Fixes spring-projectsgh-5760

- Check for query parameters in the authorization uri
and pass them as additional parameters to the Oauth2Authorization
request builder

Author: mlevkovsky

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java

@@ -96,6 +96,12 @@ private OAuth2AuthorizationRequest resolve(HttpServletRequest request, String re
 		if (registrationId == null) {
 			return null;
 		}
+		String[] params = new String[0];
+		if (registrationId.contains("?")) {
+			String[] explodedURI = registrationId.split("\\?");
+			registrationId = registrationId.split("\\?")[0];
+			params = explodedURI[1].split("&");
+		}
 
 		ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
 		if (clientRegistration == null) {
@@ -117,6 +123,10 @@ private OAuth2AuthorizationRequest resolve(HttpServletRequest request, String re
 
 		Map<String, Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
+		for(String param : params){
+			int idx = param.indexOf("=");
+			additionalParameters.put(param.substring(0, idx),param.substring(idx + 1));
+		}
 
 		OAuth2AuthorizationRequest authorizationRequest = builder
 				.clientId(clientRegistration.getClientId())

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java

@@ -27,9 +27,7 @@
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.assertj.core.api.Assertions.entry;
+import static org.assertj.core.api.Assertions.*;
 
 /**
  * Tests for {@link DefaultOAuth2AuthorizationRequestResolver}.
@@ -226,4 +224,37 @@ public void resolveWhenAuthorizationRequestHasActionParameterLoginThenRedirectUr
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id-2&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id-2");
 	}
+
+	//gh-5760
+	@Test
+	public void resolveWhenAuthorizationUriHasQueryParametersThenAuthorizationURIIncludesAdditionalQueryParameters() {
+		String queryParams = "queryparam=test&queryparam2=test&queryparam3=a test with spaces";
+		ClientRegistration clientRegistration = this.registration2;
+		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId()+"?"+queryParams;
+
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
+		request.setServletPath(requestUri);
+
+		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
+
+		assertThat(authorizationRequest.getAdditionalParameters()).isNotEmpty();
+		assertThat(authorizationRequest.getAdditionalParameters().size()).isEqualTo(4);
+		assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id-2&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id-2&queryparam=test&queryparam3=a\\+test\\+with\\+spaces&queryparam2=test");
+	}
+
+	@Test
+	public void resolveWhenAuthorizationUriIsMalformedWithMultipleQueryParametersThenIgnoresBadInput() {
+		String queryParams = "queryparam=test&queryparam2=test?badparam=param";
+		ClientRegistration clientRegistration = this.registration2;
+		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId()+"?"+queryParams;
+
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
+		request.setServletPath(requestUri);
+
+		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
+
+		assertThat(authorizationRequest.getAdditionalParameters()).isNotEmpty();
+		assertThat(authorizationRequest.getAdditionalParameters().size()).isEqualTo(3);
+		assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id-2&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id-2&queryparam=test&queryparam2=test");
+	}
 }