Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
github
/
spring-authorization-server
-ын хуулбар https://github.com/spring-projects/spring-authorization-server
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Merge branch '1.1.x'

Closes gh-1318
Steve Riesenberg 2 жил өмнө
parent
509b332c2d 215c101c3d
commit
357e200924
5 өөрчлөгдсөн 35 нэмэгдсэн , 3 устгасан
Өөрчлөллтийг нэгтгэж харах Өөрчлөлтийн статистик харах
  1. 1 1
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverter.java
  2. 1 2
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverter.java
  3. 3 0
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2EndpointUtils.java
  4. 16 0
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverterTests.java
  5. 14 0
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverterTests.java

+ 1 - 1
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverter.java
Файл харах 

@@ -80,7 +80,7 @@ public final class OAuth2DeviceAuthorizationConsentAuthenticationConverter imple
 
 
 
 		// user_code (REQUIRED)
 
 		// user_code (REQUIRED)
 
 		String userCode = parameters.getFirst(OAuth2ParameterNames.USER_CODE);
 
 		String userCode = parameters.getFirst(OAuth2ParameterNames.USER_CODE);
 
-		if (!StringUtils.hasText(userCode) ||
 
+		if (!OAuth2EndpointUtils.validateUserCode(userCode) ||
 
 				parameters.get(OAuth2ParameterNames.USER_CODE).size() != 1) {
 
 				parameters.get(OAuth2ParameterNames.USER_CODE).size() != 1) {
 
 			OAuth2EndpointUtils.throwError(
 
 			OAuth2EndpointUtils.throwError(
 
 					OAuth2ErrorCodes.INVALID_REQUEST,
 
 					OAuth2ErrorCodes.INVALID_REQUEST,

+ 1 - 2
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverter.java
Файл харах 

@@ -30,7 +30,6 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
 
 import org.springframework.security.oauth2.server.authorization.web.OAuth2DeviceVerificationEndpointFilter;
 
 import org.springframework.security.oauth2.server.authorization.web.OAuth2DeviceVerificationEndpointFilter;
 
 import org.springframework.security.web.authentication.AuthenticationConverter;
 
 import org.springframework.security.web.authentication.AuthenticationConverter;
 
 import org.springframework.util.MultiValueMap;
 
 import org.springframework.util.MultiValueMap;
 
-import org.springframework.util.StringUtils;
 
 
 
 /**
 
 /**
 
  * Attempts to extract a user code from {@link HttpServletRequest} for the
 
  * Attempts to extract a user code from {@link HttpServletRequest} for the
 
@@ -64,7 +63,7 @@ public final class OAuth2DeviceVerificationAuthenticationConverter implements Au
 
 
 
 		// user_code (REQUIRED)
 
 		// user_code (REQUIRED)
 
 		String userCode = parameters.getFirst(OAuth2ParameterNames.USER_CODE);
 
 		String userCode = parameters.getFirst(OAuth2ParameterNames.USER_CODE);
 
-		if (!StringUtils.hasText(userCode) ||
 
+		if (!OAuth2EndpointUtils.validateUserCode(userCode) ||
 
 				parameters.get(OAuth2ParameterNames.USER_CODE).size() != 1) {
 
 				parameters.get(OAuth2ParameterNames.USER_CODE).size() != 1) {
 
 			OAuth2EndpointUtils.throwError(
 
 			OAuth2EndpointUtils.throwError(
 
 					OAuth2ErrorCodes.INVALID_REQUEST,
 
 					OAuth2ErrorCodes.INVALID_REQUEST,

+ 3 - 0
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2EndpointUtils.java
Файл харах 

@@ -95,4 +95,7 @@ final class OAuth2EndpointUtils {
 
 		return sb.toString();
 
 		return sb.toString();
 
 	}
 
 	}
 
 
 
+	static boolean validateUserCode(String userCode) {
 
+		return (userCode != null && userCode.toUpperCase().replaceAll("[^A-Z\\d]+", "").length() == 8);
 
+	}
 
 }
 
 }

+ 16 - 0
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverterTests.java
Файл харах 

@@ -147,6 +147,22 @@ public class OAuth2DeviceAuthorizationConsentAuthenticationConverterTests {
 
 		// @formatter:on
 
 		// @formatter:on
 
 	}
 
 	}
 
 
 
+	@Test
 
+	public void convertWhenInvalidUserCodeThenInvalidRequestError() {
 
+		MockHttpServletRequest request = createRequest();
 
+		request.addParameter(OAuth2ParameterNames.STATE, STATE);
 
+		request.addParameter(OAuth2ParameterNames.CLIENT_ID, CLIENT_ID);
 
+		request.addParameter(OAuth2ParameterNames.USER_CODE, "LONG-USER-CODE");
 
+		// @formatter:off
 
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 
+				.isThrownBy(() -> this.converter.convert(request))
 
+				.withMessageContaining(OAuth2ParameterNames.USER_CODE)
 
+				.extracting(OAuth2AuthenticationException::getError)
 
+				.extracting(OAuth2Error::getErrorCode)
 
+				.isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);
 
+		// @formatter:on
 
+	}
 
+
 
 	@Test
 
 	@Test
 
 	public void convertWhenMultipleUserCodeParametersThenInvalidRequestError() {
 
 	public void convertWhenMultipleUserCodeParametersThenInvalidRequestError() {
 
 		MockHttpServletRequest request = createRequest();
 
 		MockHttpServletRequest request = createRequest();

+ 14 - 0
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverterTests.java
Файл харах 

@@ -94,6 +94,20 @@ public class OAuth2DeviceVerificationAuthenticationConverterTests {
 
 		// @formatter:on
 
 		// @formatter:on
 
 	}
 
 	}
 
 
 
+	@Test
 
+	public void convertWhenInvalidUserCodeParameterThenInvalidRequestError() {
 
+		MockHttpServletRequest request = createRequest();
 
+		request.addParameter(OAuth2ParameterNames.USER_CODE, "LONG-USER-CODE");
 
+		// @formatter:off
 
+		assertThatExceptionOfType(OAuth2AuthenticationException.class)
 
+				.isThrownBy(() -> this.converter.convert(request))
 
+				.withMessageContaining(OAuth2ParameterNames.USER_CODE)
 
+				.extracting(OAuth2AuthenticationException::getError)
 
+				.extracting(OAuth2Error::getErrorCode)
 
+				.isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);
 
+		// @formatter:on
 
+	}
 
+
 
 	@Test
 
 	@Test
 
 	public void convertWhenMultipleUserCodeParameterThenInvalidRequestError() {
 
 	public void convertWhenMultipleUserCodeParameterThenInvalidRequestError() {
 
 		MockHttpServletRequest request = createRequest();
 
 		MockHttpServletRequest request = createRequest();