CsrfWebFilter places Mono<CsrfToken>

Fixes: gh-4855
This commit is contained in:
Rob Winch
2017-11-20 14:16:49 -06:00
parent edccafca84
commit d55db837e1
11 changed files with 73 additions and 114 deletions

View File

@@ -30,6 +30,7 @@ import java.util.HashMap;
import java.util.Map;
import static org.assertj.core.api.Assertions.*;
import static org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME;
/**
* @author Rob Winch
@@ -46,7 +47,7 @@ public class CsrfRequestDataValueProcessorTests {
@Before
public void setup() {
this.expected.put(this.token.getParameterName(), this.token.getToken());
this.exchange.getAttributes().put(CsrfToken.class.getName(), this.token);
this.exchange.getAttributes().put(DEFAULT_CSRF_ATTR_NAME, this.token);
}
@Test
@@ -122,7 +123,7 @@ public class CsrfRequestDataValueProcessorTests {
@Test
public void createGetExtraHiddenFieldsHasCsrfToken() {
CsrfToken token = new DefaultCsrfToken("1", "a", "b");
this.exchange.getAttributes().put(CsrfToken.class.getName(), token);
this.exchange.getAttributes().put(DEFAULT_CSRF_ATTR_NAME, token);
Map<String, String> expected = new HashMap<String, String>();
expected.put(token.getParameterName(), token.getToken());

View File

@@ -89,8 +89,6 @@ public class CsrfWebFilterTests {
this.csrfFilter.setCsrfTokenRepository(this.repository);
when(this.repository.loadToken(any()))
.thenReturn(Mono.just(this.token));
when(this.repository.generateToken(any()))
.thenReturn(Mono.just(this.token));
Mono<Void> result = this.csrfFilter.filter(this.post, this.chain);
@@ -106,8 +104,6 @@ public class CsrfWebFilterTests {
this.csrfFilter.setCsrfTokenRepository(this.repository);
when(this.repository.loadToken(any()))
.thenReturn(Mono.just(this.token));
when(this.repository.generateToken(any()))
.thenReturn(Mono.just(this.token));
this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/")
.body(this.token.getParameterName() + "="+this.token.getToken()+"INVALID"));
@@ -146,8 +142,6 @@ public class CsrfWebFilterTests {
this.csrfFilter.setCsrfTokenRepository(this.repository);
when(this.repository.loadToken(any()))
.thenReturn(Mono.just(this.token));
when(this.repository.generateToken(any()))
.thenReturn(Mono.just(this.token));
this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/")
.header(this.token.getHeaderName(), this.token.getToken()+"INVALID"));

View File

@@ -61,9 +61,10 @@ public class WebSessionServerCsrfTokenRepositoryTests {
}
@Test
public void generateTokenWhenGetTokenThenAddsToSession() {
Mono<CsrfToken> result = this.repository.generateToken(this.exchange);
result.block().getToken();
public void saveTokenWhenDefaultThenAddsToSession() {
Mono<CsrfToken> result = this.repository.generateToken(this.exchange)
.delayUntil(t-> this.repository.saveToken(this.exchange, t));
result.block();
WebSession session = this.exchange.getSession().block();
Map<String, Object> attributes = session.getAttributes();
@@ -76,7 +77,6 @@ public class WebSessionServerCsrfTokenRepositoryTests {
@Test
public void saveTokenWhenNullThenDeletes() {
CsrfToken token = this.repository.generateToken(this.exchange).block();
token.getToken();
Mono<CsrfToken> result = this.repository.saveToken(this.exchange, null);
StepVerifier.create(result)
@@ -87,22 +87,6 @@ public class WebSessionServerCsrfTokenRepositoryTests {
assertThat(session.getAttributes()).isEmpty();
}
@Test
public void generateTokenAndLoadTokenDeleteTokenWhenNullThenDeletes() {
CsrfToken generate = this.repository.generateToken(this.exchange).block();
generate.getToken();
CsrfToken load = this.repository.loadToken(this.exchange).block();
assertThat(load).isEqualTo(generate);
this.repository.saveToken(this.exchange, null).block();
WebSession session = this.exchange.getSession().block();
assertThat(session.getAttributes()).isEmpty();
load = this.repository.loadToken(this.exchange).block();
assertThat(load).isNull();
}
@Test
public void saveTokenChangeSessionId() {
String originalSessionId = this.exchange.getSession().block().getId();