public void CanRoundTripData() { // Arrange AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer { Decoder = value => Convert.FromBase64String(value), Encoder = bytes => Convert.ToBase64String(bytes), }; AntiForgeryData input = new AntiForgeryData { Salt = "The Salt", Username = "******", Value = "The Value", CreationDate = DateTime.Now, }; // Act AntiForgeryData output = serializer.Deserialize(serializer.Serialize(input)); // Assert Assert.NotNull(output); Assert.Equal(input.Salt, output.Salt); Assert.Equal(input.Username, output.Username); Assert.Equal(input.Value, output.Value); Assert.Equal(input.CreationDate, output.CreationDate); }
protected override void AddAttributesToRender(HtmlTextWriter writer) { base.AddAttributesToRender(writer); writer.AddAttribute(HtmlTextWriterAttribute.Type, "hidden"); writer.AddAttribute(HtmlTextWriterAttribute.Name, AntiForgeryData.GetTokenName(null)); writer.AddAttribute(HtmlTextWriterAttribute.Value, formToken); }
private static HttpContextBase CreateContext(string cookieValue = null, string formValue = null, string username = "******") { HttpCookieCollection requestCookies = new HttpCookieCollection(); if (!String.IsNullOrEmpty(cookieValue)) { requestCookies.Set(new HttpCookie(_antiForgeryTokenCookieName, cookieValue)); } NameValueCollection formCollection = new NameValueCollection(); if (!String.IsNullOrEmpty(formValue)) { formCollection.Set(AntiForgeryData.GetAntiForgeryTokenName(null), formValue); } Mock <HttpContextBase> mockContext = new Mock <HttpContextBase>(); mockContext.Setup(c => c.Request.ApplicationPath).Returns("/SomeAppPath"); mockContext.Setup(c => c.Request.Cookies).Returns(requestCookies); mockContext.Setup(c => c.Request.Form).Returns(formCollection); mockContext.Setup(c => c.Response.Cookies).Returns(new HttpCookieCollection()); mockContext.Setup(c => c.User.Identity.IsAuthenticated).Returns(true); mockContext.Setup(c => c.User.Identity.Name).Returns(username); return(mockContext.Object); }
protected override void beforeEach() { MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName()).Return("FormName"); MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName("String")).IgnoreArguments().Return( "CookieName"); MockFor <IRequestData>().Stub(x => x.Value("ApplicationPath")).Return("Path"); _valueSource = MockFor <IValueSource>(); _headerSource = MockFor <IValueSource>(); MockFor <IRequestData>().Stub(x => x.ValuesFor(RequestDataSource.Request)).Return(_valueSource); MockFor <IRequestData>().Stub(x => x.ValuesFor(RequestDataSource.Header)).Return(_headerSource); _cookies = MockFor <ICookies>(); _formToken = new AntiForgeryData { CreationDate = new DateTime(2010, 12, 12), Salt = "Salty", Username = "******", Value = "12345" }; _cookieToken = new AntiForgeryData { CreationDate = new DateTime(2010, 12, 12), Salt = "Salty", Username = "******", Value = "12345" }; MockFor <IAntiForgerySerializer>().Stub(x => x.Deserialize("CookieValue")).Return(_cookieToken); MockFor <IAntiForgerySerializer>().Stub(x => x.Deserialize("FormValue")).Return(_formToken); }
public void provided_tokens_are_correct_length() { AntiForgeryData token = ClassUnderTest.GenerateToken(); byte[] decodedValue = Convert.FromBase64String(token.Value); decodedValue.Length.ShouldBe(16); }
private string GetAntiForgeryTokenAndSetCookie(HttpContextBase httpContext, string salt, string domain, string path) { string cookieName = AntiForgeryData.GetAntiForgeryTokenName(httpContext.Request.ApplicationPath); AntiForgeryData cookieToken = null; HttpCookie cookie = httpContext.Request.Cookies[cookieName]; if (cookie != null) { try { cookieToken = Serializer.Deserialize(cookie.Value); } catch (HttpAntiForgeryException) { } } if (cookieToken == null) { cookieToken = AntiForgeryData.NewToken(); string cookieValue = Serializer.Serialize(cookieToken); HttpCookie newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain }; if (!String.IsNullOrEmpty(path)) { newCookie.Path = path; } httpContext.Response.Cookies.Set(newCookie); } AntiForgeryData formToken = new AntiForgeryData(cookieToken) { Salt = salt, Username = AntiForgeryData.GetUsername(httpContext.User) }; return Serializer.Serialize(formToken); }
public void CreationDateProperty() { // Arrange AntiForgeryData token = new AntiForgeryData(); // Act & Assert MemberHelper.TestPropertyValue(token, "CreationDate", DateTime.UtcNow); }
public void ValueProperty() { // Arrange AntiForgeryData token = new AntiForgeryData(); // Act & Assert MemberHelper.TestStringProperty(token, "Value", String.Empty, false /* testDefaultValue */, true /* allowNullAndEmpty */); }
public void GetUsername_ReturnsEmptyStringIfPrincipalIsNull() { // Act string username = AntiForgeryData.GetUsername(null); // Assert Assert.AreEqual("", username); }
public void GetAntiForgeryTokenNameReturnsFieldNameIfAppPathIsNull() { // Act string tokenName = AntiForgeryData.GetAntiForgeryTokenName(null); // Assert Assert.AreEqual("__RequestVerificationToken", tokenName); }
public void CreationDateProperty() { // Arrange AntiForgeryData token = new AntiForgeryData(); // Act & Assert var now = DateTime.UtcNow; token.CreationDate = now; Assert.AreEqual(now, token.CreationDate); }
protected override void OnLoad(EventArgs e) { HttpCookie existingCookie = Page.Request.Cookies[AntiForgeryData.GetTokenName(Page.Request.ApplicationPath)]; formToken = existingCookie == null ? AntiForgeryData.GetDataAndSetCookie(Salt, Domain, Path) : AntiForgeryData.GetDataFromCookie(existingCookie, Salt, Domain, Path); base.OnLoad(e); }
public void NewToken() { // Act AntiForgeryData token = AntiForgeryData.NewToken(); // Assert int valueLength = Convert.FromBase64String(token.Value).Length; Assert.Equal(16, valueLength); Assert.NotEqual(default(DateTime), token.CreationDate); }
public void NewToken() { // Act AntiForgeryData token = AntiForgeryData.NewToken(); // Assert int valueLength = Convert.FromBase64String(token.Value).Length; Assert.AreEqual(16, valueLength, "Value was not of the correct length."); Assert.AreNotEqual(default(DateTime), token.CreationDate, "Creation date should have been initialized."); }
public void GetAntiForgeryTokenNameReturnsEncodedCookieNameIfAppPathIsNotEmpty() { // Arrange // the string below (as UTF-8 bytes) base64-encodes to "Pz4/Pj8+Pz4/Pj8+Pz4/Pg==" string original = "?>?>?>?>?>?>?>?>"; // Act string tokenName = AntiForgeryData.GetAntiForgeryTokenName(original); // Assert Assert.AreEqual("__RequestVerificationToken_Pz4-Pj8.Pz4-Pj8.Pz4-Pg__", tokenName); }
public void ValueProperty() { // Arrange AntiForgeryData token = new AntiForgeryData(); // Act & Assert Assert.AreEqual(String.Empty, token.Value); token.Value = null; Assert.AreEqual(String.Empty, token.Value); token.Value = String.Empty; Assert.AreEqual(String.Empty, token.Value); }
public void SaltProperty() { // Arrange AntiForgeryData token = new AntiForgeryData(); // Act & Assert Assert.AreEqual(String.Empty, token.Salt); token.Salt = null; Assert.AreEqual(String.Empty, token.Salt); token.Salt = String.Empty; Assert.AreEqual(String.Empty, token.Salt); }
public void GetUsername_ReturnsEmptyStringIfIdentityIsNull() { // Arrange Mock <IPrincipal> mockPrincipal = new Mock <IPrincipal>(); mockPrincipal.Setup(o => o.Identity).Returns((IIdentity)null); // Act string username = AntiForgeryData.GetUsername(mockPrincipal.Object); // Assert Assert.AreEqual("", username); }
public void GetUsername_ReturnsUsernameIfUserIsAuthenticated() { // Arrange Mock <IPrincipal> mockPrincipal = new Mock <IPrincipal>(); mockPrincipal.Setup(o => o.Identity.IsAuthenticated).Returns(true); mockPrincipal.Setup(o => o.Identity.Name).Returns("SampleName"); // Act string username = AntiForgeryData.GetUsername(mockPrincipal.Object); // Assert Assert.AreEqual("SampleName", username); }
public void GetUsername_ReturnsEmptyStringIfUserNotAuthenticated() { // Arrange Mock <IPrincipal> mockPrincipal = new Mock <IPrincipal>(); mockPrincipal.Expect(o => o.Identity.IsAuthenticated).Returns(false); mockPrincipal.Expect(o => o.Identity.Name).Returns("SampleName"); // Act string username = AntiForgeryData.GetUsername(mockPrincipal.Object); // Assert Assert.AreEqual("", username); }
public void should_return_form_token_from_cookie_data() { MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName()).Return("FormName"); var input = new AntiForgeryData { Username = "******", Value = "12345" }; FormToken formToken = ClassUnderTest.GetFormToken(input, "Salty"); formToken.Name.ShouldEqual("FormName"); formToken.TokenString.ShouldEqual("Serialized!"); }
public virtual string Serialize(AntiForgeryData token) { if (token == null) { throw new ArgumentNullException("token"); } using (MemoryStream stream = new MemoryStream()) using (BinaryWriter writer = new BinaryWriter(stream)) { writer.Write(token.Salt); writer.Write(token.Value); writer.Write(token.CreationDate.Ticks); writer.Write(token.Username); return Encoder(stream.ToArray()); } }
public void CopyConstructor() { // Arrange AntiForgeryData originalToken = new AntiForgeryData() { CreationDate = DateTime.Now, Salt = "some salt", Value = "some value" }; // Act AntiForgeryData newToken = new AntiForgeryData(originalToken); // Assert Assert.AreEqual(originalToken.CreationDate, newToken.CreationDate); Assert.AreEqual(originalToken.Salt, newToken.Salt); Assert.AreEqual(originalToken.Value, newToken.Value); }
public void serialization_and_deserialization_match() { var token = new AntiForgeryData { CreationDate = new DateTime(2011, 1, 30), Salt = "Testing", Username = "******", Value = "12345" }; string serialized = ClassUnderTest.Serialize(token); AntiForgeryData deserialized = ClassUnderTest.Deserialize(serialized); deserialized.CreationDate.ShouldEqual(token.CreationDate); deserialized.Salt.ShouldEqual(token.Salt); deserialized.Username.ShouldEqual(token.Username); deserialized.Value.ShouldEqual(token.Value); }
public void serialization_is_asp_compatible() { const string aspSerialized = "CFRoZSBTYWx0CVRoZSBWYWx1ZQBAik+Cb80IDFRoZSBVc2VybmFtZQ=="; //Base64 Serialized version of: var token = new AntiForgeryData { Salt = "The Salt", Username = "******", Value = "The Value", CreationDate = new DateTime(2010, 12, 22), }; string deserialized = ClassUnderTest.Serialize(token); deserialized.ShouldEqual(aspSerialized); }
private static HtmlHelper GetHtmlHelperForAntiForgeryToken(string cookieValue) { HttpCookieCollection requestCookies = new HttpCookieCollection(); HttpCookieCollection responseCookies = new HttpCookieCollection(); if (!String.IsNullOrEmpty(cookieValue)) { requestCookies.Set(new HttpCookie(AntiForgeryData.GetAntiForgeryTokenName("/SomeAppPath"), cookieValue)); } Mock <ViewContext> mockViewContext = new Mock <ViewContext>(); mockViewContext.Expect(c => c.HttpContext.Request.Cookies).Returns(requestCookies); mockViewContext.Expect(c => c.HttpContext.Request.ApplicationPath).Returns("/SomeAppPath"); mockViewContext.Expect(c => c.HttpContext.Response.Cookies).Returns(responseCookies); return(new HtmlHelper(mockViewContext.Object, new Mock <IViewDataContainer>().Object) { Serializer = new SubclassedAntiForgeryTokenSerializer() }); }
public void DeserializeReturnsDeserializedToken() { // Arrange Mock <IStateFormatter> mockFormatter = new Mock <IStateFormatter>(); mockFormatter.Expect(f => f.Deserialize("serialized value")).Returns(new Triplet("the salt", "the value", new DateTime(2001, 1, 1))); AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer() { Formatter = mockFormatter.Object }; // Act AntiForgeryData token = serializer.Deserialize("serialized value"); // Assert Assert.IsNotNull(token); Assert.AreEqual(new DateTime(2001, 1, 1), token.CreationDate); Assert.AreEqual("the salt", token.Salt); Assert.AreEqual("the value", token.Value); }
protected override void beforeEach() { MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName()).Return("FormName"); MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName("String")).IgnoreArguments().Return( "CookieName"); MockFor <IRequestData>().Stub(x => x.Value("ApplicationPath")).Return("Path"); _form = new NameValueCollection { { "FormName", "FormValue" } }; MockFor <IRequestData>().Stub(x => x.Value("Form")).Return(_form); _cookies = new HttpCookieCollection { new HttpCookie("CookieName", "CookieValue") }; MockFor <IRequestData>().Stub(x => x.Value("Cookies")).Return(_cookies); _formToken = new AntiForgeryData { CreationDate = new DateTime(2010, 12, 12), Salt = "Salty", Username = "******", Value = "12345" }; _cookieToken = new AntiForgeryData { CreationDate = new DateTime(2010, 12, 12), Salt = "Salty", Username = "******", Value = "12345" }; MockFor <IAntiForgerySerializer>().Stub(x => x.Deserialize("CookieValue")).Return(_cookieToken); MockFor <IAntiForgerySerializer>().Stub(x => x.Deserialize("FormValue")).Return(_formToken); MockFor <IPrincipal>().Stub(x => x.Identity).Return(MockFor <IIdentity>()); MockFor <ISecurityContext>().Stub(x => x.CurrentUser).Return(MockFor <IPrincipal>()); }
public static AuthorizationContext GetAuthorizationContext(string cookieValue, string formValue) { HttpCookieCollection requestCookies = new HttpCookieCollection(); NameValueCollection formCollection = new NameValueCollection(); Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>(); mockAuthContext.Expect(c => c.HttpContext.Request.ApplicationPath).Returns("/SomeAppPath"); mockAuthContext.Expect(c => c.HttpContext.Request.Cookies).Returns(requestCookies); mockAuthContext.Expect(c => c.HttpContext.Request.Form).Returns(formCollection); if (!String.IsNullOrEmpty(cookieValue)) { requestCookies.Set(new HttpCookie(_antiForgeryTokenCookieName, cookieValue)); } if (!String.IsNullOrEmpty(formValue)) { formCollection.Set(AntiForgeryData.GetAntiForgeryTokenName(null), formValue); } return(mockAuthContext.Object); }
public void SerializeReturnsSerializedString() { // Arrange AntiForgeryData token = new AntiForgeryData() { CreationDate = new DateTime(2001, 1, 1), Salt = "the salt", Username = "******", Value = "the value" }; Mock <IStateFormatter> mockFormatter = new Mock <IStateFormatter>(); mockFormatter .Expect(f => f.Serialize(It.IsAny <object>())) .Returns( delegate(object state) { object[] t = state as object[]; Assert.IsNotNull(t); Assert.AreEqual("the salt", t[0]); Assert.AreEqual("the value", t[1]); Assert.AreEqual(new DateTime(2001, 1, 1), t[2]); Assert.AreEqual("someuser", t[3]); return("serialized value"); } ); AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer() { Formatter = mockFormatter.Object }; // Act string serializedValue = serializer.Serialize(token); // Assert Assert.AreEqual("serialized value", serializedValue); }
public override string Serialize(AntiForgeryData token) { return(String.Format(CultureInfo.InvariantCulture, "Creation: {0}, Value: {1}, Salt: {2}, Username: {3}", token.CreationDate, token.Value, token.Salt, token.Username)); }
public override string Serialize(AntiForgeryData token) { return String.Format(CultureInfo.InvariantCulture, "Creation: {0}, Value: {1}, Salt: {2}", token.CreationDate, token.Value, token.Salt); }