AntiForgery: Add documentation and update variable names for readability

This commit is contained in:
Kirthi Krishnamraju 2015-04-24 12:25:38 -07:00
parent 68026add28
commit 3c9456e2a3
14 changed files with 138 additions and 76 deletions

View File

@ -38,7 +38,7 @@ namespace Microsoft.AspNet.Mvc
var serializer = new AntiForgeryTokenSerializer(dataProtectionProvider.CreateProtector(_purpose)); var serializer = new AntiForgeryTokenSerializer(dataProtectionProvider.CreateProtector(_purpose));
var tokenStore = new AntiForgeryTokenStore(config, serializer); var tokenStore = new AntiForgeryTokenStore(config, serializer);
var tokenProvider = new TokenProvider(config, claimUidExtractor, additionalDataProvider); var tokenProvider = new AntiForgeryTokenProvider(config, claimUidExtractor, additionalDataProvider);
_worker = new AntiForgeryWorker(serializer, config, tokenStore, tokenProvider, tokenProvider, htmlEncoder); _worker = new AntiForgeryWorker(serializer, config, tokenStore, tokenProvider, tokenProvider, htmlEncoder);
} }
@ -105,6 +105,12 @@ namespace Microsoft.AspNet.Mvc
_worker.Validate(context, cookieToken, formToken); _worker.Validate(context, cookieToken, formToken);
} }
/// <summary>
/// Validates an anti-forgery token pair that was generated by the GetTokens method.
/// </summary>
/// <param name="context">The HTTP context associated with the current call.</param>
/// <param name="antiForgeryTokenSet">The anti-forgery token pair (cookie and form token) for this request.
/// </param>
public void Validate([NotNull] HttpContext context, AntiForgeryTokenSet antiForgeryTokenSet) public void Validate([NotNull] HttpContext context, AntiForgeryTokenSet antiForgeryTokenSet)
{ {
Validate(context, antiForgeryTokenSet.CookieToken, antiForgeryTokenSet.FormToken); Validate(context, antiForgeryTokenSet.CookieToken, antiForgeryTokenSet.FormToken);

View File

@ -9,13 +9,13 @@ using Microsoft.AspNet.Mvc.Core;
namespace Microsoft.AspNet.Mvc namespace Microsoft.AspNet.Mvc
{ {
internal sealed class TokenProvider : ITokenValidator, ITokenGenerator internal sealed class AntiForgeryTokenProvider : IAntiForgeryTokenValidator, IAntiForgeryTokenGenerator
{ {
private readonly IClaimUidExtractor _claimUidExtractor; private readonly IClaimUidExtractor _claimUidExtractor;
private readonly AntiForgeryOptions _config; private readonly AntiForgeryOptions _config;
private readonly IAntiForgeryAdditionalDataProvider _additionalDataProvider; private readonly IAntiForgeryAdditionalDataProvider _additionalDataProvider;
internal TokenProvider(AntiForgeryOptions config, internal AntiForgeryTokenProvider(AntiForgeryOptions config,
IClaimUidExtractor claimUidExtractor, IClaimUidExtractor claimUidExtractor,
IAntiForgeryAdditionalDataProvider additionalDataProvider) IAntiForgeryAdditionalDataProvider additionalDataProvider)
{ {

View File

@ -6,8 +6,16 @@ using Microsoft.AspNet.Mvc.Core;
namespace Microsoft.AspNet.Mvc namespace Microsoft.AspNet.Mvc
{ {
/// <summary>
/// The anti-forgery token pair (cookie and form token) for a request.
/// </summary>
public class AntiForgeryTokenSet public class AntiForgeryTokenSet
{ {
/// <summary>
/// Creates the anti-forgery token pair (cookie and form token) for a request.
/// </summary>
/// <param name="formToken">The token that is supplied in the request form body.</param>
/// <param name="cookieToken">The token that is supplied in the request cookie.</param>
public AntiForgeryTokenSet(string formToken, string cookieToken) public AntiForgeryTokenSet(string formToken, string cookieToken)
{ {
if (string.IsNullOrEmpty(formToken)) if (string.IsNullOrEmpty(formToken))
@ -22,11 +30,14 @@ namespace Microsoft.AspNet.Mvc
CookieToken = cookieToken; CookieToken = cookieToken;
} }
/// <summary>
/// The token that is supplied in the request form body.
/// </summary>
public string FormToken { get; private set; } public string FormToken { get; private set; }
// The cookie token is allowed to be null. /// The cookie token is allowed to be null.
// This would be the case when the old cookie token is still valid. /// This would be the case when the old cookie token is still valid.
// In such cases a call to GetTokens would return a token set with null cookie token. /// In such cases a call to GetTokens would return a token set with null cookie token.
public string CookieToken { get; private set; } public string CookieToken { get; private set; }
} }
} }

View File

@ -10,7 +10,7 @@ using Microsoft.Framework.Internal;
namespace Microsoft.AspNet.Mvc namespace Microsoft.AspNet.Mvc
{ {
// Saves anti-XSRF tokens split between HttpRequest.Cookies and HttpRequest.Form // Saves anti-XSRF tokens split between HttpRequest.Cookies and HttpRequest.Form
internal sealed class AntiForgeryTokenStore : ITokenStore internal sealed class AntiForgeryTokenStore : IAntiForgeryTokenStore
{ {
private readonly AntiForgeryOptions _config; private readonly AntiForgeryOptions _config;
private readonly IAntiForgeryTokenSerializer _serializer; private readonly IAntiForgeryTokenSerializer _serializer;

View File

@ -17,16 +17,16 @@ namespace Microsoft.AspNet.Mvc
{ {
private readonly AntiForgeryOptions _config; private readonly AntiForgeryOptions _config;
private readonly IAntiForgeryTokenSerializer _serializer; private readonly IAntiForgeryTokenSerializer _serializer;
private readonly ITokenStore _tokenStore; private readonly IAntiForgeryTokenStore _tokenStore;
private readonly ITokenValidator _validator; private readonly IAntiForgeryTokenValidator _validator;
private readonly ITokenGenerator _generator; private readonly IAntiForgeryTokenGenerator _generator;
private readonly IHtmlEncoder _htmlEncoder; private readonly IHtmlEncoder _htmlEncoder;
internal AntiForgeryWorker([NotNull] IAntiForgeryTokenSerializer serializer, internal AntiForgeryWorker([NotNull] IAntiForgeryTokenSerializer serializer,
[NotNull] AntiForgeryOptions config, [NotNull] AntiForgeryOptions config,
[NotNull] ITokenStore tokenStore, [NotNull] IAntiForgeryTokenStore tokenStore,
[NotNull] ITokenGenerator generator, [NotNull] IAntiForgeryTokenGenerator generator,
[NotNull] ITokenValidator validator, [NotNull] IAntiForgeryTokenValidator validator,
[NotNull] IHtmlEncoder htmlEncoder) [NotNull] IHtmlEncoder htmlEncoder)
{ {
_serializer = serializer; _serializer = serializer;
@ -52,7 +52,7 @@ namespace Microsoft.AspNet.Mvc
: null; : null;
} }
private AntiForgeryToken DeserializeTokenNoThrow(string serializedToken) private AntiForgeryToken DeserializeTokenDoesNotThrow(string serializedToken)
{ {
try try
{ {
@ -81,7 +81,7 @@ namespace Microsoft.AspNet.Mvc
return null; return null;
} }
private AntiForgeryToken GetCookieTokenNoThrow(HttpContext httpContext) private AntiForgeryToken GetCookieTokenDoesNotThrow(HttpContext httpContext)
{ {
try try
{ {
@ -103,12 +103,12 @@ namespace Microsoft.AspNet.Mvc
{ {
CheckSSLConfig(httpContext); CheckSSLConfig(httpContext);
var oldCookieToken = GetCookieTokenNoThrow(httpContext); var cookieToken = GetCookieTokenDoesNotThrow(httpContext);
var tokenSet = GetTokens(httpContext, oldCookieToken); var tokenSet = GetTokens(httpContext, cookieToken);
var newCookieToken = tokenSet.CookieToken; cookieToken = tokenSet.CookieToken;
var formToken = tokenSet.FormToken; var formToken = tokenSet.FormToken;
SaveCookieTokenAndHeader(httpContext, newCookieToken); SaveCookieTokenAndHeader(httpContext, cookieToken);
// <input type="hidden" name="__AntiForgeryToken" value="..." /> // <input type="hidden" name="__AntiForgeryToken" value="..." />
var inputTag = new TagBuilder("input", _htmlEncoder) var inputTag = new TagBuilder("input", _htmlEncoder)
@ -129,28 +129,28 @@ namespace Microsoft.AspNet.Mvc
// 'new cookie value' out param is non-null, the caller *must* persist // 'new cookie value' out param is non-null, the caller *must* persist
// the new value to cookie storage since the original value was null or // the new value to cookie storage since the original value was null or
// invalid. This method is side-effect free. // invalid. This method is side-effect free.
public AntiForgeryTokenSet GetTokens([NotNull] HttpContext httpContext, string serializedOldCookieToken) public AntiForgeryTokenSet GetTokens([NotNull] HttpContext httpContext, string cookieToken)
{ {
CheckSSLConfig(httpContext); CheckSSLConfig(httpContext);
var oldCookieToken = DeserializeTokenNoThrow(serializedOldCookieToken); var deSerializedcookieToken = DeserializeTokenDoesNotThrow(cookieToken);
var tokenSet = GetTokens(httpContext, oldCookieToken); var tokenSet = GetTokens(httpContext, deSerializedcookieToken);
var serializedNewCookieToken = Serialize(tokenSet.CookieToken); var serializedCookieToken = Serialize(tokenSet.CookieToken);
var serializedFormToken = Serialize(tokenSet.FormToken); var serializedFormToken = Serialize(tokenSet.FormToken);
return new AntiForgeryTokenSet(serializedFormToken, serializedNewCookieToken); return new AntiForgeryTokenSet(serializedFormToken, serializedCookieToken);
} }
private AntiForgeryTokenSetInternal GetTokens(HttpContext httpContext, AntiForgeryToken oldCookieToken) private AntiForgeryTokenSetInternal GetTokens(HttpContext httpContext, AntiForgeryToken cookieToken)
{ {
var newCookieToken = ValidateAndGenerateNewToken(oldCookieToken); var newCookieToken = ValidateAndGenerateNewCookieToken(cookieToken);
if (newCookieToken != null) if (newCookieToken != null)
{ {
oldCookieToken = newCookieToken; cookieToken = newCookieToken;
} }
var formToken = _generator.GenerateFormToken( var formToken = _generator.GenerateFormToken(
httpContext, httpContext,
ExtractIdentity(httpContext), ExtractIdentity(httpContext),
oldCookieToken); cookieToken);
return new AntiForgeryTokenSetInternal() return new AntiForgeryTokenSetInternal()
{ {
@ -208,16 +208,16 @@ namespace Microsoft.AspNet.Mvc
{ {
CheckSSLConfig(httpContext); CheckSSLConfig(httpContext);
var oldCookieToken = GetCookieTokenNoThrow(httpContext); var cookieToken = GetCookieTokenDoesNotThrow(httpContext);
var newCookieToken = ValidateAndGenerateNewToken(oldCookieToken); cookieToken = ValidateAndGenerateNewCookieToken(cookieToken);
SaveCookieTokenAndHeader(httpContext, newCookieToken); SaveCookieTokenAndHeader(httpContext, cookieToken);
} }
// This method returns null if oldCookieToken is valid. // This method returns null if oldCookieToken is valid.
private AntiForgeryToken ValidateAndGenerateNewToken(AntiForgeryToken oldCookieToken) private AntiForgeryToken ValidateAndGenerateNewCookieToken(AntiForgeryToken cookieToken)
{ {
if (!_validator.IsCookieTokenValid(oldCookieToken)) if (!_validator.IsCookieTokenValid(cookieToken))
{ {
// Need to make sure we're always operating with a good cookie token. // Need to make sure we're always operating with a good cookie token.
var newCookieToken = _generator.GenerateCookieToken(); var newCookieToken = _generator.GenerateCookieToken();
@ -230,12 +230,12 @@ namespace Microsoft.AspNet.Mvc
private void SaveCookieTokenAndHeader( private void SaveCookieTokenAndHeader(
[NotNull] HttpContext httpContext, [NotNull] HttpContext httpContext,
AntiForgeryToken newCookieToken) AntiForgeryToken cookieToken)
{ {
if (newCookieToken != null) if (cookieToken != null)
{ {
// Persist the new cookie if it is not null. // Persist the new cookie if it is not null.
_tokenStore.SaveCookieToken(httpContext, newCookieToken); _tokenStore.SaveCookieToken(httpContext, cookieToken);
} }
if (!_config.SuppressXFrameOptionsHeader) if (!_config.SuppressXFrameOptionsHeader)

View File

@ -5,13 +5,18 @@ using Microsoft.AspNet.Http;
namespace Microsoft.AspNet.Mvc namespace Microsoft.AspNet.Mvc
{ {
/// <summary>
/// A default <see cref="IAntiForgeryAdditionalDataProvider"/> implementation.
/// </summary>
public class DefaultAntiForgeryAdditionalDataProvider : IAntiForgeryAdditionalDataProvider public class DefaultAntiForgeryAdditionalDataProvider : IAntiForgeryAdditionalDataProvider
{ {
/// <inheritdoc />
public virtual string GetAdditionalData(HttpContext context) public virtual string GetAdditionalData(HttpContext context)
{ {
return string.Empty; return string.Empty;
} }
/// <inheritdoc />
public virtual bool ValidateAdditionalData(HttpContext context, string additionalData) public virtual bool ValidateAdditionalData(HttpContext context, string additionalData)
{ {
// Default implementation does not understand anything but empty data. // Default implementation does not understand anything but empty data.

View File

@ -10,9 +10,12 @@ using System.Security.Cryptography;
namespace Microsoft.AspNet.Mvc namespace Microsoft.AspNet.Mvc
{ {
// Can extract unique identifers for a claims-based identity /// <summary>
/// Default implementation of <see cref="IClaimUidExtractor"/>.
/// </summary>
public class DefaultClaimUidExtractor : IClaimUidExtractor public class DefaultClaimUidExtractor : IClaimUidExtractor
{ {
/// <inheritdoc />
public string ExtractClaimUid(ClaimsIdentity claimsIdentity) public string ExtractClaimUid(ClaimsIdentity claimsIdentity)
{ {
if (claimsIdentity == null || !claimsIdentity.IsAuthenticated) if (claimsIdentity == null || !claimsIdentity.IsAuthenticated)

View File

@ -7,7 +7,7 @@ using Microsoft.AspNet.Http;
namespace Microsoft.AspNet.Mvc namespace Microsoft.AspNet.Mvc
{ {
// Provides configuration information about the anti-forgery system. // Provides configuration information about the anti-forgery system.
internal interface ITokenGenerator internal interface IAntiForgeryTokenGenerator
{ {
// Generates a new random cookie token. // Generates a new random cookie token.
AntiForgeryToken GenerateCookieToken(); AntiForgeryToken GenerateCookieToken();

View File

@ -7,7 +7,7 @@ using Microsoft.AspNet.Http;
namespace Microsoft.AspNet.Mvc namespace Microsoft.AspNet.Mvc
{ {
// Provides an abstraction around how tokens are persisted and retrieved for a request // Provides an abstraction around how tokens are persisted and retrieved for a request
internal interface ITokenStore internal interface IAntiForgeryTokenStore
{ {
AntiForgeryToken GetCookieToken(HttpContext httpContext); AntiForgeryToken GetCookieToken(HttpContext httpContext);
Task<AntiForgeryToken> GetFormTokenAsync(HttpContext httpContext); Task<AntiForgeryToken> GetFormTokenAsync(HttpContext httpContext);

View File

@ -7,7 +7,7 @@ using Microsoft.AspNet.Http;
namespace Microsoft.AspNet.Mvc namespace Microsoft.AspNet.Mvc
{ {
// Provides an abstraction around something that can validate anti-XSRF tokens // Provides an abstraction around something that can validate anti-XSRF tokens
internal interface ITokenValidator internal interface IAntiForgeryTokenValidator
{ {
// Determines whether an existing cookie token is valid (well-formed). // Determines whether an existing cookie token is valid (well-formed).
// If it is not, the caller must call GenerateCookieToken() before calling GenerateFormToken(). // If it is not, the caller must call GenerateCookieToken() before calling GenerateFormToken().

View File

@ -5,9 +5,16 @@ using System.Security.Claims;
namespace Microsoft.AspNet.Mvc namespace Microsoft.AspNet.Mvc
{ {
// Can extract unique identifers for a claims-based identity /// <summary>
/// This interface can extract unique identifers for a claims-based identity.
/// </summary>
public interface IClaimUidExtractor public interface IClaimUidExtractor
{ {
/// <summary>
/// Extracts claims identifier.
/// </summary>
/// <param name="identity">The <see cref="ClaimsIdentity"/>.</param>
/// <returns>The claims identifier.</returns>
string ExtractClaimUid(ClaimsIdentity identity); string ExtractClaimUid(ClaimsIdentity identity);
} }
} }

View File

@ -130,7 +130,8 @@ namespace Microsoft.AspNet.Mvc.Core.Test
htmlEncoder: new CommonTestEncoder()); htmlEncoder: new CommonTestEncoder());
// Act & assert // Act & assert
var ex = Assert.Throws<InvalidOperationException>(() => worker.GetTokens(mockHttpContext.Object, "cookie-token")); var ex = Assert.Throws<InvalidOperationException>(() =>
worker.GetTokens(mockHttpContext.Object, "cookie-token"));
Assert.Equal( Assert.Equal(
@"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " + @"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " +
"but the current request is not an SSL request.", "but the current request is not an SSL request.",
@ -241,7 +242,10 @@ namespace Microsoft.AspNet.Mvc.Core.Test
{ {
// Arrange // Arrange
// Genreate a new cookie. // Genreate a new cookie.
var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions(), useOldCookie: false, isOldCookieValid: false); var context = GetAntiForgeryWorkerContext(
new AntiForgeryOptions(),
useOldCookie: false,
isOldCookieValid: false);
var worker = GetAntiForgeryWorker(context); var worker = GetAntiForgeryWorker(context);
// Act // Act
@ -257,7 +261,10 @@ namespace Microsoft.AspNet.Mvc.Core.Test
{ {
// Arrange // Arrange
// Make sure the existing cookie is invalid. // Make sure the existing cookie is invalid.
var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions(), useOldCookie: false, isOldCookieValid: false); var context = GetAntiForgeryWorkerContext(
new AntiForgeryOptions(),
useOldCookie: false,
isOldCookieValid: false);
// This will cause the cookieToken to be null. // This will cause the cookieToken to be null.
context.TokenSerializer.Setup(o => o.Deserialize("serialized-old-cookie-token")) context.TokenSerializer.Setup(o => o.Deserialize("serialized-old-cookie-token"))
@ -280,7 +287,10 @@ namespace Microsoft.AspNet.Mvc.Core.Test
public void GetTokens_ExistingValidCookieToken_GeneratesANewFormToken() public void GetTokens_ExistingValidCookieToken_GeneratesANewFormToken()
{ {
// Arrange // Arrange
var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions(), useOldCookie: true, isOldCookieValid: true); var context = GetAntiForgeryWorkerContext(
new AntiForgeryOptions(),
useOldCookie: true,
isOldCookieValid: true);
context.TokenStore = null; context.TokenStore = null;
var worker = GetAntiForgeryWorker(context); var worker = GetAntiForgeryWorker(context);
@ -390,7 +400,9 @@ namespace Microsoft.AspNet.Mvc.Core.Test
[Theory] [Theory]
[InlineData(false, "SAMEORIGIN")] [InlineData(false, "SAMEORIGIN")]
[InlineData(true, null)] [InlineData(true, null)]
public void SetCookieTokenAndHeader_AddsXFrameOptionsHeader(bool suppressXFrameOptions, string expectedHeaderValue) public void SetCookieTokenAndHeader_AddsXFrameOptionsHeader(
bool suppressXFrameOptions,
string expectedHeaderValue)
{ {
// Arrange // Arrange
var options = new AntiForgeryOptions() var options = new AntiForgeryOptions()
@ -440,13 +452,21 @@ namespace Microsoft.AspNet.Mvc.Core.Test
return mockHttpContext; return mockHttpContext;
} }
private Mock<ITokenProvider> GetTokenProvider(HttpContext context, TestTokenSet testTokenSet, bool useOldCookie, bool isOldCookieValid = true, bool isNewCookieValid = true) private Mock<IAntiForgeryTokenProvider> GetTokenProvider(
HttpContext context,
TestTokenSet testTokenSet,
bool useOldCookie,
bool isOldCookieValid = true,
bool isNewCookieValid = true)
{ {
var oldCookieToken = testTokenSet.OldCookieToken; var oldCookieToken = testTokenSet.OldCookieToken;
var newCookieToken = testTokenSet.NewCookieToken; var newCookieToken = testTokenSet.NewCookieToken;
var formToken = testTokenSet.FormToken; var formToken = testTokenSet.FormToken;
var mockValidator = new Mock<ITokenProvider>(MockBehavior.Strict); var mockValidator = new Mock<IAntiForgeryTokenProvider>(MockBehavior.Strict);
mockValidator.Setup(o => o.GenerateFormToken(context, context.User.Identity as ClaimsIdentity, useOldCookie ? oldCookieToken : newCookieToken)) mockValidator.Setup(o => o.GenerateFormToken(
context,
context.User.Identity as ClaimsIdentity,
useOldCookie ? oldCookieToken : newCookieToken))
.Returns(formToken); .Returns(formToken);
mockValidator.Setup(o => o.IsCookieTokenValid(oldCookieToken)) mockValidator.Setup(o => o.IsCookieTokenValid(oldCookieToken))
.Returns(isOldCookieValid); .Returns(isOldCookieValid);
@ -459,11 +479,14 @@ namespace Microsoft.AspNet.Mvc.Core.Test
return mockValidator; return mockValidator;
} }
private Mock<ITokenStore> GetTokenStore(HttpContext context, TestTokenSet testTokenSet, bool saveNewCookie = true) private Mock<IAntiForgeryTokenStore> GetTokenStore(
HttpContext context,
TestTokenSet testTokenSet,
bool saveNewCookie = true)
{ {
var oldCookieToken = testTokenSet.OldCookieToken; var oldCookieToken = testTokenSet.OldCookieToken;
var formToken = testTokenSet.FormToken; var formToken = testTokenSet.FormToken;
var mockTokenStore = new Mock<ITokenStore>(MockBehavior.Strict); var mockTokenStore = new Mock<IAntiForgeryTokenStore>(MockBehavior.Strict);
mockTokenStore.Setup(o => o.GetCookieToken(context)) mockTokenStore.Setup(o => o.GetCookieToken(context))
.Returns(oldCookieToken); .Returns(oldCookieToken);
mockTokenStore.Setup(o => o.GetFormTokenAsync(context)) mockTokenStore.Setup(o => o.GetFormTokenAsync(context))
@ -504,7 +527,10 @@ namespace Microsoft.AspNet.Mvc.Core.Test
}; };
} }
private AntiForgeryWorkerContext GetAntiForgeryWorkerContext(AntiForgeryOptions config, bool useOldCookie = false, bool isOldCookieValid = true) private AntiForgeryWorkerContext GetAntiForgeryWorkerContext(
AntiForgeryOptions config,
bool useOldCookie = false,
bool isOldCookieValid = true)
{ {
// Arrange // Arrange
var mockHttpContext = GetHttpContext(); var mockHttpContext = GetHttpContext();
@ -513,7 +539,11 @@ namespace Microsoft.AspNet.Mvc.Core.Test
var mockSerializer = GetTokenSerializer(testTokenSet); var mockSerializer = GetTokenSerializer(testTokenSet);
var mockTokenStore = GetTokenStore(mockHttpContext.Object, testTokenSet); var mockTokenStore = GetTokenStore(mockHttpContext.Object, testTokenSet);
var mockTokenProvider = GetTokenProvider(mockHttpContext.Object, testTokenSet, useOldCookie: useOldCookie, isOldCookieValid: isOldCookieValid); var mockTokenProvider = GetTokenProvider(
mockHttpContext.Object,
testTokenSet,
useOldCookie: useOldCookie,
isOldCookieValid: isOldCookieValid);
return new AntiForgeryWorkerContext() return new AntiForgeryWorkerContext()
{ {
@ -544,9 +574,9 @@ namespace Microsoft.AspNet.Mvc.Core.Test
public Mock<HttpContext> HttpContext { get; set; } public Mock<HttpContext> HttpContext { get; set; }
public Mock<ITokenProvider> TokenProvider { get; set; } public Mock<IAntiForgeryTokenProvider> TokenProvider { get; set; }
public Mock<ITokenStore> TokenStore { get; set; } public Mock<IAntiForgeryTokenStore> TokenStore { get; set; }
public Mock<IAntiForgeryTokenSerializer> TokenSerializer { get; set; } public Mock<IAntiForgeryTokenSerializer> TokenSerializer { get; set; }
} }

View File

@ -4,7 +4,7 @@
namespace Microsoft.AspNet.Mvc.Core.Test namespace Microsoft.AspNet.Mvc.Core.Test
{ {
// A TokenProvider that can be passed to MoQ // A TokenProvider that can be passed to MoQ
internal interface ITokenProvider : ITokenValidator, ITokenGenerator internal interface IAntiForgeryTokenProvider : IAntiForgeryTokenValidator, IAntiForgeryTokenGenerator
{ {
} }
} }

View File

@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
public void GenerateCookieToken() public void GenerateCookieToken()
{ {
// Arrange // Arrange
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: null, config: null,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: null); additionalDataProvider: null);
@ -40,7 +40,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
var config = new AntiForgeryOptions(); var config = new AntiForgeryOptions();
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: null); additionalDataProvider: null);
@ -71,7 +71,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
var config = new AntiForgeryOptions(); var config = new AntiForgeryOptions();
IClaimUidExtractor claimUidExtractor = new Mock<IClaimUidExtractor>().Object; IClaimUidExtractor claimUidExtractor = new Mock<IClaimUidExtractor>().Object;
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: claimUidExtractor, claimUidExtractor: claimUidExtractor,
additionalDataProvider: null); additionalDataProvider: null);
@ -106,7 +106,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
var config = new AntiForgeryOptions(); var config = new AntiForgeryOptions();
IClaimUidExtractor claimUidExtractor = new Mock<IClaimUidExtractor>().Object; IClaimUidExtractor claimUidExtractor = new Mock<IClaimUidExtractor>().Object;
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: claimUidExtractor, claimUidExtractor: claimUidExtractor,
additionalDataProvider: mockAdditionalDataProvider.Object); additionalDataProvider: mockAdditionalDataProvider.Object);
@ -145,7 +145,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity)) mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity))
.Returns(base64ClaimUId); .Returns(base64ClaimUId);
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: mockClaimUidExtractor.Object, claimUidExtractor: mockClaimUidExtractor.Object,
additionalDataProvider: null); additionalDataProvider: null);
@ -178,7 +178,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
var config = new AntiForgeryOptions(); var config = new AntiForgeryOptions();
IClaimUidExtractor claimUidExtractor = new Mock<IClaimUidExtractor>().Object; IClaimUidExtractor claimUidExtractor = new Mock<IClaimUidExtractor>().Object;
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: claimUidExtractor, claimUidExtractor: claimUidExtractor,
additionalDataProvider: null); additionalDataProvider: null);
@ -204,7 +204,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
IsSessionToken = false IsSessionToken = false
}; };
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: null, config: null,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: null); additionalDataProvider: null);
@ -221,7 +221,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
{ {
// Arrange // Arrange
AntiForgeryToken cookieToken = null; AntiForgeryToken cookieToken = null;
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: null, config: null,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: null); additionalDataProvider: null);
@ -242,7 +242,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
IsSessionToken = true IsSessionToken = true
}; };
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: null, config: null,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: null); additionalDataProvider: null);
@ -267,7 +267,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
{ {
CookieName = "my-cookie-name" CookieName = "my-cookie-name"
}; };
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: null); additionalDataProvider: null);
@ -293,7 +293,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
FormFieldName = "my-form-field-name" FormFieldName = "my-form-field-name"
}; };
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: null); additionalDataProvider: null);
@ -320,7 +320,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
FormFieldName = "my-form-field-name" FormFieldName = "my-form-field-name"
}; };
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: null); additionalDataProvider: null);
@ -352,7 +352,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
var sessionToken = new AntiForgeryToken() { IsSessionToken = true }; var sessionToken = new AntiForgeryToken() { IsSessionToken = true };
var fieldtoken = new AntiForgeryToken() { IsSessionToken = false }; var fieldtoken = new AntiForgeryToken() { IsSessionToken = false };
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: null, config: null,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: null); additionalDataProvider: null);
@ -385,7 +385,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity)) mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity))
.Returns((string)null); .Returns((string)null);
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: null, config: null,
claimUidExtractor: mockClaimUidExtractor.Object, claimUidExtractor: mockClaimUidExtractor.Object,
additionalDataProvider: null); additionalDataProvider: null);
@ -418,7 +418,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity)) mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity))
.Returns(Convert.ToBase64String(differentToken.GetData())); .Returns(Convert.ToBase64String(differentToken.GetData()));
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: null, config: null,
claimUidExtractor: mockClaimUidExtractor.Object, claimUidExtractor: mockClaimUidExtractor.Object,
additionalDataProvider: null); additionalDataProvider: null);
@ -452,7 +452,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
.Returns(false); .Returns(false);
var config = new AntiForgeryOptions(); var config = new AntiForgeryOptions();
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: mockAdditionalDataProvider.Object); additionalDataProvider: mockAdditionalDataProvider.Object);
@ -484,7 +484,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
.Returns(true); .Returns(true);
var config = new AntiForgeryOptions(); var config = new AntiForgeryOptions();
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: null, claimUidExtractor: null,
additionalDataProvider: mockAdditionalDataProvider.Object); additionalDataProvider: mockAdditionalDataProvider.Object);
@ -516,7 +516,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
.Returns(true); .Returns(true);
var config = new AntiForgeryOptions(); var config = new AntiForgeryOptions();
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: new Mock<IClaimUidExtractor>().Object, claimUidExtractor: new Mock<IClaimUidExtractor>().Object,
additionalDataProvider: mockAdditionalDataProvider.Object); additionalDataProvider: mockAdditionalDataProvider.Object);
@ -548,7 +548,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test
var config = new AntiForgeryOptions(); var config = new AntiForgeryOptions();
var tokenProvider = new TokenProvider( var tokenProvider = new AntiForgeryTokenProvider(
config: config, config: config,
claimUidExtractor: mockClaimUidExtractor.Object, claimUidExtractor: mockClaimUidExtractor.Object,
additionalDataProvider: null); additionalDataProvider: null);