From f4647743a8314255cba66a5368e873a1fa9050e9 Mon Sep 17 00:00:00 2001 From: Kevin Pilch Date: Thu, 18 Mar 2021 13:47:55 -0700 Subject: [PATCH 1/3] Resolve conflicts --- .../Tests/WebAssemblyAuthenticationTests.cs | 18 +++--- ...tedEncryptorDescriptorDeserializerTests.cs | 8 ++- .../AuthenticatedEncryptorDescriptorTests.cs | 17 ++--- ...tedEncryptorDescriptorDeserializerTests.cs | 8 ++- ...bcAuthenticatedEncryptorDescriptorTests.cs | 17 ++--- ...tedEncryptorDescriptorDeserializerTests.cs | 8 ++- ...cmAuthenticatedEncryptorDescriptorTests.cs | 17 ++--- ...tedEncryptorDescriptorDeserializerTests.cs | 29 ++++----- ...edAuthenticatedEncryptorDescriptorTests.cs | 31 +++++----- .../test/EF.Test/DefaultPocoTest.cs | 2 +- .../test/EF.Test/UserOnlyCustomContextTest.cs | 2 +- .../test/EF.Test/UserOnlyTest.cs | 4 +- .../Identity.FunctionalTests/LoginTests.cs | 34 +++++----- .../ManagementTests.cs | 27 ++++---- .../RegistrationTests.cs | 8 +-- .../test/Identity.Test/SignInManagerTest.cs | 62 +++++++++---------- .../test/InMemory.Test/ControllerTest.cs | 2 +- .../test/InMemory.Test/FunctionalTest.cs | 2 +- 18 files changed, 153 insertions(+), 143 deletions(-) diff --git a/src/Components/test/E2ETest/Tests/WebAssemblyAuthenticationTests.cs b/src/Components/test/E2ETest/Tests/WebAssemblyAuthenticationTests.cs index d1fc96776bf9..f5b006c341a2 100644 --- a/src/Components/test/E2ETest/Tests/WebAssemblyAuthenticationTests.cs +++ b/src/Components/test/E2ETest/Tests/WebAssemblyAuthenticationTests.cs @@ -78,7 +78,7 @@ public void AnonymousUser_GetsRedirectedToLogin_AndBackToOriginalProtectedResour ClickAndNavigate(link, page); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; FirstTimeRegister(userName, password); @@ -96,7 +96,7 @@ public void CanPreserveApplicationState_DuringLogIn() ClickAndNavigate(link, page); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; FirstTimeRegister(userName, password); @@ -116,7 +116,7 @@ public void CanShareUserRolesBetweenClientAndServer() ClickAndNavigate(By.PartialLinkText("Log in"), "/Identity/Account/Login"); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; FirstTimeRegister(userName, password); ClickAndNavigate(By.PartialLinkText("Make admin"), "/new-admin"); @@ -141,7 +141,7 @@ public void AnonymousUser_CanRegister_AndGetLoggedIn() ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register"); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; RegisterCore(userName, password); CompleteProfileDetails(); @@ -158,7 +158,7 @@ public void AuthenticatedUser_ProfileIncludesDetails_And_AccessToken() ClickAndNavigate(By.PartialLinkText("User"), "/Identity/Account/Login"); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; FirstTimeRegister(userName, password); Browser.Contains("user", () => Browser.Url); @@ -213,7 +213,7 @@ public void AuthenticatedUser_CanGoToProfile() ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register"); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; RegisterCore(userName, password); CompleteProfileDetails(); @@ -255,7 +255,7 @@ public void NewlyRegisteredUser_CanLogOut() ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register"); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; RegisterCore(userName, password); CompleteProfileDetails(); @@ -268,7 +268,7 @@ public void AlreadyRegisteredUser_CanLogOut() ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register"); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; RegisterCore(userName, password); CompleteProfileDetails(); @@ -294,7 +294,7 @@ public void LoggedInUser_OnTheIdP_CanLogInSilently() ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register"); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; RegisterCore(userName, password); CompleteProfileDetails(); ValidateLoggedIn(userName); diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs index e7ef5d69c74f..fb4c9189f4ac 100644 --- a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs +++ b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using System.Xml.Linq; using Microsoft.AspNetCore.DataProtection.KeyManagement; using Microsoft.Extensions.Logging.Abstractions; @@ -15,20 +16,21 @@ public class AuthenticatedEncryptorDescriptorDeserializerTests public void ImportFromXml_Cbc_CreatesAppropriateDescriptor() { // Arrange + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new AuthenticatedEncryptorDescriptor( new AuthenticatedEncryptorConfiguration() { EncryptionAlgorithm = EncryptionAlgorithm.AES_192_CBC, ValidationAlgorithm = ValidationAlgorithm.HMACSHA512 }, - "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret()); + masterKey.ToSecret()); var control = CreateEncryptorInstanceFromDescriptor(descriptor); - const string xml = @" + var xml = $@" - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} "; var deserializedDescriptor = new AuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml)); var test = CreateEncryptorInstanceFromDescriptor(deserializedDescriptor as AuthenticatedEncryptorDescriptor); diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs index c268589b27ac..74dbd2b10037 100644 --- a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs +++ b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs @@ -4,6 +4,7 @@ using System; using System.Globalization; using System.Security.Cryptography; +using System.Text; using System.Text.RegularExpressions; using Microsoft.AspNetCore.Cryptography.Cng; using Microsoft.AspNetCore.Cryptography.SafeHandles; @@ -118,20 +119,20 @@ public void CreateAuthenticatedEncryptor_RoundTripsData_ManagedImplementation( public void ExportToXml_ProducesCorrectPayload_Cbc() { // Arrange - var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret(); - var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_CBC, ValidationAlgorithm.HMACSHA512, masterKey); + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); + var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_CBC, ValidationAlgorithm.HMACSHA512, masterKey.ToSecret()); // Act var retVal = descriptor.ExportToXml(); // Assert Assert.Equal(typeof(AuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType); - const string expectedXml = @" + var expectedXml = $@" - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} "; XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement); @@ -141,20 +142,20 @@ public void ExportToXml_ProducesCorrectPayload_Cbc() public void ExportToXml_ProducesCorrectPayload_Gcm() { // Arrange - var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret(); - var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_GCM, ValidationAlgorithm.HMACSHA512, masterKey); + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); + var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_GCM, ValidationAlgorithm.HMACSHA512, masterKey.ToSecret()); // Act var retVal = descriptor.ExportToXml(); // Assert Assert.Equal(typeof(AuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType); - const string expectedXml = @" + var expectedXml = $@" - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} "; XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement); diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs index 483567e815d8..c56ec763d53d 100644 --- a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs +++ b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using System.Xml.Linq; using Microsoft.AspNetCore.Cryptography; using Microsoft.AspNetCore.DataProtection.KeyManagement; @@ -18,6 +19,7 @@ public class CngCbcAuthenticatedEncryptorDescriptorDeserializerTests [ConditionalRunTestOnlyOnWindows] public void ImportFromXml_CreatesAppropriateDescriptor() { + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); // Arrange var descriptor = new CngCbcAuthenticatedEncryptorDescriptor( new CngCbcAuthenticatedEncryptorConfiguration() @@ -28,14 +30,14 @@ public void ImportFromXml_CreatesAppropriateDescriptor() HashAlgorithm = Constants.BCRYPT_SHA512_ALGORITHM, HashAlgorithmProvider = null }, - "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret()); + masterKey.ToSecret()); var control = CreateEncryptorInstanceFromDescriptor(descriptor); - const string xml = @" + var xml = $@" - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} "; var deserializedDescriptor = new CngCbcAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml)); var test = CreateEncryptorInstanceFromDescriptor(deserializedDescriptor as CngCbcAuthenticatedEncryptorDescriptor); diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs index 090465fb136e..6e251e03e9fb 100644 --- a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs +++ b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using Xunit; namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel @@ -12,7 +13,7 @@ public class CngCbcAuthenticatedEncryptorDescriptorTests public void ExportToXml_WithProviders_ProducesCorrectPayload() { // Arrange - var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret(); + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new CngCbcAuthenticatedEncryptorDescriptor(new CngCbcAuthenticatedEncryptorConfiguration() { EncryptionAlgorithm = "enc-alg", @@ -20,19 +21,19 @@ public void ExportToXml_WithProviders_ProducesCorrectPayload() EncryptionAlgorithmProvider = "enc-alg-prov", HashAlgorithm = "hash-alg", HashAlgorithmProvider = "hash-alg-prov" - }, masterKey); + }, masterKey.ToSecret()); // Act var retVal = descriptor.ExportToXml(); // Assert Assert.Equal(typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType); - const string expectedXml = @" + var expectedXml = $@" - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} "; XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement); @@ -42,25 +43,25 @@ public void ExportToXml_WithProviders_ProducesCorrectPayload() public void ExportToXml_WithoutProviders_ProducesCorrectPayload() { // Arrange - var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret(); + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new CngCbcAuthenticatedEncryptorDescriptor(new CngCbcAuthenticatedEncryptorConfiguration() { EncryptionAlgorithm = "enc-alg", EncryptionAlgorithmKeySize = 2048, HashAlgorithm = "hash-alg" - }, masterKey); + }, masterKey.ToSecret()); // Act var retVal = descriptor.ExportToXml(); // Assert Assert.Equal(typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType); - const string expectedXml = @" + var expectedXml = $@" - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} "; XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement); diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs index ca81db58461e..dff9d40e634d 100644 --- a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs +++ b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using System.Xml.Linq; using Microsoft.AspNetCore.Cryptography; using Microsoft.AspNetCore.DataProtection.KeyManagement; @@ -19,6 +20,7 @@ public class CngGcmAuthenticatedEncryptorDescriptorDeserializerTests public void ImportFromXml_CreatesAppropriateDescriptor() { // Arrange + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new CngGcmAuthenticatedEncryptorDescriptor( new CngGcmAuthenticatedEncryptorConfiguration() { @@ -26,13 +28,13 @@ public void ImportFromXml_CreatesAppropriateDescriptor() EncryptionAlgorithmKeySize = 192, EncryptionAlgorithmProvider = null }, - "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret()); + masterKey.ToSecret()); var control = CreateEncryptorInstanceFromDescriptor(descriptor); - const string xml = @" + var xml = $@" - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} "; var deserializedDescriptor = new CngGcmAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml)); var test = CreateEncryptorInstanceFromDescriptor(deserializedDescriptor as CngGcmAuthenticatedEncryptorDescriptor); diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs index 933f7e7d8564..16fcfd2cd74d 100644 --- a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs +++ b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using Xunit; namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel @@ -12,24 +13,24 @@ public class CngGcmAuthenticatedEncryptorDescriptorTests public void ExportToXml_WithProviders_ProducesCorrectPayload() { // Arrange - var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret(); + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new CngGcmAuthenticatedEncryptorDescriptor(new CngGcmAuthenticatedEncryptorConfiguration() { EncryptionAlgorithm = "enc-alg", EncryptionAlgorithmKeySize = 2048, EncryptionAlgorithmProvider = "enc-alg-prov" - }, masterKey); + }, masterKey.ToSecret()); // Act var retVal = descriptor.ExportToXml(); // Assert Assert.Equal(typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType); - const string expectedXml = @" + var expectedXml = $@" - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} "; XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement); @@ -39,23 +40,23 @@ public void ExportToXml_WithProviders_ProducesCorrectPayload() public void ExportToXml_WithoutProviders_ProducesCorrectPayload() { // Arrange - var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret(); + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new CngGcmAuthenticatedEncryptorDescriptor(new CngGcmAuthenticatedEncryptorConfiguration() { EncryptionAlgorithm = "enc-alg", EncryptionAlgorithmKeySize = 2048 - }, masterKey); + }, masterKey.ToSecret()); // Act var retVal = descriptor.ExportToXml(); // Assert Assert.Equal(typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType); - const string expectedXml = @" + var expectedXml = $@" - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} "; XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement); diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs index 69cc556e6bf6..5752f56107e3 100644 --- a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs +++ b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs @@ -3,6 +3,7 @@ using System; using System.Security.Cryptography; +using System.Text; using System.Xml.Linq; using Microsoft.AspNetCore.DataProtection.KeyManagement; using Microsoft.Extensions.Logging.Abstractions; @@ -20,6 +21,7 @@ public class ManagedAuthenticatedEncryptorDescriptorDeserializerTests public void ImportFromXml_BuiltInTypes_CreatesAppropriateDescriptor(Type encryptionAlgorithmType, Type validationAlgorithmType) { // Arrange + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new ManagedAuthenticatedEncryptorDescriptor( new ManagedAuthenticatedEncryptorConfiguration() { @@ -27,18 +29,17 @@ public void ImportFromXml_BuiltInTypes_CreatesAppropriateDescriptor(Type encrypt EncryptionAlgorithmKeySize = 192, ValidationAlgorithmType = validationAlgorithmType }, - "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret()); + masterKey.ToSecret()); var control = CreateEncryptorInstanceFromDescriptor(descriptor); - string xml = string.Format(@" + var xml = $@" - - + + - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} - ", - encryptionAlgorithmType.Name, validationAlgorithmType.Name); + "; var deserializedDescriptor = new ManagedAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml)); var test = CreateEncryptorInstanceFromDescriptor(deserializedDescriptor as ManagedAuthenticatedEncryptorDescriptor); @@ -54,6 +55,7 @@ public void ImportFromXml_BuiltInTypes_CreatesAppropriateDescriptor(Type encrypt public void ImportFromXml_CustomType_CreatesAppropriateDescriptor() { // Arrange + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new ManagedAuthenticatedEncryptorDescriptor( new ManagedAuthenticatedEncryptorConfiguration() { @@ -61,18 +63,17 @@ public void ImportFromXml_CustomType_CreatesAppropriateDescriptor() EncryptionAlgorithmKeySize = 192, ValidationAlgorithmType = typeof(HMACSHA384) }, - "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret()); + masterKey.ToSecret()); var control = CreateEncryptorInstanceFromDescriptor(descriptor); - string xml = string.Format(@" + var xml = $@" - - + + - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} - ", - typeof(Aes).AssemblyQualifiedName, typeof(HMACSHA384).AssemblyQualifiedName); + "; var deserializedDescriptor = new ManagedAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml)); var test = CreateEncryptorInstanceFromDescriptor(deserializedDescriptor as ManagedAuthenticatedEncryptorDescriptor); diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorTests.cs b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorTests.cs index 4e4f4534484e..3aaa9abe3f1e 100644 --- a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorTests.cs +++ b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorTests.cs @@ -3,6 +3,7 @@ using System; using System.Security.Cryptography; +using System.Text; using Xunit; namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel @@ -13,28 +14,27 @@ public class ManagedAuthenticatedEncryptorDescriptorTests public void ExportToXml_CustomTypes_ProducesCorrectPayload() { // Arrange - var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret(); + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new ManagedAuthenticatedEncryptorDescriptor(new ManagedAuthenticatedEncryptorConfiguration() { EncryptionAlgorithmType = typeof(MySymmetricAlgorithm), EncryptionAlgorithmKeySize = 2048, ValidationAlgorithmType = typeof(MyKeyedHashAlgorithm) - }, masterKey); + }, masterKey.ToSecret()); // Act var retVal = descriptor.ExportToXml(); // Assert Assert.Equal(typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType); - string expectedXml = string.Format(@" + var expectedXml = $@" - - + + - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} - ", - typeof(MySymmetricAlgorithm).AssemblyQualifiedName, typeof(MyKeyedHashAlgorithm).AssemblyQualifiedName); + "; XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement); } @@ -46,28 +46,27 @@ public void ExportToXml_CustomTypes_ProducesCorrectPayload() public void ExportToXml_BuiltInTypes_ProducesCorrectPayload(Type encryptionAlgorithmType, Type validationAlgorithmType) { // Arrange - var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret(); + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); var descriptor = new ManagedAuthenticatedEncryptorDescriptor(new ManagedAuthenticatedEncryptorConfiguration() { EncryptionAlgorithmType = encryptionAlgorithmType, EncryptionAlgorithmKeySize = 2048, ValidationAlgorithmType = validationAlgorithmType - }, masterKey); + }, masterKey.ToSecret()); // Act var retVal = descriptor.ExportToXml(); // Assert Assert.Equal(typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType); - string expectedXml = string.Format(@" + var expectedXml = $@" - - + + - k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA== + {masterKey} - ", - encryptionAlgorithmType.Name, validationAlgorithmType.Name); + "; XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement); } diff --git a/src/Identity/EntityFrameworkCore/test/EF.Test/DefaultPocoTest.cs b/src/Identity/EntityFrameworkCore/test/EF.Test/DefaultPocoTest.cs index 7d16e21ea00a..7a6fb129c969 100644 --- a/src/Identity/EntityFrameworkCore/test/EF.Test/DefaultPocoTest.cs +++ b/src/Identity/EntityFrameworkCore/test/EF.Test/DefaultPocoTest.cs @@ -50,7 +50,7 @@ public async Task EnsureStartupUsageWorks() Assert.NotNull(userManager); const string userName = "admin"; - const string password = "1qaz@WSX"; + const string password = "[PLACEHOLDER]-1a"; var user = new IdentityUser { UserName = userName }; IdentityResultAssert.IsSuccess(await userManager.CreateAsync(user, password)); IdentityResultAssert.IsSuccess(await userManager.DeleteAsync(user)); diff --git a/src/Identity/EntityFrameworkCore/test/EF.Test/UserOnlyCustomContextTest.cs b/src/Identity/EntityFrameworkCore/test/EF.Test/UserOnlyCustomContextTest.cs index e59988136ae7..763a16d475c5 100644 --- a/src/Identity/EntityFrameworkCore/test/EF.Test/UserOnlyCustomContextTest.cs +++ b/src/Identity/EntityFrameworkCore/test/EF.Test/UserOnlyCustomContextTest.cs @@ -95,7 +95,7 @@ public async Task EnsureStartupUsageWorks() Assert.NotNull(userManager); const string userName = "admin"; - const string password = "1qaz@WSX"; + const string password = "[PLACEHOLDER]-1a"; var user = new IdentityUser { UserName = userName }; IdentityResultAssert.IsSuccess(await userManager.CreateAsync(user, password)); IdentityResultAssert.IsSuccess(await userManager.DeleteAsync(user)); diff --git a/src/Identity/EntityFrameworkCore/test/EF.Test/UserOnlyTest.cs b/src/Identity/EntityFrameworkCore/test/EF.Test/UserOnlyTest.cs index 0cd5c40fd8e8..13d0e85e04fc 100644 --- a/src/Identity/EntityFrameworkCore/test/EF.Test/UserOnlyTest.cs +++ b/src/Identity/EntityFrameworkCore/test/EF.Test/UserOnlyTest.cs @@ -57,7 +57,7 @@ public async Task EnsureStartupUsageWorks() Assert.NotNull(userManager); const string userName = "admin"; - const string password = "1qaz@WSX"; + const string password = "[PLACEHOLDER]-1a"; var user = new IdentityUser { UserName = userName }; IdentityResultAssert.IsSuccess(await userManager.CreateAsync(user, password)); IdentityResultAssert.IsSuccess(await userManager.DeleteAsync(user)); @@ -74,7 +74,7 @@ public async Task FindByEmailThrowsWithTwoUsersWithSameEmail() var userA = new IdentityUser(Guid.NewGuid().ToString()); userA.Email = "dupe@dupe.com"; - const string password = "1qaz@WSX"; + const string password = "[PLACEHOLDER]-1a"; IdentityResultAssert.IsSuccess(await manager.CreateAsync(userA, password)); var userB = new IdentityUser(Guid.NewGuid().ToString()); userB.Email = "dupe@dupe.com"; diff --git a/src/Identity/test/Identity.FunctionalTests/LoginTests.cs b/src/Identity/test/Identity.FunctionalTests/LoginTests.cs index bb7529a3a6c2..7a7b0b59fce4 100644 --- a/src/Identity/test/Identity.FunctionalTests/LoginTests.cs +++ b/src/Identity/test/Identity.FunctionalTests/LoginTests.cs @@ -31,7 +31,7 @@ public async Task CanLogInWithAPreviouslyRegisteredUser() var newClient = ServerFactory.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; // Act & Assert await UserStories.RegisterNewUserAsync(client, userName, password); @@ -54,7 +54,7 @@ void ConfigureTestServices(IServiceCollection services) => var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; // Act & Assert await UserStories.RegisterNewUserAsync(client, userName, password); @@ -71,7 +71,7 @@ public async Task CanLogInWithTwoFactorAuthentication() var newClient = ServerFactory.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); var showRecoveryCodes = await UserStories.EnableTwoFactorAuthentication(loggedIn); @@ -97,7 +97,7 @@ void ConfigureTestServices(IServiceCollection services) => var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); var showRecoveryCodes = await UserStories.EnableTwoFactorAuthentication(loggedIn); @@ -117,7 +117,7 @@ public async Task CanLogInWithRecoveryCode() var newClient = ServerFactory.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); var showRecoveryCodes = await UserStories.EnableTwoFactorAuthentication(loggedIn); @@ -142,7 +142,7 @@ void ConfigureTestServices(IServiceCollection services) => var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); var showRecoveryCodes = await UserStories.EnableTwoFactorAuthentication(loggedIn); @@ -169,7 +169,7 @@ void ConfigureTestServices(IServiceCollection services) => services var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); @@ -194,7 +194,7 @@ void ConfigureTestServices(IServiceCollection services) => services var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); @@ -218,7 +218,7 @@ void ConfigureTestServices(IServiceCollection services) => services var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); @@ -245,7 +245,7 @@ void ConfigureTestServices(IServiceCollection services) => services var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); @@ -273,7 +273,7 @@ void ConfigureTestServices(IServiceCollection services) => services var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); @@ -343,8 +343,8 @@ void ConfigureTestServices(IServiceCollection services) => services var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; - var newPassword = $"!New.Password1$"; + var password = $"[PLACEHOLDER]-1a"; + var newPassword = $"[PLACEHOLDER]-1a-updated"; await UserStories.RegisterNewUserAsync(client, userName, password); var registrationEmail = Assert.Single(emailSender.SentEmails); @@ -373,8 +373,8 @@ void ConfigureTestServices(IServiceCollection services) => var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; - var newPassword = $"!New.Password1$"; + var password = $"[PLACEHOLDER]-1a"; + var newPassword = $"[PLACEHOLDER]-1a-updated"; await UserStories.RegisterNewUserAsync(client, userName, password); var registrationEmail = Assert.Single(emailSender.SentEmails); @@ -402,8 +402,8 @@ void ConfigureTestServices(IServiceCollection services) => var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; - var wrongPassword = $"!Wrong.Password1$"; + var password = $"[PLACEHOLDER]-1a"; + var wrongPassword = $"[PLACEHOLDER]-1a-wrong"; await UserStories.RegisterNewUserAsync(client, userName, password); var registrationEmail = Assert.Single(emailSender.SentEmails); diff --git a/src/Identity/test/Identity.FunctionalTests/ManagementTests.cs b/src/Identity/test/Identity.FunctionalTests/ManagementTests.cs index 6bb5c8e64d32..2325fe6fea90 100644 --- a/src/Identity/test/Identity.FunctionalTests/ManagementTests.cs +++ b/src/Identity/test/Identity.FunctionalTests/ManagementTests.cs @@ -38,7 +38,7 @@ public async Task CanEnableTwoFactorAuthentication() .CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var index = await UserStories.RegisterNewUserAsync(client, userName, password); @@ -54,7 +54,7 @@ public async Task CannotEnableTwoFactorAuthenticationWithoutCookieConsent() .CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var index = await UserStories.RegisterNewUserAsync(client, userName, password); @@ -75,7 +75,7 @@ void ConfigureTestServices(IServiceCollection services) => var client = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var index = await UserStories.RegisterNewUserAsync(client, userName, password); var manageIndex = await UserStories.SendEmailConfirmationLinkAsync(index); @@ -101,7 +101,7 @@ void ConfigureTestServices(IServiceCollection services) => var failedClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var newEmail = "updatedEmail@example.com"; var index = await UserStories.RegisterNewUserAsync(client, userName, password); @@ -132,19 +132,20 @@ void ConfigureTestServices(IServiceCollection services) => var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = "!Test.Password1"; + var password = "[PLACEHOLDER]-1a"; + var newPassword = "[PLACEHOLDER]-1a-updated"; var index = await UserStories.RegisterNewUserAsync(client, userName, password); // Act 1 - var changedPassword = await UserStories.ChangePasswordAsync(index, "!Test.Password1", "!Test.Password2"); + var changedPassword = await UserStories.ChangePasswordAsync(index, password, newPassword); // Assert 1 // RefreshSignIn generates a new security stamp claim AssertClaimsNotEqual(principals[0], principals[1], "AspNet.Identity.SecurityStamp"); // Act 2 - await UserStories.LoginExistingUserAsync(newClient, userName, "!Test.Password2"); + await UserStories.LoginExistingUserAsync(newClient, userName, newPassword); // Assert 2 // Signing in again with a different client uses the same security stamp claim @@ -180,7 +181,7 @@ void ConfigureTestServices(IServiceCollection services) => Assert.NotNull(principals[1].Identities.Single().Claims.Single(c => c.Type == ClaimTypes.AuthenticationMethod).Value); // Act 2 - await UserStories.SetPasswordAsync(index, "!Test.Password2"); + await UserStories.SetPasswordAsync(index, "[PLACEHOLDER]-1a-updated"); // Assert 2 // RefreshSignIn uses the same AuthenticationMethod claim value @@ -188,7 +189,7 @@ void ConfigureTestServices(IServiceCollection services) => // Act & Assert 3 // Can log in with the password set above - await UserStories.LoginExistingUserAsync(loginAfterSetPasswordClient, email, "!Test.Password2"); + await UserStories.LoginExistingUserAsync(loginAfterSetPasswordClient, email, "[PLACEHOLDER]-1a-updated"); } [Fact] @@ -211,7 +212,7 @@ void ConfigureTestServices(IServiceCollection services) => var email = $"{guid}@example.com"; // Act - var index = await UserStories.RegisterNewUserAsync(client, email, "!TestPassword1"); + var index = await UserStories.RegisterNewUserAsync(client, email, "[PLACEHOLDER]-1a"); var linkLogin = await UserStories.LinkExternalLoginAsync(index, email); await UserStories.RemoveExternalLoginAsync(linkLogin, email); @@ -258,7 +259,7 @@ void ConfigureTestServices(IServiceCollection services) => var newClient = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; // Act var loggedIn = await UserStories.RegisterNewUserAsync(client, userName, password); @@ -295,7 +296,7 @@ void ConfigureTestServices(IServiceCollection services) => var index = social ? await UserStories.RegisterNewUserWithSocialLoginAsync(client, userName, email) - : await UserStories.RegisterNewUserAsync(client, email, "!TestPassword1"); + : await UserStories.RegisterNewUserAsync(client, email, "[PLACEHOLDER]-1a"); if (twoFactor) { @@ -362,7 +363,7 @@ public async Task CanDeleteUser() .CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; var index = await UserStories.RegisterNewUserAsync(client, userName, password); diff --git a/src/Identity/test/Identity.FunctionalTests/RegistrationTests.cs b/src/Identity/test/Identity.FunctionalTests/RegistrationTests.cs index 55d3cb693f51..8292f1dc1e73 100644 --- a/src/Identity/test/Identity.FunctionalTests/RegistrationTests.cs +++ b/src/Identity/test/Identity.FunctionalTests/RegistrationTests.cs @@ -34,7 +34,7 @@ public async Task CanRegisterAUser() .CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; // Act & Assert await UserStories.RegisterNewUserAsync(client, userName, password); @@ -52,7 +52,7 @@ public async Task CanRegisterAUserWithRequiredConfirmation() var client2 = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; // Act & Assert var register = await UserStories.RegisterNewUserAsyncWithConfirmation(client, userName, password); @@ -84,7 +84,7 @@ void ConfigureTestServices(IServiceCollection services) { var client2 = server.CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; // Act & Assert var register = await UserStories.RegisterNewUserAsyncWithConfirmation(client, userName, password, hasRealEmailSender: true); @@ -105,7 +105,7 @@ void ConfigureTestServices(IServiceCollection services) => .CreateClient(); var userName = $"{Guid.NewGuid()}@example.com"; - var password = $"!Test.Password1$"; + var password = $"[PLACEHOLDER]-1a"; // Act & Assert await UserStories.RegisterNewUserAsync(client, userName, password); diff --git a/src/Identity/test/Identity.Test/SignInManagerTest.cs b/src/Identity/test/Identity.Test/SignInManagerTest.cs index c65f9900a5a7..89090591b0c3 100644 --- a/src/Identity/test/Identity.Test/SignInManagerTest.cs +++ b/src/Identity/test/Identity.Test/SignInManagerTest.cs @@ -54,7 +54,7 @@ public class SignInManagerTest // { // UserName = "Yolo" // }; - // const string password = "Yol0Sw@g!"; + // const string password = "[PLACEHOLDER]-1a"; // var userManager = app.ApplicationServices.GetRequiredService(); // var HttpSignInManager = app.ApplicationServices.GetRequiredService(); @@ -127,7 +127,7 @@ public async Task PasswordSignInReturnsLockedOutWhenLockedOut() var helper = new SignInManager(manager.Object, contextAccessor.Object, claimsFactory, options.Object, logger, new Mock().Object, new DefaultUserConfirmation()); // Act - var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false); + var result = await helper.PasswordSignInAsync(user.UserName, "[PLACEHOLDER]-bogus1", false, false); // Assert Assert.False(result.Succeeded); @@ -157,7 +157,7 @@ public async Task CheckPasswordSignInReturnsLockedOutWhenLockedOut() var helper = new SignInManager(manager.Object, contextAccessor.Object, claimsFactory, options.Object, logger, new Mock().Object, new DefaultUserConfirmation()); // Act - var result = await helper.CheckPasswordSignInAsync(user, "bogus", false); + var result = await helper.CheckPasswordSignInAsync(user, "[PLACEHOLDER]-bogus1", false); // Assert Assert.False(result.Succeeded); @@ -201,14 +201,14 @@ public async Task CanPasswordSignIn(bool isPersistent) var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); var context = new DefaultHttpContext(); var auth = MockAuth(context); SetupSignIn(context, auth, user.Id, isPersistent, loginProvider: null, amr: "pwd"); var helper = SetupSignInManager(manager.Object, context); // Act - var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false); + var result = await helper.PasswordSignInAsync(user.UserName, "[PLACEHOLDER]-1a", isPersistent, false); // Assert Assert.True(result.Succeeded); @@ -224,7 +224,7 @@ public async Task CanPasswordSignInWithNoLogger() var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); var context = new DefaultHttpContext(); var auth = MockAuth(context); @@ -232,7 +232,7 @@ public async Task CanPasswordSignInWithNoLogger() var helper = SetupSignInManager(manager.Object, context); // Act - var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false); + var result = await helper.PasswordSignInAsync(user.UserName, "[PLACEHOLDER]-1a", false, false); // Assert Assert.True(result.Succeeded); @@ -249,7 +249,7 @@ public async Task PasswordSignInWorksWithNonTwoFactorStore() var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable(); var context = new DefaultHttpContext(); @@ -258,7 +258,7 @@ public async Task PasswordSignInWorksWithNonTwoFactorStore() var helper = SetupSignInManager(manager.Object, context); // Act - var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false); + var result = await helper.PasswordSignInAsync(user.UserName, "[PLACEHOLDER]-1a", false, false); // Assert Assert.True(result.Succeeded); @@ -278,7 +278,7 @@ public async Task CheckPasswordOnlyResetLockoutWhenTfaNotEnabledOrRemembered(boo manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.SupportsUserTwoFactor).Returns(tfaEnabled).Verifiable(); - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); var context = new DefaultHttpContext(); var auth = MockAuth(context); @@ -304,7 +304,7 @@ public async Task CheckPasswordOnlyResetLockoutWhenTfaNotEnabledOrRemembered(boo // Act var helper = SetupSignInManager(manager.Object, context); - var result = await helper.CheckPasswordSignInAsync(user, "password", false); + var result = await helper.CheckPasswordSignInAsync(user, "[PLACEHOLDER]-1a", false); // Assert Assert.True(result.Succeeded); @@ -321,14 +321,14 @@ public async Task CheckPasswordAlwaysResetLockoutWhenQuirked() var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable(); var context = new DefaultHttpContext(); var helper = SetupSignInManager(manager.Object, context); // Act - var result = await helper.CheckPasswordSignInAsync(user, "password", false); + var result = await helper.CheckPasswordSignInAsync(user, "[PLACEHOLDER]-1a", false); // Assert Assert.True(result.Succeeded); @@ -355,7 +355,7 @@ public async Task PasswordSignInRequiresVerification(bool supportsLockout) manager.Setup(m => m.GetValidTwoFactorProvidersAsync(user)).Returns(Task.FromResult(providers)).Verifiable(); manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable(); manager.Setup(m => m.GetTwoFactorEnabledAsync(user)).ReturnsAsync(true).Verifiable(); - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.GetValidTwoFactorProvidersAsync(user)).ReturnsAsync(new string[1] { "Fake" }).Verifiable(); var context = new DefaultHttpContext(); var helper = SetupSignInManager(manager.Object, context); @@ -365,7 +365,7 @@ public async Task PasswordSignInRequiresVerification(bool supportsLockout) It.IsAny())).Returns(Task.FromResult(0)).Verifiable(); // Act - var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false); + var result = await helper.PasswordSignInAsync(user.UserName, "[PLACEHOLDER]-1a", false, false); // Assert Assert.False(result.Succeeded); @@ -717,7 +717,7 @@ public async Task RememberBrowserSkipsTwoFactorVerificationSignIn(bool isPersist manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); var context = new DefaultHttpContext(); var auth = MockAuth(context); SetupSignIn(context, auth); @@ -728,7 +728,7 @@ public async Task RememberBrowserSkipsTwoFactorVerificationSignIn(bool isPersist var helper = SetupSignInManager(manager.Object, context); // Act - var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false); + var result = await helper.PasswordSignInAsync(user.UserName, "[PLACEHOLDER]-1a", isPersistent, false); // Assert Assert.True(result.Succeeded); @@ -770,14 +770,14 @@ public async Task PasswordSignInFailsWithWrongPassword() var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); - manager.Setup(m => m.CheckPasswordAsync(user, "bogus")).ReturnsAsync(false).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-bogus1")).ReturnsAsync(false).Verifiable(); var context = new Mock(); var logger = new TestLogger>(); var helper = SetupSignInManager(manager.Object, context.Object, logger); // Act - var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false); - var checkResult = await helper.CheckPasswordSignInAsync(user, "bogus", false); + var result = await helper.PasswordSignInAsync(user.UserName, "[PLACEHOLDER]-bogus1", false, false); + var checkResult = await helper.CheckPasswordSignInAsync(user, "[PLACEHOLDER]-bogus1", false); // Assert Assert.False(result.Succeeded); @@ -792,12 +792,12 @@ public async Task PasswordSignInFailsWithUnknownUser() { // Setup var manager = MockHelpers.MockUserManager(); - manager.Setup(m => m.FindByNameAsync("bogus")).ReturnsAsync(default(PocoUser)).Verifiable(); + manager.Setup(m => m.FindByNameAsync("unknown-username")).ReturnsAsync(default(PocoUser)).Verifiable(); var context = new Mock(); var helper = SetupSignInManager(manager.Object, context.Object); // Act - var result = await helper.PasswordSignInAsync("bogus", "bogus", false, false); + var result = await helper.PasswordSignInAsync("unknown-username", "[PLACEHOLDER]-bogus1", false, false); // Assert Assert.False(result.Succeeded); @@ -819,12 +819,12 @@ public async Task PasswordSignInFailsWithWrongPasswordCanAccessFailedAndLockout( }).Verifiable(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).Returns(() => Task.FromResult(lockedout)); - manager.Setup(m => m.CheckPasswordAsync(user, "bogus")).ReturnsAsync(false).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-bogus1")).ReturnsAsync(false).Verifiable(); var context = new Mock(); var helper = SetupSignInManager(manager.Object, context.Object); // Act - var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, true); + var result = await helper.PasswordSignInAsync(user.UserName, "[PLACEHOLDER]-bogus1", false, true); // Assert Assert.False(result.Succeeded); @@ -846,12 +846,12 @@ public async Task CheckPasswordSignInFailsWithWrongPasswordCanAccessFailedAndLoc }).Verifiable(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).Returns(() => Task.FromResult(lockedout)); - manager.Setup(m => m.CheckPasswordAsync(user, "bogus")).ReturnsAsync(false).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-bogus1")).ReturnsAsync(false).Verifiable(); var context = new Mock(); var helper = SetupSignInManager(manager.Object, context.Object); // Act - var result = await helper.CheckPasswordSignInAsync(user, "bogus", true); + var result = await helper.CheckPasswordSignInAsync(user, "[PLACEHOLDER]-bogus1", true); // Assert Assert.False(result.Succeeded); @@ -870,13 +870,13 @@ public async Task CanRequireConfirmedEmailForPasswordSignIn(bool confirmed) manager.Setup(m => m.IsEmailConfirmedAsync(user)).ReturnsAsync(confirmed).Verifiable(); if (confirmed) { - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); } var context = new DefaultHttpContext(); var auth = MockAuth(context); if (confirmed) { - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); SetupSignIn(context, auth, user.Id, isPersistent: null, loginProvider: null, amr: "pwd"); } var identityOptions = new IdentityOptions(); @@ -885,7 +885,7 @@ public async Task CanRequireConfirmedEmailForPasswordSignIn(bool confirmed) var helper = SetupSignInManager(manager.Object, context, logger, identityOptions); // Act - var result = await helper.PasswordSignInAsync(user, "password", false, false); + var result = await helper.PasswordSignInAsync(user, "[PLACEHOLDER]-1a", false, false); // Assert @@ -930,7 +930,7 @@ public async Task CanRequireConfirmedPhoneNumberForPasswordSignIn(bool confirmed var auth = MockAuth(context); if (confirmed) { - manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "[PLACEHOLDER]-1a")).ReturnsAsync(true).Verifiable(); SetupSignIn(context, auth, user.Id, isPersistent: null, loginProvider: null, amr: "pwd"); } @@ -940,7 +940,7 @@ public async Task CanRequireConfirmedPhoneNumberForPasswordSignIn(bool confirmed var helper = SetupSignInManager(manager.Object, context, logger, identityOptions); // Act - var result = await helper.PasswordSignInAsync(user, "password", false, false); + var result = await helper.PasswordSignInAsync(user, "[PLACEHOLDER]-1a", false, false); // Assert Assert.Equal(confirmed, result.Succeeded); diff --git a/src/Identity/test/InMemory.Test/ControllerTest.cs b/src/Identity/test/InMemory.Test/ControllerTest.cs index 302abbbad914..d986139db5a2 100644 --- a/src/Identity/test/InMemory.Test/ControllerTest.cs +++ b/src/Identity/test/InMemory.Test/ControllerTest.cs @@ -46,7 +46,7 @@ public async Task VerifyAccountControllerSignIn(bool isPersistent) { UserName = "Yolo" }; - const string password = "Yol0Sw@g!"; + const string password = "[PLACEHOLDER]-1a"; var userManager = app.ApplicationServices.GetRequiredService>(); var signInManager = app.ApplicationServices.GetRequiredService>(); diff --git a/src/Identity/test/InMemory.Test/FunctionalTest.cs b/src/Identity/test/InMemory.Test/FunctionalTest.cs index 56a07d761ed4..b651e656c7b3 100644 --- a/src/Identity/test/InMemory.Test/FunctionalTest.cs +++ b/src/Identity/test/InMemory.Test/FunctionalTest.cs @@ -26,7 +26,7 @@ namespace Microsoft.AspNetCore.Identity.InMemory { public class FunctionalTest { - const string TestPassword = "1qaz!QAZ"; + const string TestPassword = "[PLACEHOLDER]-1a"; [Fact] public async Task CanChangePasswordOptions() From 7fd32d9d4bffe6295062437366618e6ecfd3bd34 Mon Sep 17 00:00:00 2001 From: William Godbe Date: Wed, 24 Mar 2021 09:19:02 -0700 Subject: [PATCH 2/3] Resolve remaining credscan bugs (#31157) --- .config/CredScanSuppressions.json | 100 ++++++++++++++++++ .../test/CacheControlHeaderValueTest.cs | 48 ++++----- .../Authentication/test/FacebookTests.cs | 4 +- .../Authentication/test/TwitterTests.cs | 4 +- 4 files changed, 128 insertions(+), 28 deletions(-) diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json index b406aebd032b..525c66777ae1 100644 --- a/.config/CredScanSuppressions.json +++ b/.config/CredScanSuppressions.json @@ -1,6 +1,10 @@ { "tool": "Credential Scanner", "suppressions": [ + { + "placeholder": "aspnetcore", + "_justification": "This is a fake password used in test code." + }, { "placeholder": "password", "_justification": "This is a fake password used in test code." @@ -25,6 +29,98 @@ "file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\testCert.pfx", "_justification": "Legitimate UT certificate file with private key" }, + { + "file": "\\src\\DataProtection\\DataProtection\\test\\TestFiles\\TestCert1.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\DataProtection\\DataProtection\\test\\TestFiles\\TestCert2.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert2.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert3.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert3WithoutPrivateKey.pfx", + "_justification": "Legitimate UT certificate file without private key" + }, + { + "file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCertWithoutPrivateKey.pfx", + "_justification": "Legitimate UT certificate file without private key" + }, + { + "file": "\\src\\DefaultBuilder\\test\\Microsoft.AspNetCore.FunctionalTests\\testCert.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Identity\\ApiAuthorization.IdentityServer\\test\\current.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Identity\\ApiAuthorization.IdentityServer\\test\\expired.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Identity\\ApiAuthorization.IdentityServer\\test\\future.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Identity\\ApiAuthorization.IdentityServer\\test\\test.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Middleware\\WebSockets\\test\\ConformanceTests\\AutobahnTestApp\\TestResources\\testCert.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Security\\Authentication\\Negotiate\\test\\Negotiate.FunctionalTest\\negotiateAuthCert.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Servers\\IIS\\tools\\TestCert.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\aspnetdevcert.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.client.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.code_signing.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.multiple_usages.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.server.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\no_extensions.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\SignalR\\clients\\ts\\FunctionalTests\\testCert.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, + { + "file": "\\src\\SignalR\\clients\\ts\\FunctionalTests\\testCertECC.pfx", + "_justification": "Legitimate UT certificate file with private key" + }, { "file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\https-aspnet.key", "_justification": "Legitimate key file used for testing" @@ -52,6 +148,10 @@ { "file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\https-rsa.key", "_justification": "Legitimate key file used for testing" + }, + { + "file": "\\src\\SignalR\\clients\\ts\\FunctionalTests\\node_modules\\https-proxy-agent\\node_modules\\agent-base\\test\\ssl-cert-snakeoil.key", + "_justification": "Legitimate key file used for testing" } ] } diff --git a/src/Http/Headers/test/CacheControlHeaderValueTest.cs b/src/Http/Headers/test/CacheControlHeaderValueTest.cs index 8bca38b903f3..fd8132725520 100644 --- a/src/Http/Headers/test/CacheControlHeaderValueTest.cs +++ b/src/Http/Headers/test/CacheControlHeaderValueTest.cs @@ -115,21 +115,21 @@ public void ToString_UseResponseDirectiveValues_AllSerializedCorrectly() cacheControl.NoCache = true; Assert.Equal("no-cache", cacheControl.ToString()); - cacheControl.NoCacheHeaders.Add("token1"); - Assert.Equal("no-cache=\"token1\"", cacheControl.ToString()); + cacheControl.NoCacheHeaders.Add("PLACEHOLDER1"); + Assert.Equal("no-cache=\"PLACEHOLDER1\"", cacheControl.ToString()); cacheControl.Public = true; - Assert.Equal("public, no-cache=\"token1\"", cacheControl.ToString()); + Assert.Equal("public, no-cache=\"PLACEHOLDER1\"", cacheControl.ToString()); cacheControl = new CacheControlHeaderValue(); cacheControl.Private = true; Assert.Equal("private", cacheControl.ToString()); - cacheControl.PrivateHeaders.Add("token2"); - cacheControl.PrivateHeaders.Add("token3"); - Assert.Equal("private=\"token2, token3\"", cacheControl.ToString()); + cacheControl.PrivateHeaders.Add("PLACEHOLDER2"); + cacheControl.PrivateHeaders.Add("PLACEHOLDER3"); + Assert.Equal("private=\"PLACEHOLDER2, PLACEHOLDER3\"", cacheControl.ToString()); cacheControl.MustRevalidate = true; - Assert.Equal("must-revalidate, private=\"token2, token3\"", cacheControl.ToString()); + Assert.Equal("must-revalidate, private=\"PLACEHOLDER2, PLACEHOLDER3\"", cacheControl.ToString()); cacheControl.ProxyRevalidate = true; - Assert.Equal("must-revalidate, proxy-revalidate, private=\"token2, token3\"", cacheControl.ToString()); + Assert.Equal("must-revalidate, proxy-revalidate, private=\"PLACEHOLDER2, PLACEHOLDER3\"", cacheControl.ToString()); } [Fact] @@ -218,21 +218,21 @@ public void GetHashCode_CompareCollectionFieldsSet_MatchExpectation() var cacheControl5 = new CacheControlHeaderValue(); cacheControl1.NoCache = true; - cacheControl1.NoCacheHeaders.Add("token2"); + cacheControl1.NoCacheHeaders.Add("PLACEHOLDER2"); cacheControl2.NoCache = true; - cacheControl2.NoCacheHeaders.Add("token1"); - cacheControl2.NoCacheHeaders.Add("token2"); + cacheControl2.NoCacheHeaders.Add("PLACEHOLDER1"); + cacheControl2.NoCacheHeaders.Add("PLACEHOLDER2"); CompareHashCodes(cacheControl1, cacheControl2, false); - cacheControl1.NoCacheHeaders.Add("token1"); + cacheControl1.NoCacheHeaders.Add("PLACEHOLDER1"); CompareHashCodes(cacheControl1, cacheControl2, true); // Since NoCache and Private generate different hash codes, even if NoCacheHeaders and PrivateHeaders // have the same values, the hash code will be different. cacheControl3.Private = true; - cacheControl3.PrivateHeaders.Add("token2"); + cacheControl3.PrivateHeaders.Add("PLACEHOLDER2"); CompareHashCodes(cacheControl1, cacheControl3, false); @@ -343,27 +343,27 @@ public void Equals_CompareCollectionFieldsSet_MatchExpectation() var cacheControl6 = new CacheControlHeaderValue(); cacheControl1.NoCache = true; - cacheControl1.NoCacheHeaders.Add("token2"); + cacheControl1.NoCacheHeaders.Add("PLACEHOLDER2"); Assert.False(cacheControl1.Equals(null), "Compare with 'null'"); cacheControl2.NoCache = true; - cacheControl2.NoCacheHeaders.Add("token1"); - cacheControl2.NoCacheHeaders.Add("token2"); + cacheControl2.NoCacheHeaders.Add("PLACEHOLDER1"); + cacheControl2.NoCacheHeaders.Add("PLACEHOLDER2"); CompareValues(cacheControl1!, cacheControl2, false); - cacheControl1!.NoCacheHeaders.Add("token1"); + cacheControl1!.NoCacheHeaders.Add("PLACEHOLDER1"); CompareValues(cacheControl1, cacheControl2, true); // Since NoCache and Private generate different hash codes, even if NoCacheHeaders and PrivateHeaders // have the same values, the hash code will be different. cacheControl3.Private = true; - cacheControl3.PrivateHeaders.Add("token2"); + cacheControl3.PrivateHeaders.Add("PLACEHOLDER2"); CompareValues(cacheControl1, cacheControl3, false); cacheControl4.Private = true; - cacheControl4.PrivateHeaders.Add("token3"); + cacheControl4.PrivateHeaders.Add("PLACEHOLDER3"); CompareValues(cacheControl3, cacheControl4, false); cacheControl5.Extensions.Add(new NameValueHeaderValue("custom")); @@ -386,9 +386,9 @@ public void TryParse_DifferentValidScenarios_AllReturnTrue() expected = new CacheControlHeaderValue(); expected.NoCache = true; - expected.NoCacheHeaders.Add("token1"); - expected.NoCacheHeaders.Add("token2"); - CheckValidTryParse("no-cache=\"token1, token2\"", expected); + expected.NoCacheHeaders.Add("PLACEHOLDER1"); + expected.NoCacheHeaders.Add("PLACEHOLDER2"); + CheckValidTryParse("no-cache=\"PLACEHOLDER1, PLACEHOLDER2\"", expected); expected = new CacheControlHeaderValue(); expected.NoStore = true; @@ -406,12 +406,12 @@ public void TryParse_DifferentValidScenarios_AllReturnTrue() expected = new CacheControlHeaderValue(); expected.Public = true; expected.Private = true; - expected.PrivateHeaders.Add("token1"); + expected.PrivateHeaders.Add("PLACEHOLDER1"); expected.MustRevalidate = true; expected.ProxyRevalidate = true; expected.Extensions.Add(new NameValueHeaderValue("c", "d")); expected.Extensions.Add(new NameValueHeaderValue("a", "b")); - CheckValidTryParse(",public, , private=\"token1\", must-revalidate, c=d, proxy-revalidate, a=b", expected); + CheckValidTryParse(",public, , private=\"PLACEHOLDER1\", must-revalidate, c=d, proxy-revalidate, a=b", expected); expected = new CacheControlHeaderValue(); expected.Private = true; diff --git a/src/Security/Authentication/test/FacebookTests.cs b/src/Security/Authentication/test/FacebookTests.cs index 6ca835dff182..5819186c3f3f 100644 --- a/src/Security/Authentication/test/FacebookTests.cs +++ b/src/Security/Authentication/test/FacebookTests.cs @@ -41,7 +41,7 @@ protected override void RegisterAuth(AuthenticationBuilder services, Action { }, - services => services.AddAuthentication().AddFacebook(o => o.SignInScheme = "Whatever"), + services => services.AddAuthentication().AddFacebook(o => o.SignInScheme = "PLACEHOLDER"), async context => { await Assert.ThrowsAsync("AppId", () => context.ChallengeAsync("Facebook")); diff --git a/src/Security/Authentication/test/TwitterTests.cs b/src/Security/Authentication/test/TwitterTests.cs index 6958cabfa88b..7ab1ef4a603e 100644 --- a/src/Security/Authentication/test/TwitterTests.cs +++ b/src/Security/Authentication/test/TwitterTests.cs @@ -36,8 +36,8 @@ protected override void RegisterAuth(AuthenticationBuilder services, Action Date: Thu, 25 Mar 2021 09:29:03 -0700 Subject: [PATCH 3/3] Resolve final credscan bug (#31196) --- .config/CredScanSuppressions.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json index 525c66777ae1..b3e185cf8d7a 100644 --- a/.config/CredScanSuppressions.json +++ b/.config/CredScanSuppressions.json @@ -13,6 +13,10 @@ "placeholder": "newpassword", "_justification": "This is a fake password used in test code." }, + { + "placeholder": "testpassword", + "_justification": "This is a fake password used in test code." + }, { "placeholder": "AAABAgMEBQYHCAkKCwwNDg+ukCEMDf0yyQ29NYubggE=", "_justification": "This is a fake password hash used in test code."