Moved all UnitTests to a single project. Implemented parts of AspNetCore UnitTests.

2022-07-17 12:21:05 +02:00
parent 73038bbe5a
commit a26d6a0036
46 changed files with 2411 additions and 105 deletions
--- a/AMWD.Common.AspNetCore/BasicAuthentication/BasicAuthenticationHandler.cs
+++ b/AMWD.Common.AspNetCore/BasicAuthentication/BasicAuthenticationHandler.cs
@@ -16,6 +16,7 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication
 	/// <summary>
 	/// Implements the <see cref="AuthenticationHandler{TOptions}"/> for Basic Authentication.
 	/// </summary>
+	[System.Diagnostics.CodeAnalysis.ExcludeFromCodeCoverage]
 	public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
 	{
 		private readonly ILogger logger;
@@ -51,10 +52,13 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication
 			{
 				var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
 				string plain = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter));
-				string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
+
+				// See: https://www.rfc-editor.org/rfc/rfc2617, page 6
+				string username = plain.Split(':').First();
+				string password = plain[(username.Length + 1)..];

 				var ipAddress = Context.GetRemoteIpAddress();
-				principal = await validator.ValidateAsync(credentials.First(), credentials.Last(), ipAddress);
+				principal = await validator.ValidateAsync(username, password, ipAddress);
 			}
 			catch (Exception ex)
 			{
--- a/AMWD.Common.AspNetCore/BasicAuthentication/BasicAuthenticationMiddleware.cs
+++ b/AMWD.Common.AspNetCore/BasicAuthentication/BasicAuthenticationMiddleware.cs
@@ -4,6 +4,7 @@ using System.Net.Http.Headers;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;

 namespace AMWD.Common.AspNetCore.BasicAuthentication
 {
@@ -45,9 +46,12 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication
 				var authHeader = AuthenticationHeaderValue.Parse(httpContext.Request.Headers["Authorization"]);
 				byte[] decoded = Convert.FromBase64String(authHeader.Parameter);
 				string plain = Encoding.UTF8.GetString(decoded);
-				string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);

-				var principal = await validator.ValidateAsync(credentials.First(), credentials.Last(), httpContext.GetRemoteIpAddress());
+				// See: https://www.rfc-editor.org/rfc/rfc2617, page 6
+				string username = plain.Split(':').First();
+				string password = plain[(username.Length + 1)..];
+
+				var principal = await validator.ValidateAsync(username, password, httpContext.GetRemoteIpAddress());
 				if (principal == null)
 				{
 					SetAuthenticateRequest(httpContext, validator.Realm);
@@ -56,9 +60,11 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication

 				await next.Invoke(httpContext);
 			}
-			catch
+			catch (Exception ex)
 			{
-				SetAuthenticateRequest(httpContext, validator.Realm);
+				var logger = (ILogger<BasicAuthenticationMiddleware>)httpContext.RequestServices.GetService(typeof(ILogger<BasicAuthenticationMiddleware>));
+				logger?.LogError(ex, $"Falied to execute basic authentication middleware: {ex.InnerException?.Message ?? ex.Message}");
+				httpContext.Response.StatusCode = StatusCodes.Status500InternalServerError;
 			}
 		}

@@ -66,7 +72,7 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication
 		{
 			httpContext.Response.Headers["WWW-Authenticate"] = "Basic";
 			if (!string.IsNullOrWhiteSpace(realm))
-				httpContext.Response.Headers["WWW-Authenticate"] += $" realm=\"{realm.Replace("\"", "")}\"";
+				httpContext.Response.Headers["WWW-Authenticate"] = $"Basic realm=\"{realm.Replace("\"", "")}\"";

 			httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
 		}