Example #1
0
        public async Task ValidationTagHelpers_GeneratesExpectedSpansAndDivs()
        {
            // Arrange
            var server          = TestServer.Create(_provider, _app);
            var client          = server.CreateClient();
            var expectedContent =
                await _resourcesAssembly.ReadResourceAsStringAsync
                    ("compiler/resources/MvcTagHelpersWebSite.MvcTagHelper_Customer.Index.html");

            var request             = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Customer/MvcTagHelper_Customer");
            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("Number", string.Empty),
                new KeyValuePair <string, string>("Name", string.Empty),
                new KeyValuePair <string, string>("Email", string.Empty),
                new KeyValuePair <string, string>("PhoneNumber", string.Empty),
                new KeyValuePair <string, string>("Password", string.Empty)
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act
            var response = await client.SendAsync(request);

            var responseContent = await response.Content.ReadAsStringAsync();

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);

            var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, "Customer/MvcTagHelper_Customer");

            expectedContent = string.Format(expectedContent, forgeryToken);
            Assert.Equal(expectedContent.Trim(), responseContent.Trim());
        }
Example #2
0
        public async Task InvalidCookieToken_Throws()
        {
            // Arrange
            var server = TestHelper.CreateServer(_app, SiteName, _configureServices);
            var client = server.CreateClient();

            var getResponse = await client.GetAsync("http://localhost/Account/Login");

            var resposneBody = await getResponse.Content.ReadAsStringAsync();

            var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/Login");

            var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse);
            var request     = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");

            request.Headers.Add("Cookie", cookieToken.Key + "=invalidCookie");

            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
                new KeyValuePair <string, string>("UserName", "abra"),
                new KeyValuePair <string, string>("Password", "cadabra"),
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act
            var response = await client.SendAsync(request);

            // Assert
            var exception = response.GetServerException();

            Assert.Equal("The anti-forgery token could not be decrypted.", exception.ExceptionMessage);
        }
Example #3
0
        public async Task MvcTagHelpers_GeneratesExpectedResults(string action, string antiForgeryPath)
        {
            // Arrange
            var server            = TestServer.Create(_provider, _app);
            var client            = server.CreateClient();
            var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");

            // The K runtime compiles every file under compiler/resources as a resource at runtime with the same name
            // as the file name, in order to update a baseline you just need to change the file in that folder.
            var expectedContent =
                await _resourcesAssembly.ReadResourceAsStringAsync
                    ("compiler/resources/MvcTagHelpersWebSite.MvcTagHelper_Home." + action + ".html");

            // Act
            // The host is not important as everything runs in memory and tests are isolated from each other.
            var response = await client.GetAsync("http://localhost/MvcTagHelper_Home/" + action);

            var responseContent = await response.Content.ReadAsStringAsync();

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);

            if (antiForgeryPath != null)
            {
                var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, antiForgeryPath);
                expectedContent = string.Format(expectedContent, forgeryToken);
            }
            Assert.Equal(expectedContent.Trim(), responseContent.Trim());
        }
Example #4
0
        public async Task SetCookieAndHeaderBeforeFlushAsync_PostToForm()
        {
            // Arrange
            var server = TestHelper.CreateServer(_app, SiteName, _configureServices);
            var client = server.CreateClient();

            // do a get response.
            var getResponse = await client.GetAsync("http://localhost/Account/FlushAsyncLogin");

            var resposneBody = await getResponse.Content.ReadAsStringAsync();

            var formToken   = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/FlushAsyncLogin");
            var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse);

            var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/FlushAsyncLogin");

            request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
                new KeyValuePair <string, string>("UserName", "test"),
                new KeyValuePair <string, string>("Password", "password"),
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act
            var response = await client.SendAsync(request);

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            Assert.Equal("OK", await response.Content.ReadAsStringAsync());
        }
Example #5
0
        public async Task MultipleFormPostWithingASingleView_AreAllowed()
        {
            // Arrange
            var server = TestHelper.CreateServer(_app, SiteName, _configureServices);
            var client = server.CreateClient();

            // do a get response.
            var getResponse = await client.GetAsync("http://localhost/Account/Login");

            var resposneBody = await getResponse.Content.ReadAsStringAsync();

            // Get the AF token for the second login. If the cookies are generated twice(i.e are different),
            // this AF token will not work with the first cookie.
            var formToken   = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/UseFacebookLogin");
            var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse);

            var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");

            request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
                new KeyValuePair <string, string>("UserName", "abra"),
                new KeyValuePair <string, string>("Password", "cadabra"),
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act
            var response = await client.SendAsync(request);

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            Assert.Equal("OK", await response.Content.ReadAsStringAsync());
        }
Example #6
0
        public async Task MissingAFToken_Throws()
        {
            // Arrange
            var server      = TestServer.Create(_services, _app);
            var client      = server.CreateClient();
            var getResponse = await client.GetAsync("http://localhost/Account/Login");

            var resposneBody = await getResponse.Content.ReadAsStringAsync();

            var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse);

            var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");

            request.Headers.Add("Cookie", "__RequestVerificationToken=" + cookieToken);
            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("UserName", "abra"),
                new KeyValuePair <string, string>("Password", "cadabra"),
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act
            var response = await client.SendAsync(request);

            // Assert
            var exception = response.GetServerException();

            Assert.Equal("The required anti-forgery form field \"__RequestVerificationToken\" is not present.",
                         exception.ExceptionMessage);
        }
Example #7
0
        public async Task MissingCookieToken_Throws()
        {
            // Arrange
            var server = TestServer.Create(_services, _app);
            var client = server.CreateClient();

            // do a get response.
            var getResponse = await client.GetAsync("http://localhost/Account/Login");

            var resposneBody = await getResponse.Content.ReadAsStringAsync();

            var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/Login");

            var request             = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");
            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
                new KeyValuePair <string, string>("UserName", "abra"),
                new KeyValuePair <string, string>("Password", "cadabra"),
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act & Assert
            var ex = await Assert.ThrowsAsync <InvalidOperationException>(() => client.SendAsync(request));

            Assert.Equal("The required anti-forgery cookie \"__RequestVerificationToken\" is not present.", ex.Message);
        }
        public async Task HtmlGenerationWebSite_GenerateEncodedResults(string action, string antiForgeryPath)
        {
            // Arrange
            var server = TestHelper.CreateServer(_app, SiteName, services =>
            {
                _configureServices(services);
                services.AddTransient <IHtmlEncoder, TestHtmlEncoder>();
                services.AddTransient <IJavaScriptStringEncoder, TestJavaScriptEncoder>();
                services.AddTransient <IUrlEncoder, TestUrlEncoder>();
            });
            var client            = server.CreateClient();
            var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");
            var outputFile        = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home." + action + ".Encoded.html";
            var expectedContent   =
                await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);

            // Act
            // The host is not important as everything runs in memory and tests are isolated from each other.
            var response = await client.GetAsync("http://localhost/HtmlGeneration_Home/" + action);

            var responseContent = await response.Content.ReadAsStringAsync();

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);

            responseContent = responseContent.Trim();
            if (antiForgeryPath == null)
            {
#if GENERATE_BASELINES
                ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
                Assert.Equal(expectedContent.Trim(), responseContent);
#endif
            }
            else
            {
                var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, antiForgeryPath);
#if GENERATE_BASELINES
                // Reverse usual substitution and insert a format item into the new file content.
                responseContent = responseContent.Replace(forgeryToken, "{0}");
                ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
                expectedContent = string.Format(expectedContent, forgeryToken);
                Assert.Equal(expectedContent.Trim(), responseContent);
#endif
            }
        }
        public async Task FormTagHelper_GeneratesExpectedContent(bool?optionsAntiForgery)
        {
            // Arrange
            var newServices = new ServiceCollection();

            newServices.InitializeTagHelper <FormTagHelper>((helper, _) => helper.AntiForgery = optionsAntiForgery);
            var server = TestHelper.CreateServer(_app, SiteName,
                                                 services =>
            {
                services.Add(newServices);
                _configureServices(services);
            });
            var client            = server.CreateClient();
            var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");

            var outputFile = string.Format(
                "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home.Form.Options.AntiForgery.{0}.html",
                optionsAntiForgery?.ToString() ?? "null");
            var expectedContent =
                await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);

            // Act
            // The host is not important as everything runs in memory and tests are isolated from each other.
            var response = await client.GetAsync("http://localhost/HtmlGeneration_Home/Form");

            var responseContent = await response.Content.ReadAsStringAsync();

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);

            responseContent = responseContent.Trim();
            var forgeryTokens = AntiForgeryTestHelper.RetrieveAntiForgeryTokens(responseContent).ToArray();

#if GENERATE_BASELINES
            // Reverse usual substitutions and insert format items into the new file content.
            for (var index = 0; index < forgeryTokens.Length; index++)
            {
                responseContent = responseContent.Replace(forgeryTokens[index], $"{{{ index }}}");
            }

            ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
            expectedContent = string.Format(expectedContent, forgeryTokens);
            Assert.Equal(expectedContent.Trim(), responseContent);
#endif
        }
Example #10
0
        public async Task IncompatibleCookieToken_Throws()
        {
            // Arrange
            var server = TestHelper.CreateServer(_app, SiteName, _configureServices);
            var client = server.CreateClient();

            // do a get response.
            // We do two requests to get two different sets of anti forgery cookie and token values.
            var getResponse1 = await client.GetAsync("http://localhost/Account/Login");

            var resposneBody1 = await getResponse1.Content.ReadAsStringAsync();

            var formToken1 = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody1, "Account/Login");

            var getResponse2 = await client.GetAsync("http://localhost/Account/Login");

            var resposneBody2 = await getResponse2.Content.ReadAsStringAsync();

            var cookieToken2 = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse2);

            var cookieToken = cookieToken2.Value;
            var request     = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");

            request.Headers.Add("Cookie", string.Format("{0}={1}", cookieToken2.Key, cookieToken2.Value));
            var formToken           = formToken1;
            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
                new KeyValuePair <string, string>("UserName", "abra"),
                new KeyValuePair <string, string>("Password", "cadabra"),
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act
            var response = await client.SendAsync(request);

            // Assert
            var exception = response.GetServerException();

            Assert.Equal("The anti-forgery cookie token and form field token do not match.", exception.ExceptionMessage);
        }
        public async Task ValidationTagHelpers_GeneratesExpectedSpansAndDivs()
        {
            // Arrange
            var server          = TestHelper.CreateServer(_app, SiteName, _configureServices);
            var client          = server.CreateClient();
            var outputFile      = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Customer.Index.html";
            var expectedContent =
                await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);

            var request             = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Customer/HtmlGeneration_Customer");
            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("Number", string.Empty),
                new KeyValuePair <string, string>("Name", string.Empty),
                new KeyValuePair <string, string>("Email", string.Empty),
                new KeyValuePair <string, string>("PhoneNumber", string.Empty),
                new KeyValuePair <string, string>("Password", string.Empty)
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act
            var response = await client.SendAsync(request);

            var responseContent = await response.Content.ReadAsStringAsync();

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);

            responseContent = responseContent.Trim();
            var forgeryToken =
                AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, "Customer/HtmlGeneration_Customer");

#if GENERATE_BASELINES
            // Reverse usual substitution and insert a format item into the new file content.
            responseContent = responseContent.Replace(forgeryToken, "{0}");
            ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
            expectedContent = string.Format(expectedContent, forgeryToken);
            Assert.Equal(expectedContent.Trim(), responseContent);
#endif
        }
Example #12
0
        public async Task FormTagHelper_GeneratesExpectedContent(bool?optionsAntiForgery)
        {
            // Arrange
            var newServices = new ServiceCollection();

            newServices.InitializeTagHelper <FormTagHelper>((helper, _) => helper.AntiForgery = optionsAntiForgery);
            var server = TestHelper.CreateServer(_app, SiteName,
                                                 services =>
            {
                services.Add(newServices);
                _configureServices(services);
            });
            var client            = server.CreateClient();
            var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");

            // The K runtime compiles every file under compiler/resources as a resource at runtime with the same name
            // as the file name, in order to update a baseline you just need to change the file in that folder.
            var resourceName = string.Format(
                "compiler/resources/MvcTagHelpersWebSite.MvcTagHelper_Home.Form.Options.AntiForgery.{0}.html",
                optionsAntiForgery?.ToString() ?? "null"
                );
            var expectedContent = await _resourcesAssembly.ReadResourceAsStringAsync(resourceName);

            // Act
            // The host is not important as everything runs in memory and tests are isolated from each other.
            var response = await client.GetAsync("http://localhost/MvcTagHelper_Home/Form");

            var responseContent = await response.Content.ReadAsStringAsync();

            var forgeryTokens = AntiForgeryTestHelper.RetrieveAntiForgeryTokens(responseContent);

            expectedContent = string.Format(expectedContent, forgeryTokens.ToArray());

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);
            Assert.Equal(expectedContent.Trim(), responseContent.Trim());
        }