Ejemplo n.º 1
0
        public void SaltProperty() {
            // Arrange
            AntiForgeryData token = new AntiForgeryData();

            // Act & Assert
            MemberHelper.TestStringProperty(token, "Salt", String.Empty, false /* testDefaultValue */, true /* allowNullAndEmpty */);
        }
        public void SerializeReturnsSerializedString() {
            // Arrange
            AntiForgeryData token = new AntiForgeryData() {
                CreationDate = new DateTime(2001, 1, 1),
                Salt = "the salt",
                Value = "the value"
            };

            Mock<IStateFormatter> mockFormatter = new Mock<IStateFormatter>();
            mockFormatter
                .Expect(f => f.Serialize(It.IsAny<object>()))
                .Returns(
                    delegate(object state) {
                        Triplet t = state as Triplet;
                        Assert.IsNotNull(t);
                        Assert.AreEqual("the salt", t.First);
                        Assert.AreEqual("the value", t.Second);
                        Assert.AreEqual(new DateTime(2001, 1, 1), t.Third);
                        return "serialized value";
                    }
                );

            AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer() {
                Formatter = mockFormatter.Object
            };

            // Act
            string serializedValue = serializer.Serialize(token);

            // Assert
            Assert.AreEqual("serialized value", serializedValue);
        }
Ejemplo n.º 3
0
        public void CreationDateProperty() {
            // Arrange
            AntiForgeryData token = new AntiForgeryData();

            // Act & Assert
            MemberHelper.TestPropertyValue(token, "CreationDate", DateTime.Now);
        }
        // copy constructor
        public AntiForgeryData(AntiForgeryData token) {
            if (token == null) {
                throw new ArgumentNullException("token");
            }

            CreationDate = token.CreationDate;
            Salt = token.Salt;
            Value = token.Value;
        }
Ejemplo n.º 5
0
        // copy constructor
        public AntiForgeryData(AntiForgeryData token)
        {
            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            CreationDate = token.CreationDate;
            Salt         = token.Salt;
            Value        = token.Value;
        }
Ejemplo n.º 6
0
        public string AntiForgeryToken(string salt, string domain, string path)
        {
            string formValue = GetAntiForgeryTokenAndSetCookie(salt, domain, path);
            string fieldName = AntiForgeryData.GetAntiForgeryTokenName(null);

            TagBuilder builder = new TagBuilder("input");

            builder.Attributes["type"]  = "hidden";
            builder.Attributes["name"]  = fieldName;
            builder.Attributes["value"] = formValue;
            return(builder.ToString(TagRenderMode.SelfClosing));
        }
        public virtual string Serialize(AntiForgeryData token) {
            if (token == null) {
                throw new ArgumentNullException("token");
            }

            Triplet objToSerialize = new Triplet() {
                First = token.Salt,
                Second = token.Value,
                Third = token.CreationDate
            };

            string serializedValue = Formatter.Serialize(objToSerialize);
            return serializedValue;
        }
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }

            string fieldName  = AntiForgeryData.GetAntiForgeryTokenName(null);
            string cookieName = AntiForgeryData.GetAntiForgeryTokenName(filterContext.HttpContext.Request.ApplicationPath);

            HttpCookie cookie = filterContext.HttpContext.Request.Cookies[cookieName];

            if (cookie == null || String.IsNullOrEmpty(cookie.Value))
            {
                // error: cookie token is missing
                throw CreateValidationException();
            }
            AntiForgeryData cookieToken = Serializer.Deserialize(cookie.Value);

            string formValue = filterContext.HttpContext.Request.Form[fieldName];

            if (String.IsNullOrEmpty(formValue))
            {
                // error: form token is missing
                throw CreateValidationException();
            }
            AntiForgeryData formToken = Serializer.Deserialize(formValue);

            if (!String.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
            {
                // error: form token does not match cookie token
                throw CreateValidationException();
            }

            string currentUsername = AntiForgeryData.GetUsername(filterContext.HttpContext.User);

            if (!String.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
            {
                // error: form token is not valid for this user
                // (don't care about cookie token)
                throw CreateValidationException();
            }

            if (!ValidateFormToken(formToken))
            {
                // error: custom validation failed
                throw CreateValidationException();
            }
        }
        public virtual string Serialize(AntiForgeryData token) {
            if (token == null) {
                throw new ArgumentNullException("token");
            }

            object[] objToSerialize = new object[] {
                token.Salt,
                token.Value,
                token.CreationDate,
                token.Username
            };

            string serializedValue = Formatter.Serialize(objToSerialize);
            return serializedValue;
        }
Ejemplo n.º 10
0
        public void CopyConstructor() {
            // Arrange
            AntiForgeryData originalToken = new AntiForgeryData() {
                CreationDate = DateTime.Now,
                Salt = "some salt",
                Value = "some value"
            };

            // Act
            AntiForgeryData newToken = new AntiForgeryData(originalToken);

            // Assert
            Assert.AreEqual(originalToken.CreationDate, newToken.CreationDate);
            Assert.AreEqual(originalToken.Salt, newToken.Salt);
            Assert.AreEqual(originalToken.Value, newToken.Value);
        }
Ejemplo n.º 11
0
        public virtual string Serialize(AntiForgeryData token)
        {
            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            object[] objToSerialize = new object[] {
                token.Salt,
                token.Value,
                token.CreationDate,
                token.Username
            };

            string serializedValue = Formatter.Serialize(objToSerialize);

            return(serializedValue);
        }
Ejemplo n.º 12
0
        public virtual string Serialize(AntiForgeryData token)
        {
            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            Triplet objToSerialize = new Triplet()
            {
                First  = token.Salt,
                Second = token.Value,
                Third  = token.CreationDate
            };

            string serializedValue = Formatter.Serialize(objToSerialize);

            return(serializedValue);
        }
        public void CanRoundTripData() {
            // Arrange
            AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer {
                Decoder = value => Convert.FromBase64String(value),
                Encoder = bytes => Convert.ToBase64String(bytes),
            };
            AntiForgeryData input = new AntiForgeryData {
                Salt = "The Salt",
                Username = "******",
                Value = "The Value",
                CreationDate = DateTime.Now,
            };

            // Act
            AntiForgeryData output = serializer.Deserialize(serializer.Serialize(input));

            // Assert
            Assert.IsNotNull(output);
            Assert.AreEqual(input.Salt, output.Salt);
            Assert.AreEqual(input.Username, output.Username);
            Assert.AreEqual(input.Value, output.Value);
            Assert.AreEqual(input.CreationDate, output.CreationDate);
        }
Ejemplo n.º 14
0
        private string GetAntiForgeryTokenAndSetCookie(string salt, string domain, string path)
        {
            string cookieName = AntiForgeryData.GetAntiForgeryTokenName(ViewContext.HttpContext.Request.ApplicationPath);

            AntiForgeryData cookieToken;
            HttpCookie      cookie = ViewContext.HttpContext.Request.Cookies[cookieName];

            if (cookie != null)
            {
                cookieToken = Serializer.Deserialize(cookie.Value);
            }
            else
            {
                cookieToken = AntiForgeryData.NewToken();
                string cookieValue = Serializer.Serialize(cookieToken);

                HttpCookie newCookie = new HttpCookie(cookieName, cookieValue)
                {
                    HttpOnly = true, Domain = domain
                };
                if (!String.IsNullOrEmpty(path))
                {
                    newCookie.Path = path;
                }
                ViewContext.HttpContext.Response.Cookies.Set(newCookie);
            }

            AntiForgeryData formToken = new AntiForgeryData(cookieToken)
            {
                CreationDate = DateTime.Now,
                Salt         = salt
            };
            string formValue = Serializer.Serialize(formToken);

            return(formValue);
        }
Ejemplo n.º 15
0
        private string GetAntiForgeryTokenAndSetCookie(string salt, string domain, string path)
        {
            string cookieName = AntiForgeryData.GetAntiForgeryTokenName(ViewContext.HttpContext.Request.ApplicationPath);

            AntiForgeryData cookieToken;
            HttpCookie cookie = ViewContext.HttpContext.Request.Cookies[cookieName];
            if (cookie != null) {
                cookieToken = Serializer.Deserialize(cookie.Value);
            }
            else {
                cookieToken = AntiForgeryData.NewToken();
                string cookieValue = Serializer.Serialize(cookieToken);

                HttpCookie newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain };
                if (!String.IsNullOrEmpty(path)) {
                    newCookie.Path = path;
                }
                ViewContext.HttpContext.Response.Cookies.Set(newCookie);
            }

            AntiForgeryData formToken = new AntiForgeryData(cookieToken) {
                Salt = salt,
                Username = AntiForgeryData.GetUsername(ViewContext.HttpContext.User)
            };
            string formValue = Serializer.Serialize(formToken);
            return formValue;
        }
Ejemplo n.º 16
0
 private bool ValidateFormToken(AntiForgeryData token)
 {
     return(String.Equals(Salt, token.Salt, StringComparison.Ordinal));
 }
Ejemplo n.º 17
0
        string GetAntiForgeryTokenAndSetCookie(string salt, string domain, string path)
        {
            var cookieName = AntiForgeryData.GetAntiForgeryTokenName(ViewContext.HttpContext.Request.ApplicationPath);

            AntiForgeryData cookieToken;
            var cookie = ViewContext.HttpContext.Request.Cookies[cookieName];
            if (cookie != null)
            {
                cookieToken = Serializer.Deserialize(cookie.Value);
            }
            else
            {
                cookieToken = AntiForgeryData.NewToken();
                var cookieValue = Serializer.Serialize(cookieToken);

                var newCookie = new HttpCookie(cookieName, cookieValue) {HttpOnly = true, Domain = domain};
                if (!String.IsNullOrEmpty(path))
                {
                    newCookie.Path = path;
                }
                ViewContext.HttpContext.Response.Cookies.Set(newCookie);
            }

            var formToken = new AntiForgeryData(cookieToken)
            {
                CreationDate = DateTime.Now,
                Salt = salt
            };
            var formValue = Serializer.Serialize(formToken);
            return formValue;
        }
 private bool ValidateFormToken(AntiForgeryData token) {
     return (String.Equals(Salt, token.Salt, StringComparison.Ordinal));
 }
Ejemplo n.º 19
0
 public override string Serialize(AntiForgeryData token) {
     return String.Format(CultureInfo.InvariantCulture, "Creation: {0}, Value: {1}, Salt: {2}, Username: {3}",
             token.CreationDate, token.Value, token.Salt, token.Username);
 }