From ebcdf7989d4d6353b25a48ac103f5e2ffa80dbb2 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Tue, 3 Nov 2020 20:50:01 -0500 Subject: [PATCH] Use OAuth2ParameterNames.TOKEN Issue gh-83 --- .../OAuth2TokenRevocationEndpointFilter.java | 16 +++++++--------- .../OAuth2TokenRevocationTests.java | 6 +++--- ...th2TokenRevocationEndpointFilterTests.java | 19 +++++++++---------- 3 files changed, 19 insertions(+), 22 deletions(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilter.java index f87012a..f8d05e0 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilter.java @@ -26,6 +26,7 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2ErrorCodes; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationProvider; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken; @@ -53,9 +54,6 @@ import java.io.IOException; * @since 0.0.3 */ public class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter { - static final String TOKEN_PARAM_NAME = "token"; - static final String TOKEN_TYPE_HINT_PARAM_NAME = "token_type_hint"; - /** * The default endpoint {@code URI} for token revocation requests. */ @@ -133,17 +131,17 @@ public class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter { MultiValueMap parameters = OAuth2EndpointUtils.getParameters(request); // token (REQUIRED) - String token = parameters.getFirst(TOKEN_PARAM_NAME); + String token = parameters.getFirst(OAuth2ParameterNames.TOKEN); if (!StringUtils.hasText(token) || - parameters.get(TOKEN_PARAM_NAME).size() != 1) { - throwError(OAuth2ErrorCodes.INVALID_REQUEST, TOKEN_PARAM_NAME); + parameters.get(OAuth2ParameterNames.TOKEN).size() != 1) { + throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.TOKEN); } // token_type_hint (OPTIONAL) - String tokenTypeHint = parameters.getFirst(TOKEN_TYPE_HINT_PARAM_NAME); + String tokenTypeHint = parameters.getFirst(OAuth2ParameterNames.TOKEN_TYPE_HINT); if (StringUtils.hasText(tokenTypeHint) && - parameters.get(TOKEN_TYPE_HINT_PARAM_NAME).size() != 1) { - throwError(OAuth2ErrorCodes.INVALID_REQUEST, TOKEN_TYPE_HINT_PARAM_NAME); + parameters.get(OAuth2ParameterNames.TOKEN_TYPE_HINT).size() != 1) { + throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.TOKEN_TYPE_HINT); } return new OAuth2TokenRevocationAuthenticationToken(token, clientPrincipal, tokenTypeHint); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java index 23e1d79..625d67a 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java @@ -32,6 +32,7 @@ import org.springframework.security.crypto.keys.StaticKeyGeneratingKeyManager; import org.springframework.security.oauth2.core.AbstractOAuth2Token; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2RefreshToken; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; @@ -152,9 +153,8 @@ public class OAuth2TokenRevocationTests { private static MultiValueMap getTokenRevocationRequestParameters(AbstractOAuth2Token token, TokenType tokenType) { MultiValueMap parameters = new LinkedMultiValueMap<>(); - // TODO Use OAuth2ParameterNames - parameters.set("token", token.getTokenValue()); - parameters.set("token_type_hint", tokenType.getValue()); + parameters.set(OAuth2ParameterNames.TOKEN, token.getTokenValue()); + parameters.set(OAuth2ParameterNames.TOKEN_TYPE_HINT, tokenType.getValue()); return parameters; } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilterTests.java index ee7b11a..5ade645 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilterTests.java @@ -30,6 +30,7 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2ErrorCodes; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter; import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; @@ -53,8 +54,6 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoInteractions; import static org.mockito.Mockito.when; -import static org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter.TOKEN_PARAM_NAME; -import static org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter.TOKEN_TYPE_HINT_PARAM_NAME; /** * Tests for {@link OAuth2TokenRevocationEndpointFilter}. @@ -122,25 +121,25 @@ public class OAuth2TokenRevocationEndpointFilterTests { @Test public void doFilterWhenTokenRevocationRequestMissingTokenThenInvalidRequestError() throws Exception { doFilterWhenTokenRevocationRequestInvalidParameterThenError( - TOKEN_PARAM_NAME, + OAuth2ParameterNames.TOKEN, OAuth2ErrorCodes.INVALID_REQUEST, - request -> request.removeParameter(TOKEN_PARAM_NAME)); + request -> request.removeParameter(OAuth2ParameterNames.TOKEN)); } @Test public void doFilterWhenTokenRevocationRequestMultipleTokenThenInvalidRequestError() throws Exception { doFilterWhenTokenRevocationRequestInvalidParameterThenError( - TOKEN_PARAM_NAME, + OAuth2ParameterNames.TOKEN, OAuth2ErrorCodes.INVALID_REQUEST, - request -> request.addParameter(TOKEN_PARAM_NAME, "token-2")); + request -> request.addParameter(OAuth2ParameterNames.TOKEN, "token-2")); } @Test public void doFilterWhenTokenRevocationRequestMultipleTokenTypeHintThenInvalidRequestError() throws Exception { doFilterWhenTokenRevocationRequestInvalidParameterThenError( - TOKEN_TYPE_HINT_PARAM_NAME, + OAuth2ParameterNames.TOKEN_TYPE_HINT, OAuth2ErrorCodes.INVALID_REQUEST, - request -> request.addParameter(TOKEN_TYPE_HINT_PARAM_NAME, TokenType.ACCESS_TOKEN.getValue())); + request -> request.addParameter(OAuth2ParameterNames.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue())); } @Test @@ -202,8 +201,8 @@ public class OAuth2TokenRevocationEndpointFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri); request.setServletPath(requestUri); - request.addParameter(TOKEN_PARAM_NAME, "token"); - request.addParameter(TOKEN_TYPE_HINT_PARAM_NAME, TokenType.ACCESS_TOKEN.getValue()); + request.addParameter(OAuth2ParameterNames.TOKEN, "token"); + request.addParameter(OAuth2ParameterNames.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue()); return request; }