File: AntiforgeryMiddlewareTest.cs
Web Access
Project: src\src\Antiforgery\test\Microsoft.AspNetCore.Antiforgery.Test.csproj (Microsoft.AspNetCore.Antiforgery.Test)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Metadata;
using Moq;
 
namespace Microsoft.AspNetCore.Antiforgery.Internal;
 
public class AntiforgeryMiddlewareTest
{
    [Theory]
    [InlineData("POST")]
    [InlineData("PUT")]
    [InlineData("PATCH")]
    public async Task ValidatesAntiforgeryTokenForValidMethods(string method)
    {
        var antiforgeryService = new Mock<IAntiforgery>();
        antiforgeryService.Setup(af => af.ValidateRequestAsync(It.IsAny<HttpContext>())).Returns(Task.FromResult(true));
        var antiforgeryMiddleware = new AntiforgeryMiddleware(antiforgeryService.Object, hc => Task.CompletedTask);
        var httpContext = GetHttpContext();
        httpContext.Request.Method = method;
 
        await antiforgeryMiddleware.Invoke(httpContext);
 
        antiforgeryService.Verify(antiforgeryService => antiforgeryService.ValidateRequestAsync(httpContext), Times.AtMostOnce());
        Assert.True(httpContext.Features.Get<IAntiforgeryValidationFeature>()?.IsValid);
    }
 
    [Fact]
    public async Task RespectsIgnoreAntiforgeryMetadata()
    {
        var antiforgeryService = new Mock<IAntiforgery>();
        var antiforgeryMiddleware = new AntiforgeryMiddleware(antiforgeryService.Object, hc => Task.CompletedTask);
        var httpContext = GetHttpContext(hasIgnoreMetadata: true);
 
        await antiforgeryMiddleware.Invoke(httpContext);
 
        antiforgeryService.Verify(antiforgeryService => antiforgeryService.ValidateRequestAsync(httpContext), Times.Never());
    }
 
    [Theory]
    [InlineData("GET")]
    [InlineData("TRACE")]
    [InlineData("HEAD")]
    [InlineData("OPTIONS")]
    [InlineData("DELETE")]
    [InlineData("CONNECT")]
    public async Task IgnoresUnsupportedHttpMethods(string method)
    {
        var antiforgeryService = new Mock<IAntiforgery>();
        var antiforgeryMiddleware = new AntiforgeryMiddleware(antiforgeryService.Object, hc => Task.CompletedTask);
        var httpContext = GetHttpContext();
        httpContext.Request.Method = method;
 
        await antiforgeryMiddleware.Invoke(httpContext);
 
        antiforgeryService.Verify(antiforgeryService => antiforgeryService.ValidateRequestAsync(httpContext), Times.Never());
    }
 
    [Theory]
    [InlineData(false)]
    [InlineData(true)]
    public async Task SetMiddlewareInvokedProperty(bool hasIgnoreMetadata)
    {
        var antiforgeryService = new Mock<IAntiforgery>();
        antiforgeryService.Setup(af => af.ValidateRequestAsync(It.IsAny<HttpContext>())).Returns(Task.FromResult(true));
        var antiforgeryMiddleware = new AntiforgeryMiddleware(antiforgeryService.Object, hc => Task.CompletedTask);
        var httpContext = GetHttpContext(hasIgnoreMetadata);
 
        await antiforgeryMiddleware.Invoke(httpContext);
 
        Assert.True(httpContext.Items.ContainsKey("__AntiforgeryMiddlewareWithEndpointInvoked"));
    }
 
    internal static DefaultHttpContext GetHttpContext(bool hasIgnoreMetadata = false)
    {
        var httpContext = new DefaultHttpContext();
        var metadata = !hasIgnoreMetadata
            ? new EndpointMetadataCollection(new AntiforgeryMetadata(!hasIgnoreMetadata))
            : new EndpointMetadataCollection();
        httpContext.SetEndpoint(new Endpoint(null, metadata, "TestEndpoint"));
 
        return httpContext;
    }
}