From c1250220508996a494d51627a8bd02b7792c012f Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 9 Aug 2017 15:29:34 -0700
Subject: [PATCH] #772 Fill in OIDC test gaps

---
 samples/SocialSample/Startup.cs               |  2 +-
 .../OpenIdConnectChallengeTests.cs            | 36 +++++++++++++------
 .../OpenIdConnect/OpenIdConnectEventTests.cs  | 14 ++++----
 3 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index d69b25ee31..36a53b38ae 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -162,7 +162,7 @@ namespace SocialSample
             })
                 // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
                 // https://github.com/settings/applications/
-                .AddOAuth("GitHub", o =>
+                .AddOAuth("GitHub", "Github", o =>
             {
                 o.ClientId = Configuration["github:clientid"];
                 o.ClientSecret = Configuration["github:clientsecret"];
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index d21a1f4246..fb08ae2786 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -5,11 +5,12 @@ using System;
 using System.Linq;
 using System.Net;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Primitives;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
@@ -19,7 +20,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         private static readonly string ChallengeEndpoint = TestServerBuilder.TestHost + TestServerBuilder.Challenge;
 
         [Fact]
-        public async Task ChallengeIsIssuedCorrectly()
+        public async Task ChallengeRedirectIsIssuedCorrectly()
         {
             var settings = new TestSettings(
                 opt =>
@@ -86,7 +87,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         </body>
         */
         [Fact]
-        public async Task ChallengeIssueedCorrectlyForFormPost()
+        public async Task ChallengeFormPostIssuedCorrectly()
         {
             var settings = new TestSettings(
                 opt =>
@@ -361,24 +362,37 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.Null(res.Headers.Location);
         }
 
-        [Fact]
-        public async Task ChallengeSetsNonceAndStateCookies()
+        [Theory]
+        [InlineData(OpenIdConnectRedirectBehavior.RedirectGet)]
+        [InlineData(OpenIdConnectRedirectBehavior.FormPost)]
+        public async Task ChallengeSetsNonceAndStateCookies(OpenIdConnectRedirectBehavior method)
         {
             var settings = new TestSettings(o =>
             {
+                o.AuthenticationMethod = method;
                 o.ClientId = "Test Id";
                 o.Authority = TestServerBuilder.DefaultAuthority;
             });
             var server = settings.CreateTestServer();
             var transaction = await server.SendAsync(ChallengeEndpoint);
 
-            var firstCookie = transaction.SetCookie.First();
-            Assert.Contains(OpenIdConnectDefaults.CookieNoncePrefix, firstCookie);
-            Assert.Contains("expires", firstCookie);
+            var challengeCookies = SetCookieHeaderValue.ParseList(transaction.SetCookie);
+            var nonceCookie = challengeCookies.Where(cookie => cookie.Name.StartsWith(OpenIdConnectDefaults.CookieNoncePrefix, StringComparison.Ordinal)).Single();
+            Assert.True(nonceCookie.Expires.HasValue);
+            Assert.True(nonceCookie.Expires > DateTime.UtcNow);
+            Assert.True(nonceCookie.HttpOnly);
+            Assert.Equal("/signin-oidc", nonceCookie.Path);
+            Assert.Equal("N", nonceCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.None, nonceCookie.SameSite);
 
-            var secondCookie = transaction.SetCookie.Skip(1).First();
-            Assert.StartsWith(".AspNetCore.Correlation.OpenIdConnect.", secondCookie);
-            Assert.Contains("expires", secondCookie);
+            var correlationCookie = challengeCookies.Where(cookie => cookie.Name.StartsWith(".AspNetCore.Correlation.", StringComparison.Ordinal)).Single();
+            Assert.True(correlationCookie.Expires.HasValue);
+            Assert.True(nonceCookie.Expires > DateTime.UtcNow);
+            Assert.True(correlationCookie.HttpOnly);
+            Assert.Equal("/signin-oidc", correlationCookie.Path);
+            Assert.False(StringSegment.IsNullOrEmpty(correlationCookie.Value));
+
+            Assert.Equal(2, challengeCookies.Count);
         }
 
         [Fact]
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
index 4ea69369e8..ed20d2f5ac 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
@@ -76,7 +76,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnMessageReceived_Reject_NoMoreEventsRun()
+        public async Task OnMessageReceived_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var remoteFailure = false;
@@ -197,7 +197,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTokenValidated_Reject_NoMoreEventsRun()
+        public async Task OnTokenValidated_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -385,7 +385,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnAuthorizationCodeReceived_Reject_NoMoreEventsRun()
+        public async Task OnAuthorizationCodeReceived_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -596,7 +596,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTokenResponseReceived_Reject_NoMoreEventsRun()
+        public async Task OnTokenResponseReceived_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -825,7 +825,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTokenValidatedBackchannel_Reject_NoMoreEventsRun()
+        public async Task OnTokenValidatedBackchannel_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var codeReceived = false;
@@ -1060,7 +1060,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnUserInformationReceived_Reject_NoMoreEventsRun()
+        public async Task OnUserInformationReceived_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -1321,7 +1321,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnAuthenticationFailed_Reject_NoMoreEventsRun()
+        public async Task OnAuthenticationFailed_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;