cubetiq/ spring-authorization-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Polish PublicClientAuthenticationConverter 

Commit 5c31fb1b7e
This commit is contained in:
Joe Grandja 2020-11-05 15:54:24 -05:00
parent 7720e275e4
commit e49d4a79b4
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/PublicClientAuthenticationConverter.java
View File

@ -52,10 +52,8 @@ public class PublicClientAuthenticationConverter implements AuthenticationConver
// client_id (REQUIRED for public clients) // client_id (REQUIRED for public clients)
String clientId = parameters.getFirst(OAuth2ParameterNames.CLIENT_ID); String clientId = parameters.getFirst(OAuth2ParameterNames.CLIENT_ID);
if (!StringUtils.hasText(clientId)) { if (!StringUtils.hasText(clientId) ||
return null; parameters.get(OAuth2ParameterNames.CLIENT_ID).size() != 1) {
}
if (parameters.get(OAuth2ParameterNames.CLIENT_ID).size() != 1) {
throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST)); throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST));
} }

9
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/PublicClientAuthenticationConverterTests.java
View File

@ -45,11 +45,14 @@ public class PublicClientAuthenticationConverterTests {
} }
@Test @Test
public void convertWhenMissingClientIdThenReturnNull() { public void convertWhenMissingClientIdThenInvalidRequestError() {
MockHttpServletRequest request = createPkceTokenRequest(); MockHttpServletRequest request = createPkceTokenRequest();
request.removeParameter(OAuth2ParameterNames.CLIENT_ID); request.removeParameter(OAuth2ParameterNames.CLIENT_ID);
Authentication authentication = this.converter.convert(request); assertThatThrownBy(() -> this.converter.convert(request))
assertThat(authentication).isNull(); .isInstanceOf(OAuth2AuthenticationException.class)
.extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
.extracting("errorCode")
.isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);
} }
@Test @Test