Search in sources :

Example 1 with DefaultCsrfTokenGenerator

use of org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator in project pac4j by pac4j.

the class DefaultAuthorizationCheckerTests method testCsrfCheckPostTokenParameter.

@Test
public void testCsrfCheckPostTokenParameter() {
    final var context = MockWebContext.create().setRequestMethod(HttpConstants.HTTP_METHOD.POST.name());
    final var generator = new DefaultCsrfTokenGenerator();
    final SessionStore sessionStore = new MockSessionStore();
    final var token = generator.get(context, sessionStore);
    context.addRequestParameter(Pac4jConstants.CSRF_TOKEN, token);
    sessionStore.set(context, Pac4jConstants.CSRF_TOKEN, token);
    sessionStore.set(context, Pac4jConstants.CSRF_TOKEN_EXPIRATION_DATE, new Date().getTime() + 1000 * generator.getTtlInSeconds());
    assertTrue(checker.isAuthorized(context, sessionStore, profiles, DefaultAuthorizers.CSRF_CHECK, new HashMap<>(), new ArrayList<>()));
}
Also used : MockSessionStore(org.pac4j.core.context.session.MockSessionStore) SessionStore(org.pac4j.core.context.session.SessionStore) DefaultCsrfTokenGenerator(org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator) MockSessionStore(org.pac4j.core.context.session.MockSessionStore) Test(org.junit.Test)

Example 2 with DefaultCsrfTokenGenerator

use of org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator in project pac4j by pac4j.

the class DefaultAuthorizationCheckerTests method testCsrfCheckPost.

@Test
public void testCsrfCheckPost() {
    final var context = MockWebContext.create().setRequestMethod(HttpConstants.HTTP_METHOD.POST.name());
    final var generator = new DefaultCsrfTokenGenerator();
    final SessionStore sessionStore = new MockSessionStore();
    generator.get(context, sessionStore);
    assertFalse(checker.isAuthorized(context, sessionStore, profiles, DefaultAuthorizers.CSRF_CHECK, new HashMap<>(), new ArrayList<>()));
}
Also used : MockSessionStore(org.pac4j.core.context.session.MockSessionStore) SessionStore(org.pac4j.core.context.session.SessionStore) DefaultCsrfTokenGenerator(org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator) MockSessionStore(org.pac4j.core.context.session.MockSessionStore) Test(org.junit.Test)

Example 3 with DefaultCsrfTokenGenerator

use of org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator in project pac4j by pac4j.

the class CsrfAuthorizerTests method setUp.

@Before
public void setUp() {
    authorizer = new CsrfAuthorizer();
    authorizer.setCheckAllRequests(true);
    expirationDate = new Date().getTime() + 1000 * new DefaultCsrfTokenGenerator().getTtlInSeconds();
}
Also used : DefaultCsrfTokenGenerator(org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator) Date(java.util.Date) Before(org.junit.Before)

Aggregations

DefaultCsrfTokenGenerator (org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator)3 Test (org.junit.Test)2 MockSessionStore (org.pac4j.core.context.session.MockSessionStore)2 SessionStore (org.pac4j.core.context.session.SessionStore)2 Date (java.util.Date)1 Before (org.junit.Before)1