コード例 #1
0
        public void CheckIfRestRequest_Session_WhenAjaxSentWithoutCSRFToken_ThenTokenShouldBeSentFirst()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: EmptyGetHandler), new RenderHtml());

            var responseText = result.ResponseText.ToString();

            Assert.IsTrue(responseText.StartsWith("{\"xtags-renew-token\":\""));
            Assert.IsTrue(responseText.EndsWith("\"}"));
            Assert.AreEqual(result.ContentType, "text/plain");
            Assert.AreEqual(httpContextInfo.Session("a"), responseText.Replace("{\"xtags-renew-token\":\"", string.Empty).Replace("\"}", string.Empty));
        }
コード例 #2
0
        public void CheckIfRestRequest_WhenAjaxSentWithoutCSRFTokenWhenCSRFIsDisabled_ThenNormalAjaxRequest()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='b' mode='Server' /></r>");

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "b");

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) =>
                    {
                        Assert.IsTrue(isAjax);
                        Assert.AreEqual(context.xTag.Id, "b");
                    }, csrfProtectionEnabled: false), new RenderHtml());

            Assert.AreEqual(result.ContentType, "text/plain");
            Assert.IsNull(httpContextInfo.Session("b"));
            Assert.IsNull(result.ResponseCookies["b"]);
        }
コード例 #3
0
        public void CheckIfRestRequest_Session_WhenAjaxIsValidValuesOnlyRequest_ThenJsonResponseRendered()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.QueryString.Add("xtags-token", validToken);
            httpContextInfo.QueryString.Add("callback", "callbackMethod");
            httpContextInfo.QueryString.Add("xtags-values-only", "xtags-values-only");

            httpContextInfo.Session("a", validToken);

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) =>
                    {
                        Assert.IsTrue(isAjax);
                        Assert.AreEqual(context.xTag.Id, "a");
                    }), new RenderHtml());

            var responseText = result.ResponseText.ToString();
            var json = JsonConvert.DeserializeObject(responseText);
            Assert.AreEqual(result.ContentType, "text/plain");
        }
コード例 #4
0
        public void CheckIfRestRequest_Session_WhenAjaxHasCallback_ThenJsonpResponseRendered()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax");
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.QueryString.Add("xtags-token", validToken);
            httpContextInfo.QueryString.Add("callback", "callbackMethod");

            httpContextInfo.Session("a", validToken);

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) =>
                    {
                        Assert.IsTrue(isAjax);
                        Assert.AreEqual(context.xTag.Id, "a");
                    }), new RenderHtml())
                    .Do(new RenderJsonpIfRequested());

            var responseText = result.ResponseText.ToString();

            Assert.IsTrue(responseText.StartsWith("callbackMethod(\"(function(){"));
            Assert.IsTrue(responseText.Contains("'a'"));
            Assert.IsTrue(responseText.Contains("'" + httpContextInfo.PageUri() + "'"));
            Assert.IsTrue(responseText.EndsWith("})();\");"));
            Assert.AreEqual(result.ContentType, "text/javascript");
        }
コード例 #5
0
        public void CheckIfRestRequest_FormPost_WhenCSRFTokenIsValidButValuesAreMixedBetweenFormAndQuerystring_ThenTheHandlerShouldNotBeExecuted()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo(httpMethod: "POST");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.Form.Add("xtags-token", validToken);

            httpContextInfo.Session("a", validToken);

            var isMethodCalled = false;

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onPost: (tag, isAjax) =>
                    {
                        isMethodCalled = true;
                    }), new RenderHtml());

            var responseText = result.ResponseText.ToString();
            Assert.AreEqual(responseText, "<div id='a'></div>");
            Assert.AreEqual(result.ContentType, "text/html");
            Assert.IsFalse(isMethodCalled);
        }
コード例 #6
0
        public void CheckIfRestRequest_FormPost_WhenAjaxCSRFTokenIsValid_ThenGetRequestShouldBeAjax()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo(httpMethod: "POST");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.Form.Add("xtags-token", validToken);

            httpContextInfo.Session("a", validToken);

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onPost: (context, isAjax) =>
                    {
                        Assert.IsFalse(isAjax);
                        Assert.AreEqual(context.xTag.Id, "a");
                    }), new RenderHtml());

            var responseText = result.ResponseText.ToString();
            Assert.AreEqual(responseText, "<div id='a'></div>");
            Assert.AreEqual(result.ContentType, "text/html");
        }
コード例 #7
0
        public void CheckIfRestRequest_FormGet_WhenAjaxCSRFTokenInvalid_ThenServerGetIsNotRequestedAndJustRenderResponse()
        {
            var doc = new XmlDocument();
            doc.LoadXml("<r><template id='a' mode='Server' /></r>");

            var validToken = "valid-token";

            var httpContextInfo = new HttpContextInfo();
            httpContextInfo.QueryString.Add("xtags-http-method", "GET");
            httpContextInfo.QueryString.Add("xtags-id", "a");
            httpContextInfo.QueryString.Add("xtags-token", validToken);

            httpContextInfo.Session("a", "invalid-token");

            var isMethodCalled = false;

            var result =
                new xContext(httpContextInfo)
                    .Do(new LoadLibrary(doc))
                    .Do(new CreateTag("template"))
                    .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (tag, isAjax) =>
                    {
                        isMethodCalled = true;
                    }), new RenderHtml());

            var responseText = result.ResponseText.ToString();
            Assert.AreEqual(responseText, "<div id='a'></div>");
            Assert.AreEqual(result.ContentType, "text/html");
            Assert.IsFalse(isMethodCalled);
        }