Esempio n. 1
0
        public void MissingCookiesValidXSRFTokenUnauthTest()
        {
            // get a paired client and xsrf token
            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);

            // extract the client
            var client = clientxsrf.client;

            // give client empty cookie containter
            client.CookieContainer = new System.Net.CookieContainer();

            // extract the xsrf token
            var xsrfToken = clientxsrf.xsrfToken;

            // set the uri for the authorised api request
            client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");

            //setup the request
            var request = RequestHelpers.BasicPostRequest();

            //get the authorization token and adds the token to the request
            request.AddHeader("X-XSRF-TOKEN", xsrfToken);

            // we don't expect out result to be valid as we have no valid cookies,
            // even though we have attatched a valid xsrf token as a header.
            // check response
            ResponseHelpers.CheckResponse(client, request, expectValid: false);
        }
Esempio n. 2
0
        public void APIUserLogoutTest()
        {
            // login to the backend server
            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);

            // extract the client
            var client = clientxsrf.client;

            // should be 3 cookies after login
            Assert.Equal(3, client.CookieContainer.Count);

            // extract the xsrf token
            var xsrfToken = clientxsrf.xsrfToken;

            // set the logout url
            client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/authorization/logout");

            //setup the request headers
            var request = RequestHelpers.BasicPostRequest();

            // get the authorization token and adds the token to the request
            request.AddHeader("X-XSRF-TOKEN", xsrfToken);

            // execute the logout request
            var response = client.Execute(request);

            // valid response
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);

            // should be no cookies in the response after login
            Assert.Equal(0, response.Cookies.Count);

            ApiOutputHelper.WriteRequestResponseOutput(request, response, _output);
        }
Esempio n. 3
0
        public void MissingXSRFTokenValidCookiesUnauthTest()
        {
            // get a paired client and xsrf token
            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);

            // extract the client
            var client = clientxsrf.client;

            // extract the xsrf token
            var xsrfToken = clientxsrf.xsrfToken;

            // set the uri for the authorised api request
            client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");

            //setup the request
            var request = RequestHelpers.BasicPostRequest();

            // we don't expect out result to be valid since we have not attatched a valid
            // xsrf token as a header, although we do have valid cookies
            ResponseHelpers.CheckResponse(client, request, expectValid: false);
        }
Esempio n. 4
0
        public void ValidCookiesValidXSRFTokenAuth()
        {
            // get a paired client and xsrf token
            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);

            // extract the client
            var client = clientxsrf.client;

            // extract the xsrf token
            var xsrfToken = clientxsrf.xsrfToken;

            // set the uri for the authorised api request
            client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");

            //setup the request
            var request = RequestHelpers.BasicPostRequest();

            //get the authorization token and adds the token to the request
            request.AddHeader("X-XSRF-TOKEN", xsrfToken);

            // we expect out result to be valid since we have valid cookies and a valid xsrfToken as a header
            // check response
            ResponseHelpers.CheckResponse(client, request, expectValid: true);
        }