|
@@ -1,5 +1,6 @@
|
|
|
package org.springframework.security.web.authentication.rememberme;
|
|
package org.springframework.security.web.authentication.rememberme;
|
|
|
|
|
|
|
|
|
|
+import static org.fest.assertions.Assertions.*;
|
|
|
import static org.powermock.api.mockito.PowerMockito.*;
|
|
import static org.powermock.api.mockito.PowerMockito.*;
|
|
|
import static org.junit.Assert.assertEquals;
|
|
import static org.junit.Assert.assertEquals;
|
|
|
import static org.junit.Assert.assertFalse;
|
|
import static org.junit.Assert.assertFalse;
|
|
@@ -352,6 +353,45 @@ public class AbstractRememberMeServicesTests {
|
|
|
assertNull(ReflectionTestUtils.getField(services, "setHttpOnlyMethod"));
|
|
assertNull(ReflectionTestUtils.getField(services, "setHttpOnlyMethod"));
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ // SEC-2791
|
|
|
|
|
+ @Test
|
|
|
|
|
+ public void setCookieMaxAge0VersionSet() {
|
|
|
|
|
+ MockRememberMeServices services = new MockRememberMeServices();
|
|
|
|
|
+ MockHttpServletRequest request = new MockHttpServletRequest();
|
|
|
|
|
+ MockHttpServletResponse response = new MockHttpServletResponse();
|
|
|
|
|
+
|
|
|
|
|
+ services.setCookie(new String[] {"value"}, 0, request, response);
|
|
|
|
|
+
|
|
|
|
|
+ Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
|
|
|
|
|
+ assertThat(cookie.getVersion()).isEqualTo(1);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ // SEC-2791
|
|
|
|
|
+ @Test
|
|
|
|
|
+ public void setCookieMaxAgeNegativeVersionSet() {
|
|
|
|
|
+ MockRememberMeServices services = new MockRememberMeServices();
|
|
|
|
|
+ MockHttpServletRequest request = new MockHttpServletRequest();
|
|
|
|
|
+ MockHttpServletResponse response = new MockHttpServletResponse();
|
|
|
|
|
+
|
|
|
|
|
+ services.setCookie(new String[] {"value"}, -1, request, response);
|
|
|
|
|
+
|
|
|
|
|
+ Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
|
|
|
|
|
+ assertThat(cookie.getVersion()).isEqualTo(1);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ // SEC-2791
|
|
|
|
|
+ @Test
|
|
|
|
|
+ public void setCookieMaxAge1VersionSet() {
|
|
|
|
|
+ MockRememberMeServices services = new MockRememberMeServices();
|
|
|
|
|
+ MockHttpServletRequest request = new MockHttpServletRequest();
|
|
|
|
|
+ MockHttpServletResponse response = new MockHttpServletResponse();
|
|
|
|
|
+
|
|
|
|
|
+ services.setCookie(new String[] {"value"}, 1, request, response);
|
|
|
|
|
+
|
|
|
|
|
+ Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
|
|
|
|
|
+ assertThat(cookie.getVersion()).isEqualTo(0);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
private Cookie[] createLoginCookie(String cookieToken) {
|
|
private Cookie[] createLoginCookie(String cookieToken) {
|
|
|
MockRememberMeServices services = new MockRememberMeServices();
|
|
MockRememberMeServices services = new MockRememberMeServices();
|
|
|
Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
|
|
Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
|
Rob Winch