Merge pull request kevinobee#62 from richardszalay/feature/53_whiteli…

…st_does_not_prevent_execution BaseHttpHandler no longer continues execution when authorisation fails (fixes kevinobee#53)
Prashantkp · Aug 6, 2016 · 56c42ae · 56c42ae
2 parents 085cb8e + 5c2b69c
commit 56c42ae
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 0 deletions.
diff --git a/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs b/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
@@ -37,6 +37,7 @@ public void ProcessRequest(HttpContext context)
             if (!_authoriser.IsAllowed())
             {
                 context.Response.StatusCode = (int) HttpStatusCode.Unauthorized;
+                return;
             }
 
             context.Items.Add(StartTime, DateTime.UtcNow);

diff --git a/tests/unit-test/Sitecore.Ship.AspNet.Test/BaseHttpHandlerUnauthorisedTests.cs b/tests/unit-test/Sitecore.Ship.AspNet.Test/BaseHttpHandlerUnauthorisedTests.cs
@@ -0,0 +1,60 @@
+using Moq;
+using System.Web;
+using Xunit;
+using System;
+using Should;
+using Sitecore.Ship.Core.Contracts;
+using System.IO;
+
+namespace Sitecore.Ship.AspNet.Test
+{
+    public class BaseHttpHandlerUnauthorisedTests
+    {
+        private HttpResponse _response;
+        private SampleHandler _sut;
+
+        public BaseHttpHandlerUnauthorisedTests()
+        {
+            var authoriser = new Mock<IAuthoriser>();
+            authoriser.Setup(x => x.IsAllowed()).Returns(false);
+
+            var request = new HttpRequest("", "http://tempuri.org", "");
+            _response = new HttpResponse(new StringWriter());
+
+            var context = new HttpContext(request, _response);
+
+            _sut = new SampleHandler(authoriser.Object);
+            _sut.ProcessRequest(context);
+        }
+
+        [Fact]
+        public void ReturnsStatusCodeUnauthorized()
+        {
+            _response.StatusCode.ShouldEqual(401);
+        }
+
+        [Fact]
+        public void DoesNotCallProcessRequest()
+        {
+            _sut.DidRun.ShouldBeFalse();
+        }
+
+        class SampleHandler : BaseHttpHandler
+        {
+            public SampleHandler(IAuthoriser authoriser)
+                : base(authoriser)
+            {
+
+            }
+
+            public override void ProcessRequest(HttpContextBase context)
+            {
+                DidRun = true;
+                context.Response.StatusDescription = "Failed";
+            }
+
+            public bool DidRun;
+        }
+    }
+
+}
diff --git a/tests/unit-test/Sitecore.Ship.AspNet.Test/Sitecore.Ship.AspNet.Test.csproj b/tests/unit-test/Sitecore.Ship.AspNet.Test/Sitecore.Ship.AspNet.Test.csproj
@@ -84,6 +84,7 @@
     </Reference>
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="BaseHttpHandlerUnauthorisedTests.cs" />
     <Compile Include="AboutCommandBehaviour.cs" />
     <Compile Include="CouplingTests.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
@@ -99,6 +100,10 @@
       <Project>{d8d5e56c-6e0a-4a70-aa85-e0f6ddd97b38}</Project>
       <Name>Sitecore.Ship.AspNet</Name>
     </ProjectReference>
+    <ProjectReference Include="..\..\..\src\Sitecore.Ship.Core\Sitecore.Ship.Core.csproj">
+      <Project>{F9CC137C-E000-4D1E-9997-B8E3D20F7E36}</Project>
+      <Name>Sitecore.Ship.Core</Name>
+    </ProjectReference>
     <ProjectReference Include="..\..\TestUtils\TestUtils.csproj">
       <Project>{6121509c-0554-4fd7-974b-97a81b9df0f3}</Project>
       <Name>TestUtils</Name>
-Original file line number
+Diff line change
@@ Expand Up / @@ -37,6 +37,7 @@ public void ProcessRequest(HttpContext context) @@
                 if (!_authoriser.IsAllowed())
                 {
                     context.Response.StatusCode = (int) HttpStatusCode.Unauthorized;
+                    return;
                 }
                 context.Items.Add(StartTime, DateTime.UtcNow);
@@ Expand Down @@