Skip to content

Commit eef9d90

Browse files
author
N. Taylor Mullen
committed
Facebook: Test functionality of OnCannotCreateCookies hook.
- Added tests to validate flow, triggering, and default behaviors.
1 parent 8c87afb commit eef9d90

File tree

4 files changed

+180
-20
lines changed

4 files changed

+180
-20
lines changed

test/Microsoft.AspNet.Facebook.Test/App.config

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,5 +6,6 @@
66
<add key="Facebook:AppNamespace" value="MyApp" />
77
<add key="Facebook:AppUrl" value="https://apps.newfacebook.example.com/myapp" />
88
<add key="Facebook:AuthorizationRedirectPath" value="~/Authorize/Index" />
9+
<add key="Facebook:CannotCreateCookiesRedirectPath" value="~/NoCookies/Index" />
910
</appSettings>
1011
</configuration>

test/Microsoft.AspNet.Facebook.Test/FacebookAuthorizeFilterHookTest.cs

Lines changed: 143 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,66 @@ namespace Microsoft.AspNet.Facebook.Test
1515
public class FacebookAuthorizeFilterHookTest
1616
{
1717
[Theory]
18-
[InlineData("http://example.com", "email", true)]
19-
[InlineData("http://example.com?error=access_denied", "email", false)]
20-
[InlineData("http://example.com?error=access_denied", null, false)]
18+
[InlineData("~/home/cannotcreatecookies", "https://apps.facebook.com/DefaultAppId/home/cannotcreatecookies")]
19+
[InlineData(null, "https://www.facebook.com/")]
20+
public void OnAuthorization_CannotCreateCookiesHookRedirectsToConfigValueOrDefault(
21+
string cannotCreateCookiesRedirectPath,
22+
string expectedRedirectPath)
23+
{
24+
// Arrange
25+
var config = BuildConfiguration("~/home/permissions", cannotCreateCookiesRedirectPath);
26+
var authorizeFilter = new FacebookAuthorizeFilter(config);
27+
var context = BuildSignedAuthorizationContext("http://contoso.com?__fb_mps=", "email");
28+
29+
// Act
30+
authorizeFilter.OnAuthorization(context);
31+
var result = context.Result as JavaScriptRedirectResult;
32+
33+
// Assert
34+
Assert.Equal(result.RedirectUrl.AbsoluteUri, new Uri(expectedRedirectPath).AbsoluteUri);
35+
}
36+
37+
[Fact]
38+
public void OnAuthorization_OnlyTriggersCannotCreateCookiesHook()
39+
{
40+
// Arrange
41+
var config = BuildConfiguration("~/home/permissions");
42+
var authorizeFilter = new CustomDefaultAuthorizeFilter(config);
43+
var context = BuildSignedAuthorizationContext("http://contoso.com?__fb_mps=", "email");
44+
45+
// Act
46+
authorizeFilter.OnAuthorization(context);
47+
48+
// Assert
49+
Assert.True(authorizeFilter.CannotCreateCookiesHookTriggered);
50+
Assert.False(authorizeFilter.PermissionPromptHookTriggered);
51+
Assert.False(authorizeFilter.DeniedPermissionPromptHookTriggered);
52+
}
53+
54+
[Theory]
55+
[InlineData("http://contoso.com?__fb_mps=", "email", true)]
56+
[InlineData("http://contoso.com", "email", false)]
57+
[InlineData("http://contoso.com?__fb_mps=", null, false)]
58+
public void OnAuthorization_TriggersCannotCreateCookiesHook(string requestUrl,
59+
string permission,
60+
bool expectedTrigger)
61+
{
62+
// Arrange
63+
var config = BuildConfiguration("~/home/permissions");
64+
var authorizeFilter = new CustomDefaultAuthorizeFilter(config);
65+
var context = BuildSignedAuthorizationContext(requestUrl, permission);
66+
67+
// Act
68+
authorizeFilter.OnAuthorization(context);
69+
70+
// Assert
71+
Assert.Equal(expectedTrigger, authorizeFilter.CannotCreateCookiesHookTriggered);
72+
}
73+
74+
[Theory]
75+
[InlineData("http://contoso.com", "email", true)]
76+
[InlineData("http://contoso.com?error=access_denied", "email", false)]
77+
[InlineData("http://contoso.com?error=access_denied", null, false)]
2178
public void OnAuthorization_TriggersPreHookPriorToPermissionsDialog(string requestUrl,
2279
string permission,
2380
bool expectedTrigger)
@@ -35,9 +92,9 @@ public void OnAuthorization_TriggersPreHookPriorToPermissionsDialog(string reque
3592
}
3693

3794
[Theory]
38-
[InlineData("http://example.com", "email", true)]
39-
[InlineData("http://example.com?error=access_denied", "email", false)]
40-
[InlineData("http://example.com?error=access_denied", null, false)]
95+
[InlineData("http://contoso.com", "email", true)]
96+
[InlineData("http://contoso.com?error=access_denied", "email", false)]
97+
[InlineData("http://contoso.com?error=access_denied", null, false)]
4198
public void OnAuthorization_TriggersDeniedHook(string requestUrl, string permission, bool expectedTrigger)
4299
{
43100
// Arrange
@@ -57,11 +114,11 @@ public void OnAuthorization_TriggersDeniedHook(string requestUrl, string permiss
57114
}
58115

59116
[Theory]
60-
[InlineData("http://example.com", "email", "email", true)]
61-
[InlineData("http://example.com", "email", "foo", false)]
62-
[InlineData("http://example.com?error=access_denied", "email", "email", false)]
63-
[InlineData("http://example.com?error=access_denied", "email", "foo", false)]
64-
[InlineData("http://example.com?error=access_denied", null, "foo", false)]
117+
[InlineData("http://contoso.com", "email", "email", true)]
118+
[InlineData("http://contoso.com", "email", "foo", false)]
119+
[InlineData("http://contoso.com?error=access_denied", "email", "email", false)]
120+
[InlineData("http://contoso.com?error=access_denied", "email", "foo", false)]
121+
[InlineData("http://contoso.com?error=access_denied", null, "foo", false)]
65122
public void OnAuthorization_TriggersDeniedHookWithRevokedPermissions(string requestUrl,
66123
string permission,
67124
string permissionInStatus,
@@ -89,9 +146,9 @@ public void OnAuthorization_TriggersDeniedHookWithRevokedPermissions(string requ
89146
}
90147

91148
[Theory]
92-
[InlineData("http://example.com", "email", true)]
93-
[InlineData("http://example.com?error=access_denied", "email", false)]
94-
[InlineData("http://example.com?error=access_denied", null, false)]
149+
[InlineData("http://contoso.com", "email", true)]
150+
[InlineData("http://contoso.com?error=access_denied", "email", false)]
151+
[InlineData("http://contoso.com?error=access_denied", null, false)]
95152
public void OnAuthorization_TriggersDeniedHookAfterPersistingRequestedPermissions(string requestUrl,
96153
string permission,
97154
bool expectedTrigger)
@@ -122,13 +179,28 @@ public void OnAuthorization_TriggersDeniedHookAfterPersistingRequestedPermission
122179
Assert.Equal(expectedTrigger, authorizeFilter.DeniedPermissionPromptHookTriggered);
123180
}
124181

182+
[Fact]
183+
public void OnAuthorization_CannotCreateCookiesHookNullFlows()
184+
{
185+
// Arrange
186+
var config = BuildConfiguration("~/home/permissions");
187+
var authorizeFilter = new CustomInvalidAuthorizeFilter(config);
188+
var context = BuildSignedAuthorizationContext("http://contoso.com?__fb_mps=", "email");
189+
190+
// Act
191+
authorizeFilter.OnAuthorization(context);
192+
193+
// Assert
194+
Assert.Null(context.Result);
195+
}
196+
125197
[Fact]
126198
public void OnAuthorization_PreHookNullTreatedLikeIgnoreResult()
127199
{
128200
// Arrange
129201
var config = BuildConfiguration("~/home/permissions");
130202
var authorizeFilter = new CustomInvalidAuthorizeFilter(config);
131-
var context = BuildSignedAuthorizationContext("http://www.example.com", "email");
203+
var context = BuildSignedAuthorizationContext("http://contoso.com", "email");
132204

133205
// Act
134206
authorizeFilter.OnAuthorization(context);
@@ -147,7 +219,7 @@ public void OnAuthorization_DeniedHookNullTreatedLikeIgnoreResult()
147219
persistedCookies.Add(
148220
new HttpCookie(
149221
PermissionHelper.RequestedPermissionCookieName, "email"));
150-
var context = BuildSignedAuthorizationContext("http://www.example.com", "email", persistedCookies);
222+
var context = BuildSignedAuthorizationContext("http://contoso.com", "email", persistedCookies);
151223

152224
// Act
153225
authorizeFilter.OnAuthorization(context);
@@ -156,14 +228,35 @@ public void OnAuthorization_DeniedHookNullTreatedLikeIgnoreResult()
156228
Assert.Null(context.Result);
157229
}
158230

231+
[Fact]
232+
public void OnAuthorization_CannotCreateCookiesHookCustomActionResultIsContextsResult()
233+
{
234+
// Arrange
235+
var tempUrl = "http://contoso.com?__fb_mps=";
236+
var config = BuildConfiguration("~/home/permissions");
237+
var cannotCreateCookiesHookResult = new RedirectResult(tempUrl);
238+
var authorizeFilter = new CustomReturningAuthorizeFilter(config,
239+
cannotCreateCookiesHookResult,
240+
new RedirectResult(tempUrl),
241+
new RedirectResult(tempUrl));
242+
var context = BuildSignedAuthorizationContext(tempUrl, "email");
243+
244+
// Act
245+
authorizeFilter.OnAuthorization(context);
246+
247+
// Assert
248+
Assert.Equal(cannotCreateCookiesHookResult, context.Result);
249+
}
250+
159251
[Fact]
160252
public void OnAuthorization_PreHookCustomActionResultIsContextsResult()
161253
{
162254
// Arrange
163-
var tempUrl = "http://www.example.com";
255+
var tempUrl = "http://contoso.com";
164256
var config = BuildConfiguration("~/home/permissions");
165257
var preHookResult = new RedirectResult(tempUrl);
166258
var authorizeFilter = new CustomReturningAuthorizeFilter(config,
259+
new RedirectResult(tempUrl),
167260
preHookResult,
168261
new RedirectResult(tempUrl));
169262
var context = BuildSignedAuthorizationContext(tempUrl, "email");
@@ -179,10 +272,11 @@ public void OnAuthorization_PreHookCustomActionResultIsContextsResult()
179272
public void OnAuthorization_DeniedHookCustomActionResultIsContextsResult()
180273
{
181274
// Arrange
182-
var tempUrl = "http://www.example.com";
275+
var tempUrl = "http://contoso.com";
183276
var config = BuildConfiguration("~/home/permissions");
184277
var deniedHookResult = new RedirectResult(tempUrl);
185278
var authorizeFilter = new CustomReturningAuthorizeFilter(config,
279+
new RedirectResult(tempUrl),
186280
new RedirectResult(tempUrl),
187281
deniedHookResult);
188282
var persistedCookies = new HttpCookieCollection();
@@ -200,13 +294,19 @@ public void OnAuthorization_DeniedHookCustomActionResultIsContextsResult()
200294

201295
// Helper methods and classes
202296
private FacebookConfiguration BuildConfiguration(string authorizationRedirectPath,
297+
string cannotCreateCookiesRedirectPath = null,
203298
PermissionsStatus userPermissionsStatus = null)
204299
{
205300
var client = MockHelpers.CreateFacebookClient();
206301
var permissionService = MockHelpers.CreatePermissionService(new[] { "" }, userPermissionsStatus);
207302
var config = MockHelpers.CreateConfiguration(client, permissionService);
208303
config.AuthorizationRedirectPath = authorizationRedirectPath;
209304

305+
if (cannotCreateCookiesRedirectPath != null)
306+
{
307+
config.CannotCreateCookieRedirectPath = cannotCreateCookiesRedirectPath;
308+
}
309+
210310
return config;
211311
}
212312

@@ -216,13 +316,15 @@ private AuthorizationContext BuildSignedAuthorizationContext(string requestUrl,
216316
{
217317
var permissions = permission == null ? new string[0] : new string[] { permission };
218318

319+
var requestUri = new Uri(requestUrl);
320+
219321
var context = new AuthorizationContext(
220322
MockHelpers.CreateControllerContext(new NameValueCollection
221323
{
222324
{"signed_request", "exampleSignedRequest"}
223325
},
224-
null,
225-
new Uri(requestUrl),
326+
HttpUtility.ParseQueryString(requestUri.Query),
327+
requestUri,
226328
requestCookies),
227329
MockHelpers.CreateActionDescriptor(new[] { new FacebookAuthorizeAttribute(permissions) }));
228330

@@ -235,6 +337,11 @@ public CustomInvalidAuthorizeFilter(FacebookConfiguration config)
235337
: base(config)
236338
{ }
237339

340+
protected override void OnCannotCreateCookies(PermissionContext context)
341+
{
342+
context.Result = null;
343+
}
344+
238345
protected override void OnPermissionPrompt(PermissionContext context)
239346
{
240347
context.Result = null;
@@ -252,9 +359,17 @@ public CustomDefaultAuthorizeFilter(FacebookConfiguration config)
252359
: base(config)
253360
{ }
254361

362+
public bool CannotCreateCookiesHookTriggered { get; private set; }
255363
public bool PermissionPromptHookTriggered { get; private set; }
256364
public bool DeniedPermissionPromptHookTriggered { get; private set; }
257365

366+
protected override void OnCannotCreateCookies(PermissionContext context)
367+
{
368+
CannotCreateCookiesHookTriggered = true;
369+
370+
base.OnCannotCreateCookies(context);
371+
}
372+
258373
protected override void OnPermissionPrompt(PermissionContext context)
259374
{
260375
PermissionPromptHookTriggered = true;
@@ -272,18 +387,26 @@ protected override void OnDeniedPermissionPrompt(PermissionContext context)
272387

273388
private class CustomReturningAuthorizeFilter : FacebookAuthorizeFilter
274389
{
390+
private ActionResult _cannotCreateCookieResult;
275391
private ActionResult _promptPermissionHookResult;
276392
private ActionResult _deniedPermissionPromptHookResult;
277393

278394
public CustomReturningAuthorizeFilter(FacebookConfiguration config,
395+
ActionResult cannotCreateCookieResult,
279396
ActionResult promptPermissionHookResult,
280397
ActionResult deniedPermissionPromptHookResult)
281398
: base(config)
282399
{
400+
_cannotCreateCookieResult = cannotCreateCookieResult;
283401
_promptPermissionHookResult = promptPermissionHookResult;
284402
_deniedPermissionPromptHookResult = deniedPermissionPromptHookResult;
285403
}
286404

405+
protected override void OnCannotCreateCookies(PermissionContext context)
406+
{
407+
context.Result = _cannotCreateCookieResult;
408+
}
409+
287410
protected override void OnPermissionPrompt(PermissionContext context)
288411
{
289412
context.Result = _promptPermissionHookResult;

test/Microsoft.AspNet.Facebook.Test/FacebookAuthorizeFilterTest.cs

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,20 @@ namespace Microsoft.AspNet.Facebook.Test
1616
{
1717
public class FacebookAuthorizeFilterTest
1818
{
19+
[Fact]
20+
public void AddCookieVerificationQuery_AddsQueryParams()
21+
{
22+
// Arrange
23+
var collection = new NameValueCollection();
24+
var filter = new CustomAuthorizeFilter();
25+
26+
// Act
27+
filter.ExposedAddCookieVerificationQuery(collection);
28+
29+
// Assert
30+
Assert.NotEmpty(collection);
31+
}
32+
1933
[Fact]
2034
public void Constructor_ThrowsArgumentNullException()
2135
{
@@ -115,5 +129,18 @@ public void OnAuthorization_RedirectsToAuthorizationRedirectPath_OnlyWhenUserDen
115129
String.Format("<script>window.top.location = '{0}';</script>", expectedRedirectUrl),
116130
result.Content);
117131
}
132+
133+
private class CustomAuthorizeFilter : FacebookAuthorizeFilter
134+
{
135+
public CustomAuthorizeFilter()
136+
: base(new FacebookConfiguration())
137+
{
138+
}
139+
140+
public void ExposedAddCookieVerificationQuery(NameValueCollection queries)
141+
{
142+
AddCookieVerificationQuery(queries);
143+
}
144+
}
118145
}
119146
}

test/Microsoft.AspNet.Facebook.Test/FacebookConfigurationTest.cs

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ public void Default_Constructor()
1515
Assert.Null(config.AppSecret);
1616
Assert.NotNull(config.AppUrl);
1717
Assert.Null(config.AuthorizationRedirectPath);
18+
Assert.Null(config.CannotCreateCookieRedirectPath);
1819
Assert.Null(config.ClientProvider);
1920
Assert.Null(config.PermissionService);
2021
Assert.NotNull(config.Properties);
@@ -56,6 +57,7 @@ public void LoadFromAppSettings_ReadsFromAppConfig()
5657
Assert.Equal("abcdefg", config.AppSecret);
5758
Assert.Equal("MyApp", config.AppNamespace);
5859
Assert.Equal("~/Authorize/Index", config.AuthorizationRedirectPath);
60+
Assert.Equal("~/NoCookies/Index", config.CannotCreateCookieRedirectPath);
5961
Assert.Equal("https://apps.newfacebook.example.com/myapp", config.AppUrl);
6062
}
6163

@@ -65,5 +67,12 @@ public void AuthorizationRedirectPath_ThrowsArgumentException()
6567
FacebookConfiguration config = new FacebookConfiguration();
6668
Assert.ThrowsArgument(() => config.AuthorizationRedirectPath = "Home/Permissions", "value");
6769
}
70+
71+
[Fact]
72+
public void CannotCreateCookieRedirectPath_ThrowsArgumentException()
73+
{
74+
FacebookConfiguration config = new FacebookConfiguration();
75+
Assert.ThrowsArgument(() => config.CannotCreateCookieRedirectPath = "Home/Permissions", "value");
76+
}
6877
}
6978
}

0 commit comments

Comments
 (0)