public void GetHtml_ReturnsFormFieldAndSetsCookieValueIfDoesNotExist() { // Arrange AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; var context = CreateContext(); // Act string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString(); // Assert Assert.True(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match."); Match formMatch = _randomFormValueSuffixRegex.Match(formValue); string formTokenValue = formMatch.Groups["value"].Value; HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName]; Assert.NotNull(cookie); Assert.True(cookie.HttpOnly, "Cookie should have HTTP-only flag set."); Assert.True(String.IsNullOrEmpty(cookie.Domain), "Domain should not have been set."); Assert.Equal("/", cookie.Path); Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value); string cookieTokenValue = cookieMatch.Groups["value"].Value; Assert.Equal(formTokenValue, cookieTokenValue); }
public void GetHtml_SetsCookieDomainAndPathIfSpecified() { // Arrange AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; var context = CreateContext(); // Act string formValue = worker.GetHtml(context, "some other salt", "theDomain", "thePath").ToHtmlString(); // Assert Assert.True(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match."); Match formMatch = _randomFormValueSuffixRegex.Match(formValue); string formTokenValue = formMatch.Groups["value"].Value; HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName]; Assert.NotNull(cookie); Assert.True(cookie.HttpOnly, "Cookie should have HTTP-only flag set."); Assert.Equal("theDomain", cookie.Domain); Assert.Equal("thePath", cookie.Path); Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value); string cookieTokenValue = cookieMatch.Groups["value"].Value; Assert.Equal(formTokenValue, cookieTokenValue); }
public void GetHtml_CreatesNewCookieValueIfCookieExistsButIsNotValid() { // Arrange AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; var context = CreateContext("invalid"); // Act string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString(); // Assert Assert.IsTrue(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match."); Match formMatch = _randomFormValueSuffixRegex.Match(formValue); string formTokenValue = formMatch.Groups["value"].Value; HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName]; Assert.IsNotNull(cookie, "Cookie was not set correctly."); Assert.IsTrue(cookie.HttpOnly, "Cookie should have HTTP-only flag set."); Assert.IsTrue(String.IsNullOrEmpty(cookie.Domain), "Domain should not have been set."); Assert.AreEqual("/", cookie.Path, "Path should have remained at '/' by default."); Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value); string cookieTokenValue = cookieMatch.Groups["value"].Value; Assert.AreEqual(formTokenValue, cookieTokenValue, "Form and cookie token values did not match."); }
public void GetHtml_SetsCookieDomainAndPathIfSpecified() { // Arrange AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; var context = CreateContext(); // Act string formValue = worker.GetHtml(context, "some other salt", "theDomain", "thePath").ToHtmlString(); // Assert Assert.IsTrue(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match."); Match formMatch = _randomFormValueSuffixRegex.Match(formValue); string formTokenValue = formMatch.Groups["value"].Value; HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName]; Assert.IsNotNull(cookie, "Cookie was not set correctly."); Assert.IsTrue(cookie.HttpOnly, "Cookie should have HTTP-only flag set."); Assert.AreEqual("theDomain", cookie.Domain); Assert.AreEqual("thePath", cookie.Path); Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value); string cookieTokenValue = cookieMatch.Groups["value"].Value; Assert.AreEqual(formTokenValue, cookieTokenValue, "Form and cookie token values did not match."); }
public void GetHtml_ReturnsFormFieldAndSetsCookieValueIfDoesNotExist() { // Arrange AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; var context = CreateContext(); // Act string formValue = worker.GetHtml(context,"some other salt", null, null).ToHtmlString(); // Assert Assert.IsTrue(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match."); Match formMatch = _randomFormValueSuffixRegex.Match(formValue); string formTokenValue = formMatch.Groups["value"].Value; HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName]; Assert.IsNotNull(cookie, "Cookie was not set correctly."); Assert.IsTrue(cookie.HttpOnly, "Cookie should have HTTP-only flag set."); Assert.IsTrue(String.IsNullOrEmpty(cookie.Domain), "Domain should not have been set."); Assert.AreEqual("/", cookie.Path, "Path should have remained at '/' by default."); Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value); string cookieTokenValue = cookieMatch.Groups["value"].Value; Assert.AreEqual(formTokenValue, cookieTokenValue, "Form and cookie token values did not match."); }
public void GetHtml_ReusesCookieValueIfExistsAndIsValid() { // Arrange AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; var context = CreateContext("2001-01-01:some value:some salt:username"); // Act string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString(); // Assert Assert.True(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match."); Assert.True(formValue.EndsWith(_someValueSuffix), "Form value suffix did not match."); Assert.Equal(0, context.Response.Cookies.Count); }
public void GetHtml_ReusesCookieValueIfExistsAndIsValid() { // Arrange AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; var context = CreateContext("2001-01-01:some value:some salt:username"); // Act string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString(); // Assert Assert.IsTrue(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match."); Assert.IsTrue(formValue.EndsWith(_someValueSuffix), "Form value suffix did not match."); Assert.AreEqual(0, context.Response.Cookies.Count, "Cookie should not have been added to response."); }
public void GetHtml_CreatesNewCookieValueIfCookieExistsButIsNotValid() { // Arrange AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; var context = CreateContext("invalid"); // Act string formValue = worker.GetHtml(context, "some other salt", null, null).ToHtmlString(); // Assert Assert.True(formValue.StartsWith(_serializedValuePrefix), "Form value prefix did not match."); Match formMatch = _randomFormValueSuffixRegex.Match(formValue); string formTokenValue = formMatch.Groups["value"].Value; HttpCookie cookie = context.Response.Cookies[_antiForgeryTokenCookieName]; Assert.NotNull(cookie); Assert.True(cookie.HttpOnly, "Cookie should have HTTP-only flag set."); Assert.True(String.IsNullOrEmpty(cookie.Domain), "Domain should not have been set."); Assert.Equal("/", cookie.Path); Match cookieMatch = _randomCookieValueSuffixRegex.Match(cookie.Value); string cookieTokenValue = cookieMatch.Groups["value"].Value; Assert.Equal(formTokenValue, cookieTokenValue); }