private static string GetRandStr(int minLen, int maxLen, bool useDigit = false)
{
var valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
if (useDigit)
{
valid += "1234567890";
}
var res = new StringBuilder();
var length = CryptRand.GetInt32(minLen, maxLen + 1);
for (var i = 0; i < length; i++)
{
res.Append(valid[CryptRand.GetInt32(valid.Length)]);
}
return(res.ToString());
}
public void GenerateFormToken_ClaimsBasedIdentity()
{
// Arrange
var cookieToken = new AntiForgeryToken()
{
IsSessionToken = true
};
var httpContext = new Mock <HttpContext>().Object;
ClaimsIdentity identity = new GenericIdentity("some-identity");
var config = new AntiForgeryOptions();
byte[] data = new byte[256 / 8];
CryptRand.FillBuffer(new ArraySegment <byte>(data));
var base64ClaimUId = Convert.ToBase64String(data);
var expectedClaimUid = new BinaryBlob(256, data);
var mockClaimUidExtractor = new Mock <IClaimUidExtractor>();
mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity))
.Returns(base64ClaimUId);
var tokenProvider = new TokenProvider(
config: config,
claimUidExtractor: mockClaimUidExtractor.Object,
additionalDataProvider: null);
// Act
var fieldToken = tokenProvider.GenerateFormToken(httpContext, identity, cookieToken);
// Assert
Assert.NotNull(fieldToken);
Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken);
Assert.False(fieldToken.IsSessionToken);
Assert.Equal("", fieldToken.Username);
Assert.Equal(expectedClaimUid, fieldToken.ClaimUid);
Assert.Equal("", fieldToken.AdditionalData);
}
