Moved all UnitTests to a single project. Implemented parts of AspNetCore UnitTests.

2022-07-17 12:21:05 +02:00
parent 73038bbe5a
commit a26d6a0036
46 changed files with 2411 additions and 105 deletions
--- a/AMWD.Common.AspNetCore/Attributes/BasicAuthenticationAttribute.cs
+++ b/AMWD.Common.AspNetCore/Attributes/BasicAuthenticationAttribute.cs
@@ -16,6 +16,7 @@ namespace Microsoft.AspNetCore.Authorization
 	/// <summary>
 	/// A basic authentication as attribute to use for specific actions.
 	/// </summary>
+	[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
 	public class BasicAuthenticationAttribute : Attribute, IAsyncAuthorizationFilter
 	{
 		/// <summary>
@@ -53,11 +54,14 @@ namespace Microsoft.AspNetCore.Authorization
 				var authHeader = AuthenticationHeaderValue.Parse(context.HttpContext.Request.Headers["Authorization"]);
 				byte[] decoded = Convert.FromBase64String(authHeader.Parameter);
 				string plain = Encoding.UTF8.GetString(decoded);
-				string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
+
+				// See: https://www.rfc-editor.org/rfc/rfc2617, page 6
+				string username = plain.Split(':').First();
+				string password = plain[(username.Length + 1)..];

 				if (!string.IsNullOrWhiteSpace(Username) && !string.IsNullOrWhiteSpace(Password))
 				{
-					if (Username == credentials.First() && Password == credentials.Last())
+					if (Username == username && Password == password)
 						return;
 				}

@@ -82,7 +86,7 @@ namespace Microsoft.AspNetCore.Authorization

 			context.HttpContext.Response.Headers["WWW-Authenticate"] = "Basic";
 			if (!string.IsNullOrWhiteSpace(realm))
-				context.HttpContext.Response.Headers["WWW-Authenticate"] += $" realm=\"{realm.Trim().Replace("\"", "")}\"";
+				context.HttpContext.Response.Headers["WWW-Authenticate"] = $"Basic realm=\"{realm.Trim().Replace("\"", "")}\"";

 			context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
 			context.Result = new StatusCodeResult(StatusCodes.Status401Unauthorized);
@@ -98,22 +102,29 @@ namespace Microsoft.AspNetCore.Authorization
 					var authHeader = AuthenticationHeaderValue.Parse(context.HttpContext.Request.Headers["Authorization"]);
 					byte[] decoded = Convert.FromBase64String(authHeader.Parameter);
 					string plain = Encoding.UTF8.GetString(decoded);
-					string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
+
+					// See: https://www.rfc-editor.org/rfc/rfc2617, page 6
+					string username = plain.Split(':').First();
+					string password = plain[(username.Length + 1)..];

 					var validator = context.HttpContext.RequestServices.GetService<IBasicAuthenticationValidator>();
-					var result = await validator?.ValidateAsync(credentials.First(), credentials.Last(), context.HttpContext.GetRemoteIpAddress());
-					if (result != null)
-						context.HttpContext.User = result;
+					if (validator == null)
+						return null;

+					var result = await validator.ValidateAsync(username, password, context.HttpContext.GetRemoteIpAddress());
+					if (result == null)
+						return null;
+
+					context.HttpContext.User = result;
 					return result;
 				}
+				return null;
 			}
 			catch (Exception ex)
 			{
 				logger?.LogError(ex, $"Using validator to get HTTP user failed: {ex.InnerException?.Message ?? ex.Message}");
+				return null;
 			}
-
-			return null;
 		}
 	}
 }