4 years ago · 98399c920a
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2018 the original author or authors.
			
 
				+ * Copyright 2002-2021 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -13,7 +13,6 @@
 
				  * See the License for the specific language governing permissions and
			
 
				  * limitations under the License.
			
 
				  */
			
 
				-
			
 
				 package org.springframework.security.oauth2.client.userinfo;
			
 
				 
			
 
				 
			
@@ -22,6 +21,11 @@ import java.util.HashSet;
 
				 import java.util.Map;
			
 
				 import java.util.Set;
			
 
				 
			
 
				+import com.nimbusds.oauth2.sdk.ErrorObject;
			
 
				+import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse;
			
 
				+import net.minidev.json.JSONObject;
			
 
				+import reactor.core.publisher.Mono;
			
 
				+
			
 
				 import org.springframework.core.ParameterizedTypeReference;
			
 
				 import org.springframework.http.HttpHeaders;
			
 
				 import org.springframework.http.HttpStatus;
			
@@ -41,12 +45,6 @@ import org.springframework.util.StringUtils;
 
				 import org.springframework.web.reactive.function.client.ClientResponse;
			
 
				 import org.springframework.web.reactive.function.client.WebClient;
			
 
				 
			
 
				-import com.nimbusds.oauth2.sdk.ErrorObject;
			
 
				-import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse;
			
 
				-
			
 
				-import net.minidev.json.JSONObject;
			
 
				-import reactor.core.publisher.Mono;
			
 
				-
			
 
				 /**
			
 
				  * An implementation of an {@link ReactiveOAuth2UserService} that supports standard OAuth 2.0 Provider's.
			
 
				  * <p>
			
@@ -119,7 +117,7 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi
 
				 			}
			
 
				 			Mono<Map<String, Object>> userAttributes = requestHeadersSpec
			
 
				 					.retrieve()
			
 
				-					.onStatus(s -> s != HttpStatus.OK, response -> parse(response).map(userInfoErrorResponse -> {
			
 
				+					.onStatus(HttpStatus::isError, response -> parse(response).map(userInfoErrorResponse -> {
			
 
				 						String description = userInfoErrorResponse.getErrorObject().getDescription();
			
 
				 						OAuth2Error oauth2Error = new OAuth2Error(
			
 
				 								INVALID_USER_INFO_RESPONSE_ERROR_CODE, description,
			
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2019 the original author or authors.
			
 
				+ * Copyright 2002-2021 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -13,7 +13,6 @@
 
				  * See the License for the specific language governing permissions and
			
 
				  * limitations under the License.
			
 
				  */
			
 
				-
			
 
				 package org.springframework.security.oauth2.client.userinfo;
			
 
				 
			
 
				 import java.time.Duration;
			
@@ -50,6 +49,7 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 
				 import org.springframework.web.reactive.function.client.WebClient;
			
 
				 
			
 
				 import static org.assertj.core.api.Assertions.assertThat;
			
 
				+import static org.assertj.core.api.Assertions.assertThatCode;
			
 
				 import static org.assertj.core.api.Assertions.assertThatThrownBy;
			
 
				 import static org.mockito.ArgumentMatchers.any;
			
 
				 import static org.mockito.Mockito.mock;
			
@@ -152,6 +152,24 @@ public class DefaultReactiveOAuth2UserServiceTests {
 
				 		assertThat(userAuthority.getAttributes()).isEqualTo(user.getAttributes());
			
 
				 	}
			
 
				 
			
 
				+	// gh-9336
			
 
				+	@Test
			
 
				+	public void loadUserWhenUserInfo201CreatedResponseThenReturnUser() {
			
 
				+		// @formatter:off
			
 
				+		String userInfoResponse = "{\n"
			
 
				+				+ "   \"id\": \"user1\",\n"
			
 
				+				+ "   \"first-name\": \"first\",\n"
			
 
				+				+ "   \"last-name\": \"last\",\n"
			
 
				+				+ "   \"middle-name\": \"middle\",\n"
			
 
				+				+ "   \"address\": \"address\",\n"
			
 
				+				+ "   \"email\": \"user1@example.com\"\n"
			
 
				+				+ "}\n";
			
 
				+		// @formatter:on
			
 
				+		this.server.enqueue(new MockResponse().setResponseCode(201)
			
 
				+				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(userInfoResponse));
			
 
				+		assertThatCode(() -> this.userService.loadUser(oauth2UserRequest()).block()).doesNotThrowAnyException();
			
 
				+	}
			
 
				+
			
 
				 	// gh-5500
			
 
				 	@Test
			
 
				 	public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {