public CsrfStartupFixture() { this.pipelines = new MockPipelines(); var csrfStartup = new CsrfStartup( CryptographyConfiguration.Default, new DefaultObjectSerializer(), new DefaultCsrfTokenValidator(CryptographyConfiguration.Default)); csrfStartup.Initialize(this.pipelines); this.request = new FakeRequest("GET", "/"); this.response = new Response(); }
public void Should_copy_request_cookie_to_context_but_not_response_if_it_exists_and_context_does_not_contain_token() { this.request.Cookies.Add(CsrfToken.DEFAULT_CSRF_KEY, "ValidToken"); var fakeValidator = A.Fake<ICsrfTokenValidator>(); A.CallTo(() => fakeValidator.CookieTokenStillValid(A<CsrfToken>.Ignored)).Returns(true); var csrfStartup = new CsrfStartup( this.cryptographyConfiguration, this.objectSerializer, fakeValidator); csrfStartup.Initialize(this.pipelines); var context = new NancyContext { Request = this.request, Response = this.response }; this.pipelines.AfterRequest.Invoke(context); this.response.Cookies.Any(c => c.Name == CsrfToken.DEFAULT_CSRF_KEY).ShouldBeFalse(); context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY).ShouldBeTrue(); context.Items[CsrfToken.DEFAULT_CSRF_KEY].ShouldEqual("ValidToken"); }
public void Should_http_decode_cookie_token_when_copied_to_the_context() { var fakeValidator = A.Fake<ICsrfTokenValidator>(); A.CallTo(() => fakeValidator.CookieTokenStillValid(A<CsrfToken>.Ignored)).Returns(true); var csrfStartup = new CsrfStartup( this.cryptographyConfiguration, this.objectSerializer, fakeValidator); csrfStartup.Initialize(this.pipelines); this.request.Cookies.Add(CsrfToken.DEFAULT_CSRF_KEY, HttpUtility.UrlEncode("Testing Token")); var context = new NancyContext { Request = this.request, Response = this.response }; this.pipelines.AfterRequest.Invoke(context); this.response.Cookies.Any(c => c.Name == CsrfToken.DEFAULT_CSRF_KEY).ShouldBeFalse(); context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY).ShouldBeTrue(); context.Items[CsrfToken.DEFAULT_CSRF_KEY].ShouldEqual("Testing Token"); }