Skip to content
This repository has been archived by the owner on Oct 16, 2024. It is now read-only.

Commit

Permalink
Merge pull request #519 from DFE-Digital/120779/cookie-configuration
Browse files Browse the repository at this point in the history 
Cookies are all http only and secure.
  • Loading branch information
Tim Wilde authored Feb 13, 2023
2 parents e138a83 + 93ea38f commit dc0376c
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 2,262 deletions.
3 changes: 1 addition & 2 deletions Dfe.PrepareTransfers.Web.Integration.Tests/BaseIntegrationTests.cs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Threading.Tasks;
Expand All @@ -26,7 +25,7 @@ protected BaseIntegrationTests(IntegrationTestingWebApplicationFactory factory)

protected async Task<IDocument> OpenUrlAsync(string url)
{
return await _browsingContext.OpenAsync($"http://localhost{url}");
return await _browsingContext.OpenAsync($"https://localhost{url}");
}

protected async Task<IDocument> NavigateAsync(string linkText, int? index = null)
Expand Down
45 changes: 18 additions & 27 deletions Dfe.PrepareTransfers.Web.Integration.Tests/IntegrationTestingWebApplicationFactory.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Security.Claims;
Expand All @@ -24,21 +23,13 @@ namespace Dfe.PrepareTransfers.Web.Integration.Tests
public class IntegrationTestingWebApplicationFactory : WebApplicationFactory<Startup>
{
private static int _currentPort = 5080;
private static readonly object _sync = new object();
private static readonly object Sync = new();

private readonly WireMockServer _server;
private readonly int _port;
private readonly WireMockServer _mockApiServer;

public IntegrationTestingWebApplicationFactory()
{
_port = AllocateNext();
_server = WireMockServer.Start(_port);
_server.LogEntriesChanged += _server_LogEntriesChanged;
}

private void _server_LogEntriesChanged(object sender, System.Collections.Specialized.NotifyCollectionChangedEventArgs e)
{

_mockApiServer = WireMockServer.Start(AllocateNext());
}

protected override void ConfigureWebHost(IWebHostBuilder builder)
Expand All @@ -53,7 +44,7 @@ protected override void ConfigureWebHost(IWebHostBuilder builder)
.AddJsonFile(configPath)
.AddInMemoryCollection(new Dictionary<string, string>
{
{"TRAMS_API_BASE", $"http://localhost:{_port}"},
{"TRAMS_API_BASE", _mockApiServer.Url },
{"AzureAd:AllowedRoles", string.Empty}, // Do not restrict access for integration tests
{"ServiceLink:ConversionsUrl", "https://an-extenal-service.com"}
})
Expand All @@ -64,7 +55,7 @@ protected override void ConfigureWebHost(IWebHostBuilder builder)
{
services.AddAuthentication("Test");
services.AddTransient<IAuthenticationSchemeProvider, MockSchemeProvider>();
services.AddTransient<IUserRepository, TestUserRepository>();
services.AddTransient<IUserRepository, TestUserRepository>();
});
}

Expand Down Expand Up @@ -113,19 +104,19 @@ ISystemClock clock

protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
var claims = new List<Claim> {new Claim(ClaimTypes.Name, "Name")};
var identity = new ClaimsIdentity(claims, "Test");
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, "Test");
var claims = new List<Claim> { new(ClaimTypes.Name, "Name") };
var identity = new ClaimsIdentity(claims, "Test");
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, "Test");

return Task.FromResult(AuthenticateResult.Success(ticket));
return Task.FromResult(AuthenticateResult.Success(ticket));
}
}


public void AddGetWithJsonResponse<TResponseBody>(string path, TResponseBody responseBody)
{
_server
_mockApiServer
.Given(Request.Create()
.WithPath(path)
.UsingGet())
Expand All @@ -139,7 +130,7 @@ public void AddGetWithJsonResponse<TResponseBody>(string path, TResponseBody res
public void AddPatchWithJsonRequest<TRequestBody, TResponseBody>(string path, TRequestBody requestBody,
TResponseBody responseBody)
{
_server
_mockApiServer
.Given(Request.Create()
.WithPath(path)
.WithBody(new JsonMatcher(JsonConvert.SerializeObject(requestBody), true))
Expand All @@ -152,7 +143,7 @@ public void AddPatchWithJsonRequest<TRequestBody, TResponseBody>(string path, TR

public void AddAnyPatch<TResponseBody>(string path,TResponseBody responseBody)
{
_server
_mockApiServer
.Given(Request.Create()
.WithPath(path)
.UsingPatch())
Expand All @@ -165,7 +156,7 @@ public void AddAnyPatch<TResponseBody>(string path,TResponseBody responseBody)
public void AddPostWithJsonRequest<TRequestBody, TResponseBody>(string path, TRequestBody requestBody,
TResponseBody responseBody)
{
_server
_mockApiServer
.Given(Request.Create()
.WithPath(path)
.WithBody(new JsonMatcher(JsonConvert.SerializeObject(requestBody), true))
Expand All @@ -178,7 +169,7 @@ public void AddPostWithJsonRequest<TRequestBody, TResponseBody>(string path, TRe

public void AddErrorResponse(string path, string method)
{
_server
_mockApiServer
.Given(Request.Create()
.WithPath(path)
.UsingMethod(method))
Expand All @@ -188,12 +179,12 @@ public void AddErrorResponse(string path, string method)

public void Reset()
{
_server.Reset();
_mockApiServer.Reset();
}

private static int AllocateNext()
{
lock (_sync)
lock (Sync)
{
var next = _currentPort;
_currentPort++;
Expand All @@ -207,7 +198,7 @@ protected override void Dispose(bool disposing)

if (disposing)
{
_server.Stop();
_mockApiServer.Stop();
}
}
}
Expand Down
15 changes: 13 additions & 2 deletions Dfe.PrepareTransfers.Web/Startup.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.CookiePolicy;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpOverrides;
Expand Down Expand Up @@ -102,7 +103,9 @@ public void ConfigureServices(IServiceCollection services)
options.Cookie.Name = ".ManageAnAcademyTransfer.Session";
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
if (string.IsNullOrEmpty(Configuration["CI"])) options.Cookie.SecurePolicy = CookieSecurePolicy.Always;

if (string.IsNullOrEmpty(Configuration["CI"]))
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
});
services.AddMicrosoftIdentityWebAppAuthentication(Configuration);
services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme,
Expand All @@ -114,7 +117,9 @@ public void ConfigureServices(IServiceCollection services)
options.Cookie.IsEssential = true;
options.ExpireTimeSpan = _authenticationExpiration;
options.SlidingExpiration = true;
if (string.IsNullOrEmpty(Configuration["CI"])) options.Cookie.SecurePolicy = CookieSecurePolicy.Always;

if (string.IsNullOrEmpty(Configuration["CI"]))
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
});
services.AddHealthChecks();
}
Expand Down Expand Up @@ -152,6 +157,12 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
.GetHeaderPolicyCollection(env.IsDevelopment(), GetTypedConfiguration<AllowedExternalSourcesOptions>())
.AddXssProtectionDisabled());

app.UseCookiePolicy(new CookiePolicyOptions
{
HttpOnly = HttpOnlyPolicy.Always,
Secure = CookieSecurePolicy.Always
});

app.UseStatusCodePagesWithReExecute("/Errors", "?statusCode={0}");

if (!string.IsNullOrEmpty(Configuration["CI"])) app.UseHttpsRedirection();
Expand Down
Loading

0 comments on commit dc0376c

Please sign in to comment.