diff --git a/Security.sln b/Security.sln index 7c34ff070..2e5ee56d0 100644 --- a/Security.sln +++ b/Security.sln @@ -1,6 +1,6 @@ Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio 15 -VisualStudioVersion = 15.0.26507.0 +VisualStudioVersion = 15.0.26621.2 MinimumVisualStudioVersion = 10.0.40219.1 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}" EndProject @@ -59,6 +59,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution build\common.props = build\common.props build\dependencies.props = build\dependencies.props build\Key.snk = build\Key.snk + NuGet.config = NuGet.config build\repo.props = build\repo.props EndProjectSection EndProject @@ -484,4 +485,7 @@ Global {51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34} {58194599-F07D-47A3-9DF2-E21A22C5EF9E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652} EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {ABF8089E-43D0-4010-84A7-7A9DCFE49357} + EndGlobalSection EndGlobal diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs index 4751c6f85..e093e87b7 100644 --- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs +++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs @@ -14,9 +14,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies { - public class CookieAuthenticationHandler : - AuthenticationHandler, - IAuthenticationSignInHandler, + public class CookieAuthenticationHandler : + AuthenticationHandler, + IAuthenticationSignInHandler, IAuthenticationSignOutHandler { private const string HeaderValueNoCache = "no-cache"; @@ -37,7 +37,7 @@ public CookieAuthenticationHandler(IOptionsSnapshot { } /// - /// The handler calls methods on the events which give the application control at certain points where processing is occurring. + /// The handler calls methods on the events which give the application control at certain points where processing is occurring. /// If it is not provided a default instance is supplied which does nothing when the methods are called. /// protected new CookieAuthenticationEvents Events @@ -104,7 +104,7 @@ private void RequestRefresh(AuthenticationTicket ticket) private async Task ReadCookieTicket() { - var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName); + var cookie = Options.CookieManager.GetRequestCookie(Context, Options.Cookie.Name); if (string.IsNullOrEmpty(cookie)) { return AuthenticateResult.NoResult(); @@ -176,22 +176,9 @@ protected override async Task HandleAuthenticateAsync() private CookieOptions BuildCookieOptions() { - var cookieOptions = new CookieOptions - { - Domain = Options.CookieDomain, - SameSite = Options.CookieSameSite, - HttpOnly = Options.CookieHttpOnly, - Path = Options.CookiePath ?? (OriginalPathBase.HasValue ? OriginalPathBase.ToString() : "/"), - }; - - if (Options.CookieSecure == CookieSecurePolicy.SameAsRequest) - { - cookieOptions.Secure = Request.IsHttps; - } - else - { - cookieOptions.Secure = Options.CookieSecure == CookieSecurePolicy.Always; - } + var cookieOptions = Options.Cookie.Build(Context); + // ignore the 'Expires' value as this will be computed elsewhere + cookieOptions.Expires = null; return cookieOptions; } @@ -239,7 +226,7 @@ protected virtual async Task FinishResponseAsync() Options.CookieManager.AppendResponseCookie( Context, - Options.CookieName, + Options.Cookie.Name, cookieValue, cookieOptions); @@ -283,14 +270,14 @@ public async virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProper if (!signInContext.Properties.ExpiresUtc.HasValue) { - signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan); + signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan)); } await Events.SigningIn(signInContext); if (signInContext.Properties.IsPersistent) { - var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan); + var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan)); signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime(); } @@ -314,7 +301,7 @@ public async virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProper Options.CookieManager.AppendResponseCookie( Context, - Options.CookieName, + Options.Cookie.Name, cookieValue, signInContext.CookieOptions); @@ -359,7 +346,7 @@ public async virtual Task SignOutAsync(AuthenticationProperties properties) Options.CookieManager.DeleteCookie( Context, - Options.CookieName, + Options.Cookie.Name, context.CookieOptions); // Only redirect on the logout path diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs index 01a5ae9c9..4f8b201ad 100644 --- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs +++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using Microsoft.AspNetCore.Authentication.Internal; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Http; @@ -12,7 +13,16 @@ namespace Microsoft.AspNetCore.Authentication.Cookies /// public class CookieAuthenticationOptions : AuthenticationSchemeOptions { - private string _cookieName; + private CookieBuilder _cookieBuilder = new RequestPathBaseCookieBuilder + { + // the default name is configured in PostConfigureCookieAuthenticationOptions + + // To support OAuth authentication, a lax mode is required, see https://github.com/aspnet/Security/issues/1231. + SameSite = SameSiteMode.Lax, + HttpOnly = true, + SecurePolicy = CookieSecurePolicy.SameAsRequest, + Expiration = TimeSpan.FromDays(14), + }; /// /// Create an instance of the options initialized with the default values @@ -20,77 +30,52 @@ public class CookieAuthenticationOptions : AuthenticationSchemeOptions public CookieAuthenticationOptions() { ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter; - ExpireTimeSpan = TimeSpan.FromDays(14); SlidingExpiration = true; - // To support OAuth authentication, a lax mode is required, see https://github.com/aspnet/Security/issues/1231. - CookieSameSite = SameSiteMode.Lax; - CookieHttpOnly = true; - CookieSecure = CookieSecurePolicy.SameAsRequest; Events = new CookieAuthenticationEvents(); } /// - /// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies". + /// + /// Determines the settings used to create the cookie. + /// + /// + /// defaults to . + /// defaults to true. + /// defaults to . + /// defaults to 14 days. + /// + /// + /// + /// + /// The default value for cookie name is ".AspNetCore.Cookies". /// This value should be changed if you change the name of the AuthenticationScheme, especially if your /// system uses the cookie authentication handler multiple times. - /// - public string CookieName + /// + /// + /// determines if the browser should allow the cookie to be attached to same-site or cross-site requests. + /// The default is Lax, which means the cookie is only allowed to be attached to cross-site requests using safe HTTP methods and same-site requests. + /// + /// + /// determines if the browser should allow the cookie to be accessed by client-side javascript. + /// The default is true, which means the cookie will only be passed to http requests and is not made available to script on the page. + /// + /// + /// controls how much time the cookie will remain valid from the point it is created. The expiration + /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored + /// even if it is passed to the server after the browser should have purged it + /// + /// + public CookieBuilder Cookie { - get { return _cookieName; } - set - { - if (value == null) - { - throw new ArgumentNullException(nameof(value)); - } - - _cookieName = value; - } + get => _cookieBuilder; + set => _cookieBuilder = value ?? throw new ArgumentNullException(nameof(value)); } - /// - /// Determines the domain used to create the cookie. Is not provided by default. - /// - public string CookieDomain { get; set; } - - /// - /// Determines the path used to create the cookie. The default value is "/" for highest browser compatibility. - /// - public string CookiePath { get; set; } - - /// - /// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The - /// default is Lax, which means the cookie is only allowed to be attached to cross-site requests using safe - /// HTTP methods and same-site requests. - /// - public SameSiteMode CookieSameSite { get; set; } - - /// - /// Determines if the browser should allow the cookie to be accessed by client-side javascript. The - /// default is true, which means the cookie will only be passed to http requests and is not made available - /// to script on the page. - /// - public bool CookieHttpOnly { get; set; } - - /// - /// Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie - /// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page - /// and portions of your site are HTTP you may need to change this value. - /// - public CookieSecurePolicy CookieSecure { get; set; } - /// /// If set this will be used by the CookieAuthenticationHandler for data protection. /// public IDataProtectionProvider DataProtectionProvider { get; set; } - /// - /// Controls how much time the cookie will remain valid from the point it is created. The expiration - /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored - /// even if it is passed to the server after the browser should have purged it - /// - public TimeSpan ExpireTimeSpan { get; set; } - /// /// The SlidingExpiration is set to true to instruct the handler to re-issue a new cookie with a new /// expiration time any time it processes a request which is more than halfway through the expiration window. @@ -132,8 +117,8 @@ public string CookieName /// public new CookieAuthenticationEvents Events { - get { return (CookieAuthenticationEvents)base.Events; } - set { base.Events = value; } + get => (CookieAuthenticationEvents)base.Events; + set => base.Events = value; } /// @@ -154,5 +139,85 @@ public string CookieName /// to the client. This can be used to mitigate potential problems with very large identities. /// public ITicketStore SessionStore { get; set; } + + #region Obsolete API + /// + /// + /// This property is obsolete and will be removed in a future version. The recommended alternative is on . + /// + /// + /// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies". + /// This value should be changed if you change the name of the AuthenticationScheme, especially if your + /// system uses the cookie authentication handler multiple times. + /// + /// + [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")] + public string CookieName { get => Cookie.Name; set => Cookie.Name = value; } + + /// + /// + /// This property is obsolete and will be removed in a future version. The recommended alternative is on . + /// + /// + /// Determines the domain used to create the cookie. Is not provided by default. + /// + /// + [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")] + public string CookieDomain { get => Cookie.Domain; set => Cookie.Domain = value; } + + /// + /// + /// This property is obsolete and will be removed in a future version. The recommended alternative is on . + /// + /// + /// Determines the path used to create the cookie. The default value is "/" for highest browser compatibility. + /// + /// + [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Path) + ".")] + public string CookiePath { get => Cookie.Path; set => Cookie.Path = value; } + + /// + /// + /// This property is obsolete and will be removed in a future version. The recommended alternative is on . + /// + /// + /// Determines if the browser should allow the cookie to be accessed by client-side javascript. The + /// default is true, which means the cookie will only be passed to http requests and is not made available + /// to script on the page. + /// + /// + [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SameSite) + ".")] + public bool CookieHttpOnly { get => Cookie.HttpOnly; set => Cookie.HttpOnly = value; } + + /// + /// + /// This property is obsolete and will be removed in a future version. The recommended alternative is on . + /// + /// + /// Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie + /// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page + /// and portions of your site are HTTP you may need to change this value. + /// + /// + [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SecurePolicy) + ".")] + public CookieSecurePolicy CookieSecure { get => Cookie.SecurePolicy; set => Cookie.SecurePolicy = value; } + + /// + /// + /// This property is obsolete and will be removed in a future version. The recommended alternative is on . + /// + /// + /// Controls how much time the cookie will remain valid from the point it is created. The expiration + /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored + /// even if it is passed to the server after the browser should have purged it + /// + /// + [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Expiration) + ".")] + public TimeSpan ExpireTimeSpan + { + get => Cookie.Expiration ?? default(TimeSpan); + set => Cookie.Expiration = value; + } + #endregion } } diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj index 712aa8177..fb20a55b9 100644 --- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj +++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj @@ -19,4 +19,8 @@ + + + + diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs index e6a62d1b6..48895072e 100644 --- a/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs +++ b/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs @@ -28,9 +28,9 @@ public void PostConfigure(string name, CookieAuthenticationOptions options) { options.DataProtectionProvider = options.DataProtectionProvider ?? _dp; - if (String.IsNullOrEmpty(options.CookieName)) + if (string.IsNullOrEmpty(options.Cookie.Name)) { - options.CookieName = CookieAuthenticationDefaults.CookiePrefix + name; + options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + name; } if (options.TicketDataFormat == null) { diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs deleted file mode 100644 index e2719f39d..000000000 --- a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs +++ /dev/null @@ -1,62 +0,0 @@ -// -namespace Microsoft.AspNetCore.Authentication.Cookies -{ - using System.Globalization; - using System.Reflection; - using System.Resources; - - internal static class Resources - { - private static readonly ResourceManager _resourceManager - = new ResourceManager("Microsoft.AspNetCore.Authentication.Cookies.Resources", typeof(Resources).GetTypeInfo().Assembly); - - /// - /// The cookie key and options are larger than ChunksSize, leaving no room for data. - /// - internal static string Exception_CookieLimitTooSmall - { - get { return GetString("Exception_CookieLimitTooSmall"); } - } - - /// - /// The cookie key and options are larger than ChunksSize, leaving no room for data. - /// - internal static string FormatException_CookieLimitTooSmall() - { - return GetString("Exception_CookieLimitTooSmall"); - } - - /// - /// The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded. - /// - internal static string Exception_ImcompleteChunkedCookie - { - get { return GetString("Exception_ImcompleteChunkedCookie"); } - } - - /// - /// The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded. - /// - internal static string FormatException_ImcompleteChunkedCookie(object p0, object p1, object p2) - { - return string.Format(CultureInfo.CurrentCulture, GetString("Exception_ImcompleteChunkedCookie"), p0, p1, p2); - } - - private static string GetString(string name, params string[] formatterNames) - { - var value = _resourceManager.GetString(name); - - System.Diagnostics.Debug.Assert(value != null); - - if (formatterNames != null) - { - for (var i = 0; i < formatterNames.Length; i++) - { - value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}"); - } - } - - return value; - } - } -} diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs index 7dade96ee..1471caf44 100644 --- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs +++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs @@ -18,7 +18,6 @@ using Microsoft.AspNetCore.TestHost; using Microsoft.AspNetCore.Testing.xunit; using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Options; using Xunit; namespace Microsoft.AspNetCore.Authentication.Cookies @@ -129,7 +128,7 @@ public async Task SignInCausesDefaultCookieToBeCreated() var server = CreateServerWithServices(s => s.AddAuthentication().AddCookie(o => { o.LoginPath = new PathString("/login"); - o.CookieName = "TestCookie"; + o.Cookie.Name = "TestCookie"; }), SignInAsAlice); var transaction = await SendAsync(server, "http://example.com/testpath"); @@ -150,7 +149,7 @@ public async Task SignInWrongAuthTypeThrows() var server = CreateServer(o => { o.LoginPath = new PathString("/login"); - o.CookieName = "TestCookie"; + o.Cookie.Name = "TestCookie"; }, SignInAsWrong); await Assert.ThrowsAsync(async () => await SendAsync(server, "http://example.com/testpath")); @@ -162,7 +161,7 @@ public async Task SignOutWrongAuthTypeThrows() var server = CreateServer(o => { o.LoginPath = new PathString("/login"); - o.CookieName = "TestCookie"; + o.Cookie.Name = "TestCookie"; }, SignOutAsWrong); await Assert.ThrowsAsync(async () => await SendAsync(server, "http://example.com/testpath")); @@ -183,8 +182,8 @@ public async Task SecureSignInCausesSecureOnlyCookieByDefault( var server = CreateServer(o => { o.LoginPath = new PathString("/login"); - o.CookieName = "TestCookie"; - o.CookieSecure = cookieSecurePolicy; + o.Cookie.Name = "TestCookie"; + o.Cookie.SecurePolicy = cookieSecurePolicy; }, SignInAsAlice); var transaction = await SendAsync(server, requestUri); @@ -205,12 +204,12 @@ public async Task CookieOptionsAlterSetCookieHeader() { var server1 = CreateServer(o => { - o.CookieName = "TestCookie"; - o.CookiePath = "/foo"; - o.CookieDomain = "another.com"; - o.CookieSecure = CookieSecurePolicy.Always; - o.CookieSameSite = SameSiteMode.None; - o.CookieHttpOnly = true; + o.Cookie.Name = "TestCookie"; + o.Cookie.Path = "/foo"; + o.Cookie.Domain = "another.com"; + o.Cookie.SecurePolicy = CookieSecurePolicy.Always; + o.Cookie.SameSite = SameSiteMode.None; + o.Cookie.HttpOnly = true; }, SignInAsAlice, baseAddress: new Uri("http://example.com/base")); var transaction1 = await SendAsync(server1, "http://example.com/base/testpath"); @@ -226,10 +225,10 @@ public async Task CookieOptionsAlterSetCookieHeader() var server2 = CreateServer(o => { - o.CookieName = "SecondCookie"; - o.CookieSecure = CookieSecurePolicy.None; - o.CookieSameSite = SameSiteMode.Strict; - o.CookieHttpOnly = false; + o.Cookie.Name = "SecondCookie"; + o.Cookie.SecurePolicy = CookieSecurePolicy.None; + o.Cookie.SameSite = SameSiteMode.Strict; + o.Cookie.HttpOnly = false; }, SignInAsAlice, baseAddress: new Uri("http://example.com/base")); var transaction2 = await SendAsync(server2, "http://example.com/base/testpath"); @@ -278,7 +277,7 @@ public async Task CookieStopsWorkingAfterExpiration() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.SlidingExpiration = false; }, SignInAsAlice); @@ -307,7 +306,7 @@ public async Task CookieExpirationCanBeOverridenInSignin() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.SlidingExpiration = false; }, context => @@ -340,7 +339,7 @@ public async Task ExpiredCookieWithValidatorStillExpired() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.Events = new CookieAuthenticationEvents { OnValidatePrincipal = ctx => @@ -368,7 +367,7 @@ public async Task CookieCanBeRejectedAndSignedOutByValidator() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.SlidingExpiration = false; o.Events = new CookieAuthenticationEvents { @@ -396,7 +395,7 @@ public async Task CookieNotRenewedAfterSignOut() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.SlidingExpiration = false; o.Events = new CookieAuthenticationEvents { @@ -432,7 +431,7 @@ public async Task CookieCanBeRenewedByValidator() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.SlidingExpiration = false; o.Events = new CookieAuthenticationEvents { @@ -477,7 +476,7 @@ public async Task CookieCanBeRenewedByValidatorWithSlidingExpiry() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.Events = new CookieAuthenticationEvents { OnValidatePrincipal = ctx => @@ -521,7 +520,7 @@ public async Task CookieValidatorOnlyCalledOnce() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.SlidingExpiration = false; o.Events = new CookieAuthenticationEvents { @@ -570,7 +569,7 @@ public async Task ShouldRenewUpdatesIssuedExpiredUtc(bool sliding) DateTimeOffset? lastExpiresDate = null; var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.SlidingExpiration = sliding; o.Events = new CookieAuthenticationEvents { @@ -620,7 +619,7 @@ public async Task CookieExpirationCanBeOverridenInEvent() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.SlidingExpiration = false; o.Events = new CookieAuthenticationEvents() { @@ -657,7 +656,7 @@ public async Task CookieIsRenewedWithSlidingExpiration() { var server = CreateServer(o => { - o.ExpireTimeSpan = TimeSpan.FromMinutes(10); + o.Cookie.Expiration = TimeSpan.FromMinutes(10); o.SlidingExpiration = true; }, SignInAsAlice); @@ -825,7 +824,7 @@ public async Task CanConfigureDefaultCookieInstance() { services.AddAuthentication().AddCookie(); services.Configure(CookieAuthenticationDefaults.AuthenticationScheme, - o => o.CookieName = "One"); + o => o.Cookie.Name = "One"); }); var server = new TestServer(builder); @@ -848,7 +847,7 @@ public async Task CanConfigureNamedCookieInstance() { services.AddAuthentication().AddCookie("Cookie1"); services.Configure("Cookie1", - o => o.CookieName = "One"); + o => o.Cookie.Name = "One"); }); var server = new TestServer(builder); @@ -984,7 +983,7 @@ public async Task RedirectUriIsHoneredAfterSignin(string redirectUrl) var server = CreateServer(o => { o.LoginPath = "/testpath"; - o.CookieName = "TestCookie"; + o.Cookie.Name = "TestCookie"; }, async context => await context.SignInAsync( @@ -1006,7 +1005,7 @@ public async Task RedirectUriInQueryIsHoneredAfterSignin() { o.LoginPath = "/testpath"; o.ReturnUrlParameter = "return"; - o.CookieName = "TestCookie"; + o.Cookie.Name = "TestCookie"; }, async context => { @@ -1028,7 +1027,7 @@ public async Task AbsoluteRedirectUriInQueryStringIsRejected() { o.LoginPath = "/testpath"; o.ReturnUrlParameter = "return"; - o.CookieName = "TestCookie"; + o.Cookie.Name = "TestCookie"; }, async context => { @@ -1049,7 +1048,7 @@ public async Task EnsurePrecedenceOfRedirectUriAfterSignin() { o.LoginPath = "/testpath"; o.ReturnUrlParameter = "return"; - o.CookieName = "TestCookie"; + o.Cookie.Name = "TestCookie"; }, async context => { @@ -1102,7 +1101,7 @@ public async Task CanSpecifyAndShareDataProtector() .ConfigureServices(services => services.AddAuthentication().AddCookie(o => { o.TicketDataFormat = new TicketDataFormat(dp); - o.CookieName = "Cookie"; + o.Cookie.Name = "Cookie"; })); var server1 = new TestServer(builder1); @@ -1121,7 +1120,7 @@ public async Task CanSpecifyAndShareDataProtector() }) .ConfigureServices(services => services.AddAuthentication().AddCookie("Cookies", o => { - o.CookieName = "Cookie"; + o.Cookie.Name = "Cookie"; o.TicketDataFormat = new TicketDataFormat(dp); })); var server2 = new TestServer(builder2); diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs index 5c2458c52..49089234e 100644 --- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs +++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs @@ -314,9 +314,9 @@ public async Task CookiePolicyAppliesToCookieAuth() { services.AddAuthentication().AddCookie(o => { - o.CookieName = "TestCookie"; - o.CookieHttpOnly = false; - o.CookieSecure = CookieSecurePolicy.None; + o.Cookie.Name = "TestCookie"; + o.Cookie.HttpOnly = false; + o.Cookie.SecurePolicy = CookieSecurePolicy.None; }); }) .Configure(app => @@ -354,9 +354,9 @@ public async Task CookiePolicyAppliesToCookieAuthChunks() { services.AddAuthentication().AddCookie(o => { - o.CookieName = "TestCookie"; - o.CookieHttpOnly = false; - o.CookieSecure = CookieSecurePolicy.None; + o.Cookie.Name = "TestCookie"; + o.Cookie.HttpOnly = false; + o.Cookie.SecurePolicy = CookieSecurePolicy.None; }); }) .Configure(app =>