GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Encode postLogoutRedirectUri query params 

Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
pull/9881/head
Hans Hosea Schaefer 5 years ago committed by Josh Cummings
parent
29f4193529
commit
b7a0959ede
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 13 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
  2. 11
      oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java

4
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
Unescape View File

@ -100,9 +100,9 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo @@ -100,9 +100,9 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
.replaceQuery(null)
.fragment(null)
.build();
return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
return URI.create (UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString()))
.toUri();
.toUriString());
// @formatter:on
}

11
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
Unescape View File

@ -138,6 +138,17 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests { @@ -138,6 +138,17 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org");
}
@Test
public void logoutWhenUsingPostLogoutRedirectUriWithQueryParametersThenBuildItForRedirectWithEncodedQueryParameters() throws IOException, ServletException {
OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
this.handler.setPostLogoutRedirectUri("https://rp.example.org/context?forwardUrl=secured%3Fparam%3Dtrue");
this.request.setUserPrincipal(token);
this.handler.onLogoutSuccess(this.request, this.response, token);
assertThat(this.response.getRedirectedUrl()).isEqualTo(
"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org/context?forwardUrl%3Dsecured%253Fparam%253Dtrue");
}
@Test
public void setPostLogoutRedirectUriWhenGivenNullThenThrowsException() {
assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setPostLogoutRedirectUri((URI) null));

Write Preview
Loading…
Cancel
Save