public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData_SuppressHeuristics() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock <HttpContextBase>().Object; IIdentity identity = new MyAuthenticatedIdentityWithoutUsername(); IAntiForgeryConfig config = new MockAntiForgeryConfig() { SuppressIdentityHeuristicChecks = true }; IClaimUidExtractor claimUidExtractor = new Mock <MockableClaimUidExtractor>().Object; TokenValidator validator = new TokenValidator( config: config, claimUidExtractor: claimUidExtractor ); // Act var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken); // Assert Assert.NotNull(fieldToken); Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken); Assert.False(fieldToken.IsSessionToken); Assert.Equal("", fieldToken.Username); Assert.Null(fieldToken.ClaimUid); Assert.Equal("", fieldToken.AdditionalData); }
public void GenerateFormToken_AnonymousUser() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock <HttpContextBase>().Object; Mock <IIdentity> mockIdentity = new Mock <IIdentity>(); mockIdentity.Setup(o => o.IsAuthenticated).Returns(false); IAntiForgeryConfig config = new MockAntiForgeryConfig(); TokenValidator validator = new TokenValidator(config: config, claimUidExtractor: null); // Act var fieldToken = validator.GenerateFormToken( httpContext, mockIdentity.Object, cookieToken ); // Assert Assert.NotNull(fieldToken); Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken); Assert.False(fieldToken.IsSessionToken); Assert.Equal("", fieldToken.Username); Assert.Null(fieldToken.ClaimUid); Assert.Equal("", fieldToken.AdditionalData); }
public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock <HttpContextBase>().Object; IIdentity identity = new MyAuthenticatedIdentityWithoutUsername(); IAntiForgeryConfig config = new MockAntiForgeryConfig(); IClaimUidExtractor claimUidExtractor = new Mock <MockableClaimUidExtractor>().Object; TokenValidator validator = new TokenValidator( config: config, claimUidExtractor: claimUidExtractor ); // Act & assert var ex = Assert.Throws <InvalidOperationException>( () => validator.GenerateFormToken(httpContext, identity, cookieToken) ); Assert.Equal( @"The provided identity of type 'System.Web.Helpers.AntiXsrf.Test.TokenValidatorTest+MyAuthenticatedIdentityWithoutUsername' is marked IsAuthenticated = true but does not have a value for Name. By default, the anti-forgery system requires that all authenticated identities have a unique Name. If it is not possible to provide a unique Name for this identity, consider setting the static property AntiForgeryConfig.AdditionalDataProvider to an instance of a type that can provide some form of unique identifier for the current user.", ex.Message ); }
public void GenerateFormToken_AnonymousUser() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock<HttpContextBase>().Object; Mock<IIdentity> mockIdentity = new Mock<IIdentity>(); mockIdentity.Setup(o => o.IsAuthenticated).Returns(false); IAntiForgeryConfig config = new MockAntiForgeryConfig(); TokenValidator validator = new TokenValidator( config: config, claimUidExtractor: null); // Act var fieldToken = validator.GenerateFormToken(httpContext, mockIdentity.Object, cookieToken); // Assert Assert.NotNull(fieldToken); Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken); Assert.False(fieldToken.IsSessionToken); Assert.Equal("", fieldToken.Username); Assert.Equal(null, fieldToken.ClaimUid); Assert.Equal("", fieldToken.AdditionalData); }
public void GenerateFormToken_ClaimsBasedIdentity() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock <HttpContextBase>().Object; IIdentity identity = new GenericIdentity("some-identity"); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { UniqueClaimTypeIdentifier = "unique-identifier" }; BinaryBlob expectedClaimUid = new BinaryBlob(256); Mock <MockableClaimUidExtractor> mockClaimUidExtractor = new Mock <MockableClaimUidExtractor>(); mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity)).Returns((object)expectedClaimUid); TokenValidator validator = new TokenValidator( config: config, claimUidExtractor: mockClaimUidExtractor.Object); // Act var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken); // Assert Assert.NotNull(fieldToken); Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken); Assert.False(fieldToken.IsSessionToken); Assert.Equal("", fieldToken.Username); Assert.Equal(expectedClaimUid, fieldToken.ClaimUid); Assert.Equal("", fieldToken.AdditionalData); }
public void GenerateFormToken_AuthenticatedWithoutUsername_WithAdditionalData() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock <HttpContextBase>().Object; IIdentity identity = new MyAuthenticatedIdentityWithoutUsername(); Mock <IAntiForgeryAdditionalDataProvider> mockAdditionalDataProvider = new Mock <IAntiForgeryAdditionalDataProvider>(); mockAdditionalDataProvider.Setup(o => o.GetAdditionalData(httpContext)).Returns("additional-data"); IAntiForgeryConfig config = new MockAntiForgeryConfig() { AdditionalDataProvider = mockAdditionalDataProvider.Object }; IClaimUidExtractor claimUidExtractor = new Mock <MockableClaimUidExtractor>().Object; TokenValidator validator = new TokenValidator( config: config, claimUidExtractor: claimUidExtractor); // Act var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken); // Assert Assert.NotNull(fieldToken); Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken); Assert.False(fieldToken.IsSessionToken); Assert.Equal("", fieldToken.Username); Assert.Equal(null, fieldToken.ClaimUid); Assert.Equal("additional-data", fieldToken.AdditionalData); }
public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock<HttpContextBase>().Object; IIdentity identity = new MyAuthenticatedIdentityWithoutUsername(); IAntiForgeryConfig config = new MockAntiForgeryConfig(); IClaimUidExtractor claimUidExtractor = new Mock<MockableClaimUidExtractor>().Object; TokenValidator validator = new TokenValidator( config: config, claimUidExtractor: claimUidExtractor); // Act & assert var ex = Assert.Throws<InvalidOperationException>(() => validator.GenerateFormToken(httpContext, identity, cookieToken)); Assert.Equal(@"The provided identity of type 'System.Web.Helpers.AntiXsrf.Test.TokenValidatorTest+MyAuthenticatedIdentityWithoutUsername' is marked IsAuthenticated = true but does not have a value for Name. By default, the anti-forgery system requires that all authenticated identities have a unique Name. If it is not possible to provide a unique Name for this identity, consider setting the static property AntiForgeryConfig.AdditionalDataProvider to an instance of a type that can provide some form of unique identifier for the current user.", ex.Message); }
public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData_SuppressHeuristics() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock<HttpContextBase>().Object; IIdentity identity = new MyAuthenticatedIdentityWithoutUsername(); IAntiForgeryConfig config = new MockAntiForgeryConfig() { SuppressIdentityHeuristicChecks = true }; IClaimUidExtractor claimUidExtractor = new Mock<MockableClaimUidExtractor>().Object; TokenValidator validator = new TokenValidator( config: config, claimUidExtractor: claimUidExtractor); // Act var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken); // Assert Assert.NotNull(fieldToken); Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken); Assert.False(fieldToken.IsSessionToken); Assert.Equal("", fieldToken.Username); Assert.Equal(null, fieldToken.ClaimUid); Assert.Equal("", fieldToken.AdditionalData); }
public void GenerateFormToken_ClaimsBasedIdentity() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock<HttpContextBase>().Object; IIdentity identity = new GenericIdentity("some-identity"); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { UniqueClaimTypeIdentifier = "unique-identifier" }; BinaryBlob expectedClaimUid = new BinaryBlob(256); Mock<MockableClaimUidExtractor> mockClaimUidExtractor = new Mock<MockableClaimUidExtractor>(); mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity)).Returns((object)expectedClaimUid); TokenValidator validator = new TokenValidator( config: config, claimUidExtractor: mockClaimUidExtractor.Object); // Act var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken); // Assert Assert.NotNull(fieldToken); Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken); Assert.False(fieldToken.IsSessionToken); Assert.Equal("", fieldToken.Username); Assert.Equal(expectedClaimUid, fieldToken.ClaimUid); Assert.Equal("", fieldToken.AdditionalData); }
public void GenerateFormToken_AuthenticatedWithoutUsername_WithAdditionalData() { // Arrange AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; HttpContextBase httpContext = new Mock<HttpContextBase>().Object; IIdentity identity = new MyAuthenticatedIdentityWithoutUsername(); Mock<IAntiForgeryAdditionalDataProvider> mockAdditionalDataProvider = new Mock<IAntiForgeryAdditionalDataProvider>(); mockAdditionalDataProvider.Setup(o => o.GetAdditionalData(httpContext)).Returns("additional-data"); IAntiForgeryConfig config = new MockAntiForgeryConfig() { AdditionalDataProvider = mockAdditionalDataProvider.Object }; IClaimUidExtractor claimUidExtractor = new Mock<MockableClaimUidExtractor>().Object; TokenValidator validator = new TokenValidator( config: config, claimUidExtractor: claimUidExtractor); // Act var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken); // Assert Assert.NotNull(fieldToken); Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken); Assert.False(fieldToken.IsSessionToken); Assert.Equal("", fieldToken.Username); Assert.Equal(null, fieldToken.ClaimUid); Assert.Equal("additional-data", fieldToken.AdditionalData); }