Merge pull request ServiceStack#842 from Its-Tyson/auth-redirect-virtual-directory-issue

Auth redirect virtual directory issue

Author: mythz

src/ServiceStack.ServiceInterface/AuthenticateAttribute.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Specialized;
 using System.Linq;
 using ServiceStack.Common;
 using ServiceStack.Common.Web;
@@ -93,7 +94,7 @@ protected bool DoHtmlRedirectIfConfigured(IHttpRequest req, IHttpResponse res, b
                 var url = req.ResolveAbsoluteUrl(htmlRedirect);
                 if (includeRedirectParam)
                 {
-                    var absoluteRequestPath = req.ResolveAbsoluteUrl("~" + req.RawUrl);
+                    var absoluteRequestPath = req.ResolveAbsoluteUrl("~" + req.PathInfo + ToQueryString(req.QueryString));
                     url = url.AddQueryParam("redirect", absoluteRequestPath);
                 }
 
@@ -144,5 +145,14 @@ public static void AuthenticateIfDigestAuth(IHttpRequest req, IHttpResponse res)
                 });
             }
         }
+
+        // Not sure if this should be made re-useable within SS.Text with the other NVC extension methods?
+        private static string ToQueryString(NameValueCollection queryStringCollection)
+        {
+            if (queryStringCollection == null || queryStringCollection.Count == 0)
+                return String.Empty;
+
+            return "?" + queryStringCollection.ToFormUrlEncoded();
+        }
     }
 }

tests/ServiceStack.WebHost.Endpoints.Tests/AuthTests.cs

@@ -7,6 +7,7 @@
 using NUnit.Framework;
 using ServiceStack.CacheAccess;
 using ServiceStack.CacheAccess.Providers;
+using ServiceStack.Common;
 using ServiceStack.Common.Tests.ServiceClient.Web;
 using ServiceStack.Common.Utils;
 using ServiceStack.Common.Web;
@@ -262,29 +263,36 @@ public CustomAuthAttrResponse Any(CustomAuthAttr request)
 
     public class AuthTests
     {
-        private const string ListeningOn = "http://localhost:82/";
+        protected virtual string VirtualDirectory { get { return ""; } }
+        protected virtual string ListeningOn { get { return "http://localhost:82/"; } }
+        protected virtual string WebHostUrl { get { return "http://mydomain.com"; } }
 
         private const string UserName = "user";
         private const string Password = "p@55word";
         public const string UserNameWithSessionRedirect = "user2";
         public const string PasswordForSessionRedirect = "p@55word2";
         public const string SessionRedirectUrl = "specialLandingPage.html";
         public const string LoginUrl = "specialLoginPage.html";
-        public const string WebHostUrl = "http://mydomain.com";
         private const string EmailBasedUsername = "[email protected]";
         private const string PasswordForEmailBasedAccount = "p@55word3";
 
+
         public class AuthAppHostHttpListener
             : AppHostHttpListenerBase
         {
-            public AuthAppHostHttpListener()
-                : base("Validation Tests", typeof(CustomerService).Assembly) { }
+            private readonly string webHostUrl;
+
+            public AuthAppHostHttpListener(string webHostUrl)
+                : base("Validation Tests", typeof (CustomerService).Assembly)
+            {
+                this.webHostUrl = webHostUrl;
+            }
 
             private InMemoryAuthRepository userRep;
 
             public override void Configure(Container container)
             {
-                SetConfig(new EndpointHostConfig { WebHostUrl = WebHostUrl });
+                SetConfig(new EndpointHostConfig { WebHostUrl = webHostUrl });
 
                 Plugins.Add(new AuthFeature(() => new CustomUserSession(),
                     new IAuthProvider[] { //Www-Authenticate should contain basic auth, therefore register this provider first
@@ -322,14 +330,21 @@ private void CreateUser(int id, string username, string email, string password,
                     Permissions = permissions
                 }, password);
             }
+
+            protected override void Dispose(bool disposing)
+            {
+                // Needed so that when the derived class tests run the same users can be added again.
+                userRep.Clear();
+                base.Dispose(disposing);
+            }
         }
 
         AuthAppHostHttpListener appHost;
 
         [TestFixtureSetUp]
         public void OnTestFixtureSetUp()
         {
-            appHost = new AuthAppHostHttpListener();
+            appHost = new AuthAppHostHttpListener(WebHostUrl);
             appHost.Init();
             appHost.Start(ListeningOn);
         }
@@ -737,7 +752,8 @@ public void Html_clients_receive_redirect_to_login_page_when_accessing_unauthent
             client.Send<SecureResponse>(request);
 
             var locationUri = new Uri(lastResponseLocationHeader);
-            Assert.That(locationUri.AbsolutePath, Contains.Substring(LoginUrl));
+            var loginPath = "/".CombineWith(VirtualDirectory).CombineWith(LoginUrl);
+            Assert.That(locationUri.AbsolutePath, Is.EqualTo(loginPath).IgnoreCase);
         }
 
         [Test]
@@ -760,10 +776,13 @@ public void Html_clients_receive_secured_url_attempt_in_login_page_redirect_quer
             var redirectUri = new Uri(redirectQueryString);
 
             // Should contain the url attempted to access before the redirect to the login page.
-            Assert.That(redirectUri.AbsolutePath, Contains.Substring("/secured").IgnoreCase);
-            // Should also obey the WebHostUrl setting.
-            var schemeAndHost = redirectUri.Scheme + "://" + redirectUri.Authority;
-            Assert.That(schemeAndHost, Contains.Substring(WebHostUrl).IgnoreCase);
+            var securedPath = "/".CombineWith(VirtualDirectory).CombineWith("secured");
+            Assert.That(redirectUri.AbsolutePath, Is.EqualTo(securedPath).IgnoreCase);
+            // The url should also obey the WebHostUrl setting for the domain.
+            var redirectSchemeAndHost = redirectUri.Scheme + "://" + redirectUri.Authority;
+            var webHostUri = new Uri(WebHostUrl);
+            var webHostSchemeAndHost = webHostUri.Scheme + "://" + webHostUri.Authority;
+            Assert.That(redirectSchemeAndHost, Is.EqualTo(webHostSchemeAndHost).IgnoreCase);
         }
 
         [Test]
@@ -1010,4 +1029,11 @@ public void Calling_AddSessionIdToRequest_from_a_custom_auth_attribute_does_not_
             );
         }
     }
+
+    public class AuthTestsWithinVirtualDirectory : AuthTests
+    {
+        protected override string VirtualDirectory { get { return "somevirtualdirectory"; } }
+        protected override string ListeningOn { get { return "http://localhost:82/" + VirtualDirectory + "/"; } }
+        protected override string WebHostUrl { get { return "http://mydomain.com/" + VirtualDirectory; } }
+    }
 }