public void CanRoundTripData()
{
// Arrange
AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer
{
Decoder = value => Convert.FromBase64String(value),
Encoder = bytes => Convert.ToBase64String(bytes),
};
AntiForgeryData input = new AntiForgeryData
{
Salt = "The Salt",
Username = "******",
Value = "The Value",
CreationDate = DateTime.Now,
};
// Act
AntiForgeryData output = serializer.Deserialize(serializer.Serialize(input));
// Assert
Assert.NotNull(output);
Assert.Equal(input.Salt, output.Salt);
Assert.Equal(input.Username, output.Username);
Assert.Equal(input.Value, output.Value);
Assert.Equal(input.CreationDate, output.CreationDate);
}
protected override void AddAttributesToRender(HtmlTextWriter writer)
{
base.AddAttributesToRender(writer);
writer.AddAttribute(HtmlTextWriterAttribute.Type, "hidden");
writer.AddAttribute(HtmlTextWriterAttribute.Name, AntiForgeryData.GetTokenName(null));
writer.AddAttribute(HtmlTextWriterAttribute.Value, formToken);
}
private static HttpContextBase CreateContext(string cookieValue = null, string formValue = null, string username = "******")
{
HttpCookieCollection requestCookies = new HttpCookieCollection();
if (!String.IsNullOrEmpty(cookieValue))
{
requestCookies.Set(new HttpCookie(_antiForgeryTokenCookieName, cookieValue));
}
NameValueCollection formCollection = new NameValueCollection();
if (!String.IsNullOrEmpty(formValue))
{
formCollection.Set(AntiForgeryData.GetAntiForgeryTokenName(null), formValue);
}
Mock <HttpContextBase> mockContext = new Mock <HttpContextBase>();
mockContext.Setup(c => c.Request.ApplicationPath).Returns("/SomeAppPath");
mockContext.Setup(c => c.Request.Cookies).Returns(requestCookies);
mockContext.Setup(c => c.Request.Form).Returns(formCollection);
mockContext.Setup(c => c.Response.Cookies).Returns(new HttpCookieCollection());
mockContext.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mockContext.Setup(c => c.User.Identity.Name).Returns(username);
return(mockContext.Object);
}
protected override void beforeEach()
{
MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName()).Return("FormName");
MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName("String")).IgnoreArguments().Return(
"CookieName");
MockFor <IRequestData>().Stub(x => x.Value("ApplicationPath")).Return("Path");
_valueSource = MockFor <IValueSource>();
_headerSource = MockFor <IValueSource>();
MockFor <IRequestData>().Stub(x => x.ValuesFor(RequestDataSource.Request)).Return(_valueSource);
MockFor <IRequestData>().Stub(x => x.ValuesFor(RequestDataSource.Header)).Return(_headerSource);
_cookies = MockFor <ICookies>();
_formToken = new AntiForgeryData
{
CreationDate = new DateTime(2010, 12, 12),
Salt = "Salty",
Username = "******",
Value = "12345"
};
_cookieToken = new AntiForgeryData
{
CreationDate = new DateTime(2010, 12, 12),
Salt = "Salty",
Username = "******",
Value = "12345"
};
MockFor <IAntiForgerySerializer>().Stub(x => x.Deserialize("CookieValue")).Return(_cookieToken);
MockFor <IAntiForgerySerializer>().Stub(x => x.Deserialize("FormValue")).Return(_formToken);
}
public void provided_tokens_are_correct_length()
{
AntiForgeryData token = ClassUnderTest.GenerateToken();
byte[] decodedValue = Convert.FromBase64String(token.Value);
decodedValue.Length.ShouldBe(16);
}
private string GetAntiForgeryTokenAndSetCookie(HttpContextBase httpContext, string salt, string domain, string path) {
string cookieName = AntiForgeryData.GetAntiForgeryTokenName(httpContext.Request.ApplicationPath);
AntiForgeryData cookieToken = null;
HttpCookie cookie = httpContext.Request.Cookies[cookieName];
if (cookie != null) {
try {
cookieToken = Serializer.Deserialize(cookie.Value);
}
catch (HttpAntiForgeryException) { }
}
if (cookieToken == null) {
cookieToken = AntiForgeryData.NewToken();
string cookieValue = Serializer.Serialize(cookieToken);
HttpCookie newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain };
if (!String.IsNullOrEmpty(path)) {
newCookie.Path = path;
}
httpContext.Response.Cookies.Set(newCookie);
}
AntiForgeryData formToken = new AntiForgeryData(cookieToken) {
Salt = salt,
Username = AntiForgeryData.GetUsername(httpContext.User)
};
return Serializer.Serialize(formToken);
}
public void CreationDateProperty()
{
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
MemberHelper.TestPropertyValue(token, "CreationDate", DateTime.UtcNow);
}
public void ValueProperty()
{
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
MemberHelper.TestStringProperty(token, "Value", String.Empty, false /* testDefaultValue */, true /* allowNullAndEmpty */);
}
public void GetUsername_ReturnsEmptyStringIfPrincipalIsNull()
{
// Act
string username = AntiForgeryData.GetUsername(null);
// Assert
Assert.AreEqual("", username);
}
public void GetAntiForgeryTokenNameReturnsFieldNameIfAppPathIsNull()
{
// Act
string tokenName = AntiForgeryData.GetAntiForgeryTokenName(null);
// Assert
Assert.AreEqual("__RequestVerificationToken", tokenName);
}
public void CreationDateProperty() {
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
var now = DateTime.UtcNow;
token.CreationDate = now;
Assert.AreEqual(now, token.CreationDate);
}
protected override void OnLoad(EventArgs e)
{
HttpCookie existingCookie = Page.Request.Cookies[AntiForgeryData.GetTokenName(Page.Request.ApplicationPath)];
formToken = existingCookie == null
? AntiForgeryData.GetDataAndSetCookie(Salt, Domain, Path)
: AntiForgeryData.GetDataFromCookie(existingCookie, Salt, Domain, Path);
base.OnLoad(e);
}
public void NewToken()
{
// Act
AntiForgeryData token = AntiForgeryData.NewToken();
// Assert
int valueLength = Convert.FromBase64String(token.Value).Length;
Assert.Equal(16, valueLength);
Assert.NotEqual(default(DateTime), token.CreationDate);
}
public void CreationDateProperty()
{
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
var now = DateTime.UtcNow;
token.CreationDate = now;
Assert.AreEqual(now, token.CreationDate);
}
public void NewToken()
{
// Act
AntiForgeryData token = AntiForgeryData.NewToken();
// Assert
int valueLength = Convert.FromBase64String(token.Value).Length;
Assert.AreEqual(16, valueLength, "Value was not of the correct length.");
Assert.AreNotEqual(default(DateTime), token.CreationDate, "Creation date should have been initialized.");
}
public void GetAntiForgeryTokenNameReturnsEncodedCookieNameIfAppPathIsNotEmpty()
{
// Arrange
// the string below (as UTF-8 bytes) base64-encodes to "Pz4/Pj8+Pz4/Pj8+Pz4/Pg=="
string original = "?>?>?>?>?>?>?>?>";
// Act
string tokenName = AntiForgeryData.GetAntiForgeryTokenName(original);
// Assert
Assert.AreEqual("__RequestVerificationToken_Pz4-Pj8.Pz4-Pj8.Pz4-Pg__", tokenName);
}
public void ValueProperty()
{
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
Assert.AreEqual(String.Empty, token.Value);
token.Value = null;
Assert.AreEqual(String.Empty, token.Value);
token.Value = String.Empty;
Assert.AreEqual(String.Empty, token.Value);
}
public void SaltProperty()
{
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
Assert.AreEqual(String.Empty, token.Salt);
token.Salt = null;
Assert.AreEqual(String.Empty, token.Salt);
token.Salt = String.Empty;
Assert.AreEqual(String.Empty, token.Salt);
}
public void GetUsername_ReturnsEmptyStringIfIdentityIsNull()
{
// Arrange
Mock <IPrincipal> mockPrincipal = new Mock <IPrincipal>();
mockPrincipal.Setup(o => o.Identity).Returns((IIdentity)null);
// Act
string username = AntiForgeryData.GetUsername(mockPrincipal.Object);
// Assert
Assert.AreEqual("", username);
}
public void GetUsername_ReturnsUsernameIfUserIsAuthenticated()
{
// Arrange
Mock <IPrincipal> mockPrincipal = new Mock <IPrincipal>();
mockPrincipal.Setup(o => o.Identity.IsAuthenticated).Returns(true);
mockPrincipal.Setup(o => o.Identity.Name).Returns("SampleName");
// Act
string username = AntiForgeryData.GetUsername(mockPrincipal.Object);
// Assert
Assert.AreEqual("SampleName", username);
}
public void GetUsername_ReturnsEmptyStringIfUserNotAuthenticated()
{
// Arrange
Mock <IPrincipal> mockPrincipal = new Mock <IPrincipal>();
mockPrincipal.Expect(o => o.Identity.IsAuthenticated).Returns(false);
mockPrincipal.Expect(o => o.Identity.Name).Returns("SampleName");
// Act
string username = AntiForgeryData.GetUsername(mockPrincipal.Object);
// Assert
Assert.AreEqual("", username);
}
public void should_return_form_token_from_cookie_data()
{
MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName()).Return("FormName");
var input = new AntiForgeryData
{
Username = "******",
Value = "12345"
};
FormToken formToken = ClassUnderTest.GetFormToken(input, "Salty");
formToken.Name.ShouldEqual("FormName");
formToken.TokenString.ShouldEqual("Serialized!");
}
public virtual string Serialize(AntiForgeryData token) {
if (token == null) {
throw new ArgumentNullException("token");
}
using (MemoryStream stream = new MemoryStream())
using (BinaryWriter writer = new BinaryWriter(stream)) {
writer.Write(token.Salt);
writer.Write(token.Value);
writer.Write(token.CreationDate.Ticks);
writer.Write(token.Username);
return Encoder(stream.ToArray());
}
}
public void CopyConstructor() {
// Arrange
AntiForgeryData originalToken = new AntiForgeryData() {
CreationDate = DateTime.Now,
Salt = "some salt",
Value = "some value"
};
// Act
AntiForgeryData newToken = new AntiForgeryData(originalToken);
// Assert
Assert.AreEqual(originalToken.CreationDate, newToken.CreationDate);
Assert.AreEqual(originalToken.Salt, newToken.Salt);
Assert.AreEqual(originalToken.Value, newToken.Value);
}
public void serialization_and_deserialization_match()
{
var token = new AntiForgeryData
{
CreationDate = new DateTime(2011, 1, 30),
Salt = "Testing",
Username = "******",
Value = "12345"
};
string serialized = ClassUnderTest.Serialize(token);
AntiForgeryData deserialized = ClassUnderTest.Deserialize(serialized);
deserialized.CreationDate.ShouldEqual(token.CreationDate);
deserialized.Salt.ShouldEqual(token.Salt);
deserialized.Username.ShouldEqual(token.Username);
deserialized.Value.ShouldEqual(token.Value);
}
public void serialization_is_asp_compatible()
{
const string aspSerialized = "CFRoZSBTYWx0CVRoZSBWYWx1ZQBAik+Cb80IDFRoZSBVc2VybmFtZQ==";
//Base64 Serialized version of:
var token = new AntiForgeryData
{
Salt = "The Salt",
Username = "******",
Value = "The Value",
CreationDate = new DateTime(2010, 12, 22),
};
string deserialized = ClassUnderTest.Serialize(token);
deserialized.ShouldEqual(aspSerialized);
}
public void CopyConstructor()
{
// Arrange
AntiForgeryData originalToken = new AntiForgeryData()
{
CreationDate = DateTime.Now,
Salt = "some salt",
Value = "some value"
};
// Act
AntiForgeryData newToken = new AntiForgeryData(originalToken);
// Assert
Assert.AreEqual(originalToken.CreationDate, newToken.CreationDate);
Assert.AreEqual(originalToken.Salt, newToken.Salt);
Assert.AreEqual(originalToken.Value, newToken.Value);
}
private static HtmlHelper GetHtmlHelperForAntiForgeryToken(string cookieValue)
{
HttpCookieCollection requestCookies = new HttpCookieCollection();
HttpCookieCollection responseCookies = new HttpCookieCollection();
if (!String.IsNullOrEmpty(cookieValue))
{
requestCookies.Set(new HttpCookie(AntiForgeryData.GetAntiForgeryTokenName("/SomeAppPath"), cookieValue));
}
Mock <ViewContext> mockViewContext = new Mock <ViewContext>();
mockViewContext.Expect(c => c.HttpContext.Request.Cookies).Returns(requestCookies);
mockViewContext.Expect(c => c.HttpContext.Request.ApplicationPath).Returns("/SomeAppPath");
mockViewContext.Expect(c => c.HttpContext.Response.Cookies).Returns(responseCookies);
return(new HtmlHelper(mockViewContext.Object, new Mock <IViewDataContainer>().Object)
{
Serializer = new SubclassedAntiForgeryTokenSerializer()
});
}
public void DeserializeReturnsDeserializedToken()
{
// Arrange
Mock <IStateFormatter> mockFormatter = new Mock <IStateFormatter>();
mockFormatter.Expect(f => f.Deserialize("serialized value")).Returns(new Triplet("the salt", "the value", new DateTime(2001, 1, 1)));
AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer()
{
Formatter = mockFormatter.Object
};
// Act
AntiForgeryData token = serializer.Deserialize("serialized value");
// Assert
Assert.IsNotNull(token);
Assert.AreEqual(new DateTime(2001, 1, 1), token.CreationDate);
Assert.AreEqual("the salt", token.Salt);
Assert.AreEqual("the value", token.Value);
}
protected override void beforeEach()
{
MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName()).Return("FormName");
MockFor <IAntiForgeryTokenProvider>().Stub(x => x.GetTokenName("String")).IgnoreArguments().Return(
"CookieName");
MockFor <IRequestData>().Stub(x => x.Value("ApplicationPath")).Return("Path");
_form = new NameValueCollection {
{ "FormName", "FormValue" }
};
MockFor <IRequestData>().Stub(x => x.Value("Form")).Return(_form);
_cookies = new HttpCookieCollection {
new HttpCookie("CookieName", "CookieValue")
};
MockFor <IRequestData>().Stub(x => x.Value("Cookies")).Return(_cookies);
_formToken = new AntiForgeryData
{
CreationDate = new DateTime(2010, 12, 12),
Salt = "Salty",
Username = "******",
Value = "12345"
};
_cookieToken = new AntiForgeryData
{
CreationDate = new DateTime(2010, 12, 12),
Salt = "Salty",
Username = "******",
Value = "12345"
};
MockFor <IAntiForgerySerializer>().Stub(x => x.Deserialize("CookieValue")).Return(_cookieToken);
MockFor <IAntiForgerySerializer>().Stub(x => x.Deserialize("FormValue")).Return(_formToken);
MockFor <IPrincipal>().Stub(x => x.Identity).Return(MockFor <IIdentity>());
MockFor <ISecurityContext>().Stub(x => x.CurrentUser).Return(MockFor <IPrincipal>());
}
public static AuthorizationContext GetAuthorizationContext(string cookieValue, string formValue)
{
HttpCookieCollection requestCookies = new HttpCookieCollection();
NameValueCollection formCollection = new NameValueCollection();
Mock <AuthorizationContext> mockAuthContext = new Mock <AuthorizationContext>();
mockAuthContext.Expect(c => c.HttpContext.Request.ApplicationPath).Returns("/SomeAppPath");
mockAuthContext.Expect(c => c.HttpContext.Request.Cookies).Returns(requestCookies);
mockAuthContext.Expect(c => c.HttpContext.Request.Form).Returns(formCollection);
if (!String.IsNullOrEmpty(cookieValue))
{
requestCookies.Set(new HttpCookie(_antiForgeryTokenCookieName, cookieValue));
}
if (!String.IsNullOrEmpty(formValue))
{
formCollection.Set(AntiForgeryData.GetAntiForgeryTokenName(null), formValue);
}
return(mockAuthContext.Object);
}
public void SerializeReturnsSerializedString()
{
// Arrange
AntiForgeryData token = new AntiForgeryData()
{
CreationDate = new DateTime(2001, 1, 1),
Salt = "the salt",
Username = "******",
Value = "the value"
};
Mock <IStateFormatter> mockFormatter = new Mock <IStateFormatter>();
mockFormatter
.Expect(f => f.Serialize(It.IsAny <object>()))
.Returns(
delegate(object state) {
object[] t = state as object[];
Assert.IsNotNull(t);
Assert.AreEqual("the salt", t[0]);
Assert.AreEqual("the value", t[1]);
Assert.AreEqual(new DateTime(2001, 1, 1), t[2]);
Assert.AreEqual("someuser", t[3]);
return("serialized value");
}
);
AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer()
{
Formatter = mockFormatter.Object
};
// Act
string serializedValue = serializer.Serialize(token);
// Assert
Assert.AreEqual("serialized value", serializedValue);
}
public void ValueProperty() {
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
Assert.AreEqual(String.Empty, token.Value);
token.Value = null;
Assert.AreEqual(String.Empty, token.Value);
token.Value = String.Empty;
Assert.AreEqual(String.Empty, token.Value);
}
public void SaltProperty() {
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
Assert.AreEqual(String.Empty, token.Salt);
token.Salt = null;
Assert.AreEqual(String.Empty, token.Salt);
token.Salt = String.Empty;
Assert.AreEqual(String.Empty, token.Salt);
}
public override string Serialize(AntiForgeryData token)
{
return(String.Format(CultureInfo.InvariantCulture, "Creation: {0}, Value: {1}, Salt: {2}, Username: {3}",
token.CreationDate, token.Value, token.Salt, token.Username));
}
public override string Serialize(AntiForgeryData token) {
return String.Format(CultureInfo.InvariantCulture, "Creation: {0}, Value: {1}, Salt: {2}",
token.CreationDate, token.Value, token.Salt);
}
