From 75a7c5268a601bb56a2cfb525ba36931df155287 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Thu, 16 Nov 2017 11:22:17 -0600
Subject: [PATCH] ServerRequestCache.removeMatchingRequest

Issue: gh-4789
---
 .../WebSessionServerCsrfTokenRepository.java     | 11 ++---------
 .../savedrequest/NoOpServerRequestCache.java     |  7 +------
 .../server/savedrequest/ServerRequestCache.java  | 12 +-----------
 .../ServerRequestCacheWebFilter.java             |  3 +--
 .../WebSessionServerRequestCache.java            | 16 +++-------------
 .../WebSessionServerRequestCacheTests.java       |  4 ++--
 6 files changed, 10 insertions(+), 43 deletions(-)

diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
index 5b0b789193..e0d5eea388 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@@ -60,15 +60,8 @@ public class WebSessionServerCsrfTokenRepository
 			return Mono.just(token);
 		}
 		return exchange.getSession()
-			.map(WebSession::getAttributes)
-			.flatMap( attrs -> save(attrs, token));
-	}
-
-	private Mono<CsrfToken> save(Map<String, Object> attributes, CsrfToken token) {
-		return Mono.defer(() -> {
-			putToken(attributes, token);
-			return Mono.justOrEmpty(token);
-		});
+			.doOnSuccess(session -> putToken(session.getAttributes(), token))
+			.flatMap(r -> Mono.justOrEmpty(token));
 	}
 
 	private void putToken(Map<String, Object> attributes, CsrfToken token) {
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
index 7746f05729..934e1bde06 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
@@ -38,16 +38,11 @@ public class NoOpServerRequestCache implements ServerRequestCache {
 	}
 
 	@Override
-	public Mono<ServerHttpRequest> getMatchingRequest(
+	public Mono<ServerHttpRequest> removeMatchingRequest(
 		ServerWebExchange exchange) {
 		return Mono.empty();
 	}
 
-	@Override
-	public Mono<ServerHttpRequest> removeRequest(ServerWebExchange exchange) {
-		return Mono.empty();
-	}
-
 	public static NoOpServerRequestCache getInstance() {
 		return new NoOpServerRequestCache();
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
index 3905e03438..dbc41c0e3d 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
@@ -52,15 +52,5 @@ public interface ServerRequestCache {
 	 * @param exchange the exchange to obtain the request from
 	 * @return the {@link ServerHttpRequest}
 	 */
-	Mono<ServerHttpRequest> getMatchingRequest(ServerWebExchange exchange);
-
-	/**
-	 * If the {@link ServerWebExchange} contains a saved {@link ServerHttpRequest} remove
-	 * and return it.
-	 *
-	 * @param exchange the {@link ServerWebExchange} to obtain and remove the
-	 * {@link ServerHttpRequest}
-	 * @return the {@link ServerHttpRequest}
-	 */
-	Mono<ServerHttpRequest> removeRequest(ServerWebExchange exchange);
+	Mono<ServerHttpRequest> removeMatchingRequest(ServerWebExchange exchange);
 }
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
index 6140e9c803..0359608e67 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
@@ -33,8 +33,7 @@ public class ServerRequestCacheWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.requestCache.getMatchingRequest(exchange)
-			.flatMap(r -> this.requestCache.removeRequest(exchange))
+		return this.requestCache.removeMatchingRequest(exchange)
 			.map(r -> exchange.mutate().request(r).build())
 			.defaultIfEmpty(exchange)
 			.flatMap(e -> chain.filter(e));
diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
index 2d90f588fb..97ca389600 100644
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
@@ -77,22 +77,12 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 	}
 
 	@Override
-	public Mono<ServerHttpRequest> getMatchingRequest(
+	public Mono<ServerHttpRequest> removeMatchingRequest(
 		ServerWebExchange exchange) {
-		return getRedirectUri(exchange)
-			.map(URI::toASCIIString)
-			.map(path ->  exchange.getRequest().mutate().path(path).build())
-			.filter( request -> pathInApplication(request).equals(
-				pathInApplication(exchange.getRequest())));
-	}
-
-	@Override
-	public Mono<ServerHttpRequest> removeRequest(ServerWebExchange exchange) {
 		return exchange.getSession()
 			.map(WebSession::getAttributes)
-			.flatMap(attrs -> Mono.justOrEmpty(attrs.remove(this.sessionAttrName)))
-			.cast(String.class)
-			.map(path -> exchange.getRequest().mutate().path(path).build());
+			.filter(attributes -> attributes.remove(this.sessionAttrName, pathInApplication(exchange.getRequest())))
+			.map(attributes -> exchange.getRequest());
 	}
 
 	private static String pathInApplication(ServerHttpRequest request) {
diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
index 416a2f5902..f48845053c 100644
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
@@ -67,7 +67,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/"));
 		this.cache.saveRequest(exchange).block();
 
-		ServerHttpRequest saved = this.cache.removeRequest(exchange).block();
+		ServerHttpRequest saved = this.cache.removeMatchingRequest(exchange).block();
 
 		assertThat(saved.getURI()).isEqualTo(exchange.getRequest().getURI());
 	}
@@ -77,7 +77,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/"));
 		this.cache.saveRequest(exchange).block();
 
-		this.cache.removeRequest(exchange).block();
+		this.cache.removeMatchingRequest(exchange).block();
 
 		assertThat(this.cache.getRedirectUri(exchange).block()).isNull();
 	}