zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-14 08:27:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Cut over to generating new HMAC-based XSRF tokens

Browse source 
This is the second step of migrating to our new XSRF token format.  The
first step ([] made validate() start accepting new tokens
(basically, dual-read).  This step cuts over our "writing" to write the
new token format.  The third and final step will drop support for
validating the old token format (back to single-read).  We'll do that
in a subsequent push so that we don't invalidate all the current XSRF
tokens that people might have in their browsers.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=149790648
This commit is contained in:
nickfelt 2017-03-10 13:19:38 -08:00 committed by Ben McIlwain
parent ebcdae7361
commit 2353bcd8c5
7 changed files with 14 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

4
javatests/google/registry/request/RequestHandlerTest.java
View file

@ -403,7 +403,7 @@ public final class RequestHandlerTest {
userService.setUser(testUser, false);
when(req.getMethod()).thenReturn("POST");
when(req.getHeader("X-CSRF-Token"))
.thenReturn(xsrfTokenManager.generateLegacyToken("admin", testUser.getEmail()));
.thenReturn(xsrfTokenManager.generateToken(testUser.getEmail()));
when(req.getRequestURI()).thenReturn("/safe-sloth");
handler.handleRequest(req, rsp);
verify(safeSlothTask).run();
@ -414,7 +414,7 @@ public final class RequestHandlerTest {
userService.setUser(testUser, false);
when(req.getMethod()).thenReturn("POST");
when(req.getHeader("X-CSRF-Token"))
.thenReturn(xsrfTokenManager.generateLegacyToken("admin", "wrong@example.com"));
.thenReturn(xsrfTokenManager.generateToken("wrong@example.com"));
when(req.getRequestURI()).thenReturn("/safe-sloth");
handler.handleRequest(req, rsp);
verify(rsp).sendError(403, "Invalid X-CSRF-Token");