public void Enforce(IHttpRequest request) { if (!_secureSpec.IsSatisfiedBy(request)) { throw new HttpError(HttpStatusCode.Forbidden, "All API calls shall be made through SSL."); } }
public void IsSatisfiedBy_LocalInsecureWebRequest_False() { var subject = new SecureRequestSpecification(); var request = Substitute.For <HttpRequestBase>(); request.IsSecureConnection.Returns(false); Assert.That(subject.IsSatisfiedBy(request), Is.False); }
public void IsSatisfiedBy_LocalSecureApiRequest_True() { var subject = new SecureRequestSpecification(); var request = Substitute.For <IHttpRequest>(); request.IsSecureConnection.Returns(true); Assert.That(subject.IsSatisfiedBy(request), Is.True); }
public override void OnAuthorization(AuthorizationContext filterContext) { HttpRequestBase request = filterContext.HttpContext.Request; if (!_secureSpec.IsSatisfiedBy(request)) { HandleNonHttpsRequest(filterContext); } }
public void IsSatisfiedBy_CloudSecureWebRequest_True() { var subject = new SecureRequestSpecification(); var request = Substitute.For <HttpRequestBase>(); request.Headers.Returns(new NameValueCollection { { "X-Forwarded-Proto", "https" } }); Assert.That(subject.IsSatisfiedBy(request), Is.True); }
public void IsSatisfiedBy_CloudInsecureApiRequest_False() { var subject = new SecureRequestSpecification(); var request = Substitute.For <IHttpRequest>(); request.Headers.Returns(new NameValueCollection { { "X-Forwarded-Proto", "http" } }); Assert.That(subject.IsSatisfiedBy(request), Is.False); }