[2.1] CookieChunkingManager needs to flow the Secure attribute… (#17953)

This commit is contained in:
Chris Ross 2020-01-15 11:07:15 -08:00 committed by Andrew Stanton-Nurse
parent 164ddfd48b
commit 8211a1c313
5 changed files with 47 additions and 13 deletions

View File

@ -50,4 +50,10 @@ Later on, this will be checked using this condition:
Microsoft.AspNetCore.SignalR.Core; Microsoft.AspNetCore.SignalR.Core;
</PackagesInPatch> </PackagesInPatch>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition=" '$(VersionPrefix)' == '2.1.16' ">
<PackagesInPatch>
Microsoft.AspNetCore.Authentication.Cookies;
Microsoft.AspNetCore.Mvc.Core;
</PackagesInPatch>
</PropertyGroup>
</Project> </Project>

View File

@ -45,7 +45,7 @@ namespace OpenIdConnectSample
private void CheckSameSite(HttpContext httpContext, CookieOptions options) private void CheckSameSite(HttpContext httpContext, CookieOptions options)
{ {
if (options.SameSite > (SameSiteMode)(-1)) if (options.SameSite == SameSiteMode.None)
{ {
var userAgent = httpContext.Request.Headers["User-Agent"].ToString(); var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
// TODO: Use your User Agent library of choice here. // TODO: Use your User Agent library of choice here.

View File

@ -1,4 +1,4 @@
// Copyright (c) .NET Foundation. All rights reserved. // Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System; using System;
@ -190,7 +190,7 @@ namespace Microsoft.AspNetCore.Authentication.WsFederation
response.EnsureSuccessStatusCode(); response.EnsureSuccessStatusCode();
var cookie = response.Headers.GetValues(HeaderNames.SetCookie).Single(); var cookie = response.Headers.GetValues(HeaderNames.SetCookie).Single();
Assert.Equal(".AspNetCore.Cookies=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax", cookie); Assert.Equal(".AspNetCore.Cookies=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax; httponly", cookie);
Assert.Equal("OnRemoteSignOut", response.Headers.GetValues("EventHeader").Single()); Assert.Equal("OnRemoteSignOut", response.Headers.GetValues("EventHeader").Single());
Assert.Equal("", await response.Content.ReadAsStringAsync()); Assert.Equal("", await response.Content.ReadAsStringAsync());
} }
@ -440,4 +440,4 @@ namespace Microsoft.AspNetCore.Authentication.WsFederation
} }
} }
} }
} }

View File

@ -21,6 +21,29 @@ namespace Microsoft.AspNetCore.Internal
Assert.Equal("TestCookie=" + testString + "; path=/; samesite=lax", values[0]); Assert.Equal("TestCookie=" + testString + "; path=/; samesite=lax", values[0]);
} }
[Fact]
public void AppendLargeCookie_WithOptions_Appended()
{
HttpContext context = new DefaultHttpContext();
var now = DateTimeOffset.UtcNow;
var options = new CookieOptions
{
Domain = "foo.com",
HttpOnly = true,
SameSite = SameSiteMode.Strict,
Path = "/bar",
Secure = true,
Expires = now.AddMinutes(5),
MaxAge = TimeSpan.FromMinutes(5)
};
var testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
new ChunkingCookieManager() { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, options);
var values = context.Response.Headers["Set-Cookie"];
Assert.Single(values);
Assert.Equal($"TestCookie={testString}; expires={now.AddMinutes(5).ToString("R")}; max-age=300; domain=foo.com; path=/bar; secure; samesite=strict; httponly", values[0]);
}
[Fact] [Fact]
public void AppendLargeCookieWithLimit_Chunked() public void AppendLargeCookieWithLimit_Chunked()
{ {
@ -112,19 +135,19 @@ namespace Microsoft.AspNetCore.Internal
HttpContext context = new DefaultHttpContext(); HttpContext context = new DefaultHttpContext();
context.Request.Headers.Append("Cookie", "TestCookie=chunks-7"); context.Request.Headers.Append("Cookie", "TestCookie=chunks-7");
new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com" }); new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com", Secure = true });
var cookies = context.Response.Headers["Set-Cookie"]; var cookies = context.Response.Headers["Set-Cookie"];
Assert.Equal(8, cookies.Count); Assert.Equal(8, cookies.Count);
Assert.Equal(new[] Assert.Equal(new[]
{ {
"TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax", "TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
"TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax", "TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
"TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax", "TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
"TestCookieC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax", "TestCookieC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
"TestCookieC4=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax", "TestCookieC4=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
"TestCookieC5=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax", "TestCookieC5=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
"TestCookieC6=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax", "TestCookieC6=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
"TestCookieC7=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax", "TestCookieC7=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
}, cookies); }, cookies);
} }
} }

View File

@ -169,6 +169,7 @@ namespace Microsoft.AspNetCore.Internal
HttpOnly = options.HttpOnly, HttpOnly = options.HttpOnly,
Path = options.Path, Path = options.Path,
Secure = options.Secure, Secure = options.Secure,
MaxAge = options.MaxAge,
}; };
var templateLength = template.ToString().Length; var templateLength = template.ToString().Length;
@ -285,8 +286,10 @@ namespace Microsoft.AspNetCore.Internal
Path = options.Path, Path = options.Path,
Domain = options.Domain, Domain = options.Domain,
SameSite = options.SameSite, SameSite = options.SameSite,
Secure = options.Secure,
IsEssential = options.IsEssential, IsEssential = options.IsEssential,
Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc), Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
HttpOnly = options.HttpOnly,
}); });
for (int i = 1; i <= chunks; i++) for (int i = 1; i <= chunks; i++)
@ -300,8 +303,10 @@ namespace Microsoft.AspNetCore.Internal
Path = options.Path, Path = options.Path,
Domain = options.Domain, Domain = options.Domain,
SameSite = options.SameSite, SameSite = options.SameSite,
Secure = options.Secure,
IsEssential = options.IsEssential, IsEssential = options.IsEssential,
Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc), Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
HttpOnly = options.HttpOnly,
}); });
} }
} }