public void SaveCookieToken_SetsCookieWithApproriatePathBase(string requestPathBase, string expectedCookiePath) { // Arrange var token = "serialized-value"; var cookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .Setup(hc => hc.Response.Cookies) .Returns(cookies); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns(requestPathBase); httpContext .SetupGet(hc => hc.Request.Path) .Returns("/index.html"); var options = new AntiforgeryOptions { Cookie = { Name = _cookieName } }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act tokenStore.SaveCookieToken(httpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options !.HttpOnly); Assert.Equal(expectedCookiePath, cookies.Options.Path); }
public void SaveCookieToken_HonorsCookieSecurePolicy_OnOptions( bool isRequestSecure, CookieSecurePolicy policy, bool?expectedCookieSecureFlag) { // Arrange var token = "serialized-value"; bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .Setup(hc => hc.Request.IsHttps) .Returns(isRequestSecure); httpContext .Setup(o => o.Response.Cookies) .Returns(cookies); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); var options = new AntiforgeryOptions() { Cookie = { Name = _cookieName, SecurePolicy = policy }, }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act tokenStore.SaveCookieToken(httpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options !.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }
public void SaveCookieToken_NonNullAntiforgeryOptionsConfigureCookieOptionsDomain_UsesCookieOptionsDomain() { // Arrange var expectedCookieDomain = "microsoft.com"; var token = "serialized-value"; var cookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .Setup(hc => hc.Response.Cookies) .Returns(cookies); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/vdir1"); httpContext .SetupGet(hc => hc.Request.Path) .Returns("/index.html"); var options = new AntiforgeryOptions { Cookie = { Name = _cookieName, Domain = expectedCookieDomain } }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act tokenStore.SaveCookieToken(httpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options !.HttpOnly); Assert.Equal("/vdir1", cookies.Options.Path); Assert.Equal(expectedCookieDomain, cookies.Options.Domain); }
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag) { // Arrange var token = "serialized-value"; bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor var cookies = new MockResponseCookieCollection(); var mockHttpContext = new Mock<HttpContext>(); mockHttpContext .Setup(o => o.Response.Cookies) .Returns(cookies); var options = new AntiforgeryOptions() { CookieName = _cookieName, RequireSsl = requireSsl }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act tokenStore.SaveCookieToken(mockHttpContext.Object, token); // Assert Assert.Equal(1, cookies.Count); Assert.NotNull(cookies); Assert.Equal(_cookieName, cookies.Key); Assert.Equal("serialized-value", cookies.Value); Assert.True(cookies.Options.HttpOnly); Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure); }