From 3564eb30ba5b53f2973d63916d4aa32a7b6dc313 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Lindstr=C3=B6m?= Date: Wed, 31 May 2023 20:18:35 +0200 Subject: [PATCH 1/2] Fix to save all values for multi-valued request parameters Fixes gh-1250 --- ...ionCodeRequestAuthenticationConverter.java | 2 +- ...odeRequestAuthenticationConverterTest.java | 88 +++++++++++++++++++ 2 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverterTest.java diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverter.java index 6431a3be8..f89ff3d70 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverter.java @@ -138,7 +138,7 @@ public Authentication convert(HttpServletRequest request) { !key.equals(OAuth2ParameterNames.REDIRECT_URI) && !key.equals(OAuth2ParameterNames.SCOPE) && !key.equals(OAuth2ParameterNames.STATE)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverterTest.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverterTest.java new file mode 100644 index 000000000..713891294 --- /dev/null +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverterTest.java @@ -0,0 +1,88 @@ +/* + * Copyright 2023 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.server.authorization.web.authentication; + +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import org.springframework.http.HttpMethod; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; +import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken; + +import static org.assertj.core.api.Assertions.assertThat; + +/** + * Tests for {@link OAuth2AuthorizationCodeRequestAuthenticationConverter}. + * + * @author Martin Lindström + */ +public class OAuth2AuthorizationCodeRequestAuthenticationConverterTest { + + private static final String AUTHORIZATION_URI = "/oauth2/authorize"; + private static final String CLIENT_ID = "client-1"; + private static final String REDIRECT_URI = "https://client.example.com/callback"; + + private OAuth2AuthorizationCodeRequestAuthenticationConverter converter; + + @BeforeEach + public void setUp() { + this.converter = new OAuth2AuthorizationCodeRequestAuthenticationConverter(); + } + + @AfterEach + public void tearDown() { + SecurityContextHolder.clearContext(); + } + + @Test + public void convertWhenUnknownParametersHaveMultipleValuesThenReturnOAuth2AuthorizationCodeRequestAuthenticationToken() { + MockHttpServletRequest request = createRequest(); + request.addParameter(OAuth2ParameterNames.RESPONSE_TYPE, OAuth2AuthorizationResponseType.CODE.getValue()); + request.addParameter(OAuth2ParameterNames.CLIENT_ID, CLIENT_ID); + request.addParameter(OAuth2ParameterNames.REDIRECT_URI, REDIRECT_URI); + request.addParameter(OAuth2ParameterNames.SCOPE, "message.read message.write"); + request.addParameter(OAuth2ParameterNames.STATE, "qwerty123"); + request.addParameter("foo", "foo-value"); + request.addParameter("bar", "value1", "value2"); + + OAuth2AuthorizationCodeRequestAuthenticationToken authentication = + (OAuth2AuthorizationCodeRequestAuthenticationToken) this.converter.convert(request); + assertThat(authentication).isNotNull(); + assertThat(authentication.getPrincipal()).isNotNull(); + assertThat(authentication.getAuthorizationUri()).endsWith(AUTHORIZATION_URI); + assertThat(authentication.getClientId()).isEqualTo(CLIENT_ID); + assertThat(authentication.getRedirectUri()).isEqualTo(REDIRECT_URI); + assertThat(authentication.getScopes()).containsExactly("message.read", "message.write"); + assertThat(authentication.getState()).isEqualTo("qwerty123"); + assertThat(authentication.getAdditionalParameters()).hasSize(2); + assertThat(authentication.getAdditionalParameters().get("foo")).isEqualTo("foo-value"); + assertThat(authentication.getAdditionalParameters().get("bar")).isInstanceOf(String[].class); + assertThat((String[]) authentication.getAdditionalParameters().get("bar")).containsExactly("value1", "value2"); + } + + private static MockHttpServletRequest createRequest() { + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setMethod(HttpMethod.GET.name()); + request.setRequestURI(AUTHORIZATION_URI); + return request; + } + +} From d8bf560f7212eeba98d38df1ef6231d88bf8453b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Lindstr=C3=B6m?= Date: Tue, 13 Jun 2023 11:02:56 +0200 Subject: [PATCH 2/2] Handling of request parameters with multiple values in converters --- ...horizationCodeAuthenticationConverter.java | 2 +- ...izationConsentAuthenticationConverter.java | 2 +- ...entCredentialsAuthenticationConverter.java | 2 +- ...izationConsentAuthenticationConverter.java | 2 +- ...izationRequestAuthenticationConverter.java | 2 +- ...uth2DeviceCodeAuthenticationConverter.java | 2 +- ...ceVerificationAuthenticationConverter.java | 2 +- .../authentication/OAuth2EndpointUtils.java | 8 +- ...h2RefreshTokenAuthenticationConverter.java | 2 +- ...nIntrospectionAuthenticationConverter.java | 2 +- .../PublicClientAuthenticationConverter.java | 8 +- ...Auth2AuthorizationEndpointFilterTests.java | 8 ++ ...eviceAuthorizationEndpointFilterTests.java | 4 +- ...DeviceVerificationEndpointFilterTests.java | 3 +- .../web/OAuth2TokenEndpointFilterTests.java | 12 ++- ...TokenIntrospectionEndpointFilterTests.java | 4 +- ...cretBasicAuthenticationConverterTests.java | 4 +- ...ecretPostAuthenticationConverterTests.java | 4 +- ...AssertionAuthenticationConverterTests.java | 6 +- ...odeRequestAuthenticationConverterTest.java | 88 ------------------- ...onConsentAuthenticationConverterTests.java | 5 +- ...onRequestAuthenticationConverterTests.java | 5 +- ...eviceCodeAuthenticationConverterTests.java | 5 +- ...ificationAuthenticationConverterTests.java | 5 +- ...licClientAuthenticationConverterTests.java | 6 +- 25 files changed, 73 insertions(+), 120 deletions(-) delete mode 100644 oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverterTest.java diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java index 9beb954f1..6c7e32230 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeAuthenticationConverter.java @@ -84,7 +84,7 @@ public Authentication convert(HttpServletRequest request) { !key.equals(OAuth2ParameterNames.CLIENT_ID) && !key.equals(OAuth2ParameterNames.CODE) && !key.equals(OAuth2ParameterNames.REDIRECT_URI)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationConsentAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationConsentAuthenticationConverter.java index ca0e8e14d..560fbc6fb 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationConsentAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationConsentAuthenticationConverter.java @@ -93,7 +93,7 @@ public Authentication convert(HttpServletRequest request) { if (!key.equals(OAuth2ParameterNames.CLIENT_ID) && !key.equals(OAuth2ParameterNames.STATE) && !key.equals(OAuth2ParameterNames.SCOPE)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java index 6bcace6f8..a9ac97cde 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2ClientCredentialsAuthenticationConverter.java @@ -79,7 +79,7 @@ public Authentication convert(HttpServletRequest request) { parameters.forEach((key, value) -> { if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) && !key.equals(OAuth2ParameterNames.SCOPE)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverter.java index d66523769..35538f9c3 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverter.java @@ -110,7 +110,7 @@ public Authentication convert(HttpServletRequest request) { !key.equals(OAuth2ParameterNames.USER_CODE) && !key.equals(OAuth2ParameterNames.STATE) && !key.equals(OAuth2ParameterNames.SCOPE)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverter.java index dfb23c98a..ff067ec33 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverter.java @@ -75,7 +75,7 @@ public Authentication convert(HttpServletRequest request) { parameters.forEach((key, value) -> { if (!key.equals(OAuth2ParameterNames.CLIENT_ID) && !key.equals(OAuth2ParameterNames.SCOPE)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverter.java index 8738b21ef..8cd919677 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverter.java @@ -74,7 +74,7 @@ public Authentication convert(HttpServletRequest request) { if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) && !key.equals(OAuth2ParameterNames.CLIENT_ID) && !key.equals(OAuth2ParameterNames.DEVICE_CODE)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverter.java index b5248352d..fa6f06c6e 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverter.java @@ -80,7 +80,7 @@ public Authentication convert(HttpServletRequest request) { Map additionalParameters = new HashMap<>(); parameters.forEach((key, value) -> { if (!key.equals(OAuth2ParameterNames.USER_CODE)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2EndpointUtils.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2EndpointUtils.java index 8d8ca979d..cd35d0877 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2EndpointUtils.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2EndpointUtils.java @@ -16,8 +16,8 @@ package org.springframework.security.oauth2.server.authorization.web.authentication; import java.util.Collections; -import java.util.HashMap; import java.util.Map; +import java.util.stream.Collectors; import jakarta.servlet.http.HttpServletRequest; @@ -59,11 +59,13 @@ static Map getParametersIfMatchesAuthorizationCodeGrantRequest(H if (!matchesAuthorizationCodeGrantRequest(request)) { return Collections.emptyMap(); } - Map parameters = new HashMap<>(getParameters(request).toSingleValueMap()); + MultiValueMap parameters = getParameters(request); for (String exclusion : exclusions) { parameters.remove(exclusion); } - return parameters; + return parameters.entrySet().stream() + .collect(Collectors.toMap(Map.Entry::getKey, + e -> e.getValue().size() == 1 ? e.getValue().get(0) : e.getValue().toArray(new String[0]))); } static boolean matchesAuthorizationCodeGrantRequest(HttpServletRequest request) { diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java index 0ff786de5..630c375db 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.java @@ -90,7 +90,7 @@ public Authentication convert(HttpServletRequest request) { if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) && !key.equals(OAuth2ParameterNames.REFRESH_TOKEN) && !key.equals(OAuth2ParameterNames.SCOPE)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2TokenIntrospectionAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2TokenIntrospectionAuthenticationConverter.java index 4039e1e5f..cdc7de739 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2TokenIntrospectionAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2TokenIntrospectionAuthenticationConverter.java @@ -69,7 +69,7 @@ public Authentication convert(HttpServletRequest request) { parameters.forEach((key, value) -> { if (!key.equals(OAuth2ParameterNames.TOKEN) && !key.equals(OAuth2ParameterNames.TOKEN_TYPE_HINT)) { - additionalParameters.put(key, value.get(0)); + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); } }); diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/PublicClientAuthenticationConverter.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/PublicClientAuthenticationConverter.java index a4c36198e..ca3aab2a3 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/PublicClientAuthenticationConverter.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/PublicClientAuthenticationConverter.java @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.server.authorization.web.authentication; import java.util.HashMap; +import java.util.Map; import jakarta.servlet.http.HttpServletRequest; @@ -68,7 +69,12 @@ public Authentication convert(HttpServletRequest request) { parameters.remove(OAuth2ParameterNames.CLIENT_ID); + Map additionalParameters = new HashMap<>(); + parameters.forEach((key, value) -> { + additionalParameters.put(key, value.size() == 1 ? value.get(0) : value.toArray(new String[0])); + }); + return new OAuth2ClientAuthenticationToken(clientId, ClientAuthenticationMethod.NONE, null, - new HashMap<>(parameters.toSingleValueMap())); + additionalParameters); } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilterTests.java index a83e36309..c0931303b 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilterTests.java @@ -589,6 +589,8 @@ public void doFilterWhenAuthorizationRequestAuthenticatedThenAuthorizationRespon .thenReturn(authorizationCodeRequestAuthenticationResult); MockHttpServletRequest request = createAuthorizationRequest(registeredClient); + request.addParameter("foo", "value1", "value2"); + MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); @@ -603,6 +605,12 @@ public void doFilterWhenAuthorizationRequestAuthenticatedThenAuthorizationRespon .asInstanceOf(type(WebAuthenticationDetails.class)) .extracting(WebAuthenticationDetails::getRemoteAddress) .isEqualTo(REMOTE_ADDRESS); + + // Assert that multi-valued request parameters are preserved + assertThat(authorizationCodeRequestAuthenticationCaptor.getValue().getAdditionalParameters()) + .extracting(ap -> ap.get("foo")) + .asInstanceOf(type(String[].class)) + .isEqualTo(new String[] { "value1", "value2" }); assertThat(response.getStatus()).isEqualTo(HttpStatus.FOUND.value()); assertThat(response.getRedirectedUrl()).isEqualTo( "https://example.com?param=encoded%20parameter%20value&code=code&state=client%20state"); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceAuthorizationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceAuthorizationEndpointFilterTests.java index 8a3193f63..9f7a89290 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceAuthorizationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceAuthorizationEndpointFilterTests.java @@ -195,6 +195,7 @@ public void doFilterWhenDeviceAuthorizationRequestThenDeviceAuthorizationRespons MockHttpServletRequest request = createRequest(); request.addParameter("custom-param-1", "custom-value-1"); + request.addParameter("custom-param-2", "custom-value-2a", "custom-value-2b"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.filter.doFilter(request, response, filterChain); @@ -211,7 +212,8 @@ public void doFilterWhenDeviceAuthorizationRequestThenDeviceAuthorizationRespons assertThat(deviceAuthorizationRequestAuthentication.getPrincipal()).isEqualTo(clientPrincipal); assertThat(deviceAuthorizationRequestAuthentication.getScopes()).isEmpty(); assertThat(deviceAuthorizationRequestAuthentication.getAdditionalParameters()) - .containsExactly(entry("custom-param-1", "custom-value-1")); + .containsExactly(entry("custom-param-1", "custom-value-1"), + entry("custom-param-2", new String[] { "custom-value-2a", "custom-value-2b" })); // @formatter:off assertThat(deviceAuthorizationRequestAuthentication.getDetails()) .asInstanceOf(type(WebAuthenticationDetails.class)) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceVerificationEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceVerificationEndpointFilterTests.java index 94e826681..61340ae61 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceVerificationEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceVerificationEndpointFilterTests.java @@ -187,6 +187,7 @@ public void doFilterWhenDeviceAuthorizationConsentRequestThenSuccess() throws Ex request.addParameter(OAuth2ParameterNames.STATE, STATE); request.addParameter(OAuth2ParameterNames.USER_CODE, USER_CODE); request.addParameter("custom-param-1", "custom-value-1"); + request.addParameter("custom-param-2", "custom-value-2a", "custom-value-2b"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.filter.doFilter(request, response, filterChain); @@ -207,7 +208,7 @@ public void doFilterWhenDeviceAuthorizationConsentRequestThenSuccess() throws Ex assertThat(deviceAuthorizationConsentAuthentication.getUserCode()).isEqualTo(USER_CODE); assertThat(deviceAuthorizationConsentAuthentication.getScopes()).containsExactly("scope-1", "scope-2"); assertThat(deviceAuthorizationConsentAuthentication.getAdditionalParameters()) - .containsExactly(entry("custom-param-1", "custom-value-1")); + .containsExactly(entry("custom-param-1", "custom-value-1"), entry("custom-param-2", new String[]{ "custom-value-2a", "custom-value-2b" })); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java index 5f1de9fff..9049190e2 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilterTests.java @@ -273,7 +273,8 @@ public void doFilterWhenAuthorizationCodeTokenRequestThenAccessTokenResponse() t assertThat(authorizationCodeAuthentication.getRedirectUri()).isEqualTo( request.getParameter(OAuth2ParameterNames.REDIRECT_URI)); assertThat(authorizationCodeAuthentication.getAdditionalParameters()) - .containsExactly(entry("custom-param-1", "custom-value-1")); + .containsExactly(entry("custom-param-1", "custom-value-1"), + entry("custom-param-2", new String[]{ "custom-value-2a", "custom-value-2b" })); assertThat(authorizationCodeAuthentication.getDetails()) .asInstanceOf(type(WebAuthenticationDetails.class)) .extracting(WebAuthenticationDetails::getRemoteAddress) @@ -340,7 +341,8 @@ public void doFilterWhenClientCredentialsTokenRequestThenAccessTokenResponse() t assertThat(clientCredentialsAuthentication.getPrincipal()).isEqualTo(clientPrincipal); assertThat(clientCredentialsAuthentication.getScopes()).isEqualTo(registeredClient.getScopes()); assertThat(clientCredentialsAuthentication.getAdditionalParameters()) - .containsExactly(entry("custom-param-1", "custom-value-1")); + .containsExactly(entry("custom-param-1", "custom-value-1"), + entry("custom-param-2", new String[]{ "custom-value-2a", "custom-value-2b" })); assertThat(clientCredentialsAuthentication.getDetails()) .asInstanceOf(type(WebAuthenticationDetails.class)) .extracting(WebAuthenticationDetails::getRemoteAddress) @@ -430,7 +432,8 @@ public void doFilterWhenRefreshTokenRequestThenAccessTokenResponse() throws Exce assertThat(refreshTokenAuthenticationToken.getPrincipal()).isEqualTo(clientPrincipal); assertThat(refreshTokenAuthenticationToken.getScopes()).isEqualTo(registeredClient.getScopes()); assertThat(refreshTokenAuthenticationToken.getAdditionalParameters()) - .containsExactly(entry("custom-param-1", "custom-value-1")); + .containsExactly(entry("custom-param-1", "custom-value-1"), + entry("custom-param-2", new String[]{ "custom-value-2a", "custom-value-2b" })); assertThat(refreshTokenAuthenticationToken.getDetails()) .asInstanceOf(type(WebAuthenticationDetails.class)) .extracting(WebAuthenticationDetails::getRemoteAddress) @@ -613,6 +616,7 @@ private static MockHttpServletRequest createAuthorizationCodeTokenRequest(Regist // The client does not need to send the client ID param, but we are resilient in case they do request.addParameter(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()); request.addParameter("custom-param-1", "custom-value-1"); + request.addParameter("custom-param-2", "custom-value-2a", "custom-value-2b"); return request; } @@ -627,6 +631,7 @@ private static MockHttpServletRequest createClientCredentialsTokenRequest(Regist request.addParameter(OAuth2ParameterNames.SCOPE, StringUtils.collectionToDelimitedString(registeredClient.getScopes(), " ")); request.addParameter("custom-param-1", "custom-value-1"); + request.addParameter("custom-param-2", "custom-value-2a", "custom-value-2b"); return request; } @@ -642,6 +647,7 @@ private static MockHttpServletRequest createRefreshTokenTokenRequest(RegisteredC request.addParameter(OAuth2ParameterNames.SCOPE, StringUtils.collectionToDelimitedString(registeredClient.getScopes(), " ")); request.addParameter("custom-param-1", "custom-value-1"); + request.addParameter("custom-param-2", "custom-value-2a", "custom-value-2b"); return request; } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenIntrospectionEndpointFilterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenIntrospectionEndpointFilterTests.java index cb5d2382e..220fa409e 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenIntrospectionEndpointFilterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenIntrospectionEndpointFilterTests.java @@ -219,7 +219,7 @@ public void doFilterWhenTokenIntrospectionRequestValidThenSuccessResponse() thro MockHttpServletRequest request = createTokenIntrospectionRequest( accessToken.getTokenValue(), OAuth2TokenType.ACCESS_TOKEN.getValue()); request.addParameter("custom-param-1", "custom-value-1"); - request.addParameter("custom-param-2", "custom-value-2"); + request.addParameter("custom-param-2", "custom-value-2a", "custom-value-2b"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); @@ -236,7 +236,7 @@ public void doFilterWhenTokenIntrospectionRequestValidThenSuccessResponse() thro assertThat(tokenIntrospectionAuthentication.getValue().getAdditionalParameters()) .contains( entry("custom-param-1", "custom-value-1"), - entry("custom-param-2", "custom-value-2")); + entry("custom-param-2", new String[]{"custom-value-2a", "custom-value-2b"})); OAuth2TokenIntrospection tokenIntrospectionResponse = readTokenIntrospectionResponse(response); assertThat(tokenIntrospectionResponse.isActive()).isEqualTo(tokenClaims.isActive()); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretBasicAuthenticationConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretBasicAuthenticationConverterTests.java index 17a52f61d..ccb3898cc 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretBasicAuthenticationConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretBasicAuthenticationConverterTests.java @@ -106,6 +106,7 @@ public void convertWhenAuthorizationHeaderBasicWithValidCredentialsThenReturnCli @Test public void convertWhenConfidentialClientWithPkceParametersThenAdditionalParametersIncluded() throws Exception { MockHttpServletRequest request = createPkceTokenRequest(); + request.addParameter("custom-param-1", "custom-value-1a", "custom-value-1b"); request.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + encodeBasicAuth("clientId", "secret")); OAuth2ClientAuthenticationToken authentication = (OAuth2ClientAuthenticationToken) this.converter.convert(request); assertThat(authentication.getPrincipal()).isEqualTo("clientId"); @@ -115,7 +116,8 @@ public void convertWhenConfidentialClientWithPkceParametersThenAdditionalParamet .containsOnly( entry(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.AUTHORIZATION_CODE.getValue()), entry(OAuth2ParameterNames.CODE, "code"), - entry(PkceParameterNames.CODE_VERIFIER, "code-verifier-1")); + entry(PkceParameterNames.CODE_VERIFIER, "code-verifier-1"), + entry("custom-param-1", new String[] { "custom-value-1a", "custom-value-1b" })); } private static String encodeBasicAuth(String clientId, String secret) throws Exception { diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretPostAuthenticationConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretPostAuthenticationConverterTests.java index 5f0a96d93..07b6b6c54 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretPostAuthenticationConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretPostAuthenticationConverterTests.java @@ -95,6 +95,7 @@ public void convertWhenConfidentialClientWithPkceParametersThenAdditionalParamet MockHttpServletRequest request = createPkceTokenRequest(); request.addParameter(OAuth2ParameterNames.CLIENT_ID, "client-1"); request.addParameter(OAuth2ParameterNames.CLIENT_SECRET, "client-secret"); + request.addParameter("custom-param-1", "custom-value-1a", "custom-value-1b"); OAuth2ClientAuthenticationToken authentication = (OAuth2ClientAuthenticationToken) this.converter.convert(request); assertThat(authentication.getPrincipal()).isEqualTo("client-1"); assertThat(authentication.getCredentials()).isEqualTo("client-secret"); @@ -103,7 +104,8 @@ public void convertWhenConfidentialClientWithPkceParametersThenAdditionalParamet .containsOnly( entry(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.AUTHORIZATION_CODE.getValue()), entry(OAuth2ParameterNames.CODE, "code"), - entry(PkceParameterNames.CODE_VERIFIER, "code-verifier-1")); + entry(PkceParameterNames.CODE_VERIFIER, "code-verifier-1"), + entry("custom-param-1", new String[] { "custom-value-1a", "custom-value-1b" })); } private static MockHttpServletRequest createPkceTokenRequest() { diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/JwtClientAssertionAuthenticationConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/JwtClientAssertionAuthenticationConverterTests.java index 38cec8633..470a7f805 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/JwtClientAssertionAuthenticationConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/JwtClientAssertionAuthenticationConverterTests.java @@ -107,6 +107,8 @@ public void convertWhenJwtAssertionThenReturnClientAuthenticationToken() { request.addParameter(OAuth2ParameterNames.CLIENT_ID, "client-1"); request.addParameter(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); request.addParameter(OAuth2ParameterNames.CODE, "code"); + request.addParameter("custom-param-1", "custom-value-1"); + request.addParameter("custom-param-2", "custom-value-2a", "custom-value-2b"); OAuth2ClientAuthenticationToken authentication = (OAuth2ClientAuthenticationToken) this.converter.convert(request); assertThat(authentication.getPrincipal()).isEqualTo("client-1"); assertThat(authentication.getCredentials()).isEqualTo("jwt-assertion"); @@ -114,7 +116,9 @@ public void convertWhenJwtAssertionThenReturnClientAuthenticationToken() { assertThat(authentication.getAdditionalParameters()) .containsOnly( entry(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.AUTHORIZATION_CODE.getValue()), - entry(OAuth2ParameterNames.CODE, "code")); + entry(OAuth2ParameterNames.CODE, "code"), + entry("custom-param-1", "custom-value-1"), + entry("custom-param-2", new String[] {"custom-value-2a", "custom-value-2b"})); } private void assertThrown(MockHttpServletRequest request, String errorCode) { diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverterTest.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverterTest.java deleted file mode 100644 index 713891294..000000000 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2AuthorizationCodeRequestAuthenticationConverterTest.java +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright 2023 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.server.authorization.web.authentication; - -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import org.springframework.http.HttpMethod; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; -import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; -import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken; - -import static org.assertj.core.api.Assertions.assertThat; - -/** - * Tests for {@link OAuth2AuthorizationCodeRequestAuthenticationConverter}. - * - * @author Martin Lindström - */ -public class OAuth2AuthorizationCodeRequestAuthenticationConverterTest { - - private static final String AUTHORIZATION_URI = "/oauth2/authorize"; - private static final String CLIENT_ID = "client-1"; - private static final String REDIRECT_URI = "https://client.example.com/callback"; - - private OAuth2AuthorizationCodeRequestAuthenticationConverter converter; - - @BeforeEach - public void setUp() { - this.converter = new OAuth2AuthorizationCodeRequestAuthenticationConverter(); - } - - @AfterEach - public void tearDown() { - SecurityContextHolder.clearContext(); - } - - @Test - public void convertWhenUnknownParametersHaveMultipleValuesThenReturnOAuth2AuthorizationCodeRequestAuthenticationToken() { - MockHttpServletRequest request = createRequest(); - request.addParameter(OAuth2ParameterNames.RESPONSE_TYPE, OAuth2AuthorizationResponseType.CODE.getValue()); - request.addParameter(OAuth2ParameterNames.CLIENT_ID, CLIENT_ID); - request.addParameter(OAuth2ParameterNames.REDIRECT_URI, REDIRECT_URI); - request.addParameter(OAuth2ParameterNames.SCOPE, "message.read message.write"); - request.addParameter(OAuth2ParameterNames.STATE, "qwerty123"); - request.addParameter("foo", "foo-value"); - request.addParameter("bar", "value1", "value2"); - - OAuth2AuthorizationCodeRequestAuthenticationToken authentication = - (OAuth2AuthorizationCodeRequestAuthenticationToken) this.converter.convert(request); - assertThat(authentication).isNotNull(); - assertThat(authentication.getPrincipal()).isNotNull(); - assertThat(authentication.getAuthorizationUri()).endsWith(AUTHORIZATION_URI); - assertThat(authentication.getClientId()).isEqualTo(CLIENT_ID); - assertThat(authentication.getRedirectUri()).isEqualTo(REDIRECT_URI); - assertThat(authentication.getScopes()).containsExactly("message.read", "message.write"); - assertThat(authentication.getState()).isEqualTo("qwerty123"); - assertThat(authentication.getAdditionalParameters()).hasSize(2); - assertThat(authentication.getAdditionalParameters().get("foo")).isEqualTo("foo-value"); - assertThat(authentication.getAdditionalParameters().get("bar")).isInstanceOf(String[].class); - assertThat((String[]) authentication.getAdditionalParameters().get("bar")).containsExactly("value1", "value2"); - } - - private static MockHttpServletRequest createRequest() { - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setMethod(HttpMethod.GET.name()); - request.setRequestURI(AUTHORIZATION_URI); - return request; - } - -} diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverterTests.java index c22cb0232..4b7be29c4 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverterTests.java @@ -246,7 +246,7 @@ public void convertWhenAllParametersThenReturnDeviceAuthorizationConsentAuthenti request.addParameter(OAuth2ParameterNames.SCOPE, "message.read"); request.addParameter(OAuth2ParameterNames.SCOPE, "message.write"); request.addParameter("param-1", "value-1"); - request.addParameter("param-2", "value-2"); + request.addParameter("param-2", "value-2", "value-2b"); SecurityContextImpl securityContext = new SecurityContextImpl(); securityContext.setAuthentication(new TestingAuthenticationToken("user", null)); @@ -261,7 +261,8 @@ public void convertWhenAllParametersThenReturnDeviceAuthorizationConsentAuthenti assertThat(authentication.getUserCode()).isEqualTo(USER_CODE); assertThat(authentication.getScopes()).containsExactly("message.read", "message.write"); assertThat(authentication.getAdditionalParameters()) - .containsExactly(entry("param-1", "value-1"), entry("param-2", "value-2")); + .containsExactly(entry("param-1", "value-1"), + entry("param-2", new String[]{"value-2", "value-2b"})); } @Test diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverterTests.java index 147f74098..9790d5858 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverterTests.java @@ -95,7 +95,7 @@ public void convertWhenAllParametersThenReturnDeviceAuthorizationRequestAuthenti request.addParameter(OAuth2ParameterNames.CLIENT_ID, CLIENT_ID); request.addParameter(OAuth2ParameterNames.SCOPE, "message.read message.write"); request.addParameter("param-1", "value-1"); - request.addParameter("param-2", "value-2"); + request.addParameter("param-2", "value-2", "value-2b"); SecurityContextImpl securityContext = new SecurityContextImpl(); securityContext.setAuthentication(new TestingAuthenticationToken(CLIENT_ID, null)); @@ -108,7 +108,8 @@ public void convertWhenAllParametersThenReturnDeviceAuthorizationRequestAuthenti assertThat(authentication.getAuthorizationUri()).endsWith(AUTHORIZATION_URI); assertThat(authentication.getScopes()).containsExactly("message.read", "message.write"); assertThat(authentication.getAdditionalParameters()) - .containsExactly(entry("param-1", "value-1"), entry("param-2", "value-2")); + .containsExactly(entry("param-1", "value-1"), + entry("param-2", new String[]{"value-2", "value-2b"})); } private static MockHttpServletRequest createRequest() { diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverterTests.java index 605dc7b63..2788421b3 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverterTests.java @@ -102,7 +102,7 @@ public void convertWhenAllParametersThenReturnDeviceCodeAuthenticationToken() { request.addParameter(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.DEVICE_CODE.getValue()); request.addParameter(OAuth2ParameterNames.DEVICE_CODE, DEVICE_CODE); request.addParameter("param-1", "value-1"); - request.addParameter("param-2", "value-2"); + request.addParameter("param-2", "value-2", "value-2b"); SecurityContextImpl securityContext = new SecurityContextImpl(); securityContext.setAuthentication(new TestingAuthenticationToken(CLIENT_ID, null)); @@ -114,7 +114,8 @@ public void convertWhenAllParametersThenReturnDeviceCodeAuthenticationToken() { assertThat(authentication.getDeviceCode()).isEqualTo(DEVICE_CODE); assertThat(authentication.getPrincipal()).isInstanceOf(TestingAuthenticationToken.class); assertThat(authentication.getAdditionalParameters()) - .containsExactly(entry("param-1", "value-1"), entry("param-2", "value-2")); + .containsExactly(entry("param-1", "value-1"), + entry("param-2", new String[]{"value-2", "value-2b"})); } private static MockHttpServletRequest createRequest() { diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverterTests.java index 639c7cca4..cafdac1db 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverterTests.java @@ -144,7 +144,7 @@ public void convertWhenAllParametersThenReturnDeviceVerificationAuthentication() MockHttpServletRequest request = createRequest(); request.addParameter(OAuth2ParameterNames.USER_CODE, USER_CODE); request.addParameter("param-1", "value-1"); - request.addParameter("param-2", "value-2"); + request.addParameter("param-2", "value-2", "value-2b"); SecurityContextImpl securityContext = new SecurityContextImpl(); securityContext.setAuthentication(new TestingAuthenticationToken("user", null)); @@ -156,7 +156,8 @@ public void convertWhenAllParametersThenReturnDeviceVerificationAuthentication() assertThat(authentication.getPrincipal()).isInstanceOf(TestingAuthenticationToken.class); assertThat(authentication.getUserCode()).isEqualTo(USER_CODE); assertThat(authentication.getAdditionalParameters()) - .containsExactly(entry("param-1", "value-1"), entry("param-2", "value-2")); + .containsExactly(entry("param-1", "value-1"), + entry("param-2", new String[]{"value-2", "value-2b"})); } private static MockHttpServletRequest createRequest() { diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/PublicClientAuthenticationConverterTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/PublicClientAuthenticationConverterTests.java index 5518b575d..557ec1ffa 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/PublicClientAuthenticationConverterTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/PublicClientAuthenticationConverterTests.java @@ -82,6 +82,8 @@ public void convertWhenMultipleCodeVerifierThenInvalidRequestError() { @Test public void convertWhenPublicClientThenReturnClientAuthenticationToken() { MockHttpServletRequest request = createPkceTokenRequest(); + request.addParameter("param-1", "value-1"); + request.addParameter("param-2", "value-2", "value-2b"); OAuth2ClientAuthenticationToken authentication = (OAuth2ClientAuthenticationToken) this.converter.convert(request); assertThat(authentication.getPrincipal()).isEqualTo("client-1"); assertThat(authentication.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.NONE); @@ -89,7 +91,9 @@ public void convertWhenPublicClientThenReturnClientAuthenticationToken() { .containsOnly( entry(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.AUTHORIZATION_CODE.getValue()), entry(OAuth2ParameterNames.CODE, "code"), - entry(PkceParameterNames.CODE_VERIFIER, "code-verifier-1")); + entry(PkceParameterNames.CODE_VERIFIER, "code-verifier-1"), + entry("param-1", "value-1"), + entry("param-2", new String[] {"value-2", "value-2b"})); } private static MockHttpServletRequest createPkceTokenRequest() {