public void ChecksSSL() { // Arrange Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.Request.IsSecureConnection).Returns(false); IAntiForgeryConfig config = new MockAntiForgeryConfig() { RequireSSL = true }; AntiForgeryWorker worker = new AntiForgeryWorker( config: config, serializer: null, tokenStore: null, validator: null); // Act & assert var ex = Assert.Throws<InvalidOperationException>(() => worker.Validate(mockHttpContext.Object, "session-token", "field-token")); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws<InvalidOperationException>(() => worker.Validate(mockHttpContext.Object)); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws<InvalidOperationException>(() => worker.GetFormInputElement(mockHttpContext.Object)); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws<InvalidOperationException>(() => { string dummy1, dummy2; worker.GetTokens(mockHttpContext.Object, "cookie-token", out dummy1, out dummy2); }); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); }
public void ChecksSSL() { // Arrange Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.Request.IsSecureConnection).Returns(false); IAntiForgeryConfig config = new MockAntiForgeryConfig() { RequireSSL = true }; AntiForgeryWorker worker = new AntiForgeryWorker( config: config, serializer: null, tokenStore: null, validator: null); // Act & assert var ex = Assert.Throws <InvalidOperationException>(() => worker.Validate(mockHttpContext.Object, "session-token", "field-token")); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws <InvalidOperationException>(() => worker.Validate(mockHttpContext.Object)); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws <InvalidOperationException>(() => worker.GetFormInputElement(mockHttpContext.Object)); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); ex = Assert.Throws <InvalidOperationException>(() => { string dummy1, dummy2; worker.GetTokens(mockHttpContext.Object, "cookie-token", out dummy1, out dummy2); }); Assert.Equal(@"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request.", ex.Message); }
public void Validate_FromStore_Success() { // Arrange GenericIdentity identity = new GenericIdentity("some-user"); Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.User).Returns(new GenericPrincipal(identity, new string[0])); AntiForgeryToken cookieToken = new AntiForgeryToken(); AntiForgeryToken formToken = new AntiForgeryToken(); Mock <MockableTokenStore> mockTokenStore = new Mock <MockableTokenStore>(); mockTokenStore.Setup(o => o.GetCookieToken(mockHttpContext.Object)).Returns(cookieToken); mockTokenStore.Setup(o => o.GetFormToken(mockHttpContext.Object)).Returns(formToken); Mock <MockableTokenValidator> mockValidator = new Mock <MockableTokenValidator>(); mockValidator.Setup(o => o.ValidateTokens(mockHttpContext.Object, identity, cookieToken, formToken)).Verifiable(); AntiForgeryWorker worker = new AntiForgeryWorker( config: new MockAntiForgeryConfig(), serializer: null, tokenStore: mockTokenStore.Object, validator: mockValidator.Object); // Act worker.Validate(mockHttpContext.Object); // Assert mockValidator.Verify(); }
public void Validate_FromStore_Failure() { // Arrange GenericIdentity identity = new GenericIdentity("some-user"); Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>(); mockHttpContext.Setup(o => o.User).Returns(new GenericPrincipal(identity, new string[0])); AntiForgeryToken cookieToken = new AntiForgeryToken(); AntiForgeryToken formToken = new AntiForgeryToken(); Mock <MockableTokenStore> mockTokenStore = new Mock <MockableTokenStore>(); mockTokenStore.Setup(o => o.GetCookieToken(mockHttpContext.Object)).Returns(cookieToken); mockTokenStore.Setup(o => o.GetFormToken(mockHttpContext.Object)).Returns(formToken); Mock <MockableTokenValidator> mockValidator = new Mock <MockableTokenValidator>(); mockValidator.Setup(o => o.ValidateTokens(mockHttpContext.Object, identity, cookieToken, formToken)).Throws(new HttpAntiForgeryException("my-message")); AntiForgeryWorker worker = new AntiForgeryWorker( config: new MockAntiForgeryConfig(), serializer: null, tokenStore: mockTokenStore.Object, validator: mockValidator.Object); // Act & assert var ex = Assert.Throws <HttpAntiForgeryException>(() => worker.Validate(mockHttpContext.Object)); Assert.Equal("my-message", ex.Message); }
public void ChecksSSL_Validate_Throws() { // Arrange var mockHttpContext = new Mock <HttpContext>(); mockHttpContext.Setup(o => o.Request.IsSecure) .Returns(false); var config = new AntiForgeryOptions() { RequireSSL = true }; var worker = new AntiForgeryWorker( config: config, serializer: null, tokenStore: null, generator: null, validator: null); // Act & assert var ex = Assert.Throws <InvalidOperationException>( () => worker.Validate(mockHttpContext.Object, cookieToken: null, formToken: null)); Assert.Equal( @"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " + "but the current request is not an SSL request.", ex.Message); }
public void ChecksSSL_Validate_Throws() { // Arrange var mockHttpContext = new Mock<HttpContext>(); mockHttpContext.Setup(o => o.Request.IsHttps) .Returns(false); var config = new AntiForgeryOptions() { RequireSSL = true }; var worker = new AntiForgeryWorker( config: config, serializer: null, tokenStore: null, generator: null, validator: null, htmlEncoder: new HtmlEncoder()); // Act & assert var ex = Assert.Throws<InvalidOperationException>( () => worker.Validate(mockHttpContext.Object, cookieToken: null, formToken: null)); Assert.Equal( @"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " + "but the current request is not an SSL request.", ex.Message); }
private static void Validate_Helper(string cookieValue, string formValue, string username = "******") { // Arrange //ValidateAntiForgeryTokenAttribute attribute = GetAttribute(); var context = CreateContext(cookieValue, formValue, username); AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; // Act & Assert ExceptionAssert.Throws <HttpAntiForgeryException>( delegate { //attribute.OnAuthorization(authContext); worker.Validate(context, "the real salt"); }, "A required anti-forgery token was not supplied or was invalid."); }
/// <summary> /// Validates an anti-forgery token that was supplied for this request. /// The anti-forgery token may be generated by calling GetHtml(). /// </summary> /// <remarks> /// Throws an HttpAntiForgeryException if validation fails. /// </remarks> public static void Validate(HttpRequestMessage request) { s_worker.Validate(request); }
public void Validate_FromStore_Success() { // Arrange GenericIdentity identity = new GenericIdentity("some-user"); Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.User).Returns(new GenericPrincipal(identity, new string[0])); AntiForgeryToken cookieToken = new AntiForgeryToken(); AntiForgeryToken formToken = new AntiForgeryToken(); Mock<MockableTokenStore> mockTokenStore = new Mock<MockableTokenStore>(); mockTokenStore.Setup(o => o.GetCookieToken(mockHttpContext.Object)).Returns(cookieToken); mockTokenStore.Setup(o => o.GetFormToken(mockHttpContext.Object)).Returns(formToken); Mock<MockableTokenValidator> mockValidator = new Mock<MockableTokenValidator>(); mockValidator.Setup(o => o.ValidateTokens(mockHttpContext.Object, identity, cookieToken, formToken)).Verifiable(); AntiForgeryWorker worker = new AntiForgeryWorker( config: new MockAntiForgeryConfig(), serializer: null, tokenStore: mockTokenStore.Object, validator: mockValidator.Object); // Act worker.Validate(mockHttpContext.Object); // Assert mockValidator.Verify(); }
public void Validate_FromStore_Failure() { // Arrange GenericIdentity identity = new GenericIdentity("some-user"); Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>(); mockHttpContext.Setup(o => o.User).Returns(new GenericPrincipal(identity, new string[0])); AntiForgeryToken cookieToken = new AntiForgeryToken(); AntiForgeryToken formToken = new AntiForgeryToken(); Mock<MockableTokenStore> mockTokenStore = new Mock<MockableTokenStore>(); mockTokenStore.Setup(o => o.GetCookieToken(mockHttpContext.Object)).Returns(cookieToken); mockTokenStore.Setup(o => o.GetFormToken(mockHttpContext.Object)).Returns(formToken); Mock<MockableTokenValidator> mockValidator = new Mock<MockableTokenValidator>(); mockValidator.Setup(o => o.ValidateTokens(mockHttpContext.Object, identity, cookieToken, formToken)).Throws(new HttpAntiForgeryException("my-message")); AntiForgeryWorker worker = new AntiForgeryWorker( config: new MockAntiForgeryConfig(), serializer: null, tokenStore: mockTokenStore.Object, validator: mockValidator.Object); // Act & assert var ex = Assert.Throws<HttpAntiForgeryException>(() => worker.Validate(mockHttpContext.Object)); Assert.Equal("my-message", ex.Message); }
private static void Validate_Helper(string cookieValue, string formValue, string username = "******") { // Arrange //ValidateAntiForgeryTokenAttribute attribute = GetAttribute(); var context = CreateContext(cookieValue, formValue, username); AntiForgeryWorker worker = new AntiForgeryWorker() { Serializer = new DummyAntiForgeryTokenSerializer() }; // Act & Assert ExceptionAssert.Throws<HttpAntiForgeryException>( delegate { //attribute.OnAuthorization(authContext); worker.Validate(context, "the real salt"); }, "A required anti-forgery token was not supplied or was invalid."); }