Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not serialize Parameters property on AuthenticationProperties #31414

Merged
3 commits merged into from
Mar 31, 2021
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,13 @@ public AuthenticationProperties Clone()
/// Collection of parameters that are passed to the authentication handler. These are not intended for
/// serialization or persistence, only for flowing data between call sites.
/// </summary>
[JsonIgnore]
public IDictionary<string, object?> Parameters { get; }

/// <summary>
/// Gets or sets whether the authentication session is persisted across multiple requests.
/// </summary>
[JsonIgnore]
public bool IsPersistent
{
get => GetString(IsPersistentKey) != null;
Expand All @@ -79,6 +81,7 @@ public bool IsPersistent
/// <summary>
/// Gets or sets the full path or absolute URI to be used as an http redirect response value.
/// </summary>
[JsonIgnore]
public string? RedirectUri
{
get => GetString(RedirectUriKey);
Expand All @@ -88,6 +91,7 @@ public string? RedirectUri
/// <summary>
/// Gets or sets the time at which the authentication ticket was issued.
/// </summary>
[JsonIgnore]
public DateTimeOffset? IssuedUtc
{
get => GetDateTimeOffset(IssuedUtcKey);
Expand All @@ -97,6 +101,7 @@ public DateTimeOffset? IssuedUtc
/// <summary>
/// Gets or sets the time at which the authentication ticket expires.
/// </summary>
[JsonIgnore]
public DateTimeOffset? ExpiresUtc
{
get => GetDateTimeOffset(ExpiresUtcKey);
Expand All @@ -106,6 +111,7 @@ public DateTimeOffset? ExpiresUtc
/// <summary>
/// Gets or sets if refreshing the authentication session should be allowed.
/// </summary>
[JsonIgnore]
public bool? AllowRefresh
{
get => GetBool(RefreshKey);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -320,6 +320,12 @@ public void Roundtrip_Serializes_With_SystemTextJson()
props.Parameters.Add("baz", "quux");

var json = JsonSerializer.Serialize(props);

// Verify that Parameters was not serialized
Assert.NotNull(json);
Assert.DoesNotContain("baz", json);
Assert.DoesNotContain("quux", json);

var deserialized = JsonSerializer.Deserialize<AuthenticationProperties>(json);

Assert.NotNull(deserialized);
Expand All @@ -339,6 +345,50 @@ public void Roundtrip_Serializes_With_SystemTextJson()
Assert.Equal(0, deserialized.Parameters.Count);
}

[Fact]
public void Parameters_Is_Not_Deserialized_With_SystemTextJson()
{
var json = @"{""Parameters"":{""baz"":""quux""}}";

var deserialized = JsonSerializer.Deserialize<AuthenticationProperties>(json);

Assert.NotNull(deserialized);

// Ensure that parameters is not deserialized from a raw payload
Assert.NotNull(deserialized!.Parameters);
Assert.Equal(0, deserialized.Parameters.Count);
}

[Fact]
public void Serialization_Is_Minimised_With_SystemTextJson()
{
var props = new AuthenticationProperties()
{
AllowRefresh = true,
ExpiresUtc = new DateTimeOffset(2021, 03, 28, 13, 47, 00, TimeSpan.Zero),
IssuedUtc = new DateTimeOffset(2021, 03, 28, 12, 47, 00, TimeSpan.Zero),
IsPersistent = true,
RedirectUri = "/foo/bar"
};

props.Items.Add("foo", "bar");

var options = new JsonSerializerOptions() { WriteIndented = true }; // Indented for readability if test fails
var json = JsonSerializer.Serialize(props, options);

// Verify that the payload doesn't duplicate the properties backed by Items
Assert.Equal(@"{
""Items"": {
"".refresh"": ""True"",
"".expires"": ""Sun, 28 Mar 2021 13:47:00 GMT"",
"".issued"": ""Sun, 28 Mar 2021 12:47:00 GMT"",
"".persistent"": """",
"".redirect"": ""/foo/bar"",
""foo"": ""bar""
}
}", json);
}

public class MyAuthenticationProperties : AuthenticationProperties
{
public new DateTimeOffset? GetDateTimeOffset(string key)
Expand Down