dohertj2
78 lines
2.0 KiB
C#
78 lines
2.0 KiB
C#
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Http;
|
|
using ZB.MOM.WW.Auth.AspNetCore;
|
|
|
|
namespace ZB.MOM.WW.Auth.AspNetCore.Tests;
|
|
|
|
public class ZbCookieDefaultsTests
|
|
{
|
|
[Fact]
|
|
public void Apply_SetsHardenedCookieFlags()
|
|
{
|
|
var options = new CookieAuthenticationOptions();
|
|
|
|
ZbCookieDefaults.Apply(options);
|
|
|
|
Assert.True(options.Cookie.HttpOnly);
|
|
Assert.Equal(SameSiteMode.Strict, options.Cookie.SameSite);
|
|
Assert.True(options.SlidingExpiration);
|
|
}
|
|
|
|
[Fact]
|
|
public void Apply_UsesSuppliedIdleTimeout()
|
|
{
|
|
var options = new CookieAuthenticationOptions();
|
|
var idle = TimeSpan.FromMinutes(12);
|
|
|
|
ZbCookieDefaults.Apply(options, idleTimeout: idle);
|
|
|
|
Assert.Equal(idle, options.ExpireTimeSpan);
|
|
}
|
|
|
|
[Fact]
|
|
public void Apply_DefaultsToDefaultIdleTimeout_WhenNotSupplied()
|
|
{
|
|
var options = new CookieAuthenticationOptions();
|
|
|
|
ZbCookieDefaults.Apply(options);
|
|
|
|
Assert.Equal(ZbCookieDefaults.DefaultIdleTimeout, options.ExpireTimeSpan);
|
|
}
|
|
|
|
[Fact]
|
|
public void Apply_RequireHttpsTrue_SetsSecurePolicyAlways()
|
|
{
|
|
var options = new CookieAuthenticationOptions();
|
|
|
|
ZbCookieDefaults.Apply(options, requireHttps: true);
|
|
|
|
Assert.Equal(CookieSecurePolicy.Always, options.Cookie.SecurePolicy);
|
|
}
|
|
|
|
[Fact]
|
|
public void Apply_RequireHttpsFalse_SetsSecurePolicySameAsRequest()
|
|
{
|
|
var options = new CookieAuthenticationOptions();
|
|
|
|
ZbCookieDefaults.Apply(options, requireHttps: false);
|
|
|
|
Assert.Equal(CookieSecurePolicy.SameAsRequest, options.Cookie.SecurePolicy);
|
|
}
|
|
|
|
[Fact]
|
|
public void Apply_DefaultsRequireHttpsToAlways()
|
|
{
|
|
var options = new CookieAuthenticationOptions();
|
|
|
|
ZbCookieDefaults.Apply(options);
|
|
|
|
Assert.Equal(CookieSecurePolicy.Always, options.Cookie.SecurePolicy);
|
|
}
|
|
|
|
[Fact]
|
|
public void Apply_NullOptions_Throws()
|
|
{
|
|
Assert.Throws<ArgumentNullException>(() => ZbCookieDefaults.Apply(null!));
|
|
}
|
|
}
|