public async Task GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = new FormCollection(new Dictionary <string, StringValues>() { { "form-field-name", "form-value" }, }); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary <string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of <IAntiforgeryTokenSerializer>()); // Act var tokens = await tokenStore.GetRequestTokensAsync(httpContext); // Assert Assert.Equal("cookie-value", tokens.CookieToken); Assert.Equal("form-value", tokens.FormToken); }
public async Task GetRequestTokens_NonFormContentType_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/json"; // Will not be accessed httpContext.Request.Form = null; httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary <string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: new DefaultAntiforgeryTokenSerializer(new EphemeralDataProtectionProvider())); // Act var exception = await Assert.ThrowsAsync <InvalidOperationException>( async() => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery form field \"form-field-name\" is not present.", exception.Message); }
public async Task GetRequestTokens_FormFieldIsEmpty_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = new FormCollection(new Dictionary <string, StringValues>()); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary <string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of <IAntiforgeryTokenSerializer>()); // Act var exception = await Assert.ThrowsAsync <InvalidOperationException>( async() => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery form field \"form-field-name\" is not present.", exception.Message); }
public async Task GetRequestTokens_CookieIsEmpty_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.Form = new FormCollection(new Dictionary <string, string[]>()); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary <string, string[]>()); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: null); // Act var exception = await Assert.ThrowsAsync <InvalidOperationException>( async() => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery cookie \"cookie-name\" is not present.", exception.Message); }
public async Task GetFormToken_FormFieldIsValid_ReturnsToken() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = new FormCollection(new Dictionary<string, StringValues>() { { "form-field-name", "form-value" }, }); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary<string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>()); // Act var tokens = await tokenStore.GetRequestTokensAsync(httpContext); // Assert Assert.Equal("cookie-value", tokens.CookieToken); Assert.Equal("form-value", tokens.FormToken); }
public async Task GetRequestTokens_FormFieldIsEmpty_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = new FormCollection(new Dictionary<string, StringValues>()); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary<string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>()); // Act var exception = await Assert.ThrowsAsync<InvalidOperationException>( async () => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery form field \"form-field-name\" is not present.", exception.Message); }
public async Task GetRequestTokens_NonFormContentType_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = "application/json"; // Will not be accessed httpContext.Request.Form = null; httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary<string, StringValues>() { { "cookie-name", "cookie-value" }, }); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: new DefaultAntiforgeryTokenSerializer(new EphemeralDataProtectionProvider())); // Act var exception = await Assert.ThrowsAsync<InvalidOperationException>( async () => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery form field \"form-field-name\" is not present.", exception.Message); }
public async Task GetRequestTokens_CookieIsEmpty_Throws() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.Form = new FormCollection(new Dictionary<string, string[]>()); httpContext.Request.Cookies = new ReadableStringCollection(new Dictionary<string, string[]>()); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore( optionsAccessor: new TestOptionsManager(options), tokenSerializer: null); // Act var exception = await Assert.ThrowsAsync<InvalidOperationException>( async () => await tokenStore.GetRequestTokensAsync(httpContext)); // Assert Assert.Equal("The required antiforgery cookie \"cookie-name\" is not present.", exception.Message); }