public void RequireHttpsAttributeDoesNotThrowForInsecureConnectionIfNotAuthenticatedOrForcingSSLAndOnlyWhenAuthenticatedSet()
        {
            // Arrange
            var mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
            var mockConfig = new Mock<IConfiguration>();
            var mockFormsAuth = new Mock<IFormsAuthenticationService>();
            mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(false);
            var context = mockAuthContext.Object;
            mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(false);
            var attribute = new RequireRemoteHttpsAttribute()
            {
                Configuration = mockConfig.Object,
                OnlyWhenAuthenticated = true,
                FormsAuthentication = mockFormsAuth.Object
            };
            var result = new ViewResult();
            context.Result = result;

            // Act
            attribute.OnAuthorization(context);

            // Assert
            Assert.Same(result, context.Result);
        }
        public void RequireFactsAttributeDoesNotThrowForLocalHostRequests()
        {
            // Arrange
            Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(true);
            var context = mockAuthContext.Object;
            var attribute = new RequireRemoteHttpsAttribute();
            var result = new ViewResult();
            context.Result = result;

            // Act
            attribute.OnAuthorization(context);

            // Assert
            Assert.Same(result, context.Result);
        }
        public void RequireHttpsAttributeRedirectsGetRequest()
        {
            // Arrange
            Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns("get");
            mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/login"));
            mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/login");
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
            var context = mockAuthContext.Object;
            var attribute = new RequireRemoteHttpsAttribute();
            var result = new ViewResult();
            context.Result = result;

            // Act
            attribute.OnAuthorization(context);

            // Assert
            Assert.IsType<RedirectResult>(context.Result);
            Assert.Equal("https://test.nuget.org/login", ((RedirectResult)context.Result).Url);
        }
Exemplo n.º 4
0
        [InlineData(false, true, true, 44300, "{0}:44300")]     // Non-standard Port, Authenticated, should be authenticated, force SSL
        public void RequireHttpsAttributeRedirectsGetRequest(bool isAuthenticated, bool forceSSL, bool onlyWhenAuthenticated, int port, string hostFormatter)
        {
            // Arrange
            var mockAuthContext = new Mock <AuthorizationContext>(MockBehavior.Strict);
            var mockConfig      = new Mock <IAppConfiguration>();
            var mockFormsAuth   = new Mock <IFormsAuthenticationService>();

            mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns("get");
            mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/login"));
            mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/login");
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(isAuthenticated);

            mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true);
            mockConfig.Setup(cfg => cfg.SSLPort).Returns(port);

            var context = mockAuthContext.Object;

            mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(forceSSL);

            var attribute = new RequireRemoteHttpsAttribute()
            {
                Configuration         = mockConfig.Object,
                OnlyWhenAuthenticated = onlyWhenAuthenticated,
                FormsAuthentication   = mockFormsAuth.Object
            };
            var result = new ViewResult();

            context.Result = result;

            // Act
            attribute.OnAuthorization(context);

            // Assert
            Assert.IsType <RedirectResult>(context.Result);
            Assert.Equal("https://" + String.Format(hostFormatter, "test.nuget.org") + "/login", ((RedirectResult)context.Result).Url);
        }
        public void RequireHttpsAttributeReturns403IfNonGetRequest(string method, bool isAuthenticated, bool forceSSL, bool onlyWhenAuthenticated)
        {
            // Arrange
            var mockAuthContext = new Mock <AuthorizationContext>(MockBehavior.Strict);
            var mockConfig      = new Mock <IConfiguration>();
            var mockFormsAuth   = new Mock <IFormsAuthenticationService>();

            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns(method);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/api/create"));
            mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/api/create");
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(isAuthenticated);

            mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true);
            var context = mockAuthContext.Object;

            mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(forceSSL);

            var attribute = new RequireRemoteHttpsAttribute()
            {
                Configuration         = mockConfig.Object,
                OnlyWhenAuthenticated = onlyWhenAuthenticated,
                FormsAuthentication   = mockFormsAuth.Object
            };

            // Act
            attribute.OnAuthorization(context);

            // Assert
            Assert.IsType <HttpStatusCodeWithBodyResult>(context.Result);
            var result = (HttpStatusCodeWithBodyResult)context.Result;

            Assert.Equal(403, result.StatusCode);
            Assert.Equal("The requested resource can only be accessed via SSL.", result.StatusDescription);
        }
        public void RequireHttpsAttributeReturns403IfNonGetRequest(string method)
        {
            // Arrange
            Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns(method);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/api/create"));
            mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/api/create");
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
            var context = mockAuthContext.Object;
            var attribute = new RequireRemoteHttpsAttribute();

            // Act 
            attribute.OnAuthorization(context);

            // Assert
            Assert.IsType<HttpStatusCodeWithBodyResult>(context.Result);
            var result = (HttpStatusCodeWithBodyResult)context.Result;
            Assert.Equal(403, result.StatusCode);
            Assert.Equal("The requested resource can only be accessed via SSL.", result.StatusDescription);
        }
        [InlineData(false, true, true, 44300, "{0}:44300")]     // Non-standard Port, Authenticated, should be authenticated, force SSL
        public void RequireHttpsAttributeRedirectsGetRequest(bool isAuthenticated, bool forceSSL, bool onlyWhenAuthenticated, int port, string hostFormatter)
        {
            // Arrange
            var mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
            var mockConfig = new Mock<IConfiguration>();
            var mockFormsAuth = new Mock<IFormsAuthenticationService>();

            mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns("get");
            mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/login"));
            mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/login");
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(isAuthenticated);

            mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true);
            mockConfig.Setup(cfg => cfg.SSLPort).Returns(port);
            
            var context = mockAuthContext.Object;
            mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(forceSSL);

            var attribute = new RequireRemoteHttpsAttribute()
            {
                Configuration = mockConfig.Object,
                OnlyWhenAuthenticated = onlyWhenAuthenticated,
                FormsAuthentication = mockFormsAuth.Object
            };
            var result = new ViewResult();
            context.Result = result;

            // Act
            attribute.OnAuthorization(context);

            // Assert
            Assert.IsType<RedirectResult>(context.Result);
            Assert.Equal("https://" + String.Format(hostFormatter, "test.nuget.org") + "/login", ((RedirectResult)context.Result).Url);
        }
        public void RequireHttpsAttributeReturns403IfNonGetRequest(string method, bool isAuthenticated, bool forceSSL, bool onlyWhenAuthenticated)
        {
            // Arrange
            var mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
            var mockConfig = new Mock<IConfiguration>();
            var mockFormsAuth = new Mock<IFormsAuthenticationService>();

            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns(method);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/api/create"));
            mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/api/create");
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
            mockAuthContext.SetupGet(c => c.HttpContext.Request.IsAuthenticated).Returns(isAuthenticated);

            mockConfig.Setup(cfg => cfg.RequireSSL).Returns(true);
            var context = mockAuthContext.Object;

            mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(forceSSL);

            var attribute = new RequireRemoteHttpsAttribute()
            {
                Configuration = mockConfig.Object,
                OnlyWhenAuthenticated = onlyWhenAuthenticated,
                FormsAuthentication = mockFormsAuth.Object
            };

            // Act 
            attribute.OnAuthorization(context);

            // Assert
            Assert.IsType<HttpStatusCodeWithBodyResult>(context.Result);
            var result = (HttpStatusCodeWithBodyResult)context.Result;
            Assert.Equal(403, result.StatusCode);
            Assert.Equal("The requested resource can only be accessed via SSL.", result.StatusDescription);
        }