Make pubinternal types in Antiforgery internal (#8340)
* Make pubinternal types in Antiforgery internal Adresses https://github.com/aspnet/AspNetCore/issues/8308
This commit is contained in:
Pranav K
GitHub
parent
8250442159
commit
4a5f2d16bb
|
|
@ -0,0 +1,3 @@
|
|||
@ECHO OFF
|
||||
SET RepoRoot=%~dp0..\..
|
||||
%RepoRoot%\build.cmd -projects %~dp0\**\*.*proj %*
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
repo_root="$DIR/../.."
|
||||
"$repo_root/build.sh" --projects "$DIR/**/*.*proj" "$@"
|
||||
|
|
@ -39,149 +39,6 @@ namespace Microsoft.AspNetCore.Antiforgery
|
|||
bool ValidateAdditionalData(Microsoft.AspNetCore.Http.HttpContext context, string additionalData);
|
||||
}
|
||||
}
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
{
|
||||
public partial class AntiforgeryFeature : Microsoft.AspNetCore.Antiforgery.Internal.IAntiforgeryFeature
|
||||
{
|
||||
public AntiforgeryFeature() { }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken CookieToken { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public bool HaveDeserializedCookieToken { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public bool HaveDeserializedRequestToken { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public bool HaveGeneratedNewCookieToken { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public bool HaveStoredNewCookieToken { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken NewCookieToken { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public string NewCookieTokenString { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken NewRequestToken { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public string NewRequestTokenString { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken RequestToken { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
}
|
||||
public partial class AntiforgeryOptionsSetup : Microsoft.Extensions.Options.ConfigureOptions<Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions>
|
||||
{
|
||||
public AntiforgeryOptionsSetup(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.DataProtection.DataProtectionOptions> dataProtectionOptionsAccessor) : base (default(System.Action<Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions>)) { }
|
||||
public static void ConfigureOptions(Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions options, Microsoft.AspNetCore.DataProtection.DataProtectionOptions dataProtectionOptions) { }
|
||||
}
|
||||
public partial class AntiforgerySerializationContext
|
||||
{
|
||||
public AntiforgerySerializationContext() { }
|
||||
public System.IO.BinaryReader Reader { get { throw null; } }
|
||||
public System.Security.Cryptography.SHA256 Sha256 { get { throw null; } }
|
||||
public System.IO.MemoryStream Stream { get { throw null; } }
|
||||
public System.IO.BinaryWriter Writer { get { throw null; } }
|
||||
public char[] GetChars(int count) { throw null; }
|
||||
public void Reset() { }
|
||||
}
|
||||
public partial class AntiforgerySerializationContextPooledObjectPolicy : Microsoft.Extensions.ObjectPool.IPooledObjectPolicy<Microsoft.AspNetCore.Antiforgery.Internal.AntiforgerySerializationContext>
|
||||
{
|
||||
public AntiforgerySerializationContextPooledObjectPolicy() { }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.AntiforgerySerializationContext Create() { throw null; }
|
||||
public bool Return(Microsoft.AspNetCore.Antiforgery.Internal.AntiforgerySerializationContext obj) { throw null; }
|
||||
}
|
||||
public sealed partial class AntiforgeryToken
|
||||
{
|
||||
public AntiforgeryToken() { }
|
||||
public string AdditionalData { get { throw null; } set { } }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.BinaryBlob ClaimUid { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public bool IsCookieToken { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.BinaryBlob SecurityToken { get { throw null; } set { } }
|
||||
public string Username { get { throw null; } set { } }
|
||||
}
|
||||
[System.Diagnostics.DebuggerDisplayAttribute("{DebuggerString}")]
|
||||
public sealed partial class BinaryBlob : System.IEquatable<Microsoft.AspNetCore.Antiforgery.Internal.BinaryBlob>
|
||||
{
|
||||
public BinaryBlob(int bitLength) { }
|
||||
public BinaryBlob(int bitLength, byte[] data) { }
|
||||
public int BitLength { get { throw null; } }
|
||||
public bool Equals(Microsoft.AspNetCore.Antiforgery.Internal.BinaryBlob other) { throw null; }
|
||||
public override bool Equals(object obj) { throw null; }
|
||||
public byte[] GetData() { throw null; }
|
||||
public override int GetHashCode() { throw null; }
|
||||
}
|
||||
public static partial class CryptographyAlgorithms
|
||||
{
|
||||
public static System.Security.Cryptography.SHA256 CreateSHA256() { throw null; }
|
||||
}
|
||||
public partial class DefaultAntiforgery : Microsoft.AspNetCore.Antiforgery.IAntiforgery
|
||||
{
|
||||
public DefaultAntiforgery(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions> antiforgeryOptionsAccessor, Microsoft.AspNetCore.Antiforgery.Internal.IAntiforgeryTokenGenerator tokenGenerator, Microsoft.AspNetCore.Antiforgery.Internal.IAntiforgeryTokenSerializer tokenSerializer, Microsoft.AspNetCore.Antiforgery.Internal.IAntiforgeryTokenStore tokenStore, Microsoft.Extensions.Logging.ILoggerFactory loggerFactory) { }
|
||||
public Microsoft.AspNetCore.Antiforgery.AntiforgeryTokenSet GetAndStoreTokens(Microsoft.AspNetCore.Http.HttpContext httpContext) { throw null; }
|
||||
public Microsoft.AspNetCore.Antiforgery.AntiforgeryTokenSet GetTokens(Microsoft.AspNetCore.Http.HttpContext httpContext) { throw null; }
|
||||
[System.Diagnostics.DebuggerStepThroughAttribute]
|
||||
public System.Threading.Tasks.Task<bool> IsRequestValidAsync(Microsoft.AspNetCore.Http.HttpContext httpContext) { throw null; }
|
||||
public void SetCookieTokenAndHeader(Microsoft.AspNetCore.Http.HttpContext httpContext) { }
|
||||
protected virtual void SetDoNotCacheHeaders(Microsoft.AspNetCore.Http.HttpContext httpContext) { }
|
||||
[System.Diagnostics.DebuggerStepThroughAttribute]
|
||||
public System.Threading.Tasks.Task ValidateRequestAsync(Microsoft.AspNetCore.Http.HttpContext httpContext) { throw null; }
|
||||
}
|
||||
public partial class DefaultAntiforgeryAdditionalDataProvider : Microsoft.AspNetCore.Antiforgery.IAntiforgeryAdditionalDataProvider
|
||||
{
|
||||
public DefaultAntiforgeryAdditionalDataProvider() { }
|
||||
public virtual string GetAdditionalData(Microsoft.AspNetCore.Http.HttpContext context) { throw null; }
|
||||
public virtual bool ValidateAdditionalData(Microsoft.AspNetCore.Http.HttpContext context, string additionalData) { throw null; }
|
||||
}
|
||||
public partial class DefaultAntiforgeryTokenGenerator : Microsoft.AspNetCore.Antiforgery.Internal.IAntiforgeryTokenGenerator
|
||||
{
|
||||
public DefaultAntiforgeryTokenGenerator(Microsoft.AspNetCore.Antiforgery.Internal.IClaimUidExtractor claimUidExtractor, Microsoft.AspNetCore.Antiforgery.IAntiforgeryAdditionalDataProvider additionalDataProvider) { }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken GenerateCookieToken() { throw null; }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken GenerateRequestToken(Microsoft.AspNetCore.Http.HttpContext httpContext, Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken cookieToken) { throw null; }
|
||||
public bool IsCookieTokenValid(Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken cookieToken) { throw null; }
|
||||
public bool TryValidateTokenSet(Microsoft.AspNetCore.Http.HttpContext httpContext, Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken cookieToken, Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken requestToken, out string message) { throw null; }
|
||||
}
|
||||
public partial class DefaultAntiforgeryTokenSerializer : Microsoft.AspNetCore.Antiforgery.Internal.IAntiforgeryTokenSerializer
|
||||
{
|
||||
public DefaultAntiforgeryTokenSerializer(Microsoft.AspNetCore.DataProtection.IDataProtectionProvider provider, Microsoft.Extensions.ObjectPool.ObjectPool<Microsoft.AspNetCore.Antiforgery.Internal.AntiforgerySerializationContext> pool) { }
|
||||
public Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken Deserialize(string serializedToken) { throw null; }
|
||||
public string Serialize(Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken token) { throw null; }
|
||||
}
|
||||
public partial class DefaultAntiforgeryTokenStore : Microsoft.AspNetCore.Antiforgery.Internal.IAntiforgeryTokenStore
|
||||
{
|
||||
public DefaultAntiforgeryTokenStore(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions> optionsAccessor) { }
|
||||
public string GetCookieToken(Microsoft.AspNetCore.Http.HttpContext httpContext) { throw null; }
|
||||
[System.Diagnostics.DebuggerStepThroughAttribute]
|
||||
public System.Threading.Tasks.Task<Microsoft.AspNetCore.Antiforgery.AntiforgeryTokenSet> GetRequestTokensAsync(Microsoft.AspNetCore.Http.HttpContext httpContext) { throw null; }
|
||||
public void SaveCookieToken(Microsoft.AspNetCore.Http.HttpContext httpContext, string token) { }
|
||||
}
|
||||
public partial class DefaultClaimUidExtractor : Microsoft.AspNetCore.Antiforgery.Internal.IClaimUidExtractor
|
||||
{
|
||||
public DefaultClaimUidExtractor(Microsoft.Extensions.ObjectPool.ObjectPool<Microsoft.AspNetCore.Antiforgery.Internal.AntiforgerySerializationContext> pool) { }
|
||||
public string ExtractClaimUid(System.Security.Claims.ClaimsPrincipal claimsPrincipal) { throw null; }
|
||||
public static System.Collections.Generic.IList<string> GetUniqueIdentifierParameters(System.Collections.Generic.IEnumerable<System.Security.Claims.ClaimsIdentity> claimsIdentities) { throw null; }
|
||||
}
|
||||
public partial interface IAntiforgeryFeature
|
||||
{
|
||||
Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken CookieToken { get; set; }
|
||||
bool HaveDeserializedCookieToken { get; set; }
|
||||
bool HaveDeserializedRequestToken { get; set; }
|
||||
bool HaveGeneratedNewCookieToken { get; set; }
|
||||
bool HaveStoredNewCookieToken { get; set; }
|
||||
Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken NewCookieToken { get; set; }
|
||||
string NewCookieTokenString { get; set; }
|
||||
Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken NewRequestToken { get; set; }
|
||||
string NewRequestTokenString { get; set; }
|
||||
Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken RequestToken { get; set; }
|
||||
}
|
||||
public partial interface IAntiforgeryTokenGenerator
|
||||
{
|
||||
Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken GenerateCookieToken();
|
||||
Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken GenerateRequestToken(Microsoft.AspNetCore.Http.HttpContext httpContext, Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken cookieToken);
|
||||
bool IsCookieTokenValid(Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken cookieToken);
|
||||
bool TryValidateTokenSet(Microsoft.AspNetCore.Http.HttpContext httpContext, Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken cookieToken, Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken requestToken, out string message);
|
||||
}
|
||||
public partial interface IAntiforgeryTokenSerializer
|
||||
{
|
||||
Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken Deserialize(string serializedToken);
|
||||
string Serialize(Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryToken token);
|
||||
}
|
||||
public partial interface IAntiforgeryTokenStore
|
||||
{
|
||||
string GetCookieToken(Microsoft.AspNetCore.Http.HttpContext httpContext);
|
||||
System.Threading.Tasks.Task<Microsoft.AspNetCore.Antiforgery.AntiforgeryTokenSet> GetRequestTokensAsync(Microsoft.AspNetCore.Http.HttpContext httpContext);
|
||||
void SaveCookieToken(Microsoft.AspNetCore.Http.HttpContext httpContext, string token);
|
||||
}
|
||||
public partial interface IClaimUidExtractor
|
||||
{
|
||||
string ExtractClaimUid(System.Security.Claims.ClaimsPrincipal claimsPrincipal);
|
||||
}
|
||||
}
|
||||
namespace Microsoft.Extensions.DependencyInjection
|
||||
{
|
||||
public static partial class AntiforgeryServiceCollectionExtensions
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
|
||||
using System;
|
||||
using Microsoft.AspNetCore.Antiforgery;
|
||||
using Microsoft.AspNetCore.Antiforgery.Internal;
|
||||
using Microsoft.Extensions.DependencyInjection.Extensions;
|
||||
using Microsoft.Extensions.ObjectPool;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
/// <summary>
|
||||
/// Used to hold per-request state.
|
||||
/// </summary>
|
||||
public class AntiforgeryFeature : IAntiforgeryFeature
|
||||
internal class AntiforgeryFeature : IAntiforgeryFeature
|
||||
{
|
||||
public bool HaveDeserializedCookieToken { get; set; }
|
||||
|
||||
|
|
@ -31,4 +31,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
// Always false if NewCookieToken is null. Never store null cookie token or re-store cookie token from request.
|
||||
public bool HaveStoredNewCookieToken { get; set; }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
using System;
|
||||
using Microsoft.Extensions.Logging;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
internal static class AntiforgeryLoggerExtensions
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,26 +1,34 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using Microsoft.AspNetCore.DataProtection;
|
||||
using Microsoft.AspNetCore.WebUtilities;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public class AntiforgeryOptionsSetup : ConfigureOptions<AntiforgeryOptions>
|
||||
internal class AntiforgeryOptionsSetup : IConfigureOptions<AntiforgeryOptions>
|
||||
{
|
||||
public AntiforgeryOptionsSetup(IOptions<DataProtectionOptions> dataProtectionOptionsAccessor)
|
||||
: base((options) => ConfigureOptions(options, dataProtectionOptionsAccessor.Value))
|
||||
private readonly DataProtectionOptions _dataProtectionOptions;
|
||||
|
||||
public AntiforgeryOptionsSetup(IOptions<DataProtectionOptions> dataProtectionOptions)
|
||||
{
|
||||
_dataProtectionOptions = dataProtectionOptions.Value;
|
||||
}
|
||||
|
||||
public static void ConfigureOptions(AntiforgeryOptions options, DataProtectionOptions dataProtectionOptions)
|
||||
public void Configure(AntiforgeryOptions options)
|
||||
{
|
||||
if (options == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(options));
|
||||
}
|
||||
|
||||
if (options.Cookie.Name == null)
|
||||
{
|
||||
var applicationId = dataProtectionOptions.ApplicationDiscriminator ?? string.Empty;
|
||||
var applicationId = _dataProtectionOptions.ApplicationDiscriminator ?? string.Empty;
|
||||
options.Cookie.Name = AntiforgeryOptions.DefaultCookiePrefix + ComputeCookieName(applicationId);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.IO;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public class AntiforgerySerializationContext
|
||||
internal class AntiforgerySerializationContext
|
||||
{
|
||||
// Avoid allocating 256 bytes (the default) and using 18 (the AntiforgeryToken minimum). 64 bytes is enough for
|
||||
// a short username or claim UID and some additional data. MemoryStream bumps capacity to 256 if exceeded.
|
||||
|
|
@ -138,4 +138,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,12 +1,11 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using Microsoft.Extensions.ObjectPool;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public class AntiforgerySerializationContextPooledObjectPolicy
|
||||
: IPooledObjectPolicy<AntiforgerySerializationContext>
|
||||
internal class AntiforgerySerializationContextPooledObjectPolicy : IPooledObjectPolicy<AntiforgerySerializationContext>
|
||||
{
|
||||
public AntiforgerySerializationContext Create()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public sealed class AntiforgeryToken
|
||||
internal sealed class AntiforgeryToken
|
||||
{
|
||||
internal const int SecurityTokenBitLength = 128;
|
||||
internal const int ClaimUidBitLength = 256;
|
||||
|
|
@ -50,4 +50,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,12 +8,12 @@ using System.Runtime.CompilerServices;
|
|||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
// Represents a binary blob (token) that contains random data.
|
||||
// Useful for binary data inside a serialized stream.
|
||||
[DebuggerDisplay("{DebuggerString}")]
|
||||
public sealed class BinaryBlob : IEquatable<BinaryBlob>
|
||||
internal sealed class BinaryBlob : IEquatable<BinaryBlob>
|
||||
{
|
||||
private static readonly RandomNumberGenerator _randomNumberGenerator = RandomNumberGenerator.Create();
|
||||
private readonly byte[] _data;
|
||||
|
|
@ -114,4 +114,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
return areEqual;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
|
||||
using System.Security.Cryptography;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public static class CryptographyAlgorithms
|
||||
internal static class CryptographyAlgorithms
|
||||
{
|
||||
public static SHA256 CreateSHA256()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -9,13 +9,13 @@ using Microsoft.Extensions.Logging;
|
|||
using Microsoft.Extensions.Options;
|
||||
using Microsoft.Net.Http.Headers;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
/// <summary>
|
||||
/// Provides access to the antiforgery system, which provides protection against
|
||||
/// Cross-site Request Forgery (XSRF, also called CSRF) attacks.
|
||||
/// </summary>
|
||||
public class DefaultAntiforgery : IAntiforgery
|
||||
internal class DefaultAntiforgery : IAntiforgery
|
||||
{
|
||||
private readonly AntiforgeryOptions _options;
|
||||
private readonly IAntiforgeryTokenGenerator _tokenGenerator;
|
||||
|
|
@ -133,12 +133,11 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
}
|
||||
|
||||
// Validate
|
||||
string message;
|
||||
var result = _tokenGenerator.TryValidateTokenSet(
|
||||
httpContext,
|
||||
deserializedCookieToken,
|
||||
deserializedRequestToken,
|
||||
out message);
|
||||
out string message);
|
||||
|
||||
if (result)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -3,24 +3,24 @@
|
|||
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
/// <summary>
|
||||
/// A default <see cref="IAntiforgeryAdditionalDataProvider"/> implementation.
|
||||
/// </summary>
|
||||
public class DefaultAntiforgeryAdditionalDataProvider : IAntiforgeryAdditionalDataProvider
|
||||
internal class DefaultAntiforgeryAdditionalDataProvider : IAntiforgeryAdditionalDataProvider
|
||||
{
|
||||
/// <inheritdoc />
|
||||
public virtual string GetAdditionalData(HttpContext context)
|
||||
public string GetAdditionalData(HttpContext context)
|
||||
{
|
||||
return string.Empty;
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public virtual bool ValidateAdditionalData(HttpContext context, string additionalData)
|
||||
public bool ValidateAdditionalData(HttpContext context, string additionalData)
|
||||
{
|
||||
// Default implementation does not understand anything but empty data.
|
||||
return string.IsNullOrEmpty(additionalData);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ using System.Security.Claims;
|
|||
using System.Security.Principal;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public class DefaultAntiforgeryTokenGenerator : IAntiforgeryTokenGenerator
|
||||
internal class DefaultAntiforgeryTokenGenerator : IAntiforgeryTokenGenerator
|
||||
{
|
||||
private readonly IClaimUidExtractor _claimUidExtractor;
|
||||
private readonly IAntiforgeryAdditionalDataProvider _additionalDataProvider;
|
||||
|
|
@ -235,4 +235,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ using Microsoft.AspNetCore.DataProtection;
|
|||
using Microsoft.AspNetCore.WebUtilities;
|
||||
using Microsoft.Extensions.ObjectPool;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public class DefaultAntiforgeryTokenSerializer : IAntiforgeryTokenSerializer
|
||||
internal class DefaultAntiforgeryTokenSerializer : IAntiforgeryTokenSerializer
|
||||
{
|
||||
private static readonly string Purpose = "Microsoft.AspNetCore.Antiforgery.AntiforgeryToken.v1";
|
||||
private const byte TokenVersion = 0x01;
|
||||
|
|
@ -185,4 +185,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,9 +8,9 @@ using Microsoft.AspNetCore.Http;
|
|||
using Microsoft.Extensions.Options;
|
||||
using Microsoft.Extensions.Primitives;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public class DefaultAntiforgeryTokenStore : IAntiforgeryTokenStore
|
||||
internal class DefaultAntiforgeryTokenStore : IAntiforgeryTokenStore
|
||||
{
|
||||
private readonly AntiforgeryOptions _options;
|
||||
|
||||
|
|
|
|||
|
|
@ -7,12 +7,12 @@ using System.Diagnostics;
|
|||
using System.Security.Claims;
|
||||
using Microsoft.Extensions.ObjectPool;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
/// <summary>
|
||||
/// Default implementation of <see cref="IClaimUidExtractor"/>.
|
||||
/// </summary>
|
||||
public class DefaultClaimUidExtractor : IClaimUidExtractor
|
||||
internal class DefaultClaimUidExtractor : IClaimUidExtractor
|
||||
{
|
||||
private readonly ObjectPool<AntiforgerySerializationContext> _pool;
|
||||
|
||||
|
|
@ -146,4 +146,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public interface IAntiforgeryFeature
|
||||
internal interface IAntiforgeryFeature
|
||||
{
|
||||
AntiforgeryToken CookieToken { get; set; }
|
||||
|
||||
|
|
@ -22,4 +22,4 @@
|
|||
|
||||
AntiforgeryToken RequestToken { get; set; }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,12 +3,12 @@
|
|||
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
/// <summary>
|
||||
/// Generates and validates antiforgery tokens.
|
||||
/// </summary>
|
||||
public interface IAntiforgeryTokenGenerator
|
||||
internal interface IAntiforgeryTokenGenerator
|
||||
{
|
||||
/// <summary>
|
||||
/// Generates a new random cookie token.
|
||||
|
|
@ -47,4 +47,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
AntiforgeryToken requestToken,
|
||||
out string message);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
// Abstracts out the serialization process for an antiforgery token
|
||||
public interface IAntiforgeryTokenSerializer
|
||||
internal interface IAntiforgeryTokenSerializer
|
||||
{
|
||||
AntiforgeryToken Deserialize(string serializedToken);
|
||||
string Serialize(AntiforgeryToken token);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
public interface IAntiforgeryTokenStore
|
||||
internal interface IAntiforgeryTokenStore
|
||||
{
|
||||
string GetCookieToken(HttpContext httpContext);
|
||||
|
||||
|
|
@ -19,4 +19,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
|
||||
void SaveCookieToken(HttpContext httpContext, string token);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,14 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.Collections.Generic;
|
||||
using System.Security.Claims;
|
||||
|
||||
namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||
namespace Microsoft.AspNetCore.Antiforgery
|
||||
{
|
||||
/// <summary>
|
||||
/// This interface can extract unique identifers for a <see cref="ClaimsPrincipal"/>.
|
||||
/// </summary>
|
||||
public interface IClaimUidExtractor
|
||||
internal interface IClaimUidExtractor
|
||||
{
|
||||
/// <summary>
|
||||
/// Extracts claims identifier.
|
||||
|
|
@ -18,4 +17,4 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
/// <returns>The claims identifier.</returns>
|
||||
string ExtractClaimUid(ClaimsPrincipal claimsPrincipal);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,9 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<PropertyGroup>
|
||||
<Description>An antiforgery system for ASP.NET Core designed to generate and validate tokens to prevent Cross-Site Request Forgery attacks.</Description>
|
||||
<TargetFramework>netcoreapp3.0</TargetFramework>
|
||||
<IsAspNetCoreApp>true</IsAspNetCoreApp>
|
||||
<NoWarn>$(NoWarn);CS1591</NoWarn>
|
||||
<GenerateDocumentationFile>true</GenerateDocumentationFile>
|
||||
<PackageTags>aspnetcore;antiforgery</PackageTags>
|
||||
</PropertyGroup>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
@ECHO OFF
|
||||
|
||||
%~dp0..\..\startvs.cmd %~dp0Antiforgery.sln
|
||||
Loading…
Reference in New Issue