GitHub-Spring
/
spring-authorization-server
mirror of https://github.com/spring-projects/spring-authorization-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use OAuth2ParameterNames.TOKEN 

Issue gh-83
pull/140/head
Joe Grandja 5 years ago
parent
df8793c902
commit
ebcdf7989d
3 changed files with 19 additions and 22 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilter.java
  2. 6
      oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java
  3. 19
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilterTests.java

16
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilter.java
Unescape View File

@ -26,6 +26,7 @@ import org.springframework.security.core.context.SecurityContextHolder; @@ -26,6 +26,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationProvider;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
@ -53,9 +54,6 @@ import java.io.IOException; @@ -53,9 +54,6 @@ import java.io.IOException;
* @since 0.0.3
*/
public class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter {
static final String TOKEN_PARAM_NAME = "token";
static final String TOKEN_TYPE_HINT_PARAM_NAME = "token_type_hint";
/**
* The default endpoint {@code URI} for token revocation requests.
*/
@ -133,17 +131,17 @@ public class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter { @@ -133,17 +131,17 @@ public class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter {
MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);
// token (REQUIRED)
String token = parameters.getFirst(TOKEN_PARAM_NAME);
String token = parameters.getFirst(OAuth2ParameterNames.TOKEN);
if (!StringUtils.hasText(token) ||
parameters.get(TOKEN_PARAM_NAME).size() != 1) {
throwError(OAuth2ErrorCodes.INVALID_REQUEST, TOKEN_PARAM_NAME);
parameters.get(OAuth2ParameterNames.TOKEN).size() != 1) {
throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.TOKEN);
}
// token_type_hint (OPTIONAL)
String tokenTypeHint = parameters.getFirst(TOKEN_TYPE_HINT_PARAM_NAME);
String tokenTypeHint = parameters.getFirst(OAuth2ParameterNames.TOKEN_TYPE_HINT);
if (StringUtils.hasText(tokenTypeHint) &&
parameters.get(TOKEN_TYPE_HINT_PARAM_NAME).size() != 1) {
throwError(OAuth2ErrorCodes.INVALID_REQUEST, TOKEN_TYPE_HINT_PARAM_NAME);
parameters.get(OAuth2ParameterNames.TOKEN_TYPE_HINT).size() != 1) {
throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.TOKEN_TYPE_HINT);
}
return new OAuth2TokenRevocationAuthenticationToken(token, clientPrincipal, tokenTypeHint);

6
oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java
Unescape View File

@ -32,6 +32,7 @@ import org.springframework.security.crypto.keys.StaticKeyGeneratingKeyManager; @@ -32,6 +32,7 @@ import org.springframework.security.crypto.keys.StaticKeyGeneratingKeyManager;
import org.springframework.security.oauth2.core.AbstractOAuth2Token;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
@ -152,9 +153,8 @@ public class OAuth2TokenRevocationTests { @@ -152,9 +153,8 @@ public class OAuth2TokenRevocationTests {
private static MultiValueMap<String, String> getTokenRevocationRequestParameters(AbstractOAuth2Token token, TokenType tokenType) {
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
// TODO Use OAuth2ParameterNames
parameters.set("token", token.getTokenValue());
parameters.set("token_type_hint", tokenType.getValue());
parameters.set(OAuth2ParameterNames.TOKEN, token.getTokenValue());
parameters.set(OAuth2ParameterNames.TOKEN_TYPE_HINT, tokenType.getValue());
return parameters;
}

19
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilterTests.java
Unescape View File

@ -30,6 +30,7 @@ import org.springframework.security.core.context.SecurityContextHolder; @@ -30,6 +30,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
@ -53,8 +54,6 @@ import static org.mockito.Mockito.mock; @@ -53,8 +54,6 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
import static org.mockito.Mockito.when;
import static org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter.TOKEN_PARAM_NAME;
import static org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter.TOKEN_TYPE_HINT_PARAM_NAME;
/**
* Tests for {@link OAuth2TokenRevocationEndpointFilter}.
@ -122,25 +121,25 @@ public class OAuth2TokenRevocationEndpointFilterTests { @@ -122,25 +121,25 @@ public class OAuth2TokenRevocationEndpointFilterTests {
@Test
public void doFilterWhenTokenRevocationRequestMissingTokenThenInvalidRequestError() throws Exception {
doFilterWhenTokenRevocationRequestInvalidParameterThenError(
TOKEN_PARAM_NAME,
OAuth2ParameterNames.TOKEN,
OAuth2ErrorCodes.INVALID_REQUEST,
request -> request.removeParameter(TOKEN_PARAM_NAME));
request -> request.removeParameter(OAuth2ParameterNames.TOKEN));
}
@Test
public void doFilterWhenTokenRevocationRequestMultipleTokenThenInvalidRequestError() throws Exception {
doFilterWhenTokenRevocationRequestInvalidParameterThenError(
TOKEN_PARAM_NAME,
OAuth2ParameterNames.TOKEN,
OAuth2ErrorCodes.INVALID_REQUEST,
request -> request.addParameter(TOKEN_PARAM_NAME, "token-2"));
request -> request.addParameter(OAuth2ParameterNames.TOKEN, "token-2"));
}
@Test
public void doFilterWhenTokenRevocationRequestMultipleTokenTypeHintThenInvalidRequestError() throws Exception {
doFilterWhenTokenRevocationRequestInvalidParameterThenError(
TOKEN_TYPE_HINT_PARAM_NAME,
OAuth2ParameterNames.TOKEN_TYPE_HINT,
OAuth2ErrorCodes.INVALID_REQUEST,
request -> request.addParameter(TOKEN_TYPE_HINT_PARAM_NAME, TokenType.ACCESS_TOKEN.getValue()));
request -> request.addParameter(OAuth2ParameterNames.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue()));
}
@Test
@ -202,8 +201,8 @@ public class OAuth2TokenRevocationEndpointFilterTests { @@ -202,8 +201,8 @@ public class OAuth2TokenRevocationEndpointFilterTests {
MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);
request.setServletPath(requestUri);
request.addParameter(TOKEN_PARAM_NAME, "token");
request.addParameter(TOKEN_TYPE_HINT_PARAM_NAME, TokenType.ACCESS_TOKEN.getValue());
request.addParameter(OAuth2ParameterNames.TOKEN, "token");
request.addParameter(OAuth2ParameterNames.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue());
return request;
}

Write Preview
Loading…
Cancel
Save