Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-25 11:43:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

WebFlux Handles Undefined State Parameter

Browse Source 
Currently if a state exists, but an undefined state parameter is provided
a NullPointerException occurs.

This commit handles the null value.

Fixes: gh-5599
This commit is contained in:
Rob Winch 2018-07-30 12:02:42 -05:00
parent dd1fa7f709
commit a01dc3a5f6
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/WebSessionOAuth2ReactiveAuthorizationRequestRepository.java
View File

@ -84,7 +84,11 @@ public final class WebSessionOAuth2ReactiveAuthorizationRequestRepository implem
if (stateToAuthzRequest.isEmpty()) { if (stateToAuthzRequest.isEmpty()) {
sessionAttrs.remove(this.sessionAttributeName); sessionAttrs.remove(this.sessionAttributeName);
} }
sink.next(removedValue); if (removedValue == null) {
sink.complete();
} else {
sink.next(removedValue);
}
}); });
} }

18
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/WebSessionOAuth2ReactiveAuthorizationRequestRepositoryTests.java
View File

@ -24,6 +24,7 @@ import org.junit.Test;
import org.springframework.http.codec.ServerCodecConfigurer; import org.springframework.http.codec.ServerCodecConfigurer;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest; import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.mock.http.server.reactive.MockServerHttpResponse; import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.server.MockServerWebExchange; import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@ -179,6 +180,23 @@ public class WebSessionOAuth2ReactiveAuthorizationRequestRepositoryTests {
.verifyComplete(); .verifyComplete();
} }
// gh-5599
@Test
public void removeAuthorizationRequestWhenStateMissingThenNoErrors() {
MockServerHttpRequest otherState = MockServerHttpRequest.get("/")
.queryParam(OAuth2ParameterNames.STATE, "other")
.build();
ServerWebExchange otherStateExchange = this.exchange.mutate()
.request(otherState)
.build();
Mono<OAuth2AuthorizationRequest> saveAndRemove = this.repository
.saveAuthorizationRequest(this.authorizationRequest, this.exchange)
.then(this.repository.removeAuthorizationRequest(otherStateExchange));
StepVerifier.create(saveAndRemove)
.verifyComplete();
}
@Test @Test
public void removeAuthorizationRequestWhenMultipleThenOnlyOneRemoved() { public void removeAuthorizationRequestWhenMultipleThenOnlyOneRemoved() {
String oldState = "state0"; String oldState = "state0";