Bypass windows auth on whitespace for VSTS client

jabbera · jabbera · commit bef3b6fc1d7f · 2017-01-18T16:18:37.000-05:00
diff --git a/RutaHttpModule/SonarAuthPassthroughModule.cs b/RutaHttpModule/SonarAuthPassthroughModule.cs
@@ -100,17 +100,20 @@ private void HandleAuthenticateRequestRequestInternal(ISonarAuthPassthroughHttpC
             // This is most efficent.
             if (context.HasTokenHeader)
             {
+                traceSource.TraceEvent(TraceEventType.Information, 0, "Found token.");
                 AssignPassThruUser(context);
+                return;
             }
 
             // If we have no agent, or the agent does not match any of our pass thrus
             string userAgent = context.UserAgent;
-            if (string.IsNullOrWhiteSpace(userAgent) || !this.settings.PassThruUserAgents.Any(userAgent.StartsWith))
+            traceSource.TraceEvent(TraceEventType.Information, 0, $"UserAgent: '{userAgent}'");
+
+            if (string.IsNullOrWhiteSpace(userAgent) || this.settings.PassThruUserAgents.Any(userAgent.StartsWith))
             {
+                AssignPassThruUser(context);
                 return;
-            }
-
-            AssignPassThruUser(context); 
+            }            
         }
 
         private void AssignPassThruUser(ISonarAuthPassthroughHttpContext context)
diff --git a/RutaHttpModuleTest/SonarAuthPassthroughModuleTest.cs b/RutaHttpModuleTest/SonarAuthPassthroughModuleTest.cs
@@ -67,6 +67,21 @@ public void SetWhenUserAgentMatchesTest()
             Assert.IsTrue(this.httpContext.Object.User.Identity.IsAuthenticated);
         }
 
+        [TestMethod]
+        public void SetWhenUserAgentOnWhitespaceTest()
+        {
+            this.httpContext.SetupProperty(x => x.User);
+            string agentName = string.Empty;
+
+            this.httpContext.SetupGet(x => x.UserAgent).Returns(agentName);
+            this.settings.SetupGet(x => x.PassThruUserAgents).Returns(new string[0]);
+
+            this.sonarAuthPassthroughModule.HandleAuthenticateRequest(httpContext.Object);
+
+            this.httpContext.VerifySet(x => x.SkipAuthorization = true, Times.Once());
+            Assert.IsTrue(this.httpContext.Object.User.Identity.IsAuthenticated);
+        }
+
         [TestMethod]
         public void DontSetWhenUserAgentMatchesTest()
         {

Original file line number	Diff line number	Diff line change
`@@ -100,17 +100,20 @@ private void HandleAuthenticateRequestRequestInternal(ISonarAuthPassthroughHttpC`
`100`	`100`	`// This is most efficent.`
`101`	`101`	`if (context.HasTokenHeader)`
`102`	`102`	`{`
	`103`	`+ traceSource.TraceEvent(TraceEventType.Information, 0, "Found token.");`
`103`	`104`	`AssignPassThruUser(context);`
	`105`	`+ return;`
`104`	`106`	`}`
`105`	`107`
`106`	`108`	`// If we have no agent, or the agent does not match any of our pass thrus`
`107`	`109`	`string userAgent = context.UserAgent;`
`108`		`- if (string.IsNullOrWhiteSpace(userAgent) \|\| !this.settings.PassThruUserAgents.Any(userAgent.StartsWith))`
	`110`	`+ traceSource.TraceEvent(TraceEventType.Information, 0, $"UserAgent: '{userAgent}'");`
	`111`	`+`
	`112`	`+ if (string.IsNullOrWhiteSpace(userAgent) \|\| this.settings.PassThruUserAgents.Any(userAgent.StartsWith))`
`109`	`113`	`{`
	`114`	`+ AssignPassThruUser(context);`
`110`	`115`	`return;`
`111`		`- }`
`112`		`-`
`113`		`- AssignPassThruUser(context);`
	`116`	`+ }`
`114`	`117`	`}`
`115`	`118`
`116`	`119`	`private void AssignPassThruUser(ISonarAuthPassthroughHttpContext context)`