diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java index 8c4d6327aa5..bda8e65d7b2 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -146,14 +146,14 @@ public void configureWhenAuthorizationCodeResponseSuccessThenAuthorizedClientSav this.spring.register(OAuth2ClientConfig.class).autowire(); // Setup the Authorization Request in the session - Map additionalParameters = new HashMap<>(); - additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId()); + Map attributes = new HashMap<>(); + attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri()) .clientId(this.registration1.getClientId()) .redirectUri("http://localhost/client-1") .state("state") - .additionalParameters(additionalParameters) + .attributes(attributes) .build(); AuthorizationRequestRepository authorizationRequestRepository = diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java index 555f504dd5c..a3930989ee5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -473,7 +473,7 @@ private OAuth2AuthorizationRequest createOAuth2AuthorizationRequest(ClientRegist .clientId(registration.getClientId()) .state("state123") .redirectUri("http://localhost") - .additionalParameters( + .attributes( Collections.singletonMap( OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId())) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java index 91d28548c8b..953ece1b241 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -115,8 +115,8 @@ private OAuth2AuthorizationRequest resolve(HttpServletRequest request, String re String redirectUriStr = this.expandRedirectUri(request, clientRegistration, redirectUriAction); - Map additionalParameters = new HashMap<>(); - additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); + Map attributes = new HashMap<>(); + attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = builder .clientId(clientRegistration.getClientId()) @@ -124,7 +124,7 @@ private OAuth2AuthorizationRequest resolve(HttpServletRequest request, String re .redirectUri(redirectUriStr) .scopes(clientRegistration.getScopes()) .state(this.stateGenerator.generateKey()) - .additionalParameters(additionalParameters) + .attributes(attributes) .build(); return authorizationRequest; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java index eefcb563607..8dab8bd42bc 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -161,7 +161,7 @@ private void processAuthorizationResponse(HttpServletRequest request, HttpServle OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.removeAuthorizationRequest(request, response); - String registrationId = (String) authorizationRequest.getAdditionalParameters().get(OAuth2ParameterNames.REGISTRATION_ID); + String registrationId = authorizationRequest.getAttribute(OAuth2ParameterNames.REGISTRATION_ID); ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId); MultiValueMap params = OAuth2AuthorizationResponseUtils.toMultiMap(request.getParameterMap()); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java index e7f8a2c43a6..e359e035fff 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -165,7 +165,7 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } - String registrationId = (String) authorizationRequest.getAdditionalParameters().get(OAuth2ParameterNames.REGISTRATION_ID); + String registrationId = authorizationRequest.getAttribute(OAuth2ParameterNames.REGISTRATION_ID); ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId); if (clientRegistration == null) { OAuth2Error oauth2Error = new OAuth2Error(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE, diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java index a72a18c1bea..5cb18e6f90b 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -118,9 +118,8 @@ private OAuth2AuthorizationRequest authorizationRequest(ServerWebExchange exchan String redirectUriStr = this .expandRedirectUri(exchange.getRequest(), clientRegistration); - Map additionalParameters = new HashMap<>(); - additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, - clientRegistration.getRegistrationId()); + Map attributes = new HashMap<>(); + attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest.Builder builder; if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) { @@ -139,7 +138,7 @@ else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizat .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) .redirectUri(redirectUriStr).scopes(clientRegistration.getScopes()) .state(this.stateGenerator.generateKey()) - .additionalParameters(additionalParameters) + .attributes(attributes) .build(); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java index 27e8ceccc21..5d809cd89a4 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -85,9 +85,9 @@ private Mono oauth2AuthorizationException(String errorCode) { private Mono authenticationRequest(ServerWebExchange exchange, OAuth2AuthorizationRequest authorizationRequest) { return Mono.just(authorizationRequest) - .map(OAuth2AuthorizationRequest::getAdditionalParameters) - .flatMap(additionalParams -> { - String id = (String) additionalParams.get(OAuth2ParameterNames.REGISTRATION_ID); + .map(OAuth2AuthorizationRequest::getAttributes) + .flatMap(attributes -> { + String id = (String) attributes.get(OAuth2ParameterNames.REGISTRATION_ID); if (id == null) { return oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java index 22ced896ee2..348f5a1a422 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -105,7 +105,8 @@ public void resolveWhenAuthorizationRequestWithValidClientThenResolves() { .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); assertThat(authorizationRequest.getScopes()).isEqualTo(clientRegistration.getScopes()); assertThat(authorizationRequest.getState()).isNotNull(); - assertThat(authorizationRequest.getAdditionalParameters()) + assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID); + assertThat(authorizationRequest.getAttributes()) .containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + @@ -123,7 +124,7 @@ public void resolveWhenClientAuthorizationRequiredExceptionAvailableThenResolves OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId()); assertThat(authorizationRequest).isNotNull(); - assertThat(authorizationRequest.getAdditionalParameters()) + assertThat(authorizationRequest.getAttributes()) .containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java index 6b0bd666fd8..dbea1c65f32 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -402,15 +402,15 @@ public void doFilterWhenAuthorizationResponseHasNonDefaultPortThenRedirectUriMat private void setUpAuthorizationRequest(HttpServletRequest request, HttpServletResponse response, ClientRegistration registration, String state) { - Map additionalParameters = new HashMap<>(); - additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId()); + Map attributes = new HashMap<>(); + attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(registration.getProviderDetails().getAuthorizationUri()) .clientId(registration.getClientId()) .redirectUri(expandRedirectUri(request, registration)) .scopes(registration.getScopes()) .state(state) - .additionalParameters(additionalParameters) + .attributes(attributes) .build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java index 5bbeb0fba4c..b99f2b33fb1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -74,7 +74,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest { .clientId("client-id") .redirectUri("http://localhost/client-1") .state("state") - .additionalParameters(Collections.singletonMap(OAuth2ParameterNames.REGISTRATION_ID, this.clientRegistrationId)); + .attributes(Collections.singletonMap(OAuth2ParameterNames.REGISTRATION_ID, this.clientRegistrationId)); private final MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/"); @@ -95,8 +95,8 @@ public void applyWhenAuthorizationRequestEmptyThenOAuth2AuthorizationException() } @Test - public void applyWhenAdditionalParametersMissingThenOAuth2AuthorizationException() { - this.authorizationRequest.additionalParameters(Collections.emptyMap()); + public void applyWhenAttributesMissingThenOAuth2AuthorizationException() { + this.authorizationRequest.attributes(Collections.emptyMap()); when(this.authorizationRequestRepository.removeAuthorizationRequest(any())).thenReturn(Mono.just(this.authorizationRequest.build())); assertThatThrownBy(() -> applyConverter()) diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java index bc90bd89176..524fde397ca 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,6 +15,15 @@ */ package org.springframework.security.oauth2.core.endpoint; +import org.springframework.security.core.SpringSecurityCoreVersion; +import org.springframework.security.oauth2.core.AuthorizationGrantType; +import org.springframework.util.Assert; +import org.springframework.util.CollectionUtils; +import org.springframework.util.LinkedMultiValueMap; +import org.springframework.util.MultiValueMap; +import org.springframework.util.StringUtils; +import org.springframework.web.util.UriComponentsBuilder; + import java.io.Serializable; import java.nio.charset.StandardCharsets; import java.util.Arrays; @@ -25,15 +34,6 @@ import java.util.Set; import java.util.stream.Collectors; -import org.springframework.security.core.SpringSecurityCoreVersion; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.util.Assert; -import org.springframework.util.CollectionUtils; -import org.springframework.util.LinkedMultiValueMap; -import org.springframework.util.MultiValueMap; -import org.springframework.util.StringUtils; -import org.springframework.web.util.UriComponentsBuilder; - /** * A representation of an OAuth 2.0 Authorization Request * for the authorization code grant type or implicit grant type. @@ -56,6 +56,7 @@ public final class OAuth2AuthorizationRequest implements Serializable { private String state; private Map additionalParameters; private String authorizationRequestUri; + private Map attributes; private OAuth2AuthorizationRequest() { } @@ -132,6 +133,29 @@ public Map getAdditionalParameters() { return this.additionalParameters; } + /** + * Returns the attributes associated to the request. + * + * @since 5.2 + * @return a {@code Map} of the attributes associated to the request + */ + public Map getAttributes() { + return this.attributes; + } + + /** + * Returns the value of an attribute associated to the request, or {@code null} if not available. + * + * @since 5.2 + * @param name the name of the attribute + * @param the type of the attribute + * @return the value of the attribute associated to the request + */ + @SuppressWarnings("unchecked") + public T getAttribute(String name) { + return (T) this.getAttributes().get(name); + } + /** * Returns the {@code URI} string representation of the OAuth 2.0 Authorization Request. * @@ -181,7 +205,8 @@ public static Builder from(OAuth2AuthorizationRequest authorizationRequest) { .redirectUri(authorizationRequest.getRedirectUri()) .scopes(authorizationRequest.getScopes()) .state(authorizationRequest.getState()) - .additionalParameters(authorizationRequest.getAdditionalParameters()); + .additionalParameters(authorizationRequest.getAdditionalParameters()) + .attributes(authorizationRequest.getAttributes()); } /** @@ -197,6 +222,7 @@ public static class Builder { private String state; private Map additionalParameters; private String authorizationRequestUri; + private Map attributes; private Builder(AuthorizationGrantType authorizationGrantType) { Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null"); @@ -288,6 +314,18 @@ public Builder additionalParameters(Map additionalParameters) { return this; } + /** + * Sets the attributes associated to the request. + * + * @since 5.2 + * @param attributes the attributes associated to the request + * @return the {@link Builder} + */ + public Builder attributes(Map attributes) { + this.attributes = attributes; + return this; + } + /** * Sets the {@code URI} string representation of the OAuth 2.0 Authorization Request. * @@ -332,6 +370,9 @@ public OAuth2AuthorizationRequest build() { authorizationRequest.authorizationRequestUri = StringUtils.hasText(this.authorizationRequestUri) ? this.authorizationRequestUri : this.buildAuthorizationRequestUri(); + authorizationRequest.attributes = Collections.unmodifiableMap( + CollectionUtils.isEmpty(this.attributes) ? + Collections.emptyMap() : new LinkedHashMap<>(this.attributes)); return authorizationRequest; } @@ -351,9 +392,7 @@ private String buildAuthorizationRequestUri() { parameters.set(OAuth2ParameterNames.REDIRECT_URI, this.redirectUri); } if (!CollectionUtils.isEmpty(this.additionalParameters)) { - this.additionalParameters.entrySet().stream() - .filter(e -> !e.getKey().equals(OAuth2ParameterNames.REGISTRATION_ID)) - .forEach(e -> parameters.set(e.getKey(), e.getValue().toString())); + this.additionalParameters.forEach((k, v) -> parameters.set(k, v.toString())); } return UriComponentsBuilder.fromHttpUrl(this.authorizationUri) diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java index fc9270d69e5..ff29a262ea0 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,19 +15,16 @@ */ package org.springframework.security.oauth2.core.endpoint; +import org.junit.Test; +import org.springframework.security.oauth2.core.AuthorizationGrantType; + import java.util.Arrays; import java.util.HashMap; import java.util.LinkedHashSet; import java.util.Map; import java.util.Set; -import org.junit.Test; - -import org.springframework.security.oauth2.core.AuthorizationGrantType; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatCode; -import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.assertj.core.api.Assertions.*; /** * Tests for {@link OAuth2AuthorizationRequest}. @@ -166,6 +163,10 @@ public void buildWhenAllValuesProvidedThenAllValuesAreSet() { additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); + Map attributes = new HashMap<>(); + attributes.put("attribute1", "value1"); + attributes.put("attribute2", "value2"); + OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI) .clientId(CLIENT_ID) @@ -173,6 +174,7 @@ public void buildWhenAllValuesProvidedThenAllValuesAreSet() { .scopes(SCOPES) .state(STATE) .additionalParameters(additionalParameters) + .attributes(attributes) .authorizationRequestUri(AUTHORIZATION_URI) .build(); @@ -184,6 +186,7 @@ public void buildWhenAllValuesProvidedThenAllValuesAreSet() { assertThat(authorizationRequest.getScopes()).isEqualTo(SCOPES); assertThat(authorizationRequest.getState()).isEqualTo(STATE); assertThat(authorizationRequest.getAdditionalParameters()).isEqualTo(additionalParameters); + assertThat(authorizationRequest.getAttributes()).isEqualTo(attributes); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo(AUTHORIZATION_URI); } @@ -250,28 +253,6 @@ public void buildWhenRequiredParametersSetThenAuthorizationRequestUriIncludesReq assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?response_type=code&client_id=client-id"); } - @Test - public void buildWhenAuthorizationRequestIncludesRegistrationIdParameterThenAuthorizationRequestUriDoesNotIncludeRegistrationIdParameter() { - Map additionalParameters = new HashMap<>(); - additionalParameters.put("param1", "value1"); - additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, "registration1"); - - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() - .authorizationUri(AUTHORIZATION_URI) - .clientId(CLIENT_ID) - .redirectUri(REDIRECT_URI + "?rparam1=rvalue1&rparam2=rvalue2") - .scopes(SCOPES) - .state(STATE) - .additionalParameters(additionalParameters) - .build(); - - assertThat(authorizationRequest.getAuthorizationRequestUri()) - .isEqualTo("https://provider.com/oauth2/authorize?" + - "response_type=code&client_id=client-id&" + - "scope=scope1%20scope2&state=state&" + - "redirect_uri=http://example.com?rparam1%3Drvalue1%26rparam2%3Drvalue2¶m1=value1"); - } - @Test public void fromWhenAuthorizationRequestIsNullThenThrowIllegalArgumentException() { assertThatThrownBy(() -> OAuth2AuthorizationRequest.from(null)).isInstanceOf(IllegalArgumentException.class); @@ -283,6 +264,10 @@ public void fromWhenAuthorizationRequestProvidedThenValuesAreCopied() { additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); + Map attributes = new HashMap<>(); + attributes.put("attribute1", "value1"); + attributes.put("attribute2", "value2"); + OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri(AUTHORIZATION_URI) .clientId(CLIENT_ID) @@ -290,6 +275,7 @@ public void fromWhenAuthorizationRequestProvidedThenValuesAreCopied() { .scopes(SCOPES) .state(STATE) .additionalParameters(additionalParameters) + .attributes(attributes) .build(); OAuth2AuthorizationRequest authorizationRequestCopy = @@ -303,6 +289,7 @@ public void fromWhenAuthorizationRequestProvidedThenValuesAreCopied() { assertThat(authorizationRequestCopy.getScopes()).isEqualTo(authorizationRequest.getScopes()); assertThat(authorizationRequestCopy.getState()).isEqualTo(authorizationRequest.getState()); assertThat(authorizationRequestCopy.getAdditionalParameters()).isEqualTo(authorizationRequest.getAdditionalParameters()); + assertThat(authorizationRequestCopy.getAttributes()).isEqualTo(authorizationRequest.getAttributes()); assertThat(authorizationRequestCopy.getAuthorizationRequestUri()).isEqualTo(authorizationRequest.getAuthorizationRequestUri()); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java index 6b10c24343a..5483719d082 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,13 +27,13 @@ public class TestOAuth2AuthorizationRequests { public static OAuth2AuthorizationRequest.Builder request() { String registrationId = "registration-id"; String clientId = "client-id"; - Map additionalParameters = new HashMap<>(); - additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, registrationId); + Map attributes = new HashMap<>(); + attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registrationId); return OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://example.com/login/oauth/authorize") .clientId(clientId) .redirectUri("https://example.com/authorize/oauth2/code/registration-id") .state("state") - .additionalParameters(additionalParameters); + .attributes(attributes); } }