public async Task should_reject_post_request_without_valid_anti_forgery_token()
{
// arrange
var username = Guid.NewGuid().ToString("N").Substring(4, 8);
var password = "******";
var tokens = _theApp.GetAntiForgeryTokens();
// Act
var request = _theApp.Server.CreateRequest("/register")
.WithFormContent(new Dictionary <string, string>()
{
{ "UserName", username },
{ "Password", password },
{ "__RequestVerificationToken", "some invalid token" }
})
.WithCookie(tokens.Cookie);
var response = await request.PostAsync();
// assert
response.StatusCode.ShouldEqual(HttpStatusCode.BadRequest);
var isRegistered = _theApp.GetService <IRepository <User> >().All().Any(u => u.UserName == username);
isRegistered.ShouldEqual(false);
}
public AccountRelatedPageSpecs(TestApplication theApp)
{
_theApp = theApp.Reset();
_antiForgeryTokens = _theApp.GetAntiForgeryTokens();
}
