public void GetUriReturnsSwitchedUriBasedOnSuppliedBaseInsecureUri() { const string BaseRequestUri = "https://www.testsite.com"; const string PathRequestUri = "/Info/Default.aspx"; const string QueryRequestUri = "?Param=SomeValue"; var mockRequest = new Mock <HttpRequestBase>(); mockRequest.SetupGet(req => req.ApplicationPath).Returns("/"); mockRequest.SetupGet(req => req.Url).Returns(new Uri(BaseRequestUri + PathRequestUri + QueryRequestUri)); mockRequest.SetupGet(req => req.RawUrl).Returns(PathRequestUri + QueryRequestUri); mockRequest.SetupGet(req => req.IsSecureConnection).Returns(true); var mockResponse = new Mock <HttpResponseBase>(); mockResponse.Setup(resp => resp.ApplyAppPathModifier(It.IsAny <string>())).Returns <string>(s => s); var settings = new Settings { Mode = Mode.On, BaseInsecureUri = "http://www.someotherwebsite.com/" }; var evaluator = new StandardSecurityEvaluator(); var enforcer = new SecurityEnforcer(evaluator); // Act. var targetUrl = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object, mockResponse.Object, RequestSecurity.Insecure, settings); // Assert. Assert.Equal(settings.BaseInsecureUri + PathRequestUri.Remove(0, 1) + QueryRequestUri, targetUrl); }
public void GetUriRequestReturnsNullIfRequestSecurityAlreadyMatchesSpecifiedSecurity() { // Arrange. var mockRequest = new Mock <HttpRequestBase>(); var mockResponse = new Mock <HttpResponseBase>(); var settings = new Settings(); var evaluator = new StandardSecurityEvaluator(); var enforcer = new SecurityEnforcer(evaluator); // Act. mockRequest.SetupGet(req => req.IsSecureConnection).Returns(true); var targetUrlForAlreadySecuredRequest = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object, mockResponse.Object, RequestSecurity.Secure, settings); mockRequest.SetupGet(req => req.IsSecureConnection).Returns(false); var targetUrlForAlreadyInsecureRequest = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object, mockResponse.Object, RequestSecurity.Insecure, settings); // Assert. Assert.Null(targetUrlForAlreadySecuredRequest); Assert.Null(targetUrlForAlreadyInsecureRequest); }
public void IsSecureConnectionReturnsTrueIfRequestIndicatesSecurity() { // Arrange. var mockRequest = new Mock <HttpRequestBase>(); mockRequest.SetupGet(req => req.IsSecureConnection).Returns(true); var settings = new Settings(); var evaluator = new StandardSecurityEvaluator(); // Act. var result = evaluator.IsSecureConnection(mockRequest.Object, settings); // Assert. Assert.True(result); }