImpersonationStatus(authResponse.AuthenticationInfo)); TestUtility.AssertContains( string.Join(Environment.NewLine, authResponse.Log), "Removing impersonation, the original user is no longer authenticated."); AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key); }
public void AuthenticationContextChanged_DifferentUser() { var initialUser = new FakeUserInfo("InitialUser"); // User than started the impersonation. var currentlyAuthenticatedUser = new FakeUserInfo("CurrentUser"); // Currently authenticated user does not match the initial user, so the impersonation cookie is invalid. var impersonateUserName = "******"; var initialCookie = ImpersonationServiceHelper.SetImpersonation(initialUser, impersonateUserName); // Authentication process should invalidate the impersonation, because the user context has changed. var authResponse = ImpersonationServiceHelper.GetAuthenticationInfo(currentlyAuthenticatedUser, initialCookie); Assert.AreEqual( "No impersonation, original CurrentUser", // Impersonation is not valid, since the current user does not match the initial user that started the impersonation. ReportImpersonationStatus(authResponse.AuthenticationInfo)); TestUtility.AssertContains( string.Join(Environment.NewLine, authResponse.Log), "Removing impersonation, the current authentication context (CurrentUser) does not match the initial one (InitialUser)."); AssertIsBefore(authResponse.ResponseCookie.Options.Expires.Value, DateTimeOffset.Now.AddSeconds(-1)); Assert.AreEqual(ImpersonationService.CookieKey, authResponse.ResponseCookie.Key); }