DefaultServerOAuth2AuthorizationRequestResolver uses fromUri

Fixes gh-6952
7 years ago · 4f1d7f7cdd
2 changed files with 15 additions and 2 deletions
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
@ -18,7 +18,6 @@ package org.springframework.security.oauth2.client.web.server;
				@@ -18,7 +18,6 @@ package org.springframework.security.oauth2.client.web.server;

 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpRequest;
-import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@ -149,7 +148,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
				@@ -149,7 +148,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 		Map<String, String> uriVariables = new HashMap<>();
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());

-		String baseUrl = UriComponentsBuilder.fromHttpRequest(new ServerHttpRequestDecorator(request))
+		String baseUrl = UriComponentsBuilder.fromUri(request.getURI())
 				.replacePath(request.getPath().contextPath().value())
 				.replaceQuery(null)
 				.build()
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
@ -87,4 +87,18 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
				@@ -87,4 +87,18 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 		ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get(path));
 		return this.resolver.resolve(exchange).block();
 	}
+
+	@Test
+	public void resolveWhenForwardedHeadersClientRegistrationFoundThenWorks() {
+		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(
+				Mono.just(this.registration));
+		ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/oauth2/authorization/id").header("X-Forwarded-Host", "evil.com"));
+
+		OAuth2AuthorizationRequest request = this.resolver.resolve(exchange).block();
+
+		assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" +
+				"response_type=code&client_id=client-id&" +
+				"scope=read:user&state=.*?&" +
+				"redirect_uri=/login/oauth2/code/registration-id");
+	}
 }