public async Task Filter_SkipsAntiforgeryVerification_WhenOverridden() { // Arrange var antiforgery = new Mock <IAntiforgery>(MockBehavior.Strict); antiforgery .Setup(a => a.ValidateRequestAsync(It.IsAny <HttpContext>())) .Returns(Task.FromResult(0)) .Verifiable(); var filter = new ValidateAntiforgeryTokenAuthorizationFilter(antiforgery.Object, NullLoggerFactory.Instance); var actionContext = new ActionContext(new DefaultHttpContext(), new RouteData(), new ActionDescriptor()); actionContext.HttpContext.Request.Method = "POST"; var context = new AuthorizationFilterContext(actionContext, new IFilterMetadata[] { filter, new IgnoreAntiforgeryTokenAttribute(), }); // Act await filter.OnAuthorizationAsync(context); // Assert antiforgery.Verify(a => a.ValidateRequestAsync(It.IsAny <HttpContext>()), Times.Never()); }
public async Task Filter_SetsFailureResult() { // Arrange var antiforgery = new Mock <IAntiforgery>(MockBehavior.Strict); antiforgery .Setup(a => a.ValidateRequestAsync(It.IsAny <HttpContext>())) .Throws(new AntiforgeryValidationException("Failed")) .Verifiable(); var filter = new ValidateAntiforgeryTokenAuthorizationFilter(antiforgery.Object, NullLoggerFactory.Instance); var actionContext = new ActionContext(new DefaultHttpContext(), new RouteData(), new ActionDescriptor()); actionContext.HttpContext.Request.Method = "POST"; var context = new AuthorizationFilterContext(actionContext, new[] { filter }); // Act await filter.OnAuthorizationAsync(context); // Assert Assert.IsType <AntiforgeryValidationFailedResult>(context.Result); }
public async Task Filter_ValidatesAntiforgery_ForAllMethods(string httpMethod) { // Arrange var antiforgery = new Mock <IAntiforgery>(MockBehavior.Strict); antiforgery .Setup(a => a.ValidateRequestAsync(It.IsAny <HttpContext>())) .Returns(Task.FromResult(0)) .Verifiable(); var filter = new ValidateAntiforgeryTokenAuthorizationFilter(antiforgery.Object, NullLoggerFactory.Instance); var actionContext = new ActionContext(new DefaultHttpContext(), new RouteData(), new ActionDescriptor()); actionContext.HttpContext.Request.Method = httpMethod; var context = new AuthorizationFilterContext(actionContext, new[] { filter }); // Act await filter.OnAuthorizationAsync(context); // Assert antiforgery.Verify(); }