public void LoadTempData_Base64UrlDecodesAnd_UnprotectsData_FromCookie() { // Arrange var expectedValues = new Dictionary <string, object>(); expectedValues.Add("int", 10); var tempDataProviderSerializer = new TempDataSerializer(); var expectedDataToUnprotect = tempDataProviderSerializer.Serialize(expectedValues); var base64AndUrlEncodedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToUnprotect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var requestCookies = new RequestCookieCollection(new Dictionary <string, string>() { { CookieTempDataProvider.CookieName, base64AndUrlEncodedDataInCookie } }); var httpContext = new Mock <HttpContext>(); httpContext .Setup(hc => hc.Request.Cookies) .Returns(requestCookies); // Act var actualValues = tempDataProvider.LoadTempData(httpContext.Object); // Assert Assert.Equal(expectedDataToUnprotect, dataProtector.DataToUnprotect); Assert.Equal(expectedValues, actualValues); }
public void SaveTempData_ProtectsAnd_Base64UrlEncodesDataAnd_SetsCookie() { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var expectedDataToProtect = Bytes; var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, Dictionary); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); }
public void SaveTempData_RemovesCookie_WhenNoDataToSave() { // Arrange var values = new Dictionary <string, object>(); var serializedData = Bytes; var base64AndUrlEncodedData = WebEncoders.Base64UrlEncode(serializedData); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var requestCookies = $"{CookieTempDataProvider.CookieName}={base64AndUrlEncodedData}"; var httpContext = new DefaultHttpContext(); httpContext.Request.PathBase = "/"; httpContext.Request.Headers.Cookie = requestCookies; // Act tempDataProvider.SaveTempData(httpContext, new Dictionary <string, object>()); // Assert var responseCookies = httpContext.Response.GetTypedHeaders().SetCookie; Assert.Single(responseCookies); var cookie = responseCookies.Single(); Assert.NotNull(cookie); Assert.Equal(CookieTempDataProvider.CookieName, cookie.Name); Assert.Equal(string.Empty, cookie.Value); Assert.NotNull(cookie.Expires); Assert.True(cookie.Expires.Value < DateTimeOffset.Now); // expired cookie }
public void SaveTempData_CustomProviderOptions_SetsCookie_WithAppropriateCookieOptions( string requestPathBase, string optionsPath, string optionsDomain, string expectedCookiePath, string expectedDomain) { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var tempDataProviderStore = new TempDataSerializer(); var expectedDataToProtect = tempDataProviderStore.Serialize(values); var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider( dataProtector, new CookieTempDataProviderOptions { Cookie = { Path = optionsPath, Domain = optionsDomain } }); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.IsHttps) .Returns(false); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns(requestPathBase); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, values); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); Assert.Equal(expectedCookiePath, cookieInfo.Options.Path); Assert.Equal(expectedDomain, cookieInfo.Options.Domain); Assert.False(cookieInfo.Options.Secure); Assert.True(cookieInfo.Options.HttpOnly); Assert.Null(cookieInfo.Options.Expires); }
private CookieTempDataProvider GetProvider(IDataProtector dataProtector = null, CookieTempDataProviderOptions options = null) { if (dataProtector == null) { dataProtector = new PassThroughDataProtector(); } if (options == null) { options = new CookieTempDataProviderOptions(); } var testOptions = new Mock <IOptions <CookieTempDataProviderOptions> >(); testOptions.SetupGet(o => o.Value).Returns(options); return(new CookieTempDataProvider(new PassThroughDataProtectionProvider(dataProtector), NullLoggerFactory.Instance, testOptions.Object)); }
public void SaveTempData_HonorsCookieSecurePolicy_OnOptions( bool isRequestSecure, CookieSecurePolicy cookieSecurePolicy, bool expectedSecureFlag) { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var tempDataProviderStore = new TempDataSerializer(); var expectedDataToProtect = tempDataProviderStore.Serialize(values); var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var options = new CookieTempDataProviderOptions(); options.Cookie.SecurePolicy = cookieSecurePolicy; var tempDataProvider = GetProvider(dataProtector, options); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .SetupGet(hc => hc.Request.IsHttps) .Returns(isRequestSecure); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, values); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); Assert.Equal("/", cookieInfo.Options.Path); Assert.Equal(expectedSecureFlag, cookieInfo.Options.Secure); Assert.True(cookieInfo.Options.HttpOnly); Assert.Null(cookieInfo.Options.Expires); Assert.Null(cookieInfo.Options.Domain); }
public void LoadTempData_Base64UrlDecodesAnd_UnprotectsData_FromCookie() { // Arrange var expectedDataToUnprotect = Bytes; var base64AndUrlEncodedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToUnprotect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var httpContext = new DefaultHttpContext(); httpContext.Request.Headers.Cookie = $"{CookieTempDataProvider.CookieName}={base64AndUrlEncodedDataInCookie}"; // Act var actualValues = tempDataProvider.LoadTempData(httpContext); // Assert Assert.Equal(expectedDataToUnprotect, dataProtector.DataToUnprotect); Assert.Same(Dictionary, actualValues); }
public void SaveTempData_RemovesCookie_WhenNoDataToSave() { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var tempDataProviderStore = new TempDataSerializer(); var serializedData = tempDataProviderStore.Serialize(values); var base64AndUrlEncodedData = WebEncoders.Base64UrlEncode(serializedData); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var requestCookies = new RequestCookieCollection(new Dictionary <string, string>() { { CookieTempDataProvider.CookieName, base64AndUrlEncodedData } }); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .Setup(hc => hc.Request.Cookies) .Returns(requestCookies); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); httpContext .Setup(hc => hc.Response.Headers) .Returns(new HeaderDictionary()); // Act tempDataProvider.SaveTempData(httpContext.Object, new Dictionary <string, object>()); // Assert Assert.Equal(1, responseCookies.Count); var cookie = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookie); Assert.Equal(string.Empty, cookie.Value); Assert.NotNull(cookie.Options.Expires); Assert.True(cookie.Options.Expires.Value < DateTimeOffset.Now); // expired cookie }
public void SaveTempData_SetsSecureAttributeOnCookie_OnlyIfRequestIsSecure(bool isSecure) { // Arrange var values = new Dictionary <string, object>(); values.Add("int", 10); var tempDataProviderStore = new TempDataSerializer(); var expectedDataToProtect = tempDataProviderStore.Serialize(values); var expectedDataInCookie = Base64UrlTextEncoder.Encode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns("/"); httpContext .SetupGet(hc => hc.Request.IsHttps) .Returns(isSecure); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, values); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); Assert.Equal("/", cookieInfo.Options.Path); Assert.Equal(isSecure, cookieInfo.Options.Secure); Assert.True(cookieInfo.Options.HttpOnly); Assert.Null(cookieInfo.Options.Expires); Assert.Null(cookieInfo.Options.Domain); }
public void SaveTempData_DefaultProviderOptions_SetsCookie_WithAppropriateCookieOptions( string pathBase, string expectedCookiePath) { // Arrange var expectedDataToProtect = Bytes; var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect); var dataProtector = new PassThroughDataProtector(); var tempDataProvider = GetProvider(dataProtector); var responseCookies = new MockResponseCookieCollection(); var httpContext = new Mock <HttpContext>(); httpContext .SetupGet(hc => hc.Request.PathBase) .Returns(pathBase); httpContext .SetupGet(hc => hc.Request.IsHttps) .Returns(false); httpContext .Setup(hc => hc.Response.Cookies) .Returns(responseCookies); // Act tempDataProvider.SaveTempData(httpContext.Object, Dictionary); // Assert Assert.Equal(1, responseCookies.Count); var cookieInfo = responseCookies[CookieTempDataProvider.CookieName]; Assert.NotNull(cookieInfo); Assert.Equal(expectedDataInCookie, cookieInfo.Value); Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect); Assert.Equal(expectedCookiePath, cookieInfo.Options.Path); Assert.False(cookieInfo.Options.Secure); Assert.True(cookieInfo.Options.HttpOnly); Assert.Null(cookieInfo.Options.Expires); Assert.Null(cookieInfo.Options.Domain); }