public void ItStronglyTypesOwinKeys()
{
var headers = new Dictionary <string, string[]>(StringComparer.InvariantCultureIgnoreCase)
{
{ "alpha", new[] { "beta", "gamma" } }
};
var body = new MemoryStream(new byte[] { 65, 66, 67, 68 });
var cts = new CancellationTokenSource();
var env = new Dictionary <string, object>(StringComparer.Ordinal)
{
{ "owin.ResponseStatusCode", 1 },
{ "owin.ResponseReasonPhrase", "two" },
{ "owin.ResponseProtocol", "three" },
{ "owin.ResponseHeaders", headers },
{ "owin.ResponseBody", body },
{ "owin.Version", "1.0" },
{ "owin.CallCancelled", cts.Token },
};
var res = new OwinResponse(env);
res.StatusCode.ShouldBe(1);
res.ReasonPhrase.ShouldBe("two");
res.Protocol.ShouldBe("three");
res.Headers.ShouldBeSameAs(headers);
res.Body.ShouldBeSameAs(body);
res.OwinVersion.ShouldBe("1.0");
res.CallCancelled.ShouldBe(cts.Token);
}
public static void SignOut(this NancyModule module)
{
var env = Get <IDictionary <string, object> >(module.Context.Items, NancyOwinHost.RequestEnvironmentKey);
var owinResponse = new OwinResponse(env);
owinResponse.Authentication.SignOut(Constants.JabbRAuthType);
}
public Task Invoke(IDictionary <string, object> environment)
{
var request = new OwinRequest(environment);
if (string.IsNullOrEmpty(_options.Path) || string.Equals(request.Path, _options.Path, StringComparison.OrdinalIgnoreCase))
{
// TODO: Make it pretty
OwinResponse response = new OwinResponse(environment);
response.ContentType = "text/html";
StringBuilder builder = new StringBuilder();
builder.AppendLine("<html>")
.AppendLine("<head>")
.AppendLine("<title>")
.AppendLine("Welcome")
.AppendLine("</title>")
.AppendLine("</head>")
.AppendLine("<body>")
.AppendLine("<H1>Welcome</H1>")
.AppendLine("<p>You have reached the default application page.</p>")
.AppendLine("<H4>Additional Resources:</H4>")
.AppendLine("<ul>")
.AppendLine("<li><a href=\"http://katanaproject.codeplex.com/\">Katana Project</a>")
.AppendLine("<li><a href=\"http://www.owin.org/\">owin.org</a>")
.AppendLine("</ul>")
.AppendLine("</body>")
.AppendLine("</html>");
return(response.WriteAsync(builder.ToString()));
}
return(_next(environment));
}
public async Task MyMiddleware_Should_Set_RequestHeader_And_ResponseHeader()
{
//Arrange
var cookieStore = new Dictionary <string, string> {
{ "cookie-name", "cookie-value" }
};
var cookies = new RequestCookieCollection(cookieStore);
var request = Mock.Of <IOwinRequest>();
var requestMock = Mock.Get(request);
requestMock.Setup(_ => _.Cookies).Returns(cookies);
requestMock.Setup(_ => _.User.Identity.IsAuthenticated).Returns(true);
requestMock.Setup(_ => _.Headers.Append(It.IsAny <string>(), It.IsAny <string>()));
var response = new OwinResponse();
var context = Mock.Of <OwinContext>();
var contextMock = Mock.Get(context);
contextMock.CallBase = true;
contextMock.Setup(_ => _.Request).Returns(request);
contextMock.Setup(_ => _.Response).Returns(response);
RequestDelegate next = _ => Task.FromResult((object)null);
var myMiddleware = new MyMiddleware(next);
//Act
await myMiddleware.Invoke(context);
//Assert
requestMock.Verify(_ => _.Headers.Append("header-name", "header-value"));
response.Headers.ContainsKey("Set-Cookie");
}
public void SettersModifyEnvironment()
{
var headers = new Dictionary <string, string[]>(StringComparer.InvariantCultureIgnoreCase)
{
{ "alpha", new[] { "beta", "gamma" } }
};
var body = new MemoryStream(new byte[] { 65, 66, 67, 68 });
var cts = new CancellationTokenSource();
var env = new Dictionary <string, object>(StringComparer.Ordinal);
var res = new OwinResponse(env)
{
StatusCode = 1,
ReasonPhrase = "two",
Protocol = "three",
Headers = headers,
Body = body,
OwinVersion = "1.0",
CallCancelled = cts.Token
};
env["owin.ResponseStatusCode"].ShouldBe(1);
env["owin.ResponseReasonPhrase"].ShouldBe("two");
env["owin.ResponseProtocol"].ShouldBe("three");
env["owin.ResponseHeaders"].ShouldBe(headers);
env["owin.ResponseBody"].ShouldBe(body);
env["owin.Version"].ShouldBe("1.0");
env["owin.CallCancelled"].ShouldBe(cts.Token);
}
public void ItStronglyTypesOwinKeys()
{
var headers = new Dictionary<string, string[]>(StringComparer.InvariantCultureIgnoreCase)
{
{ "alpha", new[] { "beta", "gamma" } }
};
var body = new MemoryStream(new byte[] { 65, 66, 67, 68 });
var cts = new CancellationTokenSource();
var env = new Dictionary<string, object>(StringComparer.Ordinal)
{
{ "owin.ResponseStatusCode", 1 },
{ "owin.ResponseReasonPhrase", "two" },
{ "owin.ResponseProtocol", "three" },
{ "owin.ResponseHeaders", headers },
{ "owin.ResponseBody", body },
{ "owin.Version", "1.0" },
{ "owin.CallCancelled", cts.Token },
};
var res = new OwinResponse(env);
res.StatusCode.ShouldBe(1);
res.ReasonPhrase.ShouldBe("two");
res.Protocol.ShouldBe("three");
res.Headers.ShouldBeSameAs(headers);
res.Body.ShouldBeSameAs(body);
res.OwinVersion.ShouldBe("1.0");
res.CallCancelled.ShouldBe(cts.Token);
}
public void ShouldFailOnInvalidAuthFormat()
{
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var request = OwinRequest.Create();
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "get";
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.SetHeader("Authorization", new string[] { "Hawk " +
"" });
var response = new OwinResponse(request);
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 401;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = GetCredential
}
);
middleware.Invoke(request, response);
Assert.AreEqual(401, response.StatusCode);
Assert.AreEqual("Invalid header format", logger.Messages[0]);
}
public void ShouldSkipAuthOnWrongAuthScheme()
{
var builder = new AppBuilderFactory().Create();
var request = OwinRequest.Create();
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "get";
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.SetHeader("Authorization", new string[] { "Basic " });
var response = new OwinResponse(request);
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 200;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = GetCredential
}
);
middleware.Invoke(request, response);
Assert.IsNotNull(response);
Assert.AreEqual(200, response.StatusCode);
}
public async Task Invoke(IDictionary <string, object> environment)
{
await _next(environment);
var response = new OwinResponse(environment);
if (response.Body == Stream.Null)
{
return;
}
string connection = response.GetHeader("Connection");
if (response.Protocol.Equals("HTTP/1.1", StringComparison.OrdinalIgnoreCase) &&
String.Equals(connection, "Close", StringComparison.OrdinalIgnoreCase))
{
var ms = new MemoryStream();
using (response.Body)
{
await response.Body.CopyToAsync(ms).ConfigureAwait(continueOnCapturedContext: false);
}
ms.Seek(0, SeekOrigin.Begin);
response.Body = ms;
}
}
public void SendAsync_Preflight_ReturnsBadRequest_WhenHeaderIsNotAllowed()
{
IAppBuilder builder = new AppBuilder();
var policy = new CorsPolicy();
policy.AllowAnyMethod = true;
policy.Headers.Add("TEST");
policy.Origins.Add("http://www.example.com");
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/default");
request.Method = "OPTIONS";
request.Headers.Set(CorsConstants.Origin, "http://localhost");
request.Headers.Set(CorsConstants.AccessControlRequestMethod, "POST");
request.Headers.Set(CorsConstants.AccessControlRequestHeaders, "INVALID");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
string origin = response.Headers.Get(CorsConstants.AccessControlAllowOrigin);
Assert.Equal(400, response.StatusCode);
Assert.Equal(null, origin);
}
public async Task SendFileWorks()
{
IOwinResponse response = new OwinResponse();
string name = null;
long offset = 0;
long? length = null;
CancellationToken token;
Func <string, long, long?, CancellationToken, Task> func = (n, o, l, c) =>
{
name = n;
offset = o;
length = l;
token = c;
return(Task.FromResult(0));
};
response.Set("sendfile.SendAsync", func);
await response.SendFileAsync("bob", 1, 3, CancellationToken.None);
Assert.Equal("bob", name);
Assert.Equal(1, offset);
Assert.Equal(3, length);
Assert.Equal(CancellationToken.None, token);
}
private static async Task PrintResponse(IDictionary <string, object> env)
{
var response = new OwinResponse(env);
var reader = new StreamReader(response.Body);
Console.WriteLine(await reader.ReadToEndAsync());
}
public void NullPolicyProvider_CallsNext()
{
IAppBuilder builder = new AppBuilder();
builder.UseCors(new CorsOptions
{
});
builder.Run(context =>
{
context.Response.StatusCode = 200;
return(Task.FromResult(0));
});
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
Assert.Equal(200, response.StatusCode);
Assert.Empty(response.Headers);
}
public void NonNullCorsRequestContext_CallsPolicyProvider()
{
IAppBuilder builder = new AppBuilder();
bool wasCalled = false;
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = ctx =>
{
wasCalled = true;
return(Task.FromResult <CorsPolicy>(null));
}
}
});
builder.Run(context =>
{
context.Response.StatusCode = 200;
return(Task.FromResult(0));
});
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
request.Headers.Set(CorsConstants.Origin, "http://test");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
Assert.Equal(true, wasCalled);
}
public async Task TestResolutionMiddleware_WithUriResolver_ShouldResolveTenants(string subdomain, string name)
{
// Arrange
IOwinRequest request = Mock.Of <IOwinRequest>();
Mock <IOwinRequest> requestMock = Mock.Get(request);
requestMock.Setup(_ => _.Uri).Returns(new Uri($"https://{subdomain}.dimescheduler.com"));
requestMock.Setup(_ => _.User.Identity.IsAuthenticated).Returns(true);
requestMock.Setup(_ => _.Headers.Append(It.IsAny <string>(), It.IsAny <string>()));
OwinResponse response = new OwinResponse();
ConcurrentDictionary <string, object> owinEnvironment = new ConcurrentDictionary <string, object>();
owinEnvironment.TryAdd("uri", $"https://{subdomain}.dimescheduler.com");
OwinContext context = Mock.Of <OwinContext>();
Mock <OwinContext> contextMock = Mock.Get(context);
contextMock.CallBase = true;
contextMock.Setup(_ => _.Environment).Returns(owinEnvironment);
contextMock.Setup(_ => _.Request).Returns(request);
contextMock.Setup(_ => _.Response).Returns(response);
Func <IDictionary <string, object>, Task> next = _ => Task.FromResult((object)null);
TenantResolutionMiddleware <Tenant> multiTenancyMiddleware = new TenantResolutionMiddleware <Tenant>(next, () => new TenantResolver());
// Act
await multiTenancyMiddleware.Invoke(context.Environment);
TenantContext <Tenant> tenantContext = context.Environment.GetTenantContext <Tenant>();
// Assert
Assert.IsTrue(tenantContext.Tenant.Name == name);
}
public async Task TestResolutionMiddleware_WithUriResolver_TenantDoesNotExist_ShouldThrowArgumentNullException()
{
// Arrange
IOwinRequest request = Mock.Of <IOwinRequest>();
Mock <IOwinRequest> requestMock = Mock.Get(request);
requestMock.Setup(_ => _.Uri).Returns(new Uri($"https://tenant3.dimescheduler.com"));
requestMock.Setup(_ => _.User.Identity.IsAuthenticated).Returns(true);
requestMock.Setup(_ => _.Headers.Append(It.IsAny <string>(), It.IsAny <string>()));
OwinResponse response = new OwinResponse();
ConcurrentDictionary <string, object> owinEnvironment = new ConcurrentDictionary <string, object>();
owinEnvironment.TryAdd("uri", $"https://tenant3.dimescheduler.com");
OwinContext context = Mock.Of <OwinContext>();
Mock <OwinContext> contextMock = Mock.Get(context);
contextMock.CallBase = true;
contextMock.Setup(_ => _.Environment).Returns(owinEnvironment);
contextMock.Setup(_ => _.Request).Returns(request);
contextMock.Setup(_ => _.Response).Returns(response);
Func <IDictionary <string, object>, Task> next = _ => Task.FromResult((object)null);
TenantResolutionMiddleware <Tenant> multiTenancyMiddleware = new TenantResolutionMiddleware <Tenant>(next, () => new TenantResolver());
// Assert
await Assert.ThrowsExceptionAsync <ArgumentNullException>(async() => await multiTenancyMiddleware.Invoke(context.Environment));
}
private async Task RespondGetSong(OwinResponse response, SongStorage storage, string name)
{
bool success = true;
try
{
using (var entry = await storage.GetAsync(name, CancellationToken.None))
{
response.SetHeader("Content-Type", "text/xml");
if (entry.LastModified.HasValue)
{
response.SetHeader("Last-Modified", entry.LastModified.Value.ToString("r"));
}
await entry.Stream.CopyToAsync(response.Body);
}
}
catch (FileNotFoundException)
{
success = false;
}
catch (ArgumentException)
{
success = false;
}
if (!success)
{
await response.RespondNotFound();
}
}
public Task Invoke(IDictionary <string, object> env)
{
var request = new OwinRequest(env);
var logger = _kernel.Get <ILogger>();
var requestHeaders = new StringBuilder();
foreach (var header in request.Headers)
{
requestHeaders.AppendLine(header.Key + " = " + request.GetHeader(header.Key));
}
Task task = _next(env);
var response = new OwinResponse(env);
var responseHeaders = new StringBuilder();
foreach (var header in response.Headers)
{
responseHeaders.AppendLine(header.Key + " = " + response.GetHeader(header.Key));
}
logger.Log("URI: " + request.Uri + " " + Environment.NewLine +
"Request Headers: \r\n " + requestHeaders.ToString() + Environment.NewLine +
"Response Headers: \r\n " + responseHeaders.ToString());
return(task);
}
/// <summary>
/// Responds with a request for authentication details.
/// </summary>
/// <param name="environment"></param>
private void SendNeedsAuthenticationResponse(IDictionary <string, object> environment)
{
var response = new OwinResponse(environment);
response.StatusCode = (int)HttpStatusCode.Unauthorized;
response.Headers.Add("WWW-Authenticate", new string[] { "Basic Realm=\"Virtual Radar Server\", charset=\"UTF-8\"" });
}
public Task Invoke(IDictionary <string, object> env)
{
var request = new OwinRequest(env);
var response = new OwinResponse(env);
if (request.Uri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase))
{
return(_next(env));
}
var builder = new UriBuilder(request.Uri)
{
Scheme = "https"
};
if (request.Uri.IsDefaultPort)
{
builder.Port = -1;
}
response.Headers.Set("Location", builder.ToString());
response.StatusCode = (int)HttpStatusCode.Found;
return(TaskHelper.Empty);
}
public static void AddCookie(OwinResponse response, string key, string value, CookieOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
var domainHasValue = !string.IsNullOrEmpty(options.Domain);
var pathHasValue = !string.IsNullOrEmpty(options.Path);
var expiresHasValue = options.Expires.HasValue;
var setCookieValue = string.Concat(
Uri.EscapeDataString(key),
"=",
Uri.EscapeDataString(value ?? string.Empty),
!domainHasValue ? null : "; domain=",
!domainHasValue ? null : options.Domain,
!pathHasValue ? null : "; path=",
!pathHasValue ? null : options.Path,
!expiresHasValue ? null : "; expires=",
!expiresHasValue ? null : options.Expires.Value.ToString("ddd, dd-MMM-yyyy HH:mm:ss ", CultureInfo.InvariantCulture) + "GMT",
!options.Secure ? null : "; secure",
!options.HttpOnly ? null : "; HttpOnly");
response.AddHeader("Set-Cookie", setCookieValue);
}
/// <summary>
/// Method to be invoked on the pipeline.
/// </summary>
/// <param name="context">The current owin context</param>
/// <returns></returns>
public override Task Invoke(IOwinContext context)
{
IOwinRequest owinRequest = context.Request;
IOwinResponse owinResponse = context.Response;
if (owinRequest != null)
{
string[] values;
if (owinRequest.Headers.TryGetValue("Content-Length", out values))
{
long receivedSize;
long.TryParse(values.FirstOrDefault(), out receivedSize);
if (receivedSize > _limit)
{
string message = $"Payload limit is {_limit}";
owinResponse.OnSendingHeaders(state =>
{
OwinResponse owinResponseState = (OwinResponse)state;
owinResponseState.StatusCode = 413;
owinResponseState.ReasonPhrase = message;
}, owinResponse);
return(context.Response.WriteAsync(message));//Short-circuit pipeline
}
}
}
return(Next.Invoke(context));
}
public override Task ProcessRequest(HostContext context)
{
string alterWhen = "____Never____";
int statusCode = 200;
if (!String.IsNullOrEmpty(context.Request.QueryString["alterWhen"]))
{
alterWhen = context.Request.QueryString["alterWhen"];
}
if (!String.IsNullOrEmpty(context.Request.QueryString["statusCode"]))
{
statusCode = Int32.Parse(context.Request.QueryString["statusCode"]);
}
var owinRequest = new OwinRequest(context.Environment);
if (owinRequest.Path.Value.Contains("/" + alterWhen))
{
var response = new OwinResponse(context.Environment);
// Alter status code
response.StatusCode = statusCode;
using (var sw = new StreamWriter(response.Body))
{
sw.WriteLine("Hello world");
sw.Flush();
}
return(TaskAsyncHelper.Empty);
}
return(base.ProcessRequest(context));
}
public void CreateEnvironment()
{
var creator = typeof(Http11ProtocolOwinAdapter).GetMethod("CreateOwinEnvironment", BindingFlags.NonPublic | BindingFlags.Static);
const string method = "GET",
scheme = "https",
host = "localhost:80",
pathBase = "",
path = "/test.txt",
queryString = "xunit";
var requestHeaders = new Dictionary <string, string[]> {
{ "Host", new[] { host } }
};
var environment = (Dictionary <string, object>)creator.Invoke(null, new object[] { method, scheme, pathBase, path, requestHeaders, queryString, null });
var owinRequest = new OwinRequest(environment);
Assert.Equal(owinRequest.Method, method);
Assert.Equal(owinRequest.Scheme, scheme);
Assert.Equal(owinRequest.PathBase.Value, pathBase);
Assert.Equal(owinRequest.Path.Value, path);
Assert.Equal(owinRequest.Body.Length, 0);
Assert.Equal(owinRequest.Headers.ContainsKey("Host"), true);
Assert.Equal(owinRequest.Headers["Host"], host);
Assert.Equal(owinRequest.QueryString.Value, queryString);
Assert.Equal(owinRequest.CallCancelled.IsCancellationRequested, false);
var owinResponse = new OwinResponse(environment);
Assert.Equal(owinResponse.Headers.Count, 0);
Assert.Equal(owinResponse.Body.Length, 0);
Assert.Equal(owinResponse.StatusCode, StatusCode.Code200Ok);
}
public void ShouldFailOnUnknownAuthAttribute()
{
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var request = OwinRequest.Create();
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "get";
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.SetHeader("Authorization", new string[] { "Hawk " +
"id = \"123\", ts = \"1353788437\", nonce = \"1353788437\", x = \"3\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"" });
var response = new OwinResponse(request);
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 401;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = GetCredential
}
);
middleware.Invoke(request, response);
Assert.AreEqual(401, response.StatusCode);
Assert.AreEqual("Unknown attributes", logger.Messages[0]);
}
public void NonNullCorsRequestContext_CallsPolicyProvider()
{
IAppBuilder builder = new AppBuilder();
bool wasCalled = false;
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = ctx =>
{
wasCalled = true;
return Task.FromResult<CorsPolicy>(null);
}
}
});
builder.Run(context =>
{
context.Response.StatusCode = 200;
return Task.FromResult(0);
});
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
request.Headers.Set(CorsConstants.Origin, "http://test");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
Assert.Equal(true, wasCalled);
}
public static void AddCookie(OwinResponse response, string key, string value, CookieOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
var domainHasValue = !string.IsNullOrEmpty(options.Domain);
var pathHasValue = !string.IsNullOrEmpty(options.Path);
var expiresHasValue = options.Expires.HasValue;
var setCookieValue = string.Concat(
Uri.EscapeDataString(key),
"=",
Uri.EscapeDataString(value ?? string.Empty),
!domainHasValue ? null : "; domain=",
!domainHasValue ? null : options.Domain,
!pathHasValue ? null : "; path=",
!pathHasValue ? null : options.Path,
!expiresHasValue ? null : "; expires=",
!expiresHasValue ? null : options.Expires.Value.ToString("ddd, dd-MMM-yyyy HH:mm:ss ", CultureInfo.InvariantCulture) + "GMT",
!options.Secure ? null : "; secure",
!options.HttpOnly ? null : "; HttpOnly");
response.AddHeader("Set-Cookie", setCookieValue);
}
public void SendAsyncKeyDeterminesIfYouCanCallSendFileAsync()
{
var res = new OwinResponse(OwinRequest.Create());
res.CanSendFile.ShouldBe(false);
res.SendFileAsyncDelegate = (a, b, c, d) => null;
res.CanSendFile.ShouldBe(true);
}
public Task Invoke(IDictionary <string, object> env)
{
var request = new OwinRequest(env);
var response = new OwinResponse(env);
if (!request.Uri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase))
{
var builder = new UriBuilder(request.Uri);
builder.Scheme = "https";
if (request.Uri.IsDefaultPort)
{
builder.Port = -1;
}
response.SetHeader("Location", builder.ToString());
response.StatusCode = 302;
return(TaskAsyncHelper.Empty);
}
else
{
return(_next(env));
}
}
/// <summary>
/// Inspects the environment and checks to see if this is a POST containing the HTML form fields in the login.html page.
/// </summary>
/// <param name="environment"></param>
/// <param name="formsAuthenticationProvider"></param>
public LoginContext(IDictionary <string, object> environment, FormsAuthenticationProvider formsAuthenticationProvider)
{
_environment = environment;
Request = new OwinRequest(environment);
Response = new OwinResponse(environment);
_formsAuthenticationProvider = formsAuthenticationProvider;
_responseStream = Response.Body;
var requestContentType = Request.GetHeader("Content-Type");
_isFormUrlEncodedPost = Request.Method == "POST" && !string.IsNullOrEmpty(requestContentType) && requestContentType.StartsWith("application/x-www-form-urlencoded");
if (_isFormUrlEncodedPost && Request.Body != null)
{
_formData = Request.ReadForm().Result;
var username = _formData["login_username"];
var password = _formData["login_password"];
var rememberMe = _formData["remember_me"] != null && _formData["remember_me"] == "yes";
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
environment["formsauthn.username"] = username;
environment["formsauthn.password"] = password;
environment["formsauthn.remember"] = rememberMe;
}
}
}
public void CallingMethodInvokesDelegate()
{
var res = new OwinResponse(OwinRequest.Create());
res.CanSendFile.ShouldBe(false);
string aa = null;
long bb = 0;
long? cc = null;
CancellationToken dd = CancellationToken.None;
var cts = new CancellationTokenSource();
res.SendFileAsyncDelegate = (a, b, c, d) =>
{
aa = a;
bb = b;
cc = c;
dd = d;
return null;
};
res.SendFileAsync("one", 2, 3, cts.Token);
aa.ShouldBe("one");
bb.ShouldBe(2);
cc.ShouldBe(3);
dd.ShouldBe(cts.Token);
res.SendFileAsync("four");
aa.ShouldBe("four");
bb.ShouldBe(0);
cc.ShouldBe(null);
dd.ShouldBe(CancellationToken.None);
}
public async Task Invoke(IDictionary <string, object> environment)
{
int maxRedirects = _maxRedirects;
while (maxRedirects >= 0)
{
await _next(environment);
var response = new OwinResponse(environment);
if (response.StatusCode == 302 || response.StatusCode == 301)
{
string url = BuildRedirectUrl(response);
// Clear the env so we can make a new request
environment.Clear();
// Populate the env with new request data
RequestBuilder.BuildGet(environment, url);
}
else
{
break;
}
maxRedirects--;
}
}
/// <summary>
/// OWIN entry point.
/// </summary>
/// <param name="environment"></param>
/// <returns></returns>
public Task ProcessRequest(IDictionary <string, object> environment)
{
var context = new HostContext(environment);
// Disable request compression and buffering on IIS
Console.WriteLine("Disabling Request Compression...");
environment.DisableRequestCompression();
environment.DisableResponseBuffering();
var response = new OwinResponse(environment);
// Add the nosniff header for all responses to prevent IE from trying to sniff mime type from contents
response.Headers.Set("X-Content-Type-Options", "nosniff");
if (Authorize(context.Request))
{
return(ProcessRequest(context));
}
if (context.Request.User != null &&
context.Request.User.Identity.IsAuthenticated)
{
// If the user is authenticated and authorize failed then 403
response.StatusCode = 403;
}
else
{
// If we failed to authorize the request then return a 401
response.StatusCode = 401;
}
return(TaskAsyncHelper.Empty);
}
public void CallingMethodInvokesDelegate()
{
var res = new OwinResponse(OwinRequest.Create());
res.CanSendFile.ShouldBe(false);
string aa = null;
long bb = 0;
long? cc = null;
CancellationToken dd = CancellationToken.None;
var cts = new CancellationTokenSource();
res.SendFileAsyncDelegate = (a, b, c, d) =>
{
aa = a;
bb = b;
cc = c;
dd = d;
return(null);
};
res.SendFileAsync("one", 2, 3, cts.Token);
aa.ShouldBe("one");
bb.ShouldBe(2);
cc.ShouldBe(3);
dd.ShouldBe(cts.Token);
res.SendFileAsync("four");
aa.ShouldBe("four");
bb.ShouldBe(0);
cc.ShouldBe(null);
dd.ShouldBe(CancellationToken.None);
}
private static async Task ExecuteAsync(
IDictionary <string, object> environment,
IDictionary <string, string> keys, OwinRequest request,
AsyncHttpRequestHandler handler)
{
var response = new OwinResponse(environment);
var executor = (Func <Task <object> >)(async() =>
{
var form = from w in request.HasForm()
? (IEnumerable <KeyValuePair <string, string[]> >)(await request.ReadFormAsync().ConfigureAwait(false))
: EmptyForm
select w != null ? w[0] : null;
return(await handler.Executor(
environment,
keys,
form.ToDictionary()));
});
var result = await executor().ConfigureAwait(false);
if (result != null)
{
await response.WriteAsync(JsonConvert.SerializeObject(result)).ConfigureAwait(false);
}
response.StatusCode = handler.StatusCodeGenerator != null
? handler.StatusCodeGenerator(result)
: (int)HttpStatusCode.OK;
}
public void SendFileSupport()
{
IOwinResponse response = new OwinResponse();
Assert.False(response.SupportsSendFile());
// response.Set("sendfile.SendAsync", new Object());
// Assert.False(response.SupportsSendFile()); // Get<type> throw for type mismatch.
response.Set("sendfile.SendAsync", new Func<string, long, long?, CancellationToken, Task>((_, __, ___, ____) => Task.FromResult(0)));
Assert.True(response.SupportsSendFile());
}
public OwinCommunicationContext(IOwinContext nativeContext,ILogger logger)
{
PipelineData = new PipelineData();
_nativeContext = nativeContext;
Request = new OwinRequest(nativeContext.Request);
Response = new OwinResponse(nativeContext);
ServerErrors = new ServerErrorList { Log = logger };
User = nativeContext.Request.User;
}
public void ContentTypeSetsOrRemovesAppropriateHeader()
{
var request = OwinRequest.Create();
var response = new OwinResponse(request);
response.Headers.ContainsKey("Content-Type").ShouldBe(false);
response.ContentType.ShouldBe(null);
response.ContentType = "text/plain";
response.Headers["Content-Type"].ShouldBe(new[] { "text/plain" });
response.ContentType.ShouldBe("text/plain");
response.ContentType = null;
response.Headers.ContainsKey("Content-Type").ShouldBe(false);
response.ContentType.ShouldBe(null);
}
public void Invoke_DoesNotAddHeaders_WhenOriginIsMissing()
{
IAppBuilder builder = new AppBuilder();
builder.UseCors(CorsOptions.AllowAll);
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
Assert.Empty(response.Headers);
}
public async Task Invoke(IDictionary<string, object> env)
{
object value;
if (env.TryGetValue("server.User", out value))
{
var windowsPrincipal = value as WindowsPrincipal;
if (windowsPrincipal != null && windowsPrincipal.Identity.IsAuthenticated)
{
await _next(env);
var request = new OwinRequest(env);
var response = new OwinResponse(env);
if (response.StatusCode == 401)
{
// We're going no add the identifier claim
var nameClaim = windowsPrincipal.FindFirst(ClaimTypes.Name);
// This is the domain name
string name = nameClaim.Value;
// If the name is something like DOMAIN\username then
// grab the name part
var parts = name.Split(new[] { '\\' }, 2);
string shortName = parts.Length == 1 ? parts[0] : parts[parts.Length - 1];
// REVIEW: Do we want to preserve the other claims?
// Normalize the claims here
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.NameIdentifier, name));
claims.Add(new Claim(ClaimTypes.Name, shortName));
claims.Add(new Claim(ClaimTypes.AuthenticationMethod, "Windows"));
var identity = new ClaimsIdentity(claims, Constants.JabbRAuthType);
response.Authentication.SignIn(identity);
response.StatusCode = 302;
response.Headers.Set("Location", request.PathBase + request.Path);
}
return;
}
}
await _next(env);
}
public void NullPolicyProvider_CallsNext()
{
IAppBuilder builder = new AppBuilder();
builder.UseCors(new CorsOptions
{
});
builder.Run(context =>
{
context.Response.StatusCode = 200;
return Task.FromResult(0);
});
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
Assert.Equal(200, response.StatusCode);
Assert.Empty(response.Headers);
}
protected async Task BaseInitialize(AuthenticationOptions options, OwinRequest request, OwinResponse response)
{
_baseOptions = options;
Request = request;
Response = response;
Helper = new SecurityHelper(request);
RequestPathBase = Request.PathBase;
_registration = Request.RegisterAuthenticationHandler(this);
Request.OnSendingHeaders(state => ((AuthenticationHandler)state).ApplyResponse().Wait(), this);
await InitializeCore();
if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
{
AuthenticationTicket ticket = await Authenticate();
if (ticket != null && ticket.Identity != null)
{
Helper.AddUserIdentity(ticket.Identity);
}
}
}
public async Task Invoke(IDictionary<string, object> env)
{
var req = new OwinRequest(env);
string file;
if (!_router.TryGet(req.Path, out file))
{
await _next(env);
}
var resp = new OwinResponse(req)
{
ContentType = "text/html"
};
if (!File.Exists(file))
{
resp.StatusCode = 404;
await resp.WriteAsync("File not found");
}
using (var fs = new FileStream(file, FileMode.Open, FileAccess.Read, FileShare.Read))
{
await fs.CopyToAsync(resp.Body);
}
}
public async Task SendFileWorks()
{
IOwinResponse response = new OwinResponse();
string name = null;
long offset = 0;
long? length = null;
CancellationToken token;
Func<string, long, long?, CancellationToken, Task> func = (n, o, l, c) =>
{
name = n;
offset = o;
length = l;
token = c;
return Task.FromResult(0);
};
response.Set("sendfile.SendAsync", func);
await response.SendFileAsync("bob", 1, 3, CancellationToken.None);
Assert.Equal("bob", name);
Assert.Equal(1, offset);
Assert.Equal(3, length);
Assert.Equal(CancellationToken.None, token);
}
public async Task SendFileWhenNotSupported()
{
IOwinResponse response = new OwinResponse();
await Assert.ThrowsAsync<NotSupportedException>(() => response.SendFileAsync("foo"));
}
public AuthenticationManager(OwinRequest request)
{
_request = request;
_response = new OwinResponse(request);
}
/// <summary>
/// Helper code used when implementing authentication middleware
/// </summary>
/// <param name="request"></param>
public SecurityHelper(OwinRequest request)
{
_request = request;
_response = new OwinResponse(request);
}
public void SendFileWhenNotSupported()
{
IOwinResponse response = new OwinResponse();
Assert.Throws<NotSupportedException>(() => response.SendFileAsync("foo"));
}
public void WritesWork()
{
var body = new MemoryStream(4);
var expectedBody = new byte[] { 65, 66, 67, 68 };
var cts = new CancellationTokenSource();
var env = new Dictionary<string, object>(StringComparer.Ordinal)
{
{ "owin.CallCancelled", cts.Token },
{ "owin.ResponseBody", body },
};
var res = new OwinResponse(env);
res.Write("AB");
res.WriteAsync("CD").Wait();
body.GetBuffer().ShouldBe(expectedBody);
res.CallCancelled.ShouldBe(cts.Token);
}
public void SendAsync_Preflight_ReturnsBadRequest_WhenHeaderIsNotAllowed()
{
IAppBuilder builder = new AppBuilder();
var policy = new CorsPolicy();
policy.AllowAnyMethod = true;
policy.Headers.Add("TEST");
policy.Origins.Add("http://www.example.com");
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/default");
request.Method = "OPTIONS";
request.Headers.Set(CorsConstants.Origin, "http://localhost");
request.Headers.Set(CorsConstants.AccessControlRequestMethod, "POST");
request.Headers.Set(CorsConstants.AccessControlRequestHeaders, "INVALID");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
string origin = response.Headers.Get(CorsConstants.AccessControlAllowOrigin);
Assert.Equal(400, response.StatusCode);
Assert.Equal(null, origin);
}
public void SendAsync_Preflight_ReturnsAllowMethodsAndAllowHeaders(string policyOrigin, string requestedMethod, string expectedOrigin, string requestedHeaders)
{
IAppBuilder builder = new AppBuilder();
var policy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true
};
if (policyOrigin == "*")
{
policy.AllowAnyOrigin = true;
}
else
{
foreach (var o in policyOrigin.Split(','))
{
policy.Origins.Add(o.Trim());
}
}
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
builder.Use((context, next) => Task.FromResult<object>(null));
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
request.Method = "OPTIONS";
request.Headers.Set(CorsConstants.Origin, "http://localhost");
request.Headers.Set(CorsConstants.AccessControlRequestMethod, requestedMethod);
request.Headers.Set(CorsConstants.AccessControlRequestHeaders, requestedHeaders);
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
string origin = response.Headers.Get(CorsConstants.AccessControlAllowOrigin);
string allowMethod = response.Headers.Get(CorsConstants.AccessControlAllowMethods);
string[] allowHeaders = response.Headers.Get(CorsConstants.AccessControlAllowHeaders).Split(',');
string[] requestedHeaderArray = requestedHeaders.Split(',');
Assert.Equal(200, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
Assert.Equal(requestedMethod, allowMethod);
foreach (var requestedHeader in requestedHeaderArray)
{
Assert.Contains(requestedHeader, allowHeaders);
}
request = CreateRequest("http://localhost/sample");
request.Method = requestedMethod;
request.Headers.Set(CorsConstants.Origin, "http://localhost");
foreach (var requestedHeader in requestedHeaderArray)
{
request.Headers.Set(requestedHeader, requestedHeader);
}
app(request.Environment).Wait();
response = new OwinResponse(request.Environment);
Assert.Equal(200, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
}
public void SendAsync_ReturnsAllowAOrigin(string requestOrigin, string policyOrigin, string expectedOrigin)
{
IAppBuilder builder = new AppBuilder();
var policy = new CorsPolicy();
if (policyOrigin == "*")
{
policy.AllowAnyOrigin = true;
}
else
{
foreach (var o in policyOrigin.Split(','))
{
policy.Origins.Add(o.Trim());
}
}
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
builder.Use((context, next) => Task.FromResult<object>(null));
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
if ("header_not_set" != requestOrigin)
{
request.Headers.Set(CorsConstants.Origin, requestOrigin);
}
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
string origin = response.Headers.Get("Access-Control-Allow-Origin");
Assert.Equal(200, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
}
public static void DeleteCookie(OwinResponse response, string key, CookieOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
var domainHasValue = !string.IsNullOrEmpty(options.Domain);
var pathHasValue = !string.IsNullOrEmpty(options.Path);
Func<string, bool> rejectPredicate;
if (domainHasValue)
{
rejectPredicate = value =>
value.StartsWith(key + "=", StringComparison.OrdinalIgnoreCase) &&
value.IndexOf("domain=" + options.Domain, StringComparison.OrdinalIgnoreCase) != -1;
}
else if (pathHasValue)
{
rejectPredicate = value =>
value.StartsWith(key + "=", StringComparison.OrdinalIgnoreCase) &&
value.IndexOf("path=" + options.Path, StringComparison.OrdinalIgnoreCase) != -1;
}
else
{
rejectPredicate = value => value.StartsWith(key + "=", StringComparison.OrdinalIgnoreCase);
}
var existingValues = response.GetHeaderUnmodified("Set-Cookie");
if (existingValues != null)
{
response.SetHeaderUnmodified("Set-Cookie", existingValues.Where(value => !rejectPredicate(value)).ToArray());
}
AddCookie(response, key, string.Empty, new CookieOptions
{
Path = options.Path,
Domain = options.Domain,
Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
});
}
public void SettersModifyEnvironment()
{
var headers = new Dictionary<string, string[]>(StringComparer.InvariantCultureIgnoreCase)
{
{ "alpha", new[] { "beta", "gamma" } }
};
var body = new MemoryStream(new byte[] { 65, 66, 67, 68 });
var cts = new CancellationTokenSource();
var env = new Dictionary<string, object>(StringComparer.Ordinal);
var res = new OwinResponse(env)
{
StatusCode = 1,
ReasonPhrase = "two",
Protocol = "three",
Headers = headers,
Body = body,
OwinVersion = "1.0",
CallCancelled = cts.Token
};
env["owin.ResponseStatusCode"].ShouldBe(1);
env["owin.ResponseReasonPhrase"].ShouldBe("two");
env["owin.ResponseProtocol"].ShouldBe("three");
env["owin.ResponseHeaders"].ShouldBe(headers);
env["owin.ResponseBody"].ShouldBe(body);
env["owin.Version"].ShouldBe("1.0");
env["owin.CallCancelled"].ShouldBe(cts.Token);
}
public static void AddCookie(OwinResponse response, string key, string value)
{
response.AddHeader("Set-Cookie", Uri.EscapeDataString(key) + "=" + Uri.EscapeDataString(value) + "; path=/");
}
public override Task Invoke(OwinRequest request, OwinResponse response)
{
return _next(request.Environment);
}
public static void DeleteCookie(OwinResponse response, string key)
{
Func<string, bool> predicate = value => value.StartsWith(key + "=", StringComparison.OrdinalIgnoreCase);
var deleteCookies = new[] { Uri.EscapeDataString(key) + "=; expires=Thu, 01-Jan-1970 00:00:00 GMT" };
var existingValues = response.GetHeaderUnmodified("Set-Cookie");
if (existingValues == null || existingValues.Length == 0)
{
response.SetHeaderUnmodified("Set-Cookie", deleteCookies);
}
else
{
response.SetHeaderUnmodified("Set-Cookie", existingValues.Where(value => !predicate(value)).Concat(deleteCookies).ToArray());
}
}
private async Task OnHandler3(OwinRequest request, OwinResponse response, Func<Task> next)
{
await next();
}
private async Task OnHandler2(OwinRequest request, OwinResponse response)
{
await Task.Delay(0);
}
/// <summary>
/// Helper code used when implementing authentication middleware
/// </summary>
/// <param name="environment"></param>
public SecurityHelper(IDictionary<string, object> environment)
{
_request = new OwinRequest(environment);
_response = new OwinResponse(environment);
}
