use of org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator in project pac4j by pac4j.
the class DefaultAuthorizationCheckerTests method testCsrfCheckPostTokenParameter.
@Test
public void testCsrfCheckPostTokenParameter() {
final var context = MockWebContext.create().setRequestMethod(HttpConstants.HTTP_METHOD.POST.name());
final var generator = new DefaultCsrfTokenGenerator();
final SessionStore sessionStore = new MockSessionStore();
final var token = generator.get(context, sessionStore);
context.addRequestParameter(Pac4jConstants.CSRF_TOKEN, token);
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN, token);
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN_EXPIRATION_DATE, new Date().getTime() + 1000 * generator.getTtlInSeconds());
assertTrue(checker.isAuthorized(context, sessionStore, profiles, DefaultAuthorizers.CSRF_CHECK, new HashMap<>(), new ArrayList<>()));
}
use of org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator in project pac4j by pac4j.
the class DefaultAuthorizationCheckerTests method testCsrfCheckPost.
@Test
public void testCsrfCheckPost() {
final var context = MockWebContext.create().setRequestMethod(HttpConstants.HTTP_METHOD.POST.name());
final var generator = new DefaultCsrfTokenGenerator();
final SessionStore sessionStore = new MockSessionStore();
generator.get(context, sessionStore);
assertFalse(checker.isAuthorized(context, sessionStore, profiles, DefaultAuthorizers.CSRF_CHECK, new HashMap<>(), new ArrayList<>()));
}
use of org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator in project pac4j by pac4j.
the class CsrfAuthorizerTests method setUp.
@Before
public void setUp() {
authorizer = new CsrfAuthorizer();
authorizer.setCheckAllRequests(true);
expirationDate = new Date().getTime() + 1000 * new DefaultCsrfTokenGenerator().getTtlInSeconds();
}
Aggregations