AutomaticAuthenticate = false for non ApplicationCookies

2016-06-01 12:08:03 -07:00 · 2016-06-01 12:08:03 -07:00 · 7a795da349
parent e7327fa729
commit 7a795da349
4 changed files with 12 additions and 2 deletions
--- a/src/Microsoft.AspNetCore.Identity/IdentityCookieOptions.cs
+++ b/src/Microsoft.AspNetCore.Identity/IdentityCookieOptions.cs
@ -36,6 +36,7 @@ namespace Microsoft.AspNetCore.Identity

            ExternalCookie = new CookieAuthenticationOptions
            {
+                AutomaticAuthenticate = false,
                AuthenticationScheme = DefaultExternalScheme,
                CookieName = DefaultExternalScheme,
                ExpireTimeSpan = TimeSpan.FromMinutes(5)
@ -43,17 +44,18 @@ namespace Microsoft.AspNetCore.Identity

            TwoFactorRememberMeCookie = new CookieAuthenticationOptions
            {
+                AutomaticAuthenticate = false,
                AuthenticationScheme = DefaultTwoFactorRememberMeScheme,
                CookieName = DefaultTwoFactorRememberMeScheme
            };

            TwoFactorUserIdCookie = new CookieAuthenticationOptions
            {
+                AutomaticAuthenticate = false,
                AuthenticationScheme = DefaultTwoFactorUserIdScheme,
                CookieName = DefaultTwoFactorUserIdScheme,
                ExpireTimeSpan = TimeSpan.FromMinutes(5)
-                };
-
+            };
        }

        public CookieAuthenticationOptions ApplicationCookie { get; set; }
--- a/src/Microsoft.AspNetCore.Identity/SignInManager.cs
+++ b/src/Microsoft.AspNetCore.Identity/SignInManager.cs
@ -365,6 +365,8 @@ namespace Microsoft.AspNetCore.Identity
                {
                    await Context.Authentication.SignOutAsync(Options.Cookies.ExternalCookieAuthenticationScheme);
                }
+                // Cleanup two factor user id cookie
+                await Context.Authentication.SignOutAsync(Options.Cookies.TwoFactorUserIdCookieAuthenticationScheme);
                if (rememberClient)
                {
                    await RememberTwoFactorClientAsync(user);
--- a/test/Microsoft.AspNetCore.Identity.Test/IdentityOptionsTest.cs
+++ b/test/Microsoft.AspNetCore.Identity.Test/IdentityOptionsTest.cs
@ -35,6 +35,11 @@ namespace Microsoft.AspNetCore.Identity.Test
            Assert.Equal(ClaimTypes.Name, options.ClaimsIdentity.UserNameClaimType);
            Assert.Equal(ClaimTypes.NameIdentifier, options.ClaimsIdentity.UserIdClaimType);
            Assert.Equal("AspNet.Identity.SecurityStamp", options.ClaimsIdentity.SecurityStampClaimType);
+
+            Assert.True(options.Cookies.ApplicationCookie.AutomaticAuthenticate);
+            Assert.False(options.Cookies.ExternalCookie.AutomaticAuthenticate);
+            Assert.False(options.Cookies.TwoFactorRememberMeCookie.AutomaticAuthenticate);
+            Assert.False(options.Cookies.TwoFactorUserIdCookie.AutomaticAuthenticate);
        }

        [Fact]
--- a/test/Microsoft.AspNetCore.Identity.Test/SignInManagerTest.cs
+++ b/test/Microsoft.AspNetCore.Identity.Test/SignInManagerTest.cs
@ -407,6 +407,7 @@ namespace Microsoft.AspNetCore.Identity.Test
                // REVIEW: restore ability to test is persistent
                //It.Is<AuthenticationProperties>(v => v.IsPersistent == isPersistent))).Verifiable();
                auth.Setup(a => a.SignOutAsync(helper.Options.Cookies.ExternalCookieAuthenticationScheme)).Returns(Task.FromResult(0)).Verifiable();
+                auth.Setup(a => a.SignOutAsync(helper.Options.Cookies.TwoFactorUserIdCookieAuthenticationScheme)).Returns(Task.FromResult(0)).Verifiable();
            }
            else
            {