Restore HttpRequestContext.Principal after executing inner message handlers

dougbu · dougbu · commit f9e06d60e40a · 2018-02-21T08:51:00.000-08:00
- #119 nits: use `var` more in affected tests
diff --git a/src/System.Web.Http.Owin/PassiveAuthenticationMessageHandler.cs b/src/System.Web.Http.Owin/PassiveAuthenticationMessageHandler.cs
@@ -9,9 +9,7 @@
 using System.Threading.Tasks;
 using System.Web.Http.Controllers;
 using System.Web.Http.Filters;
-using System.Web.Http.Hosting;
 using System.Web.Http.Owin.Properties;
-using Microsoft.Owin;
 using Microsoft.Owin.Security;
 
 namespace System.Web.Http.Owin
@@ -37,27 +35,36 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
                 throw new ArgumentNullException("request");
             }
 
-            SetCurrentPrincipalToAnonymous(request);
-
-            HttpResponseMessage response = await base.SendAsync(request, cancellationToken);
+            HttpResponseMessage response;
+            var previousPrincipal = SetCurrentPrincipal(request, _anonymousPrincipal.Value);
+            try
+            {
+                response = await base.SendAsync(request, cancellationToken);
+            }
+            finally
+            {
+                SetCurrentPrincipal(request, previousPrincipal);
+            }
 
             SuppressDefaultAuthenticationChallenges(request);
 
             return response;
         }
 
-        private static void SetCurrentPrincipalToAnonymous(HttpRequestMessage request)
+        private static IPrincipal SetCurrentPrincipal(HttpRequestMessage request, IPrincipal principal)
         {
             Contract.Assert(request != null);
 
             HttpRequestContext requestContext = request.GetRequestContext();
-
             if (requestContext == null)
             {
                 throw new ArgumentException(OwinResources.Request_RequestContextMustNotBeNull, "request");
             }
 
-            requestContext.Principal = _anonymousPrincipal.Value;
+            var previousPrincipal = requestContext.Principal;
+            requestContext.Principal = principal;
+
+            return previousPrincipal;
         }
 
         private static void SuppressDefaultAuthenticationChallenges(HttpRequestMessage request)
diff --git a/src/System.Web.Http/Hosting/SuppressHostPrincipalMessageHandler.cs b/src/System.Web.Http/Hosting/SuppressHostPrincipalMessageHandler.cs
@@ -25,31 +25,39 @@ public class SuppressHostPrincipalMessageHandler : DelegatingHandler
             () => new ClaimsPrincipal(new ClaimsIdentity()), isThreadSafe: true);
 
         /// <inheritdoc />
-        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
+        protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
             CancellationToken cancellationToken)
         {
             if (request == null)
             {
                 throw new ArgumentNullException("request");
             }
 
-            SetCurrentPrincipalToAnonymous(request);
-
-            return base.SendAsync(request, cancellationToken);
+            var previousPrincipal = SetCurrentPrincipal(request, _anonymousPrincipal.Value);
+            try
+            {
+                return await base.SendAsync(request, cancellationToken);
+            }
+            finally
+            {
+                SetCurrentPrincipal(request, previousPrincipal);
+            }
         }
 
-        private static void SetCurrentPrincipalToAnonymous(HttpRequestMessage request)
+        private static IPrincipal SetCurrentPrincipal(HttpRequestMessage request, IPrincipal principal)
         {
             Contract.Assert(request != null);
 
             HttpRequestContext requestContext = request.GetRequestContext();
-
             if (requestContext == null)
             {
                 throw new ArgumentException(SRResources.Request_RequestContextMustNotBeNull, "request");
             }
 
-            requestContext.Principal = _anonymousPrincipal.Value;
+            var previousPrincipal = requestContext.Principal;
+            requestContext.Principal = principal;
+
+            return previousPrincipal;
         }
     }
 }
diff --git a/test/System.Web.Http.Owin.Test/PassiveAuthenticationMessageHandlerTest.cs b/test/System.Web.Http.Owin.Test/PassiveAuthenticationMessageHandlerTest.cs
@@ -104,32 +104,50 @@ public async Task SendAsync_Throws_WhenAuthenticationManagerIsNull()
         public async Task SendAsync_SetsRequestContextPrincipalToAnonymous_BeforeCallingInnerHandler()
         {
             // Arrange
+            var requestContextMock = new Mock<HttpRequestContext>(MockBehavior.Strict);
+            var sequence = new MockSequence();
+            var initialPrincipal = new GenericPrincipal(new GenericIdentity("generic user"), new[] { "generic role" });
             IPrincipal requestContextPrincipal = null;
-            Mock<HttpRequestContext> requestContextMock = new Mock<HttpRequestContext>(MockBehavior.Strict);
             requestContextMock
+                .InSequence(sequence)
+                .SetupGet(c => c.Principal)
+                .Returns(initialPrincipal);
+            requestContextMock
+                .InSequence(sequence)
                 .SetupSet(c => c.Principal = It.IsAny<IPrincipal>())
-                .Callback<IPrincipal>((value) => requestContextPrincipal = value);
+                .Callback<IPrincipal>(value => requestContextPrincipal = value);
+
+            // SendAsync also restores the old principal.
+            requestContextMock
+                .InSequence(sequence)
+                .SetupGet(c => c.Principal)
+                .Returns(requestContextPrincipal);
+            requestContextMock
+                .InSequence(sequence)
+                .SetupSet(c => c.Principal = initialPrincipal);
+
             IPrincipal principalBeforeInnerHandler = null;
             HttpMessageHandler inner = new LambdaHttpMessageHandler((ignore1, ignore2) =>
             {
                 principalBeforeInnerHandler = requestContextPrincipal;
                 return Task.FromResult<HttpResponseMessage>(null);
             });
             HttpMessageHandler handler = CreateProductUnderTest(inner);
-            IOwinContext context = CreateOwinContext();
+            var context = CreateOwinContext();
 
-            using (HttpRequestMessage request = new HttpRequestMessage())
+            using (var request = new HttpRequestMessage())
             {
                 request.SetOwinContext(context);
                 request.SetRequestContext(requestContextMock.Object);
 
                 // Act
-                HttpResponseMessage ignore = await handler.SendAsync(request, CancellationToken.None);
+                await handler.SendAsync(request, CancellationToken.None);
             }
 
             // Assert
+            Assert.Equal(requestContextPrincipal, principalBeforeInnerHandler);
             Assert.NotNull(principalBeforeInnerHandler);
-            IIdentity identity = principalBeforeInnerHandler.Identity;
+            var identity = principalBeforeInnerHandler.Identity;
             Assert.NotNull(identity);
             Assert.False(identity.IsAuthenticated);
             Assert.Null(identity.Name);
diff --git a/test/System.Web.Http.Test/Hosting/SuppressHostPrincipalMessageHandlerTest.cs b/test/System.Web.Http.Test/Hosting/SuppressHostPrincipalMessageHandlerTest.cs
@@ -14,30 +14,29 @@ namespace System.Web.Http.Hosting
     public class SuppressHostPrincipalMessageHandlerTest
     {
         [Fact]
-        public void SendAsync_DelegatesToInnerHandler()
+        public async Task SendAsync_DelegatesToInnerHandler()
         {
             // Arrange
             HttpRequestMessage request = null;
-            CancellationToken cancellationToken = default(CancellationToken);
-            Task<HttpResponseMessage> expectedResult = new Task<HttpResponseMessage>(() => null);
+            var cancellationToken = default(CancellationToken);
             HttpMessageHandler innerHandler = new LambdaHttpMessageHandler((r, c) =>
             {
                 request = r;
                 cancellationToken = c;
-                return expectedResult;
+                return Task.FromResult<HttpResponseMessage>(null);
             });
             HttpMessageHandler handler = CreateProductUnderTest(innerHandler);
-            CancellationToken expectedCancellationToken = new CancellationToken(true);
+            var expectedCancellationToken = new CancellationToken(true);
 
-            using (HttpRequestMessage expectedRequest = CreateRequestWithContext())
+            using (var expectedRequest = CreateRequestWithContext())
             {
                 // Act
-                Task<HttpResponseMessage> result = handler.SendAsync(expectedRequest, expectedCancellationToken);
+                var result = await handler.SendAsync(expectedRequest, expectedCancellationToken);
 
                 // Assert
                 Assert.Same(expectedRequest, request);
                 Assert.Equal(expectedCancellationToken, cancellationToken);
-                Assert.Same(expectedResult, result);
+                Assert.Null(result);
             }
         }
 
@@ -59,14 +58,31 @@ await Assert.ThrowsArgumentAsync(
         }
 
         [Fact]
-        public void SendAsync_SetsCurrentPrincipalToAnonymous_BeforeCallingInnerHandler()
+        public async Task SendAsync_SetsCurrentPrincipalToAnonymous_BeforeCallingInnerHandler()
         {
             // Arrange
+            var requestContextMock = new Mock<HttpRequestContext>(MockBehavior.Strict);
+            var sequence = new MockSequence();
+            var initialPrincipal = new GenericPrincipal(new GenericIdentity("generic user"), new[] { "generic role" });
             IPrincipal requestContextPrincipal = null;
-            Mock<HttpRequestContext> requestContextMock = new Mock<HttpRequestContext>();
             requestContextMock
+                .InSequence(sequence)
+                .SetupGet(c => c.Principal)
+                .Returns(initialPrincipal);
+            requestContextMock
+                .InSequence(sequence)
                 .SetupSet(c => c.Principal = It.IsAny<IPrincipal>())
-                .Callback<IPrincipal>((value) => requestContextPrincipal = value);
+                .Callback<IPrincipal>(value => requestContextPrincipal = value);
+
+            // SendAsync also restores the old principal.
+            requestContextMock
+                .InSequence(sequence)
+                .SetupGet(c => c.Principal)
+                .Returns(requestContextPrincipal);
+            requestContextMock
+                .InSequence(sequence)
+                .SetupSet(c => c.Principal = initialPrincipal);
+
             IPrincipal principalBeforeInnerHandler = null;
             HttpMessageHandler inner = new LambdaHttpMessageHandler((ignore1, ignore2) =>
             {
@@ -75,17 +91,18 @@ public void SendAsync_SetsCurrentPrincipalToAnonymous_BeforeCallingInnerHandler(
             });
             HttpMessageHandler handler = CreateProductUnderTest(inner);
 
-            using (HttpRequestMessage request = new HttpRequestMessage())
+            using (var request = new HttpRequestMessage())
             {
                 request.SetRequestContext(requestContextMock.Object);
 
                 // Act
-                handler.SendAsync(request, CancellationToken.None);
+                await handler.SendAsync(request, CancellationToken.None);
             }
 
             // Assert
+            Assert.Equal(requestContextPrincipal, principalBeforeInnerHandler);
             Assert.NotNull(principalBeforeInnerHandler);
-            IIdentity identity = principalBeforeInnerHandler.Identity;
+            var identity = principalBeforeInnerHandler.Identity;
             Assert.NotNull(identity);
             Assert.False(identity.IsAuthenticated);
             Assert.Null(identity.Name);

Original file line number	Diff line number	Diff line change
`@@ -25,31 +25,39 @@ public class SuppressHostPrincipalMessageHandler : DelegatingHandler`
`25`	`25`	`() => new ClaimsPrincipal(new ClaimsIdentity()), isThreadSafe: true);`
`26`	`26`
`27`	`27`	`/// <inheritdoc />`
`28`		`- protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,`
	`28`	`+ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,`
`29`	`29`	`CancellationToken cancellationToken)`
`30`	`30`	`{`
`31`	`31`	`if (request == null)`
`32`	`32`	`{`
`33`	`33`	`throw new ArgumentNullException("request");`
`34`	`34`	`}`
`35`	`35`
`36`		`- SetCurrentPrincipalToAnonymous(request);`
`37`		`-`
`38`		`- return base.SendAsync(request, cancellationToken);`
	`36`	`+ var previousPrincipal = SetCurrentPrincipal(request, _anonymousPrincipal.Value);`
	`37`	`+ try`
	`38`	`+ {`
	`39`	`+ return await base.SendAsync(request, cancellationToken);`
	`40`	`+ }`
	`41`	`+ finally`
	`42`	`+ {`
	`43`	`+ SetCurrentPrincipal(request, previousPrincipal);`
	`44`	`+ }`
`39`	`45`	`}`
`40`	`46`
`41`		`- private static void SetCurrentPrincipalToAnonymous(HttpRequestMessage request)`
	`47`	`+ private static IPrincipal SetCurrentPrincipal(HttpRequestMessage request, IPrincipal principal)`
`42`	`48`	`{`
`43`	`49`	`Contract.Assert(request != null);`
`44`	`50`
`45`	`51`	`HttpRequestContext requestContext = request.GetRequestContext();`
`46`		`-`
`47`	`52`	`if (requestContext == null)`
`48`	`53`	`{`
`49`	`54`	`throw new ArgumentException(SRResources.Request_RequestContextMustNotBeNull, "request");`
`50`	`55`	`}`
`51`	`56`
`52`		`- requestContext.Principal = _anonymousPrincipal.Value;`
	`57`	`+ var previousPrincipal = requestContext.Principal;`
	`58`	`+ requestContext.Principal = principal;`
	`59`	`+`
	`60`	`+ return previousPrincipal;`
`53`	`61`	`}`
`54`	`62`	`}`
`55`	`63`	`}`