public async Task MultipleFormPostWithingASingleView_AreAllowed()
{
// Arrange
// Do a get request.
var getResponse = await Client.GetAsync("http://localhost/Antiforgery/Login");
var responseBody = await getResponse.Content.ReadAsStringAsync();
// Get the AF token for the second login. If the cookies are generated twice(i.e are different),
// this AF token will not work with the first cookie.
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(
responseBody,
"/Antiforgery/UseFacebookLogin");
var cookieToken = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Antiforgery/Login");
request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "abra"),
new KeyValuePair <string, string>("Password", "cadabra"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await Client.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("OK", await response.Content.ReadAsStringAsync());
}
public async Task ReRegisteringAntiforgeryTokenInsideFormTagHelper_DoesNotAddDuplicateAntiforgeryTokenFields()
{
// Arrange
var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");
var outputFile = "compiler/resources/TagHelpersWebSite.Employee.DuplicateAntiforgeryTokenRegistration.html";
var expectedContent =
await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);
// Act
var response = await Client.GetAsync("http://localhost/Employee/DuplicateAntiforgeryTokenRegistration");
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);
responseContent = responseContent.Trim();
var forgeryToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(
responseContent, "/Employee/DuplicateAntiforgeryTokenRegistration");
#if GENERATE_BASELINES
// Reverse usual substitution and insert a format item into the new file content.
responseContent = responseContent.Replace(forgeryToken, "{0}");
ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
expectedContent = string.Format(expectedContent, forgeryToken);
Assert.Equal(
expectedContent.Trim(),
responseContent,
ignoreLineEndingDifferences: true);
#endif
}
public async Task PageConventions_CustomizedModelCanPostToHandlers()
{
// Arrange
var getPage = await Client.GetAsync("/CustomModelTypeModel");
var token = AntiforgeryTestHelper.RetrieveAntiforgeryToken(await getPage.Content.ReadAsStringAsync(), "");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getPage);
var message = new HttpRequestMessage(HttpMethod.Post, "/CustomModelTypeModel");
message.Content = new FormUrlEncodedContent(new Dictionary <string, string>
{
["__RequestVerificationToken"] = token,
["ConfirmPassword"] = "",
["Password"] = "",
["Email"] = ""
});
message.Headers.TryAddWithoutValidation("Cookie", $"{cookie.Key}={cookie.Value}");
// Act
var response = await Client.SendAsync(message);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
Assert.Contains("is required.", content);
}
public async Task SetCookieAndHeaderBeforeFlushAsync_PostToForm()
{
// Arrange
// do a get response.
var getResponse = await Client.GetAsync("http://localhost/Antiforgery/FlushAsyncLogin");
var responseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(
responseBody,
"Antiforgery/FlushAsyncLogin");
var cookieToken = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Antiforgery/FlushAsyncLogin");
request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "test"),
new KeyValuePair <string, string>("Password", "password"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await Client.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("OK", await response.Content.ReadAsStringAsync());
}
public async Task Antiforgery_HeaderNotSet_SendsBadRequest()
{
// Arrange
var getResponse = await Client.GetAsync("http://localhost/Antiforgery/Login");
var responseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(
responseBody,
"Antiforgery/Login");
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Antiforgery/Login");
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "test"),
new KeyValuePair <string, string>("Password", "password"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await Client.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
public async Task HelloWorldWithPageModelHandler_CanPostContent()
{
// Arrange
var getRequest = new HttpRequestMessage(HttpMethod.Get, "http://localhost/HelloWorldWithPageModelHandler?message=message");
var getResponse = await Client.SendAsync(getRequest);
var getResponseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "/HelloWorlWithPageModelHandler");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var postRequest = new HttpRequestMessage(HttpMethod.Post, "http://localhost/HelloWorldWithPageModelHandler");
postRequest.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
postRequest.Headers.Add("RequestVerificationToken", formToken);
// Act
var response = await Client.SendAsync(postRequest);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
Assert.StartsWith("Hello, You posted!", content.Trim());
}
public async Task PageConventions_CustomizedModelCanWorkWithModelState_EnforcesBindRequired()
{
// Arrange
var getPage = await Client.GetAsync("/CustomModelTypeModel?Attempts=0");
var token = AntiforgeryTestHelper.RetrieveAntiforgeryToken(await getPage.Content.ReadAsStringAsync(), "");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getPage);
var message = new HttpRequestMessage(HttpMethod.Post, "/CustomModelTypeModel")
{
Content = new FormUrlEncodedContent(new Dictionary <string, string>
{
["__RequestVerificationToken"] = token,
["Email"] = "*****@*****.**",
["Password"] = "******",
["ConfirmPassword"] = "******",
})
};
message.Headers.TryAddWithoutValidation("Cookie", $"{cookie.Key}={cookie.Value}");
// Act
var response = await Client.SendAsync(message);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var responseText = await response.Content.ReadAsStringAsync();
Assert.Contains(
"A value for the 'Attempts' parameter or property was not provided.",
responseText);
}
public async Task PageConventions_CustomizedModelCanWorkWithModelState()
{
// Arrange
var getPage = await Client.GetAsync("/CustomModelTypeModel");
var token = AntiforgeryTestHelper.RetrieveAntiforgeryToken(await getPage.Content.ReadAsStringAsync(), "");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getPage);
var message = new HttpRequestMessage(HttpMethod.Post, "/CustomModelTypeModel");
message.Content = new FormUrlEncodedContent(new Dictionary <string, string>
{
["__RequestVerificationToken"] = token,
["Email"] = "*****@*****.**",
["Password"] = "******",
["ConfirmPassword"] = "******",
});
message.Headers.TryAddWithoutValidation("Cookie", $"{cookie.Key}={cookie.Value}");
// Act
var response = await Client.SendAsync(message);
// Assert
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
Assert.Equal("/", response.Headers.Location.ToString());
}
private async Task AddAntiforgeryHeaders(HttpRequestMessage request)
{
var getResponse = await Client.GetAsync(request.RequestUri);
Assert.Equal(HttpStatusCode.OK, getResponse.StatusCode);
var getResponseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
request.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
request.Headers.Add("RequestVerificationToken", formToken);
}
public async Task HtmlGenerationWebSite_GeneratesExpectedResults(string action, string antiforgeryPath)
{
// Arrange
var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");
var outputFile = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home." + action + ".html";
var expectedContent =
await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);
// Act
// The host is not important as everything runs in memory and tests are isolated from each other.
var response = await Client.GetAsync("http://localhost/HtmlGeneration_Home/" + action);
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);
responseContent = responseContent.Trim();
if (antiforgeryPath == null)
{
#if GENERATE_BASELINES
ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
// Mono issue - https://github.com/aspnet/External/issues/19
Assert.Equal(
PlatformNormalizer.NormalizeContent(expectedContent.Trim()),
responseContent,
ignoreLineEndingDifferences: true);
#endif
}
else
{
var forgeryToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(responseContent, antiforgeryPath);
#if GENERATE_BASELINES
// Reverse usual substitution and insert a format item into the new file content.
responseContent = responseContent.Replace(forgeryToken, "{0}");
ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
expectedContent = string.Format(expectedContent, forgeryToken);
// Mono issue - https://github.com/aspnet/External/issues/19
Assert.Equal(
PlatformNormalizer.NormalizeContent(expectedContent.Trim()),
responseContent,
ignoreLineEndingDifferences: true);
#endif
}
}
public async Task FormTagHelper_WithPageHandler_AllowsPostingToSelf()
{
//Arrange
var expected =
@"<form action=""/TagHelper/PostWithHandler/Edit"" method=""post""><input name=""__RequestVerificationToken"" type=""hidden"" value=""{0}"" /></form>
<form method=""post"" action=""/TagHelper/PostWithHandler/Edit""><input name=""__RequestVerificationToken"" type=""hidden"" value=""{0}"" /></form>
<form method=""post"" action=""/TagHelper/PostWithHandler/Edit/10""></form>";
// Act
var response = await Client.GetStringAsync("/TagHelper/PostWithHandler");
// Assert
var responseContent = response.Trim();
var forgeryToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(responseContent, "/TagHelper/PostWithHandler");
var expectedContent = string.Format(expected, forgeryToken);
Assert.Equal(expectedContent, responseContent, ignoreLineEndingDifferences: true);
}
public async Task ValidationTagHelpers_GeneratesExpectedSpansAndDivs()
{
// Arrange
var outputFile = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Customer.Index.html";
var expectedContent =
await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Customer/HtmlGeneration_Customer");
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("Number", string.Empty),
new KeyValuePair <string, string>("Name", string.Empty),
new KeyValuePair <string, string>("Email", string.Empty),
new KeyValuePair <string, string>("PhoneNumber", string.Empty),
new KeyValuePair <string, string>("Password", string.Empty)
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await Client.SendAsync(request);
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
responseContent = responseContent.Trim();
var forgeryToken =
AntiforgeryTestHelper.RetrieveAntiforgeryToken(responseContent, "Customer/HtmlGeneration_Customer");
#if GENERATE_BASELINES
// Reverse usual substitution and insert a format item into the new file content.
responseContent = responseContent.Replace(forgeryToken, "{0}");
ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent);
#else
expectedContent = string.Format(expectedContent, forgeryToken);
// Mono issue - https://github.com/aspnet/External/issues/19
Assert.Equal(
PlatformNormalizer.NormalizeContent(expectedContent.Trim()),
responseContent,
ignoreLineEndingDifferences: true);
#endif
}
public async Task Get_ReturnsOkAndAntiforgeryToken(string path)
{
// Arrange & Act
var response = await Client.GetAsync(path);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("text/html", response.Content.Headers.ContentType.MediaType);
var html = await response.Content.ReadAsStringAsync();
Assert.NotNull(html);
Assert.NotEmpty(html);
var token = AntiforgeryTestHelper.RetrieveAntiforgeryToken(html, "/");
Assert.NotNull(token);
Assert.NotEmpty(token);
}
public async Task TempData_TempDataPropertyOnPageModel_PopulatesTempData()
{
// Arrange 1
var getRequest = new HttpRequestMessage(HttpMethod.Get, "http://localhost/TempData/TempDataPageModelProperty");
var getResponse = await Client.SendAsync(getRequest);
var getResponseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "/TempData/TempDataPageModelProperty");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var url = "http://localhost/TempData/TempDataPageModelProperty";
var request = new HttpRequestMessage(HttpMethod.Post, url);
request.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
request.Headers.Add("RequestVerificationToken", formToken);
// Act 1
var response = await Client.SendAsync(request);
// Assert 1
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
Assert.StartsWith("Message: Secret post", content.Trim());
Assert.EndsWith("TempData:", content.Trim());
// Arrange 2
request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/TempData/TempDataPageModelProperty");
request.Headers.Add("Cookie", GetCookie(response));
// Act 2
response = await Client.SendAsync(request);
// Assert 2
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
content = await response.Content.ReadAsStringAsync();
Assert.StartsWith("Message: Secret post", content.Trim());
Assert.EndsWith("TempData: Secret post", content.Trim());
}
public async Task Post_ReturnsOkAndNewPerson(string path)
{
// Arrange & Act 1
var html = await Client.GetStringAsync(path);
// Assert 1 (guard)
Assert.NotEmpty(html);
// Arrange 2
var token = AntiforgeryTestHelper.RetrieveAntiforgeryToken(html, "/");
var name = Guid.NewGuid().ToString();
name = name.Substring(startIndex: 0, length: name.LastIndexOf('-'));
var form = new Dictionary <string, string>
{
{ "__RequestVerificationToken", token },
{ "Age", "12" },
{ "BirthDate", "2006-03-01T09:51:43.041-07:00" },
{ "Name", name },
};
var content = new FormUrlEncodedContent(form);
var request = new HttpRequestMessage(HttpMethod.Post, path)
{
Content = content,
};
// Act 2
var response = await Client.SendAsync(request);
// Assert 2
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var body = await response.Content.ReadAsStringAsync();
Assert.NotNull(body);
Assert.Contains($@"value=""{name}""", body);
}
public async Task PageModel_Handler_ReturnTypeImplementsIActionResult()
{
// Arrange
var getResponse = await Client.GetAsync("http://localhost/ModelHandlerTestPage");
var getResponseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "/ModelHandlerTestPage");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var postRequest = new HttpRequestMessage(HttpMethod.Post, "http://localhost/ModelHandlerTestPage/CustomActionResult");
postRequest.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
postRequest.Headers.Add("RequestVerificationToken", formToken);
// Act
var response = await Client.SendAsync(postRequest);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
Assert.Equal("CustomActionResult", content);
}
public async Task ReRegisteringAntiforgeryTokenInsideFormTagHelper_DoesNotAddDuplicateAntiforgeryTokenFields()
{
// Arrange
var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");
var outputFile = "compiler/resources/TagHelpersWebSite.Employee.DuplicateAntiforgeryTokenRegistration.html";
var expectedContent =
await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);
// Act
var response = await Client.GetAsync("http://localhost/Employee/DuplicateAntiforgeryTokenRegistration");
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);
responseContent = responseContent.Trim();
var forgeryToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(
responseContent, "/Employee/DuplicateAntiforgeryTokenRegistration");
ResourceFile.UpdateOrVerify(_resourcesAssembly, outputFile, expectedContent, responseContent, forgeryToken);
}
public async Task HtmlGenerationWebSite_GenerateEncodedResults(string action, string antiforgeryPath)
{
// Arrange
var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8");
var outputFile = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home." + action + ".Encoded.html";
var expectedContent =
await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);
// Act
// The host is not important as everything runs in memory and tests are isolated from each other.
var response = await EncodedClient.GetAsync("http://localhost/HtmlGeneration_Home/" + action);
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedMediaType, response.Content.Headers.ContentType);
responseContent = responseContent.Trim();
if (antiforgeryPath == null)
{
ResourceFile.UpdateOrVerify(_resourcesAssembly, outputFile, expectedContent, responseContent);
}
else
{
ResourceFile.UpdateOrVerify(_resourcesAssembly, outputFile, expectedContent, responseContent, token: AntiforgeryTestHelper.RetrieveAntiforgeryToken(responseContent, antiforgeryPath));
}
}
public async Task ValidationTagHelpers_GeneratesExpectedSpansAndDivs()
{
// Arrange
var outputFile = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Customer.Index.html";
var expectedContent =
await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Customer/HtmlGeneration_Customer");
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("Number", string.Empty),
new KeyValuePair <string, string>("Name", string.Empty),
new KeyValuePair <string, string>("Email", string.Empty),
new KeyValuePair <string, string>("PhoneNumber", string.Empty),
new KeyValuePair <string, string>("Password", string.Empty)
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await Client.SendAsync(request);
var responseContent = await response.Content.ReadAsStringAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
responseContent = responseContent.Trim();
ResourceFile.UpdateOrVerify(_resourcesAssembly, outputFile, expectedContent, responseContent, token: AntiforgeryTestHelper.RetrieveAntiforgeryToken(responseContent, "Customer/HtmlGeneration_Customer"));
}