Permalink
Browse files

Merge pull request #605 from prabirshrestha/customReturnUrlFormsAuth

added FormsAuthentication.FormsAuthenticationRedirectQuerystringKey
  • Loading branch information...
2 parents dc80c73 + 7a2b8c3 commit 1d3648baa25f82019af4c6e16664db209e6ff82e @thecodejunkie thecodejunkie committed Jul 2, 2012
@@ -458,6 +458,72 @@ public void Should_retain_querystring_when_redirecting_to_login_page()
queryContext.Response.Headers["Location"].ShouldEqual("/login?returnUrl=/secure%3ffoo%3dbar");
}
+ [Fact]
+ public void Should_change_the_forms_authentication_redirect_uri_querystring_key()
+ {
+ // Given
+ var fakePipelines = new Pipelines();
+
+ this.config.RedirectQuerystringKey = "next";
+ FormsAuthentication.Enable(fakePipelines, this.config);
+
+ var queryContext = new NancyContext()
+ {
+ Request = new FakeRequest("GET", "/secure", "?foo=bar"),
+ Response = HttpStatusCode.Unauthorized
+ };
+
+ // When
+ fakePipelines.AfterRequest.Invoke(queryContext);
+
+ // Then
+ queryContext.Response.Headers["Location"].ShouldEqual("/login?next=/secure%3ffoo%3dbar");
+ }
+
+ [Fact]
+ public void Should_change_the_forms_authentication_redirect_uri_querystring_key_returnUrl_if_config_redirectQuerystringKey_is_null()
+ {
+ // Given
+ var fakePipelines = new Pipelines();
+
+ this.config.RedirectQuerystringKey = null;
+ FormsAuthentication.Enable(fakePipelines, this.config);
+
+ var queryContext = new NancyContext()
+ {
+ Request = new FakeRequest("GET", "/secure", "?foo=bar"),
+ Response = HttpStatusCode.Unauthorized
+ };
+
+ // When
+ fakePipelines.AfterRequest.Invoke(queryContext);
+
+ // Then
+ queryContext.Response.Headers["Location"].ShouldEqual("/login?returnUrl=/secure%3ffoo%3dbar");
+ }
+
+ [Fact]
+ public void Should_change_the_forms_authentication_redirect_uri_querystring_key_returnUrl_if_config_redirectQuerystringKey_is_empty()
+ {
+ // Given
+ var fakePipelines = new Pipelines();
+
+ this.config.RedirectQuerystringKey = string.Empty;
+ FormsAuthentication.Enable(fakePipelines, this.config);
+
+ var queryContext = new NancyContext()
+ {
+ Request = new FakeRequest("GET", "/secure", "?foo=bar"),
+ Response = HttpStatusCode.Unauthorized
+ };
+
+ // When
+ fakePipelines.AfterRequest.Invoke(queryContext);
+
+ // Then
+ queryContext.Response.Headers["Location"].ShouldEqual("/login?returnUrl=/secure%3ffoo%3dbar");
+ }
+
[Fact]
public void Should_retain_querystring_when_redirecting_after_successfull_login()
{
@@ -7,19 +7,11 @@ namespace Nancy.Authentication.Forms
using Helpers;
using Nancy.Extensions;
- using Responses;
- using Security;
-
/// <summary>
/// Nancy forms authentication implementation
/// </summary>
public static class FormsAuthentication
{
- /// <summary>
- /// The query string key for storing the return url
- /// </summary>
- private const string REDIRECT_QUERYSTRING_KEY = "returnUrl";
-
private static string formsAuthenticationCookieName = "_ncfa";
// TODO - would prefer not to hold this here, but the redirect response needs it
@@ -81,10 +73,11 @@ public static void Enable(IPipelines pipelines, FormsAuthenticationConfiguration
public static Response UserLoggedInRedirectResponse(NancyContext context, Guid userIdentifier, DateTime? cookieExpiry = null, string fallbackRedirectUrl = "/")
{
var redirectUrl = fallbackRedirectUrl;
+ string redirectQuerystringKey = GetRedirectQuerystringKey(currentConfiguration);
- if (context.Request.Query[REDIRECT_QUERYSTRING_KEY].HasValue)
+ if (context.Request.Query[redirectQuerystringKey].HasValue)
{
- redirectUrl = context.Request.Query[REDIRECT_QUERYSTRING_KEY];
+ redirectUrl = context.Request.Query[redirectQuerystringKey];
}
var response = context.GetRedirect(redirectUrl);
@@ -183,10 +176,12 @@ private static Action<NancyContext> GetRedirectToLoginHook(FormsAuthenticationCo
{
if (context.Response.StatusCode == HttpStatusCode.Unauthorized)
{
+ string redirectQuerystringKey = GetRedirectQuerystringKey(configuration);
+
context.Response = context.GetRedirect(
string.Format("{0}?{1}={2}",
- configuration.RedirectUrl,
- REDIRECT_QUERYSTRING_KEY,
+ configuration.RedirectUrl,
+ redirectQuerystringKey,
context.ToFullPath("~" + context.Request.Path + HttpUtility.UrlEncode(context.Request.Url.Query))));
}
};
@@ -298,5 +293,27 @@ private static string DecryptAndValidateAuthenticationCookie(string cookieValue,
return hmacValid ? decrypted : String.Empty;
}
+ /// <summary>
+ /// Gets the redirect query string key from <see cref="FormsAuthenticationConfiguration"/>
+ /// </summary>
+ /// <param name="configuration">The forms authentication configuration.</param>
+ /// <returns>Redirect Querystring key</returns>
+ private static string GetRedirectQuerystringKey(FormsAuthenticationConfiguration configuration)
+ {
+ string redirectQuerystringKey = null;
+
+ if (configuration != null)
+ {
+ redirectQuerystringKey = configuration.RedirectQuerystringKey;
+ }
+
+ if(string.IsNullOrWhiteSpace(redirectQuerystringKey))
+ {
+ redirectQuerystringKey = FormsAuthenticationConfiguration.DefaultRedirectQuerystringKey;
+ }
+
+ return redirectQuerystringKey;
+ }
+
}
}
@@ -1,13 +1,14 @@
namespace Nancy.Authentication.Forms
{
- using System.Text;
using Cryptography;
/// <summary>
/// Configuration options for forms authentication
/// </summary>
public class FormsAuthenticationConfiguration
{
+ internal const string DefaultRedirectQuerystringKey = "returnUrl";
+
/// <summary>
/// Initializes a new instance of the <see cref="FormsAuthenticationConfiguration"/> class.
/// </summary>
@@ -22,8 +23,14 @@ public FormsAuthenticationConfiguration() : this(CryptographyConfiguration.Defau
public FormsAuthenticationConfiguration(CryptographyConfiguration cryptographyConfiguration)
{
CryptographyConfiguration = cryptographyConfiguration;
+ RedirectQuerystringKey = DefaultRedirectQuerystringKey;
}
+ /// <summary>
+ /// Gets or sets the forms authentication query string key for storing the return url
+ /// </summary>
+ public string RedirectQuerystringKey { get; set; }
+
/// <summary>
/// Gets or sets the redirect url for pages that require authentication
/// </summary>

0 comments on commit 1d3648b

Please sign in to comment.