Skip to content
This repository has been archived by the owner on Jan 24, 2021. It is now read-only.

Commit

Permalink
Merge pull request #760 from andreichuk/FormsAuthentication
Browse files Browse the repository at this point in the history 
Added RequireSSL property to FormsAuthentication. Issue #425
  • Loading branch information
@thecodejunkie
thecodejunkie committed Oct 4, 2012
2 parents 9509e4d + e680123 commit c8be5d4
Show file tree
Hide file tree
Showing 3 changed files with 79 additions and 7 deletions.
70 changes: 70 additions & 0 deletions src/Nancy.Authentication.Forms.Tests/FormsAuthenticationFixture.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ namespace Nancy.Authentication.Forms.Tests
public class FormsAuthenticationFixture
{
private FormsAuthenticationConfiguration config;
private FormsAuthenticationConfiguration secureConfig;
private NancyContext context;
private Guid userGuid;

Expand Down Expand Up @@ -45,6 +46,15 @@ public FormsAuthenticationFixture()
CryptographyConfiguration = this.cryptographyConfiguration,
RedirectUrl = "/login",
UserMapper = A.Fake<IUserMapper>(),
RequiresSSL = false
};

this.secureConfig = new FormsAuthenticationConfiguration()
{
CryptographyConfiguration = this.cryptographyConfiguration,
RedirectUrl = "/login",
UserMapper = A.Fake<IUserMapper>(),
RequiresSSL = true
};

this.context = new NancyContext()
Expand Down Expand Up @@ -145,10 +155,13 @@ public void Should_have_authentication_cookie_in_login_response_when_logging_in_
[Fact]
public void Should_set_authentication_cookie_to_httponly_when_logging_in_with_redirect()
{
//Given
FormsAuthentication.Enable(A.Fake<IPipelines>(), this.config);

//When
var result = FormsAuthentication.UserLoggedInRedirectResponse(context, userGuid);

//Then
result.Cookies.Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName).First()
.HttpOnly.ShouldBeTrue();
}
Expand Down Expand Up @@ -541,5 +554,62 @@ public void Should_retain_querystring_when_redirecting_after_successfull_login()
// Then
result.Headers["Location"].ShouldEqual("/secure?foo=bar");
}

[Fact]
public void Should_set_authentication_cookie_to_secure_when_config_requires_ssl_and_logging_in_with_redirect()
{
//Given
FormsAuthentication.Enable(A.Fake<IPipelines>(), this.secureConfig);

//When
var result = FormsAuthentication.UserLoggedInRedirectResponse(context, userGuid);

//Then
result.Cookies
.Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName)
.First()
.Secure.ShouldBeTrue();
}

[Fact]
public void Should_set_authentication_cookie_to_secure_when_config_requires_ssl_and_logging_in_without_redirect()
{
// Given
FormsAuthentication.Enable(A.Fake<IPipelines>(), this.secureConfig);

// When
var result = FormsAuthentication.UserLoggedInResponse(userGuid);

// Then
result.Cookies
.Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName)
.First()
.Secure.ShouldBeTrue();
}

[Fact]
public void Should_set_authentication_cookie_to_secure_when_config_requires_ssl_and_user_logs_out_with_redirect()
{
FormsAuthentication.Enable(A.Fake<IPipelines>(), this.secureConfig);

var result = FormsAuthentication.LogOutAndRedirectResponse(context, "/");

var cookie = result.Cookies.Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName).First();
cookie.Secure.ShouldBeTrue();
}

[Fact]
public void Should_set_authentication_cookie_to_secure_when_config_requires_ssl_and_user_logs_out_without_redirect()
{
// Given
FormsAuthentication.Enable(A.Fake<IPipelines>(), this.secureConfig);

// When
var result = FormsAuthentication.LogOutResponse();

// Then
var cookie = result.Cookies.Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName).First();
cookie.Secure.ShouldBeTrue();
}
}
}
10 changes: 3 additions & 7 deletions src/Nancy.Authentication.Forms/FormsAuthentication.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,8 +157,7 @@ private static Func<NancyContext, Response> GetLoadAuthenticationHook(FormsAuthe
if (userGuid != Guid.Empty)
{
context.CurrentUser = configuration.UserMapper.GetUserFromIdentifier(userGuid, context);
context.CurrentUser = configuration.UserMapper.GetUserFromIdentifier(userGuid, context);
}
return null;
Expand Down Expand Up @@ -223,7 +222,7 @@ private static INancyCookie BuildCookie(Guid userIdentifier, DateTime? cookieExp
{
var cookieContents = EncryptAndSignCookie(userIdentifier.ToString(), configuration);

var cookie = new NancyCookie(formsAuthenticationCookieName, cookieContents, true) { Expires = cookieExpiry };
var cookie = new NancyCookie(formsAuthenticationCookieName, cookieContents, true, configuration.RequiresSSL) { Expires = cookieExpiry };

return cookie;
}
Expand All @@ -235,7 +234,7 @@ private static INancyCookie BuildCookie(Guid userIdentifier, DateTime? cookieExp
/// <returns>Nancy cookie instance</returns>
private static INancyCookie BuildLogoutCookie(FormsAuthenticationConfiguration configuration)
{
return new NancyCookie(formsAuthenticationCookieName, String.Empty, true) { Expires = DateTime.Now.AddDays(-1) };
return new NancyCookie(formsAuthenticationCookieName, String.Empty, true, configuration.RequiresSSL) { Expires = DateTime.Now.AddDays(-1) };
}

/// <summary>
Expand Down Expand Up @@ -314,8 +313,5 @@ private static string GetRedirectQuerystringKey(FormsAuthenticationConfiguration

return redirectQuerystringKey;
}

}


}
6 changes: 6 additions & 0 deletions src/Nancy.Authentication.Forms/FormsAuthenticationConfiguration.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ public FormsAuthenticationConfiguration(CryptographyConfiguration cryptographyCo
/// </summary>
public IUserMapper UserMapper { get; set; }

/// <summary>
/// Gets or sets RequiresSSL property
/// </summary>
/// <value>The flag that indicates whether SSL is required</value>
public bool RequiresSSL { get; set; }

/// <summary>
/// Gets or sets the cryptography configuration
/// </summary>
Expand Down

0 comments on commit c8be5d4

Please sign in to comment.