1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
// Copyright (c) Microsoft Corporation. All rights reserved. See License.txt in the project root for license information.
using Moq;
using Xunit;
using Assert = Microsoft.TestCommon.AssertEx;
namespace System.Web.Mvc.Test
{
public class RequireHttpsAttributeTest
{
[Fact]
public void HandleNonHttpsRequestExtensibility()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new MyRequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
ContentResult result = authContext.Result as ContentResult;
// Assert
Assert.NotNull(result);
Assert.Equal("Custom HandleNonHttpsRequest", result.Content);
}
[Fact]
public void OnAuthorizationDoesNothingIfRequestIsSecure()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(true);
AuthorizationContext authContext = mockAuthContext.Object;
ViewResult result = new ViewResult();
authContext.Result = result;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
// Assert
Assert.Same(result, authContext.Result);
}
[Fact]
public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("get");
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
mockAuthContext.Setup(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux");
mockAuthContext.Setup(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz"));
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act
attr.OnAuthorization(authContext);
RedirectResult result = authContext.Result as RedirectResult;
// Assert
Assert.NotNull(result);
Assert.Equal("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url);
}
[Fact]
public void OnAuthorizationThrowsIfFilterContextIsNull()
{
// Arrange
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act & assert
Assert.ThrowsArgumentNull(
delegate { attr.OnAuthorization(null); }, "filterContext");
}
[Fact]
public void OnAuthorizationThrowsIfRequestIsNotSecureAndMethodIsNotGet()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("post");
mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
AuthorizationContext authContext = mockAuthContext.Object;
RequireHttpsAttribute attr = new RequireHttpsAttribute();
// Act & assert
Assert.Throws<InvalidOperationException>(
delegate { attr.OnAuthorization(authContext); },
@"The requested resource can only be accessed via SSL.");
}
private class MyRequireHttpsAttribute : RequireHttpsAttribute
{
protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
{
filterContext.Result = new ContentResult() { Content = "Custom HandleNonHttpsRequest" };
}
}
}
}
|
