From 24e2ec2bbc6ac152f3b6547780a349657249efe6 Mon Sep 17 00:00:00 2001 From: Pascal Martin Date: Tue, 17 Jan 2017 11:16:38 -0500 Subject: [PATCH] only create sid cookie at login if sid not already in cookies --- .../Configuration/Hosting/SessionCookie.cs | 9 +- .../Hosting/SessionCookieTest.cs | 94 +++++++++++++++++++ source/Tests/UnitTests/Core.Tests.csproj | 1 + 3 files changed, 101 insertions(+), 3 deletions(-) create mode 100644 source/Tests/UnitTests/Configuration/Hosting/SessionCookieTest.cs diff --git a/source/Core/Configuration/Hosting/SessionCookie.cs b/source/Core/Configuration/Hosting/SessionCookie.cs index 5b648609b..55362631f 100644 --- a/source/Core/Configuration/Hosting/SessionCookie.cs +++ b/source/Core/Configuration/Hosting/SessionCookie.cs @@ -38,9 +38,12 @@ protected internal SessionCookie(IOwinContext ctx, IdentityServerOptions options public virtual void IssueSessionId(bool? persistent, DateTimeOffset? expires = null) { - context.Response.Cookies.Append( - GetCookieName(), CryptoRandom.CreateUniqueId(), - CreateCookieOptions(persistent, expires)); + if (context.Request.Cookies[GetCookieName()] == null) + { + context.Response.Cookies.Append( + GetCookieName(), CryptoRandom.CreateUniqueId(), + CreateCookieOptions(persistent, expires)); + } } private Microsoft.Owin.CookieOptions CreateCookieOptions(bool? persistent, DateTimeOffset? expires = null) diff --git a/source/Tests/UnitTests/Configuration/Hosting/SessionCookieTest.cs b/source/Tests/UnitTests/Configuration/Hosting/SessionCookieTest.cs new file mode 100644 index 000000000..c6847ad1a --- /dev/null +++ b/source/Tests/UnitTests/Configuration/Hosting/SessionCookieTest.cs @@ -0,0 +1,94 @@ +/* + * Copyright 2014, 2015 Dominick Baier, Brock Allen + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +using System.Collections.Generic; +using FluentAssertions; +using IdentityServer3.Core; +using IdentityServer3.Core.Configuration; +using IdentityServer3.Core.Configuration.Hosting; +using IdentityServer3.Core.Extensions; +using Microsoft.Owin; +using Xunit; + +namespace IdentityServer3.Tests.Configuration.Hosting +{ + public class SessionCookieTest + { + private static IdentityServerOptions ServerOptions() + { + return new IdentityServerOptions(); + } + + private static string GetCookieName() + { + var identityServerOptions = ServerOptions(); + return identityServerOptions.AuthenticationOptions.CookieOptions.GetSessionCookieName(); + } + + private static OwinContext Context(Dictionary responseHeaders, string sid = null) + { + var env = new Dictionary + { + {Constants.OwinEnvironment.IdentityServerBasePath, ""} + }; + env.SetIdentityServerHost("https://identityserver.io"); + + var headers = new Dictionary {{"Host", new[] {"identityserver.io"}}}; + env.Add("owin.RequestHeaders", headers); + + env.Add("owin.ResponseHeaders", responseHeaders); + + if (sid != null) + { + var cookies = new Dictionary + { + {GetCookieName(), sid} + }; + env.Add("Microsoft.Owin.Cookies#dictionary", cookies); + } + + return new OwinContext(env); + } + + [Fact] + public void IssueSessionId_Create_SessionCookie_When_Not_Already_Exist() + { + var identityServerOptions = ServerOptions(); + var responseHeaders = new Dictionary(); + var context = Context(responseHeaders); + var sessionCookie = new SessionCookie(context, identityServerOptions); + + context.Request.Cookies[GetCookieName()].Should().BeNull(); + sessionCookie.IssueSessionId(false); + responseHeaders.ContainsKey("Set-Cookie").Should().BeTrue(); + responseHeaders["Set-Cookie"].Length.Should().Be(1); + responseHeaders["Set-Cookie"][0].Should().Contain(GetCookieName()); + } + + [Fact] + public void IssueSessionId_Not_Create_SessionCookieName_When_Already_Exist() + { + var identityServerOptions = ServerOptions(); + var responseHeaders = new Dictionary(); + var context = Context(responseHeaders, "46259aebd700e600d743967df02997e6"); + var sessionCookie = new SessionCookie(context, identityServerOptions); + + context.Request.Cookies[GetCookieName()].Should().NotBeNullOrWhiteSpace(); + sessionCookie.IssueSessionId(false); + responseHeaders.ContainsKey("Set-Cookie").Should().BeFalse(); + } + } +} \ No newline at end of file diff --git a/source/Tests/UnitTests/Core.Tests.csproj b/source/Tests/UnitTests/Core.Tests.csproj index d7d847679..05b08c1e7 100644 --- a/source/Tests/UnitTests/Core.Tests.csproj +++ b/source/Tests/UnitTests/Core.Tests.csproj @@ -172,6 +172,7 @@ +