diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-15 22:17:20 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-15 22:17:20 -0800 |
| commit | e12782c1a6727390b2107ff2e39d4ac6173d86fc (patch) | |
| tree | 3be0ccda0a9425927263f5b6b9616ef8ba11ac08 /src/DotNetOpenId.Test/UntrustedWebRequestTests.cs | |
| parent | 078b1f350eb40ceee7423c25b1d833dd1f242da4 (diff) | |
| parent | a545f7be2693596fa14540c359e43150a6a7cf88 (diff) | |
| download | DotNetOpenAuth-origin/mono.zip DotNetOpenAuth-origin/mono.tar.gz DotNetOpenAuth-origin/mono.tar.bz2 | |
Merge branch 'v2.5' into monoorigin/mono
Conflicts:
src/DotNetOpenId/Properties/AssemblyInfo.cs
src/DotNetOpenId/RelyingParty/AuthenticationResponse.cs
Diffstat (limited to 'src/DotNetOpenId.Test/UntrustedWebRequestTests.cs')
| -rw-r--r-- | src/DotNetOpenId.Test/UntrustedWebRequestTests.cs | 44 |
1 files changed, 38 insertions, 6 deletions
diff --git a/src/DotNetOpenId.Test/UntrustedWebRequestTests.cs b/src/DotNetOpenId.Test/UntrustedWebRequestTests.cs index c44354c..7bba993 100644 --- a/src/DotNetOpenId.Test/UntrustedWebRequestTests.cs +++ b/src/DotNetOpenId.Test/UntrustedWebRequestTests.cs @@ -1,10 +1,9 @@ using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using NUnit.Framework;
-using System.Text.RegularExpressions;
+using System.IO;
using System.Net;
+using System.Text.RegularExpressions;
+using DotNetOpenId.Test.Mocks;
+using NUnit.Framework;
namespace DotNetOpenId.Test {
[TestFixture]
@@ -25,7 +24,7 @@ namespace DotNetOpenId.Test { [Test]
public void DisallowUnsafeHosts() {
- string[] unsafeHosts = new [] {
+ string[] unsafeHosts = new[] {
// IPv4 loopback representations
"http://127.0.0.1",
"http://127.100.0.1",
@@ -89,5 +88,38 @@ namespace DotNetOpenId.Test { UntrustedWebRequest.BlacklistHostsRegex.Add(new Regex(@"\Wmicrosoft.com$"));
UntrustedWebRequest.Request(new Uri("http://WWW.MICROSOFT.COM"));
}
+
+ /// <summary>
+ /// Tests an implicit redirect where the HTTP server changes the responding URI without even
+ /// redirecting the client.
+ /// </summary>
+ [Test]
+ public void Redirects() {
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
+ UntrustedWebResponse resp = new UntrustedWebResponse(
+ new Uri("http://localhost/req"), new Uri("http://localhost/resp"),
+ new WebHeaderCollection(), HttpStatusCode.OK, "text/html", null, new MemoryStream());
+ MockHttpRequest.RegisterMockResponse(resp);
+ Assert.AreSame(resp, UntrustedWebRequest.Request(new Uri("http://localhost/req")));
+ }
+
+ /// <summary>
+ /// Tests that HTTP Location headers that only use a relative path get interpreted correctly.
+ /// </summary>
+ [Test]
+ public void RelativeRedirect() {
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
+ UntrustedWebResponse resp1 = new UntrustedWebResponse(
+ new Uri("http://localhost/dir/file1"), new Uri("http://localhost/dir/file1"),
+ new WebHeaderCollection {
+ { HttpResponseHeader.Location, "file2" },
+ }, HttpStatusCode.Redirect, "text/html", null, new MemoryStream());
+ MockHttpRequest.RegisterMockResponse(resp1);
+ UntrustedWebResponse resp2 = new UntrustedWebResponse(
+ new Uri("http://localhost/dir/file2"), new Uri("http://localhost/dir/file2"),
+ new WebHeaderCollection(), HttpStatusCode.OK, "text/html", null, new MemoryStream());
+ MockHttpRequest.RegisterMockResponse(resp2);
+ Assert.AreSame(resp2, UntrustedWebRequest.Request(new Uri("http://localhost/dir/file1")));
+ }
}
}
|