Responding to comments and removing null check for CookieToken

harshgMSFT · harshgMSFT · commit 20fdbe25a760 · 2014-04-22T15:24:16.000-07:00
diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs
@@ -53,6 +53,10 @@ public HtmlString GetHtml([NotNull] HttpContext context)
         /// <param name="oldCookieToken">The anti-forgery token - if any - that already existed
         /// for this request. May be null. The anti-forgery system will try to reuse this cookie
         /// value when generating a matching form token.</param>
+        /// <remarks>
+        /// Unlike the GetHtml(HttpContext context) method, this method has no side effect. The caller
+        /// is responsible for setting the response cookie and injecting the returned
+        /// form token as appropriate.
         /// </remarks>
         public AntiForgeryTokenSet GetTokens([NotNull] HttpContext context, string oldCookieToken)
         {
@@ -66,7 +70,7 @@ public AntiForgeryTokenSet GetTokens([NotNull] HttpContext context, string oldCo
 
         /// <summary>
         /// Validates an anti-forgery token that was supplied for this request.
-        /// The anti-forgery token may be generated by calling GetHtml().
+        /// The anti-forgery token may be generated by calling GetHtml(HttpContext context).
         /// </summary>
         /// <param name="context">The HTTP context associated with the current call.</param>
         public async Task ValidateAsync([NotNull] HttpContext context)
diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryToken.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryToken.cs
@@ -7,19 +7,16 @@ internal sealed class AntiForgeryToken
         internal const int SecurityTokenBitLength = 128;
         internal const int ClaimUidBitLength = 256;
 
-        private string _additionalData;
+        private string _additionalData = string.Empty;
+        private string _username = string.Empty;
         private BinaryBlob _securityToken;
-        private string _username;
 
         public string AdditionalData
         {
-            get
-            {
-                return _additionalData ?? String.Empty;
-            }
+            get { return _additionalData; }
             set
             {
-                _additionalData = value;
+                _additionalData = value ?? string.Empty;
             }
         }
 
@@ -45,13 +42,10 @@ public BinaryBlob SecurityToken
 
         public string Username
         {
-            get
-            {
-                return _username ?? String.Empty;
-            }
+            get { return _username; }
             set
             {
-                _username = value;
+                _username = value ?? string.Empty;
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenSerializer.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenSerializer.cs
@@ -38,9 +38,7 @@ public AntiForgeryToken Deserialize(string serializedToken)
                 // swallow all exceptions - homogenize error if something went wrong
             }
 
-            // TODO: Return proper exception here.
             // if we reached this point, something went wrong deserializing
-            //  throw HttpAntiForgeryException.CreateDeserializationFailedException();
             throw new InvalidOperationException(Resources.AntiForgeryToken_DeserializationFailed);
         }
 
@@ -128,8 +126,6 @@ public string Serialize([NotNull] AntiForgeryToken token)
             }
         }
 
-        // TODO: This is temporary replacement for HttpServerUtility.UrlTokenEncode.
-        // This will be removed when webutils has this.
         private string UrlTokenEncode(byte[] input)
         {
             var base64String = Convert.ToBase64String(input);
@@ -161,8 +157,6 @@ private string UrlTokenEncode(byte[] input)
             return sb.ToString();
         }
 
-        // TODO: This is temporary replacement for HttpServerUtility.UrlTokenDecode.
-        // This will be removed when webutils has this.
         private byte[] UrlTokenDecode(string input)
         {
             var sb = new StringBuilder();
diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenSet.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenSet.cs
@@ -12,17 +12,15 @@ public AntiForgeryTokenSet(string formToken, string cookieToken)
                 throw new ArgumentException(Resources.ArgumentCannotBeNullOrEmpty, formToken);
             }
 
-            if (string.IsNullOrEmpty(cookieToken))
-            {
-                throw new ArgumentException(Resources.ArgumentCannotBeNullOrEmpty, cookieToken);
-            }
-
             FormToken = formToken;
             CookieToken = cookieToken;
         }
 
         public string FormToken { get; private set; }
 
+        // The cookie token is allowed to be null. 
+        // This would be the case when the old cookie token is still valid.
+        // In such cases a call to GetTokens would return a token set with null cookie token.
         public string CookieToken { get; private set; }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -7,19 +7,16 @@ internal sealed class AntiForgeryToken`
`7`	`7`	`internal const int SecurityTokenBitLength = 128;`
`8`	`8`	`internal const int ClaimUidBitLength = 256;`
`9`	`9`
`10`		`- private string _additionalData;`
	`10`	`+ private string _additionalData = string.Empty;`
	`11`	`+ private string _username = string.Empty;`
`11`	`12`	`private BinaryBlob _securityToken;`
`12`		`- private string _username;`
`13`	`13`
`14`	`14`	`public string AdditionalData`
`15`	`15`	`{`
`16`		`- get`
`17`		`- {`
`18`		`- return _additionalData ?? String.Empty;`
`19`		`- }`
	`16`	`+ get { return _additionalData; }`
`20`	`17`	`set`
`21`	`18`	`{`
`22`		`- _additionalData = value;`
	`19`	`+ _additionalData = value ?? string.Empty;`
`23`	`20`	`}`
`24`	`21`	`}`
`25`	`22`
`@@ -45,13 +42,10 @@ public BinaryBlob SecurityToken`
`45`	`42`
`46`	`43`	`public string Username`
`47`	`44`	`{`
`48`		`- get`
`49`		`- {`
`50`		`- return _username ?? String.Empty;`
`51`		`- }`
	`45`	`+ get { return _username; }`
`52`	`46`	`set`
`53`	`47`	`{`
`54`		`- _username = value;`
	`48`	`+ _username = value ?? string.Empty;`
`55`	`49`	`}`
`56`	`50`	`}`
`57`	`51`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,9 +38,7 @@ public AntiForgeryToken Deserialize(string serializedToken)`
`38`	`38`	`// swallow all exceptions - homogenize error if something went wrong`
`39`	`39`	`}`
`40`	`40`
`41`		`- // TODO: Return proper exception here.`
`42`	`41`	`// if we reached this point, something went wrong deserializing`
`43`		`- // throw HttpAntiForgeryException.CreateDeserializationFailedException();`
`44`	`42`	`throw new InvalidOperationException(Resources.AntiForgeryToken_DeserializationFailed);`
`45`	`43`	`}`
`46`	`44`
`@@ -128,8 +126,6 @@ public string Serialize([NotNull] AntiForgeryToken token)`
`128`	`126`	`}`
`129`	`127`	`}`
`130`	`128`
`131`		`- // TODO: This is temporary replacement for HttpServerUtility.UrlTokenEncode.`
`132`		`- // This will be removed when webutils has this.`
`133`	`129`	`private string UrlTokenEncode(byte[] input)`
`134`	`130`	`{`
`135`	`131`	`var base64String = Convert.ToBase64String(input);`
`@@ -161,8 +157,6 @@ private string UrlTokenEncode(byte[] input)`
`161`	`157`	`return sb.ToString();`
`162`	`158`	`}`
`163`	`159`
`164`		`- // TODO: This is temporary replacement for HttpServerUtility.UrlTokenDecode.`
`165`		`- // This will be removed when webutils has this.`
`166`	`160`	`private byte[] UrlTokenDecode(string input)`
`167`	`161`	`{`
`168`	`162`	`var sb = new StringBuilder();`
Original file line number	Diff line number	Diff line change
`@@ -12,17 +12,15 @@ public AntiForgeryTokenSet(string formToken, string cookieToken)`
`12`	`12`	`throw new ArgumentException(Resources.ArgumentCannotBeNullOrEmpty, formToken);`
`13`	`13`	`}`
`14`	`14`
`15`		`- if (string.IsNullOrEmpty(cookieToken))`
`16`		`- {`
`17`		`- throw new ArgumentException(Resources.ArgumentCannotBeNullOrEmpty, cookieToken);`
`18`		`- }`
`19`		`-`
`20`	`15`	`FormToken = formToken;`
`21`	`16`	`CookieToken = cookieToken;`
`22`	`17`	`}`
`23`	`18`
`24`	`19`	`public string FormToken { get; private set; }`
`25`	`20`
	`21`	`+ // The cookie token is allowed to be null.`
	`22`	`+ // This would be the case when the old cookie token is still valid.`
	`23`	`+ // In such cases a call to GetTokens would return a token set with null cookie token.`
`26`	`24`	`public string CookieToken { get; private set; }`
`27`	`25`	`}`
`28`	`26`	`}`