public void OnAuthorization_RedirectsToHttpsEndpoint_ForCustomSslPort(
string url,
int?sslPort,
string expectedUrl)
{
// Arrange
var options = Options.Create(new MvcOptions());
var uri = new Uri(url);
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices(sslPort);
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
requestContext.Request.Host = HostString.FromUriComponent(uri);
requestContext.Request.Path = PathString.FromUriComponent(uri);
requestContext.Request.QueryString = QueryString.FromUriComponent(uri);
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType <RedirectResult>(authContext.Result);
Assert.Equal(expectedUrl, result.Url);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_WithSpecifiedStatusCodeAndrequireHttpsPermanentOption(bool?permanent, bool requireHttpsPermanent)
{
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices(null, requireHttpsPermanent);
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
if (permanent.HasValue)
{
attr.Permanent = permanent.Value;
}
;
// Act
attr.OnAuthorization(authContext);
// Assert
var result = Assert.IsType <RedirectResult>(authContext.Result);
Assert.Equal(permanent ?? requireHttpsPermanent, result.Permanent);
}
public void OnAuthorization_AllowsTheRequestIfItIsHttps()
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.Request.Scheme = "https";
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.Null(authContext.Result);
}
public void OnAuthorization_AllowsTheRequestIfItIsHttps()
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.Request.Scheme = "https";
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.Null(authContext.Result);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests(
string host,
string pathBase,
string path,
string queryString,
string expectedUrl)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
requestContext.Request.Host = HostString.FromUriComponent(host);
if (pathBase != null)
{
requestContext.Request.PathBase = new PathString(pathBase);
}
if (path != null)
{
requestContext.Request.Path = new PathString(path);
}
if (queryString != null)
{
requestContext.Request.QueryString = new QueryString(queryString);
}
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType <RedirectResult>(authContext.Result);
Assert.False(result.Permanent);
Assert.Equal(expectedUrl, result.Url);
}
public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = method;
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType <StatusCodeResult>(authContext.Result);
Assert.Equal(StatusCodes.Status403Forbidden, result.StatusCode);
}
public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = method;
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType<StatusCodeResult>(authContext.Result);
Assert.Equal(StatusCodes.Status403Forbidden, result.StatusCode);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_WithSpecifiedStatusCode(bool permanent)
{
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute { Permanent = permanent };
// Act
attr.OnAuthorization(authContext);
// Assert
var result = Assert.IsType<RedirectResult>(authContext.Result);
Assert.Equal(permanent, result.Permanent);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests(
string host,
string pathBase,
string path,
string queryString,
string expectedUrl)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
requestContext.Request.Host = HostString.FromUriComponent(host);
if (pathBase != null)
{
requestContext.Request.PathBase = new PathString(pathBase);
}
if (path != null)
{
requestContext.Request.Path = new PathString(path);
}
if (queryString != null)
{
requestContext.Request.QueryString = new QueryString(queryString);
}
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType<RedirectResult>(authContext.Result);
Assert.False(result.Permanent);
Assert.Equal(expectedUrl, result.Url);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_ForCustomSslPort(
string url,
int? sslPort,
string expectedUrl)
{
// Arrange
var options = new TestOptionsManager<MvcOptions>();
var uri = new Uri(url);
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices(sslPort);
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
requestContext.Request.Host = HostString.FromUriComponent(uri);
requestContext.Request.Path = PathString.FromUriComponent(uri);
requestContext.Request.QueryString = QueryString.FromUriComponent(uri);
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType<RedirectResult>(authContext.Result);
Assert.Equal(expectedUrl, result.Url);
}