public void RequireHttpsAttributeDoesNotThrowForInsecureConnectionIfNotAuthenticatedOrForcingSSLAndOnlyWhenAuthenticatedSet() { // Arrange var mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict); var mockConfig = new Mock<IConfiguration>(); var mockFormsAuth = new Mock<IFormsAuthenticationService>(); mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(false); var context = mockAuthContext.Object; mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(false); var attribute = new RequireRemoteHttpsAttribute() { Configuration = mockConfig.Object, OnlyWhenAuthenticated = true, FormsAuthentication = mockFormsAuth.Object }; var result = new ViewResult(); context.Result = result; // Act attribute.OnAuthorization(context); // Assert Assert.Same(result, context.Result); }
public void RequireFactsAttributeDoesNotThrowForLocalHostRequests() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(true); var context = mockAuthContext.Object; var attribute = new RequireRemoteHttpsAttribute(); var result = new ViewResult(); context.Result = result; // Act attribute.OnAuthorization(context); // Assert Assert.Same(result, context.Result); }
public void RequireHttpsAttributeRedirectsGetRequest() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false); mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/login")); mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/login"); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false); var context = mockAuthContext.Object; var attribute = new RequireRemoteHttpsAttribute(); var result = new ViewResult(); context.Result = result; // Act attribute.OnAuthorization(context); // Assert Assert.IsType<RedirectResult>(context.Result); Assert.Equal("https://test.nuget.org/login", ((RedirectResult)context.Result).Url); }
[InlineData(false, true, true, 44300, "{0}:44300")] // Non-standard Port, Authenticated, should be authenticated, force SSL public void RequireHttpsAttributeRedirectsGetRequest(bool isAuthenticated, bool forceSSL, bool onlyWhenAuthenticated, int port, string hostFormatter) { // Arrange var mockAuthContext = new Mock <AuthorizationContext>(MockBehavior.Strict); var mockConfig = new Mock <IAppConfiguration>(); var mockFormsAuth = new Mock <IFormsAuthenticationService>(); mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/login")); mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/login"); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(isAuthenticated); mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true); mockConfig.Setup(cfg => cfg.SSLPort).Returns(port); var context = mockAuthContext.Object; mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(forceSSL); var attribute = new RequireRemoteHttpsAttribute() { Configuration = mockConfig.Object, OnlyWhenAuthenticated = onlyWhenAuthenticated, FormsAuthentication = mockFormsAuth.Object }; var result = new ViewResult(); context.Result = result; // Act attribute.OnAuthorization(context); // Assert Assert.IsType <RedirectResult>(context.Result); Assert.Equal("https://" + String.Format(hostFormatter, "test.nuget.org") + "/login", ((RedirectResult)context.Result).Url); }
public void RequireHttpsAttributeReturns403IfNonGetRequest(string method, bool isAuthenticated, bool forceSSL, bool onlyWhenAuthenticated) { // Arrange var mockAuthContext = new Mock <AuthorizationContext>(MockBehavior.Strict); var mockConfig = new Mock <IConfiguration>(); var mockFormsAuth = new Mock <IFormsAuthenticationService>(); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false); mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns(method); mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/api/create")); mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/api/create"); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(isAuthenticated); mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true); var context = mockAuthContext.Object; mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(forceSSL); var attribute = new RequireRemoteHttpsAttribute() { Configuration = mockConfig.Object, OnlyWhenAuthenticated = onlyWhenAuthenticated, FormsAuthentication = mockFormsAuth.Object }; // Act attribute.OnAuthorization(context); // Assert Assert.IsType <HttpStatusCodeWithBodyResult>(context.Result); var result = (HttpStatusCodeWithBodyResult)context.Result; Assert.Equal(403, result.StatusCode); Assert.Equal("The requested resource can only be accessed via SSL.", result.StatusDescription); }
public void RequireHttpsAttributeReturns403IfNonGetRequest(string method) { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false); mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns(method); mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/api/create")); mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/api/create"); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false); var context = mockAuthContext.Object; var attribute = new RequireRemoteHttpsAttribute(); // Act attribute.OnAuthorization(context); // Assert Assert.IsType<HttpStatusCodeWithBodyResult>(context.Result); var result = (HttpStatusCodeWithBodyResult)context.Result; Assert.Equal(403, result.StatusCode); Assert.Equal("The requested resource can only be accessed via SSL.", result.StatusDescription); }
[InlineData(false, true, true, 44300, "{0}:44300")] // Non-standard Port, Authenticated, should be authenticated, force SSL public void RequireHttpsAttributeRedirectsGetRequest(bool isAuthenticated, bool forceSSL, bool onlyWhenAuthenticated, int port, string hostFormatter) { // Arrange var mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict); var mockConfig = new Mock<IConfiguration>(); var mockFormsAuth = new Mock<IFormsAuthenticationService>(); mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/login")); mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/login"); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(isAuthenticated); mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true); mockConfig.Setup(cfg => cfg.SSLPort).Returns(port); var context = mockAuthContext.Object; mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(forceSSL); var attribute = new RequireRemoteHttpsAttribute() { Configuration = mockConfig.Object, OnlyWhenAuthenticated = onlyWhenAuthenticated, FormsAuthentication = mockFormsAuth.Object }; var result = new ViewResult(); context.Result = result; // Act attribute.OnAuthorization(context); // Assert Assert.IsType<RedirectResult>(context.Result); Assert.Equal("https://" + String.Format(hostFormatter, "test.nuget.org") + "/login", ((RedirectResult)context.Result).Url); }
public void RequireHttpsAttributeReturns403IfNonGetRequest(string method, bool isAuthenticated, bool forceSSL, bool onlyWhenAuthenticated) { // Arrange var mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict); var mockConfig = new Mock<IConfiguration>(); var mockFormsAuth = new Mock<IFormsAuthenticationService>(); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false); mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns(method); mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/api/create")); mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/api/create"); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(isAuthenticated); mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true); var context = mockAuthContext.Object; mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(forceSSL); var attribute = new RequireRemoteHttpsAttribute() { Configuration = mockConfig.Object, OnlyWhenAuthenticated = onlyWhenAuthenticated, FormsAuthentication = mockFormsAuth.Object }; // Act attribute.OnAuthorization(context); // Assert Assert.IsType<HttpStatusCodeWithBodyResult>(context.Result); var result = (HttpStatusCodeWithBodyResult)context.Result; Assert.Equal(403, result.StatusCode); Assert.Equal("The requested resource can only be accessed via SSL.", result.StatusDescription); }