public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData()
{
// Arrange
var cookieToken = new AntiForgeryToken()
{
IsSessionToken = true
};
var httpContext = new Mock <HttpContext>().Object;
ClaimsIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
var config = new AntiForgeryOptions();
IClaimUidExtractor claimUidExtractor = new Mock <IClaimUidExtractor>().Object;
var tokenProvider = new TokenProvider(
config: config,
claimUidExtractor: claimUidExtractor,
additionalDataProvider: null);
// Act & assert
var ex =
Assert.Throws <InvalidOperationException>(
() => tokenProvider.GenerateFormToken(httpContext, identity, cookieToken));
Assert.Equal(
"The provided identity of type " +
"'Microsoft.AspNet.Mvc.Core.Test.TokenProviderTest+MyAuthenticatedIdentityWithoutUsername' " +
"is marked IsAuthenticated = true but does not have a value for Name. " +
"By default, the anti-forgery system requires that all authenticated identities have a unique Name. " +
"If it is not possible to provide a unique Name for this identity, " +
"consider extending IAdditionalDataProvider by overriding the DefaultAdditionalDataProvider " +
"or a custom type that can provide some form of unique identifier for the current user.",
ex.Message);
}
public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData()
{
// Arrange
var cookieToken = new AntiForgeryToken()
{
IsSessionToken = true
};
var httpContext = new Mock<HttpContext>().Object;
ClaimsIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
var config = new AntiForgeryOptions();
IClaimUidExtractor claimUidExtractor = new Mock<IClaimUidExtractor>().Object;
var tokenProvider = new AntiForgeryTokenProvider(
config: config,
claimUidExtractor: claimUidExtractor,
additionalDataProvider: null);
// Act & assert
var ex =
Assert.Throws<InvalidOperationException>(
() => tokenProvider.GenerateFormToken(httpContext, identity, cookieToken));
Assert.Equal(
"The provided identity of type " +
"'Microsoft.AspNet.Mvc.Core.Test.TokenProviderTest+MyAuthenticatedIdentityWithoutUsername' " +
"is marked IsAuthenticated = true but does not have a value for Name. " +
"By default, the anti-forgery system requires that all authenticated identities have a unique Name. " +
"If it is not possible to provide a unique Name for this identity, " +
"consider extending IAdditionalDataProvider by overriding the DefaultAdditionalDataProvider " +
"or a custom type that can provide some form of unique identifier for the current user.",
ex.Message);
}
public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData_SuppressHeuristics()
{
// Arrange
AntiForgeryToken cookieToken = new AntiForgeryToken()
{
IsSessionToken = true
};
HttpContextBase httpContext = new Mock <HttpContextBase>().Object;
IIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
IAntiForgeryConfig config = new MockAntiForgeryConfig()
{
SuppressIdentityHeuristicChecks = true
};
IClaimUidExtractor claimUidExtractor = new Mock <MockableClaimUidExtractor>().Object;
TokenValidator validator = new TokenValidator(
config: config,
claimUidExtractor: claimUidExtractor
);
// Act
var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken);
// Assert
Assert.NotNull(fieldToken);
Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken);
Assert.False(fieldToken.IsSessionToken);
Assert.Equal("", fieldToken.Username);
Assert.Null(fieldToken.ClaimUid);
Assert.Equal("", fieldToken.AdditionalData);
}
public void GenerateFormToken_AuthenticatedWithoutUsername_WithAdditionalData()
{
// Arrange
var cookieToken = new AntiForgeryToken()
{
IsSessionToken = true
};
var httpContext = new Mock <HttpContext>().Object;
ClaimsIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
var mockAdditionalDataProvider = new Mock <IAntiForgeryAdditionalDataProvider>();
mockAdditionalDataProvider.Setup(o => o.GetAdditionalData(httpContext))
.Returns("additional-data");
var config = new AntiForgeryOptions();
IClaimUidExtractor claimUidExtractor = new Mock <IClaimUidExtractor>().Object;
var tokenProvider = new TokenProvider(
config: config,
claimUidExtractor: claimUidExtractor,
additionalDataProvider: mockAdditionalDataProvider.Object);
// Act
var fieldToken = tokenProvider.GenerateFormToken(httpContext, identity, cookieToken);
// Assert
Assert.NotNull(fieldToken);
Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken);
Assert.False(fieldToken.IsSessionToken);
Assert.Equal("", fieldToken.Username);
Assert.Equal(null, fieldToken.ClaimUid);
Assert.Equal("additional-data", fieldToken.AdditionalData);
}
public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData()
{
// Arrange
AntiForgeryToken cookieToken = new AntiForgeryToken()
{
IsSessionToken = true
};
HttpContextBase httpContext = new Mock <HttpContextBase>().Object;
IIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
IAntiForgeryConfig config = new MockAntiForgeryConfig();
IClaimUidExtractor claimUidExtractor = new Mock <MockableClaimUidExtractor>().Object;
TokenValidator validator = new TokenValidator(
config: config,
claimUidExtractor: claimUidExtractor
);
// Act & assert
var ex = Assert.Throws <InvalidOperationException>(
() => validator.GenerateFormToken(httpContext, identity, cookieToken)
);
Assert.Equal(
@"The provided identity of type 'System.Web.Helpers.AntiXsrf.Test.TokenValidatorTest+MyAuthenticatedIdentityWithoutUsername' is marked IsAuthenticated = true but does not have a value for Name. By default, the anti-forgery system requires that all authenticated identities have a unique Name. If it is not possible to provide a unique Name for this identity, consider setting the static property AntiForgeryConfig.AdditionalDataProvider to an instance of a type that can provide some form of unique identifier for the current user.",
ex.Message
);
}
public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData_SuppressHeuristics()
{
// Arrange
AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true };
HttpContextBase httpContext = new Mock<HttpContextBase>().Object;
IIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
IAntiForgeryConfig config = new MockAntiForgeryConfig()
{
SuppressIdentityHeuristicChecks = true
};
IClaimUidExtractor claimUidExtractor = new Mock<MockableClaimUidExtractor>().Object;
TokenValidator validator = new TokenValidator(
config: config,
claimUidExtractor: claimUidExtractor);
// Act
var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken);
// Assert
Assert.NotNull(fieldToken);
Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken);
Assert.False(fieldToken.IsSessionToken);
Assert.Equal("", fieldToken.Username);
Assert.Equal(null, fieldToken.ClaimUid);
Assert.Equal("", fieldToken.AdditionalData);
}
public void GenerateFormToken_AuthenticatedWithoutUsername_WithAdditionalData()
{
// Arrange
AntiForgeryToken cookieToken = new AntiForgeryToken()
{
IsSessionToken = true
};
HttpContextBase httpContext = new Mock <HttpContextBase>().Object;
IIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
Mock <IAntiForgeryAdditionalDataProvider> mockAdditionalDataProvider = new Mock <IAntiForgeryAdditionalDataProvider>();
mockAdditionalDataProvider.Setup(o => o.GetAdditionalData(httpContext)).Returns("additional-data");
IAntiForgeryConfig config = new MockAntiForgeryConfig()
{
AdditionalDataProvider = mockAdditionalDataProvider.Object
};
IClaimUidExtractor claimUidExtractor = new Mock <MockableClaimUidExtractor>().Object;
TokenValidator validator = new TokenValidator(
config: config,
claimUidExtractor: claimUidExtractor);
// Act
var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken);
// Assert
Assert.NotNull(fieldToken);
Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken);
Assert.False(fieldToken.IsSessionToken);
Assert.Equal("", fieldToken.Username);
Assert.Equal(null, fieldToken.ClaimUid);
Assert.Equal("additional-data", fieldToken.AdditionalData);
}
public void GenerateFormToken_AuthenticatedWithoutUsernameAndNoAdditionalData_NoAdditionalData()
{
// Arrange
AntiForgeryToken cookieToken = new AntiForgeryToken()
{
IsSessionToken = true
};
HttpContextBase httpContext = new Mock<HttpContextBase>().Object;
IIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
IAntiForgeryConfig config = new MockAntiForgeryConfig();
IClaimUidExtractor claimUidExtractor = new Mock<MockableClaimUidExtractor>().Object;
TokenValidator validator = new TokenValidator(
config: config,
claimUidExtractor: claimUidExtractor);
// Act & assert
var ex = Assert.Throws<InvalidOperationException>(() => validator.GenerateFormToken(httpContext, identity, cookieToken));
Assert.Equal(@"The provided identity of type 'System.Web.Helpers.AntiXsrf.Test.TokenValidatorTest+MyAuthenticatedIdentityWithoutUsername' is marked IsAuthenticated = true but does not have a value for Name. By default, the anti-forgery system requires that all authenticated identities have a unique Name. If it is not possible to provide a unique Name for this identity, consider setting the static property AntiForgeryConfig.AdditionalDataProvider to an instance of a type that can provide some form of unique identifier for the current user.", ex.Message);
}
public void GenerateFormToken_AuthenticatedWithoutUsername_WithAdditionalData()
{
// Arrange
var cookieToken = new AntiForgeryToken() { IsSessionToken = true };
var httpContext = new Mock<HttpContext>().Object;
ClaimsIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
var mockAdditionalDataProvider = new Mock<IAntiForgeryAdditionalDataProvider>();
mockAdditionalDataProvider.Setup(o => o.GetAdditionalData(httpContext))
.Returns("additional-data");
var config = new AntiForgeryOptions();
IClaimUidExtractor claimUidExtractor = new Mock<IClaimUidExtractor>().Object;
var tokenProvider = new AntiForgeryTokenProvider(
config: config,
claimUidExtractor: claimUidExtractor,
additionalDataProvider: mockAdditionalDataProvider.Object);
// Act
var fieldToken = tokenProvider.GenerateFormToken(httpContext, identity, cookieToken);
// Assert
Assert.NotNull(fieldToken);
Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken);
Assert.False(fieldToken.IsSessionToken);
Assert.Empty(fieldToken.Username);
Assert.Null(fieldToken.ClaimUid);
Assert.Equal("additional-data", fieldToken.AdditionalData);
}
public void GenerateFormToken_AuthenticatedWithoutUsername_WithAdditionalData()
{
// Arrange
AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true };
HttpContextBase httpContext = new Mock<HttpContextBase>().Object;
IIdentity identity = new MyAuthenticatedIdentityWithoutUsername();
Mock<IAntiForgeryAdditionalDataProvider> mockAdditionalDataProvider = new Mock<IAntiForgeryAdditionalDataProvider>();
mockAdditionalDataProvider.Setup(o => o.GetAdditionalData(httpContext)).Returns("additional-data");
IAntiForgeryConfig config = new MockAntiForgeryConfig()
{
AdditionalDataProvider = mockAdditionalDataProvider.Object
};
IClaimUidExtractor claimUidExtractor = new Mock<MockableClaimUidExtractor>().Object;
TokenValidator validator = new TokenValidator(
config: config,
claimUidExtractor: claimUidExtractor);
// Act
var fieldToken = validator.GenerateFormToken(httpContext, identity, cookieToken);
// Assert
Assert.NotNull(fieldToken);
Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken);
Assert.False(fieldToken.IsSessionToken);
Assert.Equal("", fieldToken.Username);
Assert.Equal(null, fieldToken.ClaimUid);
Assert.Equal("additional-data", fieldToken.AdditionalData);
}
