public void LocatesCookie(string cookieFormat, string cookieName, string cookieValue) { // Arrange var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/"); request.Headers.Add("Cookie", string.Format(cookieFormat, cookieName, cookieValue)); request.Headers.Add("RequestVerificationToken", "anything_is_fine"); var config = new HttpConfiguration(); var controllerContext = new HttpControllerContext(config, new HttpRouteData(new HttpRoute()), request); var actionContext = new HttpActionContext(controllerContext, new Mock <HttpActionDescriptor>().Object); var authFilterContext = new AuthFilterContext(actionContext, string.Empty); var mockAntiForgery = new Mock <IAntiForgery>(); mockAntiForgery.Setup(x => x.CookieName).Returns(cookieName); AntiForgery.SetTestableInstance(mockAntiForgery.Object); // Act var vaft = new ValidateAntiForgeryTokenAttribute(); // Assert.IsTrue(ValidateAntiForgeryTokenAttribute.IsAuthorized(authFilterContext)); Assert.DoesNotThrow(() => { vaft.OnActionExecuting(authFilterContext.ActionContext); }); // Assert mockAntiForgery.Verify(x => x.Validate(cookieValue, It.IsAny <string>()), Times.Once()); }
public void MissingTokenDoesnotPassValidationTest(string cookieFormat, string cookieName, string cookieValue) { //Arrange var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/"); request.Headers.Add("Cookie", string.Format(cookieFormat, cookieName, cookieValue)); var config = new HttpConfiguration(); var controllerContext = new HttpControllerContext(config, new HttpRouteData(new HttpRoute()), request); var actionContext = new HttpActionContext(controllerContext, new Mock <HttpActionDescriptor>().Object); var authFilterContext = new AuthFilterContext(actionContext, ""); var mockAntiForgery = new Mock <IAntiForgery>(); mockAntiForgery.Setup(x => x.CookieName).Returns(cookieName); AntiForgery.SetTestableInstance(mockAntiForgery.Object); //Act, Assert var vaft = new ValidateAntiForgeryTokenAttribute(); Assert.IsFalse(vaft.IsAuthorized(authFilterContext)); }