public void IsXsrfMethod_Methods_MatchCaseInsensitive() { Assert.True(XsrfFilter.IsXsrfMethod("post")); Assert.True(XsrfFilter.IsXsrfMethod("POst")); Assert.True(XsrfFilter.IsXsrfMethod("delete")); Assert.True(XsrfFilter.IsXsrfMethod("DElete")); Assert.True(XsrfFilter.IsXsrfMethod("put")); Assert.True(XsrfFilter.IsXsrfMethod("PUt")); Assert.True(XsrfFilter.IsXsrfMethod("patch")); Assert.True(XsrfFilter.IsXsrfMethod("PaTCh")); }
public void Get_XsrfMethods_ReturnsConditionalFilterProvider() { foreach (var method in XsrfFilter.XsrfMethods) { _fakeContext = MvcMockHelpers.FakeHttpContext(); _fakeContext.Request.SetHttpMethodResult(method); _output.WriteLine("HttpMethod => {0}", method); var filter = XsrfFilter.Get(); Assert.IsType <ConditionalFilterProvider>(filter); } }
public void GetFilter_XsrfMethods_ReturnsValidateAntiForgeryTokenAttribute() { foreach (var method in XsrfFilter.XsrfMethods) { _fakeContext = MvcMockHelpers.FakeHttpContext(); _fakeContext.Request.SetHttpMethodResult(method); _output.WriteLine("HttpMethod => {0}", method); var postResult = XsrfFilter.GetFilter(_fakeContext.Request, new object[0]); Assert.False(_fakeContext.Request.IsAjaxRequest()); Assert.Equal(method, _fakeContext.Request.HttpMethod); Assert.IsType <ValidateAntiForgeryTokenAttribute>(postResult); } }
public void GetFilter_NonXsrfMethods_ReturnsNull() { foreach (var method in _nonXsrfMethods) { _fakeContext = MvcMockHelpers.FakeHttpContext(); _fakeContext.Request.SetHttpMethodResult(method); _output.WriteLine("HttpMethod => {0}", method); var postResult = XsrfFilter.GetFilter(_fakeContext.Request, new object[0]); Assert.False(_fakeContext.Request.IsAjaxRequest()); Assert.Equal(method, _fakeContext.Request.HttpMethod); Assert.Null(postResult); } }
public void GetFilter_XsrfMethodsIsAjaxWithIgnoreAttribute_ReturnsNull() { foreach (var method in XsrfFilter.XsrfMethods) { _fakeContext = MvcMockHelpers.FakeHttpContext(); _fakeContext.Request.SetHttpMethodResult(method); _fakeContext.Request.SetAjaxHeaders(); _output.WriteLine("HttpMethod => {0}", method); var postResult = XsrfFilter.GetFilter( _fakeContext.Request, new object[] { new IgnoreXsrfFilterAttribute() } ); Assert.True(_fakeContext.Request.IsAjaxRequest()); Assert.Equal(method, _fakeContext.Request.HttpMethod); Assert.Null(postResult); } }
public void GetFilters_NoParameters_ReturnsConditionalFilterProvider() { var context = new Mock <HttpContextBase>(); var request = new Mock <HttpRequestBase>(); context.Setup(x => x.Request).Returns(request.Object); var controller = new Mock <ControllerBase>(); var actionDescriptor = new Mock <ActionDescriptor>(); var controllerContext = new ControllerContext(context.Object, new RouteData(), controller.Object); var result = XsrfFilter.Get(); var filters = result.GetFilters(controllerContext, actionDescriptor.Object); Assert.IsType <ConditionalFilterProvider>(result); // xUnit and M$ Test type checking are different: // System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Web.Mvc.Filter, System.Web.Mvc, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]] // Assert.IsType(typeof(IEnumerable<Filter>), filters); Assert.IsAssignableFrom <IEnumerable <Filter> >(filters); Assert.Empty(filters); }
public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new HandleErrorAttribute()); FilterProviders.Providers.Add(XsrfFilter.Get()); }