public async Task should_reject_post_request_without_valid_anti_forgery_token() { // arrange var username = Guid.NewGuid().ToString("N").Substring(4, 8); var password = "******"; var tokens = _theApp.GetAntiForgeryTokens(); // Act var request = _theApp.Server.CreateRequest("/register") .WithFormContent(new Dictionary <string, string>() { { "UserName", username }, { "Password", password }, { "__RequestVerificationToken", "some invalid token" } }) .WithCookie(tokens.Cookie); var response = await request.PostAsync(); // assert response.StatusCode.ShouldEqual(HttpStatusCode.BadRequest); var isRegistered = _theApp.GetService <IRepository <User> >().All().Any(u => u.UserName == username); isRegistered.ShouldEqual(false); }
public AccountRelatedPageSpecs(TestApplication theApp) { _theApp = theApp.Reset(); _antiForgeryTokens = _theApp.GetAntiForgeryTokens(); }