public void GivenSomeExtraData_CreateToken_ReturnsTheGuidOnlyInToSend()
{
// Arrage.
const string extraData = "http://2p1s.com";
var antiForgery = new AntiForgery();
// Act.
var result = antiForgery.CreateToken(extraData);
// Assert.
Assert.NotNull(result);
Guid guid;
Assert.True(Guid.TryParse(result.ToSend, out guid));
}
public void GivenSomeExtraData_CreateToken_ReturnsAFunkyStringInToKeep()
{
// Arrage.
const string extraData = "http://2p1s.com";
var antiForgery = new AntiForgery();
// Act.
var result = antiForgery.CreateToken("dont't care!", extraData);
// Assert.
Assert.NotNull(result);
Assert.True(result.ToKeep.Contains("|"));
Assert.Equal("aHR0cDovLzJwMXMuY29t",
result.ToKeep.Substring(result.ToKeep.IndexOf("|", StringComparison.Ordinal) + 1));
}
public void GivenNoExtraData_CreateToken_ReturnsAGuidForBoth()
{
// Arrange.
var antiForgery = new AntiForgery();
// Act.
var result = antiForgery.CreateToken(existingToKeepToken: "don't care!");
// Assert.
Assert.NotNull(result);
Guid toKeep;
Guid toSend;
Assert.True(Guid.TryParse(result.ToKeep, out toKeep));
Assert.True(Guid.TryParse(result.ToSend, out toSend));
Assert.Equal(toKeep, toSend);
}
public RedirectResult RedirectToProvider(RedirectToProviderInputModel inputModel)
{
if (!ModelState.IsValid)
{
throw new ArgumentException(
"Some binding errors occured. This means at least one Request value (eg. form post or querystring parameter) provided is invalid. Generally, we need a ProviderName as a string.");
}
if (string.IsNullOrEmpty(inputModel.ProviderKey))
{
throw new ArgumentException(
"ProviderKey value missing. You need to supply a valid provider key so we know where to redirect the user Eg. google.");
}
// Grab the required Provider settings.
var settings = AuthenticationService.GetAuthenticateServiceSettings(inputModel.ProviderKey,
Request.Url,
Url.CallbackFromOAuthProvider());
// An OpenId specific settings provided?
if (!string.IsNullOrEmpty(inputModel.Identifier) &&
settings is IOpenIdAuthenticationServiceSettings)
{
Uri identifier;
if (!Uri.TryCreate(inputModel.Identifier, UriKind.RelativeOrAbsolute, out identifier))
{
throw new ArgumentException(
"Indentifier value was not in the correct Uri format. Eg. http://myopenid.com or https://yourname.myopenid.com");
}
((IOpenIdAuthenticationServiceSettings)settings).Identifier = identifier;
}
// Our convention is to remember some redirect url once we are finished in the callback.
// NOTE: If no redirectUrl data has been provided, then default to the Referrer, if one exists.
string extraData = null;
if (RedirectUrl != null &&
!string.IsNullOrEmpty(RedirectUrl.AbsoluteUri))
{
// We have extra state information we will need to retrieve.
extraData = RedirectUrl.AbsoluteUri;
}
else if (Request != null &&
Request.UrlReferrer != null &&
!string.IsNullOrEmpty(Request.UrlReferrer.AbsoluteUri))
{
extraData = Request.UrlReferrer.AbsoluteUri;
}
// Generate a token pair.
var token = AntiForgery.CreateToken(extraData);
// Put the "ToSend" value in the state parameter to send along to the OAuth Provider.
settings.State = token.ToSend;
// Serialize the ToKeep value in the cookie.
SerializeToken(Response, token.ToKeep);
// Determine the provider's end point Url we need to redirect to.
var uri = AuthenticationService.RedirectToAuthenticationProvider(settings);
// Kthxgo!
return(Redirect(uri.AbsoluteUri));
}
