public async Task HelloWorldWithPageModelHandler_CanPostContent()
{
// Arrange
var getRequest = new HttpRequestMessage(HttpMethod.Get, "http://localhost/HelloWorldWithPageModelHandler?message=message");
var getResponse = await Client.SendAsync(getRequest);
var getResponseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "/HelloWorlWithPageModelHandler");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var postRequest = new HttpRequestMessage(HttpMethod.Post, "http://localhost/HelloWorldWithPageModelHandler");
postRequest.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
postRequest.Headers.Add("RequestVerificationToken", formToken);
// Act
var response = await Client.SendAsync(postRequest);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
Assert.StartsWith("Hello, You posted!", content.Trim());
}
public async Task PageConventions_CustomizedModelCanPostToHandlers()
{
// Arrange
var getPage = await Client.GetAsync("/CustomModelTypeModel");
var token = AntiforgeryTestHelper.RetrieveAntiforgeryToken(await getPage.Content.ReadAsStringAsync(), "");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getPage);
var message = new HttpRequestMessage(HttpMethod.Post, "/CustomModelTypeModel");
message.Content = new FormUrlEncodedContent(new Dictionary <string, string>
{
["__RequestVerificationToken"] = token,
["ConfirmPassword"] = "",
["Password"] = "",
["Email"] = ""
});
message.Headers.TryAddWithoutValidation("Cookie", $"{cookie.Key}={cookie.Value}");
// Act
var response = await Client.SendAsync(message);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
Assert.Contains("is required.", content);
}
public async Task PageConventions_CustomizedModelCanWorkWithModelState()
{
// Arrange
var getPage = await Client.GetAsync("/CustomModelTypeModel");
var token = AntiforgeryTestHelper.RetrieveAntiforgeryToken(await getPage.Content.ReadAsStringAsync(), "");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getPage);
var message = new HttpRequestMessage(HttpMethod.Post, "/CustomModelTypeModel");
message.Content = new FormUrlEncodedContent(new Dictionary <string, string>
{
["__RequestVerificationToken"] = token,
["Email"] = "*****@*****.**",
["Password"] = "******",
["ConfirmPassword"] = "******",
});
message.Headers.TryAddWithoutValidation("Cookie", $"{cookie.Key}={cookie.Value}");
// Act
var response = await Client.SendAsync(message);
// Assert
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
Assert.Equal("/", response.Headers.Location.ToString());
}
public async Task MultipleFormPostWithingASingleView_AreAllowed()
{
// Arrange
// Do a get request.
var getResponse = await Client.GetAsync("http://localhost/Antiforgery/Login");
var responseBody = await getResponse.Content.ReadAsStringAsync();
// Get the AF token for the second login. If the cookies are generated twice(i.e are different),
// this AF token will not work with the first cookie.
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(
responseBody,
"/Antiforgery/UseFacebookLogin");
var cookieToken = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Antiforgery/Login");
request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "abra"),
new KeyValuePair <string, string>("Password", "cadabra"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await Client.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("OK", await response.Content.ReadAsStringAsync());
}
public async Task SetCookieAndHeaderBeforeFlushAsync_PostToForm()
{
// Arrange
// do a get response.
var getResponse = await Client.GetAsync("http://localhost/Antiforgery/FlushAsyncLogin");
var responseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(
responseBody,
"Antiforgery/FlushAsyncLogin");
var cookieToken = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/Antiforgery/FlushAsyncLogin");
request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
var nameValueCollection = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
new KeyValuePair <string, string>("UserName", "test"),
new KeyValuePair <string, string>("Password", "password"),
};
request.Content = new FormUrlEncodedContent(nameValueCollection);
// Act
var response = await Client.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("OK", await response.Content.ReadAsStringAsync());
}
public async Task PageConventions_CustomizedModelCanWorkWithModelState_EnforcesBindRequired()
{
// Arrange
var getPage = await Client.GetAsync("/CustomModelTypeModel?Attempts=0");
var token = AntiforgeryTestHelper.RetrieveAntiforgeryToken(await getPage.Content.ReadAsStringAsync(), "");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getPage);
var message = new HttpRequestMessage(HttpMethod.Post, "/CustomModelTypeModel")
{
Content = new FormUrlEncodedContent(new Dictionary <string, string>
{
["__RequestVerificationToken"] = token,
["Email"] = "*****@*****.**",
["Password"] = "******",
["ConfirmPassword"] = "******",
})
};
message.Headers.TryAddWithoutValidation("Cookie", $"{cookie.Key}={cookie.Value}");
// Act
var response = await Client.SendAsync(message);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var responseText = await response.Content.ReadAsStringAsync();
Assert.Contains(
"A value for the 'Attempts' parameter or property was not provided.",
responseText);
}
private async Task AddAntiforgeryHeaders(HttpRequestMessage request)
{
var getResponse = await Client.GetAsync(request.RequestUri);
Assert.Equal(HttpStatusCode.OK, getResponse.StatusCode);
var getResponseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
request.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
request.Headers.Add("RequestVerificationToken", formToken);
}
public async Task CanUseNonNullableReferenceType_WithController_OmitData_ValidationErrors()
{
// Arrange
var parser = new HtmlParser();
// Act 1
var response = await Client.GetAsync("http://localhost/NonNullable");
// Assert 1
await response.AssertStatusCodeAsync(HttpStatusCode.OK);
var content = await response.Content.ReadAsStringAsync();
var document = parser.Parse(content);
var errors = document.QuerySelectorAll("#errors > ul > li");
var li = Assert.Single(errors);
Assert.Empty(li.TextContent);
var cookieToken = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(response);
var formToken = document.RetrieveAntiforgeryToken();
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/NonNullable");
request.Headers.Add("Cookie", cookieToken.Key + "=" + cookieToken.Value);
request.Content = new FormUrlEncodedContent(new[]
{
new KeyValuePair <string, string>("__RequestVerificationToken", formToken),
});
// Act 2
response = await Client.SendAsync(request);
// Assert 2
//
// OK means there were validation errors.
await response.AssertStatusCodeAsync(HttpStatusCode.OK);
content = await response.Content.ReadAsStringAsync();
document = parser.Parse(content);
errors = errors = document.QuerySelectorAll("#errors > ul > li");
Assert.Equal(2, errors.Length); // Not validating BCL error messages
}
public async Task TempData_TempDataPropertyOnPageModel_PopulatesTempData()
{
// Arrange 1
var getRequest = new HttpRequestMessage(HttpMethod.Get, "http://localhost/TempData/TempDataPageModelProperty");
var getResponse = await Client.SendAsync(getRequest);
var getResponseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "/TempData/TempDataPageModelProperty");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var url = "http://localhost/TempData/TempDataPageModelProperty";
var request = new HttpRequestMessage(HttpMethod.Post, url);
request.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
request.Headers.Add("RequestVerificationToken", formToken);
// Act 1
var response = await Client.SendAsync(request);
// Assert 1
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
Assert.StartsWith("Message: Secret post", content.Trim());
Assert.EndsWith("TempData:", content.Trim());
// Arrange 2
request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/TempData/TempDataPageModelProperty");
request.Headers.Add("Cookie", GetCookie(response));
// Act 2
response = await Client.SendAsync(request);
// Assert 2
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
content = await response.Content.ReadAsStringAsync();
Assert.StartsWith("Message: Secret post", content.Trim());
Assert.EndsWith("TempData: Secret post", content.Trim());
}
public async Task PageModel_Handler_ReturnTypeImplementsIActionResult()
{
// Arrange
var getResponse = await Client.GetAsync("http://localhost/ModelHandlerTestPage");
var getResponseBody = await getResponse.Content.ReadAsStringAsync();
var formToken = AntiforgeryTestHelper.RetrieveAntiforgeryToken(getResponseBody, "/ModelHandlerTestPage");
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(getResponse);
var postRequest = new HttpRequestMessage(HttpMethod.Post, "http://localhost/ModelHandlerTestPage/CustomActionResult");
postRequest.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
postRequest.Headers.Add("RequestVerificationToken", formToken);
// Act
var response = await Client.SendAsync(postRequest);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
Assert.Equal("CustomActionResult", content);
}
public async Task RoundTrippingFormFileInputWorks()
{
// Arrange
var url = "/PropertyBinding/BindFormFile";
var response = await Client.GetAsync(url);
await response.AssertStatusCodeAsync(HttpStatusCode.OK);
var document = await response.GetHtmlDocumentAsync();
var property1 = document.RequiredQuerySelector("#property1").GetAttribute("name");
var file1 = document.RequiredQuerySelector("#file1").GetAttribute("name");
var file2 = document.RequiredQuerySelector("#file2").GetAttribute("name");
var file3 = document.RequiredQuerySelector("#file3").GetAttribute("name");
var antiforgeryToken = document.RetrieveAntiforgeryToken();
var cookie = AntiforgeryTestHelper.RetrieveAntiforgeryCookie(response);
var content = new MultipartFormDataContent
{
{ new StringContent("property1-value"), property1 },
{ new StringContent("test-value1"), file1, "test1.txt" },
{ new StringContent("test-value2"), file3, "test2.txt" }
};
var request = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = content,
};
request.Headers.Add("Cookie", cookie.Key + "=" + cookie.Value);
request.Headers.Add("RequestVerificationToken", antiforgeryToken);
response = await Client.SendAsync(request);
await response.AssertStatusCodeAsync(HttpStatusCode.OK);
}
