public async Task GetFormToken_FormFieldIsEmpty_ReturnsNull()
{
// Arrange
var mockHttpContext = new Mock <HttpContext>();
var requestContext = new Mock <HttpRequest>();
IReadableStringCollection formsCollection =
new MockCookieCollection(new Dictionary <string, string>()
{
{ "form-field-name", string.Empty }
});
requestContext.Setup(o => o.GetFormAsync(CancellationToken.None))
.Returns(Task.FromResult(formsCollection));
mockHttpContext.Setup(o => o.Request)
.Returns(requestContext.Object);
var config = new AntiForgeryOptions()
{
FormFieldName = "form-field-name"
};
var tokenStore = new AntiForgeryTokenStore(
config: config,
serializer: null);
// Act
var token = await tokenStore.GetFormTokenAsync(mockHttpContext.Object);
// Assert
Assert.Null(token);
}
public void StartUp()
{
var values = new Dictionary <string, string>()
{
{ requiredKey, expectedValue },
{ "null", null }
};
var valuesV = new Dictionary <string, StringValues>()
{
{ requiredKey, new StringValues(expectedValue) },
{ "null", new StringValues((string)null) }
};
var headers = new HeaderDictionary(valuesV);
var query = new QueryCollection(valuesV);
var cookies = new MockCookieCollection(values);
request = new Mock <HttpRequest>();
flowData = new Mock <IFlowData>();
service = new WebRequestEvidenceService();
request.SetupGet(r => r.Headers).Returns(headers);
request.SetupGet(r => r.Cookies).Returns(cookies);
request.SetupGet(r => r.Query).Returns(query);
request.SetupGet(r => r.HttpContext.Connection.LocalIpAddress)
.Returns(ip);
}
private HttpContext GetMockHttpContext(string cookieName, string cookieValue)
{
var requestCookies = new MockCookieCollection(new Dictionary <string, string>()
{
{ cookieName, cookieValue }
});
var request = new Mock <HttpRequest>();
request.Setup(o => o.Cookies)
.Returns(requestCookies);
var mockHttpContext = new Mock <HttpContext>();
mockHttpContext.Setup(o => o.Request)
.Returns(request.Object);
return(mockHttpContext.Object);
}
public async Task GetFormToken_FormFieldIsInvalid_PropagatesException()
{
// Arrange
IReadableStringCollection formsCollection =
new MockCookieCollection(new Dictionary <string, string>()
{
{ "form-field-name", "invalid-value" }
});
var requestContext = new Mock <HttpRequest>();
requestContext.Setup(o => o.GetFormAsync(CancellationToken.None))
.Returns(Task.FromResult(formsCollection));
var mockHttpContext = new Mock <HttpContext>();
mockHttpContext.Setup(o => o.Request)
.Returns(requestContext.Object);
var config = new AntiForgeryOptions()
{
FormFieldName = "form-field-name"
};
var expectedException = new InvalidOperationException("some exception");
var mockSerializer = new Mock <IAntiForgeryTokenSerializer>();
mockSerializer.Setup(o => o.Deserialize("invalid-value"))
.Throws(expectedException);
var tokenStore = new AntiForgeryTokenStore(
config: config,
serializer: mockSerializer.Object);
// Act & assert
var ex =
await
Assert.ThrowsAsync <InvalidOperationException>(
async() => await tokenStore.GetFormTokenAsync(mockHttpContext.Object));
Assert.Same(expectedException, ex);
}
public async Task GetFormToken_FormFieldIsValid_ReturnsToken()
{
// Arrange
var expectedToken = new AntiForgeryToken();
// Arrange
var mockHttpContext = new Mock <HttpContext>();
var requestContext = new Mock <HttpRequest>();
IReadableStringCollection formsCollection =
new MockCookieCollection(new Dictionary <string, string>()
{
{ "form-field-name", "valid-value" }
});
requestContext.Setup(o => o.GetFormAsync(CancellationToken.None))
.Returns(Task.FromResult(formsCollection));
mockHttpContext.Setup(o => o.Request)
.Returns(requestContext.Object);
var config = new AntiForgeryOptions()
{
FormFieldName = "form-field-name"
};
var mockSerializer = new Mock <IAntiForgeryTokenSerializer>();
mockSerializer.Setup(o => o.Deserialize("valid-value"))
.Returns(expectedToken);
var tokenStore = new AntiForgeryTokenStore(
config: config,
serializer: mockSerializer.Object);
// Act
var retVal = await tokenStore.GetFormTokenAsync(mockHttpContext.Object);
// Assert
Assert.Same(expectedToken, retVal);
}
public void StartUp()
{
var values = new Dictionary <string, string>()
{
{ REQUIRED_KEY, EXPECTED_VALUE },
{ "null", null }
};
var valuesV = new Dictionary <string, StringValues>()
{
{ REQUIRED_KEY, new StringValues(EXPECTED_VALUE) },
{ "null", new StringValues((string)null) }
};
var headers = new HeaderDictionary(valuesV);
var query = new QueryCollection(valuesV);
var cookies = new MockCookieCollection(values);
var formValues = new FormCollection(
new Dictionary <string, StringValues>()
{
{ FORM_KEY, new StringValues(FORM_VALUE) }
});
_request = new Mock <HttpRequest>();
_flowData = new Mock <IFlowData>();
_service = new WebRequestEvidenceService();
_request.SetupGet(r => r.Headers).Returns(headers);
_request.SetupGet(r => r.Cookies).Returns(cookies);
_request.SetupGet(r => r.Query).Returns(query);
_request.SetupGet(r => r.Form).Returns(formValues);
_request.SetupGet(r => r.HttpContext.Connection.RemoteIpAddress)
.Returns(IP);
_request.SetupGet(r => r.IsHttps).Returns(true);
_request.SetupGet(r => r.ContentType)
.Returns(Shared.Constants.CONTENT_TYPE_FORM[0]);
_request.SetupGet(r => r.Method)
.Returns(Shared.Constants.METHOD_POST);
}
private HttpContext GetMockHttpContext(string cookieName, string cookieValue)
{
var requestCookies = new MockCookieCollection(new Dictionary <string, string>()
{
{ cookieName, cookieValue }
});
var request = new Mock <HttpRequest>();
request.Setup(o => o.Cookies)
.Returns(requestCookies);
var mockHttpContext = new Mock <HttpContext>();
mockHttpContext.Setup(o => o.Request)
.Returns(request.Object);
var contextAccessor = new DefaultAntiforgeryContextAccessor();
mockHttpContext.SetupGet(o => o.RequestServices)
.Returns(GetServiceProvider(contextAccessor));
return(mockHttpContext.Object);
}
private HttpContext GetMockHttpContext(string cookieName, string cookieValue)
{
var requestCookies = new MockCookieCollection(new Dictionary<string, string>() { { cookieName, cookieValue } });
var request = new Mock<HttpRequest>();
request.Setup(o => o.Cookies)
.Returns(requestCookies);
var mockHttpContext = new Mock<HttpContext>();
mockHttpContext.Setup(o => o.Request)
.Returns(request.Object);
var contextAccessor = new DefaultAntiforgeryContextAccessor();
mockHttpContext.SetupGet(o => o.RequestServices)
.Returns(GetServiceProvider(contextAccessor));
return mockHttpContext.Object;
}
private HttpContext GetMockHttpContext(string cookieName, string cookieValue)
{
var requestCookies = new MockCookieCollection(new Dictionary<string, string>() { { cookieName, cookieValue } });
var request = new Mock<HttpRequest>();
request.Setup(o => o.Cookies)
.Returns(requestCookies);
var mockHttpContext = new Mock<HttpContext>();
mockHttpContext.Setup(o => o.Request)
.Returns(request.Object);
return mockHttpContext.Object;
}
public async Task GetFormToken_FormFieldIsValid_ReturnsToken()
{
// Arrange
var expectedToken = new AntiForgeryToken();
// Arrange
var mockHttpContext = new Mock<HttpContext>();
var requestContext = new Mock<HttpRequest>();
IReadableStringCollection formsCollection =
new MockCookieCollection(new Dictionary<string, string>() { { "form-field-name", "valid-value" } });
requestContext.Setup(o => o.GetFormAsync(CancellationToken.None))
.Returns(Task.FromResult(formsCollection));
mockHttpContext.Setup(o => o.Request)
.Returns(requestContext.Object);
var config = new AntiForgeryOptions()
{
FormFieldName = "form-field-name"
};
var mockSerializer = new Mock<IAntiForgeryTokenSerializer>();
mockSerializer.Setup(o => o.Deserialize("valid-value"))
.Returns(expectedToken);
var tokenStore = new AntiForgeryTokenStore(
config: config,
serializer: mockSerializer.Object);
// Act
var retVal = await tokenStore.GetFormTokenAsync(mockHttpContext.Object);
// Assert
Assert.Same(expectedToken, retVal);
}
public async Task GetFormToken_FormFieldIsInvalid_PropagatesException()
{
// Arrange
IReadableStringCollection formsCollection =
new MockCookieCollection(new Dictionary<string, string>() { { "form-field-name", "invalid-value" } });
var requestContext = new Mock<HttpRequest>();
requestContext.Setup(o => o.GetFormAsync(CancellationToken.None))
.Returns(Task.FromResult(formsCollection));
var mockHttpContext = new Mock<HttpContext>();
mockHttpContext.Setup(o => o.Request)
.Returns(requestContext.Object);
var config = new AntiForgeryOptions()
{
FormFieldName = "form-field-name"
};
var expectedException = new InvalidOperationException("some exception");
var mockSerializer = new Mock<IAntiForgeryTokenSerializer>();
mockSerializer.Setup(o => o.Deserialize("invalid-value"))
.Throws(expectedException);
var tokenStore = new AntiForgeryTokenStore(
config: config,
serializer: mockSerializer.Object);
// Act & assert
var ex =
await
Assert.ThrowsAsync<InvalidOperationException>(
async () => await tokenStore.GetFormTokenAsync(mockHttpContext.Object));
Assert.Same(expectedException, ex);
}
public async Task GetFormToken_FormFieldIsEmpty_ReturnsNull()
{
// Arrange
var mockHttpContext = new Mock<HttpContext>();
var requestContext = new Mock<HttpRequest>();
IReadableStringCollection formsCollection =
new MockCookieCollection(new Dictionary<string, string>() { { "form-field-name", string.Empty } });
requestContext.Setup(o => o.GetFormAsync(CancellationToken.None))
.Returns(Task.FromResult(formsCollection));
mockHttpContext.Setup(o => o.Request)
.Returns(requestContext.Object);
var config = new AntiForgeryOptions()
{
FormFieldName = "form-field-name"
};
var tokenStore = new AntiForgeryTokenStore(
config: config,
serializer: null);
// Act
var token = await tokenStore.GetFormTokenAsync(mockHttpContext.Object);
// Assert
Assert.Null(token);
}
