diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs index f105fbfac6..763981fcf7 100644 --- a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs +++ b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs @@ -1,11 +1,11 @@ // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. -using System.ComponentModel; using System.Threading.Tasks; using Microsoft.AspNet.Http; using Microsoft.AspNet.Mvc.Rendering; using Microsoft.AspNet.Security.DataProtection; +using Microsoft.Framework.OptionsModel; namespace Microsoft.AspNet.Mvc { @@ -20,10 +20,10 @@ namespace Microsoft.AspNet.Mvc public AntiForgery([NotNull] IClaimUidExtractor claimUidExtractor, [NotNull] IDataProtectionProvider dataProtectionProvider, - [NotNull] IAntiForgeryAdditionalDataProvider additionalDataProvider) + [NotNull] IAntiForgeryAdditionalDataProvider additionalDataProvider, + [NotNull] IOptionsAccessor mvcOptions) { - // TODO: This is temporary till we figure out how to flow configs using DI. - var config = new AntiForgeryConfigWrapper(); + var config = mvcOptions.Options.AntiForgeryOptions; var serializer = new AntiForgeryTokenSerializer(dataProtectionProvider.CreateProtector(_purpose)); var tokenStore = new AntiForgeryTokenStore(config, serializer); var tokenProvider = new TokenProvider(config, claimUidExtractor, additionalDataProvider); diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryConfigWrapper.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryConfigWrapper.cs deleted file mode 100644 index b63ed20da6..0000000000 --- a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryConfigWrapper.cs +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. -// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -namespace Microsoft.AspNet.Mvc -{ - public sealed class AntiForgeryConfigWrapper : IAntiForgeryConfig - { - public string CookieName - { - get { return AntiForgeryConfig.CookieName; } - } - - public string FormFieldName - { - get { return AntiForgeryConfig.AntiForgeryTokenFieldName; } - } - - public bool RequireSSL - { - get { return AntiForgeryConfig.RequireSsl; } - } - - public bool SuppressXFrameOptionsHeader - { - get { return AntiForgeryConfig.SuppressXFrameOptionsHeader; } - } - } -} \ No newline at end of file diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryConfig.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryOptions.cs similarity index 52% rename from src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryConfig.cs rename to src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryOptions.cs index 6e71caf85f..2950c35c01 100644 --- a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryConfig.cs +++ b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryOptions.cs @@ -1,15 +1,24 @@ // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. +using System; +using Microsoft.AspNet.Mvc.Core; + namespace Microsoft.AspNet.Mvc { /// /// Provides programmatic configuration for the anti-forgery token system. /// - public static class AntiForgeryConfig + public class AntiForgeryOptions { - internal const string AntiForgeryTokenFieldName = "__RequestVerificationToken"; - private static string _cookieName; + private const string AntiForgeryTokenFieldName = "__RequestVerificationToken"; + private string _cookieName; + private string _formFieldName = AntiForgeryTokenFieldName; + + public AntiForgeryOptions() + { + _cookieName = GetAntiForgeryCookieName(); + } /// /// Specifies the name of the cookie that is used by the anti-forgery @@ -19,28 +28,55 @@ namespace Microsoft.AspNet.Mvc /// If an explicit name is not provided, the system will automatically /// generate a name. /// - public static string CookieName + public string CookieName { get { - if (_cookieName == null) - { - _cookieName = GetAntiForgeryCookieName(); - } return _cookieName; } + set { + if (value == null) + { + throw new ArgumentNullException("value", + Resources.FormatPropertyOfTypeCannotBeNull( + "CookieName", typeof(AntiForgeryOptions))); + } + _cookieName = value; } } + /// + /// Specifies the name of the anti-forgery token field that is used by the anti-forgery system. + /// + public string FormFieldName + { + get + { + return _formFieldName; + } + + set + { + if (value == null) + { + throw new ArgumentNullException("value", + Resources.FormatPropertyOfTypeCannotBeNull( + "FormFieldName", typeof(AntiForgeryOptions))); + } + + _formFieldName = value; + } + } + /// /// Specifies whether SSL is required for the anti-forgery system /// to operate. If this setting is 'true' and a non-SSL request /// comes into the system, all anti-forgery APIs will fail. /// - public static bool RequireSsl + public bool RequireSSL { get; set; @@ -52,14 +88,14 @@ namespace Microsoft.AspNet.Mvc /// header is generated with the value SAMEORIGIN. If this setting is 'true', /// the X-Frame-Options header will not be generated for the response. /// - public static bool SuppressXFrameOptionsHeader + public bool SuppressXFrameOptionsHeader { get; set; } // TODO: Replace the stub. - private static string GetAntiForgeryCookieName() + private string GetAntiForgeryCookieName() { return AntiForgeryTokenFieldName; } diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenStore.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenStore.cs index 3be1131468..bd36f366fd 100644 --- a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenStore.cs +++ b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenStore.cs @@ -10,10 +10,10 @@ namespace Microsoft.AspNet.Mvc // Saves anti-XSRF tokens split between HttpRequest.Cookies and HttpRequest.Form internal sealed class AntiForgeryTokenStore : ITokenStore { - private readonly IAntiForgeryConfig _config; + private readonly AntiForgeryOptions _config; private readonly IAntiForgeryTokenSerializer _serializer; - internal AntiForgeryTokenStore([NotNull] IAntiForgeryConfig config, + internal AntiForgeryTokenStore([NotNull] AntiForgeryOptions config, [NotNull] IAntiForgeryTokenSerializer serializer) { _config = config; diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryWorker.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryWorker.cs index e031a6f1e4..34c22385ff 100644 --- a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryWorker.cs +++ b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryWorker.cs @@ -14,14 +14,14 @@ namespace Microsoft.AspNet.Mvc { internal sealed class AntiForgeryWorker { - private readonly IAntiForgeryConfig _config; + private readonly AntiForgeryOptions _config; private readonly IAntiForgeryTokenSerializer _serializer; private readonly ITokenStore _tokenStore; private readonly ITokenValidator _validator; private readonly ITokenGenerator _generator; internal AntiForgeryWorker([NotNull] IAntiForgeryTokenSerializer serializer, - [NotNull] IAntiForgeryConfig config, + [NotNull] AntiForgeryOptions config, [NotNull] ITokenStore tokenStore, [NotNull] ITokenGenerator generator, [NotNull] ITokenValidator validator) diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/IAntiForgeryConfig.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/IAntiForgeryConfig.cs deleted file mode 100644 index f79c24fc95..0000000000 --- a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/IAntiForgeryConfig.cs +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. -// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -namespace Microsoft.AspNet.Mvc -{ - // Provides configuration information about the anti-forgery system. - public interface IAntiForgeryConfig - { - // Name of the cookie to use. - string CookieName { get; } - - // Name of the form field to use. - string FormFieldName { get; } - - // Whether SSL is mandatory for this request. - bool RequireSSL { get; } - - // Skip X-FRAME-OPTIONS header. - bool SuppressXFrameOptionsHeader { get; } - } -} \ No newline at end of file diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/TokenProvider.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/TokenProvider.cs index 0277ee1b3a..f179dae5f1 100644 --- a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/TokenProvider.cs +++ b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/TokenProvider.cs @@ -12,10 +12,10 @@ namespace Microsoft.AspNet.Mvc internal sealed class TokenProvider : ITokenValidator, ITokenGenerator { private readonly IClaimUidExtractor _claimUidExtractor; - private readonly IAntiForgeryConfig _config; + private readonly AntiForgeryOptions _config; private readonly IAntiForgeryAdditionalDataProvider _additionalDataProvider; - internal TokenProvider(IAntiForgeryConfig config, + internal TokenProvider(AntiForgeryOptions config, IClaimUidExtractor claimUidExtractor, IAntiForgeryAdditionalDataProvider additionalDataProvider) { diff --git a/src/Microsoft.AspNet.Mvc.Core/Microsoft.AspNet.Mvc.Core.kproj b/src/Microsoft.AspNet.Mvc.Core/Microsoft.AspNet.Mvc.Core.kproj index 49e0486a3d..506d365981 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Microsoft.AspNet.Mvc.Core.kproj +++ b/src/Microsoft.AspNet.Mvc.Core/Microsoft.AspNet.Mvc.Core.kproj @@ -44,8 +44,7 @@ - - + @@ -55,7 +54,6 @@ - @@ -140,6 +138,7 @@ + diff --git a/src/Microsoft.AspNet.Mvc.Core/MvcOptions.cs b/src/Microsoft.AspNet.Mvc.Core/MvcOptions.cs new file mode 100644 index 0000000000..f83c43479c --- /dev/null +++ b/src/Microsoft.AspNet.Mvc.Core/MvcOptions.cs @@ -0,0 +1,33 @@ +// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +using System; +using Microsoft.AspNet.Mvc.Core; + +namespace Microsoft.AspNet.Mvc +{ + public class MvcOptions + { + private AntiForgeryOptions _antiForgeryOptions = new AntiForgeryOptions(); + + public AntiForgeryOptions AntiForgeryOptions + { + get + { + return _antiForgeryOptions; + } + + set + { + if (value == null) + { + throw new ArgumentNullException("value", + Resources.FormatPropertyOfTypeCannotBeNull("AntiForgeryOptions", + typeof(MvcOptions))); + } + + _antiForgeryOptions = value; + } + } + } +} \ No newline at end of file diff --git a/src/Microsoft.AspNet.Mvc.Core/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Mvc.Core/Properties/Resources.Designer.cs index 0ee16ae538..9574cee239 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Properties/Resources.Designer.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Properties/Resources.Designer.cs @@ -139,7 +139,7 @@ namespace Microsoft.AspNet.Mvc.Core } /// - /// The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request. + /// The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, but the current request is not an SSL request. /// internal static string AntiForgeryWorker_RequireSSL { @@ -147,7 +147,7 @@ namespace Microsoft.AspNet.Mvc.Core } /// - /// The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request. + /// The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, but the current request is not an SSL request. /// internal static string FormatAntiForgeryWorker_RequireSSL() { diff --git a/src/Microsoft.AspNet.Mvc.Core/Resources.resx b/src/Microsoft.AspNet.Mvc.Core/Resources.resx index 8997a1daf1..34ce835a76 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Resources.resx +++ b/src/Microsoft.AspNet.Mvc.Core/Resources.resx @@ -142,7 +142,7 @@ The provided anti-forgery token was meant for user "{0}", but the current user is "{1}". - The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, but the current request is not an SSL request. + The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, but the current request is not an SSL request. The method '{0}' on type '{1}' returned an instance of '{2}'. Make sure to call Unwrap on the returned value to avoid unobserved faulted Task. diff --git a/src/Microsoft.AspNet.Mvc.Core/project.json b/src/Microsoft.AspNet.Mvc.Core/project.json index dbb629f306..8709ee6950 100644 --- a/src/Microsoft.AspNet.Mvc.Core/project.json +++ b/src/Microsoft.AspNet.Mvc.Core/project.json @@ -12,6 +12,7 @@ "Microsoft.AspNet.Security.DataProtection" : "0.1-alpha-*", "Microsoft.Framework.DependencyInjection": "0.1-alpha-*", "Microsoft.Framework.Runtime.Interfaces": "0.1-alpha-*", + "Microsoft.Framework.OptionsModel": "0.1-alpha-*", "Newtonsoft.Json": "5.0.8" }, "configurations": { diff --git a/src/Microsoft.AspNet.Mvc/MvcServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Mvc/MvcServiceCollectionExtensions.cs index 49256d7778..2acc3224ec 100644 --- a/src/Microsoft.AspNet.Mvc/MvcServiceCollectionExtensions.cs +++ b/src/Microsoft.AspNet.Mvc/MvcServiceCollectionExtensions.cs @@ -4,6 +4,7 @@ using Microsoft.AspNet.Mvc; using Microsoft.AspNet.Routing; using Microsoft.Framework.ConfigurationModel; +using Microsoft.Framework.OptionsModel; namespace Microsoft.Framework.DependencyInjection { diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryOptionsTests.cs b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryOptionsTests.cs new file mode 100644 index 0000000000..7081154346 --- /dev/null +++ b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryOptionsTests.cs @@ -0,0 +1,35 @@ +// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +using System; +using Xunit; + +namespace Microsoft.AspNet.Mvc.Core.Test +{ + public class AntiForgeryOptionsTests + { + [Fact] + public void CookieName_SettingNullValue_Throws() + { + // Arrange + var options = new AntiForgeryOptions(); + + // Act & Assert + var ex = Assert.Throws(() => options.CookieName = null); + Assert.Equal("The 'CookieName' property of 'Microsoft.AspNet.Mvc.AntiForgeryOptions' must not be null." + + "\r\nParameter name: value", ex.Message); + } + + [Fact] + public void FormFieldName_SettingNullValue_Throws() + { + // Arrange + var options = new AntiForgeryOptions(); + + // Act & Assert + var ex = Assert.Throws(() => options.FormFieldName = null); + Assert.Equal("The 'FormFieldName' property of 'Microsoft.AspNet.Mvc.AntiForgeryOptions' must not be null." + + "\r\nParameter name: value", ex.Message); + } + } +} \ No newline at end of file diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryTokenStoreTest.cs b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryTokenStoreTest.cs index 9d0bea1b42..c0920f3e87 100644 --- a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryTokenStoreTest.cs +++ b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryTokenStoreTest.cs @@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockHttpContext .Setup(o => o.Request.Cookies) .Returns(requestCookies.Object); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { CookieName = _cookieName }; @@ -48,7 +48,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test // Arrange var mockHttpContext = GetMockHttpContext(_cookieName, string.Empty); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { CookieName = _cookieName }; @@ -69,7 +69,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test { // Arrange var mockHttpContext = GetMockHttpContext(_cookieName, "invalid-value"); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { CookieName = _cookieName }; @@ -96,7 +96,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test var expectedToken = new AntiForgeryToken(); var mockHttpContext = GetMockHttpContext(_cookieName, "valid-value"); - MockAntiForgeryConfig config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { CookieName = _cookieName }; @@ -130,7 +130,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; @@ -161,7 +161,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; @@ -199,7 +199,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockHttpContext.Setup(o => o.Request) .Returns(requestContext.Object); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; @@ -241,7 +241,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockSerializer.Setup(o => o.Serialize(token)) .Returns("serialized-value"); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { CookieName = _cookieName, RequireSSL = requireSsl diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryWorkerTests.cs b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryWorkerTests.cs index 3d02d1d399..678819ea3d 100644 --- a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryWorkerTests.cs +++ b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/AntiForgeryWorkerTests.cs @@ -25,7 +25,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockHttpContext.Setup(o => o.Request.IsSecure) .Returns(false); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { RequireSSL = true }; @@ -43,7 +43,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test Assert.ThrowsAsync( async () => await worker.ValidateAsync(mockHttpContext.Object)); Assert.Equal( - @"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, " + + @"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " + "but the current request is not an SSL request.", ex.Message); } @@ -56,7 +56,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockHttpContext.Setup(o => o.Request.IsSecure) .Returns(false); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { RequireSSL = true }; @@ -72,7 +72,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test var ex = Assert.Throws( () => worker.Validate(mockHttpContext.Object, cookieToken: null, formToken: null)); Assert.Equal( - @"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, " + + @"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " + "but the current request is not an SSL request.", ex.Message); } @@ -85,7 +85,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockHttpContext.Setup(o => o.Request.IsSecure) .Returns(false); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { RequireSSL = true }; @@ -100,7 +100,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test // Act & assert var ex = Assert.Throws(() => worker.GetFormInputElement(mockHttpContext.Object)); Assert.Equal( - @"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, " + + @"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " + "but the current request is not an SSL request.", ex.Message); } @@ -113,7 +113,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockHttpContext.Setup(o => o.Request.IsSecure) .Returns(false); - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { RequireSSL = true }; @@ -128,7 +128,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test // Act & assert var ex = Assert.Throws(() => worker.GetTokens(mockHttpContext.Object, "cookie-token")); Assert.Equal( - @"The anti-forgery system has the configuration value AntiForgeryConfig.RequireSsl = true, " + + @"The anti-forgery system has the configuration value AntiForgeryOptions.RequireSsl = true, " + "but the current request is not an SSL request.", ex.Message); } @@ -137,7 +137,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test public void GetFormInputElement_ExistingInvalidCookieToken_GeneratesANewCookieAndAnAntiForgeryToken() { // Arrange - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; @@ -159,7 +159,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test public void GetFormInputElement_ExistingInvalidCookieToken_SwallowsExceptions() { // Arrange - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; @@ -189,13 +189,13 @@ namespace Microsoft.AspNet.Mvc.Core.Test public void GetFormInputElement_ExistingValidCookieToken_GeneratesAnAntiForgeryToken() { // Arrange - var config = new MockAntiForgeryConfig() + var options = new AntiForgeryOptions() { FormFieldName = "form-field-name" }; // Make sure the existing cookie is valid and use the same cookie for the mock Token Provider. - var context = GetAntiForgeryWorkerContext(config, useOldCookie: true, isOldCookieValid: true); + var context = GetAntiForgeryWorkerContext(options, useOldCookie: true, isOldCookieValid: true); var worker = GetAntiForgeryWorker(context); // Act @@ -212,13 +212,13 @@ namespace Microsoft.AspNet.Mvc.Core.Test public void GetFormInputElement_AddsXFrameOptionsHeader(bool suppressXFrameOptions, string expectedHeaderValue) { // Arrange - var config = new MockAntiForgeryConfig() + var options = new AntiForgeryOptions() { SuppressXFrameOptionsHeader = suppressXFrameOptions }; // Genreate a new cookie. - var context = GetAntiForgeryWorkerContext(config, useOldCookie: false, isOldCookieValid: false); + var context = GetAntiForgeryWorkerContext(options, useOldCookie: false, isOldCookieValid: false); var worker = GetAntiForgeryWorker(context); // Act @@ -234,7 +234,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test { // Arrange // Genreate a new cookie. - var context = GetAntiForgeryWorkerContext(new MockAntiForgeryConfig(), useOldCookie: false, isOldCookieValid: false); + var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions(), useOldCookie: false, isOldCookieValid: false); var worker = GetAntiForgeryWorker(context); // Act @@ -250,7 +250,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test { // Arrange // Make sure the existing cookie is invalid. - var context = GetAntiForgeryWorkerContext(new MockAntiForgeryConfig(), useOldCookie: false, isOldCookieValid: false); + var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions(), useOldCookie: false, isOldCookieValid: false); // This will cause the cookieToken to be null. context.TokenSerializer.Setup(o => o.Deserialize("serialized-old-cookie-token")) @@ -273,7 +273,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test public void GetTokens_ExistingValidCookieToken_GeneratesANewFormToken() { // Arrange - var context = GetAntiForgeryWorkerContext(new MockAntiForgeryConfig(), useOldCookie: true, isOldCookieValid: true); + var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions(), useOldCookie: true, isOldCookieValid: true); context.TokenStore = null; var worker = GetAntiForgeryWorker(context); @@ -289,7 +289,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test public void Validate_FromInvalidStrings_Throws() { // Arrange - var context = GetAntiForgeryWorkerContext(new MockAntiForgeryConfig()); + var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions()); context.TokenSerializer.Setup(o => o.Deserialize("cookie-token")) .Returns(context.TestTokenSet.OldCookieToken); @@ -315,7 +315,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test public void Validate_FromValidStrings_TokensValidatedSuccessfully() { // Arrange - var context = GetAntiForgeryWorkerContext(new MockAntiForgeryConfig()); + var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions()); context.TokenSerializer.Setup(o => o.Deserialize("cookie-token")) .Returns(context.TestTokenSet.OldCookieToken); @@ -341,7 +341,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test public async Task Validate_FromStore_Failure() { // Arrange - var context = GetAntiForgeryWorkerContext(new MockAntiForgeryConfig()); + var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions()); context.TokenProvider.Setup(o => o.ValidateTokens( context.HttpContext.Object, @@ -363,7 +363,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test public async Task Validate_FromStore_Success() { // Arrange - var context = GetAntiForgeryWorkerContext(new MockAntiForgeryConfig()); + var context = GetAntiForgeryWorkerContext(new AntiForgeryOptions()); context.TokenProvider.Setup(o => o.ValidateTokens( context.HttpContext.Object, @@ -383,7 +383,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test private AntiForgeryWorker GetAntiForgeryWorker(AntiForgeryWorkerContext context) { return new AntiForgeryWorker( - config: context.Config, + config: context.Options, serializer: context.TokenSerializer != null ? context.TokenSerializer.Object : null, tokenStore: context.TokenStore != null ? context.TokenStore.Object : null, generator: context.TokenProvider != null ? context.TokenProvider.Object : null, @@ -475,7 +475,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test }; } - private AntiForgeryWorkerContext GetAntiForgeryWorkerContext(MockAntiForgeryConfig config, bool useOldCookie = false, bool isOldCookieValid = true) + private AntiForgeryWorkerContext GetAntiForgeryWorkerContext(AntiForgeryOptions config, bool useOldCookie = false, bool isOldCookieValid = true) { // Arrange var mockHttpContext = GetHttpContext(); @@ -488,7 +488,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test return new AntiForgeryWorkerContext() { - Config = config, + Options = config, HttpContext = mockHttpContext, TokenProvider = mockTokenProvider, TokenSerializer = mockSerializer, @@ -509,7 +509,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test private class AntiForgeryWorkerContext { - public MockAntiForgeryConfig Config { get; set; } + public AntiForgeryOptions Options { get; set; } public TestTokenSet TestTokenSet { get; set; } diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/MockAntiForgeryConfig.cs b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/MockAntiForgeryConfig.cs deleted file mode 100644 index dfae662402..0000000000 --- a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/MockAntiForgeryConfig.cs +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. -// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -namespace Microsoft.AspNet.Mvc.Core.Test -{ - public sealed class MockAntiForgeryConfig : IAntiForgeryConfig - { - public string CookieName - { - get; - set; - } - - public string FormFieldName - { - get; - set; - } - - public bool RequireSSL - { - get; - set; - } - - public bool SuppressXFrameOptionsHeader - { - get; - set; - } - } -} \ No newline at end of file diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/TokenProviderTests.cs b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/TokenProviderTests.cs index 726d8968b7..a5403e9941 100644 --- a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/TokenProviderTests.cs +++ b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/TokenProviderTests.cs @@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockIdentity.Setup(o => o.IsAuthenticated) .Returns(false); - IAntiForgeryConfig config = new MockAntiForgeryConfig(); + var config = new AntiForgeryOptions(); var tokenProvider = new TokenProvider( config: config, @@ -69,7 +69,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test var httpContext = new Mock().Object; ClaimsIdentity identity = new MyAuthenticatedIdentityWithoutUsername(); - IAntiForgeryConfig config = new MockAntiForgeryConfig(); + var config = new AntiForgeryOptions(); IClaimUidExtractor claimUidExtractor = new Mock().Object; var tokenProvider = new TokenProvider( @@ -104,7 +104,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockAdditionalDataProvider.Setup(o => o.GetAdditionalData(httpContext)) .Returns("additional-data"); - IAntiForgeryConfig config = new AntiForgeryConfigWrapper(); + var config = new AntiForgeryOptions(); IClaimUidExtractor claimUidExtractor = new Mock().Object; var tokenProvider = new TokenProvider( @@ -132,7 +132,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test var httpContext = new Mock().Object; ClaimsIdentity identity = new GenericIdentity("some-identity"); - var config = new MockAntiForgeryConfig(); + var config = new AntiForgeryOptions(); byte[] data = new byte[256 / 8]; CryptRand.FillBuffer(new ArraySegment(data)); @@ -173,7 +173,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockIdentity.Setup(o => o.Name) .Returns("my-username"); - IAntiForgeryConfig config = new MockAntiForgeryConfig(); + var config = new AntiForgeryOptions(); IClaimUidExtractor claimUidExtractor = new Mock().Object; var tokenProvider = new TokenProvider( @@ -261,7 +261,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test AntiForgeryToken sessionToken = null; var fieldtoken = new AntiForgeryToken() { IsSessionToken = false }; - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { CookieName = "my-cookie-name" }; @@ -286,7 +286,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test var sessionToken = new AntiForgeryToken() { IsSessionToken = true }; AntiForgeryToken fieldtoken = null; - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { FormFieldName = "my-form-field-name" }; @@ -312,7 +312,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test var sessionToken = new AntiForgeryToken() { IsSessionToken = true }; var fieldtoken = new AntiForgeryToken() { IsSessionToken = false }; - var config = new MockAntiForgeryConfig() + var config = new AntiForgeryOptions() { CookieName = "my-cookie-name", FormFieldName = "my-form-field-name" @@ -449,7 +449,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockAdditionalDataProvider.Setup(o => o.ValidateAdditionalData(httpContext, "some-additional-data")) .Returns(false); - var config = new MockAntiForgeryConfig(); + var config = new AntiForgeryOptions(); var tokenProvider = new TokenProvider( config: config, claimUidExtractor: null, @@ -481,7 +481,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockAdditionalDataProvider.Setup(o => o.ValidateAdditionalData(httpContext, "some-additional-data")) .Returns(true); - var config = new MockAntiForgeryConfig(); + var config = new AntiForgeryOptions(); var tokenProvider = new TokenProvider( config: config, claimUidExtractor: null, @@ -513,7 +513,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockAdditionalDataProvider.Setup(o => o.ValidateAdditionalData(httpContext, "some-additional-data")) .Returns(true); - var config = new MockAntiForgeryConfig(); + var config = new AntiForgeryOptions(); var tokenProvider = new TokenProvider( config: config, claimUidExtractor: new Mock().Object, @@ -544,7 +544,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test mockClaimUidExtractor.Setup(o => o.ExtractClaimUid(identity)) .Returns(Convert.ToBase64String(fieldtoken.ClaimUid.GetData())); - var config = new MockAntiForgeryConfig(); + var config = new AntiForgeryOptions(); var tokenProvider = new TokenProvider( config: config, diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/ValidateAntiForgeryTokenAttributeTest.cs b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/ValidateAntiForgeryTokenAttributeTest.cs index 7809ad3259..5707585348 100644 --- a/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/ValidateAntiForgeryTokenAttributeTest.cs +++ b/test/Microsoft.AspNet.Mvc.Core.Test/AntiXsrf/ValidateAntiForgeryTokenAttributeTest.cs @@ -6,6 +6,7 @@ using Microsoft.Framework.DependencyInjection.Fallback; using Microsoft.AspNet.Security.DataProtection; using Moq; using Xunit; +using Microsoft.Framework.OptionsModel; namespace Microsoft.AspNet.Mvc.Core.Test { @@ -33,9 +34,12 @@ namespace Microsoft.AspNet.Mvc.Core.Test var claimExtractor = new Mock(); var dataProtectionProvider = new Mock(); var additionalDataProvider = new Mock(); + var optionsAccessor = new Mock>(); + optionsAccessor.SetupGet(o => o.Options).Returns(new MvcOptions()); return new AntiForgery(claimExtractor.Object, dataProtectionProvider.Object, - additionalDataProvider.Object); + additionalDataProvider.Object, + optionsAccessor.Object); } } } diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/Microsoft.AspNet.Mvc.Core.Test.kproj b/test/Microsoft.AspNet.Mvc.Core.Test/Microsoft.AspNet.Mvc.Core.Test.kproj index 52dc1db032..f5f4fc2985 100644 --- a/test/Microsoft.AspNet.Mvc.Core.Test/Microsoft.AspNet.Mvc.Core.Test.kproj +++ b/test/Microsoft.AspNet.Mvc.Core.Test/Microsoft.AspNet.Mvc.Core.Test.kproj @@ -29,6 +29,8 @@ + + @@ -39,7 +41,6 @@ - diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/MvcOptionsTests.cs b/test/Microsoft.AspNet.Mvc.Core.Test/MvcOptionsTests.cs new file mode 100644 index 0000000000..a03dd6b6f6 --- /dev/null +++ b/test/Microsoft.AspNet.Mvc.Core.Test/MvcOptionsTests.cs @@ -0,0 +1,23 @@ +// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +using System; +using Xunit; + +namespace Microsoft.AspNet.Mvc.Core.Test +{ + public class MvcOptionsTests + { + [Fact] + public void AntiForgeryOptions_SettingNullValue_Throws() + { + // Arrange + var options = new MvcOptions(); + + // Act & Assert + var ex = Assert.Throws(() => options.AntiForgeryOptions = null); + Assert.Equal("The 'AntiForgeryOptions' property of 'Microsoft.AspNet.Mvc.MvcOptions' must not be null." + + "\r\nParameter name: value", ex.Message); + } + } +} \ No newline at end of file