public void OnAuthorization_AllowsTheRequestIfItIsHttps() { // Arrange var requestContext = new DefaultHttpContext(); requestContext.Request.Scheme = "https"; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.Null(authContext.Result); }
public void OnAuthorization_AllowsTheRequestIfItIsSecure() { // Arrange var requestContext = new DefaultHttpContext(); requestContext.Request.Scheme = "https"; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.Null(authContext.Result); }
public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method) { // Arrange var requestContext = new DefaultHttpContext(); requestContext.Request.Scheme = "http"; requestContext.Request.Method = method; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType <HttpStatusCodeResult>(authContext.Result); Assert.Equal(403, result.StatusCode); }
public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests( string host, string pathBase, string path, string queryString, string expectedUrl) { // Arrange var requestContext = new DefaultHttpContext(); requestContext.Request.Scheme = "http"; requestContext.Request.Method = "GET"; requestContext.Request.Host = HostString.FromUriComponent(host); if (pathBase != null) { requestContext.Request.PathBase = new PathString(pathBase); } if (path != null) { requestContext.Request.Path = new PathString(path); } if (queryString != null) { requestContext.Request.QueryString = new QueryString(queryString); } var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType <RedirectResult>(authContext.Result); Assert.True(result.Permanent); Assert.Equal(expectedUrl, result.Url); }
public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests( string host, string pathBase, string path, string queryString, string expectedUrl) { // Arrange var requestContext = new DefaultHttpContext(); requestContext.Request.Scheme = "http"; requestContext.Request.Method = "GET"; requestContext.Request.Host = HostString.FromUriComponent(host); if (pathBase != null) { requestContext.Request.PathBase = new PathString(pathBase); } if (path != null) { requestContext.Request.Path = new PathString(path); } if (queryString != null) { requestContext.Request.QueryString = new QueryString(queryString); } var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType<RedirectResult>(authContext.Result); Assert.True(result.Permanent); Assert.Equal(expectedUrl, result.Url); }
public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method) { // Arrange var requestContext = new DefaultHttpContext(); requestContext.Request.Scheme = "http"; requestContext.Request.Method = method; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType<HttpStatusCodeResult>(authContext.Result); Assert.Equal(StatusCodes.Status403Forbidden, result.StatusCode); }