public void LoadTempData_Base64UrlDecodesAnd_UnprotectsData_FromCookie()
{
// Arrange
var expectedValues = new Dictionary <string, object>();
expectedValues.Add("int", 10);
var tempDataProviderSerializer = new TempDataSerializer();
var expectedDataToUnprotect = tempDataProviderSerializer.Serialize(expectedValues);
var base64AndUrlEncodedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToUnprotect);
var dataProtector = new PassThroughDataProtector();
var tempDataProvider = GetProvider(dataProtector);
var requestCookies = new RequestCookieCollection(new Dictionary <string, string>()
{
{ CookieTempDataProvider.CookieName, base64AndUrlEncodedDataInCookie }
});
var httpContext = new Mock <HttpContext>();
httpContext
.Setup(hc => hc.Request.Cookies)
.Returns(requestCookies);
// Act
var actualValues = tempDataProvider.LoadTempData(httpContext.Object);
// Assert
Assert.Equal(expectedDataToUnprotect, dataProtector.DataToUnprotect);
Assert.Equal(expectedValues, actualValues);
}
public void SaveTempData_ProtectsAnd_Base64UrlEncodesDataAnd_SetsCookie()
{
// Arrange
var values = new Dictionary <string, object>();
values.Add("int", 10);
var expectedDataToProtect = Bytes;
var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect);
var dataProtector = new PassThroughDataProtector();
var tempDataProvider = GetProvider(dataProtector);
var responseCookies = new MockResponseCookieCollection();
var httpContext = new Mock <HttpContext>();
httpContext
.SetupGet(hc => hc.Request.PathBase)
.Returns("/");
httpContext
.Setup(hc => hc.Response.Cookies)
.Returns(responseCookies);
// Act
tempDataProvider.SaveTempData(httpContext.Object, Dictionary);
// Assert
Assert.Equal(1, responseCookies.Count);
var cookieInfo = responseCookies[CookieTempDataProvider.CookieName];
Assert.NotNull(cookieInfo);
Assert.Equal(expectedDataInCookie, cookieInfo.Value);
Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect);
}
public void SaveTempData_RemovesCookie_WhenNoDataToSave()
{
// Arrange
var values = new Dictionary <string, object>();
var serializedData = Bytes;
var base64AndUrlEncodedData = WebEncoders.Base64UrlEncode(serializedData);
var dataProtector = new PassThroughDataProtector();
var tempDataProvider = GetProvider(dataProtector);
var requestCookies = $"{CookieTempDataProvider.CookieName}={base64AndUrlEncodedData}";
var httpContext = new DefaultHttpContext();
httpContext.Request.PathBase = "/";
httpContext.Request.Headers.Cookie = requestCookies;
// Act
tempDataProvider.SaveTempData(httpContext, new Dictionary <string, object>());
// Assert
var responseCookies = httpContext.Response.GetTypedHeaders().SetCookie;
Assert.Single(responseCookies);
var cookie = responseCookies.Single();
Assert.NotNull(cookie);
Assert.Equal(CookieTempDataProvider.CookieName, cookie.Name);
Assert.Equal(string.Empty, cookie.Value);
Assert.NotNull(cookie.Expires);
Assert.True(cookie.Expires.Value < DateTimeOffset.Now); // expired cookie
}
public void SaveTempData_CustomProviderOptions_SetsCookie_WithAppropriateCookieOptions(
string requestPathBase,
string optionsPath,
string optionsDomain,
string expectedCookiePath,
string expectedDomain)
{
// Arrange
var values = new Dictionary <string, object>();
values.Add("int", 10);
var tempDataProviderStore = new TempDataSerializer();
var expectedDataToProtect = tempDataProviderStore.Serialize(values);
var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect);
var dataProtector = new PassThroughDataProtector();
var tempDataProvider = GetProvider(
dataProtector,
new CookieTempDataProviderOptions
{
Cookie =
{
Path = optionsPath,
Domain = optionsDomain
}
});
var responseCookies = new MockResponseCookieCollection();
var httpContext = new Mock <HttpContext>();
httpContext
.SetupGet(hc => hc.Request.IsHttps)
.Returns(false);
httpContext
.SetupGet(hc => hc.Request.PathBase)
.Returns(requestPathBase);
httpContext
.Setup(hc => hc.Response.Cookies)
.Returns(responseCookies);
// Act
tempDataProvider.SaveTempData(httpContext.Object, values);
// Assert
Assert.Equal(1, responseCookies.Count);
var cookieInfo = responseCookies[CookieTempDataProvider.CookieName];
Assert.NotNull(cookieInfo);
Assert.Equal(expectedDataInCookie, cookieInfo.Value);
Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect);
Assert.Equal(expectedCookiePath, cookieInfo.Options.Path);
Assert.Equal(expectedDomain, cookieInfo.Options.Domain);
Assert.False(cookieInfo.Options.Secure);
Assert.True(cookieInfo.Options.HttpOnly);
Assert.Null(cookieInfo.Options.Expires);
}
private CookieTempDataProvider GetProvider(IDataProtector dataProtector = null, CookieTempDataProviderOptions options = null)
{
if (dataProtector == null)
{
dataProtector = new PassThroughDataProtector();
}
if (options == null)
{
options = new CookieTempDataProviderOptions();
}
var testOptions = new Mock <IOptions <CookieTempDataProviderOptions> >();
testOptions.SetupGet(o => o.Value).Returns(options);
return(new CookieTempDataProvider(new PassThroughDataProtectionProvider(dataProtector), NullLoggerFactory.Instance, testOptions.Object));
}
public void SaveTempData_HonorsCookieSecurePolicy_OnOptions(
bool isRequestSecure,
CookieSecurePolicy cookieSecurePolicy,
bool expectedSecureFlag)
{
// Arrange
var values = new Dictionary <string, object>();
values.Add("int", 10);
var tempDataProviderStore = new TempDataSerializer();
var expectedDataToProtect = tempDataProviderStore.Serialize(values);
var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect);
var dataProtector = new PassThroughDataProtector();
var options = new CookieTempDataProviderOptions();
options.Cookie.SecurePolicy = cookieSecurePolicy;
var tempDataProvider = GetProvider(dataProtector, options);
var responseCookies = new MockResponseCookieCollection();
var httpContext = new Mock <HttpContext>();
httpContext
.SetupGet(hc => hc.Request.PathBase)
.Returns("/");
httpContext
.SetupGet(hc => hc.Request.IsHttps)
.Returns(isRequestSecure);
httpContext
.Setup(hc => hc.Response.Cookies)
.Returns(responseCookies);
// Act
tempDataProvider.SaveTempData(httpContext.Object, values);
// Assert
Assert.Equal(1, responseCookies.Count);
var cookieInfo = responseCookies[CookieTempDataProvider.CookieName];
Assert.NotNull(cookieInfo);
Assert.Equal(expectedDataInCookie, cookieInfo.Value);
Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect);
Assert.Equal("/", cookieInfo.Options.Path);
Assert.Equal(expectedSecureFlag, cookieInfo.Options.Secure);
Assert.True(cookieInfo.Options.HttpOnly);
Assert.Null(cookieInfo.Options.Expires);
Assert.Null(cookieInfo.Options.Domain);
}
public void LoadTempData_Base64UrlDecodesAnd_UnprotectsData_FromCookie()
{
// Arrange
var expectedDataToUnprotect = Bytes;
var base64AndUrlEncodedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToUnprotect);
var dataProtector = new PassThroughDataProtector();
var tempDataProvider = GetProvider(dataProtector);
var httpContext = new DefaultHttpContext();
httpContext.Request.Headers.Cookie = $"{CookieTempDataProvider.CookieName}={base64AndUrlEncodedDataInCookie}";
// Act
var actualValues = tempDataProvider.LoadTempData(httpContext);
// Assert
Assert.Equal(expectedDataToUnprotect, dataProtector.DataToUnprotect);
Assert.Same(Dictionary, actualValues);
}
public void SaveTempData_RemovesCookie_WhenNoDataToSave()
{
// Arrange
var values = new Dictionary <string, object>();
values.Add("int", 10);
var tempDataProviderStore = new TempDataSerializer();
var serializedData = tempDataProviderStore.Serialize(values);
var base64AndUrlEncodedData = WebEncoders.Base64UrlEncode(serializedData);
var dataProtector = new PassThroughDataProtector();
var tempDataProvider = GetProvider(dataProtector);
var requestCookies = new RequestCookieCollection(new Dictionary <string, string>()
{
{ CookieTempDataProvider.CookieName, base64AndUrlEncodedData }
});
var responseCookies = new MockResponseCookieCollection();
var httpContext = new Mock <HttpContext>();
httpContext
.SetupGet(hc => hc.Request.PathBase)
.Returns("/");
httpContext
.Setup(hc => hc.Request.Cookies)
.Returns(requestCookies);
httpContext
.Setup(hc => hc.Response.Cookies)
.Returns(responseCookies);
httpContext
.Setup(hc => hc.Response.Headers)
.Returns(new HeaderDictionary());
// Act
tempDataProvider.SaveTempData(httpContext.Object, new Dictionary <string, object>());
// Assert
Assert.Equal(1, responseCookies.Count);
var cookie = responseCookies[CookieTempDataProvider.CookieName];
Assert.NotNull(cookie);
Assert.Equal(string.Empty, cookie.Value);
Assert.NotNull(cookie.Options.Expires);
Assert.True(cookie.Options.Expires.Value < DateTimeOffset.Now); // expired cookie
}
public void SaveTempData_SetsSecureAttributeOnCookie_OnlyIfRequestIsSecure(bool isSecure)
{
// Arrange
var values = new Dictionary <string, object>();
values.Add("int", 10);
var tempDataProviderStore = new TempDataSerializer();
var expectedDataToProtect = tempDataProviderStore.Serialize(values);
var expectedDataInCookie = Base64UrlTextEncoder.Encode(expectedDataToProtect);
var dataProtector = new PassThroughDataProtector();
var tempDataProvider = GetProvider(dataProtector);
var responseCookies = new MockResponseCookieCollection();
var httpContext = new Mock <HttpContext>();
httpContext
.SetupGet(hc => hc.Request.PathBase)
.Returns("/");
httpContext
.SetupGet(hc => hc.Request.IsHttps)
.Returns(isSecure);
httpContext
.Setup(hc => hc.Response.Cookies)
.Returns(responseCookies);
// Act
tempDataProvider.SaveTempData(httpContext.Object, values);
// Assert
Assert.Equal(1, responseCookies.Count);
var cookieInfo = responseCookies[CookieTempDataProvider.CookieName];
Assert.NotNull(cookieInfo);
Assert.Equal(expectedDataInCookie, cookieInfo.Value);
Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect);
Assert.Equal("/", cookieInfo.Options.Path);
Assert.Equal(isSecure, cookieInfo.Options.Secure);
Assert.True(cookieInfo.Options.HttpOnly);
Assert.Null(cookieInfo.Options.Expires);
Assert.Null(cookieInfo.Options.Domain);
}
public void SaveTempData_DefaultProviderOptions_SetsCookie_WithAppropriateCookieOptions(
string pathBase,
string expectedCookiePath)
{
// Arrange
var expectedDataToProtect = Bytes;
var expectedDataInCookie = WebEncoders.Base64UrlEncode(expectedDataToProtect);
var dataProtector = new PassThroughDataProtector();
var tempDataProvider = GetProvider(dataProtector);
var responseCookies = new MockResponseCookieCollection();
var httpContext = new Mock <HttpContext>();
httpContext
.SetupGet(hc => hc.Request.PathBase)
.Returns(pathBase);
httpContext
.SetupGet(hc => hc.Request.IsHttps)
.Returns(false);
httpContext
.Setup(hc => hc.Response.Cookies)
.Returns(responseCookies);
// Act
tempDataProvider.SaveTempData(httpContext.Object, Dictionary);
// Assert
Assert.Equal(1, responseCookies.Count);
var cookieInfo = responseCookies[CookieTempDataProvider.CookieName];
Assert.NotNull(cookieInfo);
Assert.Equal(expectedDataInCookie, cookieInfo.Value);
Assert.Equal(expectedDataToProtect, dataProtector.PlainTextToProtect);
Assert.Equal(expectedCookiePath, cookieInfo.Options.Path);
Assert.False(cookieInfo.Options.Secure);
Assert.True(cookieInfo.Options.HttpOnly);
Assert.Null(cookieInfo.Options.Expires);
Assert.Null(cookieInfo.Options.Domain);
}
