Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 13:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use setCookieCustomizer

Browse Source 
Issue gh-14132
This commit is contained in:
Josh Cummings 2025-07-09 19:16:29 -06:00
parent 7f8b9c895f
commit ee2b826362
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
1 changed files with 13 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java
View File

@ -131,13 +131,19 @@ class CookieServerCsrfTokenRepositoryTests {
@Test @Test
void saveTokenWhenCustomPropertiesThenCustomProperties() { void saveTokenWhenCustomPropertiesThenCustomProperties() {
setExpectedDomain("spring.io");
setExpectedCookieName("csrfCookie"); setExpectedCookieName("csrfCookie");
setExpectedPath("/some/path");
setExpectedHeaderName("headerName"); setExpectedHeaderName("headerName");
setExpectedParameterName("paramName"); setExpectedParameterName("paramName");
setExpectedSameSitePolicy("Strict"); this.csrfTokenRepository.setCookieCustomizer((cookie) -> {
setExpectedCookieMaxAge(3600); this.expectedPath = "/some/path";
cookie.path(this.expectedPath);
this.expectedDomain = "spring.io";
cookie.domain(this.expectedDomain);
this.expectedMaxAge = Duration.ofSeconds(3600);
cookie.maxAge(this.expectedMaxAge);
this.expectedSameSitePolicy = "Strict";
cookie.sameSite(this.expectedSameSitePolicy);
});
saveAndAssertExpectedValues(createToken()); saveAndAssertExpectedValues(createToken());
} }
@ -195,16 +201,6 @@ class CookieServerCsrfTokenRepositoryTests {
assertThat(cookie.isSecure()).isFalse(); assertThat(cookie.isSecure()).isFalse();
} }
@Test
void saveTokenWhenSecureFlagTrueThenSecure() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.csrfTokenRepository.setSecure(true);
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.isSecure()).isTrue();
}
@Test @Test
void saveTokenWhenSecureFlagTrueThenSecureUsingCustomizer() { void saveTokenWhenSecureFlagTrueThenSecureUsingCustomizer() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request); MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
@ -215,16 +211,6 @@ class CookieServerCsrfTokenRepositoryTests {
assertThat(cookie.isSecure()).isTrue(); assertThat(cookie.isSecure()).isTrue();
} }
@Test
void saveTokenWhenSecureFlagFalseThenNotSecure() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.csrfTokenRepository.setSecure(false);
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.isSecure()).isFalse();
}
@Test @Test
void saveTokenWhenSecureFlagFalseThenNotSecureUsingCustomizer() { void saveTokenWhenSecureFlagFalseThenNotSecureUsingCustomizer() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request); MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
@ -235,17 +221,6 @@ class CookieServerCsrfTokenRepositoryTests {
assertThat(cookie.isSecure()).isFalse(); assertThat(cookie.isSecure()).isFalse();
} }
@Test
void saveTokenWhenSecureFlagFalseAndSslInfoThenNotSecure() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.request.sslInfo(SslInfo.from("sessionId"));
this.csrfTokenRepository.setSecure(false);
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.isSecure()).isFalse();
}
@Test @Test
void saveTokenWhenSecureFlagFalseAndSslInfoThenNotSecureUsingCustomizer() { void saveTokenWhenSecureFlagFalseAndSslInfoThenNotSecureUsingCustomizer() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request); MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
@ -314,11 +289,6 @@ class CookieServerCsrfTokenRepositoryTests {
this.expectedParameterName = expectedParameterName; this.expectedParameterName = expectedParameterName;
} }
private void setExpectedDomain(String expectedDomain) {
this.csrfTokenRepository.setCookieDomain(expectedDomain);
this.expectedDomain = expectedDomain;
}
private void setExpectedPath(String expectedPath) { private void setExpectedPath(String expectedPath) {
this.csrfTokenRepository.setCookiePath(expectedPath); this.csrfTokenRepository.setCookiePath(expectedPath);
this.expectedPath = expectedPath; this.expectedPath = expectedPath;
@ -326,7 +296,7 @@ class CookieServerCsrfTokenRepositoryTests {
private void setExpectedHttpOnly(boolean expectedHttpOnly) { private void setExpectedHttpOnly(boolean expectedHttpOnly) {
this.expectedHttpOnly = expectedHttpOnly; this.expectedHttpOnly = expectedHttpOnly;
this.csrfTokenRepository.setCookieHttpOnly(expectedHttpOnly); this.csrfTokenRepository.setCookieCustomizer((cookie) -> cookie.httpOnly(expectedHttpOnly));
} }
private void setExpectedCookieName(String expectedCookieName) { private void setExpectedCookieName(String expectedCookieName) {
@ -335,7 +305,8 @@ class CookieServerCsrfTokenRepositoryTests {
} }
private void setExpectedCookieMaxAge(int expectedCookieMaxAge) { private void setExpectedCookieMaxAge(int expectedCookieMaxAge) {
this.csrfTokenRepository.setCookieMaxAge(expectedCookieMaxAge); Duration duration = Duration.ofSeconds(expectedCookieMaxAge);
this.csrfTokenRepository.setCookieCustomizer((cookie) -> cookie.maxAge(duration));
this.expectedMaxAge = Duration.ofSeconds(expectedCookieMaxAge); this.expectedMaxAge = Duration.ofSeconds(expectedCookieMaxAge);
} }