/// <summary> /// This method will get the AntiForgery cookie from an HttpResponse. /// </summary> /// <param name="resp">The HttpResponseMessage object that contains an AntiForgery cookie token.</param> /// <param name="cookieName">The name of the AntiForgery cookie.</param> /// <returns></returns> public static CookieHeaderValue GetCookie(this HttpResponseMessage resp, string cookieName) { IEnumerable<string> values; if (!resp.Headers.TryGetValues("Set-Cookie", out values)) throw new KeyNotFoundException("No cookies found in the response."); var setCookie = SetCookieHeaderValue .ParseList(values.ToList()) .FirstOrDefault(t => t.Name.Equals(cookieName)); if (null == setCookie) throw new KeyNotFoundException(string.Format("A cookie with the name {0} could not be found in the response", cookieName)); var cookie = new CookieHeaderValue(setCookie.Name, setCookie.Value); return cookie; }
public void CookieHeaderValue_TryParse_AcceptsValidValues(CookieHeaderValue cookie, string expectedValue) { CookieHeaderValue header; var result = CookieHeaderValue.TryParse(expectedValue, out header); Assert.True(result); Assert.Equal(cookie, header); Assert.Equal(expectedValue, header.ToString()); }
public void CookieHeaderValue_ToString(CookieHeaderValue input, string expectedValue) { Assert.Equal(expectedValue, input.ToString()); }
public void CookieHeaderValue_Parse_AcceptsValidValues(CookieHeaderValue cookie, string expectedValue) { var header = CookieHeaderValue.Parse(expectedValue); Assert.Equal(cookie, header); Assert.Equal(expectedValue, header.ToString()); }
public void CookieHeaderValue_Ctor2InitializesCorrectly(string name, string value) { var header = new CookieHeaderValue(name, value); Assert.Equal(name, header.Name); Assert.Equal(value, header.Value); }
public void CookieHeaderValue_Value() { var cookie = new CookieHeaderValue("name"); Assert.Equal(string.Empty, cookie.Value); cookie.Value = "value1"; Assert.Equal("value1", cookie.Value); }
public void CookieHeaderValue_Ctor1_InitializesCorrectly() { var header = new CookieHeaderValue("cookie"); Assert.Equal("cookie", header.Name); Assert.Equal(string.Empty, header.Value); }
public static bool TryParse(string input, out CookieHeaderValue parsedValue) { var index = 0; return SingleValueParser.TryParseValue(input, ref index, out parsedValue); }
// name=value; name="value" internal static int GetCookieLength(string input, int startIndex, out CookieHeaderValue parsedValue) { Contract.Requires(startIndex >= 0); var offset = startIndex; parsedValue = null; if (string.IsNullOrEmpty(input) || (offset >= input.Length)) { return 0; } var result = new CookieHeaderValue(); // The caller should have already consumed any leading whitespace, commas, etc.. // Name=value; // Name var itemLength = HttpRuleParser.GetTokenLength(input, offset); if (itemLength == 0) { return 0; } result._name = input.Substring(offset, itemLength); offset += itemLength; // = (no spaces) if (!ReadEqualsSign(input, ref offset)) { return 0; } string value; // value or "quoted value" itemLength = GetCookieValueLength(input, offset, out value); // The value may be empty result._value = input.Substring(offset, itemLength); offset += itemLength; parsedValue = result; return offset - startIndex; }
// name=value; expires=Sun, 06 Nov 1994 08:49:37 GMT; max-age=86400; domain=domain1; path=path1; secure; samesite={Strict|Lax}; httponly private static int GetSetCookieLength(StringSegment input, int startIndex, out SetCookieHeaderValue parsedValue) { Contract.Requires(startIndex >= 0); var offset = startIndex; parsedValue = null; if (StringSegment.IsNullOrEmpty(input) || (offset >= input.Length)) { return(0); } var result = new SetCookieHeaderValue(); // The caller should have already consumed any leading whitespace, commas, etc.. // Name=value; // Name var itemLength = HttpRuleParser.GetTokenLength(input, offset); if (itemLength == 0) { return(0); } result._name = input.Subsegment(offset, itemLength); offset += itemLength; // = (no spaces) if (!ReadEqualsSign(input, ref offset)) { return(0); } // value or "quoted value" // The value may be empty result._value = CookieHeaderValue.GetCookieValue(input, ref offset); // *(';' SP cookie-av) while (offset < input.Length) { if (input[offset] == ',') { // Divider between headers break; } if (input[offset] != ';') { // Expecting a ';' between parameters return(0); } offset++; offset += HttpRuleParser.GetWhitespaceLength(input, offset); // cookie-av = expires-av / max-age-av / domain-av / path-av / secure-av / samesite-av / httponly-av / extension-av itemLength = HttpRuleParser.GetTokenLength(input, offset); if (itemLength == 0) { // Trailing ';' or leading into garbage. Let the next parser fail. break; } var token = input.Subsegment(offset, itemLength); offset += itemLength; // expires-av = "Expires=" sane-cookie-date if (StringSegment.Equals(token, ExpiresToken, StringComparison.OrdinalIgnoreCase)) { // = (no spaces) if (!ReadEqualsSign(input, ref offset)) { return(0); } var dateString = ReadToSemicolonOrEnd(input, ref offset); DateTimeOffset expirationDate; if (!HttpRuleParser.TryStringToDate(dateString, out expirationDate)) { // Invalid expiration date, abort return(0); } result.Expires = expirationDate; } // max-age-av = "Max-Age=" non-zero-digit *DIGIT else if (StringSegment.Equals(token, MaxAgeToken, StringComparison.OrdinalIgnoreCase)) { // = (no spaces) if (!ReadEqualsSign(input, ref offset)) { return(0); } itemLength = HttpRuleParser.GetNumberLength(input, offset, allowDecimal: false); if (itemLength == 0) { return(0); } var numberString = input.Subsegment(offset, itemLength); long maxAge; if (!HeaderUtilities.TryParseNonNegativeInt64(numberString, out maxAge)) { // Invalid expiration date, abort return(0); } result.MaxAge = TimeSpan.FromSeconds(maxAge); offset += itemLength; } // domain-av = "Domain=" domain-value // domain-value = <subdomain> ; defined in [RFC1034], Section 3.5, as enhanced by [RFC1123], Section 2.1 else if (StringSegment.Equals(token, DomainToken, StringComparison.OrdinalIgnoreCase)) { // = (no spaces) if (!ReadEqualsSign(input, ref offset)) { return(0); } // We don't do any detailed validation on the domain. result.Domain = ReadToSemicolonOrEnd(input, ref offset); } // path-av = "Path=" path-value // path-value = <any CHAR except CTLs or ";"> else if (StringSegment.Equals(token, PathToken, StringComparison.OrdinalIgnoreCase)) { // = (no spaces) if (!ReadEqualsSign(input, ref offset)) { return(0); } // We don't do any detailed validation on the path. result.Path = ReadToSemicolonOrEnd(input, ref offset); } // secure-av = "Secure" else if (StringSegment.Equals(token, SecureToken, StringComparison.OrdinalIgnoreCase)) { result.Secure = true; } // samesite-av = "SameSite" / "SameSite=" samesite-value // samesite-value = "Strict" / "Lax" else if (StringSegment.Equals(token, SameSiteToken, StringComparison.OrdinalIgnoreCase)) { if (!ReadEqualsSign(input, ref offset)) { result.SameSite = SameSiteMode.Strict; } else { var enforcementMode = ReadToSemicolonOrEnd(input, ref offset); if (StringSegment.Equals(enforcementMode, SameSiteLaxToken, StringComparison.OrdinalIgnoreCase)) { result.SameSite = SameSiteMode.Lax; } else { result.SameSite = SameSiteMode.Strict; } } } // httponly-av = "HttpOnly" else if (StringSegment.Equals(token, HttpOnlyToken, StringComparison.OrdinalIgnoreCase)) { result.HttpOnly = true; } // extension-av = <any CHAR except CTLs or ";"> else { // TODO: skiping it for now to avoid parsing failure? Store it in a list? // = (no spaces) if (!ReadEqualsSign(input, ref offset)) { return(0); } ReadToSemicolonOrEnd(input, ref offset); } } parsedValue = result; return(offset - startIndex); }
public static bool TryParse(StringSegment input, out CookieHeaderValue parsedValue) { var index = 0; return(SingleValueParser.TryParseValue(input, ref index, out parsedValue)); }