code improvments

traien · traien · commit 6b5508bbd2b8 · 2023-11-07T02:08:14.000+03:00
diff --git a/src/Serilog.Ui.Web/Authorization/BasicAuthenticationFilter.cs b/src/Serilog.Ui.Web/Authorization/BasicAuthenticationFilter.cs
@@ -12,7 +12,7 @@ public class BasicAuthenticationFilter : IUiAuthorizationFilter
     public string Pass { get; set; }
 
     private const string AuthenticationScheme = "Basic";
-    private const string AuthenticationCookieName = "SerilogAuth";
+    internal const string AuthenticationCookieName = "SerilogAuth";
 
     public bool Authorize(HttpContext httpContext)
     {
@@ -25,7 +25,7 @@ public bool Authorize(HttpContext httpContext)
             if (!string.IsNullOrWhiteSpace(authCookie))
             {
                 var hashedCredentials = EncryptCredentials(User, Pass);
-                isAuthenticated = string.Equals(authCookie, hashedCredentials, StringComparison.OrdinalIgnoreCase);
+                isAuthenticated = authCookie.Equals(hashedCredentials, StringComparison.OrdinalIgnoreCase);
             }
         }
         else
@@ -53,9 +53,9 @@ public bool Authorize(HttpContext httpContext)
         return isAuthenticated;
     }
 
-    public string EncryptCredentials(string user, string pass)
+    private string EncryptCredentials(string user, string pass)
     {
-        var sha256 = SHA256.Create();
+        using var sha256 = SHA256.Create();
         var hashBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes($"{user}:{pass}"));
         var hashedCredentials = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
         return hashedCredentials;
@@ -81,7 +81,7 @@ private bool CredentialsMatch((string Username, string Password) tokens)
     private void SetChallengeResponse(HttpContext httpContext)
     {
         httpContext.Response.StatusCode = 401;
-        httpContext.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"SeriLog Ui\"");
+        httpContext.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"Serilog UI\"");
         httpContext.Response.WriteAsync("Authentication is required.");
     }
 }
diff --git a/tests/Serilog.Ui.Web.Tests/Authorization/BasicAuthenticationFilterTests.cs b/tests/Serilog.Ui.Web.Tests/Authorization/BasicAuthenticationFilterTests.cs
@@ -1,3 +1,4 @@
+using System.Linq;
 using FluentAssertions;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Net.Http.Headers;
@@ -23,9 +24,11 @@ public async Task Authorize_WithValidCredentials_ShouldReturnTrue()
 
         // Act
         var result = filter.Authorize(httpContext);
+        var authCookie = httpContext.Response.GetTypedHeaders().SetCookie.FirstOrDefault(sc => sc.Name == BasicAuthenticationFilter.AuthenticationCookieName);
 
         // Assert
         result.Should().BeTrue();
+        authCookie.Should().NotBeNull();
     }
 
     [Fact]
@@ -66,6 +69,6 @@ public async Task Authorize_WithMissingAuthorizationHeader_ShouldSetChallengeRes
         // Assert
         result.Should().BeFalse();
         httpContext.Response.StatusCode.Should().Be(401);
-        httpContext.Response.Headers[HeaderNames.WWWAuthenticate].Should().Contain("Basic realm=\"Hangfire Dashboard\"");
+        httpContext.Response.Headers[HeaderNames.WWWAuthenticate].Should().Contain("Basic realm=\"Serilog UI\"");
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ public class BasicAuthenticationFilter : IUiAuthorizationFilter`
`12`	`12`	`public string Pass { get; set; }`
`13`	`13`
`14`	`14`	`private const string AuthenticationScheme = "Basic";`
`15`		`- private const string AuthenticationCookieName = "SerilogAuth";`
	`15`	`+ internal const string AuthenticationCookieName = "SerilogAuth";`
`16`	`16`
`17`	`17`	`public bool Authorize(HttpContext httpContext)`
`18`	`18`	`{`
`@@ -25,7 +25,7 @@ public bool Authorize(HttpContext httpContext)`
`25`	`25`	`if (!string.IsNullOrWhiteSpace(authCookie))`
`26`	`26`	`{`
`27`	`27`	`var hashedCredentials = EncryptCredentials(User, Pass);`
`28`		`- isAuthenticated = string.Equals(authCookie, hashedCredentials, StringComparison.OrdinalIgnoreCase);`
	`28`	`+ isAuthenticated = authCookie.Equals(hashedCredentials, StringComparison.OrdinalIgnoreCase);`
`29`	`29`	`}`
`30`	`30`	`}`
`31`	`31`	`else`
`@@ -53,9 +53,9 @@ public bool Authorize(HttpContext httpContext)`
`53`	`53`	`return isAuthenticated;`
`54`	`54`	`}`
`55`	`55`
`56`		`- public string EncryptCredentials(string user, string pass)`
	`56`	`+ private string EncryptCredentials(string user, string pass)`
`57`	`57`	`{`
`58`		`- var sha256 = SHA256.Create();`
	`58`	`+ using var sha256 = SHA256.Create();`
`59`	`59`	`var hashBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes($"{user}:{pass}"));`
`60`	`60`	`var hashedCredentials = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();`
`61`	`61`	`return hashedCredentials;`
`@@ -81,7 +81,7 @@ private bool CredentialsMatch((string Username, string Password) tokens)`
`81`	`81`	`private void SetChallengeResponse(HttpContext httpContext)`
`82`	`82`	`{`
`83`	`83`	`httpContext.Response.StatusCode = 401;`
`84`		`- httpContext.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"SeriLog Ui\"");`
	`84`	`+ httpContext.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"Serilog UI\"");`
`85`	`85`	`httpContext.Response.WriteAsync("Authentication is required.");`
`86`	`86`	`}`
`87`	`87`	`}`