Fix CsrfWebFilter error message when expected CSRF not found

Closes gh-9337
5 years ago · b08075a721
2 changed files with 4 additions and 3 deletions
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
@ -133,7 +133,7 @@ public class CsrfWebFilter implements WebFilter {
				@@ -133,7 +133,7 @@ public class CsrfWebFilter implements WebFilter {

 	private Mono<Void> validateToken(ServerWebExchange exchange) {
 		return this.csrfTokenRepository.loadToken(exchange)
-			.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("CSRF Token has been associated to this client"))))
+			.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("An expected CSRF token cannot be found"))))
 			.filterWhen(expected -> containsValidCsrfToken(exchange, expected))
 			.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token"))))
 			.then();
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
@ -65,8 +65,7 @@ public class CsrfWebFilterTests {
				@@ -65,8 +65,7 @@ public class CsrfWebFilterTests {
 	private MockServerWebExchange get = from(
 		MockServerHttpRequest.get("/"));

-	private ServerWebExchange post = from(
-		MockServerHttpRequest.post("/"));
+	private MockServerWebExchange post = MockServerWebExchange.from(MockServerHttpRequest.post("/"));

 	@Test
 	public void filterWhenGetThenSessionNotCreatedAndChainContinues() {
@ -110,6 +109,8 @@ public class CsrfWebFilterTests {
				@@ -110,6 +109,8 @@ public class CsrfWebFilterTests {
 			.verifyComplete();

 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
+		StepVerifier.create(this.post.getResponse().getBodyAsString())
+				.assertNext(b -> assertThat(b).contains("An expected CSRF token cannot be found"));
 	}

 	@Test