Exemplo n.º 1
0
        private static string GetRandStr(int minLen, int maxLen, bool useDigit = false)
        {
            var valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";

            if (useDigit)
            {
                valid += "1234567890";
            }

            var res    = new StringBuilder();
            var length = CryptRand.GetInt32(minLen, maxLen + 1);

            for (var i = 0; i < length; i++)
            {
                res.Append(valid[CryptRand.GetInt32(valid.Length)]);
            }

            return(res.ToString());
        }
Exemplo n.º 2
0
        public void GenerateFormToken_ClaimsBasedIdentity()
        {
            // Arrange
            var cookieToken = new AntiForgeryToken()
            {
                IsSessionToken = true
            };
            var            httpContext = new Mock <HttpContext>().Object;
            ClaimsIdentity identity    = new GenericIdentity("some-identity");

            var config = new AntiForgeryOptions();

            byte[] data = new byte[256 / 8];
            CryptRand.FillBuffer(new ArraySegment <byte>(data));
            var base64ClaimUId   = Convert.ToBase64String(data);
            var expectedClaimUid = new BinaryBlob(256, data);

            var mockClaimUidExtractor = new Mock <IClaimUidExtractor>();

            mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity))
            .Returns(base64ClaimUId);

            var tokenProvider = new TokenProvider(
                config: config,
                claimUidExtractor: mockClaimUidExtractor.Object,
                additionalDataProvider: null);

            // Act
            var fieldToken = tokenProvider.GenerateFormToken(httpContext, identity, cookieToken);

            // Assert
            Assert.NotNull(fieldToken);
            Assert.Equal(cookieToken.SecurityToken, fieldToken.SecurityToken);
            Assert.False(fieldToken.IsSessionToken);
            Assert.Equal("", fieldToken.Username);
            Assert.Equal(expectedClaimUid, fieldToken.ClaimUid);
            Assert.Equal("", fieldToken.AdditionalData);
        }