use of ninja.utils.CookieEncryption in project ninja by ninjaframework.
the class SessionImplTest method setUp.
@Before
public void setUp() {
MockitoAnnotations.initMocks(this);
when(ninjaProperties.getInteger(NinjaConstant.sessionExpireTimeInSeconds)).thenReturn(10000);
when(ninjaProperties.getBooleanWithDefault(NinjaConstant.sessionSendOnlyIfChanged, true)).thenReturn(true);
when(ninjaProperties.getBooleanWithDefault(NinjaConstant.sessionTransferredOverHttpsOnly, true)).thenReturn(true);
when(ninjaProperties.getBooleanWithDefault(NinjaConstant.sessionHttpOnly, true)).thenReturn(true);
when(ninjaProperties.getOrDie(NinjaConstant.applicationSecret)).thenReturn(SecretGenerator.generateSecret());
when(ninjaProperties.getOrDie(NinjaConstant.applicationCookiePrefix)).thenReturn("NINJA");
when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis());
when(ninjaProperties.getBooleanWithDefault(NinjaConstant.applicationCookieEncrypted, false)).thenReturn(encrypted);
encryption = new CookieEncryption(ninjaProperties);
crypto = new Crypto(ninjaProperties);
}
use of ninja.utils.CookieEncryption in project ninja by ninjaframework.
the class SessionImplTest method testSessionEncryptionKeysMismatch.
@Test
public void testSessionEncryptionKeysMismatch() {
if (!encrypted) {
assertTrue("N/A for plain session cookies without encryption", true);
return;
}
// (1) create session with some data and save
Session session_1 = createNewSession();
session_1.init(context);
session_1.put("key", "value");
session_1.save(context);
// (2) verify that cookie with our data is created and added to context
verify(context).addCookie(cookieCaptor.capture());
assertEquals("value", session_1.get("key"));
// save reference to our cookie - we will use it to init sessions below
Cookie cookie = cookieCaptor.getValue();
// (3) create new session with the same cookie and assert that it still has our data
Session session_2 = createNewSession();
when(context.getCookie("NINJA_SESSION")).thenReturn(cookie);
session_2.init(context);
assertFalse(session_2.isEmpty());
assertEquals("value", session_2.get("key"));
// (4) now we change our application secret and thus our encryption key is modified
when(ninjaProperties.getOrDie(NinjaConstant.applicationSecret)).thenReturn(SecretGenerator.generateSecret());
encryption = new CookieEncryption(ninjaProperties);
// (5) creating new session with the same cookie above would result in clean session
// because that cookie was encrypted with another key and decryption with the new key
// is not possible; usually such a case throws `javax.crypto.BadPaddingException`
Session session_3 = createNewSession();
session_3.init(context);
assertTrue(session_3.isEmpty());
}
Aggregations