Rename OAuth2AuthorizationService.findByTokenAndTokenType() to findByToken()

Closes gh-92
This commit is contained in:
Joe Grandja 2020-07-02 08:40:48 -04:00
parent 02b64f0ef0
commit 88911641af
6 changed files with 16 additions and 21 deletions

View File

@ -15,6 +15,7 @@
*/ */
package org.springframework.security.oauth2.server.authorization; package org.springframework.security.oauth2.server.authorization;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import java.util.List; import java.util.List;
@ -54,9 +55,8 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
} }
@Override @Override
public OAuth2Authorization findByTokenAndTokenType(String token, TokenType tokenType) { public OAuth2Authorization findByToken(String token, @Nullable TokenType tokenType) {
Assert.hasText(token, "token cannot be empty"); Assert.hasText(token, "token cannot be empty");
Assert.notNull(tokenType, "tokenType cannot be null");
return this.authorizations.stream() return this.authorizations.stream()
.filter(authorization -> hasToken(authorization, token, tokenType)) .filter(authorization -> hasToken(authorization, token, tokenType))
.findFirst() .findFirst()

View File

@ -15,6 +15,8 @@
*/ */
package org.springframework.security.oauth2.server.authorization; package org.springframework.security.oauth2.server.authorization;
import org.springframework.lang.Nullable;
/** /**
* Implementations of this interface are responsible for the management * Implementations of this interface are responsible for the management
* of {@link OAuth2Authorization OAuth 2.0 Authorization(s)}. * of {@link OAuth2Authorization OAuth 2.0 Authorization(s)}.
@ -40,6 +42,6 @@ public interface OAuth2AuthorizationService {
* @param tokenType the {@link TokenType token type} * @param tokenType the {@link TokenType token type}
* @return the {@link OAuth2Authorization} if found, otherwise {@code null} * @return the {@link OAuth2Authorization} if found, otherwise {@code null}
*/ */
OAuth2Authorization findByTokenAndTokenType(String token, TokenType tokenType); OAuth2Authorization findByToken(String token, @Nullable TokenType tokenType);
} }

View File

@ -89,7 +89,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
// from inadvertently accepting a code intended for a client with a different "client_id". // from inadvertently accepting a code intended for a client with a different "client_id".
// This protects the client from substitution of the authentication code. // This protects the client from substitution of the authentication code.
OAuth2Authorization authorization = this.authorizationService.findByTokenAndTokenType( OAuth2Authorization authorization = this.authorizationService.findByToken(
authorizationCodeAuthentication.getCode(), TokenType.AUTHORIZATION_CODE); authorizationCodeAuthentication.getCode(), TokenType.AUTHORIZATION_CODE);
if (authorization == null) { if (authorization == null) {
throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT)); throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT));

View File

@ -65,25 +65,18 @@ public class InMemoryOAuth2AuthorizationServiceTests {
.build(); .build();
this.authorizationService.save(expectedAuthorization); this.authorizationService.save(expectedAuthorization);
OAuth2Authorization authorization = this.authorizationService.findByTokenAndTokenType( OAuth2Authorization authorization = this.authorizationService.findByToken(
AUTHORIZATION_CODE, TokenType.AUTHORIZATION_CODE); AUTHORIZATION_CODE, TokenType.AUTHORIZATION_CODE);
assertThat(authorization).isEqualTo(expectedAuthorization); assertThat(authorization).isEqualTo(expectedAuthorization);
} }
@Test @Test
public void findByTokenAndTokenTypeWhenTokenNullThenThrowIllegalArgumentException() { public void findByTokenAndTokenTypeWhenTokenNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.authorizationService.findByTokenAndTokenType(null, TokenType.AUTHORIZATION_CODE)) assertThatThrownBy(() -> this.authorizationService.findByToken(null, TokenType.AUTHORIZATION_CODE))
.isInstanceOf(IllegalArgumentException.class) .isInstanceOf(IllegalArgumentException.class)
.hasMessage("token cannot be empty"); .hasMessage("token cannot be empty");
} }
@Test
public void findByTokenAndTokenTypeWhenTokenTypeNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.authorizationService.findByTokenAndTokenType(AUTHORIZATION_CODE, null))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("tokenType cannot be null");
}
@Test @Test
public void findByTokenAndTokenTypeWhenTokenTypeAuthorizationCodeThenFound() { public void findByTokenAndTokenTypeWhenTokenTypeAuthorizationCodeThenFound() {
OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
@ -92,7 +85,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
.build(); .build();
this.authorizationService = new InMemoryOAuth2AuthorizationService(Collections.singletonList(authorization)); this.authorizationService = new InMemoryOAuth2AuthorizationService(Collections.singletonList(authorization));
OAuth2Authorization result = this.authorizationService.findByTokenAndTokenType( OAuth2Authorization result = this.authorizationService.findByToken(
AUTHORIZATION_CODE, TokenType.AUTHORIZATION_CODE); AUTHORIZATION_CODE, TokenType.AUTHORIZATION_CODE);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
} }
@ -108,14 +101,14 @@ public class InMemoryOAuth2AuthorizationServiceTests {
.build(); .build();
this.authorizationService.save(authorization); this.authorizationService.save(authorization);
OAuth2Authorization result = this.authorizationService.findByTokenAndTokenType( OAuth2Authorization result = this.authorizationService.findByToken(
"access-token", TokenType.ACCESS_TOKEN); "access-token", TokenType.ACCESS_TOKEN);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
} }
@Test @Test
public void findByTokenAndTokenTypeWhenTokenDoesNotExistThenNull() { public void findByTokenAndTokenTypeWhenTokenDoesNotExistThenNull() {
OAuth2Authorization result = this.authorizationService.findByTokenAndTokenType( OAuth2Authorization result = this.authorizationService.findByToken(
"access-token", TokenType.ACCESS_TOKEN); "access-token", TokenType.ACCESS_TOKEN);
assertThat(result).isNull(); assertThat(result).isNull();
} }

View File

@ -119,7 +119,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
@Test @Test
public void authenticateWhenCodeIssuedToAnotherClientThenThrowOAuth2AuthenticationException() { public void authenticateWhenCodeIssuedToAnotherClientThenThrowOAuth2AuthenticationException() {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build();
when(this.authorizationService.findByTokenAndTokenType(eq("code"), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq("code"), eq(TokenType.AUTHORIZATION_CODE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
@ -136,7 +136,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
@Test @Test
public void authenticateWhenInvalidRedirectUriThenThrowOAuth2AuthenticationException() { public void authenticateWhenInvalidRedirectUriThenThrowOAuth2AuthenticationException() {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build();
when(this.authorizationService.findByTokenAndTokenType(eq("code"), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq("code"), eq(TokenType.AUTHORIZATION_CODE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(this.registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(this.registeredClient);
@ -154,7 +154,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
@Test @Test
public void authenticateWhenValidCodeThenReturnAccessToken() { public void authenticateWhenValidCodeThenReturnAccessToken() {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build();
when(this.authorizationService.findByTokenAndTokenType(eq("code"), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq("code"), eq(TokenType.AUTHORIZATION_CODE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(this.registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(this.registeredClient);

View File

@ -136,7 +136,7 @@ public class OAuth2AuthorizationCodeGrantTests {
.thenReturn(registeredClient); .thenReturn(registeredClient);
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(authorizationService.findByTokenAndTokenType( when(authorizationService.findByToken(
eq(authorization.getAttribute(OAuth2AuthorizationAttributeNames.CODE)), eq(authorization.getAttribute(OAuth2AuthorizationAttributeNames.CODE)),
eq(TokenType.AUTHORIZATION_CODE))) eq(TokenType.AUTHORIZATION_CODE)))
.thenReturn(authorization); .thenReturn(authorization);
@ -151,7 +151,7 @@ public class OAuth2AuthorizationCodeGrantTests {
.andExpect(header().string(HttpHeaders.PRAGMA, containsString("no-cache"))); .andExpect(header().string(HttpHeaders.PRAGMA, containsString("no-cache")));
verify(registeredClientRepository).findByClientId(eq(registeredClient.getClientId())); verify(registeredClientRepository).findByClientId(eq(registeredClient.getClientId()));
verify(authorizationService).findByTokenAndTokenType( verify(authorizationService).findByToken(
eq(authorization.getAttribute(OAuth2AuthorizationAttributeNames.CODE)), eq(authorization.getAttribute(OAuth2AuthorizationAttributeNames.CODE)),
eq(TokenType.AUTHORIZATION_CODE)); eq(TokenType.AUTHORIZATION_CODE));
verify(authorizationService).save(any()); verify(authorizationService).save(any());