Esempio n. 1
0
        public void OnAuthorization_RedirectsToHttpsEndpoint_ForCustomSslPort(
            string url,
            int?sslPort,
            string expectedUrl)
        {
            // Arrange
            var options = Options.Create(new MvcOptions());
            var uri     = new Uri(url);

            var requestContext = new DefaultHttpContext();

            requestContext.RequestServices     = CreateServices(sslPort);
            requestContext.Request.Scheme      = "http";
            requestContext.Request.Method      = "GET";
            requestContext.Request.Host        = HostString.FromUriComponent(uri);
            requestContext.Request.Path        = PathString.FromUriComponent(uri);
            requestContext.Request.QueryString = QueryString.FromUriComponent(uri);

            var authContext = CreateAuthorizationContext(requestContext);
            var attr        = new RequireHttpsAttribute();

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            Assert.NotNull(authContext.Result);
            var result = Assert.IsType <RedirectResult>(authContext.Result);

            Assert.Equal(expectedUrl, result.Url);
        }
Esempio n. 2
0
        public void OnAuthorization_RedirectsToHttpsEndpoint_WithSpecifiedStatusCodeAndrequireHttpsPermanentOption(bool?permanent, bool requireHttpsPermanent)
        {
            var requestContext = new DefaultHttpContext();

            requestContext.RequestServices = CreateServices(null, requireHttpsPermanent);
            requestContext.Request.Scheme  = "http";
            requestContext.Request.Method  = "GET";

            var authContext = CreateAuthorizationContext(requestContext);
            var attr        = new RequireHttpsAttribute();

            if (permanent.HasValue)
            {
                attr.Permanent = permanent.Value;
            }
            ;

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            var result = Assert.IsType <RedirectResult>(authContext.Result);

            Assert.Equal(permanent ?? requireHttpsPermanent, result.Permanent);
        }
Esempio n. 3
0
        public void OnAuthorization_AllowsTheRequestIfItIsHttps()
        {
            // Arrange
            var requestContext = new DefaultHttpContext();
            requestContext.Request.Scheme = "https";

            var authContext = CreateAuthorizationContext(requestContext);
            var attr = new RequireHttpsAttribute();

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            Assert.Null(authContext.Result);
        }
Esempio n. 4
0
        public void OnAuthorization_AllowsTheRequestIfItIsHttps()
        {
            // Arrange
            var requestContext = new DefaultHttpContext();

            requestContext.Request.Scheme = "https";

            var authContext = CreateAuthorizationContext(requestContext);
            var attr        = new RequireHttpsAttribute();

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            Assert.Null(authContext.Result);
        }
Esempio n. 5
0
        public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests(
            string host,
            string pathBase,
            string path,
            string queryString,
            string expectedUrl)
        {
            // Arrange
            var requestContext = new DefaultHttpContext();

            requestContext.RequestServices = CreateServices();
            requestContext.Request.Scheme  = "http";
            requestContext.Request.Method  = "GET";
            requestContext.Request.Host    = HostString.FromUriComponent(host);

            if (pathBase != null)
            {
                requestContext.Request.PathBase = new PathString(pathBase);
            }

            if (path != null)
            {
                requestContext.Request.Path = new PathString(path);
            }

            if (queryString != null)
            {
                requestContext.Request.QueryString = new QueryString(queryString);
            }

            var authContext = CreateAuthorizationContext(requestContext);
            var attr        = new RequireHttpsAttribute();

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            Assert.NotNull(authContext.Result);
            var result = Assert.IsType <RedirectResult>(authContext.Result);

            Assert.False(result.Permanent);
            Assert.Equal(expectedUrl, result.Url);
        }
Esempio n. 6
0
        public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method)
        {
            // Arrange
            var requestContext = new DefaultHttpContext();

            requestContext.RequestServices = CreateServices();
            requestContext.Request.Scheme  = "http";
            requestContext.Request.Method  = method;
            var authContext = CreateAuthorizationContext(requestContext);
            var attr        = new RequireHttpsAttribute();

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            Assert.NotNull(authContext.Result);
            var result = Assert.IsType <StatusCodeResult>(authContext.Result);

            Assert.Equal(StatusCodes.Status403Forbidden, result.StatusCode);
        }
Esempio n. 7
0
        public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method)
        {
            // Arrange
            var requestContext = new DefaultHttpContext();
            requestContext.RequestServices = CreateServices();
            requestContext.Request.Scheme = "http";
            requestContext.Request.Method = method;
            var authContext = CreateAuthorizationContext(requestContext);
            var attr = new RequireHttpsAttribute();

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            Assert.NotNull(authContext.Result);
            var result = Assert.IsType<StatusCodeResult>(authContext.Result);
            Assert.Equal(StatusCodes.Status403Forbidden, result.StatusCode);
        }
Esempio n. 8
0
        public void OnAuthorization_RedirectsToHttpsEndpoint_WithSpecifiedStatusCode(bool permanent)
        {
            var requestContext = new DefaultHttpContext();
            requestContext.RequestServices = CreateServices();
            requestContext.Request.Scheme = "http";
            requestContext.Request.Method = "GET";

            var authContext = CreateAuthorizationContext(requestContext);
            var attr = new RequireHttpsAttribute { Permanent = permanent };

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            var result = Assert.IsType<RedirectResult>(authContext.Result);
            Assert.Equal(permanent, result.Permanent);
        }
Esempio n. 9
0
        public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests(
            string host,
            string pathBase,
            string path,
            string queryString,
            string expectedUrl)
        {
            // Arrange
            var requestContext = new DefaultHttpContext();
            requestContext.RequestServices = CreateServices();
            requestContext.Request.Scheme = "http";
            requestContext.Request.Method = "GET";
            requestContext.Request.Host = HostString.FromUriComponent(host);

            if (pathBase != null)
            {
                requestContext.Request.PathBase = new PathString(pathBase);
            }

            if (path != null)
            {
                requestContext.Request.Path = new PathString(path);
            }

            if (queryString != null)
            {
                requestContext.Request.QueryString = new QueryString(queryString);
            }

            var authContext = CreateAuthorizationContext(requestContext);
            var attr = new RequireHttpsAttribute();

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            Assert.NotNull(authContext.Result);
            var result = Assert.IsType<RedirectResult>(authContext.Result);

            Assert.False(result.Permanent);
            Assert.Equal(expectedUrl, result.Url);
        }
Esempio n. 10
0
        public void OnAuthorization_RedirectsToHttpsEndpoint_ForCustomSslPort(
            string url,
            int? sslPort,
            string expectedUrl)
        {
            // Arrange
            var options = new TestOptionsManager<MvcOptions>();
            var uri = new Uri(url);

            var requestContext = new DefaultHttpContext();
            requestContext.RequestServices = CreateServices(sslPort);
            requestContext.Request.Scheme = "http";
            requestContext.Request.Method = "GET";
            requestContext.Request.Host = HostString.FromUriComponent(uri);
            requestContext.Request.Path = PathString.FromUriComponent(uri);
            requestContext.Request.QueryString = QueryString.FromUriComponent(uri);

            var authContext = CreateAuthorizationContext(requestContext);
            var attr = new RequireHttpsAttribute();

            // Act
            attr.OnAuthorization(authContext);

            // Assert
            Assert.NotNull(authContext.Result);
            var result = Assert.IsType<RedirectResult>(authContext.Result);

            Assert.Equal(expectedUrl, result.Url);
        }