-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Added guard to FormsAuthentication as per issue #1755 #1778
base: master
Are you sure you want to change the base?
Changes from all commits
394922c
a4b8796
e21534e
3a656fc
08cfc39
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,7 +8,6 @@ namespace Nancy.Authentication.Forms.Tests | |
using FakeItEasy; | ||
using Fakes; | ||
using Helpers; | ||
using Nancy.Security; | ||
using Nancy.Tests; | ||
using Nancy.Tests.Fakes; | ||
using Xunit; | ||
|
@@ -162,7 +161,71 @@ public void Should_return_ok_response_when_user_logs_in_without_redirect() | |
result.StatusCode.ShouldEqual(HttpStatusCode.OK); | ||
} | ||
|
||
[Fact] | ||
#region Throw helpful exception when the configuration is not enabled | ||
|
||
[Fact] | ||
public void Should_throw_helpful_exception_message_when_user_logs_in_without_redirect_and_forms_authentication_not_enabled() | ||
{ | ||
// Given | ||
const string expectedMessage = "The internal FormsAuthenticationConfiguration has not been set. Ensure that FormsAuthentication has been enabled in the bootstrapper"; | ||
FormsAuthentication.Disable(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think it's neccesairy to disable the FormsAuthentication if you don't enable it it's disabled. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. But as I explained in the comment, I can't see how else to have unit tests for the feature(possibly creating a new AppDomain, but that's no fun). Everything for FormsAuthentication is static and the unit tests don't/shouldn't run in a any particular order, so once a test has enabled FormsAuthentication, it's enabled for the whole test-run. Hence the whether the test will pass depends on state created by other tests. It will fail nearly all of the time and it's not testable without some way of disabling FormsAuthentication. It still would fail if the tests can run in parallel, but the existing tests would as well. FormsAuthentication could be redesigned not to be static- I don't think it should be static, it maintains a global state- however, that's a non-trivial breaking-change, so I suppose it wouldn't be approved. TL;DR- Accept that it's not testable, or leave the hack in and sweep the design under the carpet. Let me know what you'd like to do and I'll fix it. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I understand but when There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Perhaps I'm misunderstanding. xUnit can't create a new instance of There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah yes sorry my bad :) Sent from my iPhone
|
||
|
||
// When | ||
var result = Record.Exception(() => FormsAuthentication.UserLoggedInResponse(userGuid)); | ||
|
||
// Then | ||
result.ShouldBeOfType(typeof(InvalidOperationException)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please change this to use the generic overload |
||
result.Message.ShouldBeSameAs(expectedMessage); | ||
} | ||
|
||
[Fact] | ||
public void Should_throw_helpful_exception_message_when_user_logs_in_with_redirect_and_forms_authentication_not_enabled() | ||
{ | ||
// Given | ||
const string expectedMessage = "The internal FormsAuthenticationConfiguration has not been set. Ensure that FormsAuthentication has been enabled in the bootstrapper"; | ||
FormsAuthentication.Disable(); | ||
|
||
// When | ||
var result = Record.Exception(() => FormsAuthentication.UserLoggedInRedirectResponse(context, userGuid)); | ||
|
||
// Then | ||
result.ShouldBeOfType(typeof(InvalidOperationException)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please change this to use the generic overload |
||
result.Message.ShouldBeSameAs(expectedMessage); | ||
} | ||
|
||
[Fact] | ||
public void Should_throw_helpful_exception_message_when_user_logs_out_with_redirect_and_forms_authentication_not_enabled() | ||
{ | ||
// Given | ||
const string expectedMessage = "The internal FormsAuthenticationConfiguration has not been set. Ensure that FormsAuthentication has been enabled in the bootstrapper"; | ||
FormsAuthentication.Disable(); | ||
|
||
// When | ||
var result = Record.Exception(() => FormsAuthentication.LogOutAndRedirectResponse(context, "/")); | ||
|
||
// Then | ||
result.ShouldBeOfType(typeof(InvalidOperationException)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please change this to use the generic overload |
||
result.Message.ShouldBeSameAs(expectedMessage); | ||
} | ||
|
||
[Fact] | ||
public void Should_throw_helpful_exception_message_when_user_logs_out_without_redirect_and_forms_authentication_not_enabled() | ||
{ | ||
// Given | ||
const string expectedMessage = "The internal FormsAuthenticationConfiguration has not been set. Ensure that FormsAuthentication has been enabled in the bootstrapper"; | ||
FormsAuthentication.Disable(); | ||
|
||
// When | ||
var result = Record.Exception(() => FormsAuthentication.LogOutResponse()); | ||
|
||
// Then | ||
result.ShouldBeOfType(typeof(InvalidOperationException)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please change this to use the generic overload |
||
result.Message.ShouldBeSameAs(expectedMessage); | ||
} | ||
|
||
#endregion | ||
|
||
[Fact] | ||
public void Should_have_authentication_cookie_in_login_response_when_logging_in_with_redirect() | ||
{ | ||
FormsAuthentication.Enable(A.Fake<IPipelines>(), this.config); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -85,9 +85,9 @@ | |
<DocumentationFile>bin\MonoRelease\Nancy.Testing.XML</DocumentationFile> | ||
</PropertyGroup> | ||
<ItemGroup> | ||
<Reference Include="CsQuery, Version=1.3.3.5, Culture=neutral, processorArchitecture=MSIL"> | ||
<Reference Include="CsQuery, Version=1.3.3.249, Culture=neutral, processorArchitecture=MSIL"> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please do not change the version of our dependencies 😄 |
||
<SpecificVersion>False</SpecificVersion> | ||
<HintPath>..\packages\CsQuery.1.3.3\lib\net40\CsQuery.dll</HintPath> | ||
<HintPath>..\..\..\..\savetrees\code\references\packages\CsQuery.1.3.4\lib\net40\CsQuery.dll</HintPath> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nope.. this can't happen |
||
</Reference> | ||
<Reference Include="System"> | ||
</Reference> | ||
|
@@ -171,7 +171,6 @@ | |
</BootstrapperPackage> | ||
</ItemGroup> | ||
<ItemGroup> | ||
<None Include="packages.config" /> | ||
<EmbeddedResource Include="Resources\Nancy Testing Cert.pfx" /> | ||
</ItemGroup> | ||
<ItemGroup> | ||
|
@@ -180,6 +179,9 @@ | |
<LastGenOutput>Resources.Designer.cs</LastGenOutput> | ||
</EmbeddedResource> | ||
</ItemGroup> | ||
<ItemGroup> | ||
<None Include="packages.config" /> | ||
</ItemGroup> | ||
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> | ||
<!-- To modify your build process, add your task inside one of the targets below and uncomment it. | ||
Other similar extension points exist, see Microsoft.Common.targets. | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<packages> | ||
<package id="CsQuery" version="1.3.3" targetFramework="net40" /> | ||
<package id="CsQuery" version="1.3.4" targetFramework="net40" /> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please do not change the version of our dependencies 😄 |
||
</packages> |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -97,8 +97,8 @@ | |
<Reference Include="System.Web" /> | ||
<Reference Include="Microsoft.CSharp" /> | ||
<Reference Include="System.Web.Razor, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> | ||
<SpecificVersion>False</SpecificVersion> | ||
<HintPath>..\packages\Microsoft.AspNet.Razor.2.0.30506.0\lib\net40\System.Web.Razor.dll</HintPath> | ||
<Private>True</Private> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nope :) |
||
<HintPath>..\..\..\..\savetrees\code\references\packages\Microsoft.AspNet.Razor.2.0.30506.0\lib\net40\System.Web.Razor.dll</HintPath> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nope :) |
||
</Reference> | ||
</ItemGroup> | ||
<ItemGroup> | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,7 @@ | |
{ | ||
using System; | ||
using System.IO; | ||
using Nancy.Extensions; | ||
using Nancy.Security; | ||
|
||
/// <summary> | ||
|
@@ -48,6 +49,8 @@ public HtmlHelpers(RazorViewEngine engine, IRenderContext renderContext, TModel | |
/// <returns>An <see cref="IHtmlString"/> representation of the partial.</returns> | ||
public IHtmlString Partial(string viewName) | ||
{ | ||
if (string.IsNullOrWhiteSpace(viewName)) throw new ArgumentNullException("viewName", "Attempted to render a non-existent view"); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No single-line if-statements. Wrap in curly-braces |
||
|
||
return this.Partial(viewName, null); | ||
} | ||
|
||
|
@@ -59,18 +62,29 @@ public IHtmlString Partial(string viewName) | |
/// <returns>An <see cref="IHtmlString"/> representation of the partial.</returns> | ||
public IHtmlString Partial(string viewName, dynamic modelForPartial) | ||
{ | ||
var view = this.RenderContext.LocateView(viewName, modelForPartial); | ||
if (string.IsNullOrWhiteSpace(viewName)) throw new ArgumentNullException("viewName", "Attempted to render a non-existent view"); | ||
|
||
var response = this.Engine.RenderView(view, modelForPartial, this.RenderContext, true); | ||
Action<Stream> action = response.Contents; | ||
var mem = new MemoryStream(); | ||
//this.RenderContext.Context.WriteTraceLog(sb => sb.AppendFormat("Rendered partial view {0} with type {1}", viewName, response)); | ||
try | ||
{ | ||
var view = this.RenderContext.LocateView(viewName, modelForPartial); | ||
|
||
action.Invoke(mem); | ||
mem.Position = 0; | ||
var response = this.Engine.RenderView(view, modelForPartial, this.RenderContext, true); | ||
Action<Stream> action = response.Contents; | ||
var mem = new MemoryStream(); | ||
|
||
var reader = new StreamReader(mem); | ||
action.Invoke(mem); | ||
mem.Position = 0; | ||
|
||
return new NonEncodedHtmlString(reader.ReadToEnd()); | ||
var reader = new StreamReader(mem); | ||
|
||
return new NonEncodedHtmlString(reader.ReadToEnd()); | ||
} | ||
catch (Exception exception) | ||
{ | ||
this.RenderContext.Context.WriteTraceLog(sb => sb.AppendFormat("Rendering partial view {0} threw exception {1}", viewName, exception.Message)); | ||
throw; | ||
} | ||
} | ||
|
||
/// <summary> | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please use 4 spaces instead of tabs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ug. Yuck. Spaces. Ok. There isn't a style-guide, is there? There seems to be a space for one, but no link.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/NancyFx/Nancy/blob/master/CONTRIBUTING.md#style-guidelines
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thx
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we please get rid of the region? Thanks 😋