Verify type is expected when serializing (#190)

Author: twsouthwick

src/Services/SessionState/Serialization/JsonSessionKeySerializer.cs

@@ -3,25 +3,38 @@
 
 using System;
 using System.Text.Json;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.SystemWebAdapters.SessionState.Serialization;
 
-internal class JsonSessionKeySerializer : ISessionKeySerializer
+internal partial class JsonSessionKeySerializer : ISessionKeySerializer
 {
-    private readonly JsonSessionSerializerOptions _options;
+    private readonly IOptions<JsonSessionSerializerOptions> _options;
+    private readonly ILogger<JsonSessionKeySerializer> _logger;
 
-    public JsonSessionKeySerializer(IOptions<JsonSessionSerializerOptions> options)
+    public JsonSessionKeySerializer(IOptions<JsonSessionSerializerOptions> options, ILogger<JsonSessionKeySerializer> logger)
     {
-        _options = options?.Value ?? throw new ArgumentNullException(nameof(options));
+        _options = options ?? throw new ArgumentNullException(nameof(options));
+        _logger = logger ?? throw new ArgumentNullException(nameof(logger));
     }
 
+    [LoggerMessage(0, LogLevel.Error, "Unexpected JSON serialize/deserialization error for '{Key}' expected type '{Type}'")]
+    private partial void LogException(Exception e, string key, string type);
+
     public bool TryDeserialize(string key, byte[] bytes, out object? obj)
     {
-        if (_options.KnownKeys.TryGetValue(key, out var type))
+        if (_options.Value.KnownKeys.TryGetValue(key, out var type))
         {
-            obj = JsonSerializer.Deserialize(bytes, type);
-            return true;
+            try
+            {
+                obj = JsonSerializer.Deserialize(bytes, type);
+                return true;
+            }
+            catch (JsonException e)
+            {
+                LogException(e, key, type.Name);
+            }
         }
 
         obj = default;
@@ -30,10 +43,17 @@ public bool TryDeserialize(string key, byte[] bytes, out object? obj)
 
     public bool TrySerialize(string key, object value, out byte[] bytes)
     {
-        if (_options.KnownKeys.TryGetValue(key, out var type))
+        if (_options.Value.KnownKeys.TryGetValue(key, out var type) && type == value.GetType())
         {
-            bytes = JsonSerializer.SerializeToUtf8Bytes(value, type);
-            return true;
+            try
+            {
+                bytes = JsonSerializer.SerializeToUtf8Bytes(value, type);
+                return true;
+            }
+            catch (JsonException e)
+            {
+                LogException(e, key, type.Name);
+            }
         }
 
         bytes = Array.Empty<byte>();

test/Microsoft.AspNetCore.SystemWebAdapters.CoreServices.Tests/SessionState/Serialization/JsonSessionKeySerializerTests.cs

@@ -0,0 +1,180 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Linq;
+using Autofac.Extras.Moq;
+using AutoFixture;
+using Microsoft.Extensions.Options;
+using Xunit;
+
+namespace Microsoft.AspNetCore.SystemWebAdapters.SessionState.Serialization.Tests;
+
+public class JsonSessionKeySerializerTests
+{
+    private readonly Fixture _fixture;
+
+    public JsonSessionKeySerializerTests()
+    {
+        _fixture = new Fixture();
+    }
+
+    [Fact]
+    public void SerializeNothingRegistered()
+    {
+        // Arrange
+        using var mock = AutoMock.GetLoose();
+        var key = _fixture.Create<string>();
+
+        var options = new JsonSessionSerializerOptions();
+        mock.Mock<IOptions<JsonSessionSerializerOptions>>().Setup(o => o.Value).Returns(options);
+
+        var serializer = mock.Create<JsonSessionKeySerializer>();
+
+        // Act
+        var result = serializer.TrySerialize(key, new Type1(), out var bytes);
+
+        // Assert
+        Assert.False(result);
+        Assert.Empty(bytes);
+    }
+
+    [Fact]
+    public void DeserializeNothingRegistered()
+    {
+        // Arrange
+        using var mock = AutoMock.GetLoose();
+        var key = _fixture.Create<string>();
+        var value = _fixture.CreateMany<byte>().ToArray();
+
+        var options = new JsonSessionSerializerOptions();
+        mock.Mock<IOptions<JsonSessionSerializerOptions>>().Setup(o => o.Value).Returns(options);
+
+        var serializer = mock.Create<JsonSessionKeySerializer>();
+
+        // Act
+        var result = serializer.TryDeserialize(key, value, out var obj);
+
+        // Assert
+        Assert.False(result);
+        Assert.Null(obj);
+    }
+
+    [Fact]
+    public void SerializeTypeRegistered()
+    {
+        // Arrange
+        using var mock = AutoMock.GetLoose();
+        var key = _fixture.Create<string>();
+        var value = _fixture.CreateMany<byte>().ToArray();
+
+        var options = new JsonSessionSerializerOptions
+        {
+            KnownKeys =
+            {
+                { key, typeof(Type1) },
+            }
+        };
+        mock.Mock<IOptions<JsonSessionSerializerOptions>>().Setup(o => o.Value).Returns(options);
+
+        var serializer = mock.Create<JsonSessionKeySerializer>();
+
+        // Act
+        var result = serializer.TrySerialize(key, new Type1(), out var bytes);
+
+        // Assert
+        Assert.True(result);
+        Assert.Equal(new byte[] { 123, 125 }, bytes);
+    }
+
+    [Fact]
+    public void SerializeDerivedTypeRegistered()
+    {
+        // Arrange
+        using var mock = AutoMock.GetLoose();
+        var key = _fixture.Create<string>();
+        var value = _fixture.CreateMany<byte>().ToArray();
+
+        var options = new JsonSessionSerializerOptions
+        {
+            KnownKeys =
+            {
+                { key, typeof(Type2) },
+            }
+        };
+        mock.Mock<IOptions<JsonSessionSerializerOptions>>().Setup(o => o.Value).Returns(options);
+
+        var serializer = mock.Create<JsonSessionKeySerializer>();
+
+        // Act
+        var result = serializer.TrySerialize(key, new Type2Derived(), out var bytes);
+
+        // Assert
+        Assert.False(result);
+        Assert.Empty(bytes);
+    }
+
+    [Fact]
+    public void DeserializeTypeRegistered()
+    {
+        // Arrange
+        using var mock = AutoMock.GetLoose();
+        var key = _fixture.Create<string>();
+        var value = new byte[] { 123, 125 };
+
+        var options = new JsonSessionSerializerOptions
+        {
+            KnownKeys =
+            {
+                { key, typeof(Type1) },
+            }
+        };
+        mock.Mock<IOptions<JsonSessionSerializerOptions>>().Setup(o => o.Value).Returns(options);
+
+        var serializer = mock.Create<JsonSessionKeySerializer>();
+
+        // Act
+        var result = serializer.TryDeserialize(key, value, out var obj);
+
+        // Assert
+        Assert.True(result);
+        Assert.NotNull(obj);
+    }
+
+    [Fact]
+    public void SerializeIncorrectTypeRegistered()
+    {
+        // Arrange
+        using var mock = AutoMock.GetLoose();
+        var key = _fixture.Create<string>();
+
+        var options = new JsonSessionSerializerOptions
+        {
+            KnownKeys =
+            {
+                { key, typeof(Type1) },
+            }
+        };
+        mock.Mock<IOptions<JsonSessionSerializerOptions>>().Setup(o => o.Value).Returns(options);
+
+        var serializer = mock.Create<JsonSessionKeySerializer>();
+
+        // Act
+        var result = serializer.TrySerialize(key, new Type2(), out var bytes);
+
+        // Assert
+        Assert.False(result);
+        Assert.Empty(bytes);
+    }
+
+    private class Type1
+    {
+    }
+
+    private class Type2
+    {
+    }
+
+    private class Type2Derived : Type2
+    {
+    }
+}