Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WebFlux Handles Undefined State Parameter 

Currently if a state exists, but an undefined state parameter is provided
a NullPointerException occurs.

This commit handles the null value.

Fixes: gh-5599
This commit is contained in:
Rob Winch 2018-07-30 12:02:42 -05:00
parent dd1fa7f709
commit a01dc3a5f6
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/WebSessionOAuth2ReactiveAuthorizationRequestRepository.java
View File

@ -84,7 +84,11 @@ public final class WebSessionOAuth2ReactiveAuthorizationRequestRepository implem
if (stateToAuthzRequest.isEmpty()) {
sessionAttrs.remove(this.sessionAttributeName);
}
sink.next(removedValue);
if (removedValue == null) {
sink.complete();
} else {
sink.next(removedValue);
}
});
}

18
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/WebSessionOAuth2ReactiveAuthorizationRequestRepositoryTests.java
View File

@ -24,6 +24,7 @@ import org.junit.Test;
import org.springframework.http.codec.ServerCodecConfigurer;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@ -179,6 +180,23 @@ public class WebSessionOAuth2ReactiveAuthorizationRequestRepositoryTests {
.verifyComplete();
}
// gh-5599
@Test
public void removeAuthorizationRequestWhenStateMissingThenNoErrors() {
MockServerHttpRequest otherState = MockServerHttpRequest.get("/")
.queryParam(OAuth2ParameterNames.STATE, "other")
.build();
ServerWebExchange otherStateExchange = this.exchange.mutate()
.request(otherState)
.build();
Mono<OAuth2AuthorizationRequest> saveAndRemove = this.repository
.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
.then(this.repository.removeAuthorizationRequest(otherStateExchange));
StepVerifier.create(saveAndRemove)
.verifyComplete();
}
@Test
public void removeAuthorizationRequestWhenMultipleThenOnlyOneRemoved() {
String oldState = "state0";