diff --git a/web/src/test/java/org/springframework/security/web/webauthn/api/TestBytes.java b/web/src/test/java/org/springframework/security/web/webauthn/api/TestBytes.java new file mode 100644 index 0000000000..b8850c12de --- /dev/null +++ b/web/src/test/java/org/springframework/security/web/webauthn/api/TestBytes.java @@ -0,0 +1,31 @@ +/* + * Copyright 2002-2025 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.web.webauthn.api; + +/** + * @author Rob Winch + */ +public final class TestBytes { + + public static Bytes get() { + return Bytes.fromBase64("OSCtNugR-n4YR4ozlHRa-CKXzY9v-yMKtQGcvui5xN8"); + } + + private TestBytes() { + } + +} diff --git a/web/src/test/java/org/springframework/security/web/webauthn/api/TestPublicKeyCredentialUserEntity.java b/web/src/test/java/org/springframework/security/web/webauthn/api/TestPublicKeyCredentialUserEntity.java index 704e6ce17f..cc35752d15 100644 --- a/web/src/test/java/org/springframework/security/web/webauthn/api/TestPublicKeyCredentialUserEntity.java +++ b/web/src/test/java/org/springframework/security/web/webauthn/api/TestPublicKeyCredentialUserEntity.java @@ -21,7 +21,7 @@ import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentia public final class TestPublicKeyCredentialUserEntity { public static PublicKeyCredentialUserEntityBuilder userEntity() { - return ImmutablePublicKeyCredentialUserEntity.builder().name("user").id(Bytes.random()).displayName("user"); + return ImmutablePublicKeyCredentialUserEntity.builder().name("user").id(TestBytes.get()).displayName("user"); } private TestPublicKeyCredentialUserEntity() { diff --git a/web/src/test/java/org/springframework/security/web/webauthn/management/MapUserCredentialRepositoryTests.java b/web/src/test/java/org/springframework/security/web/webauthn/management/MapUserCredentialRepositoryTests.java index 36081973f8..d14e98df12 100644 --- a/web/src/test/java/org/springframework/security/web/webauthn/management/MapUserCredentialRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/webauthn/management/MapUserCredentialRepositoryTests.java @@ -20,9 +20,9 @@ import java.time.Instant; import org.junit.jupiter.api.Test; -import org.springframework.security.web.webauthn.api.Bytes; import org.springframework.security.web.webauthn.api.CredentialRecord; import org.springframework.security.web.webauthn.api.ImmutableCredentialRecord; +import org.springframework.security.web.webauthn.api.TestBytes; import org.springframework.security.web.webauthn.api.TestCredentialRecord; import static org.assertj.core.api.Assertions.assertThat; @@ -41,7 +41,7 @@ class MapUserCredentialRepositoryTests { @Test void findByUserIdWhenNotFoundThenEmpty() { - assertThat(this.userCredentials.findByUserId(Bytes.random())).isEmpty(); + assertThat(this.userCredentials.findByUserId(TestBytes.get())).isEmpty(); } @Test @@ -56,7 +56,7 @@ class MapUserCredentialRepositoryTests { @Test void findByCredentialIdWhenNotFoundThenIllegalArgumentException() { - assertThat(this.userCredentials.findByCredentialId(Bytes.random())).isNull(); + assertThat(this.userCredentials.findByCredentialId(TestBytes.get())).isNull(); } @Test @@ -114,7 +114,7 @@ class MapUserCredentialRepositoryTests { ImmutableCredentialRecord credentialRecord = TestCredentialRecord.userCredential().build(); this.userCredentials.save(credentialRecord); CredentialRecord newCredentialRecord = ImmutableCredentialRecord.fromCredentialRecord(credentialRecord) - .credentialId(Bytes.random()) + .credentialId(TestBytes.get()) .build(); this.userCredentials.save(newCredentialRecord); assertThat(this.userCredentials.findByCredentialId(credentialRecord.getCredentialId())) @@ -130,8 +130,8 @@ class MapUserCredentialRepositoryTests { ImmutableCredentialRecord credentialRecord = TestCredentialRecord.userCredential().build(); this.userCredentials.save(credentialRecord); CredentialRecord newCredentialRecord = ImmutableCredentialRecord.fromCredentialRecord(credentialRecord) - .userEntityUserId(Bytes.random()) - .credentialId(Bytes.random()) + .userEntityUserId(TestBytes.get()) + .credentialId(TestBytes.get()) .build(); this.userCredentials.save(newCredentialRecord); assertThat(this.userCredentials.findByCredentialId(credentialRecord.getCredentialId())) diff --git a/web/src/test/java/org/springframework/security/web/webauthn/registration/DefaultWebAuthnRegistrationPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/webauthn/registration/DefaultWebAuthnRegistrationPageGeneratingFilterTests.java index 03fe8d0fec..7f681cc1dc 100644 --- a/web/src/test/java/org/springframework/security/web/webauthn/registration/DefaultWebAuthnRegistrationPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/webauthn/registration/DefaultWebAuthnRegistrationPageGeneratingFilterTests.java @@ -31,10 +31,10 @@ import org.springframework.http.MediaType; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.web.csrf.CsrfToken; import org.springframework.security.web.csrf.DefaultCsrfToken; -import org.springframework.security.web.webauthn.api.Bytes; import org.springframework.security.web.webauthn.api.ImmutableCredentialRecord; import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity; import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity; +import org.springframework.security.web.webauthn.api.TestBytes; import org.springframework.security.web.webauthn.api.TestCredentialRecord; import org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository; import org.springframework.security.web.webauthn.management.UserCredentialRepository; @@ -88,7 +88,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests { void doFilterThenCsrfDataAttrsPresent() throws Exception { PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder() .name("user") - .id(Bytes.random()) + .id(TestBytes.get()) .displayName("User") .build(); given(this.userEntities.findByUsername(any())).willReturn(userEntity); @@ -115,7 +115,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests { void doFilterWhenNoCredentialsThenNoResults() throws Exception { PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder() .name("user") - .id(Bytes.random()) + .id(TestBytes.get()) .displayName("User") .build(); given(this.userEntities.findByUsername(any())).willReturn(userEntity); @@ -129,7 +129,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests { void doFilterWhenResultsThenDisplayed() throws Exception { PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder() .name("user") - .id(Bytes.random()) + .id(TestBytes.get()) .displayName("User") .build(); @@ -225,7 +225,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests { assertThat(label).isNotEqualTo(htmlEncodedLabel); PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder() .name("user") - .id(Bytes.random()) + .id(TestBytes.get()) .displayName("User") .build(); ImmutableCredentialRecord credential = TestCredentialRecord.userCredential().label(label).build(); @@ -240,7 +240,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests { void doFilterWhenContextEmptyThenUrlsEmptyPrefix() throws Exception { PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder() .name("user") - .id(Bytes.random()) + .id(TestBytes.get()) .displayName("User") .build(); ImmutableCredentialRecord credential = TestCredentialRecord.userCredential().build(); @@ -256,7 +256,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests { void doFilterWhenContextNotEmptyThenUrlsPrefixed() throws Exception { PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder() .name("user") - .id(Bytes.random()) + .id(TestBytes.get()) .displayName("User") .build(); ImmutableCredentialRecord credential = TestCredentialRecord.userCredential().build();