public async Task ForbidsNonGetHead(string method)
{
var context = CreateOwinContext(method, new Uri("http://localhost"));
var next = CreateOwinMiddleware();
var middleware = new ForceSslMiddleware(next.Object, 443);
await middleware.Invoke(context);
next.Verify(n => n.Invoke(It.IsAny <IOwinContext>()), Times.Never());
Assert.Equal((int)HttpStatusCode.BadRequest, context.Response.StatusCode);
}
public async Task RedirectsGetHeadToHttps(string method, int sslPort)
{
var uri = new Uri("http://localhost:8080/somepath/somedocument?somequery=somevalue");
var context = CreateOwinContext(method, uri);
var next = CreateOwinMiddleware();
var middleware = new ForceSslMiddleware(next.Object, sslPort);
await middleware.Invoke(context);
next.Verify(n => n.Invoke(It.IsAny <IOwinContext>()), Times.Never());
Assert.Equal((int)HttpStatusCode.Found, context.Response.StatusCode);
Uri targetUri = new Uri(context.Response.Headers["Location"]);
Assert.Equal(Uri.UriSchemeHttps, targetUri.Scheme);
Assert.Equal(sslPort, targetUri.Port);
Assert.Equal(uri.Host, targetUri.Host);
Assert.Equal(uri.PathAndQuery, targetUri.PathAndQuery);
}
