public void OnAuthorization_AllowsTheRequestIfItIsHttps()
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.Request.Scheme = "https";
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.Null(authContext.Result);
}
public void OnAuthorization_AllowsTheRequestIfItIsSecure()
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.Request.Scheme = "https";
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.Null(authContext.Result);
}
public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = method;
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType <HttpStatusCodeResult>(authContext.Result);
Assert.Equal(403, result.StatusCode);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests(
string host,
string pathBase,
string path,
string queryString,
string expectedUrl)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
requestContext.Request.Host = HostString.FromUriComponent(host);
if (pathBase != null)
{
requestContext.Request.PathBase = new PathString(pathBase);
}
if (path != null)
{
requestContext.Request.Path = new PathString(path);
}
if (queryString != null)
{
requestContext.Request.QueryString = new QueryString(queryString);
}
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType <RedirectResult>(authContext.Result);
Assert.True(result.Permanent);
Assert.Equal(expectedUrl, result.Url);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests(
string host,
string pathBase,
string path,
string queryString,
string expectedUrl)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
requestContext.Request.Host = HostString.FromUriComponent(host);
if (pathBase != null)
{
requestContext.Request.PathBase = new PathString(pathBase);
}
if (path != null)
{
requestContext.Request.Path = new PathString(path);
}
if (queryString != null)
{
requestContext.Request.QueryString = new QueryString(queryString);
}
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType<RedirectResult>(authContext.Result);
Assert.True(result.Permanent);
Assert.Equal(expectedUrl, result.Url);
}
public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = method;
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType<HttpStatusCodeResult>(authContext.Result);
Assert.Equal(StatusCodes.Status403Forbidden, result.StatusCode);
}
