Additional basic assertion and proactive unused response disposal.

Kaliumhexacyanoferrat · Dec 7, 2024 · 9374593 · 9374593
1 parent f977f62
commit 9374593
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/Modules/Authentication/Multi/MultiAuthenticationConcern.cs b/Modules/Authentication/Multi/MultiAuthenticationConcern.cs
@@ -30,6 +30,8 @@ public MultiAuthenticationConcern(IHandler content, IConcern[] delegatingConcern
         ResponseOrException? lastResponse = null;
         foreach (var concern in _delegatingConcerns)
         {
+            lastResponse?.Dispose();
+
             try
             {
                 lastResponse = new(await concern.HandleAsync(request));
@@ -57,7 +59,7 @@ public MultiAuthenticationConcern(IHandler content, IConcern[] delegatingConcern
 
     #region Helper structure
 
-    private record ResponseOrException(IResponse? Response = null, ProviderException? Exception = null)
+    private record ResponseOrException(IResponse? Response = null, ProviderException? Exception = null) : IDisposable
     { 
         public IResponse? Get()
         {
@@ -69,6 +71,11 @@ private record ResponseOrException(IResponse? Response = null, ProviderException
             return Response;
         }
 
+        public void Dispose()
+        {
+            Response?.Dispose();
+        }
+
         public ResponseStatus? Status => Exception?.Status ?? Response?.Status.KnownStatus;
     }
 

diff --git a/Testing/Acceptance/Modules/Authentication/MultiAuthenticationTests.cs b/Testing/Acceptance/Modules/Authentication/MultiAuthenticationTests.cs
@@ -112,6 +112,7 @@ public async Task TestSingleBasicFail(TestEngine engine)
             request => request.Headers.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.UTF8.GetBytes("user:invalidpass"))));
 
         await response.AssertStatusAsync(HttpStatusCode.Unauthorized);
+        AssertBasicChallenge(response);
     }
 
     [TestMethod]
@@ -164,6 +165,7 @@ public async Task TestCombinedFail(TestEngine engine)
             request => request.Headers.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.UTF8.GetBytes("user:invalidpass"))));
 
         await response.AssertStatusAsync(HttpStatusCode.Unauthorized);
+        AssertBasicChallenge(response);
     }
 
     [TestMethod]
@@ -178,6 +180,11 @@ public void TestEmpty(TestEngine engine)
         });
     }
 
+    private static void AssertBasicChallenge(HttpResponseMessage response)
+    {
+        Assert.IsNotNull(response.Headers.WwwAuthenticate.FirstOrDefault(x => x.Scheme == "Basic" && (x.Parameter?.StartsWith("realm") ?? false)));
+    }
+
     private static async Task<HttpResponseMessage> Execute(MultiAuthenticationConcernBuilder builder, TestEngine engine, Action<HttpRequestMessage>? authAction = null)
     {
         var handler = Inline.Create()