huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CR feedback and naming/resource cleanup

This commit is contained in:
Ryan Nowak 2015-06-25 13:25:52 -07:00
parent b3e92da7d8
commit e13e707503
14 changed files with 98 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Microsoft.AspNet.Antiforgery/AntiforgeryOptions.cs
View File

@ -6,14 +6,14 @@ using Microsoft.Framework.Internal;
namespace Microsoft.AspNet.Antiforgery
{
/// <summary>
/// Provides programmatic configuration for the anti-forgery token system.
/// Provides programmatic configuration for the antiforgery token system.
/// </summary>
public class AntiforgeryOptions
{
private const string AntiforgeryTokenFieldName = "__RequestVerificationToken";
/// <summary>
/// Specifies the name of the cookie that is used by the anti-forgery
/// Specifies the name of the cookie that is used by the antiforgery
/// system.
/// </summary>
/// <remarks>
@ -23,16 +23,16 @@ namespace Microsoft.AspNet.Antiforgery
public string CookieName { get; [param: NotNull] set; }
/// <summary>
/// Specifies the name of the anti-forgery token field that is used by the anti-forgery system.
/// Specifies the name of the antiforgery token field that is used by the antiforgery system.
/// </summary>
public string FormFieldName { get; [param: NotNull] set; } = AntiforgeryTokenFieldName;
/// <summary>
/// Specifies whether SSL is required for the anti-forgery system
/// Specifies whether SSL is required for the antiforgery system
/// to operate. If this setting is 'true' and a non-SSL request
/// comes into the system, all anti-forgery APIs will fail.
/// comes into the system, all antiforgery APIs will fail.
/// </summary>
public bool RequireSSL { get; set; }
public bool RequireSsl { get; set; }
/// <summary>
/// Specifies whether to suppress the generation of X-Frame-Options header

4
src/Microsoft.AspNet.Antiforgery/AntiforgeryTokenSet.cs
View File

@ -6,12 +6,12 @@ using System;
namespace Microsoft.AspNet.Antiforgery
{
/// <summary>
/// The anti-forgery token pair (cookie and form token) for a request.
/// The antiforgery token pair (cookie and form token) for a request.
/// </summary>
public class AntiforgeryTokenSet
{
/// <summary>
/// Creates the anti-forgery token pair (cookie and form token) for a request.
/// Creates the antiforgery token pair (cookie and form token) for a request.
/// </summary>
/// <param name="formToken">The token that is supplied in the request form body.</param>
/// <param name="cookieToken">The token that is supplied in the request cookie.</param>

9
src/Microsoft.AspNet.Antiforgery/DefaultAntiforgery.cs
View File

@ -12,7 +12,7 @@ using Microsoft.Framework.WebEncoders;
namespace Microsoft.AspNet.Antiforgery
{
/// <summary>
/// Provides access to the anti-forgery system, which provides protection against
/// Provides access to the antiforgery system, which provides protection against
/// Cross-site Request Forgery (XSRF, also called CSRF) attacks.
/// </summary>
public class DefaultAntiforgery : IAntiforgery
@ -145,9 +145,12 @@ namespace Microsoft.AspNet.Antiforgery
private void CheckSSLConfig(HttpContext context)
{
if (_options.RequireSSL && !context.Request.IsHttps)
if (_options.RequireSsl && !context.Request.IsHttps)
{
throw new InvalidOperationException(Resources.AntiforgeryWorker_RequireSSL);
throw new InvalidOperationException(Resources.FormatAntiforgeryWorker_RequireSSL(
nameof(AntiforgeryOptions),
nameof(AntiforgeryOptions.RequireSsl),
"true"));
}
}

9
src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs
View File

@ -4,6 +4,7 @@
using System;
using System.Diagnostics;
using System.Security.Claims;
using System.Security.Principal;
using Microsoft.AspNet.Http;
using Microsoft.Framework.OptionsModel;
@ -73,7 +74,13 @@ namespace Microsoft.AspNet.Antiforgery
{
// Application says user is authenticated, but we have no identifier for the user.
throw new InvalidOperationException(
Resources.FormatAntiforgeryTokenValidator_AuthenticatedUserWithoutUsername(identity.GetType()));
Resources.FormatAntiforgeryTokenValidator_AuthenticatedUserWithoutUsername(
identity.GetType(),
nameof(IIdentity.IsAuthenticated),
"true",
nameof(IIdentity.Name),
nameof(IAntiforgeryAdditionalDataProvider),
nameof(DefaultAntiforgeryAdditionalDataProvider)));
}
return formToken;

2
src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenStore.cs
View File

@ -71,7 +71,7 @@ namespace Microsoft.AspNet.Antiforgery
// Note: don't use "newCookie.Secure = _options.RequireSSL;" since the default
// value of newCookie.Secure is poulated out of band.
if (_options.RequireSSL)
if (_options.RequireSsl)
{
options.Secure = true;
}

12
src/Microsoft.AspNet.Antiforgery/IAntiforgery.cs
View File

@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Antiforgery
/// <summary>
/// Generates an input field for an antiforgery token.
/// </summary>
/// <param name="context">The <see cref="HttpContext"/> associated with the current call.</param>
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
/// <returns>
/// A string containing an &lt;input type="hidden"&gt; element. This element should be put inside
/// a &lt;form&gt;.
@ -31,7 +31,7 @@ namespace Microsoft.AspNet.Antiforgery
/// Generates an <see cref="AntiforgeryTokenSet"/> for this request and stores the cookie token
/// in the response.
/// </summary>
/// <param name="context">The <see cref="HttpContext"/> associated with the current call.</param>
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
/// <returns>An <see cref="AntiforgeryTokenSet" /> with tokens for the response.</returns>
/// <remarks>
/// This method has a side effect:
@ -42,7 +42,7 @@ namespace Microsoft.AspNet.Antiforgery
/// <summary>
/// Generates an <see cref="AntiforgeryTokenSet"/> for this request.
/// </summary>
/// <param name="context">The <see cref="HttpContext"/> associated with the current call.</param>
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
/// <remarks>
/// Unlike <see cref="GetAndStoreTokens(HttpContext)"/>, this method has no side effect. The caller
/// is responsible for setting the response cookie and injecting the returned
@ -53,13 +53,13 @@ namespace Microsoft.AspNet.Antiforgery
/// <summary>
/// Validates an antiforgery token that was supplied as part of the request.
/// </summary>
/// <param name="context">The <see cref="HttpContext"/> associated with the current call.</param>
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
Task ValidateRequestAsync([NotNull] HttpContext context);
/// <summary>
/// Validates an <see cref="AntiforgeryTokenSet"/> for the current request.
/// </summary>
/// <param name="context">The <see cref="HttpContext"/> associated with the current call.</param>
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
/// <param name="antiforgeryTokenSet">
/// The <see cref="AntiforgeryTokenSet"/> (cookie and form token) for this request.
/// </param>
@ -68,7 +68,7 @@ namespace Microsoft.AspNet.Antiforgery
/// <summary>
/// Generates and stores an antiforgery cookie token if one is not available or not valid.
/// </summary>
/// <param name="context">The <see cref="HttpContext"/> associated with the current call.</param>
/// <param name="context">The <see cref="HttpContext"/> associated with the current request.</param>
void SetCookieTokenAndHeader([NotNull] HttpContext context);
}
}

12
src/Microsoft.AspNet.Antiforgery/IAntiforgeryAdditionalDataProvider.cs
View File

@ -6,29 +6,29 @@ using Microsoft.AspNet.Http;
namespace Microsoft.AspNet.Antiforgery
{
/// <summary>
/// Allows providing or validating additional custom data for anti-forgery tokens.
/// Allows providing or validating additional custom data for antiforgery tokens.
/// For example, the developer could use this to supply a nonce when the token is
/// generated, then he could validate the nonce when the token is validated.
/// </summary>
/// <remarks>
/// The anti-forgery system already embeds the client's username within the
/// The antiforgery system already embeds the client's username within the
/// generated tokens. This interface provides and consumes <em>supplemental</em>
/// data. If an incoming anti-forgery token contains supplemental data but no
/// data. If an incoming antiforgery token contains supplemental data but no
/// additional data provider is configured, the supplemental data will not be
/// validated.
/// </remarks>
public interface IAntiforgeryAdditionalDataProvider
{
/// <summary>
/// Provides additional data to be stored for the anti-forgery tokens generated
/// Provides additional data to be stored for the antiforgery tokens generated
/// during this request.
/// </summary>
/// <param name="context">Information about the current request.</param>
/// <returns>Supplemental data to embed within the anti-forgery token.</returns>
/// <returns>Supplemental data to embed within the antiforgery token.</returns>
string GetAdditionalData(HttpContext context);
/// <summary>
/// Validates additional data that was embedded inside an incoming anti-forgery
/// Validates additional data that was embedded inside an incoming antiforgery
/// token.
/// </summary>
/// <param name="context">Information about the current request.</param>

2
src/Microsoft.AspNet.Antiforgery/IAntiforgeryTokenSerializer.cs
View File

@ -3,7 +3,7 @@
namespace Microsoft.AspNet.Antiforgery
{
// Abstracts out the serialization process for an anti-forgery token
// Abstracts out the serialization process for an antiforgery token
public interface IAntiforgeryTokenSerializer
{
AntiforgeryToken Deserialize(string serializedToken);

48
src/Microsoft.AspNet.Antiforgery/Properties/Resources.Designer.cs generated
View File

@ -11,7 +11,7 @@ namespace Microsoft.AspNet.Antiforgery
= new ResourceManager("Microsoft.AspNet.Antiforgery.Resources", typeof(Resources).GetTypeInfo().Assembly);
/// <summary>
/// The provided identity of type '{0}' is marked IsAuthenticated = true but does not have a value for Name. By default, the anti-forgery system requires that all authenticated identities have a unique Name. If it is not possible to provide a unique Name for this identity, consider extending IAdditionalDataProvider by overriding the DefaultAdditionalDataProvider or a custom type that can provide some form of unique identifier for the current user.
/// The provided identity of type '{0}' is marked {1} = {2} but does not have a value for {3}. By default, the antiforgery system requires that all authenticated identities have a unique {3}. If it is not possible to provide a unique {3} for this identity, consider extending {4} by overriding the {5} or a custom type that can provide some form of unique identifier for the current user.
/// </summary>
internal static string AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername
{
@ -19,15 +19,15 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The provided identity of type '{0}' is marked IsAuthenticated = true but does not have a value for Name. By default, the anti-forgery system requires that all authenticated identities have a unique Name. If it is not possible to provide a unique Name for this identity, consider extending IAdditionalDataProvider by overriding the DefaultAdditionalDataProvider or a custom type that can provide some form of unique identifier for the current user.
/// The provided identity of type '{0}' is marked {1} = {2} but does not have a value for {3}. By default, the antiforgery system requires that all authenticated identities have a unique {3}. If it is not possible to provide a unique {3} for this identity, consider extending {4} by overriding the {5} or a custom type that can provide some form of unique identifier for the current user.
/// </summary>
internal static string FormatAntiforgeryTokenValidator_AuthenticatedUserWithoutUsername(object p0)
internal static string FormatAntiforgeryTokenValidator_AuthenticatedUserWithoutUsername(object p0, object p1, object p2, object p3, object p4, object p5)
{
return string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername"), p0);
return string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername"), p0, p1, p2, p3, p4, p5);
}
/// <summary>
/// The provided anti-forgery token failed a custom data check.
/// The provided antiforgery token failed a custom data check.
/// </summary>
internal static string AntiforgeryToken_AdditionalDataCheckFailed
{
@ -35,7 +35,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The provided anti-forgery token failed a custom data check.
/// The provided antiforgery token failed a custom data check.
/// </summary>
internal static string FormatAntiforgeryToken_AdditionalDataCheckFailed()
{
@ -43,7 +43,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The provided anti-forgery token was meant for a different claims-based user than the current user.
/// The provided antiforgery token was meant for a different claims-based user than the current user.
/// </summary>
internal static string AntiforgeryToken_ClaimUidMismatch
{
@ -51,7 +51,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The provided anti-forgery token was meant for a different claims-based user than the current user.
/// The provided antiforgery token was meant for a different claims-based user than the current user.
/// </summary>
internal static string FormatAntiforgeryToken_ClaimUidMismatch()
{
@ -59,7 +59,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The required anti-forgery cookie "{0}" is not present.
/// The required antiforgery cookie "{0}" is not present.
/// </summary>
internal static string AntiforgeryToken_CookieMissing
{
@ -67,7 +67,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The required anti-forgery cookie "{0}" is not present.
/// The required antiforgery cookie "{0}" is not present.
/// </summary>
internal static string FormatAntiforgeryToken_CookieMissing(object p0)
{
@ -75,7 +75,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The anti-forgery token could not be decrypted.
/// The antiforgery token could not be decrypted.
/// </summary>
internal static string AntiforgeryToken_DeserializationFailed
{
@ -83,7 +83,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The anti-forgery token could not be decrypted.
/// The antiforgery token could not be decrypted.
/// </summary>
internal static string FormatAntiforgeryToken_DeserializationFailed()
{
@ -91,7 +91,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The required anti-forgery form field "{0}" is not present.
/// The required antiforgery form field "{0}" is not present.
/// </summary>
internal static string AntiforgeryToken_FormFieldMissing
{
@ -99,7 +99,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The required anti-forgery form field "{0}" is not present.
/// The required antiforgery form field "{0}" is not present.
/// </summary>
internal static string FormatAntiforgeryToken_FormFieldMissing(object p0)
{
@ -107,7 +107,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The anti-forgery cookie token and form field token do not match.
/// The antiforgery cookie token and form field token do not match.
/// </summary>
internal static string AntiforgeryToken_SecurityTokenMismatch
{
@ -115,7 +115,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The anti-forgery cookie token and form field token do not match.
/// The antiforgery cookie token and form field token do not match.
/// </summary>
internal static string FormatAntiforgeryToken_SecurityTokenMismatch()
{
@ -123,7 +123,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// Validation of the provided anti-forgery token failed. The cookie "{0}" and the form field "{1}" were swapped.
/// Validation of the provided antiforgery token failed. The cookie "{0}" and the form field "{1}" were swapped.
/// </summary>
internal static string AntiforgeryToken_TokensSwapped
{
@ -131,7 +131,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// Validation of the provided anti-forgery token failed. The cookie "{0}" and the form field "{1}" were swapped.
/// Validation of the provided antiforgery token failed. The cookie "{0}" and the form field "{1}" were swapped.
/// </summary>
internal static string FormatAntiforgeryToken_TokensSwapped(object p0, object p1)
{
@ -139,7 +139,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The provided anti-forgery token was meant for user "{0}", but the current user is "{1}".
/// The provided antiforgery token was meant for user "{0}", but the current user is "{1}".
/// </summary>
internal static string AntiforgeryToken_UsernameMismatch
{
@ -147,7 +147,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The provided anti-forgery token was meant for user "{0}", but the current user is "{1}".
/// The provided antiforgery token was meant for user "{0}", but the current user is "{1}".
/// </summary>
internal static string FormatAntiforgeryToken_UsernameMismatch(object p0, object p1)
{
@ -155,7 +155,7 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The anti-forgery system has the configuration value AntiforgeryOptions.RequireSsl = true, but the current request is not an SSL request.
/// The antiforgery system has the configuration value {0}.{1} = {2}, but the current request is not an SSL request.
/// </summary>
internal static string AntiforgeryWorker_RequireSSL
{
@ -163,11 +163,11 @@ namespace Microsoft.AspNet.Antiforgery
}
/// <summary>
/// The anti-forgery system has the configuration value AntiforgeryOptions.RequireSsl = true, but the current request is not an SSL request.
/// The antiforgery system has the configuration value {0}.{1} = {2}, but the current request is not an SSL request.
/// </summary>
internal static string FormatAntiforgeryWorker_RequireSSL()
internal static string FormatAntiforgeryWorker_RequireSSL(object p0, object p1, object p2)
{
return GetString("AntiforgeryWorker_RequireSSL");
return string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryWorker_RequireSSL"), p0, p1, p2);
}
/// <summary>

22
src/Microsoft.AspNet.Antiforgery/Resources.resx
View File

@ -118,34 +118,36 @@
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername" xml:space="preserve">
<value>The provided identity of type '{0}' is marked IsAuthenticated = true but does not have a value for Name. By default, the anti-forgery system requires that all authenticated identities have a unique Name. If it is not possible to provide a unique Name for this identity, consider extending IAdditionalDataProvider by overriding the DefaultAdditionalDataProvider or a custom type that can provide some form of unique identifier for the current user.</value>
<value>The provided identity of type '{0}' is marked {1} = {2} but does not have a value for {3}. By default, the antiforgery system requires that all authenticated identities have a unique {3}. If it is not possible to provide a unique {3} for this identity, consider extending {4} by overriding the {5} or a custom type that can provide some form of unique identifier for the current user.</value>
<comment>0 = typeof(identity), 1 = nameof(IsAuthenticated), 2 = bool.TrueString, 3 = nameof(Name), 4 = nameof(IAdditionalDataProvider), 5 = nameof(DefaultAdditionalDataProvider)</comment>
</data>
<data name="AntiforgeryToken_AdditionalDataCheckFailed" xml:space="preserve">
<value>The provided anti-forgery token failed a custom data check.</value>
<value>The provided antiforgery token failed a custom data check.</value>
</data>
<data name="AntiforgeryToken_ClaimUidMismatch" xml:space="preserve">
<value>The provided anti-forgery token was meant for a different claims-based user than the current user.</value>
<value>The provided antiforgery token was meant for a different claims-based user than the current user.</value>
</data>
<data name="AntiforgeryToken_CookieMissing" xml:space="preserve">
<value>The required anti-forgery cookie "{0}" is not present.</value>
<value>The required antiforgery cookie "{0}" is not present.</value>
</data>
<data name="AntiforgeryToken_DeserializationFailed" xml:space="preserve">
<value>The anti-forgery token could not be decrypted.</value>
<value>The antiforgery token could not be decrypted.</value>
</data>
<data name="AntiforgeryToken_FormFieldMissing" xml:space="preserve">
<value>The required anti-forgery form field "{0}" is not present.</value>
<value>The required antiforgery form field "{0}" is not present.</value>
</data>
<data name="AntiforgeryToken_SecurityTokenMismatch" xml:space="preserve">
<value>The anti-forgery cookie token and form field token do not match.</value>
<value>The antiforgery cookie token and form field token do not match.</value>
</data>
<data name="AntiforgeryToken_TokensSwapped" xml:space="preserve">
<value>Validation of the provided anti-forgery token failed. The cookie "{0}" and the form field "{1}" were swapped.</value>
<value>Validation of the provided antiforgery token failed. The cookie "{0}" and the form field "{1}" were swapped.</value>
</data>
<data name="AntiforgeryToken_UsernameMismatch" xml:space="preserve">
<value>The provided anti-forgery token was meant for user "{0}", but the current user is "{1}".</value>
<value>The provided antiforgery token was meant for user "{0}", but the current user is "{1}".</value>
</data>
<data name="AntiforgeryWorker_RequireSSL" xml:space="preserve">
<value>The anti-forgery system has the configuration value AntiforgeryOptions.RequireSsl = true, but the current request is not an SSL request.</value>
<value>The antiforgery system has the configuration value {0}.{1} = {2}, but the current request is not an SSL request.</value>
<comment>0 = nameof(AntiforgeryOptions), 1 = nameof(RequireSsl), 2 = bool.TrueString</comment>
</data>
<data name="ArgumentCannotBeNullOrEmpty" xml:space="preserve">
<value>Value cannot be null or empty.</value>

26
test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTest.cs
View File

@ -15,7 +15,7 @@ using Xunit;
namespace Microsoft.AspNet.Antiforgery
{
public class AntiforgeryTest
public class DefaultAntiforgeryTest
{
[Fact]
public async Task ChecksSSL_ValidateRequestAsync_Throws()
@ -25,7 +25,7 @@ namespace Microsoft.AspNet.Antiforgery
var options = new AntiforgeryOptions()
{
RequireSSL = true
RequireSsl = true
};
var antiforgery = GetAntiforgery(options);
@ -34,7 +34,7 @@ namespace Microsoft.AspNet.Antiforgery
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
async () => await antiforgery.ValidateRequestAsync(httpContext));
Assert.Equal(
@"The anti-forgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
"but the current request is not an SSL request.",
exception.Message);
}
@ -47,7 +47,7 @@ namespace Microsoft.AspNet.Antiforgery
var options = new AntiforgeryOptions()
{
RequireSSL = true
RequireSsl = true
};
var antiforgery = GetAntiforgery(options);
@ -56,7 +56,7 @@ namespace Microsoft.AspNet.Antiforgery
var exception = Assert.Throws<InvalidOperationException>(
() => antiforgery.ValidateTokens(httpContext, new AntiforgeryTokenSet("hello", "world")));
Assert.Equal(
@"The anti-forgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
"but the current request is not an SSL request.",
exception.Message);
}
@ -69,7 +69,7 @@ namespace Microsoft.AspNet.Antiforgery
var options = new AntiforgeryOptions()
{
RequireSSL = true
RequireSsl = true
};
var antiforgery = GetAntiforgery(options);
@ -78,7 +78,7 @@ namespace Microsoft.AspNet.Antiforgery
var exception = Assert.Throws<InvalidOperationException>(
() => antiforgery.GetHtml(httpContext));
Assert.Equal(
@"The anti-forgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
"but the current request is not an SSL request.",
exception.Message);
}
@ -91,7 +91,7 @@ namespace Microsoft.AspNet.Antiforgery
var options = new AntiforgeryOptions()
{
RequireSSL = true
RequireSsl = true
};
var antiforgery = GetAntiforgery(options);
@ -100,7 +100,7 @@ namespace Microsoft.AspNet.Antiforgery
var exception = Assert.Throws<InvalidOperationException>(
() => antiforgery.GetAndStoreTokens(httpContext));
Assert.Equal(
@"The anti-forgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
"but the current request is not an SSL request.",
exception.Message);
}
@ -113,7 +113,7 @@ namespace Microsoft.AspNet.Antiforgery
var options = new AntiforgeryOptions()
{
RequireSSL = true
RequireSsl = true
};
var antiforgery = GetAntiforgery(options);
@ -122,7 +122,7 @@ namespace Microsoft.AspNet.Antiforgery
var exception = Assert.Throws<InvalidOperationException>(
() => antiforgery.GetTokens(httpContext));
Assert.Equal(
@"The anti-forgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
"but the current request is not an SSL request.",
exception.Message);
}
@ -135,7 +135,7 @@ namespace Microsoft.AspNet.Antiforgery
var options = new AntiforgeryOptions()
{
RequireSSL = true
RequireSsl = true
};
var antiforgery = GetAntiforgery(options);
@ -144,7 +144,7 @@ namespace Microsoft.AspNet.Antiforgery
var exception = Assert.Throws<InvalidOperationException>(
() => antiforgery.SetCookieTokenAndHeader(httpContext));
Assert.Equal(
@"The anti-forgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
"but the current request is not an SSL request.",
exception.Message);
}

21
test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenGeneratorTest.cs
View File

@ -85,9 +85,10 @@ namespace Microsoft.AspNet.Antiforgery
"The provided identity of type " +
$"'{typeof(MyAuthenticatedIdentityWithoutUsername).FullName}' " +
"is marked IsAuthenticated = true but does not have a value for Name. " +
"By default, the anti-forgery system requires that all authenticated identities have a unique Name. " +
"By default, the antiforgery system requires that all authenticated identities have a unique Name. " +
"If it is not possible to provide a unique Name for this identity, " +
"consider extending IAdditionalDataProvider by overriding the DefaultAdditionalDataProvider " +
"consider extending IAntiforgeryAdditionalDataProvider by overriding the " +
"DefaultAntiforgeryAdditionalDataProvider " +
"or a custom type that can provide some form of unique identifier for the current user.",
exception.Message);
}
@ -281,7 +282,7 @@ namespace Microsoft.AspNet.Antiforgery
var ex =
Assert.Throws<InvalidOperationException>(
() => tokenProvider.ValidateTokens(httpContext, null, fieldtoken));
Assert.Equal(@"The required anti-forgery cookie ""my-cookie-name"" is not present.", ex.Message);
Assert.Equal(@"The required antiforgery cookie ""my-cookie-name"" is not present.", ex.Message);
}
[Fact]
@ -307,7 +308,7 @@ namespace Microsoft.AspNet.Antiforgery
var ex =
Assert.Throws<InvalidOperationException>(
() => tokenProvider.ValidateTokens(httpContext, sessionToken, null));
Assert.Equal(@"The required anti-forgery form field ""my-form-field-name"" is not present.", ex.Message);
Assert.Equal(@"The required antiforgery form field ""my-form-field-name"" is not present.", ex.Message);
}
[Fact]
@ -336,7 +337,7 @@ namespace Microsoft.AspNet.Antiforgery
Assert.Throws<InvalidOperationException>(
() => tokenProvider.ValidateTokens(httpContext, fieldtoken, fieldtoken));
Assert.Equal(
"Validation of the provided anti-forgery token failed. " +
"Validation of the provided antiforgery token failed. " +
@"The cookie ""my-cookie-name"" and the form field ""my-form-field-name"" were swapped.",
ex1.Message);
@ -344,7 +345,7 @@ namespace Microsoft.AspNet.Antiforgery
Assert.Throws<InvalidOperationException>(
() => tokenProvider.ValidateTokens(httpContext, sessionToken, sessionToken));
Assert.Equal(
"Validation of the provided anti-forgery token failed. " +
"Validation of the provided antiforgery token failed. " +
@"The cookie ""my-cookie-name"" and the form field ""my-form-field-name"" were swapped.",
ex2.Message);
}
@ -368,7 +369,7 @@ namespace Microsoft.AspNet.Antiforgery
var exception = Assert.Throws<InvalidOperationException>(
() => tokenProvider.ValidateTokens(httpContext, sessionToken, fieldtoken));
Assert.Equal(
@"The anti-forgery cookie token and form field token do not match.",
@"The antiforgery cookie token and form field token do not match.",
exception.Message);
}
@ -406,7 +407,7 @@ namespace Microsoft.AspNet.Antiforgery
var exception = Assert.Throws<InvalidOperationException>(
() => tokenProvider.ValidateTokens(httpContext, sessionToken, fieldtoken));
Assert.Equal(
@"The provided anti-forgery token was meant for user """ + embeddedUsername +
@"The provided antiforgery token was meant for user """ + embeddedUsername +
@""", but the current user is """ + identityUsername + @""".",
exception.Message);
}
@ -441,7 +442,7 @@ namespace Microsoft.AspNet.Antiforgery
var exception = Assert.Throws<InvalidOperationException>(
() => tokenProvider.ValidateTokens(httpContext, sessionToken, fieldtoken));
Assert.Equal(
@"The provided anti-forgery token was meant for a different claims-based user than the current user.",
@"The provided antiforgery token was meant for a different claims-based user than the current user.",
exception.Message);
}
@ -474,7 +475,7 @@ namespace Microsoft.AspNet.Antiforgery
// Act & assert
var exception = Assert.Throws<InvalidOperationException>(
() => tokenProvider.ValidateTokens(httpContext, sessionToken, fieldtoken));
Assert.Equal(@"The provided anti-forgery token failed a custom data check.", exception.Message);
Assert.Equal(@"The provided antiforgery token failed a custom data check.", exception.Message);
}
[Fact]

2
test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenSerializerTest.cs
View File

@ -50,7 +50,7 @@ namespace Microsoft.AspNet.Antiforgery
// Act & assert
var ex = Assert.Throws<InvalidOperationException>(() => testSerializer.Deserialize(serializedToken));
Assert.Equal(@"The anti-forgery token could not be decrypted.", ex.Message);
Assert.Equal(@"The antiforgery token could not be decrypted.", ex.Message);
}
[Fact]

2
test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenStoreTest.cs
View File

@ -286,7 +286,7 @@ namespace Microsoft.AspNet.Antiforgery
var options = new AntiforgeryOptions()
{
CookieName = _cookieName,
RequireSSL = requireSsl
RequireSsl = requireSsl
};
var tokenStore = new DefaultAntiforgeryTokenStore(