Example #1
0
        public async Task HelloWorldWithPageModelHandler_CanPostContent()
        {
            // Arrange
            var getRequest  = new HttpRequestMessage(HttpMethod.Get, "http://localhost/HelloWorldWithPageModelHandler?message=message");
            var getResponse = await Client.SendAsync(getRequest);

            var getResponseBody = await getResponse.Content.ReadAsStringAsync();

            var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "/HelloWorlWithPageModelHandler");
            var cookie    = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);


            var postRequest = new HttpRequestMessage(HttpMethod.Post, "http://localhost/HelloWorldWithPageModelHandler");

            postRequest.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
            postRequest.Headers.Add("RequestVerificationToken", formToken);

            // Act
            var response = await Client.SendAsync(postRequest);

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);

            var content = await response.Content.ReadAsStringAsync();

            Assert.StartsWith("Hello, You posted!", content.Trim());
        }
Example #2
0
        public async Task PageConventions_CustomizedModelCanPostToHandlers()
        {
            // Arrange
            var getPage = await Client.GetAsync("/CustomModelTypeModel");

            var token  = AntiforgeryTestHelper.RetrieveAntiforgeryToken(await getPage.Content.ReadAsStringAsync(), "");
            var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getPage);

            var message = new HttpRequestMessage(HttpMethod.Post, "/CustomModelTypeModel");

            message.Content = new FormUrlEncodedContent(new Dictionary <string, string>
            {
                ["__RequestVerificationToken"] = token,
                ["ConfirmPassword"]            = "",
                ["Password"] = "",
                ["Email"]    = ""
            });
            message.Headers.TryAddWithoutValidation("Cookie", $"{cookie.Key}={cookie.Value}");

            // Act
            var response = await Client.SendAsync(message);

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            var content = await response.Content.ReadAsStringAsync();

            Assert.Contains("is required.", content);
        }
Example #3
0
        public async Task PageConventions_CustomizedModelCanWorkWithModelState()
        {
            // Arrange
            var getPage = await Client.GetAsync("/CustomModelTypeModel");

            var token  = AntiforgeryTestHelper.RetrieveAntiforgeryToken(await getPage.Content.ReadAsStringAsync(), "");
            var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getPage);

            var message = new HttpRequestMessage(HttpMethod.Post, "/CustomModelTypeModel");

            message.Content = new FormUrlEncodedContent(new Dictionary <string, string>
            {
                ["__RequestVerificationToken"] = token,
                ["Email"]           = "*****@*****.**",
                ["Password"]        = "******",
                ["ConfirmPassword"] = "******",
            });
            message.Headers.TryAddWithoutValidation("Cookie", $"{cookie.Key}={cookie.Value}");

            // Act
            var response = await Client.SendAsync(message);

            // Assert
            Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
            Assert.Equal("/", response.Headers.Location.ToString());
        }
Example #4
0
        public async Task MultipleFormPostWithingASingleView_AreAllowed()
        {
            // Arrange
            // Do a get request.
            var getResponse = await Client.GetAsync("http://localhost/Antiforgery/Login");

            var responseBody = await getResponse.Content.ReadAsStringAsync();

            // Get the AF token for the second login. If the cookies are generated twice(i.e are different),
            // this AF token will not work with the first cookie.
            var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(
                responseBody,
                "/Antiforgery/UseFacebookLogin");
            var cookieToken = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);

            var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Antiforgery/Login");

            request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
                new KeyValuePair <string, string>("UserName", "abra"),
                new KeyValuePair <string, string>("Password", "cadabra"),
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act
            var response = await Client.SendAsync(request);

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            Assert.Equal("OK", await response.Content.ReadAsStringAsync());
        }
Example #5
0
        public async Task SetCookieAndHeaderBeforeFlushAsync_PostToForm()
        {
            // Arrange
            // do a get response.
            var getResponse = await Client.GetAsync("http://localhost/Antiforgery/FlushAsyncLogin");

            var responseBody = await getResponse.Content.ReadAsStringAsync();

            var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(
                responseBody,
                "Antiforgery/FlushAsyncLogin");
            var cookieToken = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);

            var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Antiforgery/FlushAsyncLogin");

            request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
            var nameValueCollection = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
                new KeyValuePair <string, string>("UserName", "test"),
                new KeyValuePair <string, string>("Password", "password"),
            };

            request.Content = new FormUrlEncodedContent(nameValueCollection);

            // Act
            var response = await Client.SendAsync(request);

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            Assert.Equal("OK", await response.Content.ReadAsStringAsync());
        }
Example #6
0
        public async Task PageConventions_CustomizedModelCanWorkWithModelState_EnforcesBindRequired()
        {
            // Arrange
            var getPage = await Client.GetAsync("/CustomModelTypeModel?Attempts=0");

            var token  = AntiforgeryTestHelper.RetrieveAntiforgeryToken(await getPage.Content.ReadAsStringAsync(), "");
            var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getPage);

            var message = new HttpRequestMessage(HttpMethod.Post, "/CustomModelTypeModel")
            {
                Content = new FormUrlEncodedContent(new Dictionary <string, string>
                {
                    ["__RequestVerificationToken"] = token,
                    ["Email"]           = "*****@*****.**",
                    ["Password"]        = "******",
                    ["ConfirmPassword"] = "******",
                })
            };

            message.Headers.TryAddWithoutValidation("Cookie", $"{cookie.Key}={cookie.Value}");

            // Act
            var response = await Client.SendAsync(message);

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            var responseText = await response.Content.ReadAsStringAsync();

            Assert.Contains(
                "A value for the &#x27;Attempts&#x27; parameter or property was not provided.",
                responseText);
        }
Example #7
0
        private async Task AddAntiforgeryHeaders(HttpRequestMessage request)
        {
            var getResponse = await Client.GetAsync(request.RequestUri);

            Assert.Equal(HttpStatusCode.OK, getResponse.StatusCode);
            var getResponseBody = await getResponse.Content.ReadAsStringAsync();

            var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "");
            var cookie    = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);

            request.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
            request.Headers.Add("RequestVerificationToken", formToken);
        }
Example #8
0
        public async Task CanUseNonNullableReferenceType_WithController_OmitData_ValidationErrors()
        {
            // Arrange
            var parser = new HtmlParser();

            // Act 1
            var response = await Client.GetAsync("http://localhost/NonNullable");

            // Assert 1
            await response.AssertStatusCodeAsync(HttpStatusCode.OK);

            var content = await response.Content.ReadAsStringAsync();

            var document = parser.Parse(content);
            var errors   = document.QuerySelectorAll("#errors > ul > li");
            var li       = Assert.Single(errors);

            Assert.Empty(li.TextContent);

            var cookieToken = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(response);
            var formToken   = document.RetrieveAntiforgeryToken();

            var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/NonNullable");

            request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
            request.Content = new FormUrlEncodedContent(new[]
            {
                new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
            });

            // Act 2
            response = await Client.SendAsync(request);

            // Assert 2
            //
            // OK means there were validation errors.
            await response.AssertStatusCodeAsync(HttpStatusCode.OK);

            content = await response.Content.ReadAsStringAsync();

            document = parser.Parse(content);
            errors   = errors = document.QuerySelectorAll("#errors > ul > li");
            Assert.Equal(2, errors.Length); // Not validating BCL error messages
        }
Example #9
0
        public async Task TempData_TempDataPropertyOnPageModel_PopulatesTempData()
        {
            // Arrange 1
            var getRequest  = new HttpRequestMessage(HttpMethod.Get, "http://localhost/TempData/TempDataPageModelProperty");
            var getResponse = await Client.SendAsync(getRequest);

            var getResponseBody = await getResponse.Content.ReadAsStringAsync();

            var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "/TempData/TempDataPageModelProperty");
            var cookie    = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);

            var url     = "http://localhost/TempData/TempDataPageModelProperty";
            var request = new HttpRequestMessage(HttpMethod.Post, url);

            request.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
            request.Headers.Add("RequestVerificationToken", formToken);

            // Act 1
            var response = await Client.SendAsync(request);

            // Assert 1
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            var content = await response.Content.ReadAsStringAsync();

            Assert.StartsWith("Message: Secret post", content.Trim());
            Assert.EndsWith("TempData:", content.Trim());

            // Arrange 2
            request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/TempData/TempDataPageModelProperty");
            request.Headers.Add("Cookie", GetCookie(response));

            // Act 2
            response = await Client.SendAsync(request);

            // Assert 2
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            content = await response.Content.ReadAsStringAsync();

            Assert.StartsWith("Message: Secret post", content.Trim());
            Assert.EndsWith("TempData: Secret post", content.Trim());
        }
Example #10
0
        public async Task PageModel_Handler_ReturnTypeImplementsIActionResult()
        {
            // Arrange
            var getResponse = await Client.GetAsync("http://localhost/ModelHandlerTestPage");

            var getResponseBody = await getResponse.Content.ReadAsStringAsync();

            var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "/ModelHandlerTestPage");
            var cookie    = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);

            var postRequest = new HttpRequestMessage(HttpMethod.Post, "http://localhost/ModelHandlerTestPage/CustomActionResult");

            postRequest.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
            postRequest.Headers.Add("RequestVerificationToken", formToken);
            // Act
            var response = await Client.SendAsync(postRequest);

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            var content = await response.Content.ReadAsStringAsync();

            Assert.Equal("CustomActionResult", content);
        }
Example #11
0
        public async Task RoundTrippingFormFileInputWorks()
        {
            // Arrange
            var url      = "/PropertyBinding/BindFormFile";
            var response = await Client.GetAsync(url);

            await response.AssertStatusCodeAsync(HttpStatusCode.OK);

            var document = await response.GetHtmlDocumentAsync();

            var property1        = document.RequiredQuerySelector("#property1").GetAttribute("name");
            var file1            = document.RequiredQuerySelector("#file1").GetAttribute("name");
            var file2            = document.RequiredQuerySelector("#file2").GetAttribute("name");
            var file3            = document.RequiredQuerySelector("#file3").GetAttribute("name");
            var antiforgeryToken = document.RetrieveAntiforgeryToken();

            var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(response);

            var content = new MultipartFormDataContent
            {
                { new StringContent("property1-value"), property1 },
                { new StringContent("test-value1"), file1, "test1.txt" },
                { new StringContent("test-value2"), file3, "test2.txt" }
            };

            var request = new HttpRequestMessage(HttpMethod.Post, url)
            {
                Content = content,
            };

            request.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
            request.Headers.Add("RequestVerificationToken", antiforgeryToken);

            response = await Client.SendAsync(request);

            await response.AssertStatusCodeAsync(HttpStatusCode.OK);
        }