Skip to content

Commit

Permalink
Ensure overlap of GET and POST
Browse files Browse the repository at this point in the history
  • Loading branch information
@ljpengelen @vietj
ljpengelen authored and vietj committed Oct 24, 2024
1 parent b677460 commit f0996de
Showing 1 changed file with 19 additions and 16 deletions.
35 changes: 19 additions & 16 deletions vertx-web/src/test/java/io/vertx/ext/web/handler/CSRFHandlerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -440,13 +440,15 @@ public void testPostWithNoResponse() throws Exception {
@Test
public void simultaneousGetAndPostDoesNotOverrideTokenInSession() throws Exception {
final SessionStore store = LocalSessionStore.create(vertx);
final Promise<Void> firstRequestReceived = Promise.promise();
final Promise<Void> delayedResponse = Promise.promise();

router.route().handler(BodyHandler.create());
router.route().handler(SessionHandler.create(store));
router.route("/csrf/*").handler(CSRFHandler.create(vertx, "Abracadabra"));
router.route("/csrf/basic").handler(rc -> rc.response().end());
router.route("/csrf/first").handler(rc -> {
firstRequestReceived.complete();
delayedResponse.future().onComplete(v -> rc.response().end());
});
router.route("/csrf/second").handler(rc -> {
Expand All @@ -468,25 +470,26 @@ public void simultaneousGetAndPostDoesNotOverrideTokenInSession() throws Excepti
latch.countDown();
}));

client.request(
new RequestOptions().setMethod(HttpMethod.POST)
.putHeader("Cookie", encodeCookies())
.putHeader(CSRFHandler.DEFAULT_HEADER_NAME, cookieJar.get(CSRFHandler.DEFAULT_COOKIE_NAME))
.setHost("localhost").setPort(8080).setURI("/csrf/second")
).compose(HttpClientRequest::send).onComplete(onSuccess(res -> {
Map<String, String> oldState = new HashMap<>(cookieJar);
cookieJar.clear();
firstRequestReceived.future().onComplete(ar ->
client.request(
new RequestOptions().setMethod(HttpMethod.POST)
.putHeader("Cookie", encodeCookies())
.putHeader(CSRFHandler.DEFAULT_HEADER_NAME, cookieJar.get(CSRFHandler.DEFAULT_COOKIE_NAME))
.setHost("localhost").setPort(8080).setURI("/csrf/second")
).compose(HttpClientRequest::send).onComplete(onSuccess(res -> {
Map<String, String> oldState = new HashMap<>(cookieJar);
cookieJar.clear();

storeCookies(res);
assertEquals("Should only have one set-cookie", 1, cookieJar.size());
assertTrue("Should be token cookie", cookieJar.containsKey(CSRFHandler.DEFAULT_COOKIE_NAME));
storeCookies(res);
assertEquals("Should only have one set-cookie", 1, cookieJar.size());
assertTrue("Should be token cookie", cookieJar.containsKey(CSRFHandler.DEFAULT_COOKIE_NAME));

// Get the session ID back in the cookie jar
oldState.remove(CSRFHandler.DEFAULT_COOKIE_NAME);
cookieJar.putAll(oldState);
// Get the session ID back in the cookie jar
oldState.remove(CSRFHandler.DEFAULT_COOKIE_NAME);
cookieJar.putAll(oldState);

latch.countDown();
}));
latch.countDown();
})));

awaitLatch(latch);

Expand Down

0 comments on commit f0996de

Please # to comment.