Polish gh-140

This commit is contained in:
Joe Grandja 2020-11-10 14:56:27 -05:00
parent e1f491bd61
commit 8100568613
6 changed files with 28 additions and 18 deletions

View File

@ -82,13 +82,13 @@ public class OAuth2ClientAuthenticationProvider implements AuthenticationProvide
throwInvalidClient(); throwInvalidClient();
} }
boolean authenticatedCredentials = false;
if (!registeredClient.getClientAuthenticationMethods().contains( if (!registeredClient.getClientAuthenticationMethods().contains(
clientAuthentication.getClientAuthenticationMethod())) { clientAuthentication.getClientAuthenticationMethod())) {
throwInvalidClient(); throwInvalidClient();
} }
boolean authenticatedCredentials = false;
if (clientAuthentication.getCredentials() != null) { if (clientAuthentication.getCredentials() != null) {
String clientSecret = clientAuthentication.getCredentials().toString(); String clientSecret = clientAuthentication.getCredentials().toString();
// TODO Use PasswordEncoder.matches() // TODO Use PasswordEncoder.matches()

View File

@ -181,9 +181,7 @@ public class OAuth2AuthorizationCodeGrantTests {
public void requestWhenPublicClientWithPkceThenReturnAccessTokenResponse() throws Exception { public void requestWhenPublicClientWithPkceThenReturnAccessTokenResponse() throws Exception {
this.spring.register(AuthorizationServerConfiguration.class).autowire(); this.spring.register(AuthorizationServerConfiguration.class).autowire();
RegisteredClient registeredClient = TestRegisteredClients.registeredPublicClient() RegisteredClient registeredClient = TestRegisteredClients.registeredPublicClient().build();
.tokenSettings(tokenSettings -> tokenSettings.enableRefreshTokens(false))
.build();
when(registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))) when(registeredClientRepository.findByClientId(eq(registeredClient.getClientId())))
.thenReturn(registeredClient); .thenReturn(registeredClient);

View File

@ -115,6 +115,27 @@ public class OAuth2ClientCredentialsGrantTests {
verify(authorizationService).save(any()); verify(authorizationService).save(any());
} }
@Test
public void requestWhenTokenRequestPostsClientCredentialsThenTokenResponse() throws Exception {
this.spring.register(AuthorizationServerConfiguration.class).autowire();
RegisteredClient registeredClient = TestRegisteredClients.registeredClient2().build();
when(registeredClientRepository.findByClientId(eq(registeredClient.getClientId())))
.thenReturn(registeredClient);
this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI)
.param(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
.param(OAuth2ParameterNames.SCOPE, "scope1 scope2")
.param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId())
.param(OAuth2ParameterNames.CLIENT_SECRET, registeredClient.getClientSecret()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.access_token").isNotEmpty())
.andExpect(jsonPath("$.scope").value("scope1 scope2"));
verify(registeredClientRepository).findByClientId(eq(registeredClient.getClientId()));
verify(authorizationService).save(any());
}
private static String encodeBasicAuth(String clientId, String secret) throws Exception { private static String encodeBasicAuth(String clientId, String secret) throws Exception {
clientId = URLEncoder.encode(clientId, StandardCharsets.UTF_8.name()); clientId = URLEncoder.encode(clientId, StandardCharsets.UTF_8.name());
secret = URLEncoder.encode(secret, StandardCharsets.UTF_8.name()); secret = URLEncoder.encode(secret, StandardCharsets.UTF_8.name());

View File

@ -380,7 +380,7 @@ public class OAuth2ClientAuthenticationProviderTests {
} }
@Test @Test
public void authenticateWhenClientAuthenticationWithUnregisteredClientAuthenticationMethodThenThrowOAuth2AuthenticationException() { public void authenticateWhenClientAuthenticationMethodNotConfiguredThenThrowOAuth2AuthenticationException() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))) when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId())))
.thenReturn(registeredClient); .thenReturn(registeredClient);

View File

@ -95,15 +95,4 @@ public class OAuth2ClientAuthenticationTokenTests {
assertThat(authentication.getCredentials()).isNull(); assertThat(authentication.getCredentials()).isNull();
assertThat(authentication.getRegisteredClient()).isEqualTo(registeredClient); assertThat(authentication.getRegisteredClient()).isEqualTo(registeredClient);
} }
@Test
public void constructorWhenClientCredentialsAndClientAuthenticationMethodProvidedThenCreated() {
OAuth2ClientAuthenticationToken authentication = new OAuth2ClientAuthenticationToken("clientId", "secret",
ClientAuthenticationMethod.BASIC, null);
assertThat(authentication.isAuthenticated()).isFalse();
assertThat(authentication.getPrincipal().toString()).isEqualTo("clientId");
assertThat(authentication.getCredentials()).isEqualTo("secret");
assertThat(authentication.getRegisteredClient()).isNull();
assertThat(authentication.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
}
} }

View File

@ -44,6 +44,7 @@ public class TestRegisteredClients {
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.clientAuthenticationMethod(ClientAuthenticationMethod.POST)
.redirectUri("https://example.com") .redirectUri("https://example.com")
.scope("openid") .scope("openid")
.scope("profile") .scope("profile")
@ -61,6 +62,7 @@ public class TestRegisteredClients {
.scope("openid") .scope("openid")
.scope("profile") .scope("profile")
.scope("email") .scope("email")
.clientSettings(clientSettings -> clientSettings.requireProofKey(true)); .clientSettings(clientSettings -> clientSettings.requireProofKey(true))
.tokenSettings(tokenSettings -> tokenSettings.enableRefreshTokens(false));
} }
} }