fix build, adds tests

2020-06-09 12:35:31 +10:00
parent 433a7c8908
commit ed2aba49d6
4 changed files with 101 additions and 7 deletions
--- a/src/Umbraco.Core/UriExtensions.cs
+++ b/src/Umbraco.Core/UriExtensions.cs
@@ -76,13 +76,13 @@ namespace Umbraco.Core
            }

            //check for special back office paths
-            if (urlPath.InvariantStartsWith("/" + mvcArea + "/BackOffice/")
-                || urlPath.InvariantStartsWith("/" + mvcArea + "/Preview/"))
+            if (urlPath.InvariantStartsWith("/" + mvcArea + "/" + Constants.Web.Mvc.BackOfficeApiArea + "/"))
            {
                return true;
            }

            //check for special front-end paths
+            // TODO: These should be constants - will need to update when we do front-end routing
            if (urlPath.InvariantStartsWith("/" + mvcArea + "/Surface/")
                || urlPath.InvariantStartsWith("/" + mvcArea + "/Api/"))
            {
--- a/src/Umbraco.Tests.Integration/Umbraco.Web.BackOffice.Security/BackOfficeCookieManagerTests.cs
+++ b/src/Umbraco.Tests.Integration/Umbraco.Web.BackOffice.Security/BackOfficeCookieManagerTests.cs
@@ -1,5 +1,6 @@


+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using Moq;
 using NUnit.Framework;
@@ -7,8 +8,10 @@ using System;
 using Umbraco.Core;
 using Umbraco.Core.Cache;
 using Umbraco.Core.Hosting;
+using Umbraco.Extensions;
 using Umbraco.Tests.Integration.Implementations;
 using Umbraco.Web;
+using Umbraco.Web.BackOffice.Controllers;
 using Umbraco.Web.BackOffice.Security;

 namespace Umbraco.Tests.Security
@@ -63,6 +66,100 @@ namespace Umbraco.Tests.Security
            Assert.IsTrue(result);
        }

-        // TODO: Write remaining tests for `ShouldAuthenticateRequest`
+        [Test]
+        public void ShouldAuthenticateRequest_No_User_Seconds()
+        {
+            var testHelper = new TestHelper();
+
+            var httpContextAccessor = testHelper.GetHttpContextAccessor();
+            var globalSettings = testHelper.SettingsForTests.GenerateMockGlobalSettings();
+
+            var runtime = Mock.Of<IRuntimeState>(x => x.Level == RuntimeLevel.Run);
+            
+            var mgr = new BackOfficeCookieManager(
+                Mock.Of<IUmbracoContextAccessor>(),
+                runtime,
+                Mock.Of<IHostingEnvironment>(x => x.ApplicationVirtualPath == "/" && x.ToAbsolute(globalSettings.UmbracoPath) == "/umbraco" && x.ToAbsolute(Constants.SystemDirectories.Install) == "/install"),
+                globalSettings,
+                Mock.Of<IRequestCache>(),
+                GetMockLinkGenerator(out var remainingTimeoutSecondsPath, out var isAuthPath));
+
+            var result = mgr.ShouldAuthenticateRequest(new Uri($"http://localhost{remainingTimeoutSecondsPath}"));
+            Assert.IsFalse(result);
+        }
+
+        [Test]
+        public void ShouldAuthenticateRequest_Is_Auth()
+        {
+            var testHelper = new TestHelper();
+
+            var httpContextAccessor = testHelper.GetHttpContextAccessor();
+            var globalSettings = testHelper.SettingsForTests.GenerateMockGlobalSettings();
+
+            var runtime = Mock.Of<IRuntimeState>(x => x.Level == RuntimeLevel.Run);
+
+            var mgr = new BackOfficeCookieManager(
+                Mock.Of<IUmbracoContextAccessor>(),
+                runtime,
+                Mock.Of<IHostingEnvironment>(x => x.ApplicationVirtualPath == "/" && x.ToAbsolute(globalSettings.UmbracoPath) == "/umbraco" && x.ToAbsolute(Constants.SystemDirectories.Install) == "/install"),
+                globalSettings,
+                Mock.Of<IRequestCache>(),
+                GetMockLinkGenerator(out var remainingTimeoutSecondsPath, out var isAuthPath));
+
+            var result = mgr.ShouldAuthenticateRequest(new Uri($"http://localhost{isAuthPath}"));
+            Assert.IsTrue(result);
+        }
+
+        [Test]
+        public void ShouldAuthenticateRequest_Force_Auth()
+        {
+            var testHelper = new TestHelper();
+
+            var httpContextAccessor = testHelper.GetHttpContextAccessor();
+            var globalSettings = testHelper.SettingsForTests.GenerateMockGlobalSettings();
+
+            var runtime = Mock.Of<IRuntimeState>(x => x.Level == RuntimeLevel.Run);
+
+            var mgr = new BackOfficeCookieManager(
+                Mock.Of<IUmbracoContextAccessor>(),
+                runtime,
+                Mock.Of<IHostingEnvironment>(x => x.ApplicationVirtualPath == "/" && x.ToAbsolute(globalSettings.UmbracoPath) == "/umbraco" && x.ToAbsolute(Constants.SystemDirectories.Install) == "/install"),
+                globalSettings,
+                Mock.Of<IRequestCache>(x => x.IsAvailable == true && x.Get(Constants.Security.ForceReAuthFlag) == "not null"),
+                GetMockLinkGenerator(out var remainingTimeoutSecondsPath, out var isAuthPath));
+
+            var result = mgr.ShouldAuthenticateRequest(new Uri($"http://localhost/notbackoffice"));
+            Assert.IsTrue(result);
+        }
+
+        private LinkGenerator GetMockLinkGenerator(out string remainingTimeoutSecondsPath, out string isAuthPath)
+        {
+            var controllerName = ControllerExtensions.GetControllerName<AuthenticationController>();
+
+            // this path is not a back office request even though it's in the same controller - it's a 'special' endpoint
+            var rPath = remainingTimeoutSecondsPath = $"/umbraco/umbracoapi/{controllerName.ToLower()}/{nameof(AuthenticationController.GetRemainingTimeoutSeconds).ToLower()}";
+
+            // this is on the same controller but is considered a back office request
+            var aPath = isAuthPath = $"/umbraco/umbracoapi/{controllerName.ToLower()}/{nameof(AuthenticationController.IsAuthenticated).ToLower()}";
+
+            var linkGenerator = new Mock<LinkGenerator>();
+            linkGenerator.Setup(x => x.GetPathByAddress(
+                //It.IsAny<HttpContext>(),
+                It.IsAny<RouteValuesAddress>(),
+                //It.IsAny<RouteValueDictionary>(),
+                It.IsAny<RouteValueDictionary>(),
+                It.IsAny<PathString>(),
+                It.IsAny<FragmentString>(),
+                It.IsAny<LinkOptions>())).Returns((RouteValuesAddress address, RouteValueDictionary routeVals1, PathString path, FragmentString fragment, LinkOptions options) =>
+                {
+                    if (routeVals1["action"].ToString() == nameof(AuthenticationController.GetRemainingTimeoutSeconds))
+                        return rPath;
+                    if (routeVals1["action"].ToString() == nameof(AuthenticationController.IsAuthenticated).ToLower())
+                        return aPath;
+                    return null;
+                });
+
+            return linkGenerator.Object;
+        }
    }
 }
--- a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
@@ -108,9 +108,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        //[CheckIfUserTicketDataIsStale] // TODO: Migrate this, though it will need to be done differently at the cookie auth level
        public UserDetail GetCurrentUser()
        {
-            var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext();
-
-            var user = umbracoContext.Security.CurrentUser;
+            var user = _webSecurity.CurrentUser;
            var result = _umbracoMapper.Map<UserDetail>(user);

            //set their remaining seconds
--- a/src/Umbraco.Web.BackOffice/Trees/UrlHelperExtensions.cs
+++ b/src/Umbraco.Web.BackOffice/Trees/UrlHelperExtensions.cs
@@ -6,7 +6,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Umbraco.Core;
 using Umbraco.Web.BackOffice.Trees;
-using Umbraco.Web.Common.Extensions;
 using Umbraco.Web.WebApi;

 namespace Umbraco.Extensions