Skip to content

Commit

Permalink
sonar findings fixed
Browse files Browse the repository at this point in the history
  • Loading branch information
strehle committed Jul 12, 2023
1 parent d926076 commit 254c484
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 15 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -286,9 +286,9 @@ public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenReque
if (authenticationData.clientAuth != null && CLIENT_AUTH_NONE.equals(authenticationData.clientAuth)) {
// public refresh flow, allowed if access_token before was also without authentiation (claim: client_auth_method=none)
if (!CLIENT_AUTH_NONE.equals(claims.getClientAuth())) {
throw new InvalidTokenException("Refresh without client authentication not allowed.");
throw new TokenRevokedException("Refresh without client authentication not allowed.");
}
additionalRootClaims = addRootClaimEntry(additionalRootClaims, CLIENT_AUTH_METHOD, authenticationData.clientAuth);
addRootClaimEntry(additionalRootClaims, CLIENT_AUTH_METHOD, authenticationData.clientAuth);
}

String accessTokenId = generateUniqueTokenId();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
Expand All @@ -38,10 +37,10 @@
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.hasEntry;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThrows;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

Expand Down Expand Up @@ -124,19 +123,19 @@ void testRefreshPublicClientWithRotation() {
new IdentityZoneManagerImpl().getCurrentIdentityZone().getConfig().getTokenPolicy().setRefreshTokenRotate(true);
CompositeToken accessToken = (CompositeToken) tokenServices.createAccessToken(authentication);

assertThat(UaaTokenUtils.getClaims(accessToken.getValue()), hasEntry(CLIENT_AUTH_METHOD, "none"));
assertThat(UaaTokenUtils.getClaims(accessToken.getValue()), hasEntry(CLIENT_AUTH_METHOD, CLIENT_AUTH_METHOD));
String refreshTokenValue = accessToken.getRefreshToken().getValue();
assertThat(refreshTokenValue, is(notNullValue()));

setupOAuth2Authentication(oAuth2Request);
OAuth2AccessToken refreshedToken = tokenServices.refreshAccessToken(refreshTokenValue, new TokenRequest(new HashMap<>(), CLIENT_ID, Lists.newArrayList("openid"), GRANT_TYPE_REFRESH_TOKEN));
assertThat(refreshedToken, is(notNullValue()));
assertNotEquals("New access token should be different from the old one.", refreshTokenValue, refreshedToken.getRefreshToken().getValue());
assertThat(UaaTokenUtils.getClaims(refreshedToken.getValue()), hasEntry(CLIENT_AUTH_METHOD, "none"));
assertThat(UaaTokenUtils.getClaims(refreshedToken.getValue()), hasEntry(CLIENT_AUTH_METHOD, CLIENT_AUTH_METHOD));

refreshedToken = tokenServices.refreshAccessToken(refreshTokenValue, new TokenRequest(new HashMap<>(), CLIENT_ID, Lists.newArrayList("openid"), GRANT_TYPE_REFRESH_TOKEN));
assertNotEquals("New access token should be different from the old one.", refreshTokenValue, refreshedToken.getRefreshToken().getValue());
assertThat(UaaTokenUtils.getClaims(refreshedToken.getValue()), hasEntry(CLIENT_AUTH_METHOD, "none"));
assertThat(UaaTokenUtils.getClaims(refreshedToken.getValue()), hasEntry(CLIENT_AUTH_METHOD, CLIENT_AUTH_METHOD));
}

@Test
Expand All @@ -150,7 +149,7 @@ void testRefreshPublicClientWithoutRotation() {
Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
authorizationRequest.setRequestParameters(azParameters);
authorizationRequest.setExtensions(Map.of(CLIENT_AUTH_METHOD, "none"));
authorizationRequest.setExtensions(Map.of(CLIENT_AUTH_METHOD, CLIENT_AUTH_METHOD));
OAuth2Request oAuth2Request = authorizationRequest.createOAuth2Request();
OAuth2Authentication authentication = new OAuth2Authentication(oAuth2Request, tokenSupport.defaultUserAuthentication);
CompositeToken accessToken = (CompositeToken) tokenServices.createAccessToken(authentication);
Expand All @@ -160,7 +159,7 @@ void testRefreshPublicClientWithoutRotation() {
assertThat(refreshTokenValue, is(notNullValue()));

setupOAuth2Authentication(oAuth2Request);
Exception exception = assertThrows(InvalidTokenException.class, () ->
RuntimeException exception = assertThrows(TokenRevokedException.class, () ->
tokenServices.refreshAccessToken(refreshTokenValue, new TokenRequest(new HashMap<>(), CLIENT_ID, Lists.newArrayList("openid"), GRANT_TYPE_REFRESH_TOKEN)));
assertEquals("Refresh without client authentication not allowed.", exception.getMessage());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
import java.util.stream.Stream;

import static org.cloudfoundry.identity.uaa.oauth.TokenTestSupport.GRANT_TYPE;
import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.CLIENT_AUTH_NONE;
import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE;
import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_CLIENT_CREDENTIALS;
import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_IMPLICIT;
Expand Down Expand Up @@ -280,7 +281,7 @@ void happyCase() {
false,
new Date(),
null,
null
Map.of(ClaimConstants.CLIENT_AUTH_METHOD, CLIENT_AUTH_NONE)
);
UaaUser uaaUser = jdbcUaaUserDatabase.retrieveUserByName("admin", "uaa");
refreshToken = refreshTokenCreator.createRefreshToken(uaaUser, refreshTokenRequestData, null);
Expand All @@ -289,12 +290,12 @@ void happyCase() {
SecurityContextHolder.getContext().setAuthentication(authentication);
OAuth2Request auth2Request = mock(OAuth2Request.class);
when(authentication.getOAuth2Request()).thenReturn(auth2Request);
when(auth2Request.getExtensions()).thenReturn(Map.of(ClaimConstants.CLIENT_AUTH_METHOD, "none"));
when(auth2Request.getExtensions()).thenReturn(Map.of(ClaimConstants.CLIENT_AUTH_METHOD, CLIENT_AUTH_NONE));
OAuth2AccessToken refreshedToken = tokenServices.refreshAccessToken(this.refreshToken.getValue(), new TokenRequest(new HashMap<>(), "jku_test", Lists.newArrayList("openid", "user_attributes"), GRANT_TYPE_REFRESH_TOKEN));

assertThat(refreshedToken, is(notNullValue()));
Map<String, Object> claims = UaaTokenUtils.getClaims(refreshedToken.getValue());
assertThat(claims, hasEntry(ClaimConstants.CLIENT_AUTH_METHOD, "none"));
assertThat(claims, hasEntry(ClaimConstants.CLIENT_AUTH_METHOD, CLIENT_AUTH_NONE));
}

@MethodSource("org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests#dates")
Expand Down

0 comments on commit 254c484

Please sign in to comment.