public void SaltProperty() {
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
MemberHelper.TestStringProperty(token, "Salt", String.Empty, false /* testDefaultValue */, true /* allowNullAndEmpty */);
}
public void SerializeReturnsSerializedString() {
// Arrange
AntiForgeryData token = new AntiForgeryData() {
CreationDate = new DateTime(2001, 1, 1),
Salt = "the salt",
Value = "the value"
};
Mock<IStateFormatter> mockFormatter = new Mock<IStateFormatter>();
mockFormatter
.Expect(f => f.Serialize(It.IsAny<object>()))
.Returns(
delegate(object state) {
Triplet t = state as Triplet;
Assert.IsNotNull(t);
Assert.AreEqual("the salt", t.First);
Assert.AreEqual("the value", t.Second);
Assert.AreEqual(new DateTime(2001, 1, 1), t.Third);
return "serialized value";
}
);
AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer() {
Formatter = mockFormatter.Object
};
// Act
string serializedValue = serializer.Serialize(token);
// Assert
Assert.AreEqual("serialized value", serializedValue);
}
public void CreationDateProperty() {
// Arrange
AntiForgeryData token = new AntiForgeryData();
// Act & Assert
MemberHelper.TestPropertyValue(token, "CreationDate", DateTime.Now);
}
// copy constructor
public AntiForgeryData(AntiForgeryData token) {
if (token == null) {
throw new ArgumentNullException("token");
}
CreationDate = token.CreationDate;
Salt = token.Salt;
Value = token.Value;
}
// copy constructor
public AntiForgeryData(AntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
CreationDate = token.CreationDate;
Salt = token.Salt;
Value = token.Value;
}
public string AntiForgeryToken(string salt, string domain, string path)
{
string formValue = GetAntiForgeryTokenAndSetCookie(salt, domain, path);
string fieldName = AntiForgeryData.GetAntiForgeryTokenName(null);
TagBuilder builder = new TagBuilder("input");
builder.Attributes["type"] = "hidden";
builder.Attributes["name"] = fieldName;
builder.Attributes["value"] = formValue;
return(builder.ToString(TagRenderMode.SelfClosing));
}
public virtual string Serialize(AntiForgeryData token) {
if (token == null) {
throw new ArgumentNullException("token");
}
Triplet objToSerialize = new Triplet() {
First = token.Salt,
Second = token.Value,
Third = token.CreationDate
};
string serializedValue = Formatter.Serialize(objToSerialize);
return serializedValue;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
string fieldName = AntiForgeryData.GetAntiForgeryTokenName(null);
string cookieName = AntiForgeryData.GetAntiForgeryTokenName(filterContext.HttpContext.Request.ApplicationPath);
HttpCookie cookie = filterContext.HttpContext.Request.Cookies[cookieName];
if (cookie == null || String.IsNullOrEmpty(cookie.Value))
{
// error: cookie token is missing
throw CreateValidationException();
}
AntiForgeryData cookieToken = Serializer.Deserialize(cookie.Value);
string formValue = filterContext.HttpContext.Request.Form[fieldName];
if (String.IsNullOrEmpty(formValue))
{
// error: form token is missing
throw CreateValidationException();
}
AntiForgeryData formToken = Serializer.Deserialize(formValue);
if (!String.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
{
// error: form token does not match cookie token
throw CreateValidationException();
}
string currentUsername = AntiForgeryData.GetUsername(filterContext.HttpContext.User);
if (!String.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
{
// error: form token is not valid for this user
// (don't care about cookie token)
throw CreateValidationException();
}
if (!ValidateFormToken(formToken))
{
// error: custom validation failed
throw CreateValidationException();
}
}
public virtual string Serialize(AntiForgeryData token) {
if (token == null) {
throw new ArgumentNullException("token");
}
object[] objToSerialize = new object[] {
token.Salt,
token.Value,
token.CreationDate,
token.Username
};
string serializedValue = Formatter.Serialize(objToSerialize);
return serializedValue;
}
public void CopyConstructor() {
// Arrange
AntiForgeryData originalToken = new AntiForgeryData() {
CreationDate = DateTime.Now,
Salt = "some salt",
Value = "some value"
};
// Act
AntiForgeryData newToken = new AntiForgeryData(originalToken);
// Assert
Assert.AreEqual(originalToken.CreationDate, newToken.CreationDate);
Assert.AreEqual(originalToken.Salt, newToken.Salt);
Assert.AreEqual(originalToken.Value, newToken.Value);
}
public virtual string Serialize(AntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
object[] objToSerialize = new object[] {
token.Salt,
token.Value,
token.CreationDate,
token.Username
};
string serializedValue = Formatter.Serialize(objToSerialize);
return(serializedValue);
}
public virtual string Serialize(AntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
Triplet objToSerialize = new Triplet()
{
First = token.Salt,
Second = token.Value,
Third = token.CreationDate
};
string serializedValue = Formatter.Serialize(objToSerialize);
return(serializedValue);
}
public void CanRoundTripData() {
// Arrange
AntiForgeryDataSerializer serializer = new AntiForgeryDataSerializer {
Decoder = value => Convert.FromBase64String(value),
Encoder = bytes => Convert.ToBase64String(bytes),
};
AntiForgeryData input = new AntiForgeryData {
Salt = "The Salt",
Username = "******",
Value = "The Value",
CreationDate = DateTime.Now,
};
// Act
AntiForgeryData output = serializer.Deserialize(serializer.Serialize(input));
// Assert
Assert.IsNotNull(output);
Assert.AreEqual(input.Salt, output.Salt);
Assert.AreEqual(input.Username, output.Username);
Assert.AreEqual(input.Value, output.Value);
Assert.AreEqual(input.CreationDate, output.CreationDate);
}
private string GetAntiForgeryTokenAndSetCookie(string salt, string domain, string path)
{
string cookieName = AntiForgeryData.GetAntiForgeryTokenName(ViewContext.HttpContext.Request.ApplicationPath);
AntiForgeryData cookieToken;
HttpCookie cookie = ViewContext.HttpContext.Request.Cookies[cookieName];
if (cookie != null)
{
cookieToken = Serializer.Deserialize(cookie.Value);
}
else
{
cookieToken = AntiForgeryData.NewToken();
string cookieValue = Serializer.Serialize(cookieToken);
HttpCookie newCookie = new HttpCookie(cookieName, cookieValue)
{
HttpOnly = true, Domain = domain
};
if (!String.IsNullOrEmpty(path))
{
newCookie.Path = path;
}
ViewContext.HttpContext.Response.Cookies.Set(newCookie);
}
AntiForgeryData formToken = new AntiForgeryData(cookieToken)
{
CreationDate = DateTime.Now,
Salt = salt
};
string formValue = Serializer.Serialize(formToken);
return(formValue);
}
private string GetAntiForgeryTokenAndSetCookie(string salt, string domain, string path)
{
string cookieName = AntiForgeryData.GetAntiForgeryTokenName(ViewContext.HttpContext.Request.ApplicationPath);
AntiForgeryData cookieToken;
HttpCookie cookie = ViewContext.HttpContext.Request.Cookies[cookieName];
if (cookie != null) {
cookieToken = Serializer.Deserialize(cookie.Value);
}
else {
cookieToken = AntiForgeryData.NewToken();
string cookieValue = Serializer.Serialize(cookieToken);
HttpCookie newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain };
if (!String.IsNullOrEmpty(path)) {
newCookie.Path = path;
}
ViewContext.HttpContext.Response.Cookies.Set(newCookie);
}
AntiForgeryData formToken = new AntiForgeryData(cookieToken) {
Salt = salt,
Username = AntiForgeryData.GetUsername(ViewContext.HttpContext.User)
};
string formValue = Serializer.Serialize(formToken);
return formValue;
}
private bool ValidateFormToken(AntiForgeryData token)
{
return(String.Equals(Salt, token.Salt, StringComparison.Ordinal));
}
string GetAntiForgeryTokenAndSetCookie(string salt, string domain, string path)
{
var cookieName = AntiForgeryData.GetAntiForgeryTokenName(ViewContext.HttpContext.Request.ApplicationPath);
AntiForgeryData cookieToken;
var cookie = ViewContext.HttpContext.Request.Cookies[cookieName];
if (cookie != null)
{
cookieToken = Serializer.Deserialize(cookie.Value);
}
else
{
cookieToken = AntiForgeryData.NewToken();
var cookieValue = Serializer.Serialize(cookieToken);
var newCookie = new HttpCookie(cookieName, cookieValue) {HttpOnly = true, Domain = domain};
if (!String.IsNullOrEmpty(path))
{
newCookie.Path = path;
}
ViewContext.HttpContext.Response.Cookies.Set(newCookie);
}
var formToken = new AntiForgeryData(cookieToken)
{
CreationDate = DateTime.Now,
Salt = salt
};
var formValue = Serializer.Serialize(formToken);
return formValue;
}
private bool ValidateFormToken(AntiForgeryData token) {
return (String.Equals(Salt, token.Salt, StringComparison.Ordinal));
}
public override string Serialize(AntiForgeryData token) {
return String.Format(CultureInfo.InvariantCulture, "Creation: {0}, Value: {1}, Salt: {2}, Username: {3}",
token.CreationDate, token.Value, token.Salt, token.Username);
}
