Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

DefaultOAuth2UserService -> assert UserInfo Uri is set

Browse Source 
Fixes gh-4992
This commit is contained in:
Joe Grandja 2018-02-02 12:37:29 -05:00
parent 48a5aad4a8
commit 7eb58ee7d9
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java
View File

@ -47,18 +47,29 @@ import java.util.Set;
* @see DefaultOAuth2User * @see DefaultOAuth2User
*/ */
public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> { public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
private static final String MISSING_USER_INFO_URI_ERROR_CODE = "missing_user_info_uri";
private static final String MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE = "missing_user_name_attribute"; private static final String MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE = "missing_user_name_attribute";
private NimbusUserInfoResponseClient userInfoResponseClient = new NimbusUserInfoResponseClient(); private NimbusUserInfoResponseClient userInfoResponseClient = new NimbusUserInfoResponseClient();
@Override @Override
public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException { public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
Assert.notNull(userRequest, "userRequest cannot be null"); Assert.notNull(userRequest, "userRequest cannot be null");
if (!StringUtils.hasText(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
OAuth2Error oauth2Error = new OAuth2Error(
MISSING_USER_INFO_URI_ERROR_CODE,
"Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: " +
userRequest.getClientRegistration().getRegistrationId(),
null
);
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}
String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName(); String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
if (!StringUtils.hasText(userNameAttributeName)) { if (!StringUtils.hasText(userNameAttributeName)) {
OAuth2Error oauth2Error = new OAuth2Error( OAuth2Error oauth2Error = new OAuth2Error(
MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE, MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE,
"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " + "Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " +
userRequest.getClientRegistration().getRegistrationId(), userRequest.getClientRegistration().getRegistrationId(),
null null
); );
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());

10
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
View File

@ -73,11 +73,21 @@ public class DefaultOAuth2UserServiceTests {
this.userService.loadUser(null); this.userService.loadUser(null);
} }
@Test
public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() {
this.exception.expect(OAuth2AuthenticationException.class);
this.exception.expectMessage(containsString("missing_user_info_uri"));
when(this.userInfoEndpoint.getUri()).thenReturn(null);
this.userService.loadUser(new OAuth2UserRequest(this.clientRegistration, this.accessToken));
}
@Test @Test
public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() { public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2AuthenticationException() {
this.exception.expect(OAuth2AuthenticationException.class); this.exception.expect(OAuth2AuthenticationException.class);
this.exception.expectMessage(containsString("missing_user_name_attribute")); this.exception.expectMessage(containsString("missing_user_name_attribute"));
when(this.userInfoEndpoint.getUri()).thenReturn("http://provider.com/user");
when(this.userInfoEndpoint.getUserNameAttributeName()).thenReturn(null); when(this.userInfoEndpoint.getUserNameAttributeName()).thenReturn(null);
this.userService.loadUser(new OAuth2UserRequest(this.clientRegistration, this.accessToken)); this.userService.loadUser(new OAuth2UserRequest(this.clientRegistration, this.accessToken));
} }