Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Encode postLogoutRedirectUri query params 

Closes gh-11379
This commit is contained in:
Josh Cummings 2022-06-16 15:34:00 -06:00
parent e97c5a533b
commit 539a11d0a4
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
View File

@ -85,13 +85,13 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
return Mono.empty(); return Mono.empty();
} }
String idToken = idToken(authentication); String idToken = idToken(authentication);
URI postLogoutRedirectUri = postLogoutRedirectUri(exchange.getExchange().getRequest()); String postLogoutRedirectUri = postLogoutRedirectUri(exchange.getExchange().getRequest());
return Mono.just(endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri)); return Mono.just(endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri));
}) })
.switchIfEmpty( .switchIfEmpty(
this.serverLogoutSuccessHandler.onLogoutSuccess(exchange, authentication).then(Mono.empty()) this.serverLogoutSuccessHandler.onLogoutSuccess(exchange, authentication).then(Mono.empty())
) )
.flatMap((endpointUri) -> this.redirectStrategy.sendRedirect(exchange.getExchange(), endpointUri)); .flatMap((endpointUri) -> this.redirectStrategy.sendRedirect(exchange.getExchange(), URI.create(endpointUri)));
// @formatter:on // @formatter:on
} }
@ -106,20 +106,20 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
return null; return null;
} }
private URI endpointUri(URI endSessionEndpoint, String idToken, URI postLogoutRedirectUri) { private String endpointUri(URI endSessionEndpoint, String idToken, String postLogoutRedirectUri) {
UriComponentsBuilder builder = UriComponentsBuilder.fromUri(endSessionEndpoint); UriComponentsBuilder builder = UriComponentsBuilder.fromUri(endSessionEndpoint);
builder.queryParam("id_token_hint", idToken); builder.queryParam("id_token_hint", idToken);
if (postLogoutRedirectUri != null) { if (postLogoutRedirectUri != null) {
builder.queryParam("post_logout_redirect_uri", postLogoutRedirectUri); builder.queryParam("post_logout_redirect_uri", postLogoutRedirectUri);
} }
return builder.encode(StandardCharsets.UTF_8).build().toUri(); return builder.encode(StandardCharsets.UTF_8).build().toUriString();
} }
private String idToken(Authentication authentication) { private String idToken(Authentication authentication) {
return ((OidcUser) authentication.getPrincipal()).getIdToken().getTokenValue(); return ((OidcUser) authentication.getPrincipal()).getIdToken().getTokenValue();
} }
private URI postLogoutRedirectUri(ServerHttpRequest request) { private String postLogoutRedirectUri(ServerHttpRequest request) {
if (this.postLogoutRedirectUri == null) { if (this.postLogoutRedirectUri == null) {
return null; return null;
} }
@ -131,7 +131,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
.build(); .build();
return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri) return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString())) .buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString()))
.toUri(); .toUriString();
// @formatter:on // @formatter:on
} }

13
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
View File

@ -150,6 +150,19 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org"); "https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org");
} }
// gh-11379
@Test
public void logoutWhenUsingPostLogoutRedirectUriWithQueryParametersThenBuildsItForRedirect() {
OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
this.handler.setPostLogoutRedirectUri("https://rp.example.org/context?forwardUrl=secured%3Fparam%3Dtrue");
WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
this.handler.onLogoutSuccess(f, token).block();
assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?id_token_hint=id-token&"
+ "post_logout_redirect_uri=https://rp.example.org/context?forwardUrl%3Dsecured%253Fparam%253Dtrue");
}
@Test @Test
public void setPostLogoutRedirectUriWhenGivenNullThenThrowsException() { public void setPostLogoutRedirectUriWhenGivenNullThenThrowsException() {
assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setPostLogoutRedirectUri((URI) null)); assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setPostLogoutRedirectUri((URI) null));