Josh Cummings
parent
8717b7544a
commit
8ef2fc3837
|
|
@ -15,6 +15,7 @@
|
|||
*/
|
||||
|
||||
package org.springframework.security.web.csrf;
|
||||
|
||||
import java.util.UUID;
|
||||
import java.util.function.Consumer;
|
||||
|
||||
|
|
@ -65,11 +66,12 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
|
|||
|
||||
private int cookieMaxAge = -1;
|
||||
|
||||
private Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer = (builder) -> {};
|
||||
private Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer = (builder) -> {
|
||||
};
|
||||
|
||||
/**
|
||||
* Add a {@link Consumer} for a {@code ResponseCookieBuilder} that will be invoked
|
||||
* for each cookie being built, just before the call to {@code build()}.
|
||||
* Add a {@link Consumer} for a {@code ResponseCookieBuilder} that will be invoked for
|
||||
* each cookie being built, just before the call to {@code build()}.
|
||||
* @param cookieCustomizer consumer for a cookie builder
|
||||
* @since 6.1
|
||||
*/
|
||||
|
|
@ -88,10 +90,9 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
|
|||
String tokenValue = (token != null) ? token.getToken() : "";
|
||||
|
||||
ResponseCookie.ResponseCookieBuilder cookieBuilder = ResponseCookie.from(this.cookieName, tokenValue)
|
||||
.secure(this.secure != null ? this.secure : request.isSecure())
|
||||
.secure((this.secure != null) ? this.secure : request.isSecure())
|
||||
.path(StringUtils.hasLength(this.cookiePath) ? this.cookiePath : this.getRequestContext(request))
|
||||
.maxAge(token != null ? this.cookieMaxAge : 0)
|
||||
.httpOnly(this.cookieHttpOnly)
|
||||
.maxAge((token != null) ? this.cookieMaxAge : 0).httpOnly(this.cookieHttpOnly)
|
||||
.domain(this.cookieDomain);
|
||||
|
||||
this.cookieCustomizer.accept(cookieBuilder);
|
||||
|
|
@ -203,8 +204,8 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
|
|||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
* @since 5.2
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
*/
|
||||
@Deprecated(since = "6.1")
|
||||
public void setCookieDomain(String cookieDomain) {
|
||||
|
|
@ -212,8 +213,8 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
|
|||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
* @since 5.4
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
*/
|
||||
@Deprecated(since = "6.1")
|
||||
public void setSecure(Boolean secure) {
|
||||
|
|
@ -221,12 +222,13 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
|
|||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
* @since 5.5
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
*/
|
||||
@Deprecated(since = "6.1")
|
||||
public void setCookieMaxAge(int cookieMaxAge) {
|
||||
Assert.isTrue(cookieMaxAge != 0, "cookieMaxAge cannot be zero");
|
||||
this.cookieMaxAge = cookieMaxAge;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,11 +62,12 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
|
|||
|
||||
private int cookieMaxAge = -1;
|
||||
|
||||
private Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer = (builder) -> {};
|
||||
private Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer = (builder) -> {
|
||||
};
|
||||
|
||||
/**
|
||||
* Add a {@link Consumer} for a {@code ResponseCookieBuilder} that will be invoked
|
||||
* for each cookie being built, just before the call to {@code build()}.
|
||||
* Add a {@link Consumer} for a {@code ResponseCookieBuilder} that will be invoked for
|
||||
* each cookie being built, just before the call to {@code build()}.
|
||||
* @param cookieCustomizer consumer for a cookie builder
|
||||
* @since 6.1
|
||||
*/
|
||||
|
|
@ -175,8 +176,8 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
|
|||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
* @since 5.5
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
*/
|
||||
@Deprecated(since = "6.1")
|
||||
public void setSecure(boolean secure) {
|
||||
|
|
@ -184,8 +185,8 @@ public final class CookieServerCsrfTokenRepository implements ServerCsrfTokenRep
|
|||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
* @since 5.8
|
||||
* @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
|
||||
*/
|
||||
@Deprecated(since = "6.1")
|
||||
public void setCookieMaxAge(int cookieMaxAge) {
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ class CookieCsrfTokenRepositoryTests {
|
|||
MockHttpServletRequest request;
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
void setup() {
|
||||
this.repository = new CookieCsrfTokenRepository();
|
||||
this.request = new MockHttpServletRequest();
|
||||
this.response = new MockHttpServletResponse();
|
||||
|
|
@ -106,7 +106,7 @@ class CookieCsrfTokenRepositoryTests {
|
|||
@Test
|
||||
void saveTokenSecureFlagTrueUsingCustomizer() {
|
||||
this.request.setSecure(false);
|
||||
this.repository.setCookieCustomizer(customizer -> customizer.secure(Boolean.TRUE));
|
||||
this.repository.setCookieCustomizer((customizer) -> customizer.secure(Boolean.TRUE));
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
|
|
@ -126,7 +126,7 @@ class CookieCsrfTokenRepositoryTests {
|
|||
@Test
|
||||
void saveTokenSecureFlagFalseUsingCustomizer() {
|
||||
this.request.setSecure(true);
|
||||
this.repository.setCookieCustomizer(customizer -> customizer.secure(Boolean.FALSE));
|
||||
this.repository.setCookieCustomizer((customizer) -> customizer.secure(Boolean.FALSE));
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
|
|
@ -156,7 +156,7 @@ class CookieCsrfTokenRepositoryTests {
|
|||
|
||||
@Test
|
||||
void saveTokenHttpOnlyTrueUsingCustomizer() {
|
||||
this.repository.setCookieCustomizer(customizer -> customizer.httpOnly(true));
|
||||
this.repository.setCookieCustomizer((customizer) -> customizer.httpOnly(true));
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
|
|
@ -174,7 +174,7 @@ class CookieCsrfTokenRepositoryTests {
|
|||
|
||||
@Test
|
||||
void saveTokenHttpOnlyFalseUsingCustomizer() {
|
||||
this.repository.setCookieCustomizer(customizer -> customizer.httpOnly(false));
|
||||
this.repository.setCookieCustomizer((customizer) -> customizer.httpOnly(false));
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
|
|
@ -233,7 +233,7 @@ class CookieCsrfTokenRepositoryTests {
|
|||
@Test
|
||||
void saveTokenWithCookieDomainUsingCustomizer() {
|
||||
String domainName = "example.com";
|
||||
this.repository.setCookieCustomizer(customizer -> customizer.domain(domainName));
|
||||
this.repository.setCookieCustomizer((customizer) -> customizer.domain(domainName));
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
|
|
@ -253,7 +253,7 @@ class CookieCsrfTokenRepositoryTests {
|
|||
@Test
|
||||
void saveTokenWithCookieMaxAgeUsingCustomizer() {
|
||||
int maxAge = 1200;
|
||||
this.repository.setCookieCustomizer(customizer -> customizer.maxAge(maxAge));
|
||||
this.repository.setCookieCustomizer((customizer) -> customizer.maxAge(maxAge));
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
|
|
@ -263,31 +263,31 @@ class CookieCsrfTokenRepositoryTests {
|
|||
@Test
|
||||
void saveTokenWithSameSiteNull() {
|
||||
String sameSitePolicy = null;
|
||||
this.repository.setCookieCustomizer(customizer -> customizer.sameSite(sameSitePolicy));
|
||||
this.repository.setCookieCustomizer((customizer) -> customizer.sameSite(sameSitePolicy));
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
assertThat(((MockCookie)tokenCookie).getSameSite()).isNull();
|
||||
assertThat(((MockCookie) tokenCookie).getSameSite()).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
void saveTokenWithSameSiteStrict() {
|
||||
String sameSitePolicy = "Strict";
|
||||
this.repository.setCookieCustomizer(customizer -> customizer.sameSite(sameSitePolicy));
|
||||
this.repository.setCookieCustomizer((customizer) -> customizer.sameSite(sameSitePolicy));
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
assertThat(((MockCookie)tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
|
||||
assertThat(((MockCookie) tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
|
||||
}
|
||||
|
||||
@Test
|
||||
void saveTokenWithSameSiteLax() {
|
||||
String sameSitePolicy = "Lax";
|
||||
this.repository.setCookieCustomizer(customizer -> customizer.sameSite(sameSitePolicy));
|
||||
this.repository.setCookieCustomizer((customizer) -> customizer.sameSite(sameSitePolicy));
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
assertThat(((MockCookie)tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
|
||||
assertThat(((MockCookie) tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -394,7 +394,7 @@ class CookieCsrfTokenRepositoryTests {
|
|||
String domainName = "example.com";
|
||||
String customPath = "/custompath";
|
||||
String sameSitePolicy = "Strict";
|
||||
this.repository.setCookieCustomizer(customizer -> {
|
||||
this.repository.setCookieCustomizer((customizer) -> {
|
||||
customizer.domain(domainName);
|
||||
customizer.secure(false);
|
||||
customizer.path(customPath);
|
||||
|
|
@ -408,7 +408,7 @@ class CookieCsrfTokenRepositoryTests {
|
|||
assertThat(tokenCookie.getDomain()).isEqualTo(domainName);
|
||||
assertThat(tokenCookie.getPath()).isEqualTo(customPath);
|
||||
assertThat(tokenCookie.isHttpOnly()).isEqualTo(Boolean.TRUE);
|
||||
assertThat(((MockCookie)tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
|
||||
assertThat(((MockCookie) tokenCookie).getSameSite()).isEqualTo(sameSitePolicy);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -430,4 +430,5 @@ class CookieCsrfTokenRepositoryTests {
|
|||
void setCookieMaxAgeZeroIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieMaxAge(0));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ class CookieServerCsrfTokenRepositoryTests {
|
|||
private String expectedSameSitePolicy = null;
|
||||
|
||||
@BeforeEach
|
||||
public void setUp() {
|
||||
void setUp() {
|
||||
this.csrfTokenRepository = new CookieServerCsrfTokenRepository();
|
||||
this.request = MockServerHttpRequest.get("/someUri");
|
||||
}
|
||||
|
|
@ -156,7 +156,7 @@ class CookieServerCsrfTokenRepositoryTests {
|
|||
|
||||
CsrfToken token = createToken();
|
||||
|
||||
this.csrfTokenRepository.setCookieCustomizer(customizer -> {
|
||||
this.csrfTokenRepository.setCookieCustomizer((customizer) -> {
|
||||
customizer.domain(expectedDomain);
|
||||
customizer.maxAge(expectedMaxAge);
|
||||
customizer.path(expectedPath);
|
||||
|
|
@ -209,7 +209,7 @@ class CookieServerCsrfTokenRepositoryTests {
|
|||
@Test
|
||||
void saveTokenWhenSecureFlagTrueThenSecureUsingCustomizer() {
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
|
||||
this.csrfTokenRepository.setCookieCustomizer(customizer -> customizer.secure(true));
|
||||
this.csrfTokenRepository.setCookieCustomizer((customizer) -> customizer.secure(true));
|
||||
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
|
||||
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
|
||||
assertThat(cookie).isNotNull();
|
||||
|
|
@ -229,7 +229,7 @@ class CookieServerCsrfTokenRepositoryTests {
|
|||
@Test
|
||||
void saveTokenWhenSecureFlagFalseThenNotSecureUsingCustomizer() {
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
|
||||
this.csrfTokenRepository.setCookieCustomizer(customizer -> customizer.secure(false));
|
||||
this.csrfTokenRepository.setCookieCustomizer((customizer) -> customizer.secure(false));
|
||||
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
|
||||
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
|
||||
assertThat(cookie).isNotNull();
|
||||
|
|
@ -251,7 +251,7 @@ class CookieServerCsrfTokenRepositoryTests {
|
|||
void saveTokenWhenSecureFlagFalseAndSslInfoThenNotSecureUsingCustomizer() {
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
|
||||
this.request.sslInfo(new MockSslInfo());
|
||||
this.csrfTokenRepository.setCookieCustomizer(customizer -> customizer.secure(false));
|
||||
this.csrfTokenRepository.setCookieCustomizer((customizer) -> customizer.secure(false));
|
||||
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
|
||||
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
|
||||
assertThat(cookie).isNotNull();
|
||||
|
|
@ -325,8 +325,8 @@ class CookieServerCsrfTokenRepositoryTests {
|
|||
this.expectedMaxAge = Duration.ofSeconds(expectedCookieMaxAge);
|
||||
}
|
||||
|
||||
private void setExpectedSameSitePolicy(String sameSitePolicy){
|
||||
this.csrfTokenRepository.setCookieCustomizer(customizer -> customizer.sameSite(sameSitePolicy));
|
||||
private void setExpectedSameSitePolicy(String sameSitePolicy) {
|
||||
this.csrfTokenRepository.setCookieCustomizer((customizer) -> customizer.sameSite(sameSitePolicy));
|
||||
this.expectedSameSitePolicy = sameSitePolicy;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue