xTr1m/RpgRoller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix proxied live updates

Browse Source
This commit is contained in:
Frank Tovar
2026-05-05 01:55:59 +02:00
parent 2be1fc599a
commit b8bd92e3dc
3 changed files with 82 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
RpgRoller.Tests/Api/AuthApiTests.cs
View File

@@ -12,7 +12,8 @@ public sealed class AuthApiTests(WebApplicationFactory<Program> factory) : ApiTe
Assert.Equal("alice", registerResult.Username);
Assert.Contains(registerResult.Roles, role => string.Equals(role, "admin", StringComparison.OrdinalIgnoreCase));
var duplicate = await client.PostAsJsonAsync("/api/auth/register", new RegisterRequest("alice", "Password123", "Alice 2"));
var duplicate = await client.PostAsJsonAsync("/api/auth/register",
new RegisterRequest("alice", "Password123", "Alice 2"));
Assert.Equal(HttpStatusCode.BadRequest, duplicate.StatusCode);
var loginResult = await client.PostAsJsonAsync("/api/auth/login", new LoginRequest("alice", "Password123"));
@@ -44,4 +45,27 @@ public sealed class AuthApiTests(WebApplicationFactory<Program> factory) : ApiTe
var usernames = await GetAsync<IReadOnlyList<string>>(client, "/api/users/usernames");
Assert.Equal(["amy", "bob", "zoe"], usernames);
}
[Fact]
public async Task LoginCookie_IsMarkedSecure_WhenForwardedProtoIsHttps()
{
using var factory = CreateFactory();
using var client = factory.CreateClient(new() { AllowAutoRedirect = false });
await RegisterAsync(client, "proxy-user", "Password123", "Proxy User");
using var request = new HttpRequestMessage(HttpMethod.Post, "/api/auth/login")
{
Content = JsonContent.Create(new LoginRequest("proxy-user", "Password123"))
};
request.Headers.TryAddWithoutValidation("X-Forwarded-Proto", "https");
using var response = await client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.NotNull(response.Headers.SingleOrDefault(header => header.Key == "Set-Cookie").Value);
var setCookie = Assert.Single(response.Headers.GetValues("Set-Cookie"));
Assert.Contains("rpgroller_session=", setCookie);
Assert.Contains("secure", setCookie, StringComparison.OrdinalIgnoreCase);
}
}