/// <summary> /// If a user times out before attempting an action, the "ReturnUrl" query string /// parameter included in the sign-in page URL may need to be rewritten. /// This can be used to prevent the user being redirected with a GET to a POST-only action /// after they sign back in. /// </summary> public void ApplyReturnUrlMapping(CookieApplyRedirectContext context) { Uri currentUri = new Uri(context.RedirectUri); var queryStringParameters = HttpUtility.ParseQueryString(currentUri.Query); string returnUrl = queryStringParameters["ReturnUrl"]; if (returnUrlMapping.IsMapped(returnUrl)) { returnUrl = returnUrlMapping.ApplyMap(returnUrl); if (returnUrl != null) { queryStringParameters["ReturnUrl"] = returnUrl; } else { queryStringParameters.Remove("ReturnUrl"); } UriBuilder uriBuilder = new UriBuilder(currentUri); uriBuilder.Query = queryStringParameters.ToString(); context.RedirectUri = uriBuilder.Uri.ToString(); } }
public void ApplyReturnUrlMapping_ReturnUrlNotMapped_ReturnsRedirectUriUnchanged() { // Arrange CookieApplyRedirectContext context = A.Fake <CookieApplyRedirectContext>(); context.RedirectUri = "https://weee.com/sign-in?ReturnUrl=%2fcontroller1%2faction1"; IReturnUrlMapping mapping = A.Fake <IReturnUrlMapping>(); A.CallTo(() => mapping.IsMapped("/mycontroller/myaction")).Returns(false); WeeeCookieAuthenticationProvider provider = new WeeeCookieAuthenticationProvider(mapping); // Act provider.ApplyReturnUrlMapping(context); // Assert Assert.Equal("https://weee.com/sign-in?ReturnUrl=%2fcontroller1%2faction1", context.RedirectUri); }
public void ApplyReturnUrlMapping_ReturnUrlMappedToNull_ReturnsRedirectUriWithoutReturnUrl() { // Arrange CookieApplyRedirectContext context = A.Fake <CookieApplyRedirectContext>(); context.RedirectUri = "https://weee.com/sign-in?ReturnUrl=%2fcontroller1%2faction1"; IReturnUrlMapping mapping = A.Fake <IReturnUrlMapping>(); A.CallTo(() => mapping.IsMapped("/controller1/action1")).Returns(true); A.CallTo(() => mapping.ApplyMap("/controller1/action1")).Returns(null); WeeeCookieAuthenticationProvider provider = new WeeeCookieAuthenticationProvider(mapping); // Act provider.ApplyReturnUrlMapping(context); // Assert Assert.Equal("https://weee.com/sign-in", context.RedirectUri); }