GitHub-Spring
/
spring-authorization-server
mirror of https://github.com/spring-projects/spring-authorization-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Polish gh-1152

pull/1210/head
Joe Grandja 3 years ago
parent
51317141b9
commit
64ddcfc3ec
2 changed files with 15 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthenticationProviderUtils.java
  2. 25
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java

20
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthenticationProviderUtils.java
Unescape View File

@ -17,7 +17,6 @@ package org.springframework.security.oauth2.server.authorization.authentication; @@ -17,7 +17,6 @@ package org.springframework.security.oauth2.server.authorization.authentication;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
@ -56,25 +55,6 @@ final class OAuth2AuthenticationProviderUtils { @@ -56,25 +55,6 @@ final class OAuth2AuthenticationProviderUtils {
(metadata) ->
metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true));
if (OAuth2AuthorizationCode.class.isAssignableFrom(token.getClass())) {
OAuth2Authorization.Token<OAuth2AccessToken> accessToken = authorization.getAccessToken();
if (accessToken != null && !accessToken.isInvalidated()) {
authorizationBuilder.token(
accessToken.getToken(),
(metadata) ->
metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true));
}
OAuth2Authorization.Token<OAuth2RefreshToken> refreshToken = authorization.getRefreshToken();
if (refreshToken != null && !refreshToken.isInvalidated()) {
authorizationBuilder.token(
refreshToken.getToken(),
(metadata) ->
metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true));
}
}
if (OAuth2RefreshToken.class.isAssignableFrom(token.getClass())) {
authorizationBuilder.token(
authorization.getAccessToken().getToken(),

25
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
Unescape View File

@ -150,10 +150,16 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth @@ -150,10 +150,16 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth
if (!authorizationCode.isActive()) {
if (authorizationCode.isInvalidated()) {
authorization = OAuth2AuthenticationProviderUtils.invalidate(authorization, authorizationCode.getToken());
this.authorizationService.save(authorization);
if (this.logger.isWarnEnabled()) {
this.logger.warn(LogMessage.format("Invalidated authorization tokens previously issued based on the authorization code"));
OAuth2Token token = authorization.getRefreshToken() != null ?
authorization.getRefreshToken().getToken() :
authorization.getAccessToken().getToken();
if (token != null) {
// Invalidate the access (and refresh) token as the client is attempting to use the authorization code more than once
authorization = OAuth2AuthenticationProviderUtils.invalidate(authorization, token);
this.authorizationService.save(authorization);
if (this.logger.isWarnEnabled()) {
this.logger.warn(LogMessage.format("Invalidated authorization token(s) previously issued to registered client '%s'", registeredClient.getId()));
}
}
}
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
@ -176,12 +182,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth @@ -176,12 +182,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth
.authorizationGrant(authorizationCodeAuthentication);
// @formatter:on
// @formatter:off
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.from(authorization)
// Invalidate the authorization code as it can only be used once
.token(authorizationCode.getToken(), metadata ->
metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true));
// @formatter:on
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.from(authorization);
// ----- Access token -----
OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
@ -262,6 +263,9 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth @@ -262,6 +263,9 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth
authorization = authorizationBuilder.build();
// Invalidate the authorization code as it can only be used once
authorization = OAuth2AuthenticationProviderUtils.invalidate(authorization, authorizationCode.getToken());
this.authorizationService.save(authorization);
if (this.logger.isTraceEnabled()) {
@ -314,4 +318,5 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth @@ -314,4 +318,5 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth
}
return sessionInformation;
}
}

Write Preview
Loading…
Cancel
Save