public void TestHttpsFilter()
{
//arrange
var httpRequest = new Mock <HttpRequest>();
httpRequest.SetupSequence(m => m.IsHttps).Returns(true)
.Returns(false);
var httpContext = new Mock <HttpContext>();
httpContext.SetupGet(m => m.Request).Returns(httpRequest.Object);
var actionContext = new ActionContext(httpContext.Object, new RouteData(), new ActionDescriptor());
var authorizationContext = new AuthorizationFilterContext(actionContext, Enumerable.Empty <IFilterMetadata>().ToList());
var filter = new HttpsOnlyAttribute();
//act & assert
filter.OnAuthorization(authorizationContext);
Assert.IsNull(authorizationContext.Result);
filter.OnAuthorization(authorizationContext);
Assert.IsInstanceOfType(authorizationContext.Result, typeof(StatusCodeResult));
Assert.AreEqual(StatusCodes.Status403Forbidden, (authorizationContext.Result as StatusCodeResult).StatusCode);
}
public void TestHttpFilter()
{
//Arrange
var httpRequest = new Mock <HttpRequest>();
httpRequest.SetupSequence(m => m.IsHttps).Returns(true).Returns(false);
var httpContext = new Mock <HttpContext>();
httpContext.SetupGet(m => m.Request).Returns(httpRequest.Object);
var actionContext = new ActionContext(httpContext.Object, new Microsoft.AspNetCore.Routing.RouteData(), new Microsoft.AspNetCore.Mvc.Abstractions.ActionDescriptor());
var authContext = new AuthorizationFilterContext(actionContext, Enumerable.Empty <IFilterMetadata>().ToList());
HttpsOnlyAttribute filter = new HttpsOnlyAttribute();
//Act and Assert
filter.OnAuthorization(authContext);
Assert.Null(authContext.Result);
filter.OnAuthorization(authContext);
Assert.IsType <StatusCodeResult>(authContext.Result);
Assert.Equal(StatusCodes.Status403Forbidden, (authContext.Result as StatusCodeResult).StatusCode);
}
public void NotHttpsChecksRequest()
{
// Arrange
var authContext = Substitute.For <AuthorizationFilterContext>(
Substitute.For <ActionContext>(
Substitute.For <HttpContext>(),
Substitute.For <RouteData>(),
Substitute.For <ActionDescriptor>()
),
new List <IFilterMetadata>()
);
authContext.HttpContext.Request.IsHttps.Returns(false);
// Act
var filterAttr = new HttpsOnlyAttribute();
filterAttr.OnAuthorization(authContext);
// Assert
var result = authContext.Result as StatusCodeResult;
Assert.AreEqual(StatusCodes.Status403Forbidden, result.StatusCode);
}
public void HttpsOnlyReturns403WhenNotHttps()
{
// Arrange
var mockHttpRequest = new Mock <HttpRequest>();
mockHttpRequest.SetupSequence(hr => hr.IsHttps).Returns(true).Returns(false);
var mockHttpContext = new Mock <HttpContext>();
mockHttpContext.SetupGet(hc => hc.Request).Returns(mockHttpRequest.Object);
var actionContext = new ActionContext(mockHttpContext.Object, new RouteData(), new ActionDescriptor());
var authorizationFilterContext = new AuthorizationFilterContext(actionContext, Enumerable.Empty <IFilterMetadata>().ToList());
var httpsOnlyAttribute = new HttpsOnlyAttribute();
// Act & Assert
httpsOnlyAttribute.OnAuthorization(authorizationFilterContext);
Assert.Null(authorizationFilterContext.Result);
httpsOnlyAttribute.OnAuthorization(authorizationFilterContext);
Assert.IsType <StatusCodeResult>(authorizationFilterContext.Result);
Assert.Equal(StatusCodes.Status403Forbidden, ((StatusCodeResult)authorizationFilterContext.Result).StatusCode);
}