From f0996deee2844cee9cb2b094314638fdb15da373 Mon Sep 17 00:00:00 2001 From: Luc Engelen <16940687+ljpengelen@users.noreply.github.com> Date: Wed, 23 Oct 2024 22:20:30 +0200 Subject: [PATCH] Ensure overlap of GET and POST --- .../ext/web/handler/CSRFHandlerTest.java | 35 ++++++++++--------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/vertx-web/src/test/java/io/vertx/ext/web/handler/CSRFHandlerTest.java b/vertx-web/src/test/java/io/vertx/ext/web/handler/CSRFHandlerTest.java index 40e160cb47..c10ed6ca6c 100644 --- a/vertx-web/src/test/java/io/vertx/ext/web/handler/CSRFHandlerTest.java +++ b/vertx-web/src/test/java/io/vertx/ext/web/handler/CSRFHandlerTest.java @@ -440,6 +440,7 @@ public void testPostWithNoResponse() throws Exception { @Test public void simultaneousGetAndPostDoesNotOverrideTokenInSession() throws Exception { final SessionStore store = LocalSessionStore.create(vertx); + final Promise firstRequestReceived = Promise.promise(); final Promise delayedResponse = Promise.promise(); router.route().handler(BodyHandler.create()); @@ -447,6 +448,7 @@ public void simultaneousGetAndPostDoesNotOverrideTokenInSession() throws Excepti router.route("/csrf/*").handler(CSRFHandler.create(vertx, "Abracadabra")); router.route("/csrf/basic").handler(rc -> rc.response().end()); router.route("/csrf/first").handler(rc -> { + firstRequestReceived.complete(); delayedResponse.future().onComplete(v -> rc.response().end()); }); router.route("/csrf/second").handler(rc -> { @@ -468,25 +470,26 @@ public void simultaneousGetAndPostDoesNotOverrideTokenInSession() throws Excepti latch.countDown(); })); - client.request( - new RequestOptions().setMethod(HttpMethod.POST) - .putHeader("Cookie", encodeCookies()) - .putHeader(CSRFHandler.DEFAULT_HEADER_NAME, cookieJar.get(CSRFHandler.DEFAULT_COOKIE_NAME)) - .setHost("localhost").setPort(8080).setURI("/csrf/second") - ).compose(HttpClientRequest::send).onComplete(onSuccess(res -> { - Map oldState = new HashMap<>(cookieJar); - cookieJar.clear(); + firstRequestReceived.future().onComplete(ar -> + client.request( + new RequestOptions().setMethod(HttpMethod.POST) + .putHeader("Cookie", encodeCookies()) + .putHeader(CSRFHandler.DEFAULT_HEADER_NAME, cookieJar.get(CSRFHandler.DEFAULT_COOKIE_NAME)) + .setHost("localhost").setPort(8080).setURI("/csrf/second") + ).compose(HttpClientRequest::send).onComplete(onSuccess(res -> { + Map oldState = new HashMap<>(cookieJar); + cookieJar.clear(); - storeCookies(res); - assertEquals("Should only have one set-cookie", 1, cookieJar.size()); - assertTrue("Should be token cookie", cookieJar.containsKey(CSRFHandler.DEFAULT_COOKIE_NAME)); + storeCookies(res); + assertEquals("Should only have one set-cookie", 1, cookieJar.size()); + assertTrue("Should be token cookie", cookieJar.containsKey(CSRFHandler.DEFAULT_COOKIE_NAME)); - // Get the session ID back in the cookie jar - oldState.remove(CSRFHandler.DEFAULT_COOKIE_NAME); - cookieJar.putAll(oldState); + // Get the session ID back in the cookie jar + oldState.remove(CSRFHandler.DEFAULT_COOKIE_NAME); + cookieJar.putAll(oldState); - latch.countDown(); - })); + latch.countDown(); + }))); awaitLatch(latch);