Bypass windows auth on whitespace for VSTS client

jabbera · Jan 18, 2017 · bef3b6f · bef3b6f
1 parent 4ffc8f3
commit bef3b6f
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/RutaHttpModule/SonarAuthPassthroughModule.cs b/RutaHttpModule/SonarAuthPassthroughModule.cs
@@ -100,17 +100,20 @@ private void HandleAuthenticateRequestRequestInternal(ISonarAuthPassthroughHttpC
             // This is most efficent.
             if (context.HasTokenHeader)
             {
+                traceSource.TraceEvent(TraceEventType.Information, 0, "Found token.");
                 AssignPassThruUser(context);
+                return;
             }
 
             // If we have no agent, or the agent does not match any of our pass thrus
             string userAgent = context.UserAgent;
-            if (string.IsNullOrWhiteSpace(userAgent) || !this.settings.PassThruUserAgents.Any(userAgent.StartsWith))
+            traceSource.TraceEvent(TraceEventType.Information, 0, $"UserAgent: '{userAgent}'");
+
+            if (string.IsNullOrWhiteSpace(userAgent) || this.settings.PassThruUserAgents.Any(userAgent.StartsWith))
             {
+                AssignPassThruUser(context);
                 return;
-            }
-
-            AssignPassThruUser(context); 
+            }            
         }
 
         private void AssignPassThruUser(ISonarAuthPassthroughHttpContext context)

diff --git a/RutaHttpModuleTest/SonarAuthPassthroughModuleTest.cs b/RutaHttpModuleTest/SonarAuthPassthroughModuleTest.cs
@@ -67,6 +67,21 @@ public void SetWhenUserAgentMatchesTest()
             Assert.IsTrue(this.httpContext.Object.User.Identity.IsAuthenticated);
         }
 
+        [TestMethod]
+        public void SetWhenUserAgentOnWhitespaceTest()
+        {
+            this.httpContext.SetupProperty(x => x.User);
+            string agentName = string.Empty;
+
+            this.httpContext.SetupGet(x => x.UserAgent).Returns(agentName);
+            this.settings.SetupGet(x => x.PassThruUserAgents).Returns(new string[0]);
+
+            this.sonarAuthPassthroughModule.HandleAuthenticateRequest(httpContext.Object);
+
+            this.httpContext.VerifySet(x => x.SkipAuthorization = true, Times.Once());
+            Assert.IsTrue(this.httpContext.Object.User.Identity.IsAuthenticated);
+        }
+
         [TestMethod]
         public void DontSetWhenUserAgentMatchesTest()
         {