public void MissingCookiesValidXSRFTokenUnauthTest()
{
// get a paired client and xsrf token
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
// extract the client
var client = clientxsrf.client;
// give client empty cookie containter
client.CookieContainer = new System.Net.CookieContainer();
// extract the xsrf token
var xsrfToken = clientxsrf.xsrfToken;
// set the uri for the authorised api request
client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");
//setup the request
var request = RequestHelpers.BasicPostRequest();
//get the authorization token and adds the token to the request
request.AddHeader("X-XSRF-TOKEN", xsrfToken);
// we don't expect out result to be valid as we have no valid cookies,
// even though we have attatched a valid xsrf token as a header.
// check response
ResponseHelpers.CheckResponse(client, request, expectValid: false);
}
public void APIUserLogoutTest()
{
// login to the backend server
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
// extract the client
var client = clientxsrf.client;
// should be 3 cookies after login
Assert.Equal(3, client.CookieContainer.Count);
// extract the xsrf token
var xsrfToken = clientxsrf.xsrfToken;
// set the logout url
client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/authorization/logout");
//setup the request headers
var request = RequestHelpers.BasicPostRequest();
// get the authorization token and adds the token to the request
request.AddHeader("X-XSRF-TOKEN", xsrfToken);
// execute the logout request
var response = client.Execute(request);
// valid response
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
// should be no cookies in the response after login
Assert.Equal(0, response.Cookies.Count);
ApiOutputHelper.WriteRequestResponseOutput(request, response, _output);
}
public void MissingXSRFTokenValidCookiesUnauthTest()
{
// get a paired client and xsrf token
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
// extract the client
var client = clientxsrf.client;
// extract the xsrf token
var xsrfToken = clientxsrf.xsrfToken;
// set the uri for the authorised api request
client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");
//setup the request
var request = RequestHelpers.BasicPostRequest();
// we don't expect out result to be valid since we have not attatched a valid
// xsrf token as a header, although we do have valid cookies
ResponseHelpers.CheckResponse(client, request, expectValid: false);
}
public void ValidCookiesValidXSRFTokenAuth()
{
// get a paired client and xsrf token
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
// extract the client
var client = clientxsrf.client;
// extract the xsrf token
var xsrfToken = clientxsrf.xsrfToken;
// set the uri for the authorised api request
client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");
//setup the request
var request = RequestHelpers.BasicPostRequest();
//get the authorization token and adds the token to the request
request.AddHeader("X-XSRF-TOKEN", xsrfToken);
// we expect out result to be valid since we have valid cookies and a valid xsrfToken as a header
// check response
ResponseHelpers.CheckResponse(client, request, expectValid: true);
}
