New test.

[mono.git] / mcs / class / System.Web.Mvc2 / System.Web.Mvc / AntiForgeryDataSerializer.cs

/* ****************************************************************************\r
 *\r
 * Copyright (c) Microsoft Corporation. All rights reserved.\r
 *\r
 * This software is subject to the Microsoft Public License (Ms-PL). \r
 * A copy of the license can be found in the license.htm file included \r
 * in this distribution.\r
 *\r
 * You must not remove this notice, or any other, from this software.\r
 *\r
 * ***************************************************************************/\r
\r
namespace System.Web.Mvc {\r
    using System;\r
    using System.Diagnostics.CodeAnalysis;\r
    using System.IO;\r
    using System.Web;\r
    using System.Web.Mvc.Resources;\r
    using System.Web.UI;\r
\r
    internal class AntiForgeryDataSerializer {\r
\r
        private IStateFormatter _formatter;\r
\r
        protected internal IStateFormatter Formatter {\r
            get {\r
                if (_formatter == null) {\r
                    _formatter = FormatterGenerator.GetFormatter();\r
                }\r
                return _formatter;\r
            }\r
            set {\r
                _formatter = value;\r
            }\r
        }\r
\r
        private static HttpAntiForgeryException CreateValidationException(Exception innerException) {\r
            return new HttpAntiForgeryException(MvcResources.AntiForgeryToken_ValidationFailed, innerException);\r
        }\r
\r
        public virtual AntiForgeryData Deserialize(string serializedToken) {\r
            if (String.IsNullOrEmpty(serializedToken)) {\r
                throw new ArgumentException(MvcResources.Common_NullOrEmpty, "serializedToken");\r
            }\r
\r
            // call property getter outside try { } block so that exceptions bubble up for debugging\r
            IStateFormatter formatter = Formatter;\r
\r
            try {\r
                object[] deserializedObj = (object[])formatter.Deserialize(serializedToken);\r
                return new AntiForgeryData() {\r
                    Salt = (string)deserializedObj[0],\r
                    Value = (string)deserializedObj[1],\r
                    CreationDate = (DateTime)deserializedObj[2],\r
                    Username = (string)deserializedObj[3]\r
                };\r
            }\r
            catch (Exception ex) {\r
                throw CreateValidationException(ex);\r
            }\r
        }\r
\r
        public virtual string Serialize(AntiForgeryData token) {\r
            if (token == null) {\r
                throw new ArgumentNullException("token");\r
            }\r
\r
            object[] objToSerialize = new object[] {\r
                token.Salt,\r
                token.Value,\r
                token.CreationDate,\r
                token.Username\r
            };\r
\r
            string serializedValue = Formatter.Serialize(objToSerialize);\r
            return serializedValue;\r
        }\r
\r
        // See http://www.yoda.arachsys.com/csharp/singleton.html (fifth version - fully lazy) for the singleton pattern\r
        // used here. We need to defer the call to TokenPersister.CreateFormatterGenerator() until we're actually\r
        // servicing a request, else HttpContext.Current might be invalid in TokenPersister.CreateFormatterGenerator().\r
        private static class FormatterGenerator {\r
\r
            public static readonly Func<IStateFormatter> GetFormatter = TokenPersister.CreateFormatterGenerator();\r
\r
            [SuppressMessage("Microsoft.Performance", "CA1810:InitializeReferenceTypeStaticFieldsInline",\r
                Justification = "This type must not be marked 'beforefieldinit'.")]\r
            static FormatterGenerator() {\r
            }\r
\r
            // This type is very difficult to unit-test because Page.ProcessRequest() requires mocking\r
            // much of the hosting environment. For now, we can perform functional tests of this feature.\r
            private sealed class TokenPersister : PageStatePersister {\r
                private TokenPersister(Page page)\r
                    : base(page) {\r
                }\r
\r
                public static Func<IStateFormatter> CreateFormatterGenerator() {\r
                    // This code instantiates a page and tricks it into thinking that it's servicing\r
                    // a postback scenario with encrypted ViewState, which is required to make the\r
                    // StateFormatter properly decrypt data. Specifically, this code sets the\r
                    // internal Page.ContainsEncryptedViewState flag.\r
                    TextWriter writer = TextWriter.Null;\r
                    HttpResponse response = new HttpResponse(writer);\r
                    HttpRequest request = new HttpRequest("DummyFile.aspx", HttpContext.Current.Request.Url.ToString(), "__EVENTTARGET=true&__VIEWSTATEENCRYPTED=true");\r
                    HttpContext context = new HttpContext(request, response);\r
\r
                    Page page = new Page() {\r
                        EnableViewStateMac = true,\r
                        ViewStateEncryptionMode = ViewStateEncryptionMode.Always\r
                    };\r
                    page.ProcessRequest(context);\r
\r
                    return () => new TokenPersister(page).StateFormatter;\r
                }\r
\r
                public override void Load() {\r
                    throw new NotImplementedException();\r
                }\r
\r
                public override void Save() {\r
                    throw new NotImplementedException();\r
                }\r
            }\r
        }\r
\r
    }\r
}\r