Skip to content

Commit

Permalink
Fix CsrfWebFilter error message when expected CSRF not found
Browse files Browse the repository at this point in the history 
Closes gh-9337
  • Loading branch information
@rwinch
rwinch committed Jan 12, 2021
1 parent 6dc2283 commit 628ea00
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
2 changes: 1 addition & 1 deletion web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ public static void skipExchange(ServerWebExchange exchange) {

private Mono<Void> validateToken(ServerWebExchange exchange) {
return this.csrfTokenRepository.loadToken(exchange)
.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("CSRF Token has been associated to this client"))))
.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("An expected CSRF token cannot be found"))))
.filterWhen(expected -> containsValidCsrfToken(exchange, expected))
.switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token"))))
.then();
Expand Down
5 changes: 3 additions & 2 deletions web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,7 @@ public class CsrfWebFilterTests {
private MockServerWebExchange get = from(
MockServerHttpRequest.get("/"));

private ServerWebExchange post = from(
MockServerHttpRequest.post("/"));
private MockServerWebExchange post = MockServerWebExchange.from(MockServerHttpRequest.post("/"));

@Test
public void filterWhenGetThenSessionNotCreatedAndChainContinues() {
Expand Down Expand Up @@ -110,6 +109,8 @@ public void filterWhenPostAndEstablishedCsrfTokenAndRequestMissingTokenThenCsrfE
.verifyComplete();

assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
StepVerifier.create(this.post.getResponse().getBodyAsString())
.assertNext(b -> assertThat(b).contains("An expected CSRF token cannot be found"));
}

@Test
Expand Down

0 comments on commit 628ea00

Please sign in to comment.