Acasă Explorează Ajutor
Înregistrare Autentificare
github
/
spring-authorization-server
oglindă de https://github.com/spring-projects/spring-authorization-server
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

Fix inconsistent state when authorization consent is denied

Closes gh-595
Joe Grandja 3 ani în urmă
părinte
58bac49f97
comite
4fbe06d121
2 a modificat fișierele cu 8 adăugiri și 4 ștergeri
Vedere unificată Arată Statisticile Diff
  1. 1 3
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java
  2. 7 1
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java

+ 1 - 3
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java
Vizualizați fișierul 

@@ -1,5 +1,5 @@
 
 /*
 
 /*
 
- * Copyright 2020-2021 the original author or authors.
 
+ * Copyright 2020-2022 the original author or authors.
 
  *
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
  * you may not use this file except in compliance with the License.
 
@@ -577,8 +577,6 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implemen
 
 				.scopes(authorizationCodeRequestAuthentication.getScopes())
 
 				.scopes(authorizationCodeRequestAuthentication.getScopes())
 
 				.state(authorizationCodeRequestAuthentication.getState())
 
 				.state(authorizationCodeRequestAuthentication.getState())
 
 				.additionalParameters(authorizationCodeRequestAuthentication.getAdditionalParameters())
 
 				.additionalParameters(authorizationCodeRequestAuthentication.getAdditionalParameters())
 
-				.consentRequired(authorizationCodeRequestAuthentication.isConsentRequired())
 
-				.consent(authorizationCodeRequestAuthentication.isConsent())
 
 				.authorizationCode(authorizationCodeRequestAuthentication.getAuthorizationCode());
 
 				.authorizationCode(authorizationCodeRequestAuthentication.getAuthorizationCode());
 
 	}
 
 	}

+ 7 - 1
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProviderTests.java
Vizualizați fișierul 

@@ -1,5 +1,5 @@
 
 /*
 
 /*
 
- * Copyright 2020-2021 the original author or authors.
 
+ * Copyright 2020-2022 the original author or authors.
 
  *
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
  * you may not use this file except in compliance with the License.
 
@@ -1013,6 +1013,12 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests {
 
 		OAuth2AuthorizationCodeRequestAuthenticationToken authorizationCodeRequestAuthentication =
 
 		OAuth2AuthorizationCodeRequestAuthenticationToken authorizationCodeRequestAuthentication =
 
 				authenticationException.getAuthorizationCodeRequestAuthentication();
 
 				authenticationException.getAuthorizationCodeRequestAuthentication();
 
 		assertThat(authorizationCodeRequestAuthentication.getRedirectUri()).isEqualTo(redirectUri);
 
 		assertThat(authorizationCodeRequestAuthentication.getRedirectUri()).isEqualTo(redirectUri);
 
+
 
+		// gh-595
 
+		if (OAuth2ErrorCodes.ACCESS_DENIED.equals(errorCode)) {
 
+			assertThat(authorizationCodeRequestAuthentication.isConsent()).isFalse();
 
+			assertThat(authorizationCodeRequestAuthentication.isConsentRequired()).isFalse();
 
+		}
 
 	}
 
 	}
 
 
 
 	private static OAuth2AuthorizationCodeRequestAuthenticationToken.Builder authorizationCodeRequestAuthentication(
 
 	private static OAuth2AuthorizationCodeRequestAuthenticationToken.Builder authorizationCodeRequestAuthentication(