Use configurable charset in ServerHttpBasicAuthenticationConverter

Closes gh-10903
This commit is contained in:
David Kirstein
2022-02-25 20:03:13 +01:00
committed by Steve Riesenberg
parent c38c722473
commit 1b29c43a11
2 changed files with 51 additions and 4 deletions

View File

@@ -16,6 +16,8 @@
package org.springframework.security.web.server.authentication;
import java.nio.charset.StandardCharsets;
import org.junit.jupiter.api.Test;
import reactor.core.publisher.Mono;
@@ -62,7 +64,7 @@ public class ServerHttpBasicAuthenticationConverterTests {
}
@Test
public void applyWhenNoSemicolonThenEmpty() {
public void applyWhenNoColonThenEmpty() {
Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcg=="));
assertThat(result.block()).isNull();
}
@@ -104,6 +106,38 @@ public class ServerHttpBasicAuthenticationConverterTests {
assertThat(result.block()).isNull();
}
@Test
public void applyWhenNonAsciiThenAuthentication() {
Mono<Authentication> result = apply(
this.request.header(HttpHeaders.AUTHORIZATION, "Basic w7xzZXI6cGFzc3fDtnJk"));
UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
.block();
assertThat(authentication.getPrincipal()).isEqualTo("üser");
assertThat(authentication.getCredentials()).isEqualTo("passwörd");
}
@Test
public void applyWhenIsoOnlyAsciiThenAuthentication() {
this.converter.setCredentialsCharset(StandardCharsets.ISO_8859_1);
Mono<Authentication> result = apply(
this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA=="));
UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
.block();
assertThat(authentication.getPrincipal()).isEqualTo("user");
assertThat(authentication.getCredentials()).isEqualTo("password");
}
@Test
public void applyWhenIsoNonAsciiThenAuthentication() {
this.converter.setCredentialsCharset(StandardCharsets.ISO_8859_1);
Mono<Authentication> result = apply(
this.request.header(HttpHeaders.AUTHORIZATION, "Basic /HNlcjpwYXNzd/ZyZA=="));
UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
.block();
assertThat(authentication.getPrincipal()).isEqualTo("üser");
assertThat(authentication.getCredentials()).isEqualTo("passwörd");
}
private Mono<Authentication> apply(MockServerHttpRequest.BaseBuilder<?> request) {
return this.converter.convert(MockServerWebExchange.from(this.request.build()));
}