public void GivenSomeExtraData_CreateToken_ReturnsTheGuidOnlyInToSend() { // Arrage. const string extraData = "http://2p1s.com"; var antiForgery = new AntiForgery(); // Act. var result = antiForgery.CreateToken(extraData); // Assert. Assert.NotNull(result); Guid guid; Assert.True(Guid.TryParse(result.ToSend, out guid)); }
public void GivenSomeExtraData_CreateToken_ReturnsAFunkyStringInToKeep() { // Arrage. const string extraData = "http://2p1s.com"; var antiForgery = new AntiForgery(); // Act. var result = antiForgery.CreateToken("dont't care!", extraData); // Assert. Assert.NotNull(result); Assert.True(result.ToKeep.Contains("|")); Assert.Equal("aHR0cDovLzJwMXMuY29t", result.ToKeep.Substring(result.ToKeep.IndexOf("|", StringComparison.Ordinal) + 1)); }
public void GivenNoExtraData_CreateToken_ReturnsAGuidForBoth() { // Arrange. var antiForgery = new AntiForgery(); // Act. var result = antiForgery.CreateToken(existingToKeepToken: "don't care!"); // Assert. Assert.NotNull(result); Guid toKeep; Guid toSend; Assert.True(Guid.TryParse(result.ToKeep, out toKeep)); Assert.True(Guid.TryParse(result.ToSend, out toSend)); Assert.Equal(toKeep, toSend); }
public RedirectResult RedirectToProvider(RedirectToProviderInputModel inputModel) { if (!ModelState.IsValid) { throw new ArgumentException( "Some binding errors occured. This means at least one Request value (eg. form post or querystring parameter) provided is invalid. Generally, we need a ProviderName as a string."); } if (string.IsNullOrEmpty(inputModel.ProviderKey)) { throw new ArgumentException( "ProviderKey value missing. You need to supply a valid provider key so we know where to redirect the user Eg. google."); } // Grab the required Provider settings. var settings = AuthenticationService.GetAuthenticateServiceSettings(inputModel.ProviderKey, Request.Url, Url.CallbackFromOAuthProvider()); // An OpenId specific settings provided? if (!string.IsNullOrEmpty(inputModel.Identifier) && settings is IOpenIdAuthenticationServiceSettings) { Uri identifier; if (!Uri.TryCreate(inputModel.Identifier, UriKind.RelativeOrAbsolute, out identifier)) { throw new ArgumentException( "Indentifier value was not in the correct Uri format. Eg. http://myopenid.com or https://yourname.myopenid.com"); } ((IOpenIdAuthenticationServiceSettings)settings).Identifier = identifier; } // Our convention is to remember some redirect url once we are finished in the callback. // NOTE: If no redirectUrl data has been provided, then default to the Referrer, if one exists. string extraData = null; if (RedirectUrl != null && !string.IsNullOrEmpty(RedirectUrl.AbsoluteUri)) { // We have extra state information we will need to retrieve. extraData = RedirectUrl.AbsoluteUri; } else if (Request != null && Request.UrlReferrer != null && !string.IsNullOrEmpty(Request.UrlReferrer.AbsoluteUri)) { extraData = Request.UrlReferrer.AbsoluteUri; } // Generate a token pair. var token = AntiForgery.CreateToken(extraData); // Put the "ToSend" value in the state parameter to send along to the OAuth Provider. settings.State = token.ToSend; // Serialize the ToKeep value in the cookie. SerializeToken(Response, token.ToKeep); // Determine the provider's end point Url we need to redirect to. var uri = AuthenticationService.RedirectToAuthenticationProvider(settings); // Kthxgo! return(Redirect(uri.AbsoluteUri)); }