public async Task ValidationTagHelpers_GeneratesExpectedSpansAndDivs()
{
// Arrange
var server = TestServer.Create(_provider, _app);
var client = server.CreateClient();
var expectedContent =
await _resourcesAssembly.ReadResourceAsStringAsync
("compiler/resources/MvcTagHelpersWebSite.MvcTagHelper_Customer.Index.html");
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Customer/MvcTagHelper_Customer");
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("Number", string.Empty),
new KeyValuePair <string, string>("Name", string.Empty),
new KeyValuePair <string, string>("Email", string.Empty),
new KeyValuePair <string, string>("PhoneNumber", string.Empty),
new KeyValuePair <string, string>("Password", string.Empty)
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await client.SendAsync(request);
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, "Customer/MvcTagHelper_Customer");
expectedContent = string.Format(expectedContent, forgeryToken);
Assert.Equal(expectedContent.Trim(), responseContent.Trim());
}
public async Task InvalidCookieToken_Throws()
{
// Arrange
var server = TestHelper.CreateServer(_app, SiteName, _configureServices);
var client = server.CreateClient();
var getResponse = await client.GetAsync("http://localhost/Account/Login");
var resposneBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/Login");
var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");
request.Headers.Add("Cookie", cookieToken.Key + "=invalidCookie");
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "abra"),
new KeyValuePair <string, string>("Password", "cadabra"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await client.SendAsync(request);
// Assert
var exception = response.GetServerException();
Assert.Equal("The anti-forgery token could not be decrypted.", exception.ExceptionMessage);
}
public async Task MvcTagHelpers_GeneratesExpectedResults(string action, string antiForgeryPath)
{
// Arrange
var server = TestServer.Create(_provider, _app);
var client = server.CreateClient();
var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");
// The K runtime compiles every file under compiler/resources as a resource at runtime with the same name
// as the file name, in order to update a baseline you just need to change the file in that folder.
var expectedContent =
await _resourcesAssembly.ReadResourceAsStringAsync
("compiler/resources/MvcTagHelpersWebSite.MvcTagHelper_Home." + action + ".html");
// Act
// The host is not important as everything runs in memory and tests are isolated from each other.
var response = await client.GetAsync("http://localhost/MvcTagHelper_Home/" + action);
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);
if (antiForgeryPath != null)
{
var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, antiForgeryPath);
expectedContent = string.Format(expectedContent, forgeryToken);
}
Assert.Equal(expectedContent.Trim(), responseContent.Trim());
}
public async Task SetCookieAndHeaderBeforeFlushAsync_PostToForm()
{
// Arrange
var server = TestHelper.CreateServer(_app, SiteName, _configureServices);
var client = server.CreateClient();
// do a get response.
var getResponse = await client.GetAsync("http://localhost/Account/FlushAsyncLogin");
var resposneBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/FlushAsyncLogin");
var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/FlushAsyncLogin");
request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "test"),
new KeyValuePair <string, string>("Password", "password"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await client.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("OK", await response.Content.ReadAsStringAsync());
}
public async Task MultipleFormPostWithingASingleView_AreAllowed()
{
// Arrange
var server = TestHelper.CreateServer(_app, SiteName, _configureServices);
var client = server.CreateClient();
// do a get response.
var getResponse = await client.GetAsync("http://localhost/Account/Login");
var resposneBody = await getResponse.Content.ReadAsStringAsync();
// Get the AF token for the second login. If the cookies are generated twice(i.e are different),
// this AF token will not work with the first cookie.
var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/UseFacebookLogin");
var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");
request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "abra"),
new KeyValuePair <string, string>("Password", "cadabra"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await client.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("OK", await response.Content.ReadAsStringAsync());
}
public async Task MissingAFToken_Throws()
{
// Arrange
var server = TestServer.Create(_services, _app);
var client = server.CreateClient();
var getResponse = await client.GetAsync("http://localhost/Account/Login");
var resposneBody = await getResponse.Content.ReadAsStringAsync();
var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");
request.Headers.Add("Cookie", "__RequestVerificationToken=" + cookieToken);
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("UserName", "abra"),
new KeyValuePair <string, string>("Password", "cadabra"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await client.SendAsync(request);
// Assert
var exception = response.GetServerException();
Assert.Equal("The required anti-forgery form field \"__RequestVerificationToken\" is not present.",
exception.ExceptionMessage);
}
public async Task MissingCookieToken_Throws()
{
// Arrange
var server = TestServer.Create(_services, _app);
var client = server.CreateClient();
// do a get response.
var getResponse = await client.GetAsync("http://localhost/Account/Login");
var resposneBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/Login");
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "abra"),
new KeyValuePair <string, string>("Password", "cadabra"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act & Assert
var ex = await Assert.ThrowsAsync <InvalidOperationException>(() => client.SendAsync(request));
Assert.Equal("The required anti-forgery cookie \"__RequestVerificationToken\" is not present.", ex.Message);
}
public async Task HtmlGenerationWebSite_GenerateEncodedResults(string action, string antiForgeryPath)
{
// Arrange
var server = TestHelper.CreateServer(_app, SiteName, services =>
{
_configureServices(services);
services.AddTransient <IHtmlEncoder, TestHtmlEncoder>();
services.AddTransient <IJavaScriptStringEncoder, TestJavaScriptEncoder>();
services.AddTransient <IUrlEncoder, TestUrlEncoder>();
});
var client = server.CreateClient();
var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");
var outputFile = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home." + action + ".Encoded.html";
var expectedContent =
await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);
// Act
// The host is not important as everything runs in memory and tests are isolated from each other.
var response = await client.GetAsync("http://localhost/HtmlGeneration_Home/" + action);
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);
responseContent = responseContent.Trim();
if (antiForgeryPath == null)
{
#if GENERATE_BASELINES
ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
Assert.Equal(expectedContent.Trim(), responseContent);
#endif
}
else
{
var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, antiForgeryPath);
#if GENERATE_BASELINES
// Reverse usual substitution and insert a format item into the new file content.
responseContent = responseContent.Replace(forgeryToken, "{0}");
ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
expectedContent = string.Format(expectedContent, forgeryToken);
Assert.Equal(expectedContent.Trim(), responseContent);
#endif
}
}
public async Task FormTagHelper_GeneratesExpectedContent(bool?optionsAntiForgery)
{
// Arrange
var newServices = new ServiceCollection();
newServices.InitializeTagHelper <FormTagHelper>((helper, _) => helper.AntiForgery = optionsAntiForgery);
var server = TestHelper.CreateServer(_app, SiteName,
services =>
{
services.Add(newServices);
_configureServices(services);
});
var client = server.CreateClient();
var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");
var outputFile = string.Format(
"compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home.Form.Options.AntiForgery.{0}.html",
optionsAntiForgery?.ToString() ?? "null");
var expectedContent =
await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);
// Act
// The host is not important as everything runs in memory and tests are isolated from each other.
var response = await client.GetAsync("http://localhost/HtmlGeneration_Home/Form");
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);
responseContent = responseContent.Trim();
var forgeryTokens = AntiForgeryTestHelper.RetrieveAntiForgeryTokens(responseContent).ToArray();
#if GENERATE_BASELINES
// Reverse usual substitutions and insert format items into the new file content.
for (var index = 0; index < forgeryTokens.Length; index++)
{
responseContent = responseContent.Replace(forgeryTokens[index], $"{{{ index }}}");
}
ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
expectedContent = string.Format(expectedContent, forgeryTokens);
Assert.Equal(expectedContent.Trim(), responseContent);
#endif
}
public async Task IncompatibleCookieToken_Throws()
{
// Arrange
var server = TestHelper.CreateServer(_app, SiteName, _configureServices);
var client = server.CreateClient();
// do a get response.
// We do two requests to get two different sets of anti forgery cookie and token values.
var getResponse1 = await client.GetAsync("http://localhost/Account/Login");
var resposneBody1 = await getResponse1.Content.ReadAsStringAsync();
var formToken1 = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody1, "Account/Login");
var getResponse2 = await client.GetAsync("http://localhost/Account/Login");
var resposneBody2 = await getResponse2.Content.ReadAsStringAsync();
var cookieToken2 = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse2);
var cookieToken = cookieToken2.Value;
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login");
request.Headers.Add("Cookie", string.Format("{0}={1}", cookieToken2.Key, cookieToken2.Value));
var formToken = formToken1;
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "abra"),
new KeyValuePair <string, string>("Password", "cadabra"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await client.SendAsync(request);
// Assert
var exception = response.GetServerException();
Assert.Equal("The anti-forgery cookie token and form field token do not match.", exception.ExceptionMessage);
}
public async Task ValidationTagHelpers_GeneratesExpectedSpansAndDivs()
{
// Arrange
var server = TestHelper.CreateServer(_app, SiteName, _configureServices);
var client = server.CreateClient();
var outputFile = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Customer.Index.html";
var expectedContent =
await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Customer/HtmlGeneration_Customer");
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("Number", string.Empty),
new KeyValuePair <string, string>("Name", string.Empty),
new KeyValuePair <string, string>("Email", string.Empty),
new KeyValuePair <string, string>("PhoneNumber", string.Empty),
new KeyValuePair <string, string>("Password", string.Empty)
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await client.SendAsync(request);
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
responseContent = responseContent.Trim();
var forgeryToken =
AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, "Customer/HtmlGeneration_Customer");
#if GENERATE_BASELINES
// Reverse usual substitution and insert a format item into the new file content.
responseContent = responseContent.Replace(forgeryToken, "{0}");
ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
expectedContent = string.Format(expectedContent, forgeryToken);
Assert.Equal(expectedContent.Trim(), responseContent);
#endif
}
public async Task FormTagHelper_GeneratesExpectedContent(bool?optionsAntiForgery)
{
// Arrange
var newServices = new ServiceCollection();
newServices.InitializeTagHelper <FormTagHelper>((helper, _) => helper.AntiForgery = optionsAntiForgery);
var server = TestHelper.CreateServer(_app, SiteName,
services =>
{
services.Add(newServices);
_configureServices(services);
});
var client = server.CreateClient();
var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");
// The K runtime compiles every file under compiler/resources as a resource at runtime with the same name
// as the file name, in order to update a baseline you just need to change the file in that folder.
var resourceName = string.Format(
"compiler/resources/MvcTagHelpersWebSite.MvcTagHelper_Home.Form.Options.AntiForgery.{0}.html",
optionsAntiForgery?.ToString() ?? "null"
);
var expectedContent = await _resourcesAssembly.ReadResourceAsStringAsync(resourceName);
// Act
// The host is not important as everything runs in memory and tests are isolated from each other.
var response = await client.GetAsync("http://localhost/MvcTagHelper_Home/Form");
var responseContent = await response.Content.ReadAsStringAsync();
var forgeryTokens = AntiForgeryTestHelper.RetrieveAntiForgeryTokens(responseContent);
expectedContent = string.Format(expectedContent, forgeryTokens.ToArray());
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);
Assert.Equal(expectedContent.Trim(), responseContent.Trim());
}
