Skip to content

Add tests for Allowinsecureredirect parameter in Web cmdlets #18939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
iSazonov merged 6 commits into from
Jan 13, 2023
Merged

Add tests for Allowinsecureredirect parameter in Web cmdlets #18939

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
892b30a
add destination to RedirectController
CarloToso Jan 13, 2023
f513cba
Add 8 tests
CarloToso Jan 13, 2023
1943e76
fix indenting
CarloToso Jan 13, 2023
5fdc7f0
Host to $httpUri.Authority
CarloToso Jan 13, 2023
341d604
fix Invoke-WebRequests Tests
CarloToso Jan 13, 2023
474c24b
add suggestions
CarloToso Jan 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 75 additions & 0 deletions test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,6 +514,26 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" {
$result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand"
}

It "Validate Invoke-WebRequest redirect with -Query destination Http" {
$httpUri = Get-WebListenerUrl -Test 'Get'
$uri = Get-WebListenerUrl -Test 'Redirect' -Query @{destination = $httpUri}
$command = "Invoke-WebRequest -Uri '$uri'"

$result = ExecuteWebCommand -command $command
$jsonContent = $result.Output.Content | ConvertFrom-Json
$jsonContent.headers.Host | Should -Match $httpUri.Authority
}

It "Validate Invoke-WebRequest redirect with -Query destination Https" {
$httpsUri = Get-WebListenerUrl -Test 'Get' -Https
$uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpsUri}
$command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck"

$result = ExecuteWebCommand -command $command
$jsonContent = $result.Output.Content | ConvertFrom-Json
$jsonContent.headers.Host | Should -Match $httpsUri.Authority
}

It "Invoke-WebRequest supports request that returns page containing UTF-8 data." {
$uri = Get-WebListenerUrl -Test 'Encoding' -TestValue 'Utf8'
$command = "Invoke-WebRequest -Uri '$uri'"
Expand Down Expand Up @@ -937,6 +957,25 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" {
$response.Error.Exception.Response.StatusCode | Should -Be $StatusCode
$response.Error.Exception.Response.Headers.Location | Should -BeNullOrEmpty
}

It "Validate Invoke-WebRequest Https to Http redirect with -AllowInsecureRedirect" {
$httpUri = Get-WebListenerUrl -Test 'Get'
$uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri}
$command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck -AllowInsecureRedirect"

$result = ExecuteWebCommand -command $command
$jsonContent = $result.Output.Content | ConvertFrom-Json
$jsonContent.headers.Host | Should -Match $httpUri.Authority
}

It "Validate Invoke-WebRequest Https to Http redirect without -AllowInsecureRedirect" {
$httpUri = Get-WebListenerUrl -Test 'Get'
$uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri}
$command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck"

$result = ExecuteWebCommand -command $command
$result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand"
}
}


Expand Down Expand Up @@ -2170,6 +2209,24 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" {
$result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand"
}

It "Validate Invoke-RestMethod redirect with -Query destination Http" {
$httpUri = Get-WebListenerUrl -Test 'Get'
$uri = Get-WebListenerUrl -Test 'Redirect' -Query @{destination = $httpUri}
$command = "Invoke-RestMethod -Uri '$uri'"

$result = ExecuteWebCommand -command $command
$result.Output.Headers.Host | Should -Be $httpUri.Authority
}

It "Validate Invoke-RestMethod redirect with -Query destination Https" {
$httpsUri = Get-WebListenerUrl -Test 'Get' -Https
$uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpsUri}
$command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck"

$result = ExecuteWebCommand -command $command
$result.Output.Headers.Host | Should -Be $httpsUri.Authority
}

It "Invoke-RestMethod supports request that returns page containing UTF-8 data." {
$uri = Get-WebListenerUrl -Test 'Encoding' -TestValue 'Utf8'
$command = "Invoke-RestMethod -Uri '$uri'"
Expand Down Expand Up @@ -2595,6 +2652,24 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" {
$response.Error.Exception.Response.Headers.Location | Should -BeNullOrEmpty
}

It "Validate Invoke-RestMethod Https to Http redirect with -AllowInsecureRedirect" {
$httpUri = Get-WebListenerUrl -Test 'Get'
$uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri}
$command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck -AllowInsecureRedirect"

$result = ExecuteWebCommand -command $command
$result.Output.Headers.Host | Should -Be $httpUri.Authority
}

It "Validate Invoke-RestMethod Https to Http redirect without -AllowInsecureRedirect" {
$httpUri = Get-WebListenerUrl -Test 'Get'
$uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri}
$command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck"

$result = ExecuteWebCommand -command $command
$result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand"
}

#endregion Redirect tests

Context "Invoke-RestMethod SkipHeaderVerification Tests" {
Expand Down
8 changes: 7 additions & 1 deletion test/tools/WebListener/Controllers/RedirectController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,10 @@ public class RedirectController : Controller
public IActionResult Index(int count)
{
string url = Regex.Replace(input: Request.GetDisplayUrl(), pattern: "\\/Redirect.*", replacement: string.Empty, options: RegexOptions.IgnoreCase);
var destinationIsPresent = Request.Query.TryGetValue("destination", out StringValues destination);
if (count <= 1)
{
url = $"{url}/Get/";
url = destinationIsPresent ? destination.FirstOrDefault() : $"{url}/Get/";
}
else
{
Expand All @@ -44,6 +45,11 @@ public IActionResult Index(int count)
url = new Uri($"{url}?type={type.FirstOrDefault()}").PathAndQuery;
Response.Redirect(url, false);
}
else if (destinationIsPresent)
{
Response.StatusCode = 302;
Response.Headers.Add("Location", url);
}
else
{
Response.Redirect(url, false);
Expand Down