コード例 #1
0
        public void CheckIfRestRequest_Cookie_WhenAjaxCSRFTokenIsValid_ThenGetRequestShouldBeAjax()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.QueryString.Add("xtags-token", validToken);

            httpContextInfo.Cookies.Add(new HttpCookie("a"));
            httpContextInfo.Cookies["a"].Value = validToken;

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) =>
                    {
                        Assert.IsTrue(isAjax);
                        Assert.AreEqual(context.xTag.Id, "a");
                    }, useCsrfCookies: true), new RenderHtml());

            var responseText = result.ResponseText.ToString();

            Assert.IsTrue(responseText.StartsWith("(function(){"));
            Assert.IsTrue(responseText.Contains("'a'"));
            Assert.IsTrue(responseText.Contains("'" + httpContextInfo.PageUri() + "'"));
            Assert.IsTrue(responseText.EndsWith("})();"));
            Assert.AreEqual(result.ContentType, "text/plain");
        }
コード例 #2
0
		internal bool FilterHttpContext (HttpContextInfo ctx)
		{
			if (ChannelDispatcher == null)
				return true; // no mex can be involved.
			if (ctx.Request.HttpMethod.ToUpper () != "GET")
				return !ChannelDispatcher.IsMex; // non-GET request never matches mex channel dispatcher.
			var sme = ChannelDispatcher.Host.Extensions.Find<ServiceMetadataExtension> ();
			if (sme == null)
				return true; // no mex can be involved.

			var listener = ChannelDispatcher.Listener;
			var mex = sme.Instance;

			// now the request is GET, and we have to return true or false based on the matrix below:
			// matches wsdl or help| yes      |  no      |
			// mex                 | yes | no | yes | no |
			// --------------------+-----+----+-----+----+
			//                     |  T  | F  |  F  |  T |

			bool match =
				(mex.WsdlUrl != null && Uri.Compare (ctx.Request.Url, mex.WsdlUrl, cmpflag, fmtflag, StringComparison.Ordinal) == 0) ||
				(mex.HelpUrl != null && Uri.Compare (ctx.Request.Url, mex.HelpUrl, cmpflag, fmtflag, StringComparison.Ordinal) == 0);

			return !(match ^ ChannelDispatcher.IsMex);
		}
コード例 #3
0
ファイル: HttpListenerManager.cs プロジェクト: carrie901/mono
		HttpChannelListenerEntry SelectChannel (HttpContextInfo ctx)
		{
			foreach (var e in Entries)
				if (e.FilterHttpContext (ctx))
					return e;
			return null;
		}
コード例 #4
0
        public void CheckIfRestRequest_Cookies_WhenAjaxCSRFTokenInvalid_ThenTokenShouldBeSentFirst()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.QueryString.Add("xtags-token", "Invalid token");

            httpContextInfo.Cookies.Add(new HttpCookie("a"));
            httpContextInfo.Cookies["a"].Value = "Invalid";

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: EmptyGetHandler, useCsrfCookies: true), new RenderHtml());

            var responseText = result.ResponseText.ToString();

            Assert.IsTrue(responseText.StartsWith("{\"xtags-renew-token\":\""));
            Assert.IsTrue(responseText.EndsWith("\"}"));
            Assert.AreEqual(result.ContentType, "text/plain");
            Assert.AreEqual(result.ResponseCookies["a"].Value, responseText.Replace("{\"xtags-renew-token\":\"", string.Empty).Replace("\"}", string.Empty));
        }
コード例 #5
0
ファイル: HttpListenerManager.cs プロジェクト: carrie901/mono
		public void ProcessNewContext (HttpContextInfo ctxi)
		{
			var ce = SelectChannel (ctxi);
			if (ce == null)
				throw new InvalidOperationException ("HttpListenerContext does not match any of the registered channels");
			ce.ContextQueue.Enqueue (ctxi);
			ce.WaitHandle.Set ();
		}
コード例 #6
0
        public void SaveTag_Session_WhenTagIsSaved_ThenIsLoadedAgain()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' modetype='session'><data type='text/name-value' name='test'><![CDATA[starting value]]></data></template></r>");
            var persistedValue = "New value";

            var httpContextInfo = new HttpContextInfo();

            var xTagContext = new xContext(httpContextInfo).Do(new LoadLibrary(doc)).Do(new CreateTag("template"));
            xTagContext.xTag.Data["test"] = persistedValue;
            xTagContext.Do(new SaveTag());

            var xTagContext2 = new xContext(httpContextInfo).Do(new LoadLibrary(doc)).Do(new CreateTag("template")).Do(new LoadTag());

            Assert.AreEqual(xTagContext2.xTag.Data["test"], persistedValue);
        }
コード例 #7
0
ファイル: HttpListenerManager.cs プロジェクト: carrie901/mono
		public bool TryDequeueRequest (ChannelDispatcher channel, TimeSpan timeout, out HttpContextInfo context)
		{
			DateTime start = DateTime.Now;

			context = null;
			var ce = Entries.FirstOrDefault (e => e.ChannelDispatcher == channel);
			if (ce == null)
				return false;
			lock (ce.RetrieverLock) {
				var q = ce.ContextQueue;
				if (q.Count == 0) {
					bool ret = ce.WaitHandle.WaitOne (timeout);
					return ret && TryDequeueRequest (channel, timeout - (DateTime.Now - start), out context); // recurse, am lazy :/
				}
				context = q.Dequeue ();
				return true;
			}
		}
コード例 #8
0
		public bool TryDequeueRequest (ChannelDispatcher channel, TimeSpan timeout, out HttpContextInfo context)
		{
			DateTime start = DateTime.Now;

			context = null;
			HttpChannelListenerEntry ce = null;
			lock (entries_lock) {
				ce = Entries.FirstOrDefault (e => e.ChannelDispatcher == channel);
			}
			if (ce == null)
				return false;
			lock (ce.RetrieverLock) {
				var q = ce.ContextQueue;
				if (q.Count == 0) {
					if (timeout.TotalMilliseconds < 0) return false;
					TimeSpan waitTimeout = timeout;
					if (timeout == TimeSpan.MaxValue)
						waitTimeout = TimeSpan.FromMilliseconds (int.MaxValue);
					bool ret = ce.WaitHandle.WaitOne (waitTimeout);
					return ret && TryDequeueRequest (channel, waitTimeout - (DateTime.Now - start), out context); // recurse, am lazy :/
				}
				context = q.Dequeue ();
				return true;
			}
		}
コード例 #9
0
        public void CheckIfRestRequest_WhenRequestBeenSendForNotAServerTemplate_ThenNormaHtmlShouldBeProcessed()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' /></r>");

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(), new RenderHtml());

            var responseText = result.ResponseText.ToString();
            Assert.AreEqual(responseText, "<div id='a'></div>");
        }
コード例 #10
0
        public void CheckIfRestRequest_WhenAjaxSentWithoutCSRFTokenWhenCSRFIsDisabled_ThenNormalAjaxRequest()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='b' mode='Server' /></r>");

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "b");

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) =>
                    {
                        Assert.IsTrue(isAjax);
                        Assert.AreEqual(context.xTag.Id, "b");
                    }, csrfProtectionEnabled: false), new RenderHtml());

            Assert.AreEqual(result.ContentType, "text/plain");
            Assert.IsNull(httpContextInfo.Session("b"));
            Assert.IsNull(result.ResponseCookies["b"]);
        }
コード例 #11
0
        public void CheckIfRestRequest_Session_WhenAjaxIsValidValuesOnlyRequest_ThenJsonResponseRendered()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.QueryString.Add("xtags-token", validToken);
            httpContextInfo.QueryString.Add("callback", "callbackMethod");
            httpContextInfo.QueryString.Add("xtags-values-only", "xtags-values-only");

            httpContextInfo.Session("a", validToken);

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) =>
                    {
                        Assert.IsTrue(isAjax);
                        Assert.AreEqual(context.xTag.Id, "a");
                    }), new RenderHtml());

            var responseText = result.ResponseText.ToString();
            var json = JsonConvert.DeserializeObject(responseText);
            Assert.AreEqual(result.ContentType, "text/plain");
        }
コード例 #12
0
        public void CheckIfRestRequest_Session_WhenAjaxHasCallback_ThenJsonpResponseRendered()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.QueryString.Add("xtags-token", validToken);
            httpContextInfo.QueryString.Add("callback", "callbackMethod");

            httpContextInfo.Session("a", validToken);

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) =>
                    {
                        Assert.IsTrue(isAjax);
                        Assert.AreEqual(context.xTag.Id, "a");
                    }), new RenderHtml())
                    .Do(new RenderJsonpIfRequested());

            var responseText = result.ResponseText.ToString();

            Assert.IsTrue(responseText.StartsWith("callbackMethod(\"(function(){"));
            Assert.IsTrue(responseText.Contains("'a'"));
            Assert.IsTrue(responseText.Contains("'" + httpContextInfo.PageUri() + "'"));
            Assert.IsTrue(responseText.EndsWith("})();\");"));
            Assert.AreEqual(result.ContentType, "text/javascript");
        }
コード例 #13
0
        public void CheckIfRestRequest_FormPost_WhenCSRFTokenIsValidButValuesAreMixedBetweenFormAndQuerystring_ThenTheHandlerShouldNotBeExecuted()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo(httpMethod: "POST");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.Form.Add("xtags-token", validToken);

            httpContextInfo.Session("a", validToken);

            var isMethodCalled = false;

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onPost: (tag, isAjax) =>
                    {
                        isMethodCalled = true;
                    }), new RenderHtml());

            var responseText = result.ResponseText.ToString();
            Assert.AreEqual(responseText, "<div id='a'></div>");
            Assert.AreEqual(result.ContentType, "text/html");
            Assert.IsFalse(isMethodCalled);
        }
コード例 #14
0
        public void CheckIfRestRequest_FormPost_WhenAjaxCSRFTokenIsValid_ThenGetRequestShouldBeAjax()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo(httpMethod: "POST");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.Form.Add("xtags-token", validToken);

            httpContextInfo.Session("a", validToken);

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onPost: (context, isAjax) =>
                    {
                        Assert.IsFalse(isAjax);
                        Assert.AreEqual(context.xTag.Id, "a");
                    }), new RenderHtml());

            var responseText = result.ResponseText.ToString();
            Assert.AreEqual(responseText, "<div id='a'></div>");
            Assert.AreEqual(result.ContentType, "text/html");
        }
コード例 #15
0
        public void CheckIfRestRequest_FormGet_WhenAjaxCSRFTokenInvalid_ThenServerGetIsNotRequestedAndJustRenderResponse()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.QueryString.Add("xtags-token", validToken);

            httpContextInfo.Session("a", "invalid-token");

            var isMethodCalled = false;

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (tag, isAjax) =>
                    {
                        isMethodCalled = true;
                    }), new RenderHtml());

            var responseText = result.ResponseText.ToString();
            Assert.AreEqual(responseText, "<div id='a'></div>");
            Assert.AreEqual(result.ContentType, "text/html");
            Assert.IsFalse(isMethodCalled);
        }