public void CheckIfRestRequest_Cookie_WhenAjaxCSRFTokenIsValid_ThenGetRequestShouldBeAjax() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='a' mode='Server' /></r>"); var validToken = "valid-token"; var httpContextInfo = new HttpContextInfo(); httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax"); httpContextInfo.QueryString.Add("xtags-http-method", "GET"); httpContextInfo.QueryString.Add("xtags-id", "a"); httpContextInfo.QueryString.Add("xtags-token", validToken); httpContextInfo.Cookies.Add(new HttpCookie("a")); httpContextInfo.Cookies["a"].Value = validToken; var result = new xContext(httpContextInfo) .Do(new LoadLibrary(doc)) .Do(new CreateTag("template")) .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) => { Assert.IsTrue(isAjax); Assert.AreEqual(context.xTag.Id, "a"); }, useCsrfCookies: true), new RenderHtml()); var responseText = result.ResponseText.ToString(); Assert.IsTrue(responseText.StartsWith("(function(){")); Assert.IsTrue(responseText.Contains("'a'")); Assert.IsTrue(responseText.Contains("'" + httpContextInfo.PageUri() + "'")); Assert.IsTrue(responseText.EndsWith("})();")); Assert.AreEqual(result.ContentType, "text/plain"); }
internal bool FilterHttpContext (HttpContextInfo ctx) { if (ChannelDispatcher == null) return true; // no mex can be involved. if (ctx.Request.HttpMethod.ToUpper () != "GET") return !ChannelDispatcher.IsMex; // non-GET request never matches mex channel dispatcher. var sme = ChannelDispatcher.Host.Extensions.Find<ServiceMetadataExtension> (); if (sme == null) return true; // no mex can be involved. var listener = ChannelDispatcher.Listener; var mex = sme.Instance; // now the request is GET, and we have to return true or false based on the matrix below: // matches wsdl or help| yes | no | // mex | yes | no | yes | no | // --------------------+-----+----+-----+----+ // | T | F | F | T | bool match = (mex.WsdlUrl != null && Uri.Compare (ctx.Request.Url, mex.WsdlUrl, cmpflag, fmtflag, StringComparison.Ordinal) == 0) || (mex.HelpUrl != null && Uri.Compare (ctx.Request.Url, mex.HelpUrl, cmpflag, fmtflag, StringComparison.Ordinal) == 0); return !(match ^ ChannelDispatcher.IsMex); }
HttpChannelListenerEntry SelectChannel (HttpContextInfo ctx) { foreach (var e in Entries) if (e.FilterHttpContext (ctx)) return e; return null; }
public void CheckIfRestRequest_Cookies_WhenAjaxCSRFTokenInvalid_ThenTokenShouldBeSentFirst() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='a' mode='Server' /></r>"); var httpContextInfo = new HttpContextInfo(); httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax"); httpContextInfo.QueryString.Add("xtags-http-method", "GET"); httpContextInfo.QueryString.Add("xtags-id", "a"); httpContextInfo.QueryString.Add("xtags-token", "Invalid token"); httpContextInfo.Cookies.Add(new HttpCookie("a")); httpContextInfo.Cookies["a"].Value = "Invalid"; var result = new xContext(httpContextInfo) .Do(new LoadLibrary(doc)) .Do(new CreateTag("template")) .DoFirst(x => x != null, new CheckIfRestRequest(onGet: EmptyGetHandler, useCsrfCookies: true), new RenderHtml()); var responseText = result.ResponseText.ToString(); Assert.IsTrue(responseText.StartsWith("{\"xtags-renew-token\":\"")); Assert.IsTrue(responseText.EndsWith("\"}")); Assert.AreEqual(result.ContentType, "text/plain"); Assert.AreEqual(result.ResponseCookies["a"].Value, responseText.Replace("{\"xtags-renew-token\":\"", string.Empty).Replace("\"}", string.Empty)); }
public void ProcessNewContext (HttpContextInfo ctxi) { var ce = SelectChannel (ctxi); if (ce == null) throw new InvalidOperationException ("HttpListenerContext does not match any of the registered channels"); ce.ContextQueue.Enqueue (ctxi); ce.WaitHandle.Set (); }
public void SaveTag_Session_WhenTagIsSaved_ThenIsLoadedAgain() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='a' modetype='session'><data type='text/name-value' name='test'><![CDATA[starting value]]></data></template></r>"); var persistedValue = "New value"; var httpContextInfo = new HttpContextInfo(); var xTagContext = new xContext(httpContextInfo).Do(new LoadLibrary(doc)).Do(new CreateTag("template")); xTagContext.xTag.Data["test"] = persistedValue; xTagContext.Do(new SaveTag()); var xTagContext2 = new xContext(httpContextInfo).Do(new LoadLibrary(doc)).Do(new CreateTag("template")).Do(new LoadTag()); Assert.AreEqual(xTagContext2.xTag.Data["test"], persistedValue); }
public bool TryDequeueRequest (ChannelDispatcher channel, TimeSpan timeout, out HttpContextInfo context) { DateTime start = DateTime.Now; context = null; var ce = Entries.FirstOrDefault (e => e.ChannelDispatcher == channel); if (ce == null) return false; lock (ce.RetrieverLock) { var q = ce.ContextQueue; if (q.Count == 0) { bool ret = ce.WaitHandle.WaitOne (timeout); return ret && TryDequeueRequest (channel, timeout - (DateTime.Now - start), out context); // recurse, am lazy :/ } context = q.Dequeue (); return true; } }
public bool TryDequeueRequest (ChannelDispatcher channel, TimeSpan timeout, out HttpContextInfo context) { DateTime start = DateTime.Now; context = null; HttpChannelListenerEntry ce = null; lock (entries_lock) { ce = Entries.FirstOrDefault (e => e.ChannelDispatcher == channel); } if (ce == null) return false; lock (ce.RetrieverLock) { var q = ce.ContextQueue; if (q.Count == 0) { if (timeout.TotalMilliseconds < 0) return false; TimeSpan waitTimeout = timeout; if (timeout == TimeSpan.MaxValue) waitTimeout = TimeSpan.FromMilliseconds (int.MaxValue); bool ret = ce.WaitHandle.WaitOne (waitTimeout); return ret && TryDequeueRequest (channel, waitTimeout - (DateTime.Now - start), out context); // recurse, am lazy :/ } context = q.Dequeue (); return true; } }
public void CheckIfRestRequest_WhenRequestBeenSendForNotAServerTemplate_ThenNormaHtmlShouldBeProcessed() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='a' /></r>"); var httpContextInfo = new HttpContextInfo(); httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax"); httpContextInfo.QueryString.Add("xtags-http-method", "GET"); httpContextInfo.QueryString.Add("xtags-id", "a"); var result = new xContext(httpContextInfo) .Do(new LoadLibrary(doc)) .Do(new CreateTag("template")) .DoFirst(x => x != null, new CheckIfRestRequest(), new RenderHtml()); var responseText = result.ResponseText.ToString(); Assert.AreEqual(responseText, "<div id='a'></div>"); }
public void CheckIfRestRequest_WhenAjaxSentWithoutCSRFTokenWhenCSRFIsDisabled_ThenNormalAjaxRequest() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='b' mode='Server' /></r>"); var httpContextInfo = new HttpContextInfo(); httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax"); httpContextInfo.QueryString.Add("xtags-http-method", "GET"); httpContextInfo.QueryString.Add("xtags-id", "b"); var result = new xContext(httpContextInfo) .Do(new LoadLibrary(doc)) .Do(new CreateTag("template")) .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) => { Assert.IsTrue(isAjax); Assert.AreEqual(context.xTag.Id, "b"); }, csrfProtectionEnabled: false), new RenderHtml()); Assert.AreEqual(result.ContentType, "text/plain"); Assert.IsNull(httpContextInfo.Session("b")); Assert.IsNull(result.ResponseCookies["b"]); }
public void CheckIfRestRequest_Session_WhenAjaxIsValidValuesOnlyRequest_ThenJsonResponseRendered() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='a' mode='Server' /></r>"); var validToken = "valid-token"; var httpContextInfo = new HttpContextInfo(); httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax"); httpContextInfo.QueryString.Add("xtags-http-method", "GET"); httpContextInfo.QueryString.Add("xtags-id", "a"); httpContextInfo.QueryString.Add("xtags-token", validToken); httpContextInfo.QueryString.Add("callback", "callbackMethod"); httpContextInfo.QueryString.Add("xtags-values-only", "xtags-values-only"); httpContextInfo.Session("a", validToken); var result = new xContext(httpContextInfo) .Do(new LoadLibrary(doc)) .Do(new CreateTag("template")) .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) => { Assert.IsTrue(isAjax); Assert.AreEqual(context.xTag.Id, "a"); }), new RenderHtml()); var responseText = result.ResponseText.ToString(); var json = JsonConvert.DeserializeObject(responseText); Assert.AreEqual(result.ContentType, "text/plain"); }
public void CheckIfRestRequest_Session_WhenAjaxHasCallback_ThenJsonpResponseRendered() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='a' mode='Server' /></r>"); var validToken = "valid-token"; var httpContextInfo = new HttpContextInfo(); httpContextInfo.QueryString.Add("xtags-xajax", "xtags-xajax"); httpContextInfo.QueryString.Add("xtags-http-method", "GET"); httpContextInfo.QueryString.Add("xtags-id", "a"); httpContextInfo.QueryString.Add("xtags-token", validToken); httpContextInfo.QueryString.Add("callback", "callbackMethod"); httpContextInfo.Session("a", validToken); var result = new xContext(httpContextInfo) .Do(new LoadLibrary(doc)) .Do(new CreateTag("template")) .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (context, isAjax) => { Assert.IsTrue(isAjax); Assert.AreEqual(context.xTag.Id, "a"); }), new RenderHtml()) .Do(new RenderJsonpIfRequested()); var responseText = result.ResponseText.ToString(); Assert.IsTrue(responseText.StartsWith("callbackMethod(\"(function(){")); Assert.IsTrue(responseText.Contains("'a'")); Assert.IsTrue(responseText.Contains("'" + httpContextInfo.PageUri() + "'")); Assert.IsTrue(responseText.EndsWith("})();\");")); Assert.AreEqual(result.ContentType, "text/javascript"); }
public void CheckIfRestRequest_FormPost_WhenCSRFTokenIsValidButValuesAreMixedBetweenFormAndQuerystring_ThenTheHandlerShouldNotBeExecuted() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='a' mode='Server' /></r>"); var validToken = "valid-token"; var httpContextInfo = new HttpContextInfo(httpMethod: "POST"); httpContextInfo.QueryString.Add("xtags-id", "a"); httpContextInfo.Form.Add("xtags-token", validToken); httpContextInfo.Session("a", validToken); var isMethodCalled = false; var result = new xContext(httpContextInfo) .Do(new LoadLibrary(doc)) .Do(new CreateTag("template")) .DoFirst(x => x != null, new CheckIfRestRequest(onPost: (tag, isAjax) => { isMethodCalled = true; }), new RenderHtml()); var responseText = result.ResponseText.ToString(); Assert.AreEqual(responseText, "<div id='a'></div>"); Assert.AreEqual(result.ContentType, "text/html"); Assert.IsFalse(isMethodCalled); }
public void CheckIfRestRequest_FormPost_WhenAjaxCSRFTokenIsValid_ThenGetRequestShouldBeAjax() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='a' mode='Server' /></r>"); var validToken = "valid-token"; var httpContextInfo = new HttpContextInfo(httpMethod: "POST"); httpContextInfo.QueryString.Add("xtags-id", "a"); httpContextInfo.Form.Add("xtags-token", validToken); httpContextInfo.Session("a", validToken); var result = new xContext(httpContextInfo) .Do(new LoadLibrary(doc)) .Do(new CreateTag("template")) .DoFirst(x => x != null, new CheckIfRestRequest(onPost: (context, isAjax) => { Assert.IsFalse(isAjax); Assert.AreEqual(context.xTag.Id, "a"); }), new RenderHtml()); var responseText = result.ResponseText.ToString(); Assert.AreEqual(responseText, "<div id='a'></div>"); Assert.AreEqual(result.ContentType, "text/html"); }
public void CheckIfRestRequest_FormGet_WhenAjaxCSRFTokenInvalid_ThenServerGetIsNotRequestedAndJustRenderResponse() { var doc = new XmlDocument(); doc.LoadXml("<r><template id='a' mode='Server' /></r>"); var validToken = "valid-token"; var httpContextInfo = new HttpContextInfo(); httpContextInfo.QueryString.Add("xtags-http-method", "GET"); httpContextInfo.QueryString.Add("xtags-id", "a"); httpContextInfo.QueryString.Add("xtags-token", validToken); httpContextInfo.Session("a", "invalid-token"); var isMethodCalled = false; var result = new xContext(httpContextInfo) .Do(new LoadLibrary(doc)) .Do(new CreateTag("template")) .DoFirst(x => x != null, new CheckIfRestRequest(onGet: (tag, isAjax) => { isMethodCalled = true; }), new RenderHtml()); var responseText = result.ResponseText.ToString(); Assert.AreEqual(responseText, "<div id='a'></div>"); Assert.AreEqual(result.ContentType, "text/html"); Assert.IsFalse(isMethodCalled); }