Use redirect helper (#22847)

HaoK · web-flow · commit ef5ab43b6f7b · 2020-06-15T11:34:56.000-07:00
diff --git a/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs b/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs
@@ -276,7 +276,7 @@ protected virtual async Task<HandleRequestResult> HandleAccessDeniedErrorAsync(A
                 {
                     uri = QueryHelpers.AddQueryString(uri, context.ReturnUrlParameter, context.ReturnUrl);
                 }
-                Response.Redirect(uri);
+                Response.Redirect(BuildRedirectUri(uri));
 
                 return HandleRequestResult.Handle();
             }
diff --git a/src/Security/Authentication/test/GoogleTests.cs b/src/Security/Authentication/test/GoogleTests.cs
@@ -417,7 +417,7 @@ public async Task ReplyPathWithAccessDeniedError_AllowsCustomizingPath()
             var transaction = await server.SendAsync("https://example.com/signin-google?error=access_denied&error_description=SoBad&error_uri=foobar&state=protected_state",
                 ".AspNetCore.Correlation.Google.correlationId=N");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/custom-denied-page?rurl=http%3A%2F%2Fwww.google.com%2F", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal("https://example.com/custom-denied-page?rurl=http%3A%2F%2Fwww.google.com%2F", transaction.Response.Headers.GetValues("Location").First());
         }
 
         [Fact]
diff --git a/src/Security/Authentication/test/OAuthTests.cs b/src/Security/Authentication/test/OAuthTests.cs
@@ -274,7 +274,7 @@ public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySe
                 ".AspNetCore.Correlation.Weblie.correlationId=N");
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/access-denied?ReturnUrl=http%3A%2F%2Ftesthost%2Fredirect", transaction.Response.Headers.Location.ToString());
+            Assert.Equal("https://www.example.com/access-denied?ReturnUrl=http%3A%2F%2Ftesthost%2Fredirect", transaction.Response.Headers.Location.ToString());
         }
 
         [Fact]
diff --git a/src/Security/Authentication/test/TwitterTests.cs b/src/Security/Authentication/test/TwitterTests.cs
@@ -211,7 +211,7 @@ public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySe
             var response = await client.SendAsync(request);
 
             Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
-            Assert.Equal("/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());
+            Assert.Equal("http://localhost/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());
         }
 
         [Fact]

Original file line number	Diff line number	Diff line change
`@@ -276,7 +276,7 @@ protected virtual async Task<HandleRequestResult> HandleAccessDeniedErrorAsync(A`
`276`	`276`	`{`
`277`	`277`	`uri = QueryHelpers.AddQueryString(uri, context.ReturnUrlParameter, context.ReturnUrl);`
`278`	`278`	`}`
`279`		`- Response.Redirect(uri);`
	`279`	`+ Response.Redirect(BuildRedirectUri(uri));`
`280`	`280`
`281`	`281`	`return HandleRequestResult.Handle();`
`282`	`282`	`}`
Original file line number	Diff line number	Diff line change
`@@ -417,7 +417,7 @@ public async Task ReplyPathWithAccessDeniedError_AllowsCustomizingPath()`
`417`	`417`	`var transaction = await server.SendAsync("https://example.com/signin-google?error=access_denied&error_description=SoBad&error_uri=foobar&state=protected_state",`
`418`	`418`	`".AspNetCore.Correlation.Google.correlationId=N");`
`419`	`419`	`Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);`
`420`		`- Assert.Equal("/custom-denied-page?rurl=http%3A%2F%2Fwww.google.com%2F", transaction.Response.Headers.GetValues("Location").First());`
	`420`	`+ Assert.Equal("https://example.com/custom-denied-page?rurl=http%3A%2F%2Fwww.google.com%2F", transaction.Response.Headers.GetValues("Location").First());`
`421`	`421`	`}`
`422`	`422`
`423`	`423`	`[Fact]`
Original file line number	Diff line number	Diff line change
`@@ -274,7 +274,7 @@ public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySe`
`274`	`274`	`".AspNetCore.Correlation.Weblie.correlationId=N");`
`275`	`275`
`276`	`276`	`Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);`
`277`		`- Assert.Equal("/access-denied?ReturnUrl=http%3A%2F%2Ftesthost%2Fredirect", transaction.Response.Headers.Location.ToString());`
	`277`	`+ Assert.Equal("https://www.example.com/access-denied?ReturnUrl=http%3A%2F%2Ftesthost%2Fredirect", transaction.Response.Headers.Location.ToString());`
`278`	`278`	`}`
`279`	`279`
`280`	`280`	`[Fact]`
Original file line number	Diff line number	Diff line change
`@@ -211,7 +211,7 @@ public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySe`
`211`	`211`	`var response = await client.SendAsync(request);`
`212`	`212`
`213`	`213`	`Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);`
`214`		`- Assert.Equal("/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());`
	`214`	`+ Assert.Equal("http://localhost/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());`
`215`	`215`	`}`
`216`	`216`
`217`	`217`	`[Fact]`