Merge pull request #50 from aspriddell/add-new-handler-wrappers

Add new ssl bypass handler

DragonFruit.Common.Data.Tests/Handlers/AuthPreservingHandler/HeaderPreservingHeaderTests.cs

@@ -2,6 +2,7 @@
 // Licensed under the MIT License. Please refer to the LICENSE file at the root of this project for details
 
 using System;
+using DragonFruit.Common.Data.Handlers;
 using DragonFruit.Common.Data.Tests.Handlers.AuthPreservingHandler.Objects;
 using NUnit.Framework;
 
@@ -13,7 +14,10 @@ public class HeaderPreservingHeaderTests
         [TestCase]
         public void TestHeaderPreservation()
         {
-            var redirectClient = new HeaderPreservingHandlerClient();
+            var redirectClient = new ApiClient
+            {
+                Handler = () => new HeaderPreservingRedirectHandler()
+            };
 
             //get auth token
             var request = new AuthRequest();
@@ -28,7 +32,7 @@ public void TestHeaderPreservation()
             var auth = redirectClient.Perform<BasicOrbitAuthResponse>(request);
             redirectClient.Authorization = $"{auth.Type} {auth.AccessToken}";
 
-            //user lookups by username = 301. without our HeaderPreservingHandler we'd get a 401
+            // user lookups by username = 301. without our HeaderPreservingHandler we'd get a 401
             redirectClient.Perform(new OrbitTestUserRequest());
         }
     }

DragonFruit.Common.Data.Tests/Handlers/InsecureSslVerificationHandlerTests.cs

@@ -0,0 +1,47 @@
+// DragonFruit.Common Copyright 2020 DragonFruit Network
+// Licensed under the MIT License. Please refer to the LICENSE file at the root of this project for details
+
+using System;
+using System.Linq;
+using System.Net.Http;
+using System.Security.Authentication;
+using DragonFruit.Common.Data.Basic;
+using DragonFruit.Common.Data.Handlers;
+using NUnit.Framework;
+
+#pragma warning disable 618
+
+namespace DragonFruit.Common.Data.Tests.Handlers
+{
+    [TestFixture]
+    public class InsecureSslVerificationHandlerTests
+    {
+        [Test]
+        public void TestSslVerificationHandler()
+        {
+            var client = new ApiClient();
+            var request = new BasicApiRequest("http://wrong.host.badssl.com/");
+
+            try
+            {
+                client.Perform(request);
+                Assert.Fail("Request must fail when SSL validation is enabled");
+            }
+            // .NET Standard 2 returns aggregate exception
+            catch (AggregateException e)
+            {
+                var innerExceptions = e.InnerExceptions.Select(x => x.InnerException);
+                Assert.IsTrue(innerExceptions.Any(x => x is AuthenticationException));
+            }
+            // .NET 5 returns a non-aggregated copy of above
+            catch (HttpRequestException e)
+            {
+                Assert.IsTrue(e.InnerException is AuthenticationException);
+            }
+
+            // set handler and go again
+            client.Handler = () => new InsecureSslVerificationHandler();
+            Assert.IsTrue(client.Perform(request).IsSuccessStatusCode);
+        }
+    }
+}

DragonFruit.Common.Data/ApiClient.cs

@@ -92,7 +92,7 @@ public Func<HttpMessageHandler> Handler
             set
             {
                 _handler = value;
-                RequestClientReset(false);
+                RequestClientReset(true);
             }
         }
 
@@ -366,7 +366,17 @@ protected virtual void ValidateRequest(ApiRequest request)
             }
         }
 
-        public void RequestClientReset(bool fullReset) => Interlocked.Exchange(ref _clientAdjustmentRequestSignal, fullReset ? 2 : 1);
+        public void RequestClientReset(bool fullReset)
+        {
+            if (fullReset)
+            {
+                Interlocked.Exchange(ref _clientAdjustmentRequestSignal, 2);
+            }
+            else
+            {
+                Interlocked.CompareExchange(ref _clientAdjustmentRequestSignal, 1, 0);
+            }
+        }
 
         private void Timeout() => Thread.Sleep(AdjustmentTimeout / 2);
     }

DragonFruit.Common.Data/Handlers/HeaderPreservingRedirectHandler.cs

@@ -12,7 +12,6 @@ namespace DragonFruit.Common.Data.Handlers
     /// <summary>
     /// <see cref="HttpClient"/> will auto-strip the auth header, even on redirects to the same site.
     /// This handler "bypasses" this protection if the host is the same. It also supports an inner handler, should you wish to configure one.
-    ///
     /// <para>
     /// You should only use this if you know what you're doing
     /// </para>

DragonFruit.Common.Data/Handlers/InsecureSslVerificationHandler.cs

@@ -0,0 +1,20 @@
+// DragonFruit.Common Copyright 2020 DragonFruit Network
+// Licensed under the MIT License. Please refer to the LICENSE file at the root of this project for details
+
+using System;
+using System.Net.Http;
+
+namespace DragonFruit.Common.Data.Handlers
+{
+    [Obsolete(nameof(InsecureSslVerificationHandler) + "is insecure and should only be used for testing/development purposes")]
+    public class InsecureSslVerificationHandler : HttpClientHandler
+    {
+        public InsecureSslVerificationHandler()
+        {
+            ServerCertificateCustomValidationCallback = delegate
+            {
+                return true;
+            };
+        }
+    }
+}

DragonFruit.Common.Data/Headers/HeaderCollection.cs

@@ -10,7 +10,7 @@ namespace DragonFruit.Common.Data.Headers
     public class HeaderCollection
     {
         private readonly ConcurrentDictionary<string, string> _values = new ConcurrentDictionary<string, string>();
-        private ApiClient _client;
+        private readonly ApiClient _client;
 
         public HeaderCollection(ApiClient client)
         {