@Override public void doFilter(HttpServletRequest wrappedRequest) { assertThat(wrappedRequest.getSession().getId()).isNotEqualTo(id); } });
@Override public void doFilter(HttpServletRequest wrappedRequest) { HttpSession originalSession = wrappedRequest.getSession(); assertThat(originalSession.getId()).isEqualTo(originalSessionId); String changeSessionId = ReflectionTestUtils.invokeMethod(wrappedRequest, "changeSessionId"); assertThat(changeSessionId).isNotEqualTo(originalSessionId); // gh-227 assertThat(originalSession.getId()).isEqualTo(changeSessionId); } });
@Test public void shouldReEncryptUsingNewKey() throws DecoderException, CryptoException { String originalCipherText = "mvcX9yrQsM4iPgm1tDxN1A=="; String newCipherText = DESEncrypter.reEncryptUsingNewKey(decodeHex("269298bc31c44620"), decodeHex("02644c13cb892962"), originalCipherText); assertThat(originalCipherText).isNotEqualTo(newCipherText); DESCipherProvider newCipher = mock(DESCipherProvider.class); when(newCipher.getKey()).thenReturn(decodeHex("02644c13cb892962")); DESEncrypter newEncrypter = new DESEncrypter(newCipher); assertThat(newEncrypter.decrypt(newCipherText)).isEqualTo("user-password!"); } }
@Test public void standard() throws Exception { CryptoAssumptions.assumeCBCJCE(); BytesEncryptor encryptor = Encryptors.standard("password", "5c0744940b5c369b"); byte[] result = encryptor.encrypt("text".getBytes("UTF-8")); assertThat(result).isNotNull(); assertThat(new String(result).equals("text")).isFalse(); assertThat(new String(encryptor.decrypt(result))).isEqualTo("text"); assertThat(new String(result)).isNotEqualTo( new String(encryptor.encrypt("text".getBytes()))); }
@Test public void stronger() throws Exception { CryptoAssumptions.assumeGCMJCE(); BytesEncryptor encryptor = Encryptors.stronger("password", "5c0744940b5c369b"); byte[] result = encryptor.encrypt("text".getBytes("UTF-8")); assertThat(result).isNotNull(); assertThat(new String(result).equals("text")).isFalse(); assertThat(new String(encryptor.decrypt(result))).isEqualTo("text"); assertThat(new String(result)).isNotEqualTo( new String(encryptor.encrypt("text".getBytes()))); }
@Test public void matches() { String result = encoder.encode("password"); assertThat(result).isNotEqualTo("password"); assertThat(encoder.matches("password", result)).isTrue(); }
ResultMatcher csrfChanged(MvcResult first) { return (second) -> { assertThat(first).isNotNull(); assertThat(second).isNotNull(); assertThat(first.getResponse().getContentAsString()) .isNotEqualTo(second.getResponse().getContentAsString()); }; }
@Test public void shouldBeDifferentToEachOther() throws UnsupportedEncodingException { final SamlRequestIdManager manager = SamlRequestIdManager.ofJwt("me", "test", 60, 5); final String id1 = manager.newId(); final String id2 = manager.newId(); final String id3 = manager.newId(); assertThat(id1).isNotEqualTo(id2).isNotEqualTo(id3); assertThat(id2).isNotEqualTo(id3); }
@Test public void matches() { SCryptPasswordEncoder encoder = new SCryptPasswordEncoder(); String result = encoder.encode("password"); assertThat(result).isNotEqualTo("password"); assertThat(encoder.matches("password", result)).isTrue(); }
@Test public void customParameters() { SCryptPasswordEncoder encoder = new SCryptPasswordEncoder(512, 8, 4, 32, 16); String result = encoder.encode("password"); assertThat(result).isNotEqualTo("password"); assertThat(encoder.matches("password", result)).isTrue(); }
@Test public void encodeSamePasswordMultipleTimesDiffers() { String password = "password"; String encodeFirst = this.encoder.encode(password); String encodeSecond = this.encoder.encode(password); assertThat(encodeFirst).isNotEqualTo(encodeSecond); }
@Test public void testToString() { Spiffy s1 = dbRule.getSharedHandle().attach(Spiffy.class); Spiffy s2 = dbRule.getSharedHandle().attach(Spiffy.class); assertThat(s1.toString()).isNotNull(); assertThat(s2.toString()).isNotNull(); assertThat(s1.toString()).isNotEqualTo(s2.toString()); }
@Test public void differentPasswordHashes() { SCryptPasswordEncoder encoder = new SCryptPasswordEncoder(); String password = "secret"; assertThat(encoder.encode(password)).isNotEqualTo(encoder.encode(password)); }
@Test public void testArgumentWithoutToString() { handle.createUpdate(INSERT_POSITIONAL).bind(0, (position, statement, ctx) -> statement.setString(1, "derp")).execute(); assertThat(positional).isNotEqualTo("derp"); }
private void assertNewSession() { Cookie cookie = getSessionCookie(); assertThat(cookie).isNotNull(); assertThat(cookie.getMaxAge()).isEqualTo(-1); assertThat(cookie.getValue()).isNotEqualTo("INVALID"); assertThat(cookie.isHttpOnly()).describedAs("Cookie is expected to be HTTP Only") .isTrue(); assertThat(cookie.getSecure()) .describedAs( "Cookie secured is expected to be " + this.request.isSecure()) .isEqualTo(this.request.isSecure()); assertThat(this.request.getSession(false)) .describedAs("The original HttpServletRequest HttpSession should be null") .isNull(); }
@Test public void resolveWhenAuthorizationRequestRedirectUriTemplatedThenRedirectUriExpanded() { ClientRegistration clientRegistration = this.registration2; String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo( clientRegistration.getRedirectUriTemplate()); assertThat(authorizationRequest.getRedirectUri()).isEqualTo( "http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); }
@Test public void resolveWhenAuthorizationRequestRedirectUriTemplatedThenRedirectUriExpandedExcludesQueryString() { ClientRegistration clientRegistration = this.registration2; String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); request.setQueryString("foo=bar"); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo( clientRegistration.getRedirectUriTemplate()); assertThat(authorizationRequest.getRedirectUri()).isEqualTo( "http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); }
@Test public void changeSessionIdThenPreserveParameters() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.getSession(); request.setServletPath("/login"); request.setMethod("POST"); request.setParameter("username", "user"); request.setParameter("password", "password"); request.getSession().setAttribute("attribute1", "value1"); String id = request.getSession().getId(); loadContext("<http>\n" + " <form-login/>\n" + " <session-management/>\n" + " <csrf disabled='true'/>\n" + " </http>" + XML_AUTHENTICATION_MANAGER); springSecurityFilterChain.doFilter(request, response, chain); assertThat(request.getSession().getId()).isNotEqualTo(id); assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1"); }
@Test public void changeSessionId() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.getSession(); request.setServletPath("/login"); request.setMethod("POST"); request.setParameter("username", "user"); request.setParameter("password", "password"); String id = request.getSession().getId(); loadContext("<http>\n" + " <form-login/>\n" + " <session-management session-fixation-protection='changeSessionId'/>\n" + " <csrf disabled='true'/>\n" + " </http>" + XML_AUTHENTICATION_MANAGER); springSecurityFilterChain.doFilter(request, response, chain); assertThat(request.getSession().getId()).isNotEqualTo(id); }
@Test public void requestWhenSessionFixationProtectionIsMigrateSessionThenSessionIsReplaced() throws Exception { this.spring.configLocations(this.xml("SessionFixationProtectionMigrateSession")).autowire(); MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); MvcResult result = this.mvc.perform(get("/auth") .session(session) .with(httpBasic("user", "password"))) .andExpect(session()) .andReturn(); assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId); }