public Request Construct(string url, string username, string password, string body)
{
var builder = new RequestBuilder();
builder.SetUrl(url);
builder.AddHeader("username", username);
builder.AddHeader("password", password);
builder.SetBody(body);
return(builder.Build());
}
private HttpResponseMessage SendRequest()
{
var requestBuilder = new RequestBuilder(_app.Server, _path);
if (_method == HttpMethod.Post)
{
var tokens = AntiForgeryRequestTokens.GetFromApplication(_app);
if (_postForm != null)
{
var dic = new Dictionary <string, string>(_postForm);
requestBuilder.And(req =>
{
dic["__RequestVerificationToken"] = tokens.VerificationToken;
var content = new FormUrlEncodedContent(dic);
content.Headers.ContentType = new MediaTypeHeaderValue(_contentType);
req.Content = content;
})
.WithCookie(tokens.Cookie);
}
else
{
requestBuilder.AddHeader("RequestVerificationToken", tokens.VerificationToken);
if (_postEntity != null)
{
requestBuilder.And(req =>
{
var content = new ByteArrayContent(_postEntity);
content.Headers.ContentType = new MediaTypeHeaderValue(_contentType);
req.Content = content;
});
}
requestBuilder.WithCookie(tokens.Cookie);
}
}
if (_headers.Any())
{
_headers.Keys.ToList().ForEach(key => requestBuilder.AddHeader(key, _headers[key]));
}
if (_cookies.Any())
{
_cookies.ForEach(c => requestBuilder.WithCookie(c.Name.ToString(), c.Value.ToString()));
}
var response = requestBuilder.SendAsync(_method.ToString().ToUpper()).Result;
_app.ResetUser();
return(response);
}
public async Task CodeAllowRealIPNotOnBlacklist4Test()
{
using (
var server =
new TestServer(
WebHostBuilderHelper.CreateCodeBuilder(
new IPFilteringOptions
{
DefaultBlockLevel = DefaultBlockLevel.None,
Blacklist = new List <string> {
"192.168.0.1"
}
})))
{
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Real-IP", "192.168.0.2");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
response.EnsureSuccessStatusCode();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
}
}
public static RequestBuilder AddAsJson <T>(this RequestBuilder requestBuilder, T value)
{
requestBuilder.AddHeader("Accept", "application/json");
requestBuilder.And(r => r.Content = new ObjectContent <T>(value, new JsonMediaTypeFormatter()));
return(requestBuilder);
}
public async Task CodeBlockRealIPOnWhitelistBlacklistTest()
{
using (
var server =
new TestServer(
WebHostBuilderHelper.CreateCodeBuilder(
new IPFilteringOptions
{
Whitelist = new List <string> {
"192.168.0.10-192.168.10.20"
},
Blacklist = new List <string> {
"192.168.0.100-192.168.0.150"
},
})))
{
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Real-IP", "192.168.0.120");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
Assert.AreEqual(HttpStatusCode.NotFound, response.StatusCode, "StatusCode != Not Found");
}
}
public async Task CompressionMediaTest()
{
// Arrange
using (var server = new TestServer(
this.CreateBuilder(options =>
{
options.MinimumCompressionThreshold = 0;
options.AllowedMediaTypes = new List <MediaTypeHeaderValue> {
MediaTypeHeaderValue.Parse("text/html")
};
})))
{
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader(HeaderNames.AcceptEncoding, "gzip");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
response.EnsureSuccessStatusCode();
string responseText = await response.Content.ReadAsStringAsync();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
Assert.AreEqual(Helpers.ResponseText, responseText, "Response Text not equal");
Assert.AreEqual(124, response.Content.Headers.ContentLength, "Content-Length != 124");
Assert.AreEqual(false, response.Content.Headers.ContentEncoding.Any(), "Content-Encoding != null");
Assert.AreEqual(false, response.Headers.Vary.Contains(HeaderNames.AcceptEncoding), "Vary != Accept-Encoding");
}
}
void AddToken(RequestBuilder requestBuilder)
{
if (Token != null)
{
requestBuilder.AddHeader(AuthorizationHeaderName, "Bearer " + Token);
}
}
public async Task IgnoredCompressionThresholdZeroGZipTest()
{
// Arrange
using (
var server =
new TestServer(
this.CreateBuilder(
options =>
{
options.MinimumCompressionThreshold = 0;
options.Compressors = new List <ICompressor> {
new GZipCompressor()
};
})))
{
// Act
RequestBuilder request = server.CreateRequest("/lib/ignore");
request.AddHeader(HeaderNames.AcceptEncoding, "gzip");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
response.EnsureSuccessStatusCode();
string responseText = await response.Content.ReadAsStringAsync();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
Assert.AreEqual(Helpers.ResponseText, responseText, "Response Text not equal");
Assert.AreEqual(Helpers.ResponseText.Length, response.Content.Headers.ContentLength, $"Content-Length != {Helpers.ResponseText.Length}");
Assert.AreEqual(false, response.Content.Headers.ContentEncoding.Any(), "Content-Encoding == null");
}
}
public override void Update()
{
DB db = new DB("travox_global");
RequestBuilder doExchange = new RequestBuilder("127.0.0.1:3000/API-v3/exchange-rate/");
doExchange.By = RequestBuilder.Method.POST;
doExchange.ContentType = "application/x-www-form-urlencoded";
doExchange.AddHeader("Token-Auth", "ZHNnc2RmaCxrZXIgbmFsZ25zIGRmZ2RzZmc");
doExchange.AddBody("from", db.GetField("SELECT ISNULL(currency,'') FROM currency FOR XML PATH('')"));
doExchange.AddBody("to", "THB");
doExchange.AddBody("amt", "1");
XHR rate = new XHR().AsyncSend(doExchange).Wait();
try
{
foreach (RateAPI item in JsonConvert.DeserializeObject<List<RateAPI>>(rate.ToString()))
{
SQLCollection param = new SQLCollection();
param.Add("@to", DbType.String, item.currency);
param.Add("@rate", DbType.Decimal, item.rate);
param.Add("@date", DbType.DateTime, DateTime.Parse(item.updated).ToString("dd-MM-yyyy HH:mm:ss"));
db.Execute("UPDATE currency SET currency_rate=@rate, last_update=@date WHERE currency = @to", param);
}
db.Apply();
}
catch (Exception e)
{
db.Rollback();
throw e;
}
base.Update();
}
public static RequestBuilder WithIdentity(this RequestBuilder requestBuilder, IEnumerable <Claim> claims)
{
requestBuilder.AddHeader(
Constants.AuthorizationHeaderName,
$"{Constants.Scheme} {ClaimSerializer.Encode(claims)}");
return(requestBuilder);
}
public static RequestBuilder WithIdentity(this RequestBuilder requestBuilder, IEnumerable <Claim> claims)
{
requestBuilder.AddHeader(
Constants.AuthenticationHeaderName,
$"{TestServerAuthenticationDefaults.AuthenticationScheme} {DefautClaimsEncoder.Encode(claims)}");
return(requestBuilder);
}
private void _addCookies(RequestBuilder requestBuilder, Uri absoluteUrl)
{
var cookieHeader = Cookies.GetCookieHeader(absoluteUrl);
if (!string.IsNullOrWhiteSpace(cookieHeader))
{
requestBuilder.AddHeader(HeaderNames.Cookie, cookieHeader);
}
}
private void SetXSRFHeader(RequestBuilder requestBuilder, Uri absoluteUrl)
{
var cookies = Cookies.GetCookies(absoluteUrl);
var cookie = cookies[XSRFCookieName];
if (cookie != null)
{
requestBuilder.AddHeader(XSRFHeaderName, cookie.Value);
}
}
private void addHeaders(RequestBuilder requestBuilder, Dictionary <string, string> headers)
{
if (headers != null && headers.Any())
{
foreach (var header in headers)
{
requestBuilder.AddHeader(header.Key, header.Value);
}
}
}
public static RequestBuilder AddAuthorizationHeader(
this RequestBuilder requestBuilder,
params Claim[] claims)
{
var jwt = CreateJwtAccessToken(claims);
requestBuilder.AddHeader("Authorization", "bearer " + jwt);
return(requestBuilder);
}
public static async Task <HttpResponseMessage> PostFormAsync(
this RequestBuilder request,
IEnumerable <KeyValuePair <string, string> > formValues)
{
var response = await request
.AddHeader("Content-Type", "application/x-www-form-urlencoded")
.And(r => { r.Content = new FormUrlEncodedContent(formValues); })
.PostAsync();
return(response);
}
public void BeforeRequest(RequestBuilder requestBuilder, Uri absoluteUrl)
{
var ticket = new AuthenticationTicket(principal, "FakeClaims");
var ser = new ClaimsSerializer();
var cookieValue = ser.SerializeTicket(ticket);
var cookieContainer = new CookieContainer();
var cookie = new Cookie("FakeClaims", cookieValue, "/", absoluteUrl.Authority);
cookieContainer.Add(cookie);
var cookieHeader = cookieContainer.GetCookieHeader(absoluteUrl);
requestBuilder.AddHeader(HeaderNames.Cookie, cookieHeader);
}
public async Task FileBlockAllNotFoundTest()
{
using (var server = new TestServer(WebHostBuilderHelper.CreateBlockFileBuilder()))
{
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Real-IP", "192.168.0.1");
HttpResponseMessage response = await request.SendAsync("PUT");
Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode, "StatusCode != Unauthorized");
}
}
public async Task FileAllowRealIPOnBlacklistTest()
{
using var server = new TestServer(WebHostBuilderHelper.CreateAllowFileBuilder());
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Real-IP", "192.168.0.10");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode, "StatusCode != Unauthorized");
}
public async Task FilePathBlockRealIPOnWhitelistBlacklistTest()
{
using var server = new TestServer(WebHostBuilderHelper.CreatePathBlockFileBuilder());
// Act
RequestBuilder request = server.CreateRequest("/pathget");
request.AddHeader("X-Real-IP", "192.168.0.120");
HttpResponseMessage response = await request.SendAsync("GET");
// Assert
Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode, "StatusCode != Not Found");
}
public async Task FileIgnoreGetTest()
{
using (var server = new TestServer(WebHostBuilderHelper.CreateIgnoreFileBuilder()))
{
// Act
RequestBuilder request = server.CreateRequest("/ignoreget");
request.AddHeader("X-Real-IP", "192.168.0.1");
HttpResponseMessage response = await request.SendAsync("GET");
// Assert
response.EnsureSuccessStatusCode();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
}
}
public async Task FileAllowRealIPOnWhitelistBlacklistTest()
{
using (var server = new TestServer(WebHostBuilderHelper.CreateBlockFileBuilder()))
{
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Real-IP", "192.168.0.10");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
response.EnsureSuccessStatusCode();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
}
}
public async Task FileAllowAllNotFoundTest2()
{
using var server = new TestServer(WebHostBuilderHelper.CreatePathBlockFileBuilder());
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Real-IP", "192.168.0.1");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
response.EnsureSuccessStatusCode();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
}
public async Task FilePathAllowRealIPNotOnBlacklistTest()
{
using var server = new TestServer(WebHostBuilderHelper.CreatePathAllowFileBuilder());
// Act
RequestBuilder request = server.CreateRequest("/pathget");
request.AddHeader("X-Real-IP", "192.168.0.1");
HttpResponseMessage response = await request.SendAsync("GET");
// Assert
response.EnsureSuccessStatusCode();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
}
private async Task GetVerificationTokenAsync(Uri uri, RequestBuilder parentBuilder)
{
/**
* ASP's Antiforgery has two parts:
*
* - 1. It stores half of the token inside of the __RequestVerificationToken input
* - 2. It stores the other half inside of the .AspNetCore.Antiforgery.XXXXXXX cookie
*
* So we GET the Account/Login page, which we should always have anon access to as well as it always providing
* these two values for us.
*
* We then extract these values, and use them to build up the parentBuilder's request further.
*
* This allows us to satisfy [ValidateAntiforgeryToken] :)
* **/
// Expire the forgery token, to ensure we're sent a fresh pair of tokens.
var loginUri = new Uri(this._server.BaseAddress, "Account/Login");
foreach (Cookie cookie in this.GetAllCookies().Where(c => c.Name.StartsWith(".AspNetCore.Antiforgery.")))
{
cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1));
}
var builder = this.BuildRequest("Account/Login", true);
using (var response = await builder.GetAsync())
{
var content = await response.Content.ReadAsStringAsync();
var match = Regex.Match(content, @"<input\s+name=""__RequestVerificationToken""\s+type=""hidden""\s+value=""([^""]+)""\s+/>");
if (!match.Success)
{
throw new InvalidOperationException("Could not retrieve verification token.");
}
parentBuilder.AddHeader("X-CSRF-TOKEN", match.Groups[1].Value);
var forgeryCookie = response
.Headers
.GetValues(HeaderNames.SetCookie)
.SelectMany(c => c.Split(";"))
.Where(c => c.StartsWith(".AspNetCore.Antiforgery."))
.Select(c => new Cookie(c.Split("=")[0], c.Split("=")[1]))
.First();
this._cookies.Add(uri, forgeryCookie);
}
}
public async Task CompressionThresholdZeroGZipNoCompressionTest()
{
// Arrange
using (
var server =
new TestServer(
this.CreateBuilder(
new CompressionOptions
{
MinimumCompressionThreshold = 0,
Compressors = new List <ICompressor> {
new GZipCompressor(CompressionLevel.NoCompression)
}
})))
{
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader(HeaderNames.AcceptEncoding, "gzip");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
response.EnsureSuccessStatusCode();
Stream stream = await response.Content.ReadAsStreamAsync();
string responseText;
using (var decompression = new GZipStream(stream, CompressionMode.Decompress))
{
using (var ms = new MemoryStream())
{
await decompression.CopyToAsync(ms);
responseText = Encoding.UTF8.GetString(ms.ToArray());
}
}
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
Assert.AreEqual(Helpers.ResponseText, responseText, "Response Text not equal");
Assert.AreEqual(147, response.Content.Headers.ContentLength, $"Content-Length != 147");
Assert.AreEqual(true, response.Content.Headers.ContentEncoding.Any(), "Content-Encoding == null");
Assert.AreEqual("gzip", response.Content.Headers.ContentEncoding.ToString(), "Content-Encoding != gzip");
Assert.AreEqual(true, response.Headers.Vary.Contains(HeaderNames.AcceptEncoding), "Vary != Accept-Encoding");
}
}
public async Task CodeBlockForwarderForNotOnWhitelistTest()
{
using var server =
new TestServer(
WebHostBuilderHelper.CreateCodeBuilder(
new IPFilteringOptions { Whitelist = new List <string> { "192.168.0.10-192.168.10.20" } }));
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Forwarded-For", "192.168.0.9, 192.168.0.10, 192.168.0.11");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
Assert.AreEqual(HttpStatusCode.NotFound, response.StatusCode, "StatusCode != Not Found");
}
public async Task CodeBlockRealIPNotOnWhitelist3Test()
{
using var server =
new TestServer(
WebHostBuilderHelper.CreateCodeBuilder(
new IPFilteringOptions { Whitelist = new List <string> { "fe80::/10" } }));
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Real-IP", "::1");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
Assert.AreEqual(HttpStatusCode.NotFound, response.StatusCode, "StatusCode != Not Found");
}
public async Task CodeAllowRealIPOnWhitelist3Test()
{
using var server =
new TestServer(
WebHostBuilderHelper.CreateCodeBuilder(
new IPFilteringOptions { Whitelist = new List <string> { "fe80::/10" } }));
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Real-IP", "fe80::d503:4ee:3882:c586");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
response.EnsureSuccessStatusCode();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
}
public async Task CodeAllowForwardedForOnWhitelistTest()
{
using var server =
new TestServer(
WebHostBuilderHelper.CreateCodeBuilder(
new IPFilteringOptions { Whitelist = new List <string> { "192.168.0.10-192.168.10.20" } }));
// Act
RequestBuilder request = server.CreateRequest("/");
request.AddHeader("X-Forwarded-For", "192.168.0.10, 192.168.0.9, 192.168.0.8");
HttpResponseMessage response = await request.SendAsync("PUT");
// Assert
response.EnsureSuccessStatusCode();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "StatusCode != OK");
}
/// <summary>
/// 2
/// </summary>
/// <param name="props"></param>
/// <param name="requestBuilder"></param>
public static void FillRequestBuilderFromProperties(IBasicProperties props, RequestBuilder requestBuilder)
{
requestBuilder.And(it =>
{
if (props.Headers["AMQP_CONTENTTYPE"] != null)
{
it.Content.Headers.ContentType = MediaTypeHeaderValue.Parse(props.Headers["AMQP_CONTENTTYPE"].UTF8GetString());
it.Content.Headers.ContentLength = (long)props.Headers["AMQP_CONTENTLENGTH"];
}
});
foreach (var header in props.Headers)
{
if (!header.Key.StartsWith("AMQP_"))
{
requestBuilder.AddHeader(header.Key, header.Value.UTF8GetString());
}
}
}
