public void IsSecureConnectionReturnsTrueIfRequestIndicatesSecurity()
        {
            // Arrange.
            var mockRequest = new Mock<HttpRequestBase>();
            mockRequest.SetupGet(req => req.IsSecureConnection).Returns(true);

            var settings = new Settings();
            var evaluator = new StandardSecurityEvaluator();

            // Act.
            var result = evaluator.IsSecureConnection(mockRequest.Object, settings);

            // Assert.
            Assert.True(result);
        }
        public void GetUriReturnsSwitchedUriBasedOnSuppliedBaseInsecureUri()
        {
            const string BaseRequestUri = "https://www.testsite.com";
            const string PathRequestUri = "/Info/Default.aspx";
            const string QueryRequestUri = "?Param=SomeValue";

            var mockRequest = new Mock<HttpRequestBase>();
            mockRequest.SetupGet(req => req.ApplicationPath).Returns("/");
            mockRequest.SetupGet(req => req.Url).Returns(new Uri(BaseRequestUri + PathRequestUri + QueryRequestUri));
            mockRequest.SetupGet(req => req.RawUrl).Returns(PathRequestUri + QueryRequestUri);
            mockRequest.SetupGet(req => req.IsSecureConnection).Returns(true);

            var mockResponse = new Mock<HttpResponseBase>();
            mockResponse.Setup(resp => resp.ApplyAppPathModifier(It.IsAny<string>())).Returns<string>(s => s);

            var settings = new Settings {
                Mode = Mode.On,
                BaseInsecureUri = "http://www.someotherwebsite.com/"
            };
            var evaluator = new StandardSecurityEvaluator();
            var enforcer = new SecurityEnforcer(evaluator);

            // Act.
            var targetUrl = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object,
                                                                     mockResponse.Object,
                                                                     RequestSecurity.Insecure,
                                                                     settings);

            // Assert.
            Assert.Equal(settings.BaseInsecureUri + PathRequestUri.Remove(0, 1) + QueryRequestUri, targetUrl);
        }
        public void GetUriRequestReturnsNullIfRequestSecurityAlreadyMatchesSpecifiedSecurity()
        {
            // Arrange.
            var mockRequest = new Mock<HttpRequestBase>();
            var mockResponse = new Mock<HttpResponseBase>();
            var settings = new Settings();
            var evaluator = new StandardSecurityEvaluator();
            var enforcer = new SecurityEnforcer(evaluator);

            // Act.
            mockRequest.SetupGet(req => req.IsSecureConnection).Returns(true);
            var targetUrlForAlreadySecuredRequest = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object,
                                                                                             mockResponse.Object,
                                                                                             RequestSecurity.Secure,
                                                                                             settings);

            mockRequest.SetupGet(req => req.IsSecureConnection).Returns(false);
            var targetUrlForAlreadyInsecureRequest = enforcer.GetUriForMatchedSecurityRequest(mockRequest.Object,
                                                                                              mockResponse.Object,
                                                                                              RequestSecurity.Insecure,
                                                                                              settings);

            // Assert.
            Assert.Null(targetUrlForAlreadySecuredRequest);
            Assert.Null(targetUrlForAlreadyInsecureRequest);
        }