From 0aa25f77f7643c220ce7578a1b64e6cc2ac39ff8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20=C3=89pardaud?= Date: Mon, 16 Sep 2024 14:35:03 +0200 Subject: [PATCH] CSRF module change caused a config change too --- .../io/quarkiverse/renarde/test/CsrfDisabledTest.java | 2 +- docs/modules/ROOT/pages/security.adoc | 2 +- test/src/main/java/io/quarkiverse/renarde/test/CSRF.java | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deployment/src/test/java/io/quarkiverse/renarde/test/CsrfDisabledTest.java b/deployment/src/test/java/io/quarkiverse/renarde/test/CsrfDisabledTest.java index 5146c0ba..691bedc1 100644 --- a/deployment/src/test/java/io/quarkiverse/renarde/test/CsrfDisabledTest.java +++ b/deployment/src/test/java/io/quarkiverse/renarde/test/CsrfDisabledTest.java @@ -26,7 +26,7 @@ public class CsrfDisabledTest { .setArchiveProducer(() -> ShrinkWrap.create(JavaArchive.class) .addClasses(MyController.class) .addAsResource(new StringAsset("{#authenticityToken/}"), "templates/MyController/csrf.txt") - .addAsResource(new StringAsset("quarkus.csrf-reactive.enabled=false"), "application.properties") + .addAsResource(new StringAsset("quarkus.rest-csrf.enabled=false"), "application.properties") .addAsManifestResource(EmptyAsset.INSTANCE, "beans.xml")); @TestHTTPResource diff --git a/docs/modules/ROOT/pages/security.adoc b/docs/modules/ROOT/pages/security.adoc index 24b276af..f590104d 100644 --- a/docs/modules/ROOT/pages/security.adoc +++ b/docs/modules/ROOT/pages/security.adoc @@ -10,7 +10,7 @@ a mix of both. == CSRF Renarde comes with built-in support for https://owasp.org/www-community/attacks/csrf[Cross-Site Request Forgery (CSRF)] protection, -via the (already imported) {quarkus-guides-url}/security-csrf-prevention[`quarkus-csrf-reactive`] module dependency. +via the (already imported) {quarkus-guides-url}/security-csrf-prevention[`quarkus-rest-csrf`] module dependency. To be safe, make sure that all your `GET`, `HEAD` and `OPTIONS` endpoints do not alter application state, and always include a CSRF token to your `POST`, `PUT`, `DELETE` (and other) endpoints. On your endpoint side, you diff --git a/test/src/main/java/io/quarkiverse/renarde/test/CSRF.java b/test/src/main/java/io/quarkiverse/renarde/test/CSRF.java index c0ec6c04..e62b7deb 100644 --- a/test/src/main/java/io/quarkiverse/renarde/test/CSRF.java +++ b/test/src/main/java/io/quarkiverse/renarde/test/CSRF.java @@ -15,8 +15,8 @@ public class CSRF { public static String makeCSRFToken() { Optional tokenSignatureKey = ConfigProvider.getConfig() - .getOptionalValue("quarkus.csrf-reactive.token-signature-key", String.class); - Optional tokenSize = ConfigProvider.getConfig().getOptionalValue("quarkus.csrf-reactive.token-size", + .getOptionalValue("quarkus.rest-csrf.token-signature-key", String.class); + Optional tokenSize = ConfigProvider.getConfig().getOptionalValue("quarkus.rest-csrf.token-size", Integer.class); byte[] tokenBytes = new byte[tokenSize.orElse(16)]; secureRandom.nextBytes(tokenBytes); @@ -27,12 +27,12 @@ public static String makeCSRFToken() { } public static String getTokenCookieName() { - return ConfigProvider.getConfig().getOptionalValue("quarkus.csrf-reactive.cookie-name", String.class) + return ConfigProvider.getConfig().getOptionalValue("quarkus.rest-csrf.cookie-name", String.class) .orElse("csrf-token"); } public static String getTokenFormName() { - return ConfigProvider.getConfig().getOptionalValue("quarkus.csrf-reactive.form-field-name", String.class) + return ConfigProvider.getConfig().getOptionalValue("quarkus.rest-csrf.form-field-name", String.class) .orElse("csrf-token"); } }