public void OnAuthorization_ThrowsArgumentNullException()
{
FacebookConfiguration config = MockHelpers.CreateConfiguration();
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
Assert.ThrowsArgumentNull(
() => authorizeFilter.OnAuthorization(null),
"filterContext");
}
public void CreateRedirectResult_StringEncodesTheRedirectUrl()
{
Uri uri = new Uri("http://example.com?query=4'; alert('hello world')");
FacebookConfiguration config = MockHelpers.CreateConfiguration();
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
ContentResult result = Assert.IsType<ContentResult>(authorizeFilter.CreateRedirectResult(uri));
Assert.Equal("text/html", result.ContentType);
Assert.Equal(@"<script>window.top.location = 'http://example.com/?query=4\u0027;%20alert(\u0027hello%20world\u0027)';</script>", result.Content);
}
public void OnAuthorization_CannotCreateCookiesHookRedirectsToConfigValueOrDefault(
string cannotCreateCookiesRedirectPath,
string expectedRedirectPath)
{
// Arrange
var config = BuildConfiguration("~/home/permissions", cannotCreateCookiesRedirectPath);
var authorizeFilter = new FacebookAuthorizeFilter(config);
var context = BuildSignedAuthorizationContext("http://contoso.com?__fb_mps=true", "email");
// Act
authorizeFilter.OnAuthorization(context);
var result = context.Result as JavaScriptRedirectResult;
// Assert
Assert.Equal(result.RedirectUrl.AbsoluteUri, new Uri(expectedRedirectPath).AbsoluteUri);
}
public void OnAuthorization_RedirectsToOAuthDialog_WhenSignedRequestIsNull()
{
FacebookConfiguration config = MockHelpers.CreateConfiguration();
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
AuthorizationContext context = new AuthorizationContext(
MockHelpers.CreateControllerContext(),
MockHelpers.CreateActionDescriptor(new[] { new FacebookAuthorizeAttribute("email") }));
authorizeFilter.OnAuthorization(context);
ContentResult result = Assert.IsType<ContentResult>(context.Result);
Assert.Equal("text/html", result.ContentType);
Assert.Equal(
"<script>window.top.location = 'https://www.facebook.com/dialog/oauth?redirect_uri=https%3A%2F%2Fapps.facebook.com%2FDefaultAppId%2F\\u0026client_id=DefaultAppId';</script>",
result.Content);
}
public void OnAuthorization_RedirectsToOAuthDialog_ForMissingPermissions()
{
FacebookClient client = MockHelpers.CreateFacebookClient();
IFacebookPermissionService permissionService = MockHelpers.CreatePermissionService(new[] { "" });
FacebookConfiguration config = MockHelpers.CreateConfiguration(client, permissionService);
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
AuthorizationContext context = new AuthorizationContext(
MockHelpers.CreateControllerContext(new NameValueCollection
{
{"signed_request", "exampleSignedRequest"}
}),
MockHelpers.CreateActionDescriptor(new[] { new FacebookAuthorizeAttribute("email", "user_likes") }));
authorizeFilter.OnAuthorization(context);
ContentResult result = Assert.IsType<ContentResult>(context.Result);
Assert.Equal("text/html", result.ContentType);
Assert.Equal(
"<script>window.top.location = 'https://www.facebook.com/dialog/oauth?redirect_uri=example.com';</script>",
result.Content);
}
public void OnAuthorization_RedirectsToAuthorizationRedirectPath_OnlyWhenUserDeniedGrantingPermissions(string requestUrl, string expectedRedirectUrl)
{
FacebookClient client = MockHelpers.CreateFacebookClient();
IFacebookPermissionService permissionService = MockHelpers.CreatePermissionService(new[] { "" });
FacebookConfiguration config = MockHelpers.CreateConfiguration(client, permissionService);
config.AuthorizationRedirectPath = "~/home/permissions";
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
AuthorizationContext context = new AuthorizationContext(
MockHelpers.CreateControllerContext(new NameValueCollection
{
{"signed_request", "exampleSignedRequest"}
},
null,
new Uri(requestUrl)),
MockHelpers.CreateActionDescriptor(new[] { new FacebookAuthorizeAttribute("email") }));
authorizeFilter.OnAuthorization(context);
ContentResult result = Assert.IsType<ContentResult>(context.Result);
Assert.Equal("text/html", result.ContentType);
Assert.Equal(
String.Format("<script>window.top.location = '{0}';</script>", expectedRedirectUrl),
result.Content);
}
