public void OnAuthorizationRedirectsIfPermanentConstructorParameterIsAndRequestIsNotSecureAndMethodIsGet( bool permanent ) { // Arrange Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext .Setup(c => c.HttpContext.Request.RawUrl) .Returns("/alpha/bravo/charlie?q=quux"); mockAuthContext .Setup(c => c.HttpContext.Request.Url) .Returns(new Uri("http://www.example.com:8080/foo/bar/baz")); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(permanent); // Act attr.OnAuthorization(authContext); RedirectResult result = authContext.Result as RedirectResult; // Assert Assert.Equal(permanent, attr.Permanent); Assert.NotNull(result); Assert.Equal("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url); Assert.Equal(permanent, result.Permanent); }
public void OnAuthorization_RedirectsToHttpsEndpoint_WithSpecifiedStatusCodeAndRequireHttpsPermanentOption(bool?permanent, bool requireHttpsPermanent) { var requestContext = new DefaultHttpContext(); requestContext.RequestServices = CreateServices(null, requireHttpsPermanent); requestContext.Request.Scheme = "http"; requestContext.Request.Method = "GET"; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); if (permanent.HasValue) { attr.Permanent = permanent.Value; } ; // Act attr.OnAuthorization(authContext); // Assert var result = Assert.IsType <RedirectResult>(authContext.Result); Assert.Equal(permanent ?? requireHttpsPermanent, result.Permanent); }
public void OnAuthorization_RedirectsToHttpsEndpoint_ForCustomSslPort( string url, int?sslPort, string expectedUrl) { // Arrange var options = Options.Create(new MvcOptions()); var uri = new Uri(url); var requestContext = new DefaultHttpContext(); requestContext.RequestServices = CreateServices(sslPort); requestContext.Request.Scheme = "http"; requestContext.Request.Method = "GET"; requestContext.Request.Host = HostString.FromUriComponent(uri); requestContext.Request.Path = PathString.FromUriComponent(uri); requestContext.Request.QueryString = QueryString.FromUriComponent(uri); var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType <RedirectResult>(authContext.Result); Assert.Equal(expectedUrl, result.Url); }
public void OnAuthorizationThrowsIfFilterContextIsNull() { // Arrange RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert Assert.ThrowsArgumentNull( delegate { attr.OnAuthorization(null); }, "filterContext"); }
public void OnAuthorizationThrowsIfFilterContextIsNull() { // Arrange RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert Assert.ThrowsArgumentNull( delegate { attr.OnAuthorization(null); }, "filterContext"); }
public void OnAuthorizationThrowsIfRequestIsNotSecureAndMethodIsNotGet() { // Arrange Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("post"); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert Assert.Throws <InvalidOperationException>( delegate { attr.OnAuthorization(authContext); }, @"The requested resource can only be accessed via SSL."); }
public void OnAuthorization_AllowsTheRequestIfItIsHttps() { // Arrange var requestContext = new DefaultHttpContext(); requestContext.Request.Scheme = "https"; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.Null(authContext.Result); }
public void OnAuthorizationDoesNothingIfRequestIsSecure() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(true); AuthorizationContext authContext = mockAuthContext.Object; ViewResult result = new ViewResult(); authContext.Result = result; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.Same(result, authContext.Result); }
public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests( string host, string pathBase, string path, string queryString, string expectedUrl) { // Arrange var requestContext = new DefaultHttpContext(); requestContext.RequestServices = CreateServices(); requestContext.Request.Scheme = "http"; requestContext.Request.Method = "GET"; requestContext.Request.Host = HostString.FromUriComponent(host); if (pathBase != null) { requestContext.Request.PathBase = new PathString(pathBase); } if (path != null) { requestContext.Request.Path = new PathString(path); } if (queryString != null) { requestContext.Request.QueryString = new QueryString(queryString); } var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType <RedirectResult>(authContext.Result); Assert.False(result.Permanent); Assert.Equal(expectedUrl, result.Url); }
public void OnAuthorizationDoesNothingIfRequestIsSecure() { // Arrange Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(true); AuthorizationContext authContext = mockAuthContext.Object; ViewResult result = new ViewResult(); authContext.Result = result; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.Same(result, authContext.Result); }
public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.Setup(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux"); mockAuthContext.Setup(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz")); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); RedirectResult result = authContext.Result as RedirectResult; // Assert Assert.NotNull(result); Assert.Equal("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url); }
public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method) { // Arrange var requestContext = new DefaultHttpContext(); requestContext.RequestServices = CreateServices(); requestContext.Request.Scheme = "http"; requestContext.Request.Method = method; var authContext = CreateAuthorizationContext(requestContext); var attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.NotNull(authContext.Result); var result = Assert.IsType <StatusCodeResult>(authContext.Result); Assert.Equal(StatusCodes.Status403Forbidden, result.StatusCode); }
public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet() { // Arrange Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>(); mockAuthContext.Expect(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.Expect(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.Expect(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux"); mockAuthContext.Expect(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz")); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); RedirectResult result = authContext.Result as RedirectResult; // Assert Assert.IsNotNull(result, "Result should have been a RedirectResult."); Assert.AreEqual("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url); }
public void FailsForNullParameter() { sut.OnAuthorization(null); }
public void OnAuthorizationThrowsIfRequestIsNotSecureAndMethodIsNotGet() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(); mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("post"); mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert Assert.Throws<InvalidOperationException>( delegate { attr.OnAuthorization(authContext); }, @"The requested resource can only be accessed via SSL."); }