Replacing NotNull with thrown exceptions
This commit is contained in:
parent
3240ef37e1
commit
e0ec2da711
|
|
@ -1,7 +1,7 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
using Microsoft.Framework.Internal;
|
using System;
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Antiforgery
|
namespace Microsoft.AspNet.Antiforgery
|
||||||
{
|
{
|
||||||
|
|
@ -11,6 +11,8 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
public class AntiforgeryOptions
|
public class AntiforgeryOptions
|
||||||
{
|
{
|
||||||
private const string AntiforgeryTokenFieldName = "__RequestVerificationToken";
|
private const string AntiforgeryTokenFieldName = "__RequestVerificationToken";
|
||||||
|
private string _cookieName;
|
||||||
|
private string _formFieldName = AntiforgeryTokenFieldName;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Specifies the name of the cookie that is used by the antiforgery
|
/// Specifies the name of the cookie that is used by the antiforgery
|
||||||
|
|
@ -20,12 +22,42 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
/// If an explicit name is not provided, the system will automatically
|
/// If an explicit name is not provided, the system will automatically
|
||||||
/// generate a name.
|
/// generate a name.
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
public string CookieName { get; [param: NotNull] set; }
|
public string CookieName
|
||||||
|
{
|
||||||
|
get
|
||||||
|
{
|
||||||
|
return _cookieName;
|
||||||
|
}
|
||||||
|
set
|
||||||
|
{
|
||||||
|
if (value == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(value));
|
||||||
|
}
|
||||||
|
|
||||||
|
_cookieName = value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Specifies the name of the antiforgery token field that is used by the antiforgery system.
|
/// Specifies the name of the antiforgery token field that is used by the antiforgery system.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public string FormFieldName { get; [param: NotNull] set; } = AntiforgeryTokenFieldName;
|
public string FormFieldName
|
||||||
|
{
|
||||||
|
get
|
||||||
|
{
|
||||||
|
return _formFieldName;
|
||||||
|
}
|
||||||
|
set
|
||||||
|
{
|
||||||
|
if (value == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(value));
|
||||||
|
}
|
||||||
|
|
||||||
|
_formFieldName = value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Specifies whether SSL is required for the antiforgery system
|
/// Specifies whether SSL is required for the antiforgery system
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,6 @@ using System;
|
||||||
using System.Diagnostics;
|
using System.Diagnostics;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNet.Http;
|
using Microsoft.AspNet.Http;
|
||||||
using Microsoft.Framework.Internal;
|
|
||||||
using Microsoft.Framework.OptionsModel;
|
using Microsoft.Framework.OptionsModel;
|
||||||
using Microsoft.Framework.WebEncoders;
|
using Microsoft.Framework.WebEncoders;
|
||||||
|
|
||||||
|
|
@ -38,8 +37,13 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public string GetHtml([NotNull] HttpContext context)
|
public string GetHtml(HttpContext context)
|
||||||
{
|
{
|
||||||
|
if (context == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(context));
|
||||||
|
}
|
||||||
|
|
||||||
CheckSSLConfig(context);
|
CheckSSLConfig(context);
|
||||||
|
|
||||||
var tokenSet = GetAndStoreTokens(context);
|
var tokenSet = GetAndStoreTokens(context);
|
||||||
|
|
@ -53,27 +57,42 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public AntiforgeryTokenSet GetAndStoreTokens([NotNull] HttpContext context)
|
public AntiforgeryTokenSet GetAndStoreTokens(HttpContext context)
|
||||||
{
|
{
|
||||||
|
if (context == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(context));
|
||||||
|
}
|
||||||
|
|
||||||
CheckSSLConfig(context);
|
CheckSSLConfig(context);
|
||||||
|
|
||||||
var tokenSet = GetTokensInternal(context);
|
var tokenSet = GetTokensInternal(context);
|
||||||
SaveCookieTokenAndHeader(context, tokenSet.CookieToken);
|
SaveCookieTokenAndHeader(context, tokenSet.CookieToken);
|
||||||
return Serialize(tokenSet);
|
return Serialize(tokenSet);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public AntiforgeryTokenSet GetTokens([NotNull] HttpContext context)
|
public AntiforgeryTokenSet GetTokens(HttpContext context)
|
||||||
{
|
{
|
||||||
|
if (context == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(context));
|
||||||
|
}
|
||||||
|
|
||||||
CheckSSLConfig(context);
|
CheckSSLConfig(context);
|
||||||
|
|
||||||
var tokenSet = GetTokensInternal(context);
|
var tokenSet = GetTokensInternal(context);
|
||||||
return Serialize(tokenSet);
|
return Serialize(tokenSet);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public async Task ValidateRequestAsync([NotNull] HttpContext context)
|
public async Task ValidateRequestAsync(HttpContext context)
|
||||||
{
|
{
|
||||||
|
if (context == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(context));
|
||||||
|
}
|
||||||
|
|
||||||
CheckSSLConfig(context);
|
CheckSSLConfig(context);
|
||||||
|
|
||||||
var tokens = await _tokenStore.GetRequestTokensAsync(context);
|
var tokens = await _tokenStore.GetRequestTokensAsync(context);
|
||||||
|
|
@ -81,8 +100,13 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public void ValidateTokens([NotNull] HttpContext context, AntiforgeryTokenSet antiforgeryTokenSet)
|
public void ValidateTokens(HttpContext context, AntiforgeryTokenSet antiforgeryTokenSet)
|
||||||
{
|
{
|
||||||
|
if (context == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(context));
|
||||||
|
}
|
||||||
|
|
||||||
CheckSSLConfig(context);
|
CheckSSLConfig(context);
|
||||||
|
|
||||||
if (string.IsNullOrEmpty(antiforgeryTokenSet.CookieToken))
|
if (string.IsNullOrEmpty(antiforgeryTokenSet.CookieToken))
|
||||||
|
|
@ -111,8 +135,13 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public void SetCookieTokenAndHeader([NotNull] HttpContext context)
|
public void SetCookieTokenAndHeader(HttpContext context)
|
||||||
{
|
{
|
||||||
|
if (context == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(context));
|
||||||
|
}
|
||||||
|
|
||||||
CheckSSLConfig(context);
|
CheckSSLConfig(context);
|
||||||
|
|
||||||
var cookieToken = GetCookieTokenDoesNotThrow(context);
|
var cookieToken = GetCookieTokenDoesNotThrow(context);
|
||||||
|
|
@ -135,9 +164,14 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
}
|
}
|
||||||
|
|
||||||
private void SaveCookieTokenAndHeader(
|
private void SaveCookieTokenAndHeader(
|
||||||
[NotNull] HttpContext context,
|
HttpContext context,
|
||||||
AntiforgeryToken cookieToken)
|
AntiforgeryToken cookieToken)
|
||||||
{
|
{
|
||||||
|
if (context == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(context));
|
||||||
|
}
|
||||||
|
|
||||||
if (cookieToken != null)
|
if (cookieToken != null)
|
||||||
{
|
{
|
||||||
// Persist the new cookie if it is not null.
|
// Persist the new cookie if it is not null.
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,11 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
HttpContext httpContext,
|
HttpContext httpContext,
|
||||||
AntiforgeryToken cookieToken)
|
AntiforgeryToken cookieToken)
|
||||||
{
|
{
|
||||||
|
if (httpContext == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(httpContext));
|
||||||
|
}
|
||||||
|
|
||||||
Debug.Assert(IsCookieTokenValid(cookieToken));
|
Debug.Assert(IsCookieTokenValid(cookieToken));
|
||||||
|
|
||||||
var formToken = new AntiforgeryToken()
|
var formToken = new AntiforgeryToken()
|
||||||
|
|
@ -92,6 +97,11 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
AntiforgeryToken sessionToken,
|
AntiforgeryToken sessionToken,
|
||||||
AntiforgeryToken fieldToken)
|
AntiforgeryToken fieldToken)
|
||||||
{
|
{
|
||||||
|
if (httpContext == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(httpContext));
|
||||||
|
}
|
||||||
|
|
||||||
if (sessionToken == null)
|
if (sessionToken == null)
|
||||||
{
|
{
|
||||||
throw new ArgumentNullException(
|
throw new ArgumentNullException(
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,6 @@ using System;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using Microsoft.AspNet.DataProtection;
|
using Microsoft.AspNet.DataProtection;
|
||||||
using Microsoft.AspNet.WebUtilities;
|
using Microsoft.AspNet.WebUtilities;
|
||||||
using Microsoft.Framework.Internal;
|
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Antiforgery
|
namespace Microsoft.AspNet.Antiforgery
|
||||||
{
|
{
|
||||||
|
|
@ -16,8 +15,13 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
private readonly IDataProtector _cryptoSystem;
|
private readonly IDataProtector _cryptoSystem;
|
||||||
private const byte TokenVersion = 0x01;
|
private const byte TokenVersion = 0x01;
|
||||||
|
|
||||||
public DefaultAntiforgeryTokenSerializer([NotNull] IDataProtectionProvider provider)
|
public DefaultAntiforgeryTokenSerializer(IDataProtectionProvider provider)
|
||||||
{
|
{
|
||||||
|
if (provider == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(provider));
|
||||||
|
}
|
||||||
|
|
||||||
_cryptoSystem = provider.CreateProtector(Purpose);
|
_cryptoSystem = provider.CreateProtector(Purpose);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -102,8 +106,13 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
return deserializedToken;
|
return deserializedToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
public string Serialize([NotNull] AntiforgeryToken token)
|
public string Serialize(AntiforgeryToken token)
|
||||||
{
|
{
|
||||||
|
if (token == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(token));
|
||||||
|
}
|
||||||
|
|
||||||
using (var stream = new MemoryStream())
|
using (var stream = new MemoryStream())
|
||||||
{
|
{
|
||||||
using (var writer = new BinaryWriter(stream))
|
using (var writer = new BinaryWriter(stream))
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,6 @@ using System.Diagnostics;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNet.Http;
|
using Microsoft.AspNet.Http;
|
||||||
using Microsoft.Framework.DependencyInjection;
|
using Microsoft.Framework.DependencyInjection;
|
||||||
using Microsoft.Framework.Internal;
|
|
||||||
using Microsoft.Framework.OptionsModel;
|
using Microsoft.Framework.OptionsModel;
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Antiforgery
|
namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
@ -18,15 +17,30 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
private readonly IAntiforgeryTokenSerializer _tokenSerializer;
|
private readonly IAntiforgeryTokenSerializer _tokenSerializer;
|
||||||
|
|
||||||
public DefaultAntiforgeryTokenStore(
|
public DefaultAntiforgeryTokenStore(
|
||||||
[NotNull] IOptions<AntiforgeryOptions> optionsAccessor,
|
IOptions<AntiforgeryOptions> optionsAccessor,
|
||||||
[NotNull] IAntiforgeryTokenSerializer tokenSerializer)
|
IAntiforgeryTokenSerializer tokenSerializer)
|
||||||
{
|
{
|
||||||
|
if (optionsAccessor == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(optionsAccessor));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (tokenSerializer == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(tokenSerializer));
|
||||||
|
}
|
||||||
|
|
||||||
_options = optionsAccessor.Value;
|
_options = optionsAccessor.Value;
|
||||||
_tokenSerializer = tokenSerializer;
|
_tokenSerializer = tokenSerializer;
|
||||||
}
|
}
|
||||||
|
|
||||||
public AntiforgeryToken GetCookieToken(HttpContext httpContext)
|
public AntiforgeryToken GetCookieToken(HttpContext httpContext)
|
||||||
{
|
{
|
||||||
|
if (httpContext == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(httpContext));
|
||||||
|
}
|
||||||
|
|
||||||
var services = httpContext.RequestServices;
|
var services = httpContext.RequestServices;
|
||||||
var contextAccessor = services.GetRequiredService<IAntiforgeryContextAccessor>();
|
var contextAccessor = services.GetRequiredService<IAntiforgeryContextAccessor>();
|
||||||
if (contextAccessor.Value != null)
|
if (contextAccessor.Value != null)
|
||||||
|
|
@ -44,8 +58,13 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
return _tokenSerializer.Deserialize(requestCookie);
|
return _tokenSerializer.Deserialize(requestCookie);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<AntiforgeryTokenSet> GetRequestTokensAsync([NotNull] HttpContext httpContext)
|
public async Task<AntiforgeryTokenSet> GetRequestTokensAsync(HttpContext httpContext)
|
||||||
{
|
{
|
||||||
|
if (httpContext == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(httpContext));
|
||||||
|
}
|
||||||
|
|
||||||
var requestCookie = httpContext.Request.Cookies[_options.CookieName];
|
var requestCookie = httpContext.Request.Cookies[_options.CookieName];
|
||||||
if (string.IsNullOrEmpty(requestCookie))
|
if (string.IsNullOrEmpty(requestCookie))
|
||||||
{
|
{
|
||||||
|
|
@ -74,6 +93,16 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
||||||
public void SaveCookieToken(HttpContext httpContext, AntiforgeryToken token)
|
public void SaveCookieToken(HttpContext httpContext, AntiforgeryToken token)
|
||||||
{
|
{
|
||||||
|
if (httpContext == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(httpContext));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (token == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(token));
|
||||||
|
}
|
||||||
|
|
||||||
// Add the cookie to the request based context.
|
// Add the cookie to the request based context.
|
||||||
// This is useful if the cookie needs to be reloaded in the context of the same request.
|
// This is useful if the cookie needs to be reloaded in the context of the same request.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,8 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNet.Http;
|
using Microsoft.AspNet.Http;
|
||||||
using Microsoft.Framework.Internal;
|
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Antiforgery
|
namespace Microsoft.AspNet.Antiforgery
|
||||||
{
|
{
|
||||||
|
|
@ -25,7 +24,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
/// This method has a side effect:
|
/// This method has a side effect:
|
||||||
/// A response cookie is set if there is no valid cookie associated with the request.
|
/// A response cookie is set if there is no valid cookie associated with the request.
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
string GetHtml([NotNull] HttpContext context);
|
string GetHtml(HttpContext context);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Generates an <see cref="AntiforgeryTokenSet"/> for this request and stores the cookie token
|
/// Generates an <see cref="AntiforgeryTokenSet"/> for this request and stores the cookie token
|
||||||
|
|
@ -37,7 +36,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
/// This method has a side effect:
|
/// This method has a side effect:
|
||||||
/// A response cookie is set if there is no valid cookie associated with the request.
|
/// A response cookie is set if there is no valid cookie associated with the request.
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
AntiforgeryTokenSet GetAndStoreTokens([NotNull] HttpContext context);
|
AntiforgeryTokenSet GetAndStoreTokens(HttpContext context);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Generates an <see cref="AntiforgeryTokenSet"/> for this request.
|
/// Generates an <see cref="AntiforgeryTokenSet"/> for this request.
|
||||||
|
|
@ -48,13 +47,13 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
/// is responsible for setting the response cookie and injecting the returned
|
/// is responsible for setting the response cookie and injecting the returned
|
||||||
/// form token as appropriate.
|
/// form token as appropriate.
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
AntiforgeryTokenSet GetTokens([NotNull] HttpContext context);
|
AntiforgeryTokenSet GetTokens(HttpContext context);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Validates an antiforgery token that was supplied as part of the request.
|
/// Validates an antiforgery token that was supplied as part of the request.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
|
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
|
||||||
Task ValidateRequestAsync([NotNull] HttpContext context);
|
Task ValidateRequestAsync(HttpContext context);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Validates an <see cref="AntiforgeryTokenSet"/> for the current request.
|
/// Validates an <see cref="AntiforgeryTokenSet"/> for the current request.
|
||||||
|
|
@ -63,12 +62,12 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
/// <param name="antiforgeryTokenSet">
|
/// <param name="antiforgeryTokenSet">
|
||||||
/// The <see cref="AntiforgeryTokenSet"/> (cookie and form token) for this request.
|
/// The <see cref="AntiforgeryTokenSet"/> (cookie and form token) for this request.
|
||||||
/// </param>
|
/// </param>
|
||||||
void ValidateTokens([NotNull] HttpContext context, AntiforgeryTokenSet antiforgeryTokenSet);
|
void ValidateTokens(HttpContext context, AntiforgeryTokenSet antiforgeryTokenSet);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Generates and stores an antiforgery cookie token if one is not available or not valid.
|
/// Generates and stores an antiforgery cookie token if one is not available or not valid.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
|
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
|
||||||
void SetCookieTokenAndHeader([NotNull] HttpContext context);
|
void SetCookieTokenAndHeader(HttpContext context);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,6 @@
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
using Microsoft.AspNet.Http;
|
using Microsoft.AspNet.Http;
|
||||||
using Microsoft.Framework.Internal;
|
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Antiforgery
|
namespace Microsoft.AspNet.Antiforgery
|
||||||
{
|
{
|
||||||
|
|
@ -17,7 +16,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
// Given a cookie token, generates a corresponding form token.
|
// Given a cookie token, generates a corresponding form token.
|
||||||
// The incoming cookie token must be valid.
|
// The incoming cookie token must be valid.
|
||||||
AntiforgeryToken GenerateFormToken(
|
AntiforgeryToken GenerateFormToken(
|
||||||
[NotNull] HttpContext httpContext,
|
HttpContext httpContext,
|
||||||
AntiforgeryToken cookieToken);
|
AntiforgeryToken cookieToken);
|
||||||
|
|
||||||
// Determines whether an existing cookie token is valid (well-formed).
|
// Determines whether an existing cookie token is valid (well-formed).
|
||||||
|
|
@ -26,8 +25,8 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
||||||
// Validates a (cookie, form) token pair.
|
// Validates a (cookie, form) token pair.
|
||||||
void ValidateTokens(
|
void ValidateTokens(
|
||||||
[NotNull] HttpContext httpContext,
|
HttpContext httpContext,
|
||||||
[NotNull] AntiforgeryToken cookieToken,
|
AntiforgeryToken cookieToken,
|
||||||
[NotNull] AntiforgeryToken formToken);
|
AntiforgeryToken formToken);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -3,14 +3,13 @@
|
||||||
|
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNet.Http;
|
using Microsoft.AspNet.Http;
|
||||||
using Microsoft.Framework.Internal;
|
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Antiforgery
|
namespace Microsoft.AspNet.Antiforgery
|
||||||
{
|
{
|
||||||
// Provides an abstraction around how tokens are persisted and retrieved for a request
|
// Provides an abstraction around how tokens are persisted and retrieved for a request
|
||||||
public interface IAntiforgeryTokenStore
|
public interface IAntiforgeryTokenStore
|
||||||
{
|
{
|
||||||
AntiforgeryToken GetCookieToken([NotNull] HttpContext httpContext);
|
AntiforgeryToken GetCookieToken(HttpContext httpContext);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Gets the cookie and form tokens from the request. Will throw an exception if either token is
|
/// Gets the cookie and form tokens from the request. Will throw an exception if either token is
|
||||||
|
|
@ -18,8 +17,8 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="httpContext">The <see cref="HttpContext"/> for the current request.</param>
|
/// <param name="httpContext">The <see cref="HttpContext"/> for the current request.</param>
|
||||||
/// <returns>The <see cref="AntiforgeryTokenSet"/>.</returns>
|
/// <returns>The <see cref="AntiforgeryTokenSet"/>.</returns>
|
||||||
Task<AntiforgeryTokenSet> GetRequestTokensAsync([NotNull] HttpContext httpContext);
|
Task<AntiforgeryTokenSet> GetRequestTokensAsync(HttpContext httpContext);
|
||||||
|
|
||||||
void SaveCookieToken([NotNull] HttpContext httpContext, [NotNull] AntiforgeryToken token);
|
void SaveCookieToken(HttpContext httpContext, AntiforgeryToken token);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1,18 +1,22 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
using Microsoft.AspNet.Antiforgery;
|
using Microsoft.AspNet.Antiforgery;
|
||||||
using Microsoft.Framework.DependencyInjection.Extensions;
|
using Microsoft.Framework.DependencyInjection.Extensions;
|
||||||
using Microsoft.Framework.Internal;
|
|
||||||
using Microsoft.Framework.OptionsModel;
|
using Microsoft.Framework.OptionsModel;
|
||||||
|
|
||||||
namespace Microsoft.Framework.DependencyInjection
|
namespace Microsoft.Framework.DependencyInjection
|
||||||
{
|
{
|
||||||
public static class ServiceCollectionExtensions
|
public static class ServiceCollectionExtensions
|
||||||
{
|
{
|
||||||
public static IServiceCollection AddAntiforgery([NotNull] this IServiceCollection services)
|
public static IServiceCollection AddAntiforgery(this IServiceCollection services)
|
||||||
{
|
{
|
||||||
|
if (services == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(services));
|
||||||
|
}
|
||||||
|
|
||||||
services.AddDataProtection();
|
services.AddDataProtection();
|
||||||
services.AddWebEncoders();
|
services.AddWebEncoders();
|
||||||
|
|
||||||
|
|
@ -31,9 +35,19 @@ namespace Microsoft.Framework.DependencyInjection
|
||||||
}
|
}
|
||||||
|
|
||||||
public static IServiceCollection ConfigureAntiforgery(
|
public static IServiceCollection ConfigureAntiforgery(
|
||||||
[NotNull] this IServiceCollection services,
|
this IServiceCollection services,
|
||||||
[NotNull] Action<AntiforgeryOptions> setupAction)
|
Action<AntiforgeryOptions> setupAction)
|
||||||
{
|
{
|
||||||
|
if (services == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(services));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (setupAction == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(setupAction));
|
||||||
|
}
|
||||||
|
|
||||||
services.Configure(setupAction);
|
services.Configure(setupAction);
|
||||||
return services;
|
return services;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,6 @@
|
||||||
"Microsoft.AspNet.Http.Abstractions": "1.0.0-*",
|
"Microsoft.AspNet.Http.Abstractions": "1.0.0-*",
|
||||||
"Microsoft.AspNet.WebUtilities": "1.0.0-*",
|
"Microsoft.AspNet.WebUtilities": "1.0.0-*",
|
||||||
"Microsoft.Framework.DependencyInjection.Abstractions": "1.0.0-*",
|
"Microsoft.Framework.DependencyInjection.Abstractions": "1.0.0-*",
|
||||||
"Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
|
|
||||||
"Microsoft.Framework.OptionsModel": "1.0.0-*",
|
"Microsoft.Framework.OptionsModel": "1.0.0-*",
|
||||||
"Microsoft.Framework.WebEncoders": "1.0.0-*"
|
"Microsoft.Framework.WebEncoders": "1.0.0-*"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
|
using Microsoft.AspNet.DataProtection;
|
||||||
using Microsoft.AspNet.Http;
|
using Microsoft.AspNet.Http;
|
||||||
using Microsoft.AspNet.Http.Internal;
|
using Microsoft.AspNet.Http.Internal;
|
||||||
using Microsoft.Framework.DependencyInjection;
|
using Microsoft.Framework.DependencyInjection;
|
||||||
|
|
@ -40,7 +41,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(
|
var tokenStore = new DefaultAntiforgeryTokenStore(
|
||||||
optionsAccessor: new TestOptionsManager(options),
|
optionsAccessor: new TestOptionsManager(options),
|
||||||
tokenSerializer: null);
|
tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var token = tokenStore.GetCookieToken(mockHttpContext.Object);
|
var token = tokenStore.GetCookieToken(mockHttpContext.Object);
|
||||||
|
|
@ -75,7 +76,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(
|
var tokenStore = new DefaultAntiforgeryTokenStore(
|
||||||
optionsAccessor: new TestOptionsManager(options),
|
optionsAccessor: new TestOptionsManager(options),
|
||||||
tokenSerializer: null);
|
tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var token = tokenStore.GetCookieToken(mockHttpContext.Object);
|
var token = tokenStore.GetCookieToken(mockHttpContext.Object);
|
||||||
|
|
@ -97,7 +98,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(
|
var tokenStore = new DefaultAntiforgeryTokenStore(
|
||||||
optionsAccessor: new TestOptionsManager(options),
|
optionsAccessor: new TestOptionsManager(options),
|
||||||
tokenSerializer: null);
|
tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var token = tokenStore.GetCookieToken(mockHttpContext);
|
var token = tokenStore.GetCookieToken(mockHttpContext);
|
||||||
|
|
@ -176,7 +177,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(
|
var tokenStore = new DefaultAntiforgeryTokenStore(
|
||||||
optionsAccessor: new TestOptionsManager(options),
|
optionsAccessor: new TestOptionsManager(options),
|
||||||
tokenSerializer: null);
|
tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
||||||
|
|
@ -208,7 +209,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(
|
var tokenStore = new DefaultAntiforgeryTokenStore(
|
||||||
optionsAccessor: new TestOptionsManager(options),
|
optionsAccessor: new TestOptionsManager(options),
|
||||||
tokenSerializer: null);
|
tokenSerializer: new DefaultAntiforgeryTokenSerializer(new EphemeralDataProtectionProvider()));
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
||||||
|
|
@ -238,7 +239,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(
|
var tokenStore = new DefaultAntiforgeryTokenStore(
|
||||||
optionsAccessor: new TestOptionsManager(options),
|
optionsAccessor: new TestOptionsManager(options),
|
||||||
tokenSerializer: null);
|
tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
||||||
|
|
@ -271,7 +272,7 @@ namespace Microsoft.AspNet.Antiforgery
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(
|
var tokenStore = new DefaultAntiforgeryTokenStore(
|
||||||
optionsAccessor: new TestOptionsManager(options),
|
optionsAccessor: new TestOptionsManager(options),
|
||||||
tokenSerializer: null);
|
tokenSerializer: Mock.Of<IAntiforgeryTokenSerializer>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var tokens = await tokenStore.GetRequestTokensAsync(httpContext);
|
var tokens = await tokenStore.GetRequestTokensAsync(httpContext);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue