|
|
|
@ -105,9 +105,11 @@ public class XorCsrfTokenRequestAttributeHandlerTests { |
|
|
|
|
|
|
|
|
|
|
|
@Test |
|
|
|
@Test |
|
|
|
public void handleWhenCsrfTokenIsNullThenThrowsIllegalStateException() { |
|
|
|
public void handleWhenCsrfTokenIsNullThenThrowsIllegalStateException() { |
|
|
|
|
|
|
|
this.handler.handle(this.request, this.response, () -> null); |
|
|
|
|
|
|
|
CsrfToken csrfTokenAttribute = (CsrfToken) this.request.getAttribute("_csrf"); |
|
|
|
// @formatter:off
|
|
|
|
// @formatter:off
|
|
|
|
assertThatIllegalStateException() |
|
|
|
assertThatIllegalStateException() |
|
|
|
.isThrownBy(() -> this.handler.handle(this.request, this.response, () -> null)) |
|
|
|
.isThrownBy(csrfTokenAttribute::getToken) |
|
|
|
.withMessage("csrfToken supplier returned null"); |
|
|
|
.withMessage("csrfToken supplier returned null"); |
|
|
|
// @formatter:on
|
|
|
|
// @formatter:on
|
|
|
|
} |
|
|
|
} |
|
|
|
@ -128,8 +130,12 @@ public class XorCsrfTokenRequestAttributeHandlerTests { |
|
|
|
|
|
|
|
|
|
|
|
@Test |
|
|
|
@Test |
|
|
|
public void handleWhenSecureRandomSetThenUsed() { |
|
|
|
public void handleWhenSecureRandomSetThenUsed() { |
|
|
|
|
|
|
|
willAnswer(fillByteArray()).given(this.secureRandom).nextBytes(anyByteArray()); |
|
|
|
|
|
|
|
|
|
|
|
this.handler.setSecureRandom(this.secureRandom); |
|
|
|
this.handler.setSecureRandom(this.secureRandom); |
|
|
|
this.handler.handle(this.request, this.response, () -> this.token); |
|
|
|
this.handler.handle(this.request, this.response, () -> this.token); |
|
|
|
|
|
|
|
CsrfToken csrfTokenAttribute = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName()); |
|
|
|
|
|
|
|
assertThat(csrfTokenAttribute.getToken()).isEqualTo(XOR_CSRF_TOKEN_VALUE); |
|
|
|
verify(this.secureRandom).nextBytes(anyByteArray()); |
|
|
|
verify(this.secureRandom).nextBytes(anyByteArray()); |
|
|
|
verifyNoMoreInteractions(this.secureRandom); |
|
|
|
verifyNoMoreInteractions(this.secureRandom); |
|
|
|
} |
|
|
|
} |
|
|
|
@ -140,12 +146,11 @@ public class XorCsrfTokenRequestAttributeHandlerTests { |
|
|
|
|
|
|
|
|
|
|
|
this.handler.setSecureRandom(this.secureRandom); |
|
|
|
this.handler.setSecureRandom(this.secureRandom); |
|
|
|
this.handler.handle(this.request, this.response, () -> this.token); |
|
|
|
this.handler.handle(this.request, this.response, () -> this.token); |
|
|
|
verify(this.secureRandom).nextBytes(anyByteArray()); |
|
|
|
|
|
|
|
assertThat(this.request.getAttribute(CsrfToken.class.getName())).isNotNull(); |
|
|
|
|
|
|
|
assertThat(this.request.getAttribute(this.token.getParameterName())).isNotNull(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CsrfToken csrfTokenAttribute = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName()); |
|
|
|
CsrfToken csrfTokenAttribute = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName()); |
|
|
|
assertThat(csrfTokenAttribute.getToken()).isEqualTo(XOR_CSRF_TOKEN_VALUE); |
|
|
|
assertThat(csrfTokenAttribute.getToken()).isEqualTo(XOR_CSRF_TOKEN_VALUE); |
|
|
|
|
|
|
|
verify(this.secureRandom).nextBytes(anyByteArray()); |
|
|
|
|
|
|
|
assertThat(this.request.getAttribute(CsrfToken.class.getName())).isNotNull(); |
|
|
|
|
|
|
|
assertThat(this.request.getAttribute("_csrf")).isNotNull(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
@Test |
|
|
|
@Test |
|
|
|
|
Steve Riesenberg
3 years ago