Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove state assertion when loading OAuth2AuthorizationRequest 

Fixes gh-5163
This commit is contained in:
Joe Grandja 2018-03-27 17:16:18 -04:00
parent ec46b7dbe1
commit ce2f669245
2 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
View File

@ -44,8 +44,10 @@ public final class HttpSessionOAuth2AuthorizationRequestRepository implements Au
@Override
public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
Assert.notNull(request, "request cannot be null");
String stateParameter = getStateParameter(request);
Assert.hasText(stateParameter, "state parameter cannot be empty");
String stateParameter = this.getStateParameter(request);
if (stateParameter == null) {
return null;
}
Map<String, OAuth2AuthorizationRequest> authorizationRequests = this.getAuthorizationRequests(request);
return authorizationRequests.get(stateParameter);
}
@ -69,7 +71,7 @@ public final class HttpSessionOAuth2AuthorizationRequestRepository implements Au
@Override
public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) {
Assert.notNull(request, "request cannot be null");
String stateParameter = getStateParameter(request);
String stateParameter = this.getStateParameter(request);
if (stateParameter == null) {
return null;
}

11
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
View File

@ -15,9 +15,6 @@
*/
package org.springframework.security.oauth2.client.web;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.junit.MockitoJUnitRunner;
@ -30,6 +27,9 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import java.util.HashMap;
import java.util.Map;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
/**
* Tests for {@link HttpSessionOAuth2AuthorizationRequestRepository}.
*
@ -107,15 +107,14 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
}
@Test
public void loadAuthorizationRequestWhenSavedAndStateParameterNullThenThrowIllegalArgumentException() {
public void loadAuthorizationRequestWhenSavedAndStateParameterNullThenReturnNull() {
MockHttpServletRequest request = new MockHttpServletRequest();
OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
this.authorizationRequestRepository.saveAuthorizationRequest(
authorizationRequest, request, new MockHttpServletResponse());
assertThatThrownBy(() -> this.authorizationRequestRepository.loadAuthorizationRequest(request))
.isInstanceOf(IllegalArgumentException.class);
assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(request)).isNull();
}
@Test