Use SHA256 by default in Remember Me

Closes gh-11520
This commit is contained in:
Marcus Da Coregio
2022-07-25 10:21:25 -03:00
parent db9d60e82d
commit 0c549ee147
3 changed files with 7 additions and 7 deletions

View File

@@ -407,7 +407,7 @@ public class TokenBasedRememberMeServicesTests {
assertThat(cookie.getMaxAge()).isEqualTo(this.services.getTokenValiditySeconds());
assertThat(CodecTestUtils.isBase64(cookie.getValue().getBytes())).isTrue();
assertThat(new Date().before(new Date(determineExpiryTimeFromBased64EncodedToken(cookie.getValue())))).isTrue();
assertThat("MD5").isEqualTo(determineAlgorithmNameFromBase64EncodedToken(cookie.getValue()));
assertThat("SHA256").isEqualTo(determineAlgorithmNameFromBase64EncodedToken(cookie.getValue()));
}
@Test
@@ -459,11 +459,11 @@ public class TokenBasedRememberMeServicesTests {
}
@Test
public void constructorWhenNoEncodingAlgorithmSpecifiedThenMd5() {
public void constructorWhenNoEncodingAlgorithmSpecifiedThenSha256() {
TokenBasedRememberMeServices rememberMeServices = new TokenBasedRememberMeServices("key", this.uds);
RememberMeTokenAlgorithm encodingAlgorithm = (RememberMeTokenAlgorithm) ReflectionTestUtils
.getField(rememberMeServices, "encodingAlgorithm");
assertThat(encodingAlgorithm).isSameAs(RememberMeTokenAlgorithm.MD5);
assertThat(encodingAlgorithm).isSameAs(RememberMeTokenAlgorithm.SHA256);
}
}