-
Notifications
You must be signed in to change notification settings - Fork 6.1k
Refactor XOR CSRF Token Encoding into Separate Encoder Class with Unit Tests #17969
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
nieuwmijnleven
wants to merge
1
commit into
spring-projects:main
from
nieuwmijnleven:feature/refactor-xor-csrf-token-encoder
Open
Refactor XOR CSRF Token Encoding into Separate Encoder Class with Unit Tests #17969
nieuwmijnleven
wants to merge
1
commit into
spring-projects:main
from
nieuwmijnleven:feature/refactor-xor-csrf-token-encoder
+257
−65
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@spring-projects-issues
spring-projects-issues
added
the
status: waiting-for-triage
An issue we've not yet triaged
label
Sep 28, 2025
Moved XOR-based CSRF token encoding/decoding logic into a new public class `XorCsrfTokenEncoder` that implements the `CsrfTokenEncoder` interface. This improves testability, readability, and separation of concerns. - Created `CsrfTokenEncoder` interface to define encoding/decoding contract - Implemented `XorCsrfTokenEncoder` with secure random masking logic - Updated `XorCsrfTokenRequestAttributeHandler` to delegate to the encoder - Added support for injecting custom `SecureRandom` instance - Preserved existing behavior and encoding mechanism This refactor enables easier unit testing and future extensibility. Signed-off-by: Cheol Jeon <nieuwmijnleven@outlook.com>
@nieuwmijnleven
nieuwmijnleven
force-pushed
the
feature/refactor-xor-csrf-token-encoder
branch
from
September 29, 2025 08:34
d143196 to
9db12e4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR refactors the XOR-based CSRF token encoding and decoding logic out of the XorCsrfTokenRequestAttributeHandler class into a new dedicated class named XorCsrfTokenEncoder.
Key Changes
Extracted XOR encode/decode logic into the XorCsrfTokenEncoder class with public methods
Updated XorCsrfTokenRequestAttributeHandler to delegate encoding and decoding to the new encoder
Introduced a CsrfTokenEncoder interface to define the encoding/decoding contract
Added comprehensive unit tests for XorCsrfTokenEncoder to ensure reliability
Supported injection of a custom SecureRandom instance for improved flexibility
Preserved existing behavior and encoding mechanism
This refactor improves code modularity and testability, making maintenance easier and future enhancements more straightforward.
Closes #17968