Search in sources :

Example 36 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class DefaultLoginPageConfigurerTests method loginPageWhenRememberConfigureThenDefaultLoginPageWithRememberMeCheckbox.

@Test
public void loginPageWhenRememberConfigureThenDefaultLoginPageWithRememberMeCheckbox() throws Exception {
    this.spring.register(DefaultLoginPageWithRememberMeConfig.class).autowire();
    CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN");
    String csrfAttributeName = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
    // @formatter:off
    this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken)).andExpect(content().string("<!DOCTYPE html>\n" + "<html lang=\"en\">\n" + "  <head>\n" + "    <meta charset=\"utf-8\">\n" + "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n" + "    <meta name=\"description\" content=\"\">\n" + "    <meta name=\"author\" content=\"\">\n" + "    <title>Please sign in</title>\n" + "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n" + "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n" + "  </head>\n" + "  <body>\n" + "     <div class=\"container\">\n" + "      <form class=\"form-signin\" method=\"post\" action=\"/login\">\n" + "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + "        <p>\n" + "          <label for=\"username\" class=\"sr-only\">Username</label>\n" + "          <input type=\"text\" id=\"username\" name=\"username\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n" + "        </p>\n" + "        <p>\n" + "          <label for=\"password\" class=\"sr-only\">Password</label>\n" + "          <input type=\"password\" id=\"password\" name=\"password\" class=\"form-control\" placeholder=\"Password\" required>\n" + "        </p>\n" + "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n" + "<input name=\"" + csrfToken.getParameterName() + "\" type=\"hidden\" value=\"" + csrfToken.getToken() + "\" />\n" + "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n" + "      </form>\n" + "</div>\n" + "</body></html>"));
// @formatter:on
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) Test(org.junit.jupiter.api.Test)

Example 37 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class SampleWebSecurityConfigurerAdapterTests method setup.

@BeforeEach
public void setup() {
    this.request = new MockHttpServletRequest("GET", "");
    this.response = new MockHttpServletResponse();
    this.chain = new MockFilterChain();
    CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "CSRF-TOKEN-TEST");
    new HttpSessionCsrfTokenRepository().saveToken(csrfToken, this.request, this.response);
    this.request.setParameter(csrfToken.getParameterName(), csrfToken.getToken());
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 38 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class AbstractCsrfTagTests method hasCsrfRendersReturnedValue.

@Test
public void hasCsrfRendersReturnedValue() throws JspException, UnsupportedEncodingException {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
    this.request.setAttribute(CsrfToken.class.getName(), token);
    this.tag.handleReturn = "fooBarBazQux";
    int returned = this.tag.doEndTag();
    assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
    assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("fooBarBazQux");
    assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Test(org.junit.jupiter.api.Test)

Example 39 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class AbstractCsrfTagTests method hasCsrfRendersDifferentValue.

@Test
public void hasCsrfRendersDifferentValue() throws JspException, UnsupportedEncodingException {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "_csrf", "abc123def456ghi789");
    this.request.setAttribute(CsrfToken.class.getName(), token);
    this.tag.handleReturn = "<input type=\"hidden\" />";
    int returned = this.tag.doEndTag();
    assertThat(returned).as("The returned value is not correct.").isEqualTo(Tag.EVAL_PAGE);
    assertThat(this.response.getContentAsString()).withFailMessage("The output value is not correct.").isEqualTo("<input type=\"hidden\" />");
    assertThat(this.tag.token).as("The token is not correct.").isSameAs(token);
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Test(org.junit.jupiter.api.Test)

Example 40 with DefaultCsrfToken

use of org.springframework.security.web.csrf.DefaultCsrfToken in project spring-security by spring-projects.

the class CsrfInputTagTests method handleTokenReturnsHiddenInputDifferentTokenValue.

@Test
public void handleTokenReturnsHiddenInputDifferentTokenValue() {
    CsrfToken token = new DefaultCsrfToken("X-Csrf-Token", "csrfParameter", "fooBarBazQux");
    String value = this.tag.handleToken(token);
    assertThat(value).as("The returned value should not be null.").isNotNull();
    assertThat(value).withFailMessage("The output is not correct.").isEqualTo("<input type=\"hidden\" name=\"csrfParameter\" value=\"fooBarBazQux\" />");
}
Also used : DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) CsrfToken(org.springframework.security.web.csrf.CsrfToken) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Test(org.junit.jupiter.api.Test)

Aggregations

DefaultCsrfToken (org.springframework.security.web.csrf.DefaultCsrfToken)44 Test (org.junit.jupiter.api.Test)21 CsrfToken (org.springframework.security.web.csrf.CsrfToken)21 BeforeEach (org.junit.jupiter.api.BeforeEach)8 HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)6 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)5 Cookie (javax.servlet.http.Cookie)5 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5 CsrfTokenRepository (org.springframework.security.web.csrf.CsrfTokenRepository)5 HashMap (java.util.HashMap)4 Test (org.junit.Test)4 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)4 UUID (java.util.UUID)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 MockHttpSession (org.springframework.mock.web.MockHttpSession)3 MvcResult (org.springframework.test.web.servlet.MvcResult)3 ModelAndView (org.springframework.web.servlet.ModelAndView)3 ParseException (java.text.ParseException)2 MockFilterChain (org.springframework.mock.web.MockFilterChain)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2