public void ChecksSSL_GetTokens_Throws() { // Arrange var mockHttpContext = new Mock <HttpContext>(); mockHttpContext.Setup(o => o.Request.IsSecure) .Returns(false); var config = new AntiForgeryOptions() { RequireSSL = true }; var worker = new AntiForgeryWorker( config: config, serializer: null, tokenStore: null, generator: null, validator: null); // Act & assert var ex = Assert.Throws <InvalidOperationException>(() => worker.GetTokens(mockHttpContext.Object, "cookie-token")); Assert.Equal( @"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " + "but the current request is not an SSL request.", ex.Message); }
public void ChecksSSL() { // Arrange Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.Request.IsSecureConnection).Returns(false); IAntiForgeryConfig config = new MockAntiForgeryConfig() { RequireSSL = true }; AntiForgeryWorker worker = new AntiForgeryWorker( config: config, serializer: null, tokenStore: null, validator: null); // Act & assert var ex = Assert.Throws<InvalidOperationException>(() => worker.Validate(mockHttpContext.Object, "session-token", "field-token")); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws<InvalidOperationException>(() => worker.Validate(mockHttpContext.Object)); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws<InvalidOperationException>(() => worker.GetFormInputElement(mockHttpContext.Object)); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws<InvalidOperationException>(() => { string dummy1, dummy2; worker.GetTokens(mockHttpContext.Object, "cookie-token", out dummy1, out dummy2); }); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); }
public void GetTokens_ExistingValidCookieToken() { // Arrange GenericIdentity identity = new GenericIdentity("some-user"); Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext .Setup(o => o.User) .Returns(new GenericPrincipal(identity, new string[0])); AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; AntiForgeryToken formToken = new AntiForgeryToken(); Mock <MockableAntiForgeryTokenSerializer> mockSerializer = new Mock <MockableAntiForgeryTokenSerializer>(MockBehavior.Strict); mockSerializer .Setup(o => o.Deserialize("serialized-old-cookie-token")) .Returns(cookieToken); mockSerializer.Setup(o => o.Serialize(formToken)).Returns("serialized-form-token"); Mock <MockableTokenValidator> mockValidator = new Mock <MockableTokenValidator>( MockBehavior.Strict ); mockValidator .Setup(o => o.GenerateFormToken(mockHttpContext.Object, identity, cookieToken)) .Returns(formToken); mockValidator.Setup(o => o.IsCookieTokenValid(cookieToken)).Returns(true); AntiForgeryWorker worker = new AntiForgeryWorker( config: new MockAntiForgeryConfig(), serializer: mockSerializer.Object, tokenStore: null, validator: mockValidator.Object ); // Act string serializedNewCookieToken, serializedFormToken; worker.GetTokens( mockHttpContext.Object, "serialized-old-cookie-token", out serializedNewCookieToken, out serializedFormToken ); // Assert Assert.Null(serializedNewCookieToken); Assert.Equal("serialized-form-token", serializedFormToken); }
public void ChecksSSL() { // Arrange Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.Request.IsSecureConnection).Returns(false); IAntiForgeryConfig config = new MockAntiForgeryConfig() { RequireSSL = true }; AntiForgeryWorker worker = new AntiForgeryWorker( config: config, serializer: null, tokenStore: null, validator: null); // Act & assert var ex = Assert.Throws <InvalidOperationException>(() => worker.Validate(mockHttpContext.Object, "session-token", "field-token")); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws <InvalidOperationException>(() => worker.Validate(mockHttpContext.Object)); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws <InvalidOperationException>(() => worker.GetFormInputElement(mockHttpContext.Object)); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws <InvalidOperationException>(() => { string dummy1, dummy2; worker.GetTokens(mockHttpContext.Object, "cookie-token", out dummy1, out dummy2); }); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); }
public static void GetTokens(HttpRequestMessage request, string oldCookieToken, out string newCookieToken, out string formToken) { s_worker.GetTokens(request, oldCookieToken, out newCookieToken, out formToken); }
public void GetTokens_ExistingValidCookieToken() { // Arrange GenericIdentity identity = new GenericIdentity("some-user"); Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.User).Returns(new GenericPrincipal(identity, new string[0])); AntiForgeryToken cookieToken = new AntiForgeryToken() { IsSessionToken = true }; AntiForgeryToken formToken = new AntiForgeryToken(); Mock<MockableAntiForgeryTokenSerializer> mockSerializer = new Mock<MockableAntiForgeryTokenSerializer>(MockBehavior.Strict); mockSerializer.Setup(o => o.Deserialize("serialized-old-cookie-token")).Returns(cookieToken); mockSerializer.Setup(o => o.Serialize(formToken)).Returns("serialized-form-token"); Mock<MockableTokenValidator> mockValidator = new Mock<MockableTokenValidator>(MockBehavior.Strict); mockValidator.Setup(o => o.GenerateFormToken(mockHttpContext.Object, identity, cookieToken)).Returns(formToken); mockValidator.Setup(o => o.IsCookieTokenValid(cookieToken)).Returns(true); AntiForgeryWorker worker = new AntiForgeryWorker( config: new MockAntiForgeryConfig(), serializer: mockSerializer.Object, tokenStore: null, validator: mockValidator.Object); // Act string serializedNewCookieToken, serializedFormToken; worker.GetTokens(mockHttpContext.Object, "serialized-old-cookie-token", out serializedNewCookieToken, out serializedFormToken); // Assert Assert.Null(serializedNewCookieToken); Assert.Equal("serialized-form-token", serializedFormToken); }
public void ChecksSSL_GetTokens_Throws() { // Arrange var mockHttpContext = new Mock<HttpContext>(); mockHttpContext.Setup(o => o.Request.IsHttps) .Returns(false); var config = new AntiForgeryOptions() { RequireSSL = true }; var worker = new AntiForgeryWorker( config: config, serializer: null, tokenStore: null, generator: null, validator: null, htmlEncoder: new HtmlEncoder()); // Act & assert var ex = Assert.Throws<InvalidOperationException>(() => worker.GetTokens(mockHttpContext.Object, "cookie-token")); Assert.Equal( @"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " + "but the current request is not an SSL request.", ex.Message); }