public async Task ValidationTagHelpers_GeneratesExpectedSpansAndDivs() { // Arrange var server = TestServer.Create(_provider, _app); var client = server.CreateClient(); var expectedContent = await _resourcesAssembly.ReadResourceAsStringAsync ("compiler/resources/MvcTagHelpersWebSite.MvcTagHelper_Customer.Index.html"); var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Customer/MvcTagHelper_Customer"); var nameValueCollection = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("Number", string.Empty), new KeyValuePair <string, string>("Name", string.Empty), new KeyValuePair <string, string>("Email", string.Empty), new KeyValuePair <string, string>("PhoneNumber", string.Empty), new KeyValuePair <string, string>("Password", string.Empty) }; request.Content = new FormUrlEncodedContent(nameValueCollection); // Act var response = await client.SendAsync(request); var responseContent = await response.Content.ReadAsStringAsync(); // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, "Customer/MvcTagHelper_Customer"); expectedContent = string.Format(expectedContent, forgeryToken); Assert.Equal(expectedContent.Trim(), responseContent.Trim()); }
public async Task InvalidCookieToken_Throws() { // Arrange var server = TestHelper.CreateServer(_app, SiteName, _configureServices); var client = server.CreateClient(); var getResponse = await client.GetAsync("http://localhost/Account/Login"); var resposneBody = await getResponse.Content.ReadAsStringAsync(); var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/Login"); var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse); var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login"); request.Headers.Add("Cookie", cookieToken.Key + "=invalidCookie"); var nameValueCollection = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("__RequestVerificationToken", formToken), new KeyValuePair <string, string>("UserName", "abra"), new KeyValuePair <string, string>("Password", "cadabra"), }; request.Content = new FormUrlEncodedContent(nameValueCollection); // Act var response = await client.SendAsync(request); // Assert var exception = response.GetServerException(); Assert.Equal("The anti-forgery token could not be decrypted.", exception.ExceptionMessage); }
public async Task MvcTagHelpers_GeneratesExpectedResults(string action, string antiForgeryPath) { // Arrange var server = TestServer.Create(_provider, _app); var client = server.CreateClient(); var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8"); // The K runtime compiles every file under compiler/resources as a resource at runtime with the same name // as the file name, in order to update a baseline you just need to change the file in that folder. var expectedContent = await _resourcesAssembly.ReadResourceAsStringAsync ("compiler/resources/MvcTagHelpersWebSite.MvcTagHelper_Home." + action + ".html"); // Act // The host is not important as everything runs in memory and tests are isolated from each other. var response = await client.GetAsync("http://localhost/MvcTagHelper_Home/" + action); var responseContent = await response.Content.ReadAsStringAsync(); // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal(expectedMediaType, response.Content.Headers.ContentType); if (antiForgeryPath != null) { var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, antiForgeryPath); expectedContent = string.Format(expectedContent, forgeryToken); } Assert.Equal(expectedContent.Trim(), responseContent.Trim()); }
public async Task SetCookieAndHeaderBeforeFlushAsync_PostToForm() { // Arrange var server = TestHelper.CreateServer(_app, SiteName, _configureServices); var client = server.CreateClient(); // do a get response. var getResponse = await client.GetAsync("http://localhost/Account/FlushAsyncLogin"); var resposneBody = await getResponse.Content.ReadAsStringAsync(); var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/FlushAsyncLogin"); var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse); var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/FlushAsyncLogin"); request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value); var nameValueCollection = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("__RequestVerificationToken", formToken), new KeyValuePair <string, string>("UserName", "test"), new KeyValuePair <string, string>("Password", "password"), }; request.Content = new FormUrlEncodedContent(nameValueCollection); // Act var response = await client.SendAsync(request); // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal("OK", await response.Content.ReadAsStringAsync()); }
public async Task MultipleFormPostWithingASingleView_AreAllowed() { // Arrange var server = TestHelper.CreateServer(_app, SiteName, _configureServices); var client = server.CreateClient(); // do a get response. var getResponse = await client.GetAsync("http://localhost/Account/Login"); var resposneBody = await getResponse.Content.ReadAsStringAsync(); // Get the AF token for the second login. If the cookies are generated twice(i.e are different), // this AF token will not work with the first cookie. var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/UseFacebookLogin"); var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse); var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login"); request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value); var nameValueCollection = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("__RequestVerificationToken", formToken), new KeyValuePair <string, string>("UserName", "abra"), new KeyValuePair <string, string>("Password", "cadabra"), }; request.Content = new FormUrlEncodedContent(nameValueCollection); // Act var response = await client.SendAsync(request); // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal("OK", await response.Content.ReadAsStringAsync()); }
public async Task MissingAFToken_Throws() { // Arrange var server = TestServer.Create(_services, _app); var client = server.CreateClient(); var getResponse = await client.GetAsync("http://localhost/Account/Login"); var resposneBody = await getResponse.Content.ReadAsStringAsync(); var cookieToken = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse); var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login"); request.Headers.Add("Cookie", "__RequestVerificationToken=" + cookieToken); var nameValueCollection = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("UserName", "abra"), new KeyValuePair <string, string>("Password", "cadabra"), }; request.Content = new FormUrlEncodedContent(nameValueCollection); // Act var response = await client.SendAsync(request); // Assert var exception = response.GetServerException(); Assert.Equal("The required anti-forgery form field \"__RequestVerificationToken\" is not present.", exception.ExceptionMessage); }
public async Task MissingCookieToken_Throws() { // Arrange var server = TestServer.Create(_services, _app); var client = server.CreateClient(); // do a get response. var getResponse = await client.GetAsync("http://localhost/Account/Login"); var resposneBody = await getResponse.Content.ReadAsStringAsync(); var formToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody, "Account/Login"); var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login"); var nameValueCollection = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("__RequestVerificationToken", formToken), new KeyValuePair <string, string>("UserName", "abra"), new KeyValuePair <string, string>("Password", "cadabra"), }; request.Content = new FormUrlEncodedContent(nameValueCollection); // Act & Assert var ex = await Assert.ThrowsAsync <InvalidOperationException>(() => client.SendAsync(request)); Assert.Equal("The required anti-forgery cookie \"__RequestVerificationToken\" is not present.", ex.Message); }
public async Task HtmlGenerationWebSite_GenerateEncodedResults(string action, string antiForgeryPath) { // Arrange var server = TestHelper.CreateServer(_app, SiteName, services => { _configureServices(services); services.AddTransient <IHtmlEncoder, TestHtmlEncoder>(); services.AddTransient <IJavaScriptStringEncoder, TestJavaScriptEncoder>(); services.AddTransient <IUrlEncoder, TestUrlEncoder>(); }); var client = server.CreateClient(); var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8"); var outputFile = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home." + action + ".Encoded.html"; var expectedContent = await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false); // Act // The host is not important as everything runs in memory and tests are isolated from each other. var response = await client.GetAsync("http://localhost/HtmlGeneration_Home/" + action); var responseContent = await response.Content.ReadAsStringAsync(); // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal(expectedMediaType, response.Content.Headers.ContentType); responseContent = responseContent.Trim(); if (antiForgeryPath == null) { #if GENERATE_BASELINES ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent); #else Assert.Equal(expectedContent.Trim(), responseContent); #endif } else { var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, antiForgeryPath); #if GENERATE_BASELINES // Reverse usual substitution and insert a format item into the new file content. responseContent = responseContent.Replace(forgeryToken, "{0}"); ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent); #else expectedContent = string.Format(expectedContent, forgeryToken); Assert.Equal(expectedContent.Trim(), responseContent); #endif } }
public async Task FormTagHelper_GeneratesExpectedContent(bool?optionsAntiForgery) { // Arrange var newServices = new ServiceCollection(); newServices.InitializeTagHelper <FormTagHelper>((helper, _) => helper.AntiForgery = optionsAntiForgery); var server = TestHelper.CreateServer(_app, SiteName, services => { services.Add(newServices); _configureServices(services); }); var client = server.CreateClient(); var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8"); var outputFile = string.Format( "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home.Form.Options.AntiForgery.{0}.html", optionsAntiForgery?.ToString() ?? "null"); var expectedContent = await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false); // Act // The host is not important as everything runs in memory and tests are isolated from each other. var response = await client.GetAsync("http://localhost/HtmlGeneration_Home/Form"); var responseContent = await response.Content.ReadAsStringAsync(); // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal(expectedMediaType, response.Content.Headers.ContentType); responseContent = responseContent.Trim(); var forgeryTokens = AntiForgeryTestHelper.RetrieveAntiForgeryTokens(responseContent).ToArray(); #if GENERATE_BASELINES // Reverse usual substitutions and insert format items into the new file content. for (var index = 0; index < forgeryTokens.Length; index++) { responseContent = responseContent.Replace(forgeryTokens[index], $"{{{ index }}}"); } ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent); #else expectedContent = string.Format(expectedContent, forgeryTokens); Assert.Equal(expectedContent.Trim(), responseContent); #endif }
public async Task IncompatibleCookieToken_Throws() { // Arrange var server = TestHelper.CreateServer(_app, SiteName, _configureServices); var client = server.CreateClient(); // do a get response. // We do two requests to get two different sets of anti forgery cookie and token values. var getResponse1 = await client.GetAsync("http://localhost/Account/Login"); var resposneBody1 = await getResponse1.Content.ReadAsStringAsync(); var formToken1 = AntiForgeryTestHelper.RetrieveAntiForgeryToken(resposneBody1, "Account/Login"); var getResponse2 = await client.GetAsync("http://localhost/Account/Login"); var resposneBody2 = await getResponse2.Content.ReadAsStringAsync(); var cookieToken2 = AntiForgeryTestHelper.RetrieveAntiForgeryCookie(getResponse2); var cookieToken = cookieToken2.Value; var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Account/Login"); request.Headers.Add("Cookie", string.Format("{0}={1}", cookieToken2.Key, cookieToken2.Value)); var formToken = formToken1; var nameValueCollection = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("__RequestVerificationToken", formToken), new KeyValuePair <string, string>("UserName", "abra"), new KeyValuePair <string, string>("Password", "cadabra"), }; request.Content = new FormUrlEncodedContent(nameValueCollection); // Act var response = await client.SendAsync(request); // Assert var exception = response.GetServerException(); Assert.Equal("The anti-forgery cookie token and form field token do not match.", exception.ExceptionMessage); }
public async Task ValidationTagHelpers_GeneratesExpectedSpansAndDivs() { // Arrange var server = TestHelper.CreateServer(_app, SiteName, _configureServices); var client = server.CreateClient(); var outputFile = "compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Customer.Index.html"; var expectedContent = await ResourceFile.ReadResourceAsync(_resourcesAssembly, outputFile, sourceFile : false); var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Customer/HtmlGeneration_Customer"); var nameValueCollection = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("Number", string.Empty), new KeyValuePair <string, string>("Name", string.Empty), new KeyValuePair <string, string>("Email", string.Empty), new KeyValuePair <string, string>("PhoneNumber", string.Empty), new KeyValuePair <string, string>("Password", string.Empty) }; request.Content = new FormUrlEncodedContent(nameValueCollection); // Act var response = await client.SendAsync(request); var responseContent = await response.Content.ReadAsStringAsync(); // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); responseContent = responseContent.Trim(); var forgeryToken = AntiForgeryTestHelper.RetrieveAntiForgeryToken(responseContent, "Customer/HtmlGeneration_Customer"); #if GENERATE_BASELINES // Reverse usual substitution and insert a format item into the new file content. responseContent = responseContent.Replace(forgeryToken, "{0}"); ResourceFile.UpdateFile(_resourcesAssembly, outputFile, expectedContent, responseContent); #else expectedContent = string.Format(expectedContent, forgeryToken); Assert.Equal(expectedContent.Trim(), responseContent); #endif }
public async Task FormTagHelper_GeneratesExpectedContent(bool?optionsAntiForgery) { // Arrange var newServices = new ServiceCollection(); newServices.InitializeTagHelper <FormTagHelper>((helper, _) => helper.AntiForgery = optionsAntiForgery); var server = TestHelper.CreateServer(_app, SiteName, services => { services.Add(newServices); _configureServices(services); }); var client = server.CreateClient(); var expectedMediaType = MediaTypeHeaderValue.Parse("text/html; charset=utf-8"); // The K runtime compiles every file under compiler/resources as a resource at runtime with the same name // as the file name, in order to update a baseline you just need to change the file in that folder. var resourceName = string.Format( "compiler/resources/MvcTagHelpersWebSite.MvcTagHelper_Home.Form.Options.AntiForgery.{0}.html", optionsAntiForgery?.ToString() ?? "null" ); var expectedContent = await _resourcesAssembly.ReadResourceAsStringAsync(resourceName); // Act // The host is not important as everything runs in memory and tests are isolated from each other. var response = await client.GetAsync("http://localhost/MvcTagHelper_Home/Form"); var responseContent = await response.Content.ReadAsStringAsync(); var forgeryTokens = AntiForgeryTestHelper.RetrieveAntiForgeryTokens(responseContent); expectedContent = string.Format(expectedContent, forgeryTokens.ToArray()); // Assert Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal(expectedMediaType, response.Content.Headers.ContentType); Assert.Equal(expectedContent.Trim(), responseContent.Trim()); }