Search in sources :

Example 21 with ResponseCookie

use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.

the class CookieServerCsrfTokenRepositoryTests method saveTokenWhenSslInfoNullThenNotSecure.

@Test
public void saveTokenWhenSslInfoNullThenNotSecure() {
    MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
    this.csrfTokenRepository.saveToken(exchange, createToken()).block();
    ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
    assertThat(cookie).isNotNull();
    assertThat(cookie.isSecure()).isFalse();
}
Also used : MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) ResponseCookie(org.springframework.http.ResponseCookie) Test(org.junit.jupiter.api.Test)

Example 22 with ResponseCookie

use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.

the class CookieServerCsrfTokenRepositoryTests method saveTokenWhenSecureFlagFalseAndSslInfoThenNotSecure.

@Test
public void saveTokenWhenSecureFlagFalseAndSslInfoThenNotSecure() {
    MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
    this.request.sslInfo(new MockSslInfo());
    this.csrfTokenRepository.setSecure(false);
    this.csrfTokenRepository.saveToken(exchange, createToken()).block();
    ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
    assertThat(cookie).isNotNull();
    assertThat(cookie.isSecure()).isFalse();
}
Also used : MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) ResponseCookie(org.springframework.http.ResponseCookie) Test(org.junit.jupiter.api.Test)

Example 23 with ResponseCookie

use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.

the class CookieServerCsrfTokenRepositoryTests method saveTokenWhenSecureFlagTrueThenSecure.

@Test
public void saveTokenWhenSecureFlagTrueThenSecure() {
    MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
    this.csrfTokenRepository.setSecure(true);
    this.csrfTokenRepository.saveToken(exchange, createToken()).block();
    ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
    assertThat(cookie).isNotNull();
    assertThat(cookie.isSecure()).isTrue();
}
Also used : MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) ResponseCookie(org.springframework.http.ResponseCookie) Test(org.junit.jupiter.api.Test)

Example 24 with ResponseCookie

use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.

the class CookieServerRequestCacheTests method saveRequestWhenPostRequestAndCustomMatcherThenRequestUriInCookie.

@Test
public void saveRequestWhenPostRequestAndCustomMatcherThenRequestUriInCookie() {
    this.cache.setSaveRequestMatcher((e) -> ServerWebExchangeMatcher.MatchResult.match());
    MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/"));
    this.cache.saveRequest(exchange).block();
    MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
    ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
    assertThat(cookie).isNotNull();
    String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes());
    assertThat(cookie.toString()).isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
}
Also used : MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) ResponseCookie(org.springframework.http.ResponseCookie) Test(org.junit.jupiter.api.Test)

Example 25 with ResponseCookie

use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.

the class CookieServerRequestCacheTests method saveRequestWhenGetRequestWithQueryParamsThenRequestUriInCookie.

@Test
public void saveRequestWhenGetRequestWithQueryParamsThenRequestUriInCookie() {
    MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML));
    this.cache.saveRequest(exchange).block();
    MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
    assertThat(cookies.size()).isEqualTo(1);
    ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
    assertThat(cookie).isNotNull();
    String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/?key=value".getBytes());
    assertThat(cookie.toString()).isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax");
}
Also used : MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) ResponseCookie(org.springframework.http.ResponseCookie) Test(org.junit.jupiter.api.Test)

Aggregations

ResponseCookie (org.springframework.http.ResponseCookie)35 Test (org.junit.jupiter.api.Test)23 MockServerWebExchange (org.springframework.mock.web.server.MockServerWebExchange)12 HttpHeaders (org.springframework.http.HttpHeaders)6 DataBuffer (org.springframework.core.io.buffer.DataBuffer)5 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)5 MockServerHttpRequest (org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest)5 MockServerWebExchange (org.springframework.web.testfixture.server.MockServerWebExchange)5 Mono (reactor.core.publisher.Mono)5 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)4 HttpStatus (org.springframework.http.HttpStatus)4 Collections (java.util.Collections)3 MultiValueMap (org.springframework.util.MultiValueMap)3 MockServerHttpResponse (org.springframework.web.testfixture.http.server.reactive.MockServerHttpResponse)3 Flux (reactor.core.publisher.Flux)3 StepVerifier (reactor.test.StepVerifier)3 Cookie (io.netty.handler.codec.http.cookie.Cookie)2 DefaultCookie (io.netty.handler.codec.http.cookie.DefaultCookie)2 URI (java.net.URI)2 StandardCharsets (java.nio.charset.StandardCharsets)2