Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Added RequireSSL property to FormsAuthentication. Issue #425 #760

Merged
merged 5 commits into from

3 participants

@andreichuk

No description provided.

...hentication.Forms/FormsAuthenticationConfiguration.cs
((9 lines not shown))
/// Gets or sets the cryptography configuration
/// </summary>
- public CryptographyConfiguration CryptographyConfiguration { get; set; }
+ public CryptographyConfiguration CryptographyConfiguration { get; set; }
@thecodejunkie Owner

Looks like you've added a tab at the end here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@thecodejunkie

Could you please add tests for this? There is a FormsAuthenticationFixture and FormsAuthenticationConfigurationFixture where the rest of the tests are.

...hentication.Forms/FormsAuthenticationConfiguration.cs
@@ -42,9 +42,14 @@ public FormsAuthenticationConfiguration(CryptographyConfiguration cryptographyCo
public IUserMapper UserMapper { get; set; }
/// <summary>
+ /// Gets or sets the flag that indicates whether SSL is required
+ /// </summary>
+ public bool RequireSSL { get; set; }
@thecodejunkie Owner

MIssing <value> element

@prabirshrestha Owner

should it be RequiresSSL instead? this would match with #702 for RequiresHttps.

@thecodejunkie Owner

Good call. Actually RequiresSSL and RequiresHttps are two ways of saying the same thing. So it should probably be RequiresHttps, for symmetry, or something like Secure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@thecodejunkie

Could you please add tests for this? The other tests for forms auth are in FormsAuthenticationFixture and FormsAuthenticationConfigurationFixture

@thecodejunkie

Am I right in assuming that it's not overlapping #691 ? I believe they're complementing eachother

@andreichuk

done

@thecodejunkie thecodejunkie merged commit c8be5d4 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 21, 2012
  1. @andreichuk
Commits on Sep 26, 2012
  1. @thecodejunkie

    Merge pull request #765 from prabirshrestha/fixOwinTests

    thecodejunkie authored
    removed version check for owin in unit test
Commits on Sep 28, 2012
  1. @andreichuk
  2. @andreichuk
Commits on Sep 29, 2012
  1. @andreichuk
This page is out of date. Refresh to see the latest.
View
70 src/Nancy.Authentication.Forms.Tests/FormsAuthenticationFixture.cs
@@ -14,6 +14,7 @@ namespace Nancy.Authentication.Forms.Tests
public class FormsAuthenticationFixture
{
private FormsAuthenticationConfiguration config;
+ private FormsAuthenticationConfiguration secureConfig;
private NancyContext context;
private Guid userGuid;
@@ -45,6 +46,15 @@ public FormsAuthenticationFixture()
CryptographyConfiguration = this.cryptographyConfiguration,
RedirectUrl = "/login",
UserMapper = A.Fake<IUserMapper>(),
+ RequiresSSL = false
+ };
+
+ this.secureConfig = new FormsAuthenticationConfiguration()
+ {
+ CryptographyConfiguration = this.cryptographyConfiguration,
+ RedirectUrl = "/login",
+ UserMapper = A.Fake<IUserMapper>(),
+ RequiresSSL = true
};
this.context = new NancyContext()
@@ -145,10 +155,13 @@ public void Should_have_authentication_cookie_in_login_response_when_logging_in_
[Fact]
public void Should_set_authentication_cookie_to_httponly_when_logging_in_with_redirect()
{
+ //Given
FormsAuthentication.Enable(A.Fake<IPipelines>(), this.config);
+ //When
var result = FormsAuthentication.UserLoggedInRedirectResponse(context, userGuid);
+ //Then
result.Cookies.Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName).First()
.HttpOnly.ShouldBeTrue();
}
@@ -541,5 +554,62 @@ public void Should_retain_querystring_when_redirecting_after_successfull_login()
// Then
result.Headers["Location"].ShouldEqual("/secure?foo=bar");
}
+
+ [Fact]
+ public void Should_set_authentication_cookie_to_secure_when_config_requires_ssl_and_logging_in_with_redirect()
+ {
+ //Given
+ FormsAuthentication.Enable(A.Fake<IPipelines>(), this.secureConfig);
+
+ //When
+ var result = FormsAuthentication.UserLoggedInRedirectResponse(context, userGuid);
+
+ //Then
+ result.Cookies
+ .Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName)
+ .First()
+ .Secure.ShouldBeTrue();
+ }
+
+ [Fact]
+ public void Should_set_authentication_cookie_to_secure_when_config_requires_ssl_and_logging_in_without_redirect()
+ {
+ // Given
+ FormsAuthentication.Enable(A.Fake<IPipelines>(), this.secureConfig);
+
+ // When
+ var result = FormsAuthentication.UserLoggedInResponse(userGuid);
+
+ // Then
+ result.Cookies
+ .Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName)
+ .First()
+ .Secure.ShouldBeTrue();
+ }
+
+ [Fact]
+ public void Should_set_authentication_cookie_to_secure_when_config_requires_ssl_and_user_logs_out_with_redirect()
+ {
+ FormsAuthentication.Enable(A.Fake<IPipelines>(), this.secureConfig);
+
+ var result = FormsAuthentication.LogOutAndRedirectResponse(context, "/");
+
+ var cookie = result.Cookies.Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName).First();
+ cookie.Secure.ShouldBeTrue();
+ }
+
+ [Fact]
+ public void Should_set_authentication_cookie_to_secure_when_config_requires_ssl_and_user_logs_out_without_redirect()
+ {
+ // Given
+ FormsAuthentication.Enable(A.Fake<IPipelines>(), this.secureConfig);
+
+ // When
+ var result = FormsAuthentication.LogOutResponse();
+
+ // Then
+ var cookie = result.Cookies.Where(c => c.Name == FormsAuthentication.FormsAuthenticationCookieName).First();
+ cookie.Secure.ShouldBeTrue();
+ }
}
}
View
10 src/Nancy.Authentication.Forms/FormsAuthentication.cs
@@ -157,8 +157,7 @@ public static Response LogOutResponse()
if (userGuid != Guid.Empty)
{
-
- context.CurrentUser = configuration.UserMapper.GetUserFromIdentifier(userGuid, context);
+ context.CurrentUser = configuration.UserMapper.GetUserFromIdentifier(userGuid, context);
}
return null;
@@ -223,7 +222,7 @@ private static INancyCookie BuildCookie(Guid userIdentifier, DateTime? cookieExp
{
var cookieContents = EncryptAndSignCookie(userIdentifier.ToString(), configuration);
- var cookie = new NancyCookie(formsAuthenticationCookieName, cookieContents, true) { Expires = cookieExpiry };
+ var cookie = new NancyCookie(formsAuthenticationCookieName, cookieContents, true, configuration.RequiresSSL) { Expires = cookieExpiry };
return cookie;
}
@@ -235,7 +234,7 @@ private static INancyCookie BuildCookie(Guid userIdentifier, DateTime? cookieExp
/// <returns>Nancy cookie instance</returns>
private static INancyCookie BuildLogoutCookie(FormsAuthenticationConfiguration configuration)
{
- return new NancyCookie(formsAuthenticationCookieName, String.Empty, true) { Expires = DateTime.Now.AddDays(-1) };
+ return new NancyCookie(formsAuthenticationCookieName, String.Empty, true, configuration.RequiresSSL) { Expires = DateTime.Now.AddDays(-1) };
}
/// <summary>
@@ -314,8 +313,5 @@ private static string GetRedirectQuerystringKey(FormsAuthenticationConfiguration
return redirectQuerystringKey;
}
-
}
-
-
}
View
6 src/Nancy.Authentication.Forms/FormsAuthenticationConfiguration.cs
@@ -42,6 +42,12 @@ public FormsAuthenticationConfiguration(CryptographyConfiguration cryptographyCo
public IUserMapper UserMapper { get; set; }
/// <summary>
+ /// Gets or sets RequiresSSL property
+ /// </summary>
+ /// <value>The flag that indicates whether SSL is required</value>
+ public bool RequiresSSL { get; set; }
+
+ /// <summary>
/// Gets or sets the cryptography configuration
/// </summary>
public CryptographyConfiguration CryptographyConfiguration { get; set; }
Something went wrong with that request. Please try again.