Polish

- Add Reactive equivalent - Update copyright Issue gh-13310
2 years ago · 82c0ddc56d
4 changed files with 18 additions and 5 deletions
--- a/web/src/main/java/org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandler.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandler.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/web/src/main/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandler.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -88,7 +88,7 @@ public final class XorServerCsrfTokenRequestAttributeHandler extends ServerCsrfT
 		System.arraycopy(actualBytes, randomBytesSize, xoredCsrf, 0, tokenSize);
 		byte[] csrfBytes = xorCsrf(randomBytes, xoredCsrf);
-		return Utf8.decode(csrfBytes);
+		return (csrfBytes != null) ? Utf8.decode(csrfBytes) : null;
 	}
 	private static String createXoredCsrfToken(SecureRandom secureRandom, String token) {
@ -105,6 +105,9 @@ public final class XorServerCsrfTokenRequestAttributeHandler extends ServerCsrfT
 	}
 	private static byte[] xorCsrf(byte[] randomBytes, byte[] csrfBytes) {
 		if (csrfBytes.length < randomBytes.length) {
 			return null;
 		}
 		int len = Math.min(randomBytes.length, csrfBytes.length);
 		byte[] xoredCsrf = new byte[len];
 		System.arraycopy(csrfBytes, 0, xoredCsrf, 0, csrfBytes.length);
--- a/web/src/test/java/org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandlerTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/web/src/test/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandlerTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -182,6 +182,16 @@ public class XorServerCsrfTokenRequestAttributeHandlerTests {
 		StepVerifier.create(csrfToken).expectNext(this.token.getToken()).verifyComplete();
 	}
 	@Test
 	public void resolveCsrfTokenIsInvalidThenReturnsNull() {
 		this.exchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/")
 				.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE)
 				.body(this.token.getParameterName() + "=" + XOR_CSRF_TOKEN_VALUE)).build();
 		CsrfToken token = new DefaultCsrfToken("headerName", "paramName", "a");
 		Mono<String> csrfToken = this.handler.resolveCsrfTokenValue(this.exchange, token);
 		assertThat(csrfToken.block()).isNull();
 	}
 	private static Answer<Void> fillByteArray() {
 		return (invocation) -> {
 			byte[] bytes = invocation.getArgument(0);