From ed2aba49d6ae81248246eda8bdb0f9799e746cb6 Mon Sep 17 00:00:00 2001 From: Shannon Date: Tue, 9 Jun 2020 12:35:31 +1000 Subject: [PATCH] fix build, adds tests --- src/Umbraco.Core/UriExtensions.cs | 4 +- .../BackOfficeCookieManagerTests.cs | 99 ++++++++++++++++++- .../Controllers/AuthenticationController.cs | 4 +- .../Trees/UrlHelperExtensions.cs | 1 - 4 files changed, 101 insertions(+), 7 deletions(-) diff --git a/src/Umbraco.Core/UriExtensions.cs b/src/Umbraco.Core/UriExtensions.cs index 8fd0e365e7..acea19a6d3 100644 --- a/src/Umbraco.Core/UriExtensions.cs +++ b/src/Umbraco.Core/UriExtensions.cs @@ -76,13 +76,13 @@ namespace Umbraco.Core } //check for special back office paths - if (urlPath.InvariantStartsWith("/" + mvcArea + "/BackOffice/") - || urlPath.InvariantStartsWith("/" + mvcArea + "/Preview/")) + if (urlPath.InvariantStartsWith("/" + mvcArea + "/" + Constants.Web.Mvc.BackOfficeApiArea + "/")) { return true; } //check for special front-end paths + // TODO: These should be constants - will need to update when we do front-end routing if (urlPath.InvariantStartsWith("/" + mvcArea + "/Surface/") || urlPath.InvariantStartsWith("/" + mvcArea + "/Api/")) { diff --git a/src/Umbraco.Tests.Integration/Umbraco.Web.BackOffice.Security/BackOfficeCookieManagerTests.cs b/src/Umbraco.Tests.Integration/Umbraco.Web.BackOffice.Security/BackOfficeCookieManagerTests.cs index 8044485cd7..3cd71987fb 100644 --- a/src/Umbraco.Tests.Integration/Umbraco.Web.BackOffice.Security/BackOfficeCookieManagerTests.cs +++ b/src/Umbraco.Tests.Integration/Umbraco.Web.BackOffice.Security/BackOfficeCookieManagerTests.cs @@ -1,5 +1,6 @@  +using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Routing; using Moq; using NUnit.Framework; @@ -7,8 +8,10 @@ using System; using Umbraco.Core; using Umbraco.Core.Cache; using Umbraco.Core.Hosting; +using Umbraco.Extensions; using Umbraco.Tests.Integration.Implementations; using Umbraco.Web; +using Umbraco.Web.BackOffice.Controllers; using Umbraco.Web.BackOffice.Security; namespace Umbraco.Tests.Security @@ -63,6 +66,100 @@ namespace Umbraco.Tests.Security Assert.IsTrue(result); } - // TODO: Write remaining tests for `ShouldAuthenticateRequest` + [Test] + public void ShouldAuthenticateRequest_No_User_Seconds() + { + var testHelper = new TestHelper(); + + var httpContextAccessor = testHelper.GetHttpContextAccessor(); + var globalSettings = testHelper.SettingsForTests.GenerateMockGlobalSettings(); + + var runtime = Mock.Of(x => x.Level == RuntimeLevel.Run); + + var mgr = new BackOfficeCookieManager( + Mock.Of(), + runtime, + Mock.Of(x => x.ApplicationVirtualPath == "/" && x.ToAbsolute(globalSettings.UmbracoPath) == "/umbraco" && x.ToAbsolute(Constants.SystemDirectories.Install) == "/install"), + globalSettings, + Mock.Of(), + GetMockLinkGenerator(out var remainingTimeoutSecondsPath, out var isAuthPath)); + + var result = mgr.ShouldAuthenticateRequest(new Uri($"http://localhost{remainingTimeoutSecondsPath}")); + Assert.IsFalse(result); + } + + [Test] + public void ShouldAuthenticateRequest_Is_Auth() + { + var testHelper = new TestHelper(); + + var httpContextAccessor = testHelper.GetHttpContextAccessor(); + var globalSettings = testHelper.SettingsForTests.GenerateMockGlobalSettings(); + + var runtime = Mock.Of(x => x.Level == RuntimeLevel.Run); + + var mgr = new BackOfficeCookieManager( + Mock.Of(), + runtime, + Mock.Of(x => x.ApplicationVirtualPath == "/" && x.ToAbsolute(globalSettings.UmbracoPath) == "/umbraco" && x.ToAbsolute(Constants.SystemDirectories.Install) == "/install"), + globalSettings, + Mock.Of(), + GetMockLinkGenerator(out var remainingTimeoutSecondsPath, out var isAuthPath)); + + var result = mgr.ShouldAuthenticateRequest(new Uri($"http://localhost{isAuthPath}")); + Assert.IsTrue(result); + } + + [Test] + public void ShouldAuthenticateRequest_Force_Auth() + { + var testHelper = new TestHelper(); + + var httpContextAccessor = testHelper.GetHttpContextAccessor(); + var globalSettings = testHelper.SettingsForTests.GenerateMockGlobalSettings(); + + var runtime = Mock.Of(x => x.Level == RuntimeLevel.Run); + + var mgr = new BackOfficeCookieManager( + Mock.Of(), + runtime, + Mock.Of(x => x.ApplicationVirtualPath == "/" && x.ToAbsolute(globalSettings.UmbracoPath) == "/umbraco" && x.ToAbsolute(Constants.SystemDirectories.Install) == "/install"), + globalSettings, + Mock.Of(x => x.IsAvailable == true && x.Get(Constants.Security.ForceReAuthFlag) == "not null"), + GetMockLinkGenerator(out var remainingTimeoutSecondsPath, out var isAuthPath)); + + var result = mgr.ShouldAuthenticateRequest(new Uri($"http://localhost/notbackoffice")); + Assert.IsTrue(result); + } + + private LinkGenerator GetMockLinkGenerator(out string remainingTimeoutSecondsPath, out string isAuthPath) + { + var controllerName = ControllerExtensions.GetControllerName(); + + // this path is not a back office request even though it's in the same controller - it's a 'special' endpoint + var rPath = remainingTimeoutSecondsPath = $"/umbraco/umbracoapi/{controllerName.ToLower()}/{nameof(AuthenticationController.GetRemainingTimeoutSeconds).ToLower()}"; + + // this is on the same controller but is considered a back office request + var aPath = isAuthPath = $"/umbraco/umbracoapi/{controllerName.ToLower()}/{nameof(AuthenticationController.IsAuthenticated).ToLower()}"; + + var linkGenerator = new Mock(); + linkGenerator.Setup(x => x.GetPathByAddress( + //It.IsAny(), + It.IsAny(), + //It.IsAny(), + It.IsAny(), + It.IsAny(), + It.IsAny(), + It.IsAny())).Returns((RouteValuesAddress address, RouteValueDictionary routeVals1, PathString path, FragmentString fragment, LinkOptions options) => + { + if (routeVals1["action"].ToString() == nameof(AuthenticationController.GetRemainingTimeoutSeconds)) + return rPath; + if (routeVals1["action"].ToString() == nameof(AuthenticationController.IsAuthenticated).ToLower()) + return aPath; + return null; + }); + + return linkGenerator.Object; + } } } diff --git a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs index 36839b0c2d..584c8b0b3b 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs @@ -108,9 +108,7 @@ namespace Umbraco.Web.BackOffice.Controllers //[CheckIfUserTicketDataIsStale] // TODO: Migrate this, though it will need to be done differently at the cookie auth level public UserDetail GetCurrentUser() { - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - - var user = umbracoContext.Security.CurrentUser; + var user = _webSecurity.CurrentUser; var result = _umbracoMapper.Map(user); //set their remaining seconds diff --git a/src/Umbraco.Web.BackOffice/Trees/UrlHelperExtensions.cs b/src/Umbraco.Web.BackOffice/Trees/UrlHelperExtensions.cs index d822688202..bf4d09a497 100644 --- a/src/Umbraco.Web.BackOffice/Trees/UrlHelperExtensions.cs +++ b/src/Umbraco.Web.BackOffice/Trees/UrlHelperExtensions.cs @@ -6,7 +6,6 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Core; using Umbraco.Web.BackOffice.Trees; -using Umbraco.Web.Common.Extensions; using Umbraco.Web.WebApi; namespace Umbraco.Extensions