public void GetCookieToken_CookieDoesNotExist_ReturnsNull() { // Arrange var requestCookies = new Mock<IReadableStringCollection>(); requestCookies .Setup(o => o[It.IsAny<string>()]) .Returns(string.Empty); var mockHttpContext = new Mock<HttpContext>(); mockHttpContext .Setup(o => o.Request.Cookies) .Returns(requestCookies.Object); var contextAccessor = new DefaultAntiforgeryContextAccessor(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>()); // Act var token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Null(token); }
public void GetCookieToken_CookieIsInvalid_PropagatesException() { // Arrange var mockHttpContext = GetMockHttpContext(_cookieName, "invalid-value"); var expectedException = new InvalidOperationException("some exception"); var mockSerializer = new Mock <IAntiforgeryTokenSerializer>(); mockSerializer .Setup(o => o.Deserialize("invalid-value")) .Throws(expectedException); var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act & assert var ex = Assert.Throws <InvalidOperationException>(() => tokenStore.GetCookieToken(mockHttpContext)); Assert.Same(expectedException, ex); }
public async Task GetRequestTokens_CookieIsEmpty_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.Form = new FormCollection(new Dictionary <string, string[]>()); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary <string, string[]>()); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: null); // Act var exception = await Assert.ThrowsAsync <InvalidOperationException>( async() => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery cookie \"cookie-name\" is not present.", exception.Message); }
public AntiforgeryTokenStore( IOptions<AntiforgeryOptions> optionsAccessor, IAntiforgeryTokenSerializer tokenSerializer) { this.tokenStore = new DefaultAntiforgeryTokenStore(optionsAccessor, tokenSerializer); this.options = optionsAccessor.Value; }
public void GetCookieToken_CookieIsValid_ReturnsToken() { // Arrange var expectedToken = new AntiforgeryToken(); var mockHttpContext = GetMockHttpContext(_cookieName, "valid-value"); var mockSerializer = new Mock <IAntiforgeryTokenSerializer>(); mockSerializer .Setup(o => o.Deserialize("valid-value")) .Returns(expectedToken); var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act AntiforgeryToken retVal = tokenStore.GetCookieToken(mockHttpContext); // Assert Assert.Same(expectedToken, retVal); }
public void GetCookieToken_CookieDoesNotExist_ReturnsNull() { // Arrange var requestCookies = new Mock <IReadableStringCollection>(); requestCookies .Setup(o => o[It.IsAny <string>()]) .Returns(string.Empty); var mockHttpContext = new Mock <HttpContext>(); mockHttpContext .Setup(o => o.Request.Cookies) .Returns(requestCookies.Object); var contextAccessor = new DefaultAntiforgeryContextAccessor(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of <IAntiforgeryTokenSerializer>()); // Act var token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Null(token); }
public async Task GetRequestTokens_NonFormContentType_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/json"; // Will not be accessed httpContext.Request.Form = null; httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary <string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: new DefaultAntiforgeryTokenSerializer(new EphemeralDataProtectionProvider())); // Act var exception = await Assert.ThrowsAsync <InvalidOperationException>( async() => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery form field \"form-field-name\" is not present.", exception.Message); }
public async Task GetRequestTokens_FormFieldIsEmpty_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = new FormCollection(new Dictionary <string, StringValues>()); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary <string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of <IAntiforgeryTokenSerializer>()); // Act var exception = await Assert.ThrowsAsync <InvalidOperationException>( async() => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery form field \"form-field-name\" is not present.", exception.Message); }
public async Task GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = new FormCollection(new Dictionary <string, StringValues>() { { "form-field-name", "form-value" }, }); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary <string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of <IAntiforgeryTokenSerializer>()); // Act var tokens = await tokenStore.GetRequestTokensAsync(httpContext); // Assert Assert.Equal("cookie-value", tokens.CookieToken); Assert.Equal("form-value", tokens.FormToken); }
public void GetCookieToken_CookieIsMissingInRequest_LooksUpCookieInAntiforgeryContext() { // Arrange var requestCookies = new Mock<IReadableStringCollection>(); requestCookies .Setup(o => o[It.IsAny<string>()]) .Returns(string.Empty); var mockHttpContext = new Mock<HttpContext>(); mockHttpContext .Setup(o => o.Request.Cookies) .Returns(requestCookies.Object); var contextAccessor = new DefaultAntiforgeryContextAccessor(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); // add a cookie explicitly. var cookie = new AntiforgeryToken(); contextAccessor.Value = new AntiforgeryContext() { CookieToken = cookie }; var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>()); // Act var token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Equal(cookie, token); }
public async Task GetFormToken_FormFieldIsEmpty_ReturnsNull() { // Arrange var mockHttpContext = new Mock <HttpContext>(); var requestContext = new Mock <HttpRequest>(); var formCollection = new Mock <IFormCollection>(); formCollection.Setup(f => f["form-field-name"]).Returns(string.Empty); requestContext.Setup(o => o.ReadFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formCollection.Object)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var options = new AntiforgeryOptions() { FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: null); // Act var token = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Null(token); }
public void SaveCookieToken(bool requireSsl, bool?expectedCookieSecureFlag) { // Arrange var token = new AntiforgeryToken(); var mockCookies = new Mock <IResponseCookies>(); bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); cookies.Count = 0; var mockHttpContext = new Mock <HttpContext>(); mockHttpContext.Setup(o => o.Response.Cookies) .Returns(cookies); var contextAccessor = new DefaultAntiforgeryContextAccessor(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); var mockSerializer = new Mock <IAntiforgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)) .Returns("serialized-value"); var options = new AntiforgeryOptions() { CookieName = _cookieName, RequireSsl = requireSsl }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(contextAccessor.Value.CookieToken); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }
public void GetCookieToken_CookieIsEmpty_ReturnsNull() { // Arrange var mockHttpContext = GetMockHttpContext(_cookieName, string.Empty); var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of <IAntiforgeryTokenSerializer>()); // Act var token = tokenStore.GetCookieToken(mockHttpContext); // Assert Assert.Null(token); }
public void GetCookieToken_CookieIsMissingInRequest_LooksUpCookieInAntiforgeryContext() { // Arrange var requestCookies = new Mock <IReadableStringCollection>(); requestCookies .Setup(o => o[It.IsAny <string>()]) .Returns(string.Empty); var mockHttpContext = new Mock <HttpContext>(); mockHttpContext .Setup(o => o.Request.Cookies) .Returns(requestCookies.Object); var contextAccessor = new DefaultAntiforgeryContextAccessor(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); // add a cookie explicitly. var cookie = new AntiforgeryToken(); contextAccessor.Value = new AntiforgeryContext() { CookieToken = cookie }; var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of <IAntiforgeryTokenSerializer>()); // Act var token = tokenStore.GetCookieToken(mockHttpContext.Object); // Assert Assert.Equal(cookie, token); }
public async Task GetFormToken_FormFieldIsInvalid_PropagatesException() { // Arrange var formCollection = new Mock <IFormCollection>(); formCollection.Setup(f => f["form-field-name"]).Returns("invalid-value"); var requestContext = new Mock <HttpRequest>(); requestContext.Setup(o => o.ReadFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formCollection.Object)); var mockHttpContext = new Mock <HttpContext>(); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var expectedException = new InvalidOperationException("some exception"); var mockSerializer = new Mock <IAntiforgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("invalid-value")) .Throws(expectedException); var options = new AntiforgeryOptions() { FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act & assert var exception = await Assert.ThrowsAsync <InvalidOperationException>( async() => await tokenStore.GetFormTokenAsync(mockHttpContext.Object)); Assert.Same(expectedException, exception); }
public async Task GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange var expectedToken = new AntiforgeryToken(); // Arrange var mockHttpContext = new Mock <HttpContext>(); var requestContext = new Mock <HttpRequest>(); var formCollection = new Mock <IFormCollection>(); formCollection.Setup(f => f["form-field-name"]).Returns("valid-value"); requestContext.Setup(o => o.ReadFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formCollection.Object)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var mockSerializer = new Mock <IAntiforgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("valid-value")) .Returns(expectedToken); var options = new AntiforgeryOptions() { FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act var retVal = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Same(expectedToken, retVal); }
public async Task GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = new FormCollection(new Dictionary<string, StringValues>() { { "form-field-name", "form-value" }, }); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary<string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>()); // Act var tokens = await tokenStore.GetRequestTokensAsync(httpContext); // Assert Assert.Equal("cookie-value", tokens.CookieToken); Assert.Equal("form-value", tokens.FormToken); }
public async Task GetFormToken_FormFieldIsEmpty_ReturnsNull() { // Arrange var mockHttpContext = new Mock<HttpContext>(); var requestContext = new Mock<HttpRequest>(); var formCollection = new Mock<IFormCollection>(); formCollection.Setup(f => f["form-field-name"]).Returns(string.Empty); requestContext.Setup(o => o.ReadFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formCollection.Object)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var options = new AntiforgeryOptions() { FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: null); // Act var token = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Null(token); }
public async Task GetFormToken_FormFieldIsInvalid_PropagatesException() { // Arrange var formCollection = new Mock<IFormCollection>(); formCollection.Setup(f => f["form-field-name"]).Returns("invalid-value"); var requestContext = new Mock<HttpRequest>(); requestContext.Setup(o => o.ReadFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formCollection.Object)); var mockHttpContext = new Mock<HttpContext>(); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var expectedException = new InvalidOperationException("some exception"); var mockSerializer = new Mock<IAntiforgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("invalid-value")) .Throws(expectedException); var options = new AntiforgeryOptions() { FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act & assert var exception = await Assert.ThrowsAsync<InvalidOperationException>( async () => await tokenStore.GetFormTokenAsync(mockHttpContext.Object)); Assert.Same(expectedException, exception); }
public async Task GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange var expectedToken = new AntiforgeryToken(); // Arrange var mockHttpContext = new Mock<HttpContext>(); var requestContext = new Mock<HttpRequest>(); var formCollection = new Mock<IFormCollection>(); formCollection.Setup(f => f["form-field-name"]).Returns("valid-value"); requestContext.Setup(o => o.ReadFormAsync(CancellationToken.None)) .Returns(Task.FromResult(formCollection.Object)); mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); var mockSerializer = new Mock<IAntiforgeryTokenSerializer>(); mockSerializer.Setup(o => o.Deserialize("valid-value")) .Returns(expectedToken); var options = new AntiforgeryOptions() { FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act var retVal = await tokenStore.GetFormTokenAsync(mockHttpContext.Object); // Assert Assert.Same(expectedToken, retVal); }
public async Task GetRequestTokens_CookieIsEmpty_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.Form = new FormCollection(new Dictionary<string, string[]>()); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary<string, string[]>()); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: null); // Act var exception = await Assert.ThrowsAsync<InvalidOperationException>( async () => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery cookie \"cookie-name\" is not present.", exception.Message); }
public void GetCookieToken_CookieIsInvalid_PropagatesException() { // Arrange var mockHttpContext = GetMockHttpContext(_cookieName, "invalid-value"); var expectedException = new InvalidOperationException("some exception"); var mockSerializer = new Mock<IAntiforgeryTokenSerializer>(); mockSerializer .Setup(o => o.Deserialize("invalid-value")) .Throws(expectedException); var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act & assert var ex = Assert.Throws<InvalidOperationException>(() => tokenStore.GetCookieToken(mockHttpContext)); Assert.Same(expectedException, ex); }
public void GetCookieToken_CookieIsValid_ReturnsToken() { // Arrange var expectedToken = new AntiforgeryToken(); var mockHttpContext = GetMockHttpContext(_cookieName, "valid-value"); var mockSerializer = new Mock<IAntiforgeryTokenSerializer>(); mockSerializer .Setup(o => o.Deserialize("valid-value")) .Returns(expectedToken); var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act AntiforgeryToken retVal = tokenStore.GetCookieToken(mockHttpContext); // Assert Assert.Same(expectedToken, retVal); }
public async Task GetRequestTokens_NonFormContentType_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/json"; // Will not be accessed httpContext.Request.Form = null; httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary<string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: new DefaultAntiforgeryTokenSerializer(new EphemeralDataProtectionProvider())); // Act var exception = await Assert.ThrowsAsync<InvalidOperationException>( async () => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery form field \"form-field-name\" is not present.", exception.Message); }
public void GetCookieToken_CookieIsEmpty_ReturnsNull() { // Arrange var mockHttpContext = GetMockHttpContext(_cookieName, string.Empty); var options = new AntiforgeryOptions() { CookieName = _cookieName }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>()); // Act var token = tokenStore.GetCookieToken(mockHttpContext); // Assert Assert.Null(token); }
public async Task GetRequestTokens_FormFieldIsEmpty_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = new FormCollection(new Dictionary<string, StringValues>()); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary<string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>()); // Act var exception = await Assert.ThrowsAsync<InvalidOperationException>( async () => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery form field \"form-field-name\" is not present.", exception.Message); }
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag) { // Arrange var token = new AntiforgeryToken(); var mockCookies = new Mock<IResponseCookies>(); bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); cookies.Count = 0; var mockHttpContext = new Mock<HttpContext>(); mockHttpContext.Setup(o => o.Response.Cookies) .Returns(cookies); var contextAccessor = new DefaultAntiforgeryContextAccessor(); mockHttpContext.SetupGet(o => o.RequestServices) .Returns(GetServiceProvider(contextAccessor)); var mockSerializer = new Mock<IAntiforgeryTokenSerializer>(); mockSerializer.Setup(o => o.Serialize(token)) .Returns("serialized-value"); var options = new AntiforgeryOptions() { CookieName = _cookieName, RequireSsl = requireSsl }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: mockSerializer.Object); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(contextAccessor.Value.CookieToken); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }