public void SaveCookieToken_SetsCookieWithApproriatePathBase(string requestPathBase, string expectedCookiePath)
{
// Arrange
var token = "serialized-value";
var cookies = new MockResponseCookieCollection();
var httpContext = new Mock <HttpContext>();
httpContext
.Setup(hc => hc.Response.Cookies)
.Returns(cookies);
httpContext
.SetupGet(hc => hc.Request.PathBase)
.Returns(requestPathBase);
httpContext
.SetupGet(hc => hc.Request.Path)
.Returns("/index.html");
var options = new AntiforgeryOptions
{
Cookie = { Name = _cookieName }
};
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
// Act
tokenStore.SaveCookieToken(httpContext.Object, token);
// Assert
Assert.Equal(1, cookies.Count);
Assert.NotNull(cookies);
Assert.Equal(_cookieName, cookies.Key);
Assert.Equal("serialized-value", cookies.Value);
Assert.True(cookies.Options !.HttpOnly);
Assert.Equal(expectedCookiePath, cookies.Options.Path);
}
public void SaveCookieToken(bool requireSsl, bool?expectedCookieSecureFlag)
{
// Arrange
var token = "serialized-value";
bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor
var cookies = new MockResponseCookieCollection();
var mockHttpContext = new Mock <HttpContext>();
mockHttpContext
.Setup(o => o.Response.Cookies)
.Returns(cookies);
var options = new AntiforgeryOptions()
{
CookieName = _cookieName,
RequireSsl = requireSsl
};
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
// Act
tokenStore.SaveCookieToken(mockHttpContext.Object, token);
// Assert
Assert.Equal(1, cookies.Count);
Assert.NotNull(cookies);
Assert.Equal(_cookieName, cookies.Key);
Assert.Equal("serialized-value", cookies.Value);
Assert.True(cookies.Options.HttpOnly);
Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure);
}
public void SaveCookieToken_HonorsCookieSecurePolicy_OnOptions(
bool isRequestSecure,
CookieSecurePolicy policy,
bool?expectedCookieSecureFlag)
{
// Arrange
var token = "serialized-value";
bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor
var cookies = new MockResponseCookieCollection();
var httpContext = new Mock <HttpContext>();
httpContext
.Setup(hc => hc.Request.IsHttps)
.Returns(isRequestSecure);
httpContext
.Setup(o => o.Response.Cookies)
.Returns(cookies);
httpContext
.SetupGet(hc => hc.Request.PathBase)
.Returns("/");
var options = new AntiforgeryOptions()
{
Cookie =
{
Name = _cookieName,
SecurePolicy = policy
},
};
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
// Act
tokenStore.SaveCookieToken(httpContext.Object, token);
// Assert
Assert.Equal(1, cookies.Count);
Assert.NotNull(cookies);
Assert.Equal(_cookieName, cookies.Key);
Assert.Equal("serialized-value", cookies.Value);
Assert.True(cookies.Options !.HttpOnly);
Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure);
}
public void SaveCookieToken_NonNullAntiforgeryOptionsConfigureCookieOptionsDomain_UsesCookieOptionsDomain()
{
// Arrange
var expectedCookieDomain = "microsoft.com";
var token = "serialized-value";
var cookies = new MockResponseCookieCollection();
var httpContext = new Mock <HttpContext>();
httpContext
.Setup(hc => hc.Response.Cookies)
.Returns(cookies);
httpContext
.SetupGet(hc => hc.Request.PathBase)
.Returns("/vdir1");
httpContext
.SetupGet(hc => hc.Request.Path)
.Returns("/index.html");
var options = new AntiforgeryOptions
{
Cookie =
{
Name = _cookieName,
Domain = expectedCookieDomain
}
};
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
// Act
tokenStore.SaveCookieToken(httpContext.Object, token);
// Assert
Assert.Equal(1, cookies.Count);
Assert.NotNull(cookies);
Assert.Equal(_cookieName, cookies.Key);
Assert.Equal("serialized-value", cookies.Value);
Assert.True(cookies.Options !.HttpOnly);
Assert.Equal("/vdir1", cookies.Options.Path);
Assert.Equal(expectedCookieDomain, cookies.Options.Domain);
}