public void LocatesCookie(string cookieFormat, string cookieName, string cookieValue)
{
// Arrange
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/");
request.Headers.Add("Cookie", string.Format(cookieFormat, cookieName, cookieValue));
request.Headers.Add("RequestVerificationToken", "anything_is_fine");
var config = new HttpConfiguration();
var controllerContext = new HttpControllerContext(config, new HttpRouteData(new HttpRoute()), request);
var actionContext = new HttpActionContext(controllerContext, new Mock <HttpActionDescriptor>().Object);
var authFilterContext = new AuthFilterContext(actionContext, string.Empty);
var mockAntiForgery = new Mock <IAntiForgery>();
mockAntiForgery.Setup(x => x.CookieName).Returns(cookieName);
AntiForgery.SetTestableInstance(mockAntiForgery.Object);
// Act
var vaft = new ValidateAntiForgeryTokenAttribute();
// Assert.IsTrue(ValidateAntiForgeryTokenAttribute.IsAuthorized(authFilterContext));
Assert.DoesNotThrow(() => { vaft.OnActionExecuting(authFilterContext.ActionContext); });
// Assert
mockAntiForgery.Verify(x => x.Validate(cookieValue, It.IsAny <string>()), Times.Once());
}
public void MissingTokenDoesnotPassValidationTest(string cookieFormat, string cookieName, string cookieValue)
{
//Arrange
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/");
request.Headers.Add("Cookie", string.Format(cookieFormat, cookieName, cookieValue));
var config = new HttpConfiguration();
var controllerContext = new HttpControllerContext(config, new HttpRouteData(new HttpRoute()), request);
var actionContext = new HttpActionContext(controllerContext, new Mock <HttpActionDescriptor>().Object);
var authFilterContext = new AuthFilterContext(actionContext, "");
var mockAntiForgery = new Mock <IAntiForgery>();
mockAntiForgery.Setup(x => x.CookieName).Returns(cookieName);
AntiForgery.SetTestableInstance(mockAntiForgery.Object);
//Act, Assert
var vaft = new ValidateAntiForgeryTokenAttribute();
Assert.IsFalse(vaft.IsAuthorized(authFilterContext));
}
