forked from NuGet/NuGetGallery
/
RequireRemoteHttpsAttributeFacts.cs
99 lines (87 loc) · 4.16 KB
/
RequireRemoteHttpsAttributeFacts.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
using System;
using System.Web.Mvc;
using Moq;
using Xunit;
using Xunit.Extensions;
namespace NuGetGallery
{
public class RequireRemoteHttpsAttributeFacts
{
[Fact]
public void RequireFactsAttributeDoesNotThrowForLocalHostRequests()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(true);
var context = mockAuthContext.Object;
var attribute = new RequireRemoteHttpsAttribute();
var result = new ViewResult();
context.Result = result;
// Act
attribute.OnAuthorization(context);
// Assert
Assert.Same(result, context.Result);
}
[Fact]
public void RequireHttpsAttributeDoesNotThrowForSecureConnection()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false);
mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(true);
var context = mockAuthContext.Object;
var attribute = new RequireRemoteHttpsAttribute();
var result = new ViewResult();
context.Result = result;
// Act
attribute.OnAuthorization(context);
// Assert
Assert.Same(result, context.Result);
}
[Fact]
public void RequireHttpsAttributeRedirectsGetRequest()
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false);
mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns("get");
mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/login"));
mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/login");
mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
var context = mockAuthContext.Object;
var attribute = new RequireRemoteHttpsAttribute();
var result = new ViewResult();
context.Result = result;
// Act
attribute.OnAuthorization(context);
// Assert
Assert.IsType<RedirectResult>(context.Result);
Assert.Equal("https://test.nuget.org/login", ((RedirectResult)context.Result).Url);
}
[Theory]
[InlineData(new object[] { "POST" })]
[InlineData(new object[] { "DELETE" })]
[InlineData(new object[] { "PUT" })]
[InlineData(new object[] { "head" })]
[InlineData(new object[] { "trace" })]
public void RequireHttpsAttributeReturns403IfNonGetRequest(string method)
{
// Arrange
Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
mockAuthContext.SetupGet(c => c.HttpContext.Request.IsLocal).Returns(false);
mockAuthContext.SetupGet(c => c.HttpContext.Request.HttpMethod).Returns(method);
mockAuthContext.SetupGet(c => c.HttpContext.Request.Url).Returns(new Uri("http://test.nuget.org/api/create"));
mockAuthContext.SetupGet(c => c.HttpContext.Request.RawUrl).Returns("/api/create");
mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
var context = mockAuthContext.Object;
var attribute = new RequireRemoteHttpsAttribute();
// Act
attribute.OnAuthorization(context);
// Assert
Assert.IsType<HttpStatusCodeWithBodyResult>(context.Result);
var result = (HttpStatusCodeWithBodyResult)context.Result;
Assert.Equal(403, result.StatusCode);
Assert.Equal("The requested resource can only be accessed via SSL.", result.StatusDescription);
}
}
}