Implement IgnoreServerCertificateErrors feature in Cake.Http (#96)

louisfischer · web-flow · commit 14ff87ae888b · 2025-09-16T12:20:31.000-05:00
* Implement IgnoreServerCertificateErrors feature in Cake.Http

- ✨ Add IgnoreServerCertificateErrors property to HttpSettings
- 🔒 Update CakeHttpClientHandler to respect IgnoreServerCertificateErrors setting
- 🧪 Add unit tests for server certificate validation behavior
- 📜 Enhance HttpSettingsExtensions with method to configure IgnoreServerCertificateErrors
- 📄 Create copilot instructions for better developer onboarding

Signed-off-by: Louis Fischer &lt;louisfischer@gmail.com&gt;

* Refactor timeout exception handling in HttpGet tests

- 🛠️ Simplified exception assertion for timeout cases
- 🔄 Removed conditional compilation for .NET versions

Signed-off-by: Louis Fischer &lt;louisfischer@gmail.com&gt;

* Update timeout exception message in HttpGet test

- 🔄 Change exception message from "The operation was canceled." to "A task was canceled."

Signed-off-by: Louis Fischer &lt;louisfischer@gmail.com&gt;

---------

Signed-off-by: Louis Fischer &lt;louisfischer@gmail.com&gt;
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -0,0 +1,48 @@
+# Copilot instructions for Cake.Http
+
+Purpose: help AI coding agents get productive quickly in this repo — build, test, common patterns, and important gotchas.
+
+Quick commands
+- `dotnet build` : build the solution (`Cake.Http.slnx`).
+- `dotnet test src/Cake.Http.Tests` : run tests; tests target `net8.0;net9.0`.
+- Use the Cake script for full CI flow: install Cake.Tool and run `dotnet cake build.cake --target=Tests --configuration=Release`.
+- Pack/publish via Cake: `dotnet cake build.cake --target=Push --NUGET_PUSH=true --NUGET_URL=<url> --NUGET_API_KEY=<key>`.
+
+Big picture
+- This project implements Cake build aliases that wrap HTTP calls. The runtime surface is a set of static Cake alias methods in `src/Cake.Http/HttpClientAliases.cs` (GET/POST/PUT/PATCH/etc.).
+- `HttpSettings` (`src/Cake.Http/HttpSettings.cs`) is the central configuration object used by the aliases and the custom handler.
+- `CakeHttpClientHandler` (`src/Cake.Http/CakeHttpClientHandler.cs`) composes `HttpSettings` into an `HttpClientHandler` and performs request/response logging via the `ICakeContext` logger.
+
+Key files to inspect for behavior
+- `src/Cake.Http/HttpClientAliases.cs` : public Cake aliases. Keep the `[CakeMethodAlias]` attributes and method signatures stable.
+- `src/Cake.Http/HttpSettingsExtensions.cs` : fluent helpers used by consumers: `UseBearerAuthorization`, `SetJsonRequestBody`, `SetMultipartFormDataRequestBody`, `SetFormUrlEncodedRequestBody`, `AppendHeader`, `UseClientCertificates`, `IgnoreServerCertificateErrors`, `EnsureSuccessStatusCode`.
+- `src/Cake.Http/CakeHttpClientHandler.cs` : header composition, cookie handling, client cert application, request/response logging, and EnsureSuccessStatusCode handling.
+- `src/Cake.Http/JsonEncoder.cs` : serialization helper used by `SetJsonRequestBody`.
+
+Project-specific conventions & important patterns
+- Aliases are implemented as synchronous wrappers over async `HttpClient` calls (e.g. using `.GetAwaiter().GetResult()` / `Task.Run(...).ConfigureAwait(false).GetAwaiter().GetResult()`). When modifying code, preserve these synchronous entry points because Cake alias consumers expect sync methods.
+- `HttpSettings.RequestBody` is a `byte[]`. Most helpers set it (JSON, form-url-encoded, multipart). Respect that binary contract.
+- Logging: `CakeHttpClientHandler` logs request/response at Diagnostic/Verbose via `ICakeContext.Log`. Logging of bodies can be disabled per-request with `SuppressLogResponseRequestBodyOutput()` or the `LogRequestResponseOutput` flag on `HttpSettings`.
+- Certificates: add client certs with `UseClientCertificates(...)` and optionally set `IgnoreServerCertificateErrors(true)`. The handler uses `DangerousAcceptAnyServerCertificateValidator` when server-untrusted behavior is requested — document and be careful.
+- EnsureSuccessStatusCode behavior: `EnsureSuccessStatusCode()` sets two flags — `EnsureSuccessStatusCode` and `ThrowExceptionOnNonSuccessStatusCode`. The handler will call `response.EnsureSuccessStatusCode()` and will only rethrow when `ThrowExceptionOnNonSuccessStatusCode` is true.
+
+Testing notes
+- Tests use xUnit and NSubstitute. Data fixtures are in `src/Cake.Http.Tests/Data` and copied to output (see the test csproj).
+- Run `dotnet test src/Cake.Http.Tests --configuration Debug` locally. To exercise a single TF, pass `-f net9.0` etc.
+- Integration-like tests use fixtures under `src/Cake.Http.Tests/Fixtures` (e.g. `WebServerFixture`) — inspect these before changing networking/logging behavior.
+
+Common maintenance tasks
+- Bumping versions and packaging is handled by `build.cake` using `Cake.MinVer`. When changing public API (aliases, settings), update tests and ensure packaging metadata remains stable.
+- Keep `Cake.Core` package version in tests consistent with the project; tests reference `Cake.Core` in the test csproj.
+
+Gotchas and things an agent should not change
+- Do not remove or rename `[CakeMethodAlias]` and `[CakeAliasCategory]` attributes — they are the public contract for Cake integration.
+- Avoid changing the sync-over-async patterns unless you also update all alias entry points and tests — Cake aliases are expected to be synchronous.
+- Be conservative when changing default values (e.g., `LogRequestResponseOutput` defaults to `true`) because tests and consumers rely on them.
+
+Where to look for context
+- Start at `src/Cake.Http/HttpClientAliases.cs`, then `HttpSettings`, `HttpSettingsExtensions`, and `CakeHttpClientHandler`.
+- Tests: `src/Cake.Http.Tests/Unit` and `src/Cake.Http.Tests/Fixtures` for examples of using `HttpSettings` and how the handler is exercised.
+
+If anything is unclear
+- Ask for the intended target (change API, tests, or CI) and whether you should preserve backward compatibility for Cake aliases.
diff --git a/src/Cake.Http.Tests/Unit/CakeHttpClientHandlerTests.cs b/src/Cake.Http.Tests/Unit/CakeHttpClientHandlerTests.cs
@@ -29,5 +29,42 @@ public void Http_Client_Handler_Should_Add_Client_Certificates_From_Settings_To_
             Assert.Equal(settings.ClientCertificates[0], handler.ClientCertificates[0]);
             Assert.Equal(settings.ClientCertificates[1], handler.ClientCertificates[1]);
         }
+
+        [Fact]
+        [Trait(Traits.TestCategory, TestCategories.Unit)]
+        public void Http_Client_Handler_Should_Respect_IgnoreServerCertificateErrors_Setting_When_True()
+        {
+            // Given
+            var cakeContext = Substitute.For<ICakeContext>();
+            var settings = new HttpSettings
+            {
+                IgnoreServerCertificateErrors = true
+            };
+
+            // When
+            var handler = new CakeHttpClientHandler(cakeContext, settings);
+
+            // Then
+            Assert.NotNull(handler.ServerCertificateCustomValidationCallback);
+            Assert.Equal(System.Net.Http.HttpClientHandler.DangerousAcceptAnyServerCertificateValidator, handler.ServerCertificateCustomValidationCallback);
+        }
+
+        [Fact]
+        [Trait(Traits.TestCategory, TestCategories.Unit)]
+        public void Http_Client_Handler_Should_Not_Set_ServerCertificateCallback_When_Setting_Is_False()
+        {
+            // Given
+            var cakeContext = Substitute.For<ICakeContext>();
+            var settings = new HttpSettings
+            {
+                IgnoreServerCertificateErrors = false
+            };
+
+            // When
+            var handler = new CakeHttpClientHandler(cakeContext, settings);
+
+            // Then
+            Assert.Null(handler.ServerCertificateCustomValidationCallback);
+        }
     }
 }
diff --git a/src/Cake.Http.Tests/Unit/HttpClientAliasesTests.cs b/src/Cake.Http.Tests/Unit/HttpClientAliasesTests.cs
@@ -561,14 +561,8 @@ public void HttpSend_Should_Throw_Exception_If_Request_Times_Out()
                     .SetTimeout(TimeSpan.FromMilliseconds(1));
 
                 var record = Record.Exception(() => _Context.HttpGet(address, settings));
-#if NET5_0
-                CakeAssert.IsExceptionWithMessage<TimeoutException>(record.InnerException, "The operation was canceled.");
 
-#elif NETCOREAPP3_1
-                Assert.Null(record.InnerException);
-#else
                 CakeAssert.IsExceptionWithMessage<TimeoutException>(record.InnerException, "A task was canceled.");
-#endif
             }
 
             [Fact]
diff --git a/src/Cake.Http/CakeHttpClientHandler.cs b/src/Cake.Http/CakeHttpClientHandler.cs
@@ -1,11 +1,6 @@
 using Cake.Core;
-using System;
-using System.Linq;
-using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Text;
-using System.Threading;
-using System.Threading.Tasks;
 
 namespace Cake.Http;
 
@@ -30,6 +25,11 @@ public CakeHttpClientHandler(ICakeContext context, HttpSettings settings)
         UseDefaultCredentials = settings.UseDefaultCredentials;
         UseCookies = false;
 
+        if (settings.IgnoreServerCertificateErrors)
+        {
+            ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
+        }
+
         foreach (var clientCertificate in settings.ClientCertificates)
         {
             ClientCertificates.Add(clientCertificate);
diff --git a/src/Cake.Http/HttpClientAliases.cs b/src/Cake.Http/HttpClientAliases.cs
@@ -1,9 +1,6 @@
 using Cake.Core;
 using Cake.Core.Annotations;
-using System;
-using System.Net.Http;
 using System.Text;
-using System.Threading.Tasks;
 
 namespace Cake.Http;
 
diff --git a/src/Cake.Http/HttpSettings.cs b/src/Cake.Http/HttpSettings.cs
@@ -68,4 +68,10 @@ public HttpSettings()
     /// Determines whether to log the response/request body to the console.
     /// </summary>
     public bool LogRequestResponseOutput { get; set; } = true;
+
+    /// <summary>
+    /// Determines whether SSL server certificate validation errors should be ignored.
+    /// Use with caution - disabling validation exposes you to man-in-the-middle attacks.
+    /// </summary>
+    public bool IgnoreServerCertificateErrors { get; set; }
 }
diff --git a/src/Cake.Http/HttpSettingsExtensions.cs b/src/Cake.Http/HttpSettingsExtensions.cs
@@ -361,6 +361,22 @@ public static HttpSettings UseClientCertificates(this HttpSettings settings, IEn
         return settings;
     }
 
+    /// <summary>
+    /// Configure the settings to ignore SSL server certificate validation errors.
+    /// Use with caution - disabling validation exposes you to man-in-the-middle attacks.
+    /// </summary>
+    /// <param name="settings">The settings.</param>
+    /// <param name="ignore">Whether to ignore server certificate validation errors.</param>
+    /// <returns>The same <see cref="HttpSettings"/> instance so that multiple calls can be chained.</returns>
+    public static HttpSettings IgnoreServerCertificateErrors(this HttpSettings settings, bool ignore = true)
+    {
+        if (settings == null)
+            throw new ArgumentNullException(nameof(settings));
+
+        settings.IgnoreServerCertificateErrors = ignore;
+        return settings;
+    }
+
     /// <summary>
     /// Sets the timeout for the http request
     /// </summary>
