public async Task GetRequestTokens_HeaderTokenTakensPriority_OverFormToken()
    {
        // Arrange
        var httpContext = GetHttpContext("cookie-name", "cookie-value");

        httpContext.Request.ContentType = "application/x-www-form-urlencoded";
        httpContext.Request.Form        = new FormCollection(new Dictionary <string, StringValues>
        {
            { "form-field-name", "form-value" },
        });     // header value has priority.
        httpContext.Request.Headers.Add("header-name", "header-value");

        var options = new AntiforgeryOptions
        {
            Cookie        = { Name = "cookie-name" },
            FormFieldName = "form-field-name",
            HeaderName    = "header-name",
        };

        var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));

        // Act
        var tokens = await tokenStore.GetRequestTokensAsync(httpContext);

        // Assert
        Assert.Equal("cookie-value", tokens.CookieToken);
        Assert.Equal("header-value", tokens.RequestToken);
    }
    public async Task GetRequestTokens_NoHeaderToken_NonFormContentType_ReturnsNullToken()
    {
        // Arrange
        var httpContext = GetHttpContext("cookie-name", "cookie-value");

        httpContext.Request.ContentType = "application/json";

        // Will not be accessed
        httpContext.Request.Form = null !;

        var options = new AntiforgeryOptions
        {
            Cookie        = { Name = "cookie-name" },
            FormFieldName = "form-field-name",
            HeaderName    = "header-name",
        };

        var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));

        // Act
        var tokenSet = await tokenStore.GetRequestTokensAsync(httpContext);

        // Assert
        Assert.Equal("cookie-value", tokenSet.CookieToken);
        Assert.Null(tokenSet.RequestToken);
    }
    public async Task GetRequestTokens_CookieIsEmpty_ReturnsNullTokens()
    {
        // Arrange
        var httpContext = GetHttpContext();

        httpContext.Request.Form = FormCollection.Empty;

        var options = new AntiforgeryOptions
        {
            Cookie        = { Name = "cookie-name" },
            FormFieldName = "form-field-name",
        };

        var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));

        // Act
        var tokenSet = await tokenStore.GetRequestTokensAsync(httpContext);

        // Assert
        Assert.Null(tokenSet.CookieToken);
        Assert.Null(tokenSet.RequestToken);
    }
    public async Task GetRequestTokens_ReadFormAsyncThrowsInvalidDataException_ThrowsAntiforgeryValidationException()
    {
        // Arrange
        var exception   = new InvalidDataException();
        var httpContext = new Mock <HttpContext>();

        httpContext.Setup(r => r.Request.Cookies).Returns(Mock.Of <IRequestCookieCollection>());
        httpContext.SetupGet(r => r.Request.HasFormContentType).Returns(true);
        httpContext.Setup(r => r.Request.ReadFormAsync(It.IsAny <CancellationToken>())).Throws(exception);

        var options = new AntiforgeryOptions
        {
            Cookie        = { Name = "cookie-name" },
            FormFieldName = "form-field-name",
            HeaderName    = null,
        };

        var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));

        // Act & Assert
        var ex = await Assert.ThrowsAsync <AntiforgeryValidationException>(() => tokenStore.GetRequestTokensAsync(httpContext.Object));

        Assert.Same(exception, ex.InnerException);
    }
    public async Task GetRequestTokens_BothHeaderValueAndFormFieldsEmpty_ReturnsNullTokens()
    {
        // Arrange
        var httpContext = GetHttpContext("cookie-name", "cookie-value");

        httpContext.Request.ContentType = "application/x-www-form-urlencoded";
        httpContext.Request.Form        = FormCollection.Empty;

        var options = new AntiforgeryOptions
        {
            Cookie        = { Name = "cookie-name" },
            FormFieldName = "form-field-name",
            HeaderName    = "header-name",
        };

        var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));

        // Act
        var tokenSet = await tokenStore.GetRequestTokensAsync(httpContext);

        // Assert
        Assert.Equal("cookie-value", tokenSet.CookieToken);
        Assert.Null(tokenSet.RequestToken);
    }
        public async Task GetRequestTokens_CookieIsEmpty_ReturnsNullTokens()
        {
            // Arrange
            var httpContext = GetHttpContext(new RequestCookieCollection());
            httpContext.Request.Form = FormCollection.Empty;

            var options = new AntiforgeryOptions()
            {
                CookieName = "cookie-name",
                FormFieldName = "form-field-name",
            };

            var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));

            // Act
            var tokenSet = await tokenStore.GetRequestTokensAsync(httpContext);

            // Assert
            Assert.Null(tokenSet.CookieToken);
            Assert.Null(tokenSet.RequestToken);
        }
        public async Task GetFormToken_FormFieldIsValid_ReturnsToken()
        {
            // Arrange
            var httpContext = GetHttpContext("cookie-name", "cookie-value");
            httpContext.Request.ContentType = "application/x-www-form-urlencoded";
            httpContext.Request.Form = new FormCollection(new Dictionary<string, StringValues>
            {
                { "form-field-name", "form-value" },
            });
            httpContext.Request.Headers.Add("header-name", "header-value"); // form value has priority.

            var options = new AntiforgeryOptions()
            {
                CookieName = "cookie-name",
                FormFieldName = "form-field-name",
                HeaderName = "header-name",
            };

            var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));

            // Act
            var tokens = await tokenStore.GetRequestTokensAsync(httpContext);

            // Assert
            Assert.Equal("cookie-value", tokens.CookieToken);
            Assert.Equal("form-value", tokens.RequestToken);
        }
        public async Task GetRequestTokens_BothFieldsEmpty_ReturnsNullTokens()
        {
            // Arrange
            var httpContext = GetHttpContext("cookie-name", "cookie-value");
            httpContext.Request.ContentType = "application/x-www-form-urlencoded";
            httpContext.Request.Form = FormCollection.Empty;

            var options = new AntiforgeryOptions()
            {
                CookieName = "cookie-name",
                FormFieldName = "form-field-name",
                HeaderName = "header-name",
            };

            var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));

            // Act
            var tokenSet = await tokenStore.GetRequestTokensAsync(httpContext);

            // Assert
            Assert.Equal("cookie-value", tokenSet.CookieToken);
            Assert.Null(tokenSet.RequestToken);
        }
        public async Task GetRequestTokens_NonFormContentType_NoHeaderToken_ReturnsNullToken()
        {
            // Arrange
            var httpContext = GetHttpContext("cookie-name", "cookie-value");
            httpContext.Request.ContentType = "application/json";

            // Will not be accessed
            httpContext.Request.Form = null;

            var options = new AntiforgeryOptions()
            {
                CookieName = "cookie-name",
                FormFieldName = "form-field-name",
                HeaderName = "header-name",
            };

            var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));

            // Act
            var tokenSet = await tokenStore.GetRequestTokensAsync(httpContext);

            // Assert
            Assert.Equal("cookie-value", tokenSet.CookieToken);
            Assert.Null(tokenSet.RequestToken);
        }