Revert obsoleting CookieAuthenticationOptions.ExpireTimeSpan (#1296)
- Revert the obsoleting of CookieAuthenticationOptions.ExpireTimeSpan in aspnet/Security#1285 - Add test to ensure Cookie.Expiration is ignored
This commit is contained in:
parent
658f4621b1
commit
bd19ba9533
|
|
@ -270,14 +270,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
|
|
||||||
if (!signInContext.Properties.ExpiresUtc.HasValue)
|
if (!signInContext.Properties.ExpiresUtc.HasValue)
|
||||||
{
|
{
|
||||||
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan));
|
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
|
||||||
}
|
}
|
||||||
|
|
||||||
await Events.SigningIn(signInContext);
|
await Events.SigningIn(signInContext);
|
||||||
|
|
||||||
if (signInContext.Properties.IsPersistent)
|
if (signInContext.Properties.IsPersistent)
|
||||||
{
|
{
|
||||||
var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan));
|
var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
|
||||||
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
|
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
SameSite = SameSiteMode.Lax,
|
SameSite = SameSiteMode.Lax,
|
||||||
HttpOnly = true,
|
HttpOnly = true,
|
||||||
SecurePolicy = CookieSecurePolicy.SameAsRequest,
|
SecurePolicy = CookieSecurePolicy.SameAsRequest,
|
||||||
Expiration = TimeSpan.FromDays(14),
|
|
||||||
};
|
};
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|
@ -29,6 +28,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public CookieAuthenticationOptions()
|
public CookieAuthenticationOptions()
|
||||||
{
|
{
|
||||||
|
ExpireTimeSpan = TimeSpan.FromDays(14);
|
||||||
ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
|
ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
|
||||||
SlidingExpiration = true;
|
SlidingExpiration = true;
|
||||||
Events = new CookieAuthenticationEvents();
|
Events = new CookieAuthenticationEvents();
|
||||||
|
|
@ -42,7 +42,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
/// <seealso cref="CookieBuilder.SameSite"/> defaults to <see cref="SameSiteMode.Lax"/>.
|
/// <seealso cref="CookieBuilder.SameSite"/> defaults to <see cref="SameSiteMode.Lax"/>.
|
||||||
/// <seealso cref="CookieBuilder.HttpOnly"/> defaults to <c>true</c>.
|
/// <seealso cref="CookieBuilder.HttpOnly"/> defaults to <c>true</c>.
|
||||||
/// <seealso cref="CookieBuilder.SecurePolicy"/> defaults to <see cref="CookieSecurePolicy.SameAsRequest"/>.
|
/// <seealso cref="CookieBuilder.SecurePolicy"/> defaults to <see cref="CookieSecurePolicy.SameAsRequest"/>.
|
||||||
/// <seealso cref="CookieBuilder.Expiration"/> defaults to 14 days.
|
|
||||||
/// </para>
|
/// </para>
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <remarks>
|
/// <remarks>
|
||||||
|
|
@ -60,9 +59,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
/// The default is true, which means the cookie will only be passed to http requests and is not made available to script on the page.
|
/// The default is true, which means the cookie will only be passed to http requests and is not made available to script on the page.
|
||||||
/// </para>
|
/// </para>
|
||||||
/// <para>
|
/// <para>
|
||||||
/// <seealso cref="CookieBuilder.Expiration"/> controls how much time the cookie will remain valid from the point it is created. The expiration
|
/// <seealso cref="CookieBuilder.Expiration"/> is currently ignored. Use <see cref="ExpireTimeSpan"/> to control lifetime of cookie authentication.
|
||||||
/// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
|
|
||||||
/// even if it is passed to the server after the browser should have purged it
|
|
||||||
/// </para>
|
/// </para>
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
public CookieBuilder Cookie
|
public CookieBuilder Cookie
|
||||||
|
|
@ -140,6 +137,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public ITicketStore SessionStore { get; set; }
|
public ITicketStore SessionStore { get; set; }
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// <para>
|
||||||
|
/// Controls how much time the authentication ticket stored in the cookie will remain valid from the point it is created
|
||||||
|
/// The expiration information is stored in the protected cookie ticket. Because of that an expired cookie will be ignored
|
||||||
|
/// even if it is passed to the server after the browser should have purged it.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// This is separate from the value of <seealso cref="CookieOptions.Expires"/>, which specifies
|
||||||
|
/// how long the browser will keep the cookie.
|
||||||
|
/// </para>
|
||||||
|
/// </summary>
|
||||||
|
public TimeSpan ExpireTimeSpan { get; set; }
|
||||||
|
|
||||||
#region Obsolete API
|
#region Obsolete API
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// <para>
|
/// <para>
|
||||||
|
|
@ -201,23 +211,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
/// </summary>
|
/// </summary>
|
||||||
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SecurePolicy) + ".")]
|
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SecurePolicy) + ".")]
|
||||||
public CookieSecurePolicy CookieSecure { get => Cookie.SecurePolicy; set => Cookie.SecurePolicy = value; }
|
public CookieSecurePolicy CookieSecure { get => Cookie.SecurePolicy; set => Cookie.SecurePolicy = value; }
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// <para>
|
|
||||||
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Expiration"/> on <see cref="Cookie"/>.
|
|
||||||
/// </para>
|
|
||||||
/// <para>
|
|
||||||
/// Controls how much time the cookie will remain valid from the point it is created. The expiration
|
|
||||||
/// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
|
|
||||||
/// even if it is passed to the server after the browser should have purged it
|
|
||||||
/// </para>
|
|
||||||
/// </summary>
|
|
||||||
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Expiration) + ".")]
|
|
||||||
public TimeSpan ExpireTimeSpan
|
|
||||||
{
|
|
||||||
get => Cookie.Expiration ?? default(TimeSpan);
|
|
||||||
set => Cookie.Expiration = value;
|
|
||||||
}
|
|
||||||
#endregion
|
#endregion
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,8 +19,4 @@
|
||||||
<ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
|
<ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
|
||||||
<Folder Include="Properties\" />
|
|
||||||
</ItemGroup>
|
|
||||||
|
|
||||||
</Project>
|
</Project>
|
||||||
|
|
|
||||||
|
|
@ -143,6 +143,23 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
Assert.DoesNotContain("; secure", setCookie);
|
Assert.DoesNotContain("; secure", setCookie);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public async Task CookieExpirationOptionIsIgnored()
|
||||||
|
{
|
||||||
|
var server = CreateServerWithServices(s => s.AddAuthentication().AddCookie(o =>
|
||||||
|
{
|
||||||
|
o.Cookie.Name = "TestCookie";
|
||||||
|
// this is currently ignored. Users should set o.ExpireTimeSpan instead
|
||||||
|
o.Cookie.Expiration = TimeSpan.FromDays(10);
|
||||||
|
}), SignInAsAlice);
|
||||||
|
|
||||||
|
var transaction = await SendAsync(server, "http://example.com/testpath");
|
||||||
|
|
||||||
|
var setCookie = transaction.SetCookie;
|
||||||
|
Assert.StartsWith("TestCookie=", setCookie);
|
||||||
|
Assert.DoesNotContain("; expires=", setCookie);
|
||||||
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task SignInWrongAuthTypeThrows()
|
public async Task SignInWrongAuthTypeThrows()
|
||||||
{
|
{
|
||||||
|
|
@ -277,7 +294,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.SlidingExpiration = false;
|
o.SlidingExpiration = false;
|
||||||
}, SignInAsAlice);
|
}, SignInAsAlice);
|
||||||
|
|
||||||
|
|
@ -306,7 +323,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.SlidingExpiration = false;
|
o.SlidingExpiration = false;
|
||||||
},
|
},
|
||||||
context =>
|
context =>
|
||||||
|
|
@ -339,7 +356,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.Events = new CookieAuthenticationEvents
|
o.Events = new CookieAuthenticationEvents
|
||||||
{
|
{
|
||||||
OnValidatePrincipal = ctx =>
|
OnValidatePrincipal = ctx =>
|
||||||
|
|
@ -367,7 +384,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.SlidingExpiration = false;
|
o.SlidingExpiration = false;
|
||||||
o.Events = new CookieAuthenticationEvents
|
o.Events = new CookieAuthenticationEvents
|
||||||
{
|
{
|
||||||
|
|
@ -395,7 +412,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.SlidingExpiration = false;
|
o.SlidingExpiration = false;
|
||||||
o.Events = new CookieAuthenticationEvents
|
o.Events = new CookieAuthenticationEvents
|
||||||
{
|
{
|
||||||
|
|
@ -431,7 +448,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.SlidingExpiration = false;
|
o.SlidingExpiration = false;
|
||||||
o.Events = new CookieAuthenticationEvents
|
o.Events = new CookieAuthenticationEvents
|
||||||
{
|
{
|
||||||
|
|
@ -476,7 +493,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.Events = new CookieAuthenticationEvents
|
o.Events = new CookieAuthenticationEvents
|
||||||
{
|
{
|
||||||
OnValidatePrincipal = ctx =>
|
OnValidatePrincipal = ctx =>
|
||||||
|
|
@ -520,7 +537,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.SlidingExpiration = false;
|
o.SlidingExpiration = false;
|
||||||
o.Events = new CookieAuthenticationEvents
|
o.Events = new CookieAuthenticationEvents
|
||||||
{
|
{
|
||||||
|
|
@ -569,7 +586,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
DateTimeOffset? lastExpiresDate = null;
|
DateTimeOffset? lastExpiresDate = null;
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.SlidingExpiration = sliding;
|
o.SlidingExpiration = sliding;
|
||||||
o.Events = new CookieAuthenticationEvents
|
o.Events = new CookieAuthenticationEvents
|
||||||
{
|
{
|
||||||
|
|
@ -619,7 +636,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.SlidingExpiration = false;
|
o.SlidingExpiration = false;
|
||||||
o.Events = new CookieAuthenticationEvents()
|
o.Events = new CookieAuthenticationEvents()
|
||||||
{
|
{
|
||||||
|
|
@ -656,7 +673,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
var server = CreateServer(o =>
|
var server = CreateServer(o =>
|
||||||
{
|
{
|
||||||
o.Cookie.Expiration = TimeSpan.FromMinutes(10);
|
o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
|
||||||
o.SlidingExpiration = true;
|
o.SlidingExpiration = true;
|
||||||
},
|
},
|
||||||
SignInAsAlice);
|
SignInAsAlice);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue