public void Apply_QueryStringAppliedOnce(string parameterName) { // Arrange var behavior = this.CreateBehavior(); var context = new DefaultHttpContext(); var options = new JwtBearerQueryStringOptions { QueryStringParameterName = parameterName ?? JwtBearerQueryStringOptions.DefaultQueryStringParameterName }; const string token = "MyToken"; var queryString = new QueryString($"?{options.QueryStringParameterName}={token}"); context.Request.QueryString = queryString; // Act behavior.Apply(context, options); // Assert Assert.Contains( $"{options.QueryStringParameterName}={RedactJwtBearerQueryStringBehavior.DefaultRedactedValue}", context.Request.QueryString.Value ); Assert.DoesNotContain(token, context.Request.QueryString.Value); }
/// <summary> /// Identifies and redacts the access token if it was provided via the query string. /// </summary> protected override void ApplyImpl( HttpContext context, JwtBearerQueryStringOptions options) { if (String.IsNullOrWhiteSpace(options.QueryStringParameterName)) { throw new ArgumentException( $"The '{nameof(JwtBearerQueryStringOptions.QueryStringParameterName)}' " + $"property on the '{nameof(options)}' parameter cannot be null or " + $"whitespace.", nameof(options) ); } var request = context.Request; if (request.QueryString == null || request.QueryString == QueryString.Empty) { return; } var queryString = QueryHelpers.ParseQuery(request.QueryString.Value); var parameterName = options.QueryStringParameterName; StringValues values; if (queryString.TryGetValue(parameterName, out values)) { queryString[parameterName] = new StringValues(this.RedactedValue); request.QueryString = QueryString.Create(queryString); } }
public void Apply_NullQueryStringParameterNameInOptions(string name) { // Arrange var behavior = this.CreateBehavior(); var context = new DefaultHttpContext(); var options = new JwtBearerQueryStringOptions { QueryStringParameterName = name }; context.Request.QueryString = new QueryString("?access_token=token"); // Act var exception = Record.Exception( () => behavior.Apply(context, options) ); // Assert Assert.IsType <ArgumentException>(exception); Assert.Equal( $"The 'QueryStringParameterName' property on the " + $"'options' parameter cannot be null or whitespace." + Environment.NewLine + $"Parameter name: options", exception.Message ); }
public void Apply_QueryStringAppliedMultipleTimes() { // Arrange var behavior = this.CreateBehavior(); var context = new DefaultHttpContext(); var options = new JwtBearerQueryStringOptions(); const string token = "MyToken"; var queryString = new QueryString($"?access_token={token}1&access_token={token}2"); context.Request.QueryString = queryString; // Act behavior.Apply(context, options); // Assert Assert.Contains( "access_token=" + RedactJwtBearerQueryStringBehavior.DefaultRedactedValue, context.Request.QueryString.Value ); Assert.DoesNotContain(token, context.Request.QueryString.Value); }
private IPostConfigureOptions <JwtBearerOptions> CreatePostConfiguration( JwtBearerQueryStringOptions optionsĀ = null) { return(new JwtBearerOptionsPostConfiguration( Options.Create(options ?? new JwtBearerQueryStringOptions()) )); }
private JwtBearerQueryStringMiddleware CreateMiddleware( RequestDelegate next = null, JwtBearerQueryStringOptions options = null) { return(new JwtBearerQueryStringMiddleware( next ?? (context => Task.CompletedTask), Options.Create(options ?? new JwtBearerQueryStringOptions()) )); }
/// <summary> /// Applies the defined query string mutation behavior to the provided /// <see cref="HttpContext" />. /// </summary> /// <remarks> /// Defined in the <see cref="JwtBearerQueryStringOptions" />, this may /// do something like redact the token, it may move the token into the /// 'Authorization' header using the traditional Bearer authentication /// scheme, or it may do nothing at all. /// </remarks> /// <param name="context"> /// The <see cref="HttpContext" /> for a given request. The request may or may /// not be using the query string as a form of authentication. /// </param> /// <param name="options"> /// The <see cref="JwtBearerQueryStringOptions" /> that define how the /// query string authentication should be managed within this web service. /// </param> /// <exception cref="ArgumentNullException"> /// Thrown when <paramref name="context" /> or <paramref name="options" /> is null. /// </exception> public void Apply(HttpContext context, JwtBearerQueryStringOptions options) { if (context == null) { throw new ArgumentNullException(nameof(context)); } else if (options == null) { throw new ArgumentNullException(nameof(options)); } this.ApplyImpl(context, options); }
public void Apply_NullContext() { // Arrange var behavior = this.CreateBehavior(); var options = new JwtBearerQueryStringOptions(); // Act var exception = Record.Exception( () => behavior.Apply(null, options) ); // Assert Assert.IsType <ArgumentNullException>(exception); }
public void Apply_EmptyQueryStringIsIgnored(QueryString original) { // Arrange var behavior = this.CreateBehavior(); var context = new DefaultHttpContext(); var options = new JwtBearerQueryStringOptions(); context.Request.QueryString = original; // Act behavior.Apply(context, options); // Assert Assert.Equal(original, context.Request.QueryString); }
public void PostConfigure_AppliesEventsWrapper( string name, JwtBearerOptions bearerOptions) { // Arrange var options = new JwtBearerQueryStringOptions(); var configuration = CreatePostConfiguration(options); // Act configuration.PostConfigure(name, bearerOptions); // Assert var typed = Assert.IsType <QueryStringJwtBearerEventsWrapper>(bearerOptions.Events); Assert.Equal(options.QueryStringParameterName, typed.QueryStringParameterName); }
public void Apply_QueryStringUnaffected() { // Arrange var behavior = this.CreateBehavior(); var context = new DefaultHttpContext(); var options = new JwtBearerQueryStringOptions(); context.Request.QueryString.Add(options.QueryStringParameterName, "Token"); var queryString = context.Request.QueryString.ToString(); // Act behavior.Apply(context, options); // Assert Assert.Equal(queryString, context.Request.QueryString.ToString()); }
public void Apply_QueryStringNotPresent() { // Arrange var behavior = this.CreateBehavior(); var context = new DefaultHttpContext(); var options = new JwtBearerQueryStringOptions(); var queryString = new QueryString("?ParameterName=Value1&ParameterName=Value2"); context.Request.QueryString = queryString; // Act behavior.Apply(context, options); // Assert Assert.Equal(queryString, context.Request.QueryString); }
public void Apply_NullRedactionValuesSupported(string redactedValue) { // Arrange var behavior = this.CreateBehavior(redactedValue); var context = new DefaultHttpContext(); var options = new JwtBearerQueryStringOptions(); const string token = "MyOtherToken"; var queryString = new QueryString($"?access_token={token}"); context.Request.QueryString = queryString; // Act behavior.Apply(context, options); // Assert Assert.Contains("access_token=" + redactedValue, context.Request.QueryString.Value); Assert.DoesNotContain(token, context.Request.QueryString.Value); }
public async Task Invoke_NonNullQueryStringBehavior() { // Arrange var behavior = new Mock <IJwtBearerQueryStringBehavior>(); var options = new JwtBearerQueryStringOptions { QueryStringBehavior = behavior.Object }; var middleware = this.CreateMiddleware(options: options); var context = new DefaultHttpContext(); // Act await middleware.Invoke(context); // Assert behavior.Verify( mock => mock.Apply(context, options), Times.Once() ); }
/// <summary> /// This is the same behavior as the <see cref="Apply" /> method sans the boilerplace /// <see cref="ArgumentNullException" /> checks. /// </summary> protected abstract void ApplyImpl( HttpContext context, JwtBearerQueryStringOptions options);
/// <summary> /// Performs no mutations to the <see cref="HttpContext" /> of the user's web request. /// </summary> protected override void ApplyImpl( HttpContext context, JwtBearerQueryStringOptions options) { }