public void GivenSomeTokenWithNoExtraData_ReturnsNullIfTokenValid()
{
// Arrange.
var antiForgery = new AntiForgery();
var guid = Guid.NewGuid();
var token = guid.ToString();
// Act.
var result = antiForgery.ValidateToken(token, token);
// Assert.
Assert.Null(result);
}
public void GivenSomeExtraData_CreateToken_ReturnsTheGuidOnlyInToSend()
{
// Arrage.
const string extraData = "http://2p1s.com";
var antiForgery = new AntiForgery();
// Act.
var result = antiForgery.CreateToken(extraData);
// Assert.
Assert.NotNull(result);
Guid guid;
Assert.True(Guid.TryParse(result.ToSend, out guid));
}
public void GivenNoExtraData_CreateToken_ReturnsAGuid()
{
// Arrange.
var antiForgery = new AntiForgery();
// Act.
var result = antiForgery.CreateToken();
// Assert.
Assert.NotNull(result);
Guid guid;
Guid.TryParse(result, out guid);
Assert.IsType<Guid>(guid);
}
public void GivenSomeExtraData_CreateToken_ReturnsAFunkyStringInToKeep()
{
// Arrage.
const string extraData = "http://2p1s.com";
var antiForgery = new AntiForgery();
// Act.
var result = antiForgery.CreateToken("dont't care!", extraData);
// Assert.
Assert.NotNull(result);
Assert.True(result.ToKeep.Contains("|"));
Assert.Equal("aHR0cDovLzJwMXMuY29t",
result.ToKeep.Substring(result.ToKeep.IndexOf("|", StringComparison.Ordinal) + 1));
}
public void GivenSomeTokenWhichHasAGuidAndExtraData_ValidateToken_ReturnsATokenData()
{
// Arrange.
var antiForgery = new AntiForgery();
var guid = Guid.NewGuid();
var token = guid.ToString();
// Act.
var result = antiForgery.ValidateToken(token);
// Assert.
Assert.NotNull(result);
Assert.Equal(guid.ToString(), result.State);
Assert.Null(result.ExtraData);
}
public void GivenSomeExtraData_CreateToken_ReturnsAFunkyString()
{
// Arrage.
const string extraData = "http://2p1s.com";
var antiForgery = new AntiForgery();
// Act.
var result = antiForgery.CreateToken(extraData);
// Assert.
Assert.NotNull(result);
Assert.True(result.Contains("|"));
Assert.Equal("aAB0AHQAcAA6AC8ALwAyAHAAMQBzAC4AYwBvAG0A",
result.Substring(result.IndexOf("|", StringComparison.Ordinal) + 1));
}
public void GivenNoExtraData_CreateToken_ReturnsAGuidForBoth()
{
// Arrange.
var antiForgery = new AntiForgery();
// Act.
var result = antiForgery.CreateToken(existingToKeepToken: "don't care!");
// Assert.
Assert.NotNull(result);
Guid toKeep;
Guid toSend;
Assert.True(Guid.TryParse(result.ToKeep, out toKeep));
Assert.True(Guid.TryParse(result.ToSend, out toSend));
Assert.Equal(toKeep, toSend);
}
public void GivenSomeTokenWithExtraData_ReturnsExtraDataIfTokenValid()
{
// Arrange.
const string expectedExtraData = "/abc/123";
var antiForgery = new AntiForgery();
var guid = Guid.NewGuid();
var token = guid.ToString();
string kept = String.Format("{0}|{1}", token, Convert.ToBase64String(Encoding.UTF8.GetBytes(expectedExtraData)));
// Act.
var actualExtraData = antiForgery.ValidateToken(kept, token);
// Assert.
Assert.Equal(expectedExtraData, actualExtraData);
}
public void GivenSomeTokenWithNoExtraData_ThrowsIfTokenInvalid()
{
// Arrange.
var antiForgery = new AntiForgery();
var guid = Guid.NewGuid();
var token = guid.ToString();
// Act/Assert.
Assert.Throws<AuthenticationException>(() => antiForgery.ValidateToken(token, "YOU'VE BEEN HAXED SUCKA!"));
}
public void GivenSomeBadExtraData_ValidateToken_ReturnsABaddaBingBaddaBoom()
{
// Arrange.
var antiForgery = new AntiForgery();
const string badToken = "MultiPass|Bzzzzzt";
// Act.
var result = Assert.Throws<FormatException>(() => antiForgery.ValidateToken(badToken, "MultiPass"));
// Assert.
Assert.NotNull(result);
Assert.Equal("Invalid length for a Base-64 char array or string.", result.Message);
}
public void GivenSomeTokenWithExtraData_ThrowsIfTokenInvalid()
{
// Arrange.
const string expectedExtraData = "/abc/123";
var antiForgery = new AntiForgery();
var guid = Guid.NewGuid();
var token = guid.ToString();
string kept = String.Format("{0}|{1}", token, Convert.ToBase64String(Encoding.UTF8.GetBytes(expectedExtraData)));
// Act/Assert.
Assert.Throws<AuthenticationException>(() => antiForgery.ValidateToken(token, "YOU'VE BEEN HAXED SUCKA!"));
}
