public void OnAuthorizationThrowsIfFilterContextIsNull() {
// Arrange
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act & assert
ExceptionHelper.ExpectArgumentNullException(
delegate {
attr.OnAuthorization(null);
}, "filterContext");
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (_configurationHelper.IsHttpsRequired)
{
var requiredHttpsAttribute = new RequireHttpsAttribute();
requiredHttpsAttribute.OnAuthorization(filterContext);
if (filterContext.Result != null)
filterContext.Result = new RedirectResult("https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.ApplicationPath);
}
}
public void OnAuthorizationDoesNothingIfRequestIsSecure() {
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Expect(c => c.HttpContext.Request.IsSecureConnection).Returns(true);
AuthorizationContext authContext = mockAuthContext.Object;
ViewResult result = new ViewResult();
authContext.Result = result;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.AreSame(result, authContext.Result, "Result should not have been changed.");
}
public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet() {
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Expect(c => c.HttpContext.Request.HttpMethod).Returns("get");
mockAuthContext.Expect(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
mockAuthContext.Expect(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux");
mockAuthContext.Expect(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz"));
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
RedirectResult result = authContext.Result as RedirectResult;
// Assert
Assert.IsNotNull(result, "Result should have been a RedirectResult.");
Assert.AreEqual("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url);
}
public void OnAuthorizationThrowsIfRequestIsNotSecureAndMethodIsNotGet() {
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Expect(c => c.HttpContext.Request.HttpMethod).Returns("post");
mockAuthContext.Expect(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act & assert
ExceptionHelper.ExpectInvalidOperationException(
delegate {
attr.OnAuthorization(authContext);
},
@"The requested resource can only be accessed via SSL.");
}
