public async Task GivenNoForceSslCookieAndNonSslRequest_ItPassesThrough()
        {
            // Arrange
            var context = Fakes.CreateOwinContext();
            var next = Fakes.CreateOwinMiddleware();
            var app = new AppBuilder();
            context.Request
                .SetUrl("http://nuget.local/foo/bar/baz?qux=qooz");
            var middleware = new ForceSslWhenAuthenticatedMiddleware(next.Object, app, "ForceSSL", 443);

            // Act
            await middleware.Invoke(context);

            // Assert
            next.Verify(n => n.Invoke(It.IsAny<IOwinContext>()));
        }
Example #2
0
        public async Task GivenNoForceSslCookieAndNonSslRequest_ItPassesThrough()
        {
            // Arrange
            var context = Fakes.CreateOwinContext();
            var next    = Fakes.CreateOwinMiddleware();
            var app     = new AppBuilder();

            context.Request
            .SetUrl("http://nuget.local/foo/bar/baz?qux=qooz");
            var middleware = new ForceSslWhenAuthenticatedMiddleware(next.Object, app, "ForceSSL", 443);

            // Act
            await middleware.Invoke(context);

            // Assert
            next.Verify(n => n.Invoke(It.IsAny <IOwinContext>()));
        }
        public async Task GivenANonStandardSslPort_ItSpecifiesPortInUrl()
        {
            // Arrange
            var context = Fakes.CreateOwinContext();
            var next = Fakes.CreateOwinMiddleware();
            var app = new AppBuilder();
            context.Request
                .SetUrl("http://nuget.local/foo/bar/baz?qux=qooz")
                .SetCookie("ForceSSL", "bogus");
            var middleware = new ForceSslWhenAuthenticatedMiddleware(next.Object, app, "ForceSSL", 44300);

            // Act
            await middleware.Invoke(context);

            // Assert
            next.Verify(n => n.Invoke(It.IsAny<IOwinContext>()), Times.Never());
            OwinAssert.WillRedirect(context, "https://nuget.local:44300/foo/bar/baz?qux=qooz");
        }
Example #4
0
        public async Task GivenANonStandardSslPort_ItSpecifiesPortInUrl()
        {
            // Arrange
            var context = Fakes.CreateOwinContext();
            var next    = Fakes.CreateOwinMiddleware();
            var app     = new AppBuilder();

            context.Request
            .SetUrl("http://nuget.local/foo/bar/baz?qux=qooz")
            .SetCookie("ForceSSL", "bogus");
            var middleware = new ForceSslWhenAuthenticatedMiddleware(next.Object, app, "ForceSSL", 44300);

            // Act
            await middleware.Invoke(context);

            // Assert
            next.Verify(n => n.Invoke(It.IsAny <IOwinContext>()), Times.Never());
            OwinAssert.WillRedirect(context, "https://nuget.local:44300/foo/bar/baz?qux=qooz");
        }
Example #5
0
        public async Task GivenNextMiddlewareRevokesAuth_ItRemovesForceSslCookie()
        {
            // Arrange
            var context = Fakes.CreateOwinContext();
            var next    = Fakes.CreateOwinMiddleware();
            var app     = new AppBuilder();
            var revoke  = new AuthenticationResponseRevoke(new string[0]);

            next.Setup(n => n.Invoke(context))
            .Returns <IOwinContext>(c =>
            {
                c.Authentication.AuthenticationResponseRevoke = revoke;
                return(Task.FromResult <object>(null));
            });
            context.Request
            .SetUrl("http://nuget.local/foo/bar/baz?qux=qooz");
            var middleware = new ForceSslWhenAuthenticatedMiddleware(next.Object, app, "ForceSSL", 443);

            // Act
            await middleware.Invoke(context);

            // Assert
            OwinAssert.DeletesCookie(context.Response, "ForceSSL");
        }
Example #6
0
        public async Task GivenNextMiddlewareGrantsAuth_ItDropsForceSslCookie(string protocol, bool secure)
        {
            // Arrange
            var context = Fakes.CreateOwinContext();
            var next    = Fakes.CreateOwinMiddleware();
            var app     = new AppBuilder();
            var grant   = new AuthenticationResponseGrant(new ClaimsIdentity(), new AuthenticationProperties());

            next.Setup(n => n.Invoke(context))
            .Returns <IOwinContext>(c =>
            {
                c.Authentication.AuthenticationResponseGrant = grant;
                return(Task.FromResult <object>(null));
            });
            context.Request
            .SetUrl(protocol + "://nuget.local/foo/bar/baz?qux=qooz");
            var middleware = new ForceSslWhenAuthenticatedMiddleware(next.Object, app, "ForceSSL", 443);

            // Act
            await middleware.Invoke(context);

            // Assert
            OwinAssert.SetsCookie(context.Response, "ForceSSL", "true", secure);
        }
        public async Task GivenNextMiddlewareGrantsAuth_ItDropsForceSslCookie()
        {
            // Arrange
            var context = Fakes.CreateOwinContext();
            var next = Fakes.CreateOwinMiddleware();
            var app = new AppBuilder();
            var grant = new AuthenticationResponseGrant(new ClaimsIdentity(), new AuthenticationProperties());

            next.Setup(n => n.Invoke(context))
                .Returns<IOwinContext>(c =>
                {
                    c.Authentication.AuthenticationResponseGrant = grant;
                    return Task.FromResult<object>(null);
                });
            context.Request
                .SetUrl("http://nuget.local/foo/bar/baz?qux=qooz");
            var middleware = new ForceSslWhenAuthenticatedMiddleware(next.Object, app, "ForceSSL", 443);

            // Act
            await middleware.Invoke(context);

            // Assert
            OwinAssert.SetsCookie(context.Response, "ForceSSL", "true");
        }
        public async Task GivenNextMiddlewareRevokesAuth_ItRemovesForceSslCookie()
        {
            // Arrange
            var context = Fakes.CreateOwinContext();
            var next = Fakes.CreateOwinMiddleware();
            var app = new AppBuilder();
            var revoke = new AuthenticationResponseRevoke(new string[0]);

            next.Setup(n => n.Invoke(context))
                .Returns<IOwinContext>(c =>
                {
                    c.Authentication.AuthenticationResponseRevoke = revoke;
                    return Task.FromResult<object>(null);
                });
            context.Request
                .SetUrl("http://nuget.local/foo/bar/baz?qux=qooz");
            var middleware = new ForceSslWhenAuthenticatedMiddleware(next.Object, app, "ForceSSL", 443);

            // Act
            await middleware.Invoke(context);

            // Assert
            OwinAssert.DeletesCookie(context.Response, "ForceSSL");
        }