public void IsXsrfMethod_Methods_MatchCaseInsensitive()
{
Assert.True(XsrfFilter.IsXsrfMethod("post"));
Assert.True(XsrfFilter.IsXsrfMethod("POst"));
Assert.True(XsrfFilter.IsXsrfMethod("delete"));
Assert.True(XsrfFilter.IsXsrfMethod("DElete"));
Assert.True(XsrfFilter.IsXsrfMethod("put"));
Assert.True(XsrfFilter.IsXsrfMethod("PUt"));
Assert.True(XsrfFilter.IsXsrfMethod("patch"));
Assert.True(XsrfFilter.IsXsrfMethod("PaTCh"));
}
public void Get_XsrfMethods_ReturnsConditionalFilterProvider()
{
foreach (var method in XsrfFilter.XsrfMethods)
{
_fakeContext = MvcMockHelpers.FakeHttpContext();
_fakeContext.Request.SetHttpMethodResult(method);
_output.WriteLine("HttpMethod => {0}", method);
var filter = XsrfFilter.Get();
Assert.IsType <ConditionalFilterProvider>(filter);
}
}
public void GetFilter_XsrfMethods_ReturnsValidateAntiForgeryTokenAttribute()
{
foreach (var method in XsrfFilter.XsrfMethods)
{
_fakeContext = MvcMockHelpers.FakeHttpContext();
_fakeContext.Request.SetHttpMethodResult(method);
_output.WriteLine("HttpMethod => {0}", method);
var postResult = XsrfFilter.GetFilter(_fakeContext.Request, new object[0]);
Assert.False(_fakeContext.Request.IsAjaxRequest());
Assert.Equal(method, _fakeContext.Request.HttpMethod);
Assert.IsType <ValidateAntiForgeryTokenAttribute>(postResult);
}
}
public void GetFilter_NonXsrfMethods_ReturnsNull()
{
foreach (var method in _nonXsrfMethods)
{
_fakeContext = MvcMockHelpers.FakeHttpContext();
_fakeContext.Request.SetHttpMethodResult(method);
_output.WriteLine("HttpMethod => {0}", method);
var postResult = XsrfFilter.GetFilter(_fakeContext.Request, new object[0]);
Assert.False(_fakeContext.Request.IsAjaxRequest());
Assert.Equal(method, _fakeContext.Request.HttpMethod);
Assert.Null(postResult);
}
}
public void GetFilter_XsrfMethodsIsAjaxWithIgnoreAttribute_ReturnsNull()
{
foreach (var method in XsrfFilter.XsrfMethods)
{
_fakeContext = MvcMockHelpers.FakeHttpContext();
_fakeContext.Request.SetHttpMethodResult(method);
_fakeContext.Request.SetAjaxHeaders();
_output.WriteLine("HttpMethod => {0}", method);
var postResult = XsrfFilter.GetFilter(
_fakeContext.Request,
new object[] { new IgnoreXsrfFilterAttribute() }
);
Assert.True(_fakeContext.Request.IsAjaxRequest());
Assert.Equal(method, _fakeContext.Request.HttpMethod);
Assert.Null(postResult);
}
}
public void GetFilters_NoParameters_ReturnsConditionalFilterProvider()
{
var context = new Mock <HttpContextBase>();
var request = new Mock <HttpRequestBase>();
context.Setup(x => x.Request).Returns(request.Object);
var controller = new Mock <ControllerBase>();
var actionDescriptor = new Mock <ActionDescriptor>();
var controllerContext = new ControllerContext(context.Object, new RouteData(), controller.Object);
var result = XsrfFilter.Get();
var filters = result.GetFilters(controllerContext, actionDescriptor.Object);
Assert.IsType <ConditionalFilterProvider>(result);
// xUnit and M$ Test type checking are different:
// System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Web.Mvc.Filter, System.Web.Mvc, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]
// Assert.IsType(typeof(IEnumerable<Filter>), filters);
Assert.IsAssignableFrom <IEnumerable <Filter> >(filters);
Assert.Empty(filters);
}
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
FilterProviders.Providers.Add(XsrfFilter.Get());
}
