fix: do not logout the user if XSRF token is used in async operation (#…

…181)

Refs: #170

src/main/java/ch/sbb/polarion/extension/pdf/exporter/converter/PdfConverterJobsService.java

@@ -156,7 +156,12 @@ public record JobState(
 
     private boolean isJobLogoutRequired() {
         RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
-        return (requestAttributes != null) &&
-                (requestAttributes.getAttribute(LogoutFilter.ASYNC_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST) == Boolean.TRUE);
+        if (requestAttributes != null) {
+            if (requestAttributes.getAttribute(LogoutFilter.XSRF_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST) == Boolean.TRUE) {
+                return false;
+            }
+            return requestAttributes.getAttribute(LogoutFilter.ASYNC_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST) == Boolean.TRUE;
+        }
+        return false;
     }
 }

src/test/java/ch/sbb/polarion/extension/pdf/exporter/converter/PdfConverterJobsServiceTest.java

@@ -62,6 +62,7 @@ public void tearDown() {
     @Test
     void shouldStartJobAndGetStatus() {
         prepareSecurityServiceSubject(subject);
+        when(requestAttributes.getAttribute(LogoutFilter.XSRF_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST)).thenReturn(Boolean.FALSE);
         when(requestAttributes.getAttribute(LogoutFilter.ASYNC_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST)).thenReturn(Boolean.TRUE);
         ExportParams exportParams = ExportParams.builder().build();
         when(pdfConverter.convertToPdf(exportParams, null)).thenReturn("test pdf".getBytes());
@@ -86,6 +87,7 @@ void shouldStartJobAndGetStatus() {
     @Test
     void shouldReturnFailInExceptionalCase() {
         prepareSecurityServiceSubject(subject);
+        when(requestAttributes.getAttribute(LogoutFilter.XSRF_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST)).thenReturn(Boolean.FALSE);
         when(requestAttributes.getAttribute(LogoutFilter.ASYNC_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST)).thenReturn(Boolean.TRUE);
         ExportParams exportParams = ExportParams.builder().build();
         when(pdfConverter.convertToPdf(exportParams, null)).thenThrow(new RuntimeException("test error"));
@@ -131,11 +133,16 @@ void shouldAcceptNullSubject() {
         verify(securityService, never()).logout(null);
     }
 
-    @Test
-    void shouldNotLogoutWithoutLogoutProperty() {
+    @ParameterizedTest
+    @CsvSource({
+            "true,true",
+            "true,false",
+            "false,false"
+    })
+    void shouldNotLogoutWithoutAsyncSkipLogoutProperty(boolean xsrfSkipLogout, boolean asyncSkipLogout) {
         prepareSecurityServiceSubject(subject);
-        when(requestAttributes.getAttribute(LogoutFilter.ASYNC_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST)).thenReturn(null);
-
+        lenient().when(requestAttributes.getAttribute(LogoutFilter.XSRF_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST)).thenReturn(xsrfSkipLogout);
+        lenient().when(requestAttributes.getAttribute(LogoutFilter.ASYNC_SKIP_LOGOUT, RequestAttributes.SCOPE_REQUEST)).thenReturn(asyncSkipLogout);
 
         ExportParams exportParams = ExportParams.builder().build();
         when(pdfConverter.convertToPdf(exportParams, null)).thenReturn("test pdf".getBytes());
@@ -147,7 +154,7 @@ void shouldNotLogoutWithoutLogoutProperty() {
         JobState jobState = pdfConverterJobsService.getJobState(jobId);
         assertThat(jobState.isCompletedExceptionally()).isFalse();
         assertThat(jobState.isCancelled()).isFalse();
-        verify(securityService, never()).logout(null);
+        verify(securityService, never()).logout(subject);
     }
 
     @ParameterizedTest