Cache Xor CsrfToken
Closes gh-11988
This commit is contained in:
@@ -148,6 +148,15 @@ public class XorCsrfTokenRequestAttributeHandlerTests {
|
||||
assertThat(csrfTokenAttribute.getToken()).isEqualTo(XOR_CSRF_TOKEN_VALUE);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void handleWhenCsrfTokenRequestedTwiceThenCached() {
|
||||
this.handler.handle(this.request, this.response, () -> this.token);
|
||||
|
||||
CsrfToken csrfTokenAttribute = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName());
|
||||
assertThat(csrfTokenAttribute.getToken()).isNotEqualTo(this.token.getToken());
|
||||
assertThat(csrfTokenAttribute.getToken()).isEqualTo(csrfTokenAttribute.getToken());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveCsrfTokenValueWhenRequestIsNullThenThrowsIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.handler.resolveCsrfTokenValue(null, this.token))
|
||||
|
||||
@@ -110,6 +110,17 @@ public class XorServerCsrfTokenRequestAttributeHandlerTests {
|
||||
verify(this.secureRandom).nextBytes(anyByteArray());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void handleWhenCsrfTokenRequestedTwiceThenCached() {
|
||||
this.handler.handle(this.exchange, Mono.just(this.token));
|
||||
Mono<CsrfToken> csrfTokenAttribute = this.exchange.getAttribute(CsrfToken.class.getName());
|
||||
assertThat(csrfTokenAttribute).isNotNull();
|
||||
CsrfToken csrfToken1 = csrfTokenAttribute.block();
|
||||
CsrfToken csrfToken2 = csrfTokenAttribute.block();
|
||||
assertThat(csrfToken1.getToken()).isNotEqualTo(this.token.getToken());
|
||||
assertThat(csrfToken1.getToken()).isEqualTo(csrfToken2.getToken());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveCsrfTokenValueWhenExchangeIsNullThenThrowsIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.handler.resolveCsrfTokenValue(null, this.token))
|
||||
|
||||
Reference in New Issue
Block a user