public void generateToken(UserDto user, Map<String, Object> properties, HttpServletRequest request, HttpServletResponse response) { String csrfState = jwtCsrfVerifier.generateState(request, response, sessionTimeoutInSeconds); String token = jwtSerializer.encode(new JwtSerializer.JwtSession( user.getUuid(), sessionTimeoutInSeconds, ImmutableMap.<String, Object>builder() .putAll(properties) .put(LAST_REFRESH_TIME_PARAM, system2.now()) .put(CSRF_JWT_PARAM, csrfState) .build())); response.addCookie(createCookie(request, JWT_COOKIE, token, sessionTimeoutInSeconds)); }
@Before public void setUp() throws Exception { when(system2.now()).thenReturn(NOW); when(request.getSession()).thenReturn(httpSession); when(jwtSerializer.encode(any(JwtSerializer.JwtSession.class))).thenReturn(JWT_TOKEN); when(jwtCsrfVerifier.generateState(eq(request), eq(response), anyInt())).thenReturn(CSRF_STATE); }
@Test public void generate_state() { String state = underTest.generateState(request, response, TIMEOUT); assertThat(state).isNotEmpty(); verify(response).addCookie(cookieArgumentCaptor.capture()); verifyCookie(cookieArgumentCaptor.getValue()); }
@Test public void generate_csrf_state_when_creating_token() { UserDto user = db.users().insertUser(); underTest.generateToken(user, request, response); verify(jwtCsrfVerifier).generateState(request, response, 3 * 24 * 60 * 60); verify(jwtSerializer).encode(jwtArgumentCaptor.capture()); JwtSerializer.JwtSession token = jwtArgumentCaptor.getValue(); assertThat(token.getProperties().get("xsrfToken")).isEqualTo(CSRF_STATE); }
public void generateToken(UserDto user, Map<String, Object> properties, HttpServletRequest request, HttpServletResponse response) { String csrfState = jwtCsrfVerifier.generateState(request, response, sessionTimeoutInSeconds); String token = jwtSerializer.encode(new JwtSerializer.JwtSession( user.getLogin(), sessionTimeoutInSeconds, ImmutableMap.<String, Object>builder() .putAll(properties) .put(LAST_REFRESH_TIME_PARAM, system2.now()) .put(CSRF_JWT_PARAM, csrfState) .build())); response.addCookie(createCookie(request, JWT_COOKIE, token, sessionTimeoutInSeconds)); }