yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e98df799f882de1bd36f53dbcf83c95c2981e4e
Umbraco-CMS/tests/Umbraco.Tests.UnitTests/Umbraco.Core/Routing/UmbracoRequestPathsTests.cs
Kenn Jacobsen dc9d4155a3 OpenId Connect authentication for new management API (#13318) 
* First attempt at OpenIddict

* Making headway and more TODOs

* Redo current policies for multiple schemas + clean up auth controller

* Fix bad merge

* Clean up some more test code

* Fix spacing

* Include AddAuthentication() in OpenIddict addition

* A little more clean-up

* Move application creation to its own implementation + prepare for middleware to handle valid callback URL

* Enable refresh token flow

* Fix bad merge from v11/dev

* Support auth for Swagger and Postman in non-production environments + use default login screen for back-office logins

* Add workaround to client side login handling so the OAuth return URL is not corrupted before redirection

* Add temporary configuration handling for new backoffice

* Restructure the code somewhat, move singular responsibility from management API project

* Add recurring task for cleaning up old tokens in the DB

* Fix bad merge + make auth controller align with the new management API structure

* Explicitly handle the new management API path as a backoffice path (NOTE: this is potentially behaviorally breaking!)

* Redo handle the new management API requests as backoffice requests, this time in a non-breaking way

* Add/update TODOs

* Revert duplication of current auth policies for OpenIddict (as it breaks everything for V11 without the new management APIs) and introduce a dedicated PoC policy setup for OpenIddict.

* Fix failing unit tests

* Update src/Umbraco.Cms.ManagementApi/Security/BackOfficeApplicationManager.cs

Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>

* Update src/Umbraco.Cms.ManagementApi/Security/BackOfficeApplicationManager.cs

Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>

* Update src/Umbraco.Cms.ManagementApi/Security/BackOfficeApplicationManager.cs

Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>

* Update src/Umbraco.Core/Routing/UmbracoRequestPaths.cs

Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2022-11-01 11:15:31 +01:00

131 lines
6.7 KiB
C#
Raw Blame History

using System;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Options;
using Moq;
using NUnit.Framework;
using Umbraco.Cms.Core.Configuration.Models;
using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Tests.Common.Testing;
using IHostingEnvironment = Umbraco.Cms.Core.Hosting.IHostingEnvironment;
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Core.Routing;
[TestFixture]
public class UmbracoRequestPathsTests
{
[OneTimeSetUp]
public void Setup()
{
_hostEnvironment = Mock.Of<IWebHostEnvironment>();
_globalSettings = new GlobalSettings();
_umbracoRequestPathsOptions = new UmbracoRequestPathsOptions();
}
private IWebHostEnvironment _hostEnvironment;
private GlobalSettings _globalSettings;
private UmbracoRequestPathsOptions _umbracoRequestPathsOptions;
private IHostingEnvironment CreateHostingEnvironment(string virtualPath = "")
{
var hostingSettings = new HostingSettings { ApplicationVirtualPath = virtualPath };
var webRoutingSettings = new WebRoutingSettings();
var mockedOptionsMonitorOfHostingSettings =
Mock.Of<IOptionsMonitor<HostingSettings>>(x => x.CurrentValue == hostingSettings);
var mockedOptionsMonitorOfWebRoutingSettings =
Mock.Of<IOptionsMonitor<WebRoutingSettings>>(x => x.CurrentValue == webRoutingSettings);
return new TestHostingEnvironment(
mockedOptionsMonitorOfHostingSettings,
mockedOptionsMonitorOfWebRoutingSettings,
_hostEnvironment);
}
[TestCase("/favicon.ico", true)]
[TestCase("/umbraco_client/Tree/treeIcons.css", true)]
[TestCase("/umbraco_client/Tree/Themes/umbraco/style.css?cdv=37", true)]
[TestCase("/base/somebasehandler", false)]
[TestCase("/", false)]
[TestCase("/home.aspx", true)] // has ext, assume client side
[TestCase("http://www.domain.com/Umbraco/test/test.aspx", true)] // has ext, assume client side
[TestCase("http://www.domain.com/umbraco/test/test.js", true)]
public void Is_Client_Side_Request(string url, bool assert)
{
var hostingEnvironment = CreateHostingEnvironment();
var umbracoRequestPaths = new UmbracoRequestPaths(Options.Create(_globalSettings), hostingEnvironment, Options.Create(_umbracoRequestPathsOptions));
var uri = new Uri("http://test.com" + url);
var result = umbracoRequestPaths.IsClientSideRequest(uri.AbsolutePath);
Assert.AreEqual(assert, result);
}
[Test]
public void Is_Client_Side_Request_InvalidPath_ReturnFalse()
{
var hostingEnvironment = CreateHostingEnvironment();
var umbracoRequestPaths = new UmbracoRequestPaths(Options.Create(_globalSettings), hostingEnvironment, Options.Create(_umbracoRequestPathsOptions));
// This URL is invalid. Default to false when the extension cannot be determined
var uri = new Uri("http://test.com/installing-modules+foobar+\"yipee\"");
var result = umbracoRequestPaths.IsClientSideRequest(uri.AbsolutePath);
Assert.AreEqual(false, result);
}
[TestCase("http://www.domain.com/umbraco/preview/frame?id=1234", "", true)]
[TestCase("http://www.domain.com/umbraco", "", true)]
[TestCase("http://www.domain.com/Umbraco/", "", true)]
[TestCase("http://www.domain.com/umbraco/default.aspx", "", true)]
[TestCase("http://www.domain.com/umbraco/test/test", "", false)]
[TestCase("http://www.domain.com/umbraco/test/test/test", "", false)]
[TestCase("http://www.domain.com/umbrac", "", false)]
[TestCase("http://www.domain.com/test", "", false)]
[TestCase("http://www.domain.com/test/umbraco", "", false)]
[TestCase("http://www.domain.com/Umbraco/Backoffice/blah", "", true)]
[TestCase("http://www.domain.com/Umbraco/anything", "", true)]
[TestCase("http://www.domain.com/Umbraco/anything/", "", true)]
[TestCase("http://www.domain.com/Umbraco/surface/blah", "", false)]
[TestCase("http://www.domain.com/umbraco/api/blah", "", false)]
[TestCase("http://www.domain.com/myvdir/umbraco/api/blah", "myvdir", false)]
[TestCase("http://www.domain.com/MyVdir/umbraco/api/blah", "/myvdir", false)]
[TestCase("http://www.domain.com/MyVdir/Umbraco/", "myvdir", true)]
// NOTE: this test case is false for now - will be true once the IsBackOfficeRequest tweak from the new management API is put into UmbracoRequestPaths
[TestCase("http://www.domain.com/umbraco/management/api/v1.0/my/controller/action/", "", false)]
public void Is_Back_Office_Request(string input, string virtualPath, bool expected)
{
var source = new Uri(input);
var hostingEnvironment = CreateHostingEnvironment(virtualPath);
var umbracoRequestPaths = new UmbracoRequestPaths(Options.Create(_globalSettings), hostingEnvironment, Options.Create(_umbracoRequestPathsOptions));
Assert.AreEqual(expected, umbracoRequestPaths.IsBackOfficeRequest(source.AbsolutePath));
}
[TestCase("http://www.domain.com/install", true)]
[TestCase("http://www.domain.com/Install/", true)]
[TestCase("http://www.domain.com/install/default.aspx", true)]
[TestCase("http://www.domain.com/install/test/test", true)]
[TestCase("http://www.domain.com/Install/test/test.aspx", true)]
[TestCase("http://www.domain.com/install/test/test.js", true)]
[TestCase("http://www.domain.com/instal", false)]
[TestCase("http://www.domain.com/umbraco", false)]
[TestCase("http://www.domain.com/umbraco/umbraco", false)]
public void Is_Installer_Request(string input, bool expected)
{
var source = new Uri(input);
var hostingEnvironment = CreateHostingEnvironment();
var umbracoRequestPaths = new UmbracoRequestPaths(Options.Create(_globalSettings), hostingEnvironment, Options.Create(_umbracoRequestPathsOptions));
Assert.AreEqual(expected, umbracoRequestPaths.IsInstallerRequest(source.AbsolutePath));
}
[TestCase("http://www.domain.com/some/path", false)]
[TestCase("http://www.domain.com/umbraco/surface/blah", false)]
[TestCase("http://www.domain.com/umbraco/api/blah", false)]
[TestCase("http://www.domain.com/umbraco/management/api/v1.0/my/controller/action/", true)]
public void Force_Back_Office_Request_With_Request_Paths_Options(string input, bool expected)
{
var source = new Uri(input);
var hostingEnvironment = CreateHostingEnvironment();
var umbracoRequestPathsOptions = new UmbracoRequestPathsOptions();
umbracoRequestPathsOptions.IsBackOfficeRequest = _ => true;
var umbracoRequestPaths = new UmbracoRequestPaths(Options.Create(_globalSettings), hostingEnvironment, Options.Create(umbracoRequestPathsOptions));
Assert.AreEqual(expected, umbracoRequestPaths.IsBackOfficeRequest(source.AbsolutePath));
}
}
Reference in New Issue View Git Blame Copy Permalink