huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

React to security changes

This commit is contained in:
Hao Kung 2015-09-14 15:07:23 -07:00
parent bfe1de4819
commit da3c513ad4
7 changed files with 64 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
test/E2ETests/compiler/shared/Mocks/Facebook/FacebookEvents.cs → test/E2ETests/compiler/shared/Mocks/Facebook/TestFacebookEvents.cs
View File

@ -10,28 +10,28 @@ using MusicStore.Mocks.Common;
namespace MusicStore.Mocks.Facebook
{
internal class FacebookEvents
internal class TestFacebookEvents
{
internal static async Task OnAuthenticated(OAuthAuthenticatedContext context)
internal static Task OnAuthenticated(OAuthAuthenticatedContext context)
{
if (context.Principal != null)
{
Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", "");
Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetEmail(context.User) == "AspnetvnextTest@test.com", "");
Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetId(context.User) == "Id", "");
Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetLink(context.User) == "https://www.facebook.com/myLink", "");
Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "");
Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetUserName(context.User) == "AspnetvnextTest.AspnetvnextTest.7", "");
Helpers.ThrowIfConditionFailed(() => context.User.SelectToken("id").ToString() == FacebookAuthenticationHelper.GetId(context.User), "");
Helpers.ThrowIfConditionFailed(() => FacebookHelper.GetEmail(context.User) == "AspnetvnextTest@test.com", "");
Helpers.ThrowIfConditionFailed(() => FacebookHelper.GetId(context.User) == "Id", "");
Helpers.ThrowIfConditionFailed(() => FacebookHelper.GetLink(context.User) == "https://www.facebook.com/myLink", "");
Helpers.ThrowIfConditionFailed(() => FacebookHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "");
Helpers.ThrowIfConditionFailed(() => FacebookHelper.GetUserName(context.User) == "AspnetvnextTest.AspnetvnextTest.7", "");
Helpers.ThrowIfConditionFailed(() => context.User.SelectToken("id").ToString() == FacebookHelper.GetId(context.User), "");
Helpers.ThrowIfConditionFailed(() => context.ExpiresIn.Value == TimeSpan.FromSeconds(100), "");
Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", "");
context.Principal.Identities.First().AddClaim(new Claim("ManageStore", "false"));
}
await Task.FromResult(0);
return Task.FromResult(0);
}
internal static async Task OnReturnEndpoint(OAuthReturnEndpointContext context)
internal static Task OnReturnEndpoint(OAuthReturnEndpointContext context)
{
if (context.Principal != null && context.SignInScheme == new IdentityCookieOptions().ExternalCookieAuthenticationScheme)
{
@ -45,12 +45,13 @@ namespace MusicStore.Mocks.Facebook
}
}
await Task.FromResult(0);
return Task.FromResult(0);
}
internal static void OnApplyRedirect(OAuthApplyRedirectContext context)
internal static Task OnApplyRedirect(OAuthApplyRedirectContext context)
{
context.Response.Redirect(context.RedirectUri + "&custom_redirect_uri=custom");
return Task.FromResult(0);
}
}
}

17
test/E2ETests/compiler/shared/Mocks/Google/GoogleEvents.cs → test/E2ETests/compiler/shared/Mocks/Google/TestGoogleEvents.cs
View File

@ -10,24 +10,24 @@ using MusicStore.Mocks.Common;
namespace MusicStore.Mocks.Google
{
internal class GoogleEvents
internal class TestGoogleEvents
{
internal static async Task OnAuthenticated(OAuthAuthenticatedContext context)
internal static Task OnAuthenticated(OAuthAuthenticatedContext context)
{
if (context.Principal != null)
{
Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", "Access token is not valid");
Helpers.ThrowIfConditionFailed(() => context.RefreshToken == "ValidRefreshToken", "Refresh token is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetEmail(context.User) == "AspnetvnextTest@gmail.com", "Email is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetId(context.User) == "106790274378320830963", "Id is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetFamilyName(context.User) == "AspnetvnextTest", "FamilyName is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "Name is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleHelper.GetEmail(context.User) == "AspnetvnextTest@gmail.com", "Email is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleHelper.GetId(context.User) == "106790274378320830963", "Id is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleHelper.GetFamilyName(context.User) == "AspnetvnextTest", "FamilyName is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "Name is not valid");
Helpers.ThrowIfConditionFailed(() => context.ExpiresIn.Value == TimeSpan.FromSeconds(1200), "ExpiresIn is not valid");
Helpers.ThrowIfConditionFailed(() => context.User != null, "User object is not valid");
context.Principal.Identities.First().AddClaim(new Claim("ManageStore", "false"));
}
await Task.FromResult(0);
return Task.FromResult(0);
}
internal static async Task OnReturnEndpoint(OAuthReturnEndpointContext context)
@ -47,9 +47,10 @@ namespace MusicStore.Mocks.Google
await Task.FromResult(0);
}
internal static void OnApplyRedirect(OAuthApplyRedirectContext context)
internal static Task OnApplyRedirect(OAuthApplyRedirectContext context)
{
context.Response.Redirect(context.RedirectUri + "&custom_redirect_uri=custom");
return Task.FromResult(0);
}
}
}

23
test/E2ETests/compiler/shared/Mocks/MicrosoftAccount/MicrosoftAccountEvents.cs → test/E2ETests/compiler/shared/Mocks/MicrosoftAccount/TestMicrosoftAccountEvents.cs
View File

@ -10,28 +10,28 @@ using MusicStore.Mocks.Common;
namespace MusicStore.Mocks.MicrosoftAccount
{
internal class MicrosoftAccountEvents
internal class TestMicrosoftAccountEvents
{
internal static async Task OnAuthenticated(OAuthAuthenticatedContext context)
internal static Task OnAuthenticated(OAuthAuthenticatedContext context)
{
if (context.Principal != null)
{
Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", "Access token is not valid");
Helpers.ThrowIfConditionFailed(() => context.RefreshToken == "ValidRefreshToken", "Refresh token is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetFirstName(context.User) == "AspnetvnextTest", "Email is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetLastName(context.User) == "AspnetvnextTest", "Email is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetId(context.User) == "fccf9a24999f4f4f", "Id is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "Name is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountHelper.GetFirstName(context.User) == "AspnetvnextTest", "Email is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountHelper.GetLastName(context.User) == "AspnetvnextTest", "Email is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountHelper.GetId(context.User) == "fccf9a24999f4f4f", "Id is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "Name is not valid");
Helpers.ThrowIfConditionFailed(() => context.ExpiresIn.Value == TimeSpan.FromSeconds(3600), "ExpiresIn is not valid");
Helpers.ThrowIfConditionFailed(() => context.User != null, "User object is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetId(context.User) == context.User.SelectToken("id").ToString(), "User id is not valid");
Helpers.ThrowIfConditionFailed(() => MicrosoftAccountHelper.GetId(context.User) == context.User.SelectToken("id").ToString(), "User id is not valid");
context.Principal.Identities.First().AddClaim(new Claim("ManageStore", "false"));
}
await Task.FromResult(0);
return Task.FromResult(0);
}
internal static async Task OnReturnEndpoint(OAuthReturnEndpointContext context)
internal static Task OnReturnEndpoint(OAuthReturnEndpointContext context)
{
if (context.Principal != null && context.SignInScheme == new IdentityCookieOptions().ExternalCookieAuthenticationScheme)
{
@ -45,12 +45,13 @@ namespace MusicStore.Mocks.MicrosoftAccount
}
}
await Task.FromResult(0);
return Task.FromResult(0);
}
internal static void OnApplyRedirect(OAuthApplyRedirectContext context)
internal static Task OnApplyRedirect(OAuthApplyRedirectContext context)
{
context.Response.Redirect(context.RedirectUri + "&custom_redirect_uri=custom");
return Task.FromResult(0);
}
}
}

2
test/E2ETests/compiler/shared/Mocks/OpenIdConnect/OpenIdConnectEvents.cs → test/E2ETests/compiler/shared/Mocks/OpenIdConnect/TestOpenIdConnectEvents.cs
View File

@ -9,7 +9,7 @@ using MusicStore.Mocks.Common;
namespace MusicStore.Mocks.OpenIdConnect
{
internal class OpenIdConnectEvents
internal class TestOpenIdConnectEvents
{
private static List<string> eventsFired = new List<string>();

12
test/E2ETests/compiler/shared/Mocks/StartupOpenIdConnectTesting.cs
View File

@ -77,13 +77,13 @@ namespace MusicStore
options.ProtocolValidator.NonceLifetime = TimeSpan.FromDays(36500);
options.UseTokenLifetime = false;
options.Events = new OpenIdConnectAuthenticationEvents
options.Events = new OpenIdConnectEvents
{
OnMessageReceived = OpenIdConnectEvents.MessageReceived,
OnAuthorizationCodeReceived = OpenIdConnectEvents.AuthorizationCodeReceived,
OnRedirectToIdentityProvider = OpenIdConnectEvents.RedirectToIdentityProvider,
OnSecurityTokenReceived = OpenIdConnectEvents.SecurityTokenReceived,
OnSecurityTokenValidated = OpenIdConnectEvents.SecurityTokenValidated
OnMessageReceived = TestOpenIdConnectEvents.MessageReceived,
OnAuthorizationCodeReceived = TestOpenIdConnectEvents.AuthorizationCodeReceived,
OnRedirectToIdentityProvider = TestOpenIdConnectEvents.RedirectToIdentityProvider,
OnSecurityTokenReceived = TestOpenIdConnectEvents.SecurityTokenReceived,
OnSecurityTokenValidated = TestOpenIdConnectEvents.SecurityTokenValidated
};
});

32
test/E2ETests/compiler/shared/Mocks/StartupSocialTesting.cs
View File

@ -79,11 +79,11 @@ namespace MusicStore
{
options.AppId = "[AppId]";
options.AppSecret = "[AppSecret]";
options.Events = new OAuthAuthenticationEvents()
options.Events = new OAuthEvents()
{
OnAuthenticated = FacebookEvents.OnAuthenticated,
OnReturnEndpoint = FacebookEvents.OnReturnEndpoint,
OnApplyRedirect = FacebookEvents.OnApplyRedirect
OnAuthenticated = TestFacebookEvents.OnAuthenticated,
OnReturnEndpoint = TestFacebookEvents.OnReturnEndpoint,
OnApplyRedirect = TestFacebookEvents.OnApplyRedirect
};
options.BackchannelHttpHandler = new FacebookMockBackChannelHttpHandler();
options.StateDataFormat = new CustomStateDataFormat();
@ -97,11 +97,11 @@ namespace MusicStore
options.ClientId = "[ClientId]";
options.ClientSecret = "[ClientSecret]";
options.AccessType = "offline";
options.Events = new OAuthAuthenticationEvents()
options.Events = new OAuthEvents()
{
OnAuthenticated = GoogleEvents.OnAuthenticated,
OnReturnEndpoint = GoogleEvents.OnReturnEndpoint,
OnApplyRedirect = GoogleEvents.OnApplyRedirect
OnAuthenticated = TestGoogleEvents.OnAuthenticated,
OnReturnEndpoint = TestGoogleEvents.OnReturnEndpoint,
OnApplyRedirect = TestGoogleEvents.OnApplyRedirect
};
options.StateDataFormat = new CustomStateDataFormat();
options.BackchannelHttpHandler = new GoogleMockBackChannelHttpHandler();
@ -111,11 +111,11 @@ namespace MusicStore
{
options.ConsumerKey = "[ConsumerKey]";
options.ConsumerSecret = "[ConsumerSecret]";
options.Events = new TwitterAuthenticationEvents()
options.Events = new TwitterEvents()
{
OnAuthenticated = TwitterEvents.OnAuthenticated,
OnReturnEndpoint = TwitterEvents.OnReturnEndpoint,
OnApplyRedirect = TwitterEvents.OnApplyRedirect
OnAuthenticated = TestTwitterEvents.OnAuthenticated,
OnReturnEndpoint = TestTwitterEvents.OnReturnEndpoint,
OnApplyRedirect = TestTwitterEvents.OnApplyRedirect
};
options.StateDataFormat = new CustomTwitterStateDataFormat();
options.BackchannelHttpHandler = new TwitterMockBackChannelHttpHandler();
@ -126,11 +126,11 @@ namespace MusicStore
options.Caption = "MicrosoftAccount - Requires project changes";
options.ClientId = "[ClientId]";
options.ClientSecret = "[ClientSecret]";
options.Events = new OAuthAuthenticationEvents()
options.Events = new OAuthEvents()
{
OnAuthenticated = MicrosoftAccountEvents.OnAuthenticated,
OnReturnEndpoint = MicrosoftAccountEvents.OnReturnEndpoint,
OnApplyRedirect = MicrosoftAccountEvents.OnApplyRedirect
OnAuthenticated = TestMicrosoftAccountEvents.OnAuthenticated,
OnReturnEndpoint = TestMicrosoftAccountEvents.OnReturnEndpoint,
OnApplyRedirect = TestMicrosoftAccountEvents.OnApplyRedirect
};
options.BackchannelHttpHandler = new MicrosoftAccountMockBackChannelHandler();
options.StateDataFormat = new CustomStateDataFormat();

13
test/E2ETests/compiler/shared/Mocks/Twitter/TwitterEvents.cs → test/E2ETests/compiler/shared/Mocks/Twitter/TestTwitterEvents.cs
View File

@ -8,9 +8,9 @@ using MusicStore.Mocks.Common;
namespace MusicStore.Mocks.Twitter
{
internal class TwitterEvents
internal class TestTwitterEvents
{
internal static async Task OnAuthenticated(TwitterAuthenticatedContext context)
internal static Task OnAuthenticated(TwitterAuthenticatedContext context)
{
if (context.Principal != null)
{
@ -21,10 +21,10 @@ namespace MusicStore.Mocks.Twitter
context.Principal.Identities.First().AddClaim(new Claim("ManageStore", "false"));
}
await Task.FromResult(0);
return Task.FromResult(0);
}
internal static async Task OnReturnEndpoint(TwitterReturnEndpointContext context)
internal static Task OnReturnEndpoint(TwitterReturnEndpointContext context)
{
if (context.Principal != null && context.SignInScheme == new IdentityCookieOptions().ExternalCookieAuthenticationScheme)
{
@ -38,12 +38,13 @@ namespace MusicStore.Mocks.Twitter
}
}
await Task.FromResult(0);
return Task.FromResult(0);
}
internal static void OnApplyRedirect(TwitterApplyRedirectContext context)
internal static Task OnApplyRedirect(TwitterApplyRedirectContext context)
{
context.Response.Redirect(context.RedirectUri + "&custom_redirect_uri=custom");
return Task.FromResult(0);
}
}
}