Merge pull request #1947 from dotnet-maestro-bot/merge/release/2.2-to-master

[automated] Merge branch 'release/2.2' => 'master'
2018-08-29 15:39:43 -07:00 · 2018-08-29 15:39:43 -07:00 · fcc02103aa
parent ab72b8260a e38a307307
commit fcc02103aa
2 changed files with 48 additions and 3 deletions
--- a/src/Identity/SignInManager.cs
+++ b/src/Identity/SignInManager.cs
@ -258,8 +258,9 @@ namespace Microsoft.AspNetCore.Identity
        /// <param name="securityStamp">The expected security stamp value.</param>
        /// <returns>True if the stamp matches the persisted value, otherwise it will return false.</returns>
        public virtual async Task<bool> ValidateSecurityStampAsync(TUser user, string securityStamp)
-            => user != null && UserManager.SupportsUserSecurityStamp
-            && securityStamp == await UserManager.GetSecurityStampAsync(user);
+            => user != null &&
+            // Only validate the security stamp if the store supports it
+            (!UserManager.SupportsUserSecurityStamp || securityStamp == await UserManager.GetSecurityStampAsync(user));

        /// <summary>
        /// Attempts to sign in the specified <paramref name="user"/> and <paramref name="password"/> combination
--- a/test/Identity.Test/SecurityStampValidatorTest.cs
+++ b/test/Identity.Test/SecurityStampValidatorTest.cs
@ -104,7 +104,7 @@ namespace Microsoft.AspNetCore.Identity.Test
            contextAccessor.Setup(a => a.HttpContext).Returns(httpContext.Object);
            var signInManager = new Mock<SignInManager<PocoUser>>(userManager.Object,
                contextAccessor.Object, claimsManager.Object, identityOptions.Object, null, new Mock<IAuthenticationSchemeProvider>().Object);
-            signInManager.Setup(s => s.ValidateSecurityStampAsync(It.IsAny<ClaimsPrincipal>())).ReturnsAsync(shouldStampValidate ? user : default(PocoUser)).Verifiable();
+            signInManager.Setup(s => s.ValidateSecurityStampAsync(It.IsAny<ClaimsPrincipal>())).ReturnsAsync(shouldStampValidate ? user : default).Verifiable();

            if (shouldStampValidate)
            {
@ -147,6 +147,50 @@ namespace Microsoft.AspNetCore.Identity.Test
            });
        }

+        [Fact]
+        public async Task OnValidateIdentityAcceptsWhenStoreDoesNotSupportSecurityStamp()
+        {
+            var user = new PocoUser("test");
+            var httpContext = new Mock<HttpContext>();
+
+
+            var userManager = MockHelpers.MockUserManager<PocoUser>();
+
+            var claimsManager = new Mock<IUserClaimsPrincipalFactory<PocoUser>>();
+            var identityOptions = new Mock<IOptions<IdentityOptions>>();
+            identityOptions.Setup(a => a.Value).Returns(new IdentityOptions());
+            var options = new Mock<IOptions<SecurityStampValidatorOptions>>();
+            options.Setup(a => a.Value).Returns(new SecurityStampValidatorOptions { ValidationInterval = TimeSpan.Zero });
+            var contextAccessor = new Mock<IHttpContextAccessor>();
+            contextAccessor.Setup(a => a.HttpContext).Returns(httpContext.Object);
+            var signInManager = new SignInManager<PocoUser>(userManager.Object,
+                contextAccessor.Object, claimsManager.Object, identityOptions.Object, null, new Mock<IAuthenticationSchemeProvider>().Object);
+            userManager.Setup(u => u.GetUserAsync(It.IsAny<ClaimsPrincipal>())).ReturnsAsync(user).Verifiable();
+            claimsManager.Setup(c => c.CreateAsync(user)).ReturnsAsync(new ClaimsPrincipal()).Verifiable();
+
+            var services = new ServiceCollection();
+            services.AddSingleton(options.Object);
+            services.AddSingleton(signInManager);
+            services.AddSingleton<ISecurityStampValidator>(new SecurityStampValidator<PocoUser>(options.Object, signInManager, new SystemClock()));
+            httpContext.Setup(c => c.RequestServices).Returns(services.BuildServiceProvider());
+
+            var tid = new ClaimsIdentity(IdentityConstants.ApplicationScheme);
+            tid.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id));
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(tid),
+                new AuthenticationProperties { IssuedUtc = DateTimeOffset.UtcNow.AddSeconds(-1) },
+                IdentityConstants.ApplicationScheme);
+
+            var context = new CookieValidatePrincipalContext(httpContext.Object, new AuthenticationSchemeBuilder(IdentityConstants.ApplicationScheme) { HandlerType = typeof(NoopHandler) }.Build(), new CookieAuthenticationOptions(), ticket);
+            Assert.NotNull(context.Properties);
+            Assert.NotNull(context.Options);
+            Assert.NotNull(context.Principal);
+            await SecurityStampValidator.ValidatePrincipalAsync(context);
+            Assert.NotNull(context.Principal);
+
+            userManager.VerifyAll();
+            claimsManager.VerifyAll();
+        }
+
        [Fact]
        public async Task OnValidateIdentityRejectsWhenNoIssuedUtc()
        {