public void OnAuthorizationThrowsIfFilterContextIsNull() { // Arrange RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert ExceptionHelper.ExpectArgumentNullException( delegate { attr.OnAuthorization(null); }, "filterContext"); }
public void OnAuthorization(AuthorizationContext filterContext) { if (_configurationHelper.IsHttpsRequired) { var requiredHttpsAttribute = new RequireHttpsAttribute(); requiredHttpsAttribute.OnAuthorization(filterContext); if (filterContext.Result != null) filterContext.Result = new RedirectResult("https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.ApplicationPath); } }
public void OnAuthorizationDoesNothingIfRequestIsSecure() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(); mockAuthContext.Expect(c => c.HttpContext.Request.IsSecureConnection).Returns(true); AuthorizationContext authContext = mockAuthContext.Object; ViewResult result = new ViewResult(); authContext.Result = result; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); // Assert Assert.AreSame(result, authContext.Result, "Result should not have been changed."); }
public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(); mockAuthContext.Expect(c => c.HttpContext.Request.HttpMethod).Returns("get"); mockAuthContext.Expect(c => c.HttpContext.Request.IsSecureConnection).Returns(false); mockAuthContext.Expect(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux"); mockAuthContext.Expect(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz")); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act attr.OnAuthorization(authContext); RedirectResult result = authContext.Result as RedirectResult; // Assert Assert.IsNotNull(result, "Result should have been a RedirectResult."); Assert.AreEqual("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url); }
public void OnAuthorizationThrowsIfRequestIsNotSecureAndMethodIsNotGet() { // Arrange Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(); mockAuthContext.Expect(c => c.HttpContext.Request.HttpMethod).Returns("post"); mockAuthContext.Expect(c => c.HttpContext.Request.IsSecureConnection).Returns(false); AuthorizationContext authContext = mockAuthContext.Object; RequireHttpsAttribute attr = new RequireHttpsAttribute(); // Act & assert ExceptionHelper.ExpectInvalidOperationException( delegate { attr.OnAuthorization(authContext); }, @"The requested resource can only be accessed via SSL."); }