public void SaveCookieToken(bool requireSsl, bool?expectedCookieSecureFlag) { // Arrange var token = "serialized-value"; bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); var mockHttpContext = new Mock <HttpContext>(); mockHttpContext .Setup(o => o.Response.Cookies) .Returns(cookies); var options = new AntiforgeryOptions() { CookieName = _cookieName, RequireSsl = requireSsl }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }
public void SaveCookieToken_SetsCookieWithApproriatePathBase(string requestPathBase, string expectedCookiePath) { // Arrange var token = "serialized-value"; var cookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .Setup(hc => hc.Response.Cookies) .Returns(cookies); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns(requestPathBase); httpContext .SetupGet(hc => hc.Request.Path) .Returns("/index.html"); var options = new AntiforgeryOptions { Cookie = { Name = _cookieName } }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act tokenStore.SaveCookieToken(httpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options !.HttpOnly); Assert.Equal(expectedCookiePath, cookies.Options.Path); }
public void SaveTempData_UsesCookieName_FromOptions() { // Arrange var expectedCookieName = "TestCookieName"; var expectedDataInCookie = WebEncoders.Base64UrlEncode(Bytes); var tempDataProvider = GetProvider(dataProtector: null, options: new CookieTempDataProviderOptions() { Cookie = { Name = expectedCookieName } }); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, Dictionary); // Assert Assert.Contains(responseCookies, (cookie) => cookie.Key == expectedCookieName); var cookieInfo = responseCookies[expectedCookieName]; Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal("/", cookieInfo.Options.Path); }
public void SaveTempData_ProtectsAnd_Base64UrlEncodesDataAnd_SetsCookie() { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var expectedDataToProtect = Bytes; var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, Dictionary); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); }
public void SaveTempData_CustomProviderOptions_SetsCookie_WithAppropriateCookieOptions( string requestPathBase, string optionsPath, string optionsDomain, string expectedCookiePath, string expectedDomain) { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var tempDataProviderStore = new TempDataSerializer(); var expectedDataToProtect = tempDataProviderStore.Serialize(values); var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider( dataProtector, new CookieTempDataProviderOptions { Cookie = { Path = optionsPath, Domain = optionsDomain } }); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.IsHttps) .Returns(false); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns(requestPathBase); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, values); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); Assert.Equal(expectedCookiePath, cookieInfo.Options.Path); Assert.Equal(expectedDomain, cookieInfo.Options.Domain); Assert.False(cookieInfo.Options.Secure); Assert.True(cookieInfo.Options.HttpOnly); Assert.Null(cookieInfo.Options.Expires); }
public void SaveCookieToken(bool requireSsl, bool?expectedCookieSecureFlag) { // Arrange var token = new AntiForgeryToken(); var mockCookies = new Mock <IResponseCookies>(); // TODO : Once we decide on where to pick this value from enable this. bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); cookies.Count = 0; var mockHttpContext = new Mock <HttpContext>(); mockHttpContext.Setup(o => o.Response.Cookies) .Returns(cookies); var contextAccessor = new ContextAccessor <AntiForgeryContext>(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); var mockSerializer = new Mock <IAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)) .Returns("serialized-value"); var config = new AntiForgeryOptions() { CookieName = _cookieName, RequireSSL = requireSsl }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(contextAccessor.Value.CookieToken); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }
public void SaveTempData_HonorsCookieSecurePolicy_OnOptions( bool isRequestSecure, CookieSecurePolicy cookieSecurePolicy, bool expectedSecureFlag) { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var tempDataProviderStore = new TempDataSerializer(); var expectedDataToProtect = tempDataProviderStore.Serialize(values); var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var options = new CookieTempDataProviderOptions(); options.Cookie.SecurePolicy = cookieSecurePolicy; var tempDataProvider = GetProvider(dataProtector, options); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .SetupGet(hc => hc.Request.IsHttps) .Returns(isRequestSecure); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, values); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); Assert.Equal("/", cookieInfo.Options.Path); Assert.Equal(expectedSecureFlag, cookieInfo.Options.Secure); Assert.True(cookieInfo.Options.HttpOnly); Assert.Null(cookieInfo.Options.Expires); Assert.Null(cookieInfo.Options.Domain); }
public void SaveCookieToken_HonorsCookieSecurePolicy_OnOptions( bool isRequestSecure, CookieSecurePolicy policy, bool?expectedCookieSecureFlag) { // Arrange var token = "serialized-value"; bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .Setup(hc => hc.Request.IsHttps) .Returns(isRequestSecure); httpContext .Setup(o => o.Response.Cookies) .Returns(cookies); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); var options = new AntiforgeryOptions() { Cookie = { Name = _cookieName, SecurePolicy = policy }, }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act tokenStore.SaveCookieToken(httpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options !.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }
public void SaveTempData_RemovesCookie_WhenNoDataToSave() { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var tempDataProviderStore = new TempDataSerializer(); var serializedData = tempDataProviderStore.Serialize(values); var base64AndUrlEncodedData = WebEncoders.Base64UrlEncode(serializedData); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var requestCookies = new RequestCookieCollection(new Dictionary <string, string>() { { CookieTempDataProvider.CookieName, base64AndUrlEncodedData } }); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .Setup(hc => hc.Request.Cookies) .Returns(requestCookies); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); httpContext .Setup(hc => hc.Response.Headers) .Returns(new HeaderDictionary()); // Act tempDataProvider.SaveTempData(httpContext.Object, new Dictionary <string, object>()); // Assert Assert.Equal(1, responseCookies.Count); var cookie = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookie); Assert.Equal(string.Empty, cookie.Value); Assert.NotNull(cookie.Options.Expires); Assert.True(cookie.Options.Expires.Value < DateTimeOffset.Now); // expired cookie }
public void SaveTempData_SetsSecureAttributeOnCookie_OnlyIfRequestIsSecure(bool isSecure) { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var tempDataProviderStore = new TempDataSerializer(); var expectedDataToProtect = tempDataProviderStore.Serialize(values); var expectedDataInCookie = Base64UrlTextEncoder.Encode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .SetupGet(hc => hc.Request.IsHttps) .Returns(isSecure); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, values); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); Assert.Equal("/", cookieInfo.Options.Path); Assert.Equal(isSecure, cookieInfo.Options.Secure); Assert.True(cookieInfo.Options.HttpOnly); Assert.Null(cookieInfo.Options.Expires); Assert.Null(cookieInfo.Options.Domain); }
public void SaveCookieToken_NonNullAntiforgeryOptionsConfigureCookieOptionsDomain_UsesCookieOptionsDomain() { // Arrange var expectedCookieDomain = "microsoft.com"; var token = "serialized-value"; var cookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .Setup(hc => hc.Response.Cookies) .Returns(cookies); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/vdir1"); httpContext .SetupGet(hc => hc.Request.Path) .Returns("/index.html"); var options = new AntiforgeryOptions { Cookie = { Name = _cookieName, Domain = expectedCookieDomain } }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act tokenStore.SaveCookieToken(httpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options !.HttpOnly); Assert.Equal("/vdir1", cookies.Options.Path); Assert.Equal(expectedCookieDomain, cookies.Options.Domain); }
public void SaveTempData_DefaultProviderOptions_SetsCookie_WithAppropriateCookieOptions( string pathBase, string expectedCookiePath) { // Arrange var expectedDataToProtect = Bytes; var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns(pathBase); httpContext .SetupGet(hc => hc.Request.IsHttps) .Returns(false); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, Dictionary); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); Assert.Equal(expectedCookiePath, cookieInfo.Options.Path); Assert.False(cookieInfo.Options.Secure); Assert.True(cookieInfo.Options.HttpOnly); Assert.Null(cookieInfo.Options.Expires); Assert.Null(cookieInfo.Options.Domain); }
public void SaveTempData_UsesCookieName_FromOptions() { // Arrange var expectedCookieName = "TestCookieName"; var values = new Dictionary <string, object>(); values.Add("int", 10); var tempDataProviderStore = new TempDataSerializer(); var expectedDataToProtect = tempDataProviderStore.Serialize(values); var expectedDataInCookie = Base64UrlTextEncoder.Encode(expectedDataToProtect); var tempDataProvider = GetProvider(dataProtector: null, options: new CookieTempDataProviderOptions() { Cookie = { Name = expectedCookieName } }); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, values); // Assert Assert.Contains(responseCookies, (cookie) => cookie.Key == expectedCookieName); var cookieInfo = responseCookies[expectedCookieName]; Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal("/", cookieInfo.Options.Path); }
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag) { // Arrange var token = "serialized-value"; bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); var mockHttpContext = new Mock<HttpContext>(); mockHttpContext .Setup(o => o.Response.Cookies) .Returns(cookies); var options = new AntiforgeryOptions() { CookieName = _cookieName, RequireSsl = requireSsl }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag) { // Arrange var token = new AntiforgeryToken(); var mockCookies = new Mock<IResponseCookies>(); bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); cookies.Count = 0; var mockHttpContext = new Mock<HttpContext>(); mockHttpContext.Setup(o => o.Response.Cookies) .Returns(cookies); var contextAccessor = new DefaultAntiforgeryContextAccessor(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); var mockSerializer = new Mock<IAntiforgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)) .Returns("serialized-value"); var options = new AntiforgeryOptions() { CookieName = _cookieName, RequireSsl = requireSsl }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(contextAccessor.Value.CookieToken); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag) { // Arrange var token = new AntiForgeryToken(); var mockCookies = new Mock<IResponseCookies>(); // TODO : Once we decide on where to pick this value from enable this. bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); cookies.Count = 0; var mockHttpContext = new Mock<HttpContext>(); mockHttpContext.Setup(o => o.Response.Cookies) .Returns(cookies); var mockSerializer = new Mock<IAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)) .Returns("serialized-value"); var config = new AntiForgeryOptions() { CookieName = _cookieName, RequireSSL = requireSsl }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }