public void GetHtml_ReturnsFormFieldAndSetsCookieValueIfDoesNotExist()
{
// Arrange
AntiForgeryWorker worker = new AntiForgeryWorker()
{
Serializer = new DummyAntiForgeryTokenSerializer()
};
var context = CreateContext();
// Act
string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString();
// Assert
Assert.True(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match.");
Match formMatch = _randomFormValueSuffixRegex.Match(formValue);
string formTokenValue = formMatch.Groups["value"].Value;
HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName];
Assert.NotNull(cookie);
Assert.True(cookie.HttpOnly, "Cookie should have HTTP-only flag set.");
Assert.True(String.IsNullOrEmpty(cookie.Domain), "Domain should not have been set.");
Assert.Equal("/", cookie.Path);
Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value);
string cookieTokenValue = cookieMatch.Groups["value"].Value;
Assert.Equal(formTokenValue, cookieTokenValue);
}
public void GetHtml_SetsCookieDomainAndPathIfSpecified()
{
// Arrange
AntiForgeryWorker worker = new AntiForgeryWorker()
{
Serializer = new DummyAntiForgeryTokenSerializer()
};
var context = CreateContext();
// Act
string formValue = worker.GetHtml(context, "some other salt", "theDomain", "thePath").ToHtmlString();
// Assert
Assert.True(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match.");
Match formMatch = _randomFormValueSuffixRegex.Match(formValue);
string formTokenValue = formMatch.Groups["value"].Value;
HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName];
Assert.NotNull(cookie);
Assert.True(cookie.HttpOnly, "Cookie should have HTTP-only flag set.");
Assert.Equal("theDomain", cookie.Domain);
Assert.Equal("thePath", cookie.Path);
Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value);
string cookieTokenValue = cookieMatch.Groups["value"].Value;
Assert.Equal(formTokenValue, cookieTokenValue);
}
public void GetHtml_CreatesNewCookieValueIfCookieExistsButIsNotValid()
{
// Arrange
AntiForgeryWorker worker = new AntiForgeryWorker()
{
Serializer = new DummyAntiForgeryTokenSerializer()
};
var context = CreateContext("invalid");
// Act
string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString();
// Assert
Assert.IsTrue(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match.");
Match formMatch = _randomFormValueSuffixRegex.Match(formValue);
string formTokenValue = formMatch.Groups["value"].Value;
HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName];
Assert.IsNotNull(cookie, "Cookie was not set correctly.");
Assert.IsTrue(cookie.HttpOnly, "Cookie should have HTTP-only flag set.");
Assert.IsTrue(String.IsNullOrEmpty(cookie.Domain), "Domain should not have been set.");
Assert.AreEqual("/", cookie.Path, "Path should have remained at '/' by default.");
Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value);
string cookieTokenValue = cookieMatch.Groups["value"].Value;
Assert.AreEqual(formTokenValue, cookieTokenValue, "Form and cookie token values did not match.");
}
public void GetHtml_SetsCookieDomainAndPathIfSpecified() {
// Arrange
AntiForgeryWorker worker = new AntiForgeryWorker() {
Serializer = new DummyAntiForgeryTokenSerializer()
};
var context = CreateContext();
// Act
string formValue = worker.GetHtml(context, "some other salt", "theDomain", "thePath").ToHtmlString();
// Assert
Assert.IsTrue(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match.");
Match formMatch = _randomFormValueSuffixRegex.Match(formValue);
string formTokenValue = formMatch.Groups["value"].Value;
HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName];
Assert.IsNotNull(cookie, "Cookie was not set correctly.");
Assert.IsTrue(cookie.HttpOnly, "Cookie should have HTTP-only flag set.");
Assert.AreEqual("theDomain", cookie.Domain);
Assert.AreEqual("thePath", cookie.Path);
Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value);
string cookieTokenValue = cookieMatch.Groups["value"].Value;
Assert.AreEqual(formTokenValue, cookieTokenValue, "Form and cookie token values did not match.");
}
public void GetHtml_ReturnsFormFieldAndSetsCookieValueIfDoesNotExist() {
// Arrange
AntiForgeryWorker worker = new AntiForgeryWorker() {
Serializer = new DummyAntiForgeryTokenSerializer()
};
var context = CreateContext();
// Act
string formValue = worker.GetHtml(context,"some other salt", null, null).ToHtmlString();
// Assert
Assert.IsTrue(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match.");
Match formMatch = _randomFormValueSuffixRegex.Match(formValue);
string formTokenValue = formMatch.Groups["value"].Value;
HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName];
Assert.IsNotNull(cookie, "Cookie was not set correctly.");
Assert.IsTrue(cookie.HttpOnly, "Cookie should have HTTP-only flag set.");
Assert.IsTrue(String.IsNullOrEmpty(cookie.Domain), "Domain should not have been set.");
Assert.AreEqual("/", cookie.Path, "Path should have remained at '/' by default.");
Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value);
string cookieTokenValue = cookieMatch.Groups["value"].Value;
Assert.AreEqual(formTokenValue, cookieTokenValue, "Form and cookie token values did not match.");
}
public void GetHtml_ReusesCookieValueIfExistsAndIsValid()
{
// Arrange
AntiForgeryWorker worker = new AntiForgeryWorker()
{
Serializer = new DummyAntiForgeryTokenSerializer()
};
var context = CreateContext("2001-01-01:some value:some salt:username");
// Act
string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString();
// Assert
Assert.True(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match.");
Assert.True(formValue.EndsWith(_someValueSuffix), "Form value suffix did not match.");
Assert.Equal(0, context.Response.Cookies.Count);
}
public void GetHtml_ReusesCookieValueIfExistsAndIsValid() {
// Arrange
AntiForgeryWorker worker = new AntiForgeryWorker() {
Serializer = new DummyAntiForgeryTokenSerializer()
};
var context = CreateContext("2001-01-01:some value:some salt:username");
// Act
string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString();
// Assert
Assert.IsTrue(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match.");
Assert.IsTrue(formValue.EndsWith(_someValueSuffix), "Form value suffix did not match.");
Assert.AreEqual(0, context.Response.Cookies.Count, "Cookie should not have been added to response.");
}
public void GetHtml_CreatesNewCookieValueIfCookieExistsButIsNotValid()
{
// Arrange
AntiForgeryWorker worker = new AntiForgeryWorker()
{
Serializer = new DummyAntiForgeryTokenSerializer()
};
var context = CreateContext("invalid");
// Act
string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString();
// Assert
Assert.True(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match.");
Match formMatch = _randomFormValueSuffixRegex.Match(formValue);
string formTokenValue = formMatch.Groups["value"].Value;
HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName];
Assert.NotNull(cookie);
Assert.True(cookie.HttpOnly, "Cookie should have HTTP-only flag set.");
Assert.True(String.IsNullOrEmpty(cookie.Domain), "Domain should not have been set.");
Assert.Equal("/", cookie.Path);
Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value);
string cookieTokenValue = cookieMatch.Groups["value"].Value;
Assert.Equal(formTokenValue, cookieTokenValue);
}