use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.
the class CookieServerCsrfTokenRepositoryTests method saveTokenWhenSslInfoNullThenNotSecure.
@Test
public void saveTokenWhenSslInfoNullThenNotSecure() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.isSecure()).isFalse();
}
use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.
the class CookieServerCsrfTokenRepositoryTests method saveTokenWhenSecureFlagFalseAndSslInfoThenNotSecure.
@Test
public void saveTokenWhenSecureFlagFalseAndSslInfoThenNotSecure() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.request.sslInfo(new MockSslInfo());
this.csrfTokenRepository.setSecure(false);
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.isSecure()).isFalse();
}
use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.
the class CookieServerCsrfTokenRepositoryTests method saveTokenWhenSecureFlagTrueThenSecure.
@Test
public void saveTokenWhenSecureFlagTrueThenSecure() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.csrfTokenRepository.setSecure(true);
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.isSecure()).isTrue();
}
use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.
the class CookieServerRequestCacheTests method saveRequestWhenPostRequestAndCustomMatcherThenRequestUriInCookie.
@Test
public void saveRequestWhenPostRequestAndCustomMatcherThenRequestUriInCookie() {
this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match());
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/"));
this.cache.saveRequest(exchange).block();
MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
assertThat(cookie).isNotNull();
String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes());
assertThat(cookie.toString()).isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
}
use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.
the class CookieServerRequestCacheTests method saveRequestWhenGetRequestWithQueryParamsThenRequestUriInCookie.
@Test
public void saveRequestWhenGetRequestWithQueryParamsThenRequestUriInCookie() {
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML));
this.cache.saveRequest(exchange).block();
MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
assertThat(cookies.size()).isEqualTo(1);
ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
assertThat(cookie).isNotNull();
String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/?key=value".getBytes());
assertThat(cookie.toString()).isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
}
Aggregations