Changed behaviour of remote ip address detection, renamed ip allow/block lists
This commit is contained in:
@@ -14,7 +14,8 @@ namespace UnitTests.AspNetCore.Extensions
|
||||
{
|
||||
private Mock<ISession> sessionMock;
|
||||
|
||||
private string tokenName;
|
||||
private string tokenFormName;
|
||||
private string tokenHeaderName;
|
||||
private string tokenValue;
|
||||
|
||||
private Dictionary<string, string> requestHeaders;
|
||||
@@ -26,7 +27,8 @@ namespace UnitTests.AspNetCore.Extensions
|
||||
[TestInitialize]
|
||||
public void InitializeTests()
|
||||
{
|
||||
tokenName = null;
|
||||
tokenFormName = null;
|
||||
tokenHeaderName = null;
|
||||
tokenValue = null;
|
||||
|
||||
requestHeaders = new Dictionary<string, string>();
|
||||
@@ -42,34 +44,38 @@ namespace UnitTests.AspNetCore.Extensions
|
||||
public void ShouldReturnAntiforgery()
|
||||
{
|
||||
// arrange
|
||||
tokenName = "af-token";
|
||||
tokenFormName = "af-token";
|
||||
tokenHeaderName = "af-header";
|
||||
tokenValue = "security_first";
|
||||
|
||||
var context = GetContext();
|
||||
|
||||
// act
|
||||
var result = context.GetAntiforgeryToken();
|
||||
var (formName, headerName, value) = context.GetAntiforgeryToken();
|
||||
|
||||
// assert
|
||||
Assert.AreEqual(tokenName, result.Name);
|
||||
Assert.AreEqual(tokenValue, result.Value);
|
||||
Assert.AreEqual(tokenFormName, formName);
|
||||
Assert.AreEqual(tokenHeaderName, headerName);
|
||||
Assert.AreEqual(tokenValue, value);
|
||||
}
|
||||
|
||||
[TestMethod]
|
||||
public void ShouldReturnAntiforgeryNullService()
|
||||
{
|
||||
// arrange
|
||||
tokenName = "af-token";
|
||||
tokenFormName = "af-token";
|
||||
tokenHeaderName = "af-header";
|
||||
tokenValue = "security_first";
|
||||
|
||||
var context = GetContext(hasAntiforgery: false);
|
||||
|
||||
// act
|
||||
var result = context.GetAntiforgeryToken();
|
||||
var (formName, headerName, value) = context.GetAntiforgeryToken();
|
||||
|
||||
// assert
|
||||
Assert.AreEqual(null, result.Name);
|
||||
Assert.AreEqual(null, result.Value);
|
||||
Assert.IsNull(formName);
|
||||
Assert.IsNull(headerName);
|
||||
Assert.IsNull(value);
|
||||
}
|
||||
|
||||
[TestMethod]
|
||||
@@ -79,11 +85,12 @@ namespace UnitTests.AspNetCore.Extensions
|
||||
var context = GetContext();
|
||||
|
||||
// act
|
||||
var result = context.GetAntiforgeryToken();
|
||||
var (formName, headerName, value) = context.GetAntiforgeryToken();
|
||||
|
||||
// assert
|
||||
Assert.AreEqual(null, result.Name);
|
||||
Assert.AreEqual(null, result.Value);
|
||||
Assert.IsNull(formName);
|
||||
Assert.IsNull(headerName);
|
||||
Assert.IsNull(value);
|
||||
}
|
||||
|
||||
#endregion Antiforgery
|
||||
@@ -105,13 +112,16 @@ namespace UnitTests.AspNetCore.Extensions
|
||||
Assert.AreEqual(remote, result);
|
||||
}
|
||||
|
||||
[TestMethod]
|
||||
public void ShouldReturnDefaultHeader()
|
||||
[DataTestMethod]
|
||||
[DataRow("X-Forwarded-For")]
|
||||
[DataRow("X-Real-IP")]
|
||||
[DataRow("CF-Connecting-IP")]
|
||||
public void ShouldReturnDefaultHeader(string headerName)
|
||||
{
|
||||
// arrange
|
||||
remote = IPAddress.Parse("1.2.3.4");
|
||||
var header = IPAddress.Parse("5.6.7.8");
|
||||
requestHeaders.Add("X-Forwarded-For", header.ToString());
|
||||
requestHeaders.Add(headerName, header.ToString());
|
||||
|
||||
var context = GetContext();
|
||||
|
||||
@@ -130,12 +140,14 @@ namespace UnitTests.AspNetCore.Extensions
|
||||
remote = IPAddress.Parse("1.2.3.4");
|
||||
string headerName = "FooBar";
|
||||
var headerIp = IPAddress.Parse("5.6.7.8");
|
||||
|
||||
requestHeaders.Add(headerName, headerIp.ToString());
|
||||
requestHeaders.Add("X-Forwarded-For", remote.ToString());
|
||||
|
||||
var context = GetContext();
|
||||
|
||||
// act
|
||||
var result = context.GetRemoteIpAddress(headerName: headerName);
|
||||
var result = context.GetRemoteIpAddress(ipHeaderName: headerName);
|
||||
|
||||
// assert
|
||||
Assert.AreNotEqual(remote, result);
|
||||
@@ -221,7 +233,7 @@ namespace UnitTests.AspNetCore.Extensions
|
||||
var context = GetContext();
|
||||
|
||||
// act
|
||||
bool result = context.IsLocalRequest(headerName: headerName);
|
||||
bool result = context.IsLocalRequest(ipHeaderName: headerName);
|
||||
|
||||
// assert
|
||||
Assert.IsTrue(result);
|
||||
@@ -254,7 +266,7 @@ namespace UnitTests.AspNetCore.Extensions
|
||||
var context = GetContext();
|
||||
|
||||
// act
|
||||
bool result = context.IsLocalRequest(headerName: headerName);
|
||||
bool result = context.IsLocalRequest(ipHeaderName: headerName);
|
||||
|
||||
// assert
|
||||
Assert.IsFalse(result);
|
||||
@@ -385,7 +397,7 @@ namespace UnitTests.AspNetCore.Extensions
|
||||
var antiforgeryMock = new Mock<IAntiforgery>();
|
||||
antiforgeryMock
|
||||
.Setup(af => af.GetAndStoreTokens(It.IsAny<HttpContext>()))
|
||||
.Returns(string.IsNullOrWhiteSpace(tokenName) ? null : new AntiforgeryTokenSet(tokenValue, tokenValue, tokenName, tokenName));
|
||||
.Returns(() => string.IsNullOrWhiteSpace(tokenValue) ? null : new AntiforgeryTokenSet(tokenValue, tokenValue, tokenFormName, tokenHeaderName));
|
||||
|
||||
requestServicesMock
|
||||
.Setup(rs => rs.GetService(typeof(IAntiforgery)))
|
||||
|
||||
Reference in New Issue
Block a user