huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make Begin[Route]Form include antiforgery

This commit is contained in:
Ryan Nowak 2015-12-30 16:50:24 -08:00
parent 2b83dbb52e
commit 676bde29b9
14 changed files with 1094 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

248
src/Microsoft.AspNet.Mvc.ViewFeatures/Rendering/HtmlHelperFormExtensions.cs
View File

@ -6,7 +6,7 @@ using System;
namespace Microsoft.AspNet.Mvc.Rendering
{
/// <summary>
/// DisplayName-related extensions for <see cref="IHtmlHelper"/>.
/// Form-related extensions for <see cref="IHtmlHelper"/>.
/// </summary>
public static class HtmlHelperFormExtensions
{
@ -29,8 +29,45 @@ namespace Microsoft.AspNet.Mvc.Rendering
}
// Generates <form action="{current url}" method="post">.
return htmlHelper.BeginForm(actionName: null, controllerName: null, routeValues: null,
method: FormMethod.Post, htmlAttributes: null);
return htmlHelper.BeginForm(
actionName: null,
controllerName: null,
routeValues: null,
method: FormMethod.Post,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
/// Renders a &lt;form&gt; start tag to the response. The &lt;form&gt;'s <c>action</c> attribute value will
/// match the current request.
/// </summary>
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
/// <param name="suppressAntiforgery">
/// If <c>true</c>, suppresses the generation an &lt;input&gt; of type "hidden" with an antiforgery token. By
/// default &lt;form&gt; elements will automatically include an antiforgery token.
/// </param>
/// <returns>
/// An <see cref="MvcForm"/> instance which renders the &lt;/form&gt; end tag when disposed.
/// </returns>
/// <remarks>
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
/// </remarks>
public static MvcForm BeginForm(this IHtmlHelper htmlHelper, bool suppressAntiforgery)
{
if (htmlHelper == null)
{
throw new ArgumentNullException(nameof(htmlHelper));
}
// Generates <form action="{current url}" method="post">.
return htmlHelper.BeginForm(
actionName: null,
controllerName: null,
routeValues: null,
method: FormMethod.Post,
suppressAntiforgery: suppressAntiforgery,
htmlAttributes: null);
}
/// <summary>
@ -52,8 +89,13 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginForm(actionName: null, controllerName: null, routeValues: null,
method: method, htmlAttributes: null);
return htmlHelper.BeginForm(
actionName: null,
controllerName: null,
routeValues: null,
method: method,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
@ -83,8 +125,54 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginForm(actionName: null, controllerName: null, routeValues: null,
method: method, htmlAttributes: htmlAttributes);
return htmlHelper.BeginForm(
actionName: null,
controllerName: null,
routeValues: null,
method: method,
suppressAntiforgery: false,
htmlAttributes: htmlAttributes);
}
/// <summary>
/// Renders a &lt;form&gt; start tag to the response. When the user submits the form, the
/// current action will process the request.
/// </summary>
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
/// <param name="suppressAntiforgery">
/// If <c>true</c>, suppresses the generation an &lt;input&gt; of type "hidden" with an antiforgery token. By
/// default &lt;form&gt; elements will automatically include an antiforgery token.
/// </param>
/// <param name="htmlAttributes">
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
/// <see cref="System.Collections.Generic.IDictionary{string, object}"/> instance containing the HTML
/// attributes.
/// </param>
/// <returns>
/// An <see cref="MvcForm"/> instance which renders the &lt;/form&gt; end tag when disposed.
/// </returns>
/// <remarks>
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
/// </remarks>
public static MvcForm BeginForm(
this IHtmlHelper htmlHelper,
FormMethod method,
bool suppressAntiforgery,
object htmlAttributes)
{
if (htmlHelper == null)
{
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginForm(
actionName: null,
controllerName: null,
routeValues: null,
method: method,
suppressAntiforgery: suppressAntiforgery,
htmlAttributes: htmlAttributes);
}
/// <summary>
@ -112,8 +200,13 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginForm(actionName: null, controllerName: null, routeValues: routeValues,
method: FormMethod.Post, htmlAttributes: null);
return htmlHelper.BeginForm(
actionName: null,
controllerName: null,
routeValues: routeValues,
method: FormMethod.Post,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
@ -139,8 +232,13 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginForm(actionName, controllerName, routeValues: null,
method: FormMethod.Post, htmlAttributes: null);
return htmlHelper.BeginForm(
actionName,
controllerName,
routeValues: null,
method: FormMethod.Post,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
@ -174,8 +272,13 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginForm(actionName, controllerName, routeValues,
FormMethod.Post, htmlAttributes: null);
return htmlHelper.BeginForm(
actionName,
controllerName,
routeValues,
FormMethod.Post,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
@ -203,8 +306,13 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginForm(actionName, controllerName, routeValues: null,
method: method, htmlAttributes: null);
return htmlHelper.BeginForm(
actionName,
controllerName,
routeValues: null,
method: method,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
@ -240,8 +348,13 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginForm(actionName, controllerName, routeValues,
method, htmlAttributes: null);
return htmlHelper.BeginForm(
actionName,
controllerName,
routeValues,
method,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
@ -275,8 +388,13 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginForm(actionName, controllerName, routeValues: null,
method: method, htmlAttributes: htmlAttributes);
return htmlHelper.BeginForm(
actionName,
controllerName,
routeValues: null,
method: method,
suppressAntiforgery: false,
htmlAttributes: htmlAttributes);
}
/// <summary>
@ -308,6 +426,44 @@ namespace Microsoft.AspNet.Mvc.Rendering
routeName: null,
routeValues: routeValues,
method: FormMethod.Post,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
/// Renders a &lt;form&gt; start tag to the response. The first route that can provide a URL with the
/// specified <paramref name="routeValues"/> generates the &lt;form&gt;'s <c>action</c> attribute value.
/// </summary>
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
/// <param name="routeValues">
/// An <see cref="object"/> that contains the parameters for a route. The parameters are retrieved through
/// reflection by examining the properties of the <see cref="object"/>. This <see cref="object"/> is typically
/// created using <see cref="object"/> initializer syntax. Alternatively, an
/// <see cref="System.Collections.Generic.IDictionary{string, object}"/> instance containing the route
/// parameters.
/// </param>
/// <param name="suppressAntiforgery">
/// If <c>true</c>, suppresses the generation an &lt;input&gt; of type "hidden" with an antiforgery token. By
/// default &lt;form&gt; elements will automatically include an antiforgery token.
/// </param>
/// <returns>
/// An <see cref="MvcForm"/> instance which renders the &lt;/form&gt; end tag when disposed.
/// </returns>
/// <remarks>
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
/// </remarks>
public static MvcForm BeginRouteForm(this IHtmlHelper htmlHelper, object routeValues, bool suppressAntiforgery)
{
if (htmlHelper == null)
{
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginRouteForm(
routeName: null,
routeValues: routeValues,
method: FormMethod.Post,
suppressAntiforgery: suppressAntiforgery,
htmlAttributes: null);
}
@ -334,6 +490,38 @@ namespace Microsoft.AspNet.Mvc.Rendering
routeName,
routeValues: null,
method: FormMethod.Post,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
/// Renders a &lt;form&gt; start tag to the response. The route with name <paramref name="routeName"/>
/// generates the &lt;form&gt;'s <c>action</c> attribute value.
/// </summary>
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
/// <param name="routeName">The name of the route.</param>
/// <param name="suppressAntiforgery">
/// If <c>true</c>, suppresses the generation an &lt;input&gt; of type "hidden" with an antiforgery token. By
/// default &lt;form&gt; elements will automatically include an antiforgery token.
/// </param>
/// <returns>
/// An <see cref="MvcForm"/> instance which renders the &lt;/form&gt; end tag when disposed.
/// </returns>
/// <remarks>
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
/// </remarks>
public static MvcForm BeginRouteForm(this IHtmlHelper htmlHelper, string routeName, bool suppressAntiforgery)
{
if (htmlHelper == null)
{
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginRouteForm(
routeName,
routeValues: null,
method: FormMethod.Post,
suppressAntiforgery: suppressAntiforgery,
htmlAttributes: null);
}
@ -366,7 +554,12 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginRouteForm(routeName, routeValues, FormMethod.Post, htmlAttributes: null);
return htmlHelper.BeginRouteForm(
routeName,
routeValues,
FormMethod.Post,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
@ -392,7 +585,12 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginRouteForm(routeName, routeValues: null, method: method, htmlAttributes: null);
return htmlHelper.BeginRouteForm(
routeName,
routeValues: null,
method: method,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
@ -426,7 +624,12 @@ namespace Microsoft.AspNet.Mvc.Rendering
throw new ArgumentNullException(nameof(htmlHelper));
}
return htmlHelper.BeginRouteForm(routeName, routeValues, method, htmlAttributes: null);
return htmlHelper.BeginRouteForm(
routeName,
routeValues,
method,
suppressAntiforgery: false,
htmlAttributes: null);
}
/// <summary>
@ -462,6 +665,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
routeName,
routeValues: null,
method: method,
suppressAntiforgery: false,
htmlAttributes: htmlAttributes);
}
}

9
src/Microsoft.AspNet.Mvc.ViewFeatures/Rendering/IHtmlHelper.cs
View File

@ -114,6 +114,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
/// </param>
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
/// <param name="suppressAntiforgery">
/// If <c>true</c>, suppresses the generation an &lt;input&gt; of type "hidden" with an antiforgery token. By
/// default &lt;form&gt; elements will automatically include an antiforgery token.
/// </param>
/// <param name="htmlAttributes">
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
/// <see cref="IDictionary{string, object}"/> instance containing the HTML attributes.
@ -129,6 +133,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
string controllerName,
object routeValues,
FormMethod method,
bool suppressAntiforgery,
object htmlAttributes);
/// <summary>
@ -143,6 +148,9 @@ namespace Microsoft.AspNet.Mvc.Rendering
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
/// </param>
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
/// <param name="suppressAntiforgery">
/// Determines whether or not to include an &lt;input&gt; of type "hidden" with an antiforgery token.
/// </param>
/// <param name="htmlAttributes">
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
/// <see cref="IDictionary{string, object}"/> instance containing the HTML attributes.
@ -157,6 +165,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
string routeName,
object routeValues,
FormMethod method,
bool suppressAntiforgery,
object htmlAttributes);
/// <summary>

2
src/Microsoft.AspNet.Mvc.ViewFeatures/ViewFeatures/FormContext.cs
View File

@ -31,6 +31,8 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
}
}
public bool HasAntiforgeryToken { get; set; }
public bool HasFormData => _formData != null;
public bool HasEndOfFormContent => _endOfFormContent != null;

42
src/Microsoft.AspNet.Mvc.ViewFeatures/ViewFeatures/HtmlHelper.cs
View File

@ -270,6 +270,14 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
/// <inheritdoc />
public IHtmlContent AntiForgeryToken()
{
// If we're inside a BeginForm/BeginRouteForm, the antiforgery token might have already been
// created and appended to the 'end form' content.
if (ViewContext.FormContext.HasAntiforgeryToken)
{
return HtmlString.Empty;
}
ViewContext.FormContext.HasAntiforgeryToken = true;
var html = _htmlGenerator.GenerateAntiforgery(ViewContext);
return html ?? HtmlString.Empty;
}
@ -280,6 +288,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
string controllerName,
object routeValues,
FormMethod method,
bool suppressAntiforgery,
object htmlAttributes)
{
// Push the new FormContext; MvcForm.GenerateEndForm() does the corresponding pop.
@ -288,11 +297,16 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
CanRenderAtEndOfForm = true
};
return GenerateForm(actionName, controllerName, routeValues, method, htmlAttributes);
return GenerateForm(actionName, controllerName, routeValues, method, suppressAntiforgery, htmlAttributes);
}
/// <inheritdoc />
public MvcForm BeginRouteForm(string routeName, object routeValues, FormMethod method, object htmlAttributes)
public MvcForm BeginRouteForm(
string routeName,
object routeValues,
FormMethod method,
bool suppressAntiforgery,
object htmlAttributes)
{
// Push the new FormContext; MvcForm.GenerateEndForm() does the corresponding pop.
_viewContext.FormContext = new FormContext
@ -300,7 +314,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
CanRenderAtEndOfForm = true
};
return GenerateRouteForm(routeName, routeValues, method, htmlAttributes);
return GenerateRouteForm(routeName, routeValues, method, suppressAntiforgery, htmlAttributes);
}
/// <inheritdoc />
@ -852,6 +866,10 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
/// </param>
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
/// <param name="suppressAntiforgery">
/// If <c>true</c>, suppresses the generation an &lt;input&gt; of type "hidden" with an antiforgery token. By
/// default &lt;form&gt; elements will automatically include an antiforgery token.
/// </param>
/// <param name="htmlAttributes">
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
/// <see cref="IDictionary{string, object}"/> instance containing the HTML attributes.
@ -867,6 +885,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
string controllerName,
object routeValues,
FormMethod method,
bool suppressAntiforgery,
object htmlAttributes)
{
var tagBuilder = _htmlGenerator.GenerateForm(
@ -882,6 +901,12 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
tagBuilder.WriteTo(ViewContext.Writer, _htmlEncoder);
}
if (!suppressAntiforgery)
{
ViewContext.FormContext.EndOfFormContent.Add(_htmlGenerator.GenerateAntiforgery(ViewContext));
ViewContext.FormContext.HasAntiforgeryToken = true;
}
return CreateForm();
}
@ -897,6 +922,10 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
/// </param>
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
/// <param name="suppressAntiforgery">
/// If <c>true</c>, suppresses the generation an &lt;input&gt; of type "hidden" with an antiforgery token. By
/// default &lt;form&gt; elements will automatically include an antiforgery token.
/// </param>
/// <param name="htmlAttributes">
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
/// <see cref="IDictionary{string, object}"/> instance containing the HTML attributes.
@ -911,6 +940,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
string routeName,
object routeValues,
FormMethod method,
bool suppressAntiforgery,
object htmlAttributes)
{
var tagBuilder = _htmlGenerator.GenerateRouteForm(
@ -925,6 +955,12 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
tagBuilder.WriteTo(ViewContext.Writer, _htmlEncoder);
}
if (!suppressAntiforgery)
{
ViewContext.FormContext.EndOfFormContent.Add(_htmlGenerator.GenerateAntiforgery(ViewContext));
ViewContext.FormContext.HasAntiforgeryToken = true;
}
return CreateForm();
}

6
test/Microsoft.AspNet.Mvc.FunctionalTests/HtmlGenerationTest.cs
View File

@ -44,12 +44,12 @@ namespace Microsoft.AspNet.Mvc.FunctionalTests
// Testing attribute values with boolean and null values
{ "AttributesWithBooleanValues", null },
// Testing SelectTagHelper with Html.BeginForm
{ "CreateWarehouse", null },
{ "CreateWarehouse", "/HtmlGeneration_Home/CreateWarehouse" },
// Testing the HTML helpers with FormTagHelper
{ "EditWarehouse", null },
{ "Form", "/HtmlGeneration_Home/Form" },
// Testing MVC tag helpers invoked in the editor templates from HTML helpers
{ "EmployeeList", null },
{ "EmployeeList", "/HtmlGeneration_Home/EmployeeList" },
// Testing the EnvironmentTagHelper
{ "Environment", null },
// Testing the ImageTagHelper
@ -63,7 +63,7 @@ namespace Microsoft.AspNet.Mvc.FunctionalTests
{ "Order", "/HtmlGeneration_Order/Submit" },
{ "OrderUsingHtmlHelpers", "/HtmlGeneration_Order/Submit" },
// Testing InputTagHelpers invoked in the partial views
{ "ProductList", null },
{ "ProductList", "/HtmlGeneration_Product" },
};
// One path hits aspnet/External#50 with Mono on Mac.

2
test/Microsoft.AspNet.Mvc.FunctionalTests/compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home.CreateWarehouse.html
View File

@ -16,5 +16,5 @@
<div class="warehouse validation-summary-valid" data-valmsg-summary="true"><ul><li style="display:none"></li>
</ul></div>
<input type="submit" />
</form></body>
<input name="__RequestVerificationToken" type="hidden" value="{0}" /></form></body>
</html>

2
test/Microsoft.AspNet.Mvc.FunctionalTests/compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home.EmployeeList.html
View File

@ -94,5 +94,5 @@ EmployeeName_2</textarea>
<option>1002</option>
</select>
</div> <input type="submit" />
<input name="[0].Remote" type="hidden" value="false" /><input name="[1].Remote" type="hidden" value="false" /><input name="[2].Remote" type="hidden" value="false" /></form></body>
<input name="__RequestVerificationToken" type="hidden" value="{0}" /><input name="[0].Remote" type="hidden" value="false" /><input name="[1].Remote" type="hidden" value="false" /><input name="[2].Remote" type="hidden" value="false" /></form></body>
</html>

2
test/Microsoft.AspNet.Mvc.FunctionalTests/compiler/resources/HtmlGenerationWebSite.HtmlGeneration_Home.ProductList.html
View File

@ -55,5 +55,5 @@
<textarea rows="4" cols="50" class="product" id="z2__Description" name="[2].Description">
Product_2 description</textarea>
</div> <input type="submit" />
</form></body>
<input name="__RequestVerificationToken" type="hidden" value="{0}" /></form></body>
</html>

558
test/Microsoft.AspNet.Mvc.ViewFeatures.Test/Rendering/HtmlHelperFormExtensionsTest.cs
View File

@ -280,7 +280,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateForm(
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
null, // actionName
null, // controllerName
@ -289,6 +289,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -305,6 +309,76 @@ namespace Microsoft.AspNet.Mvc.Rendering
htmlGenerator.Verify();
}
[Fact]
public void BeginForm_WithAntiforgery_CallsHtmlGeneratorWithExpectedValues()
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
null, // actionName
null, // controllerName
null, // routeValues
"post", // method
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginForm(suppressAntiforgery: false);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Fact]
public void BeginForm_SuppressAntiforgery_CallsHtmlGeneratorWithExpectedValues()
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
null, // actionName
null, // controllerName
null, // routeValues
"post", // method
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginForm(suppressAntiforgery: true);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(MethodDataSet))]
public void BeginFormWithMethodParameter_CallsHtmlGeneratorWithExpectedValues(FormMethod method)
@ -314,7 +388,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateForm(
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
null, // actionName
null, // controllerName
@ -323,6 +397,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -350,7 +428,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateForm(
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
null, // actionName
null, // controllerName
@ -359,6 +437,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
htmlAttributes))
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -375,6 +457,82 @@ namespace Microsoft.AspNet.Mvc.Rendering
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(MethodAndHtmlAttributesDataSet))]
public void BeginFormWithMethodAndHtmlAttributesParameters_WithAntiforgery_CallsHtmlGeneratorWithExpectedValues(
FormMethod method,
object htmlAttributes)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
null, // actionName
null, // controllerName
null, // routeValues
method.ToString().ToLowerInvariant(),
htmlAttributes))
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginForm(method, suppressAntiforgery: false, htmlAttributes: htmlAttributes);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(MethodAndHtmlAttributesDataSet))]
public void BeginFormWithMethodAndHtmlAttributesParameters_SuppressAntiforgery_CallsHtmlGeneratorWithExpectedValues(
FormMethod method,
object htmlAttributes)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
null, // actionName
null, // controllerName
null, // routeValues
method.ToString().ToLowerInvariant(),
htmlAttributes))
.Returns(tagBuilder)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginForm(method, suppressAntiforgery: true, htmlAttributes: htmlAttributes);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteValuesDataSet))]
public void BeginFormWithRouteValuesParameter_CallsHtmlGeneratorWithExpectedValues(object routeValues)
@ -384,7 +542,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateForm(
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
null, // actionName
null, // controllerName
@ -393,6 +551,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -420,7 +582,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateForm(
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
actionName,
controllerName,
@ -429,6 +591,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -457,7 +623,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateForm(
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
actionName,
controllerName,
@ -466,6 +632,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -494,7 +664,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateForm(
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
actionName,
controllerName,
@ -503,6 +673,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -532,7 +706,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateForm(
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
actionName,
controllerName,
@ -541,6 +715,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -570,7 +748,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateForm(
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
actionName,
controllerName,
@ -579,6 +757,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
htmlAttributes))
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -595,6 +777,98 @@ namespace Microsoft.AspNet.Mvc.Rendering
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(ActionNameControllerNameMethodAndHtmlAttributesDataSet))]
public void BeginFormWithActionNameContollerNameMethodAndHtmlAttributesParameters_WithAntiforgery_CallsHtmlGeneratorWithExpectedValues(
string actionName,
string controllerName,
FormMethod method,
object htmlAttributes)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
actionName,
controllerName,
null, // routeValues
method.ToString().ToLowerInvariant(),
htmlAttributes))
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginForm(
actionName,
controllerName,
routeValues: null,
method: method,
suppressAntiforgery: false,
htmlAttributes: htmlAttributes);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(ActionNameControllerNameMethodAndHtmlAttributesDataSet))]
public void BeginFormWithActionNameContollerNameMethodAndHtmlAttributesParameters_SuppressAntiforgery_CallsHtmlGeneratorWithExpectedValues(
string actionName,
string controllerName,
FormMethod method,
object htmlAttributes)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateForm(
htmlHelper.ViewContext,
actionName,
controllerName,
null, // routeValues
method.ToString().ToLowerInvariant(),
htmlAttributes))
.Returns(tagBuilder)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginForm(
actionName,
controllerName,
routeValues: null,
method: method,
suppressAntiforgery: true,
htmlAttributes: htmlAttributes);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteValuesDataSet))]
public void BeginRouteFormWithRouteValuesParameter_CallsHtmlGeneratorWithExpectedValues(object routeValues)
@ -604,7 +878,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateRouteForm(
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
null, // routeName
routeValues,
@ -612,6 +886,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -628,6 +906,78 @@ namespace Microsoft.AspNet.Mvc.Rendering
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteValuesDataSet))]
public void BeginRouteFormWithRouteValuesParameter_WithAntiforgery_CallsHtmlGeneratorWithExpectedValues(
object routeValues)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
null, // routeName
routeValues,
"post", // method
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginRouteForm(routeValues, suppressAntiforgery: false);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteValuesDataSet))]
public void BeginRouteFormWithRouteValuesParameter_SuppressAntiforgery_CallsHtmlGeneratorWithExpectedValues(
object routeValues)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
null, // routeName
routeValues,
"post", // method
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginRouteForm(routeValues, suppressAntiforgery: true);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteNameDataSet))]
public void BeginRouteFormWithRouteNameParameter_CallsHtmlGeneratorWithExpectedValues(string routeName)
@ -637,7 +987,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateRouteForm(
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
routeName,
null, // routeValues
@ -645,6 +995,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -661,6 +1015,78 @@ namespace Microsoft.AspNet.Mvc.Rendering
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteNameDataSet))]
public void BeginRouteFormWithRouteNameParameter_WithAntiforgery_CallsHtmlGeneratorWithExpectedValues(
string routeName)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
routeName,
null, // routeValues
"post", // method
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginRouteForm(routeName, suppressAntiforgery: false);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteNameDataSet))]
public void BeginRouteFormWithRouteNameParameter_SuppressAntiforgery_CallsHtmlGeneratorWithExpectedValues(
string routeName)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
routeName,
null, // routeValues
"post", // method
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginRouteForm(routeName, suppressAntiforgery: true);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteNameAndRouteValuesDataSet))]
public void BeginRouteFormWithRouteNameAndRouteValuesParameters_CallsHtmlGeneratorWithExpectedValues(
@ -672,7 +1098,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateRouteForm(
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
routeName,
routeValues,
@ -680,6 +1106,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -707,7 +1137,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateRouteForm(
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
routeName,
null, // routeValues
@ -715,6 +1145,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -743,7 +1177,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateRouteForm(
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
routeName,
routeValues,
@ -751,6 +1185,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
null)) // htmlAttributes
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -779,7 +1217,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(realHelper => realHelper.GenerateRouteForm(
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
routeName,
null, // routeValues
@ -787,6 +1225,10 @@ namespace Microsoft.AspNet.Mvc.Rendering
htmlAttributes))
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
@ -802,5 +1244,91 @@ namespace Microsoft.AspNet.Mvc.Rendering
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteNameMethodAndHtmlAttributesDataSet))]
public void BeginRouteFormWithRouteNameMethodAndHtmlAttributesParameters_WithAntiforgery_CallsHtmlGeneratorWithExpectedValues(
string routeName,
FormMethod method,
object htmlAttributes)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
routeName,
null, // routeValues
method.ToString().ToLowerInvariant(),
htmlAttributes))
.Returns(tagBuilder)
.Verifiable();
htmlGenerator
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
.Returns(HtmlString.Empty)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginRouteForm(
routeName,
routeValues: null,
method: method,
suppressAntiforgery: false,
htmlAttributes: htmlAttributes);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
[Theory]
[MemberData(nameof(RouteNameMethodAndHtmlAttributesDataSet))]
public void BeginRouteFormWithRouteNameMethodAndHtmlAttributesParameters_SuppressAntiforgery_CallsHtmlGeneratorWithExpectedValues(
string routeName,
FormMethod method,
object htmlAttributes)
{
// Arrange
var tagBuilder = new TagBuilder(tagName: "form");
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
htmlGenerator
.Setup(g => g.GenerateRouteForm(
htmlHelper.ViewContext,
routeName,
null, // routeValues
method.ToString().ToLowerInvariant(),
htmlAttributes))
.Returns(tagBuilder)
.Verifiable();
// Guards
Assert.NotNull(htmlHelper.ViewContext);
var writer = Assert.IsAssignableFrom<StringWriter>(htmlHelper.ViewContext.Writer);
var builder = writer.GetStringBuilder();
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginRouteForm(
routeName,
routeValues: null,
method: method,
suppressAntiforgery: true,
htmlAttributes: htmlAttributes);
// Assert
Assert.NotNull(mvcForm);
Assert.Equal("<form>", builder.ToString());
htmlGenerator.Verify();
}
}
}

266
test/Microsoft.AspNet.Mvc.ViewFeatures.Test/Rendering/HtmlHelperFormTest.cs
View File

@ -151,6 +151,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
controllerName: null,
routeValues: null,
method: FormMethod.Post,
suppressAntiforgery: true,
htmlAttributes: null);
// Assert
@ -200,6 +201,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
controllerName: null,
routeValues: null,
method: FormMethod.Post,
suppressAntiforgery: true,
htmlAttributes: htmlAttributes);
// Assert
@ -247,7 +249,13 @@ namespace Microsoft.AspNet.Mvc.Rendering
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginForm(actionName, controllerName, routeValues, method, htmlAttributes);
var mvcForm = htmlHelper.BeginForm(
actionName,
controllerName,
routeValues,
method,
suppressAntiforgery: true,
htmlAttributes: htmlAttributes);
// Assert
Assert.NotNull(mvcForm);
@ -290,7 +298,12 @@ namespace Microsoft.AspNet.Mvc.Rendering
Assert.NotNull(builder);
// Act
var mvcForm = htmlHelper.BeginRouteForm(routeName, routeValues, method, htmlAttributes);
var mvcForm = htmlHelper.BeginRouteForm(
routeName,
routeValues,
method,
suppressAntiforgery: true,
htmlAttributes: htmlAttributes);
// Assert
Assert.NotNull(mvcForm);
@ -351,6 +364,255 @@ namespace Microsoft.AspNet.Mvc.Rendering
builder.ToString());
}
// This is an integration for the implicit antiforgery token added by BeginForm.
[Fact]
public void BeginForm_EndForm_RendersAntiforgeryToken()
{
// Arrange
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
htmlGenerator
.Setup(g => g.GenerateForm(
It.IsAny<ViewContext>(),
It.IsAny<string>(),
It.IsAny<string>(),
It.IsAny<object>(),
It.IsAny<string>(),
It.IsAny<object>()))
.Returns(new TagBuilder("form"));
htmlGenerator
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
.Returns(new TagBuilder("antiforgery"));
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
var serviceProvider = new Mock<IServiceProvider>();
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
var viewContext = htmlHelper.ViewContext;
viewContext.HttpContext.RequestServices = serviceProvider.Object;
var writer = viewContext.Writer as StringWriter;
Assert.NotNull(writer);
// Act & Assert
using (var form = htmlHelper.BeginForm())
{
Assert.True(viewContext.FormContext.HasAntiforgeryToken);
}
Assert.Equal(
"<form><antiforgery></antiforgery></form>",
writer.GetStringBuilder().ToString());
}
// This is an integration for the implicit antiforgery token added by BeginForm.
[Fact]
public void BeginForm_EndForm_RendersAntiforgeryToken_WithExplicitCallToAntiforgery()
{
// Arrange
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
htmlGenerator
.Setup(g => g.GenerateForm(
It.IsAny<ViewContext>(),
It.IsAny<string>(),
It.IsAny<string>(),
It.IsAny<object>(),
It.IsAny<string>(),
It.IsAny<object>()))
.Returns(new TagBuilder("form"));
htmlGenerator
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
.Returns(new TagBuilder("antiforgery"));
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
var serviceProvider = new Mock<IServiceProvider>();
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
var viewContext = htmlHelper.ViewContext;
viewContext.HttpContext.RequestServices = serviceProvider.Object;
var writer = viewContext.Writer as StringWriter;
Assert.NotNull(writer);
// Act & Assert
using (var form = htmlHelper.BeginForm())
{
Assert.True(viewContext.FormContext.HasAntiforgeryToken);
// This call will no-op
Assert.Same(HtmlString.Empty, htmlHelper.AntiForgeryToken());
}
Assert.Equal(
"<form><antiforgery></antiforgery></form>",
writer.GetStringBuilder().ToString());
}
// This is an integration for suppressing implicit antiforgery token added by BeginForm.
[Fact]
public void BeginForm_EndForm_SuppressAntiforgeryToken()
{
// Arrange
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
htmlGenerator
.Setup(g => g.GenerateForm(
It.IsAny<ViewContext>(),
It.IsAny<string>(),
It.IsAny<string>(),
It.IsAny<object>(),
It.IsAny<string>(),
It.IsAny<object>()))
.Returns(new TagBuilder("form"));
htmlGenerator
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
.Returns(new TagBuilder("antiforgery"));
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
var serviceProvider = new Mock<IServiceProvider>();
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
var viewContext = htmlHelper.ViewContext;
viewContext.HttpContext.RequestServices = serviceProvider.Object;
var writer = viewContext.Writer as StringWriter;
Assert.NotNull(writer);
// Act & Assert
using (var form = htmlHelper.BeginForm(FormMethod.Post, suppressAntiforgery: true, htmlAttributes: null))
{
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
}
Assert.Equal(
"<form></form>",
writer.GetStringBuilder().ToString());
}
// This is an integration for suppressing implicit antiforgery token added by BeginForm.
[Fact]
public void BeginForm_EndForm_SuppressAntiforgeryToken_WithExplicitCallToAntiforgery()
{
// Arrange
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
htmlGenerator
.Setup(g => g.GenerateForm(
It.IsAny<ViewContext>(),
It.IsAny<string>(),
It.IsAny<string>(),
It.IsAny<object>(),
It.IsAny<string>(),
It.IsAny<object>()))
.Returns(new TagBuilder("form"));
htmlGenerator
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
.Returns(new TagBuilder("antiforgery"));
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
var serviceProvider = new Mock<IServiceProvider>();
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
var viewContext = htmlHelper.ViewContext;
viewContext.HttpContext.RequestServices = serviceProvider.Object;
var writer = viewContext.Writer as StringWriter;
Assert.NotNull(writer);
// Act & Assert
using (var form = htmlHelper.BeginForm(FormMethod.Post, suppressAntiforgery: true, htmlAttributes: null))
{
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
// This call will ouput a token.
Assert.Equal("antiforgery", Assert.IsType<TagBuilder>(htmlHelper.AntiForgeryToken()).TagName);
}
Assert.Equal(
"<form></form>",
writer.GetStringBuilder().ToString());
}
// This is an integration for the implicit antiforgery token added by BeginRouteForm.
[Fact]
public void BeginRouteForm_EndForm_RendersAntiforgeryToken()
{
// Arrange
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
htmlGenerator
.Setup(g => g.GenerateRouteForm(
It.IsAny<ViewContext>(),
It.IsAny<string>(),
It.IsAny<object>(),
It.IsAny<string>(),
It.IsAny<object>()))
.Returns(new TagBuilder("form"));
htmlGenerator
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
.Returns(new TagBuilder("antiforgery"));
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
var serviceProvider = new Mock<IServiceProvider>();
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
var viewContext = htmlHelper.ViewContext;
viewContext.HttpContext.RequestServices = serviceProvider.Object;
var writer = viewContext.Writer as StringWriter;
Assert.NotNull(writer);
// Act & Assert
using (var form = htmlHelper.BeginRouteForm(routeValues: null))
{
Assert.True(viewContext.FormContext.HasAntiforgeryToken);
}
Assert.Equal(
"<form><antiforgery></antiforgery></form>",
writer.GetStringBuilder().ToString());
}
// This is an integration for suppressing implicit antiforgery token added by BeginRouteForm.
[Fact]
public void BeginRouteForm_EndForm_SuppressAntiforgeryToken()
{
// Arrange
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
htmlGenerator
.Setup(g => g.GenerateRouteForm(
It.IsAny<ViewContext>(),
It.IsAny<string>(),
It.IsAny<object>(),
It.IsAny<string>(),
It.IsAny<object>()))
.Returns(new TagBuilder("form"));
htmlGenerator
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
.Returns(new TagBuilder("antiforgery"));
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
var serviceProvider = new Mock<IServiceProvider>();
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
var viewContext = htmlHelper.ViewContext;
viewContext.HttpContext.RequestServices = serviceProvider.Object;
var writer = viewContext.Writer as StringWriter;
Assert.NotNull(writer);
// Act & Assert
using (var form = htmlHelper.BeginRouteForm(
routeName: null,
routeValues: null,
method: FormMethod.Post,
suppressAntiforgery: true,
htmlAttributes: null))
{
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
}
Assert.Equal(
"<form></form>",
writer.GetStringBuilder().ToString());
}
private string GetHtmlAttributesAsString(object htmlAttributes)
{
var dictionary = HtmlHelper.AnonymousObjectToHtmlAttributes(htmlAttributes);

2
test/Microsoft.AspNet.Mvc.ViewFeatures.Test/ViewFeatures/DefaultEditorTemplatesTest.cs
View File

@ -1002,6 +1002,7 @@ Environment.NewLine;
string controllerName,
object routeValues,
FormMethod method,
bool antiforgery,
object htmlAttributes)
{
throw new NotImplementedException();
@ -1011,6 +1012,7 @@ Environment.NewLine;
string routeName,
object routeValues,
FormMethod method,
bool antiforgery,
object htmlAttributes)
{
throw new NotImplementedException();

2
test/WebSites/BasicWebSite/Areas/Area1/Views/RemoteAttribute_Home/Create.cshtml
View File

@ -8,7 +8,7 @@
}
<h2>@ViewBag.Title</h2>
@using (Html.BeginForm())
@using (Html.BeginForm(FormMethod.Post, htmlAttributes: null, suppressAntiforgery: true))
{
<div class="form-horizontal">
<h4>Person</h4>

2
test/WebSites/BasicWebSite/Views/RemoteAttribute_Home/Create.cshtml
View File

@ -8,7 +8,7 @@
}
<h2>@ViewBag.Title</h2>
@using (Html.BeginForm())
@using (Html.BeginForm(FormMethod.Post, htmlAttributes: null, suppressAntiforgery: true))
{
<div class="form-horizontal">
<h4>Person</h4>

2
test/WebSites/RazorWebSite/Views/FlushPoint/PageWithoutLayout.cshtml
View File

@ -5,7 +5,7 @@ Secondary content
@{
await Html.RenderPartialAsync("_PartialWithFlush");
}
@using (Html.BeginForm())
@using (Html.BeginForm(method: FormMethod.Post, suppressAntiforgery: true, htmlAttributes: null))
{
@Html.TextBox("Name1")
@await FlushAsync()