huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

#903 Ensure redirect uris can be generated

This commit is contained in:
Chris R 2016-11-04 10:50:40 -07:00
parent 834718d1f9
commit 0c815da523
3 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
View File

@ -208,6 +208,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
message.State = Options.StateDataFormat.Protect(properties);
if (string.IsNullOrEmpty(message.IssuerAddress))
{
throw new InvalidOperationException(
"Cannot redirect to the end session endpoint, the configuration may be missing or invalid.");
}
if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
{
var redirectUri = message.CreateLogoutRequestUrl();
@ -356,6 +362,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
message.State = Options.StateDataFormat.Protect(properties);
if (string.IsNullOrEmpty(message.IssuerAddress))
{
throw new InvalidOperationException(
"Cannot redirect to the authorization endpoint, the configuration may be missing or invalid.");
}
if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
{
var redirectUri = message.CreateAuthenticationRequestUrl();

12
test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
View File

@ -222,6 +222,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
{
var newMessage = new MockOpenIdConnectMessage
{
IssuerAddress = "http://example.com/",
TestAuthorizeEndpoint = $"http://example.com/{Guid.NewGuid()}/oauth2/signin"
};
@ -322,5 +323,16 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
Assert.StartsWith(".AspNetCore.Correlation.OpenIdConnect.", secondCookie);
Assert.Contains("expires", secondCookie);
}
[Fact]
public async Task Challenge_WithEmptyConfig_Fails()
{
var settings = new TestSettings(
opt => opt.Configuration = new OpenIdConnectConfiguration());
var server = settings.CreateTestServer();
var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync(ChallengeEndpoint));
Assert.Equal("Cannot redirect to the authorization endpoint, the configuration may be missing or invalid.", exception.Message);
}
}
}

11
test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
View File

@ -135,6 +135,17 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
Assert.Equal("http://www.example.com/specific_redirect_uri", properties.RedirectUri, true);
}
[Fact]
public async Task SignOut_WithMissingConfig_Throws()
{
var setting = new TestSettings(opt => opt.Configuration = new OpenIdConnectConfiguration());
var server = setting.CreateTestServer();
var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync(DefaultHost + TestServerBuilder.Signout));
Assert.Equal("Cannot redirect to the end session endpoint, the configuration may be missing or invalid.", exception.Message);
}
// Test Cases for calculating the expiration time of cookie from cookie name
[Fact]
public void NonceCookieExpirationTime()