public void OnAuthorizationRedirectsIfPermanentConstructorParameterIsAndRequestIsNotSecureAndMethodIsGet(
bool permanent
)
{
// Arrange
Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("get");
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
mockAuthContext
.Setup(c => c.HttpContext.Request.RawUrl)
.Returns("/alpha/bravo/charlie?q=quux");
mockAuthContext
.Setup(c => c.HttpContext.Request.Url)
.Returns(new Uri("http://www.example.com:8080/foo/bar/baz"));
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new RequireHttpsAttribute(permanent);
// Act
attr.OnAuthorization(authContext);
RedirectResult result = authContext.Result as RedirectResult;
// Assert
Assert.Equal(permanent, attr.Permanent);
Assert.NotNull(result);
Assert.Equal("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url);
Assert.Equal(permanent, result.Permanent);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_WithSpecifiedStatusCodeAndRequireHttpsPermanentOption(bool?permanent, bool requireHttpsPermanent)
{
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices(null, requireHttpsPermanent);
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
if (permanent.HasValue)
{
attr.Permanent = permanent.Value;
}
;
// Act
attr.OnAuthorization(authContext);
// Assert
var result = Assert.IsType <RedirectResult>(authContext.Result);
Assert.Equal(permanent ?? requireHttpsPermanent, result.Permanent);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_ForCustomSslPort(
string url,
int?sslPort,
string expectedUrl)
{
// Arrange
var options = Options.Create(new MvcOptions());
var uri = new Uri(url);
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices(sslPort);
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
requestContext.Request.Host = HostString.FromUriComponent(uri);
requestContext.Request.Path = PathString.FromUriComponent(uri);
requestContext.Request.QueryString = QueryString.FromUriComponent(uri);
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType <RedirectResult>(authContext.Result);
Assert.Equal(expectedUrl, result.Url);
}
public void OnAuthorizationThrowsIfFilterContextIsNull()
{
// Arrange
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act & assert
Assert.ThrowsArgumentNull(
delegate { attr.OnAuthorization(null); }, "filterContext");
}
public void OnAuthorizationThrowsIfFilterContextIsNull()
{
// Arrange
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act & assert
Assert.ThrowsArgumentNull(
delegate { attr.OnAuthorization(null); }, "filterContext");
}
public void OnAuthorizationThrowsIfRequestIsNotSecureAndMethodIsNotGet()
{
// Arrange
Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("post");
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act & assert
Assert.Throws <InvalidOperationException>(
delegate { attr.OnAuthorization(authContext); },
@"The requested resource can only be accessed via SSL.");
}
public void OnAuthorization_AllowsTheRequestIfItIsHttps()
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.Request.Scheme = "https";
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.Null(authContext.Result);
}
public void OnAuthorizationDoesNothingIfRequestIsSecure()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(true);
AuthorizationContext authContext = mockAuthContext.Object;
ViewResult result = new ViewResult();
authContext.Result = result;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.Same(result, authContext.Result);
}
public void OnAuthorization_RedirectsToHttpsEndpoint_ForNonHttpsGetRequests(
string host,
string pathBase,
string path,
string queryString,
string expectedUrl)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = "GET";
requestContext.Request.Host = HostString.FromUriComponent(host);
if (pathBase != null)
{
requestContext.Request.PathBase = new PathString(pathBase);
}
if (path != null)
{
requestContext.Request.Path = new PathString(path);
}
if (queryString != null)
{
requestContext.Request.QueryString = new QueryString(queryString);
}
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType <RedirectResult>(authContext.Result);
Assert.False(result.Permanent);
Assert.Equal(expectedUrl, result.Url);
}
public void OnAuthorizationDoesNothingIfRequestIsSecure()
{
// Arrange
Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(true);
AuthorizationContext authContext = mockAuthContext.Object;
ViewResult result = new ViewResult();
authContext.Result = result;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.Same(result, authContext.Result);
}
public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("get");
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
mockAuthContext.Setup(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux");
mockAuthContext.Setup(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz"));
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
RedirectResult result = authContext.Result as RedirectResult;
// Assert
Assert.NotNull(result);
Assert.Equal("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url);
}
public void OnAuthorization_SignalsBadRequestStatusCode_ForNonHttpsAndNonGetRequests(string method)
{
// Arrange
var requestContext = new DefaultHttpContext();
requestContext.RequestServices = CreateServices();
requestContext.Request.Scheme = "http";
requestContext.Request.Method = method;
var authContext = CreateAuthorizationContext(requestContext);
var attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.NotNull(authContext.Result);
var result = Assert.IsType <StatusCodeResult>(authContext.Result);
Assert.Equal(StatusCodes.Status403Forbidden, result.StatusCode);
}
public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet()
{
// Arrange
Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>();
mockAuthContext.Expect(c => c.HttpContext.Request.HttpMethod).Returns("get");
mockAuthContext.Expect(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
mockAuthContext.Expect(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux");
mockAuthContext.Expect(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz"));
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
RedirectResult result = authContext.Result as RedirectResult;
// Assert
Assert.IsNotNull(result, "Result should have been a RedirectResult.");
Assert.AreEqual("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url);
}
public void FailsForNullParameter()
{
sut.OnAuthorization(null);
}
public void OnAuthorizationThrowsIfRequestIsNotSecureAndMethodIsNotGet()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("post");
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act & assert
Assert.Throws<InvalidOperationException>(
delegate { attr.OnAuthorization(authContext); },
@"The requested resource can only be accessed via SSL.");
}
