Add a test where [Ignore..] gets overridden

Fixing a small gap in our AF functional tests.
2017-08-25 13:55:27 -07:00 · 2017-08-25 13:55:27 -07:00 · ca6c76c358
parent 7b2a4ff465
commit ca6c76c358
3 changed files with 29 additions and 1 deletions
--- a/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryAuthTests.cs
@ -51,5 +51,15 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
        }
+
+        [Fact]
+        public async Task AntiforgeryOverridesIgnoreAntiforgery()
+        {
+            // Arrange & Act
+            var response = await Client.PostAsync("http://localhost/IgnoreAntiforgery/Index", content: null);
+
+            // Assert
+            Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+        }
    }
 }
--- a/test/WebSites/SecurityWebSite/Controllers/AntiforgeryController.cs
+++ b/test/WebSites/SecurityWebSite/Controllers/AntiforgeryController.cs
@ -3,7 +3,7 @@

 using Microsoft.AspNetCore.Mvc;

-namespace AjaxAntiForgeryValidation.Controllers
+namespace SecurityWebSite.Controllers
 {
    [AutoValidateAntiforgeryToken]
    public class AntiforgeryController : Controller
--- a/test/WebSites/SecurityWebSite/Controllers/IgnoreAntiforgeryController.cs
+++ b/test/WebSites/SecurityWebSite/Controllers/IgnoreAntiforgeryController.cs
@ -0,0 +1,18 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Mvc;
+
+namespace SecurityWebSite.Controllers
+{
+    [IgnoreAntiforgeryToken]
+    public class IgnoreAntiforgeryController : Controller
+    {
+        [HttpPost]
+        [ValidateAntiForgeryToken]
+        public IActionResult Index()
+        {
+            return Content("Ok");
+        }
+    }
+}