Made the last commit's fix unit testable, added 4 unit tests, and satisfied StyleCop.

2 files changed, 104 insertions, 28 deletions

diff --git a/src/DotNetOpenAuth.Test/Messaging/HttpRequestInfoTests.cs b/src/DotNetOpenAuth.Test/Messaging/HttpRequestInfoTests.cs
index 05ac306..fd77746 100644
--- a/src/DotNetOpenAuth.Test/Messaging/HttpRequestInfoTests.cs
+++ b/src/DotNetOpenAuth.Test/Messaging/HttpRequestInfoTests.cs
@@ -5,6 +5,8 @@
 //-----------------------------------------------------------------------
 
 namespace DotNetOpenAuth.Test.Messaging {
+	using System;
+	using System.Collections.Specialized;
 	using System.Web;
 	using DotNetOpenAuth.Messaging;
 	using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -92,5 +94,59 @@ namespace DotNetOpenAuth.Test.Messaging {
 			HttpRequestInfo info = new HttpRequestInfo();
 			Assert.IsNull(info.QueryString["hi"]);
 		}
+
+		/// <summary>
+		/// Verifies SSL forwarders are correctly handled when they supply X_FORWARDED_PROTO and HOST
+		/// </summary>
+		[TestMethod]
+		public void GetPublicFacingUrlSSLForwarder1() {
+			HttpRequest req = new HttpRequest("a.aspx", "http://someinternalhost/a.aspx?a=b", "a=b");
+			var serverVariables = new NameValueCollection();
+			serverVariables["HTTP_X_FORWARDED_PROTO"] = "https";
+			serverVariables["HTTP_HOST"] = "somehost";
+			Uri actual = HttpRequestInfo.GetPublicFacingUrl(req, serverVariables);
+			Uri expected = new Uri("https://somehost/a.aspx?a=b");
+			Assert.AreEqual(expected, actual);
+		}
+
+		/// <summary>
+		/// Verifies SSL forwarders are correctly handled when they supply X_FORWARDED_PROTO and HOST:port
+		/// </summary>
+		[TestMethod]
+		public void GetPublicFacingUrlSSLForwarder2() {
+			HttpRequest req = new HttpRequest("a.aspx", "http://someinternalhost/a.aspx?a=b", "a=b");
+			var serverVariables = new NameValueCollection();
+			serverVariables["HTTP_X_FORWARDED_PROTO"] = "https";
+			serverVariables["HTTP_HOST"] = "somehost:999";
+			Uri actual = HttpRequestInfo.GetPublicFacingUrl(req, serverVariables);
+			Uri expected = new Uri("https://somehost:999/a.aspx?a=b");
+			Assert.AreEqual(expected, actual);
+		}
+
+		/// <summary>
+		/// Verifies SSL forwarders are correctly handled when they supply just HOST
+		/// </summary>
+		[TestMethod]
+		public void GetPublicFacingUrlSSLForwarder3() {
+			HttpRequest req = new HttpRequest("a.aspx", "http://someinternalhost/a.aspx?a=b", "a=b");
+			var serverVariables = new NameValueCollection();
+			serverVariables["HTTP_HOST"] = "somehost";
+			Uri actual = HttpRequestInfo.GetPublicFacingUrl(req, serverVariables);
+			Uri expected = new Uri("http://somehost/a.aspx?a=b");
+			Assert.AreEqual(expected, actual);
+		}
+
+		/// <summary>
+		/// Verifies SSL forwarders are correctly handled when they supply just HOST:port
+		/// </summary>
+		[TestMethod]
+		public void GetPublicFacingUrlSSLForwarder4() {
+			HttpRequest req = new HttpRequest("a.aspx", "http://someinternalhost/a.aspx?a=b", "a=b");
+			var serverVariables = new NameValueCollection();
+			serverVariables["HTTP_HOST"] = "somehost:79";
+			Uri actual = HttpRequestInfo.GetPublicFacingUrl(req, serverVariables);
+			Uri expected = new Uri("http://somehost:79/a.aspx?a=b");
+			Assert.AreEqual(expected, actual);
+		}
 	}
 }
diff --git a/src/DotNetOpenAuth/Messaging/HttpRequestInfo.cs b/src/DotNetOpenAuth/Messaging/HttpRequestInfo.cs
index 64dcaaa..2951514 100644
--- a/src/DotNetOpenAuth/Messaging/HttpRequestInfo.cs
+++ b/src/DotNetOpenAuth/Messaging/HttpRequestInfo.cs
@@ -291,6 +291,53 @@ namespace DotNetOpenAuth.Messaging {
 		}
 
 		/// <summary>
+		/// Gets the public facing URL for the given incoming HTTP request.
+		/// </summary>
+		/// <param name="request">The request.</param>
+		/// <param name="serverVariables">The server variables to consider part of the request.</param>
+		/// <returns>
+		/// The URI that the outside world used to create this request.
+		/// </returns>
+		/// <remarks>
+		/// Although the <paramref name="serverVariables"/> value can be obtained from
+		/// <see cref="HttpRequest.ServerVariables"/>, it's useful to be able to pass them
+		/// in so we can simulate injected values from our unit tests since the actual property
+		/// is a read-only kind of <see cref="NameValueCollection"/>.
+		/// </remarks>
+		internal static Uri GetPublicFacingUrl(HttpRequest request, NameValueCollection serverVariables) {
+			Contract.Requires<ArgumentNullException>(request != null);
+			Contract.Requires<ArgumentNullException>(serverVariables != null);
+
+			// Due to URL rewriting, cloud computing (i.e. Azure)
+			// and web farms, etc., we have to be VERY careful about what
+			// we consider the incoming URL.  We want to see the URL as it would
+			// appear on the public-facing side of the hosting web site.
+			// HttpRequest.Url gives us the internal URL in a cloud environment,
+			// So we use a variable that (at least from what I can tell) gives us
+			// the public URL:
+			if (serverVariables["HTTP_HOST"] != null) {
+				ErrorUtilities.VerifySupported(request.Url.Scheme == Uri.UriSchemeHttps || request.Url.Scheme == Uri.UriSchemeHttp, "Only HTTP and HTTPS are supported protocols.");
+				string scheme = serverVariables["HTTP_X_FORWARDED_PROTO"] ?? request.Url.Scheme;
+				Uri hostAndPort = new Uri(scheme + Uri.SchemeDelimiter + serverVariables["HTTP_HOST"]);
+				UriBuilder publicRequestUri = new UriBuilder(request.Url);
+				publicRequestUri.Scheme = scheme;
+				publicRequestUri.Host = hostAndPort.Host;
+				publicRequestUri.Port = hostAndPort.Port; // CC missing Uri.Port contract that's on UriBuilder.Port
+				return publicRequestUri.Uri;
+			} else {
+				// Failover to the method that works for non-web farm enviroments.
+				// We use Request.Url for the full path to the server, and modify it
+				// with Request.RawUrl to capture both the cookieless session "directory" if it exists
+				// and the original path in case URL rewriting is going on.  We don't want to be
+				// fooled by URL rewriting because we're comparing the actual URL with what's in
+				// the return_to parameter in some cases.
+				// Response.ApplyAppPathModifier(builder.Path) would have worked for the cookieless
+				// session, but not the URL rewriting problem.
+				return new Uri(request.Url, request.RawUrl);
+			}
+		}
+
+		/// <summary>
 		/// Gets the query or form data from the original request (before any URL rewriting has occurred.)
 		/// </summary>
 		/// <returns>A set of name=value pairs.</returns>
@@ -323,34 +370,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <returns>The URI that the outside world used to create this request.</returns>
 		private static Uri GetPublicFacingUrl(HttpRequest request) {
 			Contract.Requires<ArgumentNullException>(request != null);
-
-			// Due to URL rewriting, cloud computing (i.e. Azure)
-			// and web farms, etc., we have to be VERY careful about what
-			// we consider the incoming URL.  We want to see the URL as it would
-			// appear on the public-facing side of the hosting web site.
-			// HttpRequest.Url gives us the internal URL in a cloud environment,
-			// So we use a variable that (at least from what I can tell) gives us
-			// the public URL:
-			if (request.ServerVariables["HTTP_HOST"] != null) {
-				ErrorUtilities.VerifySupported(request.Url.Scheme == Uri.UriSchemeHttps || request.Url.Scheme == Uri.UriSchemeHttp, "Only HTTP and HTTPS are supported protocols.");
-				string scheme = request.ServerVariables["HTTP_X_FORWARDED_PROTO"] ?? request.Url.Scheme;
-				Uri hostAndPort = new Uri(scheme + Uri.SchemeDelimiter + request.ServerVariables["HTTP_HOST"]);
-				UriBuilder publicRequestUri = new UriBuilder(request.Url);
-				publicRequestUri.Scheme = scheme;
-				publicRequestUri.Host = hostAndPort.Host;
-				publicRequestUri.Port = hostAndPort.Port; // CC missing Uri.Port contract that's on UriBuilder.Port
-				return publicRequestUri.Uri;
-			} else {
-				// Failover to the method that works for non-web farm enviroments.
-				// We use Request.Url for the full path to the server, and modify it
-				// with Request.RawUrl to capture both the cookieless session "directory" if it exists
-				// and the original path in case URL rewriting is going on.  We don't want to be
-				// fooled by URL rewriting because we're comparing the actual URL with what's in
-				// the return_to parameter in some cases.
-				// Response.ApplyAppPathModifier(builder.Path) would have worked for the cookieless
-				// session, but not the URL rewriting problem.
-				return new Uri(request.Url, request.RawUrl);
-			}
+			return GetPublicFacingUrl(request, request.ServerVariables);
 		}
 
 		/// <summary>