Fix NPE when token response contains a null value

Fixes gh-8108
This commit is contained in:
Joe Grandja 2020-03-16 15:54:02 -04:00
parent 14631fc87b
commit 5e0e5b6ed4
2 changed files with 25 additions and 1 deletions

View File

@ -80,7 +80,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverter extends AbstractHttpM
tokenResponseParameters.entrySet().stream() tokenResponseParameters.entrySet().stream()
.collect(Collectors.toMap( .collect(Collectors.toMap(
Map.Entry::getKey, Map.Entry::getKey,
entry -> entry.getValue().toString()))); entry -> String.valueOf(entry.getValue()))));
} catch (Exception ex) { } catch (Exception ex) {
throw new HttpMessageNotReadableException("An error occurred reading the OAuth 2.0 Access Token Response: " + throw new HttpMessageNotReadableException("An error occurred reading the OAuth 2.0 Access Token Response: " +
ex.getMessage(), ex, inputMessage); ex.getMessage(), ex, inputMessage);

View File

@ -129,6 +129,30 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
entry("custom_parameter_2", "custom-value-2")); entry("custom_parameter_2", "custom-value-2"));
} }
// gh-8108
@Test
public void readInternalWhenSuccessfulTokenResponseWithNullValueThenReadOAuth2AccessTokenResponse() {
String tokenResponse = "{\n" +
" \"access_token\": \"access-token-1234\",\n" +
" \"token_type\": \"bearer\",\n" +
" \"expires_in\": 3600,\n" +
" \"scope\": null,\n" +
" \"refresh_token\": \"refresh-token-1234\"\n" +
"}\n";
MockClientHttpResponse response = new MockClientHttpResponse(
tokenResponse.getBytes(), HttpStatus.OK);
OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter.readInternal(
OAuth2AccessTokenResponse.class, response);
assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBeforeOrEqualTo(Instant.now().plusSeconds(3600));
assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("null");
assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234");
}
@Test @Test
public void readInternalWhenConversionFailsThenThrowHttpMessageNotReadableException() { public void readInternalWhenConversionFailsThenThrowHttpMessageNotReadableException() {
Converter tokenResponseConverter = mock(Converter.class); Converter tokenResponseConverter = mock(Converter.class);