public void GetCookieToken_CookieDoesNotExist_ReturnsNull() { // Arrange var requestCookies = new Mock <IReadableStringCollection>(); requestCookies .Setup(o => o.Get(It.IsAny <string>())) .Returns(string.Empty); var mockHttpContext = new Mock <HttpContext>(); mockHttpContext .Setup(o => o.Request.Cookies) .Returns(requestCookies.Object); var contextAccessor = new ContextAccessor <AntiForgeryContext>(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); var config = new AntiForgeryOptions() { CookieName = _cookieName }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act var token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Null(token); }
public void GetCookieToken_CookieIsMissingInRequest_LooksUpCookieInAntiForgeryContext() { // Arrange var requestCookies = new Mock<IReadableStringCollection>(); requestCookies .Setup(o => o.Get(It.IsAny<string>())) .Returns(string.Empty); var mockHttpContext = new Mock<HttpContext>(); mockHttpContext .Setup(o => o.Request.Cookies) .Returns(requestCookies.Object); var contextAccessor = new ScopedInstance<AntiForgeryContext>(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); // add a cookie explicitly. var cookie = new AntiForgeryToken(); contextAccessor.Value = new AntiForgeryContext() { CookieToken = cookie }; var config = new AntiForgeryOptions() { CookieName = _cookieName }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act var token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Equal(cookie, token); }
public void GetCookieToken_CookieIsValid_ReturnsToken() { // Arrange var expectedToken = new AntiForgeryToken(); var mockHttpContext = GetMockHttpContext(_cookieName, "valid-value"); var config = new AntiForgeryOptions() { CookieName = _cookieName }; var mockSerializer = new Mock <IAntiForgeryTokenSerializer>(); mockSerializer .Setup(o => o.Deserialize("valid-value")) .Returns(expectedToken); var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act AntiForgeryToken retVal = tokenStore.GetCookieToken(mockHttpContext); // Assert Assert.Same(expectedToken, retVal); }
public async Task GetFormToken_FormFieldIsEmpty_ReturnsNull() { // Arrange var mockHttpContext = new Mock <HttpContext>(); var requestContext = new Mock <HttpRequest>(); IReadableStringCollection formsCollection = new MockCookieCollection(new Dictionary <string, string>() { { "form-field-name", string.Empty } }); requestContext.Setup(o => o.GetFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formsCollection)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act var token = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Null(token); }
public void GetCookieToken_CookieIsInvalid_PropagatesException() { // Arrange Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Cookies).Returns(new HttpCookieCollection() { new HttpCookie("cookie-name", "invalid-value") }); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { CookieName = "cookie-name" }; HttpAntiForgeryException expectedException = new HttpAntiForgeryException("some exception"); Mock<MockableAntiForgeryTokenSerializer> mockSerializer = new Mock<MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("invalid-value")).Throws(expectedException); AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act & assert var ex = Assert.Throws<HttpAntiForgeryException>(() => tokenStore.GetCookieToken(mockHttpContext.Object)); Assert.Equal(expectedException, ex); }
public void GetCookieToken_CookieDoesNotExist_ReturnsNull() { // Arrange var requestCookies = new Mock<IReadableStringCollection>(); requestCookies .Setup(o => o.Get(It.IsAny<string>())) .Returns(string.Empty); var mockHttpContext = new Mock<HttpContext>(); mockHttpContext .Setup(o => o.Request.Cookies) .Returns(requestCookies.Object); var config = new AntiForgeryOptions() { CookieName = _cookieName }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act var token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Null(token); }
public void GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange AntiForgeryToken expectedToken = new AntiForgeryToken(); Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Form.Get("form-field-name")).Returns("valid-value"); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { FormFieldName = "form-field-name" }; Mock <MockableAntiForgeryTokenSerializer> mockSerializer = new Mock <MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("valid-value")).Returns((object)expectedToken); AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act AntiForgeryToken retVal = tokenStore.GetFormToken(mockHttpContext.Object); // Assert Assert.Same(expectedToken, retVal); }
public void GetFormToken_FormFieldIsInvalid_PropagatesException() { // Arrange Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Form.Get("form-field-name")).Returns("invalid-value"); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { FormFieldName = "form-field-name" }; HttpAntiForgeryException expectedException = new HttpAntiForgeryException("some exception"); Mock <MockableAntiForgeryTokenSerializer> mockSerializer = new Mock <MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("invalid-value")).Throws(expectedException); AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act & assert var ex = Assert.Throws <HttpAntiForgeryException>(() => tokenStore.GetFormToken(mockHttpContext.Object)); Assert.Same(expectedException, ex); }
public void GetCookieToken_CookieIsEmpty_ReturnsNull() { // Arrange Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Cookies).Returns(new HttpCookieCollection() { new HttpCookie("cookie-name", "") }); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { CookieName = "cookie-name" }; AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act AntiForgeryToken token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Null(token); }
public void GetCookieToken_CookieIsInvalid_PropagatesException() { // Arrange Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Cookies).Returns(new HttpCookieCollection() { new HttpCookie("cookie-name", "invalid-value") }); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { CookieName = "cookie-name" }; HttpAntiForgeryException expectedException = new HttpAntiForgeryException("some exception"); Mock <MockableAntiForgeryTokenSerializer> mockSerializer = new Mock <MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("invalid-value")).Throws(expectedException); AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act & assert var ex = Assert.Throws <HttpAntiForgeryException>(() => tokenStore.GetCookieToken(mockHttpContext.Object)); Assert.Equal(expectedException, ex); }
public void GetCookieToken_CookieIsInvalid_PropagatesException() { // Arrange var mockHttpContext = GetMockHttpContext(_cookieName, "invalid-value"); var config = new AntiForgeryOptions() { CookieName = _cookieName }; var expectedException = new InvalidOperationException("some exception"); var mockSerializer = new Mock <IAntiForgeryTokenSerializer>(); mockSerializer .Setup(o => o.Deserialize("invalid-value")) .Throws(expectedException); var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act & assert var ex = Assert.Throws <InvalidOperationException>(() => tokenStore.GetCookieToken(mockHttpContext)); Assert.Same(expectedException, ex); }
public async Task GetFormToken_FormFieldIsEmpty_ReturnsNull() { // Arrange var mockHttpContext = new Mock <HttpContext>(); var requestContext = new Mock <HttpRequest>(); var formCollection = new Mock <IFormCollection>(); formCollection.Setup(f => f["form-field-name"]).Returns(string.Empty); requestContext.Setup(o => o.ReadFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formCollection.Object)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act var token = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Null(token); }
public void GetCookieToken_CookieIsValid_ReturnsToken() { // Arrange AntiForgeryToken expectedToken = new AntiForgeryToken(); Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Cookies).Returns(new HttpCookieCollection() { new HttpCookie("cookie-name", "valid-value") }); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { CookieName = "cookie-name" }; Mock <MockableAntiForgeryTokenSerializer> mockSerializer = new Mock <MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("valid-value")).Returns((object)expectedToken); AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act AntiForgeryToken retVal = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Same(expectedToken, retVal); }
private static AntiForgeryWorker CreateSingletonAntiForgeryWorker() { IAntiForgeryConfig config = new AntiForgeryConfigWrapper(); IAntiForgeryTokenSerializer serializer = new AntiForgeryTokenSerializer(MachineKey45CryptoSystem.Instance); ITokenStore tokenStore = new AntiForgeryTokenStore(config, serializer); IClaimUidExtractor claimUidExtractor = new ClaimUidExtractor(config, ClaimsIdentityConverter.Default); ITokenValidator validator = new TokenValidator(config, claimUidExtractor); return(new AntiForgeryWorker(serializer, config, tokenStore, validator)); }
public void SaveCookieToken(bool requireSsl, bool?expectedCookieSecureFlag) { // Arrange var token = new AntiForgeryToken(); var mockCookies = new Mock <IResponseCookies>(); // TODO : Once we decide on where to pick this value from enable this. bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); cookies.Count = 0; var mockHttpContext = new Mock <HttpContext>(); mockHttpContext.Setup(o => o.Response.Cookies) .Returns(cookies); var contextAccessor = new ContextAccessor <AntiForgeryContext>(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); var mockSerializer = new Mock <IAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)) .Returns("serialized-value"); var config = new AntiForgeryOptions() { CookieName = _cookieName, RequireSSL = requireSsl }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(contextAccessor.Value.CookieToken); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }
public async Task GetFormToken_FormFieldIsInvalid_PropagatesException() { // Arrange IReadableStringCollection formsCollection = new MockCookieCollection(new Dictionary <string, string>() { { "form-field-name", "invalid-value" } }); var requestContext = new Mock <HttpRequest>(); requestContext.Setup(o => o.GetFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formsCollection)); var mockHttpContext = new Mock <HttpContext>(); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; var expectedException = new InvalidOperationException("some exception"); var mockSerializer = new Mock <IAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("invalid-value")) .Throws(expectedException); var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act & assert var ex = await Assert.ThrowsAsync <InvalidOperationException>( async() => await tokenStore.GetFormTokenAsync(mockHttpContext.Object)); Assert.Same(expectedException, ex); }
public void GetCookieToken_CookieIsEmpty_ReturnsNull() { // Arrange var mockHttpContext = GetMockHttpContext(_cookieName, string.Empty); var config = new AntiForgeryOptions() { CookieName = _cookieName }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act var token = tokenStore.GetCookieToken(mockHttpContext); // Assert Assert.Null(token); }
public void GetCookieToken_CookieDoesNotExist_ReturnsNull() { // Arrange Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Cookies).Returns(new HttpCookieCollection()); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { CookieName = "cookie-name" }; AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act AntiForgeryToken token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Null(token); }
public void SaveCookieToken(bool requireSsl, bool?expectedCookieSecureFlag) { // Arrange AntiForgeryToken token = new AntiForgeryToken(); HttpCookieCollection cookies = new HttpCookieCollection(); bool defaultCookieSecureValue = expectedCookieSecureFlag ?? new HttpCookie("name", "value").Secure; // pulled from config; set by ctor Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.Response.Cookies).Returns(cookies); Mock <MockableAntiForgeryTokenSerializer> mockSerializer = new Mock <MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)).Returns("serialized-value"); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { CookieName = "cookie-name", RequireSSL = requireSsl }; AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object ); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Single(cookies); HttpCookie cookie = cookies["cookie-name"]; Assert.NotNull(cookie); Assert.Equal("serialized-value", cookie.Value); Assert.True(cookie.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookie.Secure); }
public void GetCookieToken_CookieIsMissingInRequest_LooksUpCookieInAntiForgeryContext() { // Arrange var requestCookies = new Mock <IReadableStringCollection>(); requestCookies .Setup(o => o.Get(It.IsAny <string>())) .Returns(string.Empty); var mockHttpContext = new Mock <HttpContext>(); mockHttpContext .Setup(o => o.Request.Cookies) .Returns(requestCookies.Object); var contextAccessor = new ContextAccessor <AntiForgeryContext>(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); // add a cookie explicitly. var cookie = new AntiForgeryToken(); contextAccessor.SetValue(new AntiForgeryContext() { CookieToken = cookie }); var config = new AntiForgeryOptions() { CookieName = _cookieName }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act var token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Equal(cookie, token); }
public async Task GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange var expectedToken = new AntiForgeryToken(); // Arrange var mockHttpContext = new Mock <HttpContext>(); var requestContext = new Mock <HttpRequest>(); IReadableStringCollection formsCollection = new MockCookieCollection(new Dictionary <string, string>() { { "form-field-name", "valid-value" } }); requestContext.Setup(o => o.GetFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formsCollection)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; var mockSerializer = new Mock <IAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("valid-value")) .Returns(expectedToken); var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act var retVal = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Same(expectedToken, retVal); }
public void GetFormToken_FormFieldIsEmpty_ReturnsNull() { // Arrange Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Form.Get("form-field-name")).Returns(""); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { FormFieldName = "form-field-name" }; AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act AntiForgeryToken token = tokenStore.GetFormToken(mockHttpContext.Object); // Assert Assert.Null(token); }
private static AntiForgeryWorker CreateSingletonAntiForgeryWorker() { // initialize the dependency chain // The 'Instance' property can return null, in which case we should fall back to using // the 4.0 crypto code paths. We need to use an 'if' block rather than the null coalescing // operator due to a CLR bug (DevDiv #424203). ICryptoSystem cryptoSystem = MachineKey45CryptoSystem.Instance; if (cryptoSystem == null) { cryptoSystem = new MachineKey40CryptoSystem(); } IAntiForgeryConfig config = new AntiForgeryConfigWrapper(); IAntiForgeryTokenSerializer serializer = new AntiForgeryTokenSerializer(cryptoSystem); ITokenStore tokenStore = new AntiForgeryTokenStore(config, serializer); IClaimUidExtractor claimUidExtractor = new ClaimUidExtractor(config, ClaimsIdentityConverter.Default); ITokenValidator tokenValidator = new TokenValidator(config, claimUidExtractor); return(new AntiForgeryWorker(serializer, config, tokenStore, tokenValidator)); }
public void GetCookieToken_CookieIsInvalid_PropagatesException() { // Arrange var mockHttpContext = GetMockHttpContext(_cookieName, "invalid-value"); var config = new AntiForgeryOptions() { CookieName = _cookieName }; var expectedException = new InvalidOperationException("some exception"); var mockSerializer = new Mock<IAntiForgeryTokenSerializer>(); mockSerializer .Setup(o => o.Deserialize("invalid-value")) .Throws(expectedException); var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act & assert var ex = Assert.Throws<InvalidOperationException>(() => tokenStore.GetCookieToken(mockHttpContext)); Assert.Same(expectedException, ex); }
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag) { // Arrange var token = new AntiForgeryToken(); var mockCookies = new Mock<IResponseCookies>(); // TODO : Once we decide on where to pick this value from enable this. bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); cookies.Count = 0; var mockHttpContext = new Mock<HttpContext>(); mockHttpContext.Setup(o => o.Response.Cookies) .Returns(cookies); var mockSerializer = new Mock<IAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)) .Returns("serialized-value"); var config = new AntiForgeryOptions() { CookieName = _cookieName, RequireSSL = requireSsl }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }
public void GetFormToken_FormFieldIsInvalid_PropagatesException() { // Arrange Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Form.Get("form-field-name")).Returns("invalid-value"); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { FormFieldName = "form-field-name" }; HttpAntiForgeryException expectedException = new HttpAntiForgeryException("some exception"); Mock<MockableAntiForgeryTokenSerializer> mockSerializer = new Mock<MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("invalid-value")).Throws(expectedException); AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act & assert var ex = Assert.Throws<HttpAntiForgeryException>(() => tokenStore.GetFormToken(mockHttpContext.Object)); Assert.Same(expectedException, ex); }
public void GetFormToken_FormFieldIsEmpty_ReturnsNull() { // Arrange Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Form.Get("form-field-name")).Returns(""); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { FormFieldName = "form-field-name" }; AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act AntiForgeryToken token = tokenStore.GetFormToken(mockHttpContext.Object); // Assert Assert.Null(token); }
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag) { // Arrange AntiForgeryToken token = new AntiForgeryToken(); HttpCookieCollection cookies = new HttpCookieCollection(); bool defaultCookieSecureValue = expectedCookieSecureFlag ?? new HttpCookie("name", "value").Secure; // pulled from config; set by ctor Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.Response.Cookies).Returns(cookies); Mock<MockableAntiForgeryTokenSerializer> mockSerializer = new Mock<MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)).Returns("serialized-value"); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { CookieName = "cookie-name", RequireSSL = requireSsl }; AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); HttpCookie cookie = cookies["cookie-name"]; Assert.NotNull(cookie); Assert.Equal("serialized-value", cookie.Value); Assert.True(cookie.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookie.Secure); }
public void GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange AntiForgeryToken expectedToken = new AntiForgeryToken(); Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Form.Get("form-field-name")).Returns("valid-value"); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { FormFieldName = "form-field-name" }; Mock<MockableAntiForgeryTokenSerializer> mockSerializer = new Mock<MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("valid-value")).Returns((object)expectedToken); AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act AntiForgeryToken retVal = tokenStore.GetFormToken(mockHttpContext.Object); // Assert Assert.Same(expectedToken, retVal); }
public void GetCookieToken_CookieIsValid_ReturnsToken() { // Arrange AntiForgeryToken expectedToken = new AntiForgeryToken(); Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.Request.Cookies).Returns(new HttpCookieCollection() { new HttpCookie("cookie-name", "valid-value") }); MockAntiForgeryConfig config = new MockAntiForgeryConfig() { CookieName = "cookie-name" }; Mock<MockableAntiForgeryTokenSerializer> mockSerializer = new Mock<MockableAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("valid-value")).Returns((object)expectedToken); AntiForgeryTokenStore tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act AntiForgeryToken retVal = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Same(expectedToken, retVal); }
public async Task GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange var expectedToken = new AntiForgeryToken(); // Arrange var mockHttpContext = new Mock<HttpContext>(); var requestContext = new Mock<HttpRequest>(); IReadableStringCollection formsCollection = new MockCookieCollection(new Dictionary<string, string>() { { "form-field-name", "valid-value" } }); requestContext.Setup(o => o.GetFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formsCollection)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; var mockSerializer = new Mock<IAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("valid-value")) .Returns(expectedToken); var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act var retVal = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Same(expectedToken, retVal); }
public async Task GetFormToken_FormFieldIsInvalid_PropagatesException() { // Arrange IReadableStringCollection formsCollection = new MockCookieCollection(new Dictionary<string, string>() { { "form-field-name", "invalid-value" } }); var requestContext = new Mock<HttpRequest>(); requestContext.Setup(o => o.GetFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formsCollection)); var mockHttpContext = new Mock<HttpContext>(); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; var expectedException = new InvalidOperationException("some exception"); var mockSerializer = new Mock<IAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("invalid-value")) .Throws(expectedException); var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act & assert var ex = await Assert.ThrowsAsync<InvalidOperationException>( async () => await tokenStore.GetFormTokenAsync(mockHttpContext.Object)); Assert.Same(expectedException, ex); }
public void GetCookieToken_CookieIsValid_ReturnsToken() { // Arrange var expectedToken = new AntiForgeryToken(); var mockHttpContext = GetMockHttpContext(_cookieName, "valid-value"); var config = new AntiForgeryOptions() { CookieName = _cookieName }; var mockSerializer = new Mock<IAntiForgeryTokenSerializer>(); mockSerializer .Setup(o => o.Deserialize("valid-value")) .Returns(expectedToken); var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act AntiForgeryToken retVal = tokenStore.GetCookieToken(mockHttpContext); // Assert Assert.Same(expectedToken, retVal); }
public async Task GetFormToken_FormFieldIsEmpty_ReturnsNull() { // Arrange var mockHttpContext = new Mock<HttpContext>(); var requestContext = new Mock<HttpRequest>(); IReadableStringCollection formsCollection = new MockCookieCollection(new Dictionary<string, string>() { { "form-field-name", string.Empty } }); requestContext.Setup(o => o.GetFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formsCollection)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act var token = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Null(token); }
public async Task GetFormToken_FormFieldIsEmpty_ReturnsNull() { // Arrange var mockHttpContext = new Mock<HttpContext>(); var requestContext = new Mock<HttpRequest>(); var formCollection = new Mock<IFormCollection>(); formCollection.Setup(f => f["form-field-name"]).Returns(string.Empty); requestContext.Setup(o => o.ReadFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formCollection.Object)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: null); // Act var token = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Null(token); }
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag) { // Arrange var token = new AntiForgeryToken(); var mockCookies = new Mock<IResponseCookies>(); bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); cookies.Count = 0; var mockHttpContext = new Mock<HttpContext>(); mockHttpContext.Setup(o => o.Response.Cookies) .Returns(cookies); var contextAccessor = new ScopedInstance<AntiForgeryContext>(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); var mockSerializer = new Mock<IAntiForgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)) .Returns("serialized-value"); var config = new AntiForgeryOptions() { CookieName = _cookieName, RequireSSL = requireSsl }; var tokenStore = new AntiForgeryTokenStore( config: config, serializer: mockSerializer.Object); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(contextAccessor.Value.CookieToken); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }