From b08075a7216b9cbe311dc51f7358d32f3d30d161 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Tue, 12 Jan 2021 11:30:12 -0600
Subject: [PATCH] Fix CsrfWebFilter error message when expected CSRF not found

Closes gh-9337
---
 .../security/web/server/csrf/CsrfWebFilter.java              | 2 +-
 .../security/web/server/csrf/CsrfWebFilterTests.java         | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
index 64dcc1b6af..35cfe2a65a 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
@@ -133,7 +133,7 @@ public class CsrfWebFilter implements WebFilter {
 
 	private Mono<Void> validateToken(ServerWebExchange exchange) {
 		return this.csrfTokenRepository.loadToken(exchange)
-			.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("CSRF Token has been associated to this client"))))
+			.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("An expected CSRF token cannot be found"))))
 			.filterWhen(expected -> containsValidCsrfToken(exchange, expected))
 			.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token"))))
 			.then();
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
index 800f4806f7..617d61e1f6 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
@@ -65,8 +65,7 @@ public class CsrfWebFilterTests {
 	private MockServerWebExchange get = from(
 		MockServerHttpRequest.get("/"));
 
-	private ServerWebExchange post = from(
-		MockServerHttpRequest.post("/"));
+	private MockServerWebExchange post = MockServerWebExchange.from(MockServerHttpRequest.post("/"));
 
 	@Test
 	public void filterWhenGetThenSessionNotCreatedAndChainContinues() {
@@ -110,6 +109,8 @@ public class CsrfWebFilterTests {
 			.verifyComplete();
 
 		assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
+		StepVerifier.create(this.post.getResponse().getBodyAsString())
+				.assertNext(b -> assertThat(b).contains("An expected CSRF token cannot be found"));
 	}
 
 	@Test