test(TypeScript): ensure CSRF token is updated when session is invali…

…dated Fixes #9164
vaadin · Nov 5, 2020 · ab2ce00 · ab2ce00
1 parent b4a8c3e
commit ab2ce00
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 0 deletions.
diff --git a/flow-tests/test-ccdm/frontend/client-router.js b/flow-tests/test-ccdm/frontend/client-router.js
@@ -42,6 +42,7 @@ export function loadRouter(flow) {
   navigationContainer.appendChild(createNavigationLink('Prevent leaving view', 'prevent-leaving'));
   navigationContainer.appendChild(createNavigationLink('View with home button', 'serverview/view-with-home-button'));
   navigationContainer.appendChild(createNavigationLink('View with server view button', 'view-with-server-view-button'));
+  navigationContainer.appendChild(createNavigationLink('Invalidate session view', 'invalidatesessionview'));
   routerContainer.appendChild(navigationContainer);
 
   const outlet = document.createElement('div');

diff --git a/flow-tests/test-ccdm/src/main/java/com/vaadin/flow/ccdmtest/InvalidateSessionView.java b/flow-tests/test-ccdm/src/main/java/com/vaadin/flow/ccdmtest/InvalidateSessionView.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2000-2020 Vaadin Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.vaadin.flow.ccdmtest;
+
+import com.vaadin.flow.component.Text;
+import com.vaadin.flow.component.html.Div;
+import com.vaadin.flow.component.html.NativeButton;
+import com.vaadin.flow.router.Route;
+import com.vaadin.flow.server.VaadinSession;
+
+@Route(value = "invalidatesessionview", layout = MainLayout.class)
+public class InvalidateSessionView extends Div {
+    public InvalidateSessionView() {
+        add(new Text("Invalidate session view"));
+        setId("invalidateSessionView");
+
+        NativeButton invalidateSession = new NativeButton("Invalidate session",
+                event -> VaadinSession.getCurrent().getSession().invalidate());
+        invalidateSession.setId("invalidateSession");
+        add(invalidateSession);
+    }
+}
diff --git a/flow-tests/test-ccdm/src/test/java/com/vaadin/flow/ccdmtest/IndexHtmlRequestHandlerIT.java b/flow-tests/test-ccdm/src/test/java/com/vaadin/flow/ccdmtest/IndexHtmlRequestHandlerIT.java
@@ -608,4 +608,23 @@ public void should_installServiceWorker() {
                         + "navigator.serviceWorker.ready.then( function(reg) { resolve(!!reg.active); });");
         Assert.assertTrue("service worker not installed", serviceWorkerActive);
     }
+
+    @Test
+    public void indexHtmlRequestHandler_csrfToken_should_update_after_invalidateSession() {
+        openVaadinRouter();
+        findAnchor("invalidatesessionview").click();
+
+        String originalCsrfToken = executeScript(
+                "return Vaadin.TypeScript.csrfToken;").toString();
+
+        $("button").attribute("id", "invalidateSession").waitForFirst().click();
+
+        openTestUrl("/");
+        String csrfToken = executeScript("return Vaadin.TypeScript.csrfToken;")
+                .toString();
+
+        Assert.assertNotEquals(
+                "CSRF token should update when session is invalidated",
+                originalCsrfToken, csrfToken);
+    }
 }