public async Task GetRequestTokens_NoHeaderToken_NonFormContentType_ReturnsNullToken() { // Arrange var httpContext = GetHttpContext("cookie-name", "cookie-value"); httpContext.Request.ContentType = "application/json"; // Will not be accessed httpContext.Request.Form = null !; var options = new AntiforgeryOptions { Cookie = { Name = "cookie-name" }, FormFieldName = "form-field-name", HeaderName = "header-name", }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act var tokenSet = await tokenStore.GetRequestTokensAsync(httpContext); // Assert Assert.Equal("cookie-value", tokenSet.CookieToken); Assert.Null(tokenSet.RequestToken); }
public async Task GetRequestTokens_NoHeaderToken_FallsBackToFormToken() { // Arrange var httpContext = GetHttpContext("cookie-name", "cookie-value"); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = new FormCollection(new Dictionary <string, StringValues> { { "form-field-name", "form-value" }, }); var options = new AntiforgeryOptions { Cookie = { Name = "cookie-name" }, FormFieldName = "form-field-name", HeaderName = "header-name", }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act var tokens = await tokenStore.GetRequestTokensAsync(httpContext); // Assert Assert.Equal("cookie-value", tokens.CookieToken); Assert.Equal("form-value", tokens.RequestToken); }
public async Task GetRequestTokens_FormContentType_FallbackHeaderToken() { // Arrange var httpContext = GetHttpContext("cookie-name", "cookie-value"); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = FormCollection.Empty; httpContext.Request.Headers.Add("header-name", "header-value"); var options = new AntiforgeryOptions() { CookieName = "cookie-name", FormFieldName = "form-field-name", HeaderName = "header-name", }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act var tokens = await tokenStore.GetRequestTokensAsync(httpContext); // Assert Assert.Equal("cookie-value", tokens.CookieToken); Assert.Equal("header-value", tokens.RequestToken); }
public async Task GetRequestTokens_CookieIsEmpty_ReturnsNullTokens() { // Arrange var httpContext = GetHttpContext(); httpContext.Request.Form = FormCollection.Empty; var options = new AntiforgeryOptions { Cookie = { Name = "cookie-name" }, FormFieldName = "form-field-name", }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act var tokenSet = await tokenStore.GetRequestTokensAsync(httpContext); // Assert Assert.Null(tokenSet.CookieToken); Assert.Null(tokenSet.RequestToken); }
public async Task GetRequestTokens_ReadFormAsyncThrowsInvalidDataException_ThrowsAntiforgeryValidationException() { // Arrange var exception = new InvalidDataException(); var httpContext = new Mock <HttpContext>(); httpContext.Setup(r => r.Request.Cookies).Returns(Mock.Of <IRequestCookieCollection>()); httpContext.SetupGet(r => r.Request.HasFormContentType).Returns(true); httpContext.Setup(r => r.Request.ReadFormAsync(It.IsAny <CancellationToken>())).Throws(exception); var options = new AntiforgeryOptions { Cookie = { Name = "cookie-name" }, FormFieldName = "form-field-name", HeaderName = null, }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act & Assert var ex = await Assert.ThrowsAsync <AntiforgeryValidationException>(() => tokenStore.GetRequestTokensAsync(httpContext.Object)); Assert.Same(exception, ex.InnerException); }
public async Task GetRequestTokens_BothHeaderValueAndFormFieldsEmpty_ReturnsNullTokens() { // Arrange var httpContext = GetHttpContext("cookie-name", "cookie-value"); httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.Form = FormCollection.Empty; var options = new AntiforgeryOptions { Cookie = { Name = "cookie-name" }, FormFieldName = "form-field-name", HeaderName = "header-name", }; var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); // Act var tokenSet = await tokenStore.GetRequestTokensAsync(httpContext); // Assert Assert.Equal("cookie-value", tokenSet.CookieToken); Assert.Null(tokenSet.RequestToken); }