Merge branch '6.4.x'

Add TestBytes

Closes gh-16462

web/src/test/java/org/springframework/security/web/webauthn/api/TestBytes.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2002-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.webauthn.api;
+
+/**
+ * @author Rob Winch
+ */
+public final class TestBytes {
+
+	public static Bytes get() {
+		return Bytes.fromBase64("OSCtNugR-n4YR4ozlHRa-CKXzY9v-yMKtQGcvui5xN8");
+	}
+
+	private TestBytes() {
+	}
+
+}

web/src/test/java/org/springframework/security/web/webauthn/api/TestPublicKeyCredentialUserEntity.java

@@ -21,7 +21,7 @@ import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentia
 public final class TestPublicKeyCredentialUserEntity {
 
 	public static PublicKeyCredentialUserEntityBuilder userEntity() {
-		return ImmutablePublicKeyCredentialUserEntity.builder().name("user").id(Bytes.random()).displayName("user");
+		return ImmutablePublicKeyCredentialUserEntity.builder().name("user").id(TestBytes.get()).displayName("user");
 	}
 
 	private TestPublicKeyCredentialUserEntity() {

web/src/test/java/org/springframework/security/web/webauthn/management/MapUserCredentialRepositoryTests.java

@@ -20,9 +20,9 @@ import java.time.Instant;
 
 import org.junit.jupiter.api.Test;
 
-import org.springframework.security.web.webauthn.api.Bytes;
 import org.springframework.security.web.webauthn.api.CredentialRecord;
 import org.springframework.security.web.webauthn.api.ImmutableCredentialRecord;
+import org.springframework.security.web.webauthn.api.TestBytes;
 import org.springframework.security.web.webauthn.api.TestCredentialRecord;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -41,7 +41,7 @@ class MapUserCredentialRepositoryTests {
 
 	@Test
 	void findByUserIdWhenNotFoundThenEmpty() {
-		assertThat(this.userCredentials.findByUserId(Bytes.random())).isEmpty();
+		assertThat(this.userCredentials.findByUserId(TestBytes.get())).isEmpty();
 	}
 
 	@Test
@@ -56,7 +56,7 @@ class MapUserCredentialRepositoryTests {
 
 	@Test
 	void findByCredentialIdWhenNotFoundThenIllegalArgumentException() {
-		assertThat(this.userCredentials.findByCredentialId(Bytes.random())).isNull();
+		assertThat(this.userCredentials.findByCredentialId(TestBytes.get())).isNull();
 	}
 
 	@Test
@@ -114,7 +114,7 @@ class MapUserCredentialRepositoryTests {
 		ImmutableCredentialRecord credentialRecord = TestCredentialRecord.userCredential().build();
 		this.userCredentials.save(credentialRecord);
 		CredentialRecord newCredentialRecord = ImmutableCredentialRecord.fromCredentialRecord(credentialRecord)
-			.credentialId(Bytes.random())
+			.credentialId(TestBytes.get())
 			.build();
 		this.userCredentials.save(newCredentialRecord);
 		assertThat(this.userCredentials.findByCredentialId(credentialRecord.getCredentialId()))
@@ -130,8 +130,8 @@ class MapUserCredentialRepositoryTests {
 		ImmutableCredentialRecord credentialRecord = TestCredentialRecord.userCredential().build();
 		this.userCredentials.save(credentialRecord);
 		CredentialRecord newCredentialRecord = ImmutableCredentialRecord.fromCredentialRecord(credentialRecord)
-			.userEntityUserId(Bytes.random())
+			.userEntityUserId(TestBytes.get())
-			.credentialId(Bytes.random())
+			.credentialId(TestBytes.get())
 			.build();
 		this.userCredentials.save(newCredentialRecord);
 		assertThat(this.userCredentials.findByCredentialId(credentialRecord.getCredentialId()))

web/src/test/java/org/springframework/security/web/webauthn/registration/DefaultWebAuthnRegistrationPageGeneratingFilterTests.java

@@ -31,10 +31,10 @@ import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
-import org.springframework.security.web.webauthn.api.Bytes;
 import org.springframework.security.web.webauthn.api.ImmutableCredentialRecord;
 import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
+import org.springframework.security.web.webauthn.api.TestBytes;
 import org.springframework.security.web.webauthn.api.TestCredentialRecord;
 import org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository;
 import org.springframework.security.web.webauthn.management.UserCredentialRepository;
@@ -88,7 +88,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests {
 	void doFilterThenCsrfDataAttrsPresent() throws Exception {
 		PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder()
 			.name("user")
-			.id(Bytes.random())
+			.id(TestBytes.get())
 			.displayName("User")
 			.build();
 		given(this.userEntities.findByUsername(any())).willReturn(userEntity);
@@ -115,7 +115,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests {
 	void doFilterWhenNoCredentialsThenNoResults() throws Exception {
 		PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder()
 			.name("user")
-			.id(Bytes.random())
+			.id(TestBytes.get())
 			.displayName("User")
 			.build();
 		given(this.userEntities.findByUsername(any())).willReturn(userEntity);
@@ -129,7 +129,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests {
 	void doFilterWhenResultsThenDisplayed() throws Exception {
 		PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder()
 			.name("user")
-			.id(Bytes.random())
+			.id(TestBytes.get())
 			.displayName("User")
 			.build();
 
@@ -225,7 +225,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests {
 		assertThat(label).isNotEqualTo(htmlEncodedLabel);
 		PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder()
 			.name("user")
-			.id(Bytes.random())
+			.id(TestBytes.get())
 			.displayName("User")
 			.build();
 		ImmutableCredentialRecord credential = TestCredentialRecord.userCredential().label(label).build();
@@ -240,7 +240,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests {
 	void doFilterWhenContextEmptyThenUrlsEmptyPrefix() throws Exception {
 		PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder()
 			.name("user")
-			.id(Bytes.random())
+			.id(TestBytes.get())
 			.displayName("User")
 			.build();
 		ImmutableCredentialRecord credential = TestCredentialRecord.userCredential().build();
@@ -256,7 +256,7 @@ class DefaultWebAuthnRegistrationPageGeneratingFilterTests {
 	void doFilterWhenContextNotEmptyThenUrlsPrefixed() throws Exception {
 		PublicKeyCredentialUserEntity userEntity = ImmutablePublicKeyCredentialUserEntity.builder()
 			.name("user")
-			.id(Bytes.random())
+			.id(TestBytes.get())
 			.displayName("User")
 			.build();
 		ImmutableCredentialRecord credential = TestCredentialRecord.userCredential().build();