CsrfWebFilter places Mono<CsrfToken>
Fixes: gh-4855
This commit is contained in:
@@ -30,6 +30,7 @@ import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
import static org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
@@ -46,7 +47,7 @@ public class CsrfRequestDataValueProcessorTests {
|
||||
@Before
|
||||
public void setup() {
|
||||
this.expected.put(this.token.getParameterName(), this.token.getToken());
|
||||
this.exchange.getAttributes().put(CsrfToken.class.getName(), this.token);
|
||||
this.exchange.getAttributes().put(DEFAULT_CSRF_ATTR_NAME, this.token);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -122,7 +123,7 @@ public class CsrfRequestDataValueProcessorTests {
|
||||
@Test
|
||||
public void createGetExtraHiddenFieldsHasCsrfToken() {
|
||||
CsrfToken token = new DefaultCsrfToken("1", "a", "b");
|
||||
this.exchange.getAttributes().put(CsrfToken.class.getName(), token);
|
||||
this.exchange.getAttributes().put(DEFAULT_CSRF_ATTR_NAME, token);
|
||||
Map<String, String> expected = new HashMap<String, String>();
|
||||
expected.put(token.getParameterName(), token.getToken());
|
||||
|
||||
|
||||
@@ -89,8 +89,6 @@ public class CsrfWebFilterTests {
|
||||
this.csrfFilter.setCsrfTokenRepository(this.repository);
|
||||
when(this.repository.loadToken(any()))
|
||||
.thenReturn(Mono.just(this.token));
|
||||
when(this.repository.generateToken(any()))
|
||||
.thenReturn(Mono.just(this.token));
|
||||
|
||||
Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
|
||||
|
||||
@@ -106,8 +104,6 @@ public class CsrfWebFilterTests {
|
||||
this.csrfFilter.setCsrfTokenRepository(this.repository);
|
||||
when(this.repository.loadToken(any()))
|
||||
.thenReturn(Mono.just(this.token));
|
||||
when(this.repository.generateToken(any()))
|
||||
.thenReturn(Mono.just(this.token));
|
||||
this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/")
|
||||
.body(this.token.getParameterName() + "="+this.token.getToken()+"INVALID"));
|
||||
|
||||
@@ -146,8 +142,6 @@ public class CsrfWebFilterTests {
|
||||
this.csrfFilter.setCsrfTokenRepository(this.repository);
|
||||
when(this.repository.loadToken(any()))
|
||||
.thenReturn(Mono.just(this.token));
|
||||
when(this.repository.generateToken(any()))
|
||||
.thenReturn(Mono.just(this.token));
|
||||
this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/")
|
||||
.header(this.token.getHeaderName(), this.token.getToken()+"INVALID"));
|
||||
|
||||
|
||||
@@ -61,9 +61,10 @@ public class WebSessionServerCsrfTokenRepositoryTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void generateTokenWhenGetTokenThenAddsToSession() {
|
||||
Mono<CsrfToken> result = this.repository.generateToken(this.exchange);
|
||||
result.block().getToken();
|
||||
public void saveTokenWhenDefaultThenAddsToSession() {
|
||||
Mono<CsrfToken> result = this.repository.generateToken(this.exchange)
|
||||
.delayUntil(t-> this.repository.saveToken(this.exchange, t));
|
||||
result.block();
|
||||
|
||||
WebSession session = this.exchange.getSession().block();
|
||||
Map<String, Object> attributes = session.getAttributes();
|
||||
@@ -76,7 +77,6 @@ public class WebSessionServerCsrfTokenRepositoryTests {
|
||||
@Test
|
||||
public void saveTokenWhenNullThenDeletes() {
|
||||
CsrfToken token = this.repository.generateToken(this.exchange).block();
|
||||
token.getToken();
|
||||
|
||||
Mono<CsrfToken> result = this.repository.saveToken(this.exchange, null);
|
||||
StepVerifier.create(result)
|
||||
@@ -87,22 +87,6 @@ public class WebSessionServerCsrfTokenRepositoryTests {
|
||||
assertThat(session.getAttributes()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void generateTokenAndLoadTokenDeleteTokenWhenNullThenDeletes() {
|
||||
CsrfToken generate = this.repository.generateToken(this.exchange).block();
|
||||
generate.getToken();
|
||||
|
||||
CsrfToken load = this.repository.loadToken(this.exchange).block();
|
||||
assertThat(load).isEqualTo(generate);
|
||||
|
||||
this.repository.saveToken(this.exchange, null).block();
|
||||
WebSession session = this.exchange.getSession().block();
|
||||
assertThat(session.getAttributes()).isEmpty();
|
||||
|
||||
load = this.repository.loadToken(this.exchange).block();
|
||||
assertThat(load).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveTokenChangeSessionId() {
|
||||
String originalSessionId = this.exchange.getSession().block().getId();
|
||||
|
||||
Reference in New Issue
Block a user