From 33e3001d5367638930341179feaaadd7d8bf0543 Mon Sep 17 00:00:00 2001 From: Ryan Nowak Date: Thu, 4 Feb 2016 11:22:26 -0800 Subject: [PATCH] Remove GetHtml It's being moved to MVC --- .../IAntiforgery.cs | 15 -- .../Internal/DefaultAntiforgery.cs | 54 ------- .../project.json | 1 - .../Internal/DefaultAntiforgeryTest.cs | 152 ------------------ 4 files changed, 222 deletions(-) diff --git a/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs b/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs index d2eac4c95a..583a71ffea 100644 --- a/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs +++ b/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs @@ -2,7 +2,6 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System.Threading.Tasks; -using Microsoft.AspNetCore.Html; using Microsoft.AspNetCore.Http; namespace Microsoft.AspNetCore.Antiforgery @@ -13,20 +12,6 @@ namespace Microsoft.AspNetCore.Antiforgery /// public interface IAntiforgery { - /// - /// Generates an <input type="hidden"> element for an antiforgery token. - /// - /// The associated with the current request. - /// - /// A containing an <input type="hidden"> element. This element should be put - /// inside a <form>. - /// - /// - /// This method has a side effect: - /// A response cookie is set if there is no valid cookie associated with the request. - /// - IHtmlContent GetHtml(HttpContext httpContext); - /// /// Generates an for this request and stores the cookie token /// in the response. diff --git a/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs b/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs index 1a581a5f54..76a5ff8f30 100644 --- a/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs +++ b/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs @@ -3,10 +3,7 @@ using System; using System.Diagnostics; -using System.IO; -using System.Text.Encodings.Web; using System.Threading.Tasks; -using Microsoft.AspNetCore.Html; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Options; @@ -35,20 +32,6 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal _tokenStore = tokenStore; } - /// - public IHtmlContent GetHtml(HttpContext httpContext) - { - if (httpContext == null) - { - throw new ArgumentNullException(nameof(httpContext)); - } - - CheckSSLConfig(httpContext); - - var tokenSet = GetAndStoreTokens(httpContext); - return new InputContent(_options.FormFieldName, tokenSet.RequestToken); - } - /// public AntiforgeryTokenSet GetAndStoreTokens(HttpContext httpContext) { @@ -307,42 +290,5 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal public bool IsNewCookieToken { get; set; } } - - private class InputContent : IHtmlContent - { - private readonly string _fieldName; - private readonly string _requestToken; - - public InputContent(string fieldName, string requestToken) - { - _fieldName = fieldName; - _requestToken = requestToken; - } - - // Though _requestToken normally contains only US-ASCII letters, numbers, '-', and '_', must assume the - // IAntiforgeryTokenSerializer implementation has been overridden. Similarly, users may choose a - // _fieldName containing almost any character. - public void WriteTo(TextWriter writer, HtmlEncoder encoder) - { - var builder = writer as IHtmlContentBuilder; - if (builder != null) - { - // If possible, defer encoding until we're writing to the response. - // But there's little reason to keep this IHtmlContent instance around. - builder - .AppendHtml(""); - } - - writer.Write(""); - } - } } } \ No newline at end of file diff --git a/src/Microsoft.AspNetCore.Antiforgery/project.json b/src/Microsoft.AspNetCore.Antiforgery/project.json index 1499e577c7..bcd5357d8d 100644 --- a/src/Microsoft.AspNetCore.Antiforgery/project.json +++ b/src/Microsoft.AspNetCore.Antiforgery/project.json @@ -11,7 +11,6 @@ }, "dependencies": { "Microsoft.AspNetCore.DataProtection": "1.0.0-*", - "Microsoft.AspNetCore.Html.Abstractions": "1.0.0-*", "Microsoft.AspNetCore.Http.Abstractions": "1.0.0-*", "Microsoft.AspNetCore.WebUtilities": "1.0.0-*", "Microsoft.Extensions.ObjectPool": "1.0.0-*" diff --git a/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs b/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs index 040cf866a4..e1f64fcab2 100644 --- a/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs +++ b/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs @@ -2,14 +2,12 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; -using System.IO; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http.Internal; using Microsoft.AspNetCore.Testing; using Microsoft.Extensions.Options; -using Microsoft.Extensions.WebEncoders.Testing; using Moq; using Xunit; @@ -81,26 +79,6 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal exception.Message); } - [Fact] - public void ChecksSSL_GetHtml_Throws() - { - // Arrange - var httpContext = new DefaultHttpContext(); - var options = new AntiforgeryOptions() - { - RequireSsl = true - }; - - var antiforgery = GetAntiforgery(options); - - // Act & Assert - var exception = Assert.Throws(() => antiforgery.GetHtml(httpContext)); - Assert.Equal( - @"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " + - "but the current request is not an SSL request.", - exception.Message); - } - [Fact] public void ChecksSSL_GetAndStoreTokens_Throws() { @@ -164,136 +142,6 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal exception.Message); } - [Fact] - public void GetHtml_ExistingInvalidCookieToken_GeneratesANewCookieAndAnAntiforgeryToken() - { - // Arrange - var options = new AntiforgeryOptions() - { - FormFieldName = "form-field-name" - }; - - // Make sure the existing cookie is invalid. - var context = CreateMockContext(options, isOldCookieValid: false); - var antiforgery = GetAntiforgery(context); - var encoder = new HtmlTestEncoder(); - - // Setup so that the null cookie token returned is treated as invalid. - context.TokenGenerator - .Setup(o => o.IsCookieTokenValid(null)) - .Returns(false); - - // Act - var inputElement = antiforgery.GetHtml(context.HttpContext); - - // Assert - using (var writer = new StringWriter()) - { - inputElement.WriteTo(writer, encoder); - - Assert.Equal( - @"", - writer.ToString()); - } - - context.TokenStore.Verify(); - } - - [Fact] - public void GetHtml_ExistingInvalidCookieToken_SwallowsExceptions() - { - // Arrange - var options = new AntiforgeryOptions() - { - FormFieldName = "form-field-name" - }; - - // Make sure the existing cookie is invalid. - var context = CreateMockContext(options, isOldCookieValid: false); - var antiforgery = GetAntiforgery(context); - - // This will cause the cookieToken to be null. - context.TokenStore - .Setup(o => o.GetCookieToken(context.HttpContext)) - .Throws(new Exception("should be swallowed")); - - // Setup so that the null cookie token returned is treated as invalid. - context.TokenGenerator - .Setup(o => o.IsCookieTokenValid(null)) - .Returns(false); - - var encoder = new HtmlTestEncoder(); - - // Act - var inputElement = antiforgery.GetHtml(context.HttpContext); - - // Assert - using (var writer = new StringWriter()) - { - inputElement.WriteTo(writer, encoder); - - Assert.Equal( - @"", - writer.ToString()); - } - - context.TokenStore.Verify(); - } - - [Fact] - public void GetHtml_ExistingValidCookieToken_GeneratesAnAntiforgeryToken() - { - // Arrange - var options = new AntiforgeryOptions() - { - FormFieldName = "form-field-name" - }; - - // Make sure the existing cookie is valid and use the same cookie for the mock Token Provider. - var context = CreateMockContext(options, useOldCookie: true, isOldCookieValid: true); - var antiforgery = GetAntiforgery(context); - var encoder = new HtmlTestEncoder(); - - // Act - var inputElement = antiforgery.GetHtml(context.HttpContext); - - // Assert - using (var writer = new StringWriter()) - { - inputElement.WriteTo(writer, encoder); - - Assert.Equal( - @"", - writer.ToString()); - } - } - - [Theory] - [InlineData(false, "SAMEORIGIN")] - [InlineData(true, null)] - public void GetHtml_AddsXFrameOptionsHeader(bool suppressXFrameOptions, string expectedHeaderValue) - { - // Arrange - var options = new AntiforgeryOptions() - { - SuppressXFrameOptionsHeader = suppressXFrameOptions - }; - - // Generate a new cookie. - var context = CreateMockContext(options, useOldCookie: false, isOldCookieValid: false); - var antiforgery = GetAntiforgery(context); - - // Act - antiforgery.GetHtml(context.HttpContext); - - // Assert - string xFrameOptions = context.HttpContext.Response.Headers["X-Frame-Options"]; - Assert.Equal(expectedHeaderValue, xFrameOptions); - } - [Fact] public void GetTokens_ExistingInvalidCookieToken_GeneratesANewCookieTokenAndANewFormToken() {