00133e880d
* Update gitignore * Move csproj * Update project references * Update solutions * Update build scripts * Tests used to share editorconfig with projects in src * Fix broken tests. * Stop copying around .editorconfig merged root one with linting * csharp_style_expression_bodied -> suggestion * Move StyleCop rulesets to matching directories and update shared build properties * Remove legacy build files, update NuGet.cofig and solution files * Restore myget source * Clean up .gitignore * Update .gitignore * Move new test classes to tests after merge * Gitignore + nuget config * Move new test Co-authored-by: Ronald Barendse <ronald@barend.se>
119 lines
5.0 KiB
C#
119 lines
5.0 KiB
C#
// Copyright (c) Umbraco.
|
|
// See LICENSE for more details.
|
|
|
|
using Microsoft.Extensions.Options;
|
|
using Moq;
|
|
using NUnit.Framework;
|
|
using Umbraco.Cms.Core;
|
|
using Umbraco.Cms.Core.Configuration.Models;
|
|
using Umbraco.Cms.Core.Hosting;
|
|
using Umbraco.Cms.Core.Routing;
|
|
using Umbraco.Cms.Core.Services;
|
|
using Umbraco.Cms.Core.Web;
|
|
using Umbraco.Cms.Tests.UnitTests.TestHelpers;
|
|
using Umbraco.Cms.Web.BackOffice.Controllers;
|
|
using Umbraco.Cms.Web.BackOffice.Security;
|
|
using Umbraco.Extensions;
|
|
using Constants = Umbraco.Cms.Core.Constants;
|
|
|
|
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Web.BackOffice.Security
|
|
{
|
|
[TestFixture]
|
|
public class BackOfficeCookieManagerTests
|
|
{
|
|
[Test]
|
|
public void ShouldAuthenticateRequest_When_Not_Configured()
|
|
{
|
|
var globalSettings = new GlobalSettings();
|
|
|
|
IRuntimeState runtime = Mock.Of<IRuntimeState>(x => x.Level == RuntimeLevel.Install);
|
|
var mgr = new BackOfficeCookieManager(
|
|
Mock.Of<IUmbracoContextAccessor>(),
|
|
runtime,
|
|
new UmbracoRequestPaths(Options.Create(globalSettings), TestHelper.GetHostingEnvironment()),
|
|
Mock.Of<IBasicAuthService>());
|
|
|
|
var result = mgr.ShouldAuthenticateRequest("/umbraco");
|
|
|
|
Assert.IsFalse(result);
|
|
}
|
|
|
|
[Test]
|
|
public void ShouldAuthenticateRequest_When_Configured()
|
|
{
|
|
var globalSettings = new GlobalSettings();
|
|
|
|
IRuntimeState runtime = Mock.Of<IRuntimeState>(x => x.Level == RuntimeLevel.Run);
|
|
var mgr = new BackOfficeCookieManager(
|
|
Mock.Of<IUmbracoContextAccessor>(),
|
|
runtime,
|
|
new UmbracoRequestPaths(
|
|
Options.Create(globalSettings),
|
|
Mock.Of<IHostingEnvironment>(x => x.ApplicationVirtualPath == "/" && x.ToAbsolute(globalSettings.UmbracoPath) == "/umbraco")),
|
|
Mock.Of<IBasicAuthService>());
|
|
|
|
var result = mgr.ShouldAuthenticateRequest("/umbraco");
|
|
|
|
Assert.IsTrue(result);
|
|
}
|
|
|
|
[Test]
|
|
public void ShouldAuthenticateRequest_Is_Back_Office()
|
|
{
|
|
var globalSettings = new GlobalSettings();
|
|
|
|
IRuntimeState runtime = Mock.Of<IRuntimeState>(x => x.Level == RuntimeLevel.Run);
|
|
|
|
GenerateAuthPaths(out var remainingTimeoutSecondsPath, out var isAuthPath);
|
|
|
|
var mgr = new BackOfficeCookieManager(
|
|
Mock.Of<IUmbracoContextAccessor>(),
|
|
runtime,
|
|
new UmbracoRequestPaths(
|
|
Options.Create(globalSettings),
|
|
Mock.Of<IHostingEnvironment>(x => x.ApplicationVirtualPath == "/" && x.ToAbsolute(globalSettings.UmbracoPath) == "/umbraco" && x.ToAbsolute(Constants.SystemDirectories.Install) == "/install")),
|
|
Mock.Of<IBasicAuthService>());
|
|
|
|
var result = mgr.ShouldAuthenticateRequest(remainingTimeoutSecondsPath);
|
|
Assert.IsTrue(result);
|
|
|
|
result = mgr.ShouldAuthenticateRequest(isAuthPath);
|
|
Assert.IsTrue(result);
|
|
}
|
|
|
|
[Test]
|
|
public void ShouldAuthenticateRequest_Not_Back_Office()
|
|
{
|
|
var globalSettings = new GlobalSettings();
|
|
|
|
IRuntimeState runtime = Mock.Of<IRuntimeState>(x => x.Level == RuntimeLevel.Run);
|
|
|
|
var mgr = new BackOfficeCookieManager(
|
|
Mock.Of<IUmbracoContextAccessor>(),
|
|
runtime,
|
|
new UmbracoRequestPaths(
|
|
Options.Create(globalSettings),
|
|
Mock.Of<IHostingEnvironment>(x => x.ApplicationVirtualPath == "/" && x.ToAbsolute(globalSettings.UmbracoPath) == "/umbraco" && x.ToAbsolute(Constants.SystemDirectories.Install) == "/install")),
|
|
Mock.Of<IBasicAuthService>());
|
|
|
|
var result = mgr.ShouldAuthenticateRequest("/notbackoffice");
|
|
Assert.IsFalse(result);
|
|
result = mgr.ShouldAuthenticateRequest("/umbraco/api/notbackoffice");
|
|
Assert.IsFalse(result);
|
|
result = mgr.ShouldAuthenticateRequest("/umbraco/surface/notbackoffice");
|
|
Assert.IsFalse(result);
|
|
}
|
|
|
|
private void GenerateAuthPaths(out string remainingTimeoutSecondsPath, out string isAuthPath)
|
|
{
|
|
var controllerName = ControllerExtensions.GetControllerName<AuthenticationController>();
|
|
|
|
// this path is not a back office request even though it's in the same controller - it's a 'special' endpoint
|
|
var rPath = remainingTimeoutSecondsPath = $"/umbraco/{Constants.Web.Mvc.BackOfficePathSegment}/{Constants.Web.Mvc.BackOfficeApiArea}/{controllerName}/{nameof(AuthenticationController.GetRemainingTimeoutSeconds)}".ToLower();
|
|
|
|
// this is on the same controller but is considered a back office request
|
|
var aPath = isAuthPath = $"/umbraco/{Constants.Web.Mvc.BackOfficePathSegment}/{Constants.Web.Mvc.BackOfficeApiArea}/{controllerName}/{nameof(AuthenticationController.IsAuthenticated)}".ToLower();
|
|
}
|
|
}
|
|
}
|