public void AcceptableNonceDrift() { var offsetFromNow = TimeSpan.FromSeconds(-60 * 5).Add(TimeSpan.FromSeconds(1)); var max = TimeSpan.FromMinutes(5); while (offsetFromNow < max) { string ignored; for (int i = 0; i < 1000; i++) { var now = DateTime.UtcNow; var nonce = Nonces.Create(now + offsetFromNow); if (!Nonces.IsValid(nonce, "127.0.0.1", out ignored, now)) { DateTime created; Nonces.Parse(nonce, out created); Assert.Fail("Failed on [" + nonce + "] on [" + created + "] diff of [" + (created - now) + "]"); } } offsetFromNow = offsetFromNow.Add(TimeSpan.FromSeconds(1)); } }
public void ValidNonces() { string ignored; for (int i = 0; i < 1000000; i++) { var nonce = Nonces.Create(); Assert.IsTrue(Nonces.IsValid(nonce, "127.0.0.1", out ignored), "Failed on " + nonce); } }
public void DoubleNonceUseFails() { string ignored; for (int i = 0; i < 1000000; i++) { var nonce = Nonces.Create(); Assert.IsTrue(Nonces.IsValid(nonce, "127.0.0.1", out ignored), "Failed on " + nonce); Nonces.MarkUsed(nonce, "127.0.0.1"); Assert.IsFalse(Nonces.IsValid(nonce, "127.0.0.2", out ignored), "Accepted twice " + nonce); } }
/// <summary> /// Generate a link to switch to a specific form /// </summary> private string SwitchLink(string to, string affId, string background, string color, string callback, bool newCookie) { var nonce = Nonces.Create(); var authCode = Current.MakeAuthCode(new { nonce, to, affId, background, color, callback, newCookie = newCookie.ToString() }); var @switch = UnsafeRedirect( "affiliate/form/switch", new { to, nonce, authCode, affId, background, color, callback, newCookie = newCookie.ToString() } ); return(Current.Url(@switch.Url)); }