huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
93 Commits 1 Branch 0 Tags 251 MiB
Commit Graph

93 Commits

Author SHA1 Message Date
Doug Bunting c85badcf71 Fix bad merge 
- not exactly logging at the right spot in `GetAndStoreTokens()`
- test helpers were creating two separate `ServiceCollections`
 - also didn't compile!
 2016-02-09 16:43:01 -08:00
Doug Bunting 73695fc443 Serialize cookie token at most once 
- #23 part 3
- `Get[AndStore]Tokens()` would deserialize cookie token from request even if `IsRequestValidAsync()` already had
- `GetAndStoreTokens()` serialized an old (never saved) cookie token once and a new one twice

- refactor serialization from `DefaultAntiforgeryTokenStore` to `DefaultAntiforgery`
 - divide responsibilities and ease overall fix
- above refactoring took `IAntiforgeryContextAccessor` responsibilities along to `DefaultAntiforgery` as well
 - store all tokens in `IAntiforgeryContextAccessor` to avoid repeated (de)serializations
 - remove `AntiforgeryTokenSetInternal`

nits:
- bit more parameter renaming to `httpContext`
- remove argument checks in helper methods
 - did _not_ do a sweep through the repo; just files in this PR
 2016-02-09 15:29:04 -08:00
ryanbrandenburg c8a9ecc0c1 * Add logging to Antiforgery 2016-02-09 09:27:51 -08:00
Doug Bunting 08cf13b870 Remove `ValidateTokens()` from `IAntiforgery` 
- `IAntiforgery` does not expose a way to get an invalid `AntiforgeryTokenSet`
 2016-02-05 12:16:10 -08:00
Ajay Bhargav Baaskaran 9445574aa1 Updated Json.Net version 2016-02-04 16:04:44 -08:00
John Luo 57dad8df8c Merge branch 'dev' of git://github.com/hishamco/Antiforgery into hdev 2016-02-04 14:59:32 -08:00
Ryan Nowak 33e3001d53 Remove GetHtml 
It's being moved to MVC
 2016-02-04 11:22:26 -08:00
Ryan Nowak 3a2d09b066 Move exceptions from the store to the facade 
My earlier change to add TryValidateRequestAsync didn't go far enough,
because the store will still throw when the tokens aren't present. This
change is to make the store just return null tokens in these cases, and
move the exceptions to DefaultAntiforgery.
 2016-02-04 11:11:45 -08:00
Doug Bunting c91f0ee667 Clean up some tests 
- avoid mocking `HttpContext`
- change `DefaultAntiforgeryTest` to mock token generators consistently
 2016-02-04 10:11:05 -08:00
Hisham Bin Ateya b1df299ec3 Add 'UseServer' 2016-02-04 13:37:04 +03:00
Doug Bunting 705c080d3b Move Antiforgery implementation details to `.Internal` 
- leave `IAntiforgery`, `IAntiforgeryAdditionalDataProvider` and related bits behind
 2016-02-03 15:39:33 -08:00
Ryan Nowak 48ee352022 Add form and header name to token set 2016-02-03 14:28:25 -08:00
Ryan Nowak 20140c4c15 Adds a IsRequestValidAsync method 
Some other misc cleanup
- docs for IAntiforgeryTokenGenerator
- Add HttpContext parameter where to all IAntiforgeryGenerator methods
- rename parameters on DefaultAntiforgery
 2016-02-03 08:08:30 -08:00
Doug Bunting 0ddfa5f0d8 Pool `MemoryStream`, `BinaryReader`, `BinaryWriter`, and `SHA256` instances 
- #23 part 2
- reduce `byte[]` and `char[]` allocations because all have internal buffers
 - fortunately, only `MemoryStream` has an unbounded buffer
 2016-02-02 16:56:11 -08:00
Ryan Nowak 96063e2476 Remove dependency on routing in sample 
Removing the routing dependency since this is moving lower in the stack.
 2016-02-02 09:24:29 -08:00
Doug Bunting 492c0798b1 Anything but `HtmlContentBuilder` 
- #23 part 1
 2016-02-02 08:51:02 -08:00
Doug Bunting 7c7a4a905e Correct project dependencies 
- use latest `System.Net.Http`, not hard-coded version
- add imports for the latest CLI
 - see aspnet/FileSystem@4a9a0fd for the inspiration
 2016-02-01 18:53:40 -08:00
N. Taylor Mullen 9c9543dde4 Rename AspNet 5 file contents. 
See https://github.com/aspnet/Announcements/issues/144 for more information.
 2016-01-22 12:24:22 -08:00
N. Taylor Mullen bc0d5528a3 Rename AspNet 5 folders and files. 
See https://github.com/aspnet/Announcements/issues/144 for more information.
 2016-01-22 12:24:19 -08:00
John Luo 115e89d6f8 Reacting to hosting rename 2016-01-17 17:08:20 -08:00
Victor Hurdugaci 9e032102f6 Build with dotnet 2016-01-15 15:53:26 -08:00
John Luo 807cd77307 Reacting to Hosting API changes 2016-01-12 16:03:24 -08:00
Ajay Bhargav Baaskaran 80fa2908bd Throwing custom AntiforgeryException for token validation failure scenarios 2016-01-07 15:12:55 -08:00
ryanbrandenburg a281b2e369 * Add functional tests for sample 2016-01-06 09:37:15 -08:00
Hao Kung 0eec60b0ac React to OptionsModel => Options 2015-12-21 14:54:54 -08:00
John Luo f49c218bdf Reacting to new Hosting API 2015-12-18 15:24:53 -08:00
Ryan Nowak 1c0996c625 Add a sample demonstrating Antiforgery with AJAX 2015-12-17 13:29:45 -08:00
Ryan Nowak bf6406bc2a PR feedback 2015-12-16 12:48:03 -08:00
Ryan Nowak ea43ce1bb7 update gitignore 2015-12-16 12:38:21 -08:00
Ryan Nowak 3280ff6ac5 Add Header support 
This change adds support for retrieving an antiforgery CSRF token via a
configurable header in addition to the form field. This helps with doing
ajax requests in a 1st-party SPA when using cookie auth, and is similar to
functionality provided by a bunch of different frameworks.

In this change there's also a bunch of churn due to avoiding the term
'form' in favor of 'request' and 'session' in favor of 'cookie'. Where
code and error message now mention 'form' they specifically mean
form-encoded content.
 2015-12-15 14:18:09 -08:00
Pranav K b69aef3c51 Merge branch 'release' into dev 2015-12-11 12:23:48 -08:00
Pranav K 86795ab1b6 Updating to release NuGet.config. 2015-12-11 12:23:45 -08:00
Pranav K 463e8f9473 React to HtmlAbstractions namespace rename 2015-12-02 10:30:01 -08:00
Pranav K daf16ad184 Enabling CoreCLR tests on Travis 2015-12-01 11:02:49 -08:00
Doug Bunting 6a9b38db77 Return an `IHtmlContent` from `IAntiforgery.GetHtml()` 
- part of aspnet/Mvc#3123
- no longer forces caller to wrap the return value in an `HtmlString`

nit: don't HTML encode the word "hidden"
 2015-11-25 09:44:54 -08:00
Doug Bunting 78face48d0 Ignore `launchSettings.json` files 2015-11-24 15:31:27 -08:00
Pranav K 130e8f0398 Updating tests to use moq.netcore 2015-11-23 11:39:40 -08:00
Hao Kung e2632d47f0 React to DataProtection changes 2015-11-17 14:08:22 -08:00
Doug Bunting 4c74e08bf1 Move Travis to supported Linux distribution 
- use Ubuntu 14.04 (Trusty)
  - Travis support for Trusty is in Beta and currently requires `sudo`
- run `dnu restore` with DNX Core since aspnet/External#49 is not fixed in Mono versions we can use
- add required dependencies for DNX Core to `.travis.yml`
- addresses part of aspnet/Universe#290
 2015-11-17 12:26:08 -08:00
Doug Bunting 42d6166b61 Explicitly choose Mono 4.0.5 
- avoids future problems related to aspnet/External#48
  - e.g. when Travis updates default Mono version in `csharp` bundle
 2015-11-17 10:49:09 -08:00
Pranav K 1c39930b16 Reacting to DependencyInjection changes 2015-11-13 10:33:23 -08:00
ryanbrandenburg c82ac5e61f * Return old cookie token 2015-11-12 11:52:39 -08:00
Cesar Blum Silveira ff3c8023a0 Merge branch 'release' into dev 2015-11-03 13:34:38 -08:00
Cesar Blum Silveira 391086e3ce Strong name Microsoft.AspNet.Antiforgery. 2015-11-03 12:51:41 -08:00
Chris R 7edbabd498 React to Http.Abstractions changes. 2015-11-03 10:15:23 -08:00
Chris R 84cfe5640d React to WebEncoders changes. 2015-10-30 11:45:48 -07:00
Pranav K ebcaeadf64 Merge branch 'release' into dev 2015-10-28 12:51:04 -07:00
Pranav K e49daaa980 Updating to release NuGet.config. 2015-10-28 12:43:08 -07:00
Pranav K c7dc5ab7f0 Switching to generations TFMs 2015-10-22 00:23:06 -07:00
Doug Bunting e925bb1b3a Fix local build break 2015-10-12 12:47:15 -07:00