diff --git a/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs b/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs
index 583a71ffea..0cdcf35a8b 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs
@@ -54,15 +54,6 @@ namespace Microsoft.AspNetCore.Antiforgery
///
Task ValidateRequestAsync(HttpContext httpContext);
- ///
- /// Validates an for the current request.
- ///
- /// The associated with the current request.
- ///
- /// The (cookie and request token) for this request.
- ///
- void ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet);
-
///
/// Generates and stores an antiforgery cookie token if one is not available or not valid.
///
diff --git a/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs b/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs
index 76a5ff8f30..d25909886d 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs
@@ -135,8 +135,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
ValidateTokens(httpContext, tokens);
}
- ///
- public void ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet)
+ private void ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet)
{
if (httpContext == null)
{
diff --git a/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs b/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs
index e1f64fcab2..4651a14d83 100644
--- a/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs
+++ b/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs
@@ -6,7 +6,6 @@ using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Internal;
-using Microsoft.AspNetCore.Testing;
using Microsoft.Extensions.Options;
using Moq;
using Xunit;
@@ -57,28 +56,6 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
exception.Message);
}
- [Fact]
- public void ChecksSSL_ValidateTokens_Throws()
- {
- // Arrange
- var httpContext = new DefaultHttpContext();
- var options = new AntiforgeryOptions()
- {
- RequireSsl = true
- };
-
- var antiforgery = GetAntiforgery(options);
- var tokenSet = new AntiforgeryTokenSet("hello", "world", "form", "header");
-
- // Act & Assert
- var exception = Assert.Throws(
- () => antiforgery.ValidateTokens(httpContext, tokenSet));
- Assert.Equal(
- @"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
- "but the current request is not an SSL request.",
- exception.Message);
- }
-
[Fact]
public void ChecksSSL_GetAndStoreTokens_Throws()
{
@@ -248,95 +225,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
}
[Fact]
- public void ValidateTokens_InvalidTokens_Throws()
- {
- // Arrange
- var context = CreateMockContext(new AntiforgeryOptions());
-
- context.TokenSerializer
- .Setup(o => o.Deserialize("cookie-token"))
- .Returns(context.TestTokenSet.OldCookieToken);
- context.TokenSerializer
- .Setup(o => o.Deserialize("form-token"))
- .Returns(context.TestTokenSet.RequestToken);
-
- var message = "my-message";
- context.TokenGenerator
- .Setup(o => o.TryValidateTokenSet(
- context.HttpContext,
- context.TestTokenSet.OldCookieToken,
- context.TestTokenSet.RequestToken,
- out message))
- .Returns(false)
- .Verifiable();
-
- var antiforgery = new DefaultAntiforgery(
- new TestOptionsManager(),
- context.TokenGenerator.Object,
- context.TokenSerializer.Object,
- tokenStore: null);
-
- var tokenSet = new AntiforgeryTokenSet("form-token", "cookie-token", "form", "header");
-
- // Act & Assert
- var exception = Assert.Throws(
- () => antiforgery.ValidateTokens(
- context.HttpContext,
- tokenSet));
- Assert.Equal("my-message", exception.Message);
- context.TokenGenerator.Verify();
- }
-
- [Fact]
- public void ValidateTokens_FromValidStrings_TokensValidatedSuccessfully()
- {
- // Arrange
- var context = CreateMockContext(new AntiforgeryOptions());
- context.TokenSerializer
- .Setup(o => o.Deserialize("cookie-token"))
- .Returns(context.TestTokenSet.OldCookieToken);
- context.TokenSerializer
- .Setup(o => o.Deserialize("form-token"))
- .Returns(context.TestTokenSet.RequestToken);
-
- string message;
- context.TokenGenerator
- .Setup(o => o.TryValidateTokenSet(
- context.HttpContext,
- context.TestTokenSet.OldCookieToken,
- context.TestTokenSet.RequestToken,
- out message))
- .Returns(true)
- .Verifiable();
- context.TokenStore = null;
- var antiforgery = GetAntiforgery(context);
-
- var tokenSet = new AntiforgeryTokenSet("form-token", "cookie-token", "form", "header");
-
- // Act
- antiforgery.ValidateTokens(context.HttpContext, tokenSet);
-
- // Assert
- context.TokenGenerator.Verify();
- }
-
- [Fact]
- public void ValidateTokens_MissingCookieInTokenSet_Throws()
- {
- // Arrange
- var context = CreateMockContext(new AntiforgeryOptions());
- var antiforgery = GetAntiforgery(context);
- var tokenSet = new AntiforgeryTokenSet("form-token", null, "form", "header");
-
- // Act
- ExceptionAssert.ThrowsArgument(
- () => antiforgery.ValidateTokens(context.HttpContext, tokenSet),
- "antiforgeryTokenSet",
- "The required antiforgery cookie token must be provided.");
- }
-
- [Fact]
- public async Task IsRequestValueAsync_FromStore_Failure()
+ public async Task IsRequestValidAsync_FromStore_Failure()
{
// Arrange
var context = CreateMockContext(new AntiforgeryOptions());
@@ -357,6 +246,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
// Assert
Assert.False(result);
+ context.TokenGenerator.Verify();
}
[Fact]
@@ -409,7 +299,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
// Act & assert
var exception = await Assert.ThrowsAsync(
- async () => await antiforgery.ValidateRequestAsync(context.HttpContext));
+ () => antiforgery.ValidateRequestAsync(context.HttpContext));
Assert.Equal("my-message", exception.Message);
context.TokenGenerator.Verify();
}