public CsrfStartupFixture()
{
this.pipelines = new MockPipelines();
var csrfStartup = new CsrfStartup(
CryptographyConfiguration.Default,
new DefaultObjectSerializer(),
new DefaultCsrfTokenValidator(CryptographyConfiguration.Default));
csrfStartup.Initialize(this.pipelines);
this.request = new FakeRequest("GET", "/");
this.response = new Response();
}
public void Should_copy_request_cookie_to_context_but_not_response_if_it_exists_and_context_does_not_contain_token()
{
this.request.Cookies.Add(CsrfToken.DEFAULT_CSRF_KEY, "ValidToken");
var fakeValidator = A.Fake<ICsrfTokenValidator>();
A.CallTo(() => fakeValidator.CookieTokenStillValid(A<CsrfToken>.Ignored)).Returns(true);
var csrfStartup = new CsrfStartup(
this.cryptographyConfiguration,
this.objectSerializer,
fakeValidator);
csrfStartup.Initialize(this.pipelines);
var context = new NancyContext { Request = this.request, Response = this.response };
this.pipelines.AfterRequest.Invoke(context);
this.response.Cookies.Any(c => c.Name == CsrfToken.DEFAULT_CSRF_KEY).ShouldBeFalse();
context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY).ShouldBeTrue();
context.Items[CsrfToken.DEFAULT_CSRF_KEY].ShouldEqual("ValidToken");
}
public void Should_http_decode_cookie_token_when_copied_to_the_context()
{
var fakeValidator = A.Fake<ICsrfTokenValidator>();
A.CallTo(() => fakeValidator.CookieTokenStillValid(A<CsrfToken>.Ignored)).Returns(true);
var csrfStartup = new CsrfStartup(
this.cryptographyConfiguration,
this.objectSerializer,
fakeValidator);
csrfStartup.Initialize(this.pipelines);
this.request.Cookies.Add(CsrfToken.DEFAULT_CSRF_KEY, HttpUtility.UrlEncode("Testing Token"));
var context = new NancyContext { Request = this.request, Response = this.response };
this.pipelines.AfterRequest.Invoke(context);
this.response.Cookies.Any(c => c.Name == CsrfToken.DEFAULT_CSRF_KEY).ShouldBeFalse();
context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY).ShouldBeTrue();
context.Items[CsrfToken.DEFAULT_CSRF_KEY].ShouldEqual("Testing Token");
}
