SEC-2352: HttpSessionCsrfTokenRepository lazy session creation
This commit is contained in:
@@ -67,6 +67,13 @@ public class HttpSessionCsrfTokenRepositoryTests {
|
||||
@Test
|
||||
public void loadTokenNull() {
|
||||
assertThat(repo.loadToken(request)).isNull();
|
||||
assertThat(request.getSession(false)).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadTokenNullWhenSessionExists() {
|
||||
request.getSession();
|
||||
assertThat(repo.loadToken(request)).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -105,6 +112,14 @@ public class HttpSessionCsrfTokenRepositoryTests {
|
||||
.isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveTokenNullTokenWhenSessionNotExists() {
|
||||
|
||||
repo.saveToken(null, request, response);
|
||||
|
||||
assertThat(request.getSession(false)).isNull();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void setSessionAttributeNameEmpty() {
|
||||
repo.setSessionAttributeName("");
|
||||
|
||||
Reference in New Issue
Block a user