Fix invalid challenge in CookieAuthenticationHandler.ApplyResponseChallenge

2015-05-24 17:14:08 +02:00 · 2015-05-24 17:14:08 +02:00 · c6230f5de2
parent 6f935f8e28
commit c6230f5de2
2 changed files with 14 additions and 14 deletions
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@ -363,30 +363,30 @@ namespace Microsoft.AspNet.Authentication.Cookies
                return;
            }

-            var loginUri = string.Empty;
+            var redirectUri = string.Empty;
            if (ChallengeContext != null)
            {
-                loginUri = new AuthenticationProperties(ChallengeContext.Properties).RedirectUri;
+                redirectUri = new AuthenticationProperties(ChallengeContext.Properties).RedirectUri;
            }

            try
            {
-                if (string.IsNullOrWhiteSpace(loginUri))
+                if (string.IsNullOrWhiteSpace(redirectUri))
                {
-                    var currentUri =
+                    redirectUri =
                        Request.PathBase +
                        Request.Path +
                        Request.QueryString;
-
-                    loginUri =
-                        Request.Scheme +
-                        "://" +
-                        Request.Host +
-                        Request.PathBase +
-                        Options.LoginPath +
-                        QueryString.Create(Options.ReturnUrlParameter, currentUri);
                }

+                var loginUri =
+                    Request.Scheme +
+                    "://" +
+                    Request.Host +
+                    Request.PathBase +
+                    Options.LoginPath +
+                    QueryString.Create(Options.ReturnUrlParameter, redirectUri);
+
                var redirectContext = new CookieApplyRedirectContext(Context, Options, loginUri);
                Options.Notifications.ApplyRedirect(redirectContext);
            }
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@ -59,7 +59,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
        [Theory]
        [InlineData(true)]
        [InlineData(false)]
-        public async Task ProtectedCustomRequestShouldRedirectToCustomLogin(bool auto)
+        public async Task ProtectedCustomRequestShouldRedirectToCustomRedirectUri(bool auto)
        {
            var server = CreateServer(options =>
            {
@ -73,7 +73,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
            if (auto)
            {
                Uri location = transaction.Response.Headers.Location;
-                location.ToString().ShouldBe("/CustomRedirect");
+                location.ToString().ShouldBe("http://example.com/login?ReturnUrl=%2FCustomRedirect");
            }
        }