Fix tests for deferred CSRF tokens

Issue gh-4001
2022-10-05 16:09:18 -05:00 · 2022-10-05 16:09:18 -05:00 · ee9449dbfe
parent 521cdfd738
commit ee9449dbfe
1 changed files with 10 additions and 5 deletions
--- a/web/src/test/java/org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandlerTests.java
@ -105,9 +105,11 @@ public class XorCsrfTokenRequestAttributeHandlerTests {

 	@Test
 	public void handleWhenCsrfTokenIsNullThenThrowsIllegalStateException() {
+		this.handler.handle(this.request, this.response, () -> null);
+		CsrfToken csrfTokenAttribute = (CsrfToken) this.request.getAttribute("_csrf");
 		// @formatter:off
 		assertThatIllegalStateException()
-				.isThrownBy(() -> this.handler.handle(this.request, this.response, () -> null))
+				.isThrownBy(csrfTokenAttribute::getToken)
 				.withMessage("csrfToken supplier returned null");
 		// @formatter:on
 	}
@ -128,8 +130,12 @@ public class XorCsrfTokenRequestAttributeHandlerTests {

 	@Test
 	public void handleWhenSecureRandomSetThenUsed() {
+		willAnswer(fillByteArray()).given(this.secureRandom).nextBytes(anyByteArray());
+
 		this.handler.setSecureRandom(this.secureRandom);
 		this.handler.handle(this.request, this.response, () -> this.token);
+		CsrfToken csrfTokenAttribute = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName());
+		assertThat(csrfTokenAttribute.getToken()).isEqualTo(XOR_CSRF_TOKEN_VALUE);
 		verify(this.secureRandom).nextBytes(anyByteArray());
 		verifyNoMoreInteractions(this.secureRandom);
 	}
@ -140,12 +146,11 @@ public class XorCsrfTokenRequestAttributeHandlerTests {

 		this.handler.setSecureRandom(this.secureRandom);
 		this.handler.handle(this.request, this.response, () -> this.token);
-		verify(this.secureRandom).nextBytes(anyByteArray());
-		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isNotNull();
-		assertThat(this.request.getAttribute(this.token.getParameterName())).isNotNull();
-
 		CsrfToken csrfTokenAttribute = (CsrfToken) this.request.getAttribute(CsrfToken.class.getName());
 		assertThat(csrfTokenAttribute.getToken()).isEqualTo(XOR_CSRF_TOKEN_VALUE);
+		verify(this.secureRandom).nextBytes(anyByteArray());
+		assertThat(this.request.getAttribute(CsrfToken.class.getName())).isNotNull();
+		assertThat(this.request.getAttribute("_csrf")).isNotNull();
 	}

 	@Test