Polish gh-1680

This commit is contained in:
Joe Grandja
2024-08-02 14:44:00 -04:00
parent 48115faee7
commit 1fcd0046dd
3 changed files with 11 additions and 17 deletions

View File

@@ -137,15 +137,13 @@ final class CodeVerifierAuthenticator {
}
private static boolean authorizationCodeGrant(Map<String, Object> parameters) {
if (!AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(parameters.get(OAuth2ParameterNames.GRANT_TYPE))) {
if (!AuthorizationGrantType.AUTHORIZATION_CODE.getValue()
.equals(parameters.get(OAuth2ParameterNames.GRANT_TYPE))) {
return false;
}
if (!StringUtils.hasText((String) parameters.get(OAuth2ParameterNames.CODE))) {
throwInvalidGrant(OAuth2ParameterNames.CODE);
}
return true;
}

View File

@@ -46,7 +46,6 @@ import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
/**

View File

@@ -25,7 +25,6 @@ import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
@@ -72,7 +71,6 @@ import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.OAuth2Token;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
@@ -100,7 +98,6 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationContext;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationProvider;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
@@ -518,6 +515,7 @@ public class OAuth2AuthorizationCodeGrantTests {
.isEqualTo(true);
}
// gh-1680
@Test
public void requestWhenPublicClientWithPkceAndEmptyCodeThenBadRequest() throws Exception {
this.spring.register(AuthorizationServerConfiguration.class).autowire();
@@ -526,18 +524,17 @@ public class OAuth2AuthorizationCodeGrantTests {
this.registeredClientRepository.save(registeredClient);
MultiValueMap<String, String> tokenRequestParameters = new LinkedMultiValueMap<>();
tokenRequestParameters.set(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
tokenRequestParameters.set(OAuth2ParameterNames.GRANT_TYPE,
AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
tokenRequestParameters.set(OAuth2ParameterNames.CODE, "");
tokenRequestParameters.set(OAuth2ParameterNames.REDIRECT_URI, registeredClient.getRedirectUris().iterator().next());
tokenRequestParameters.set(OAuth2ParameterNames.REDIRECT_URI,
registeredClient.getRedirectUris().iterator().next());
this.mvc
.perform(post(DEFAULT_TOKEN_ENDPOINT_URI)
.params(tokenRequestParameters)
.param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId())
.param(PkceParameterNames.CODE_VERIFIER, S256_CODE_VERIFIER))
.andExpect(header().string(HttpHeaders.CACHE_CONTROL, containsString("no-store")))
.andExpect(header().string(HttpHeaders.PRAGMA, containsString("no-cache")))
.andExpect(status().isBadRequest());
.perform(post(DEFAULT_TOKEN_ENDPOINT_URI).params(tokenRequestParameters)
.param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId())
.param(PkceParameterNames.CODE_VERIFIER, S256_CODE_VERIFIER))
.andExpect(status().isBadRequest());
}
@Test