From 3cc441c83e7af535d55edd0beffaed046ecd4cf7 Mon Sep 17 00:00:00 2001 From: Madhura Bhave Date: Mon, 10 Dec 2018 16:35:52 -0800 Subject: [PATCH] Do not remove trailing slash from OAuth2 Issuer URI Fixes gh-15324 --- .../OAuth2ClientPropertiesRegistrationAdapter.java | 11 +---------- ...Auth2ClientPropertiesRegistrationAdapterTests.java | 10 ++++------ .../src/main/resources/application.yml | 2 +- .../src/main/resources/application.yml | 2 +- 4 files changed, 7 insertions(+), 18 deletions(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java index c0bebee9ef..5285149c6b 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java @@ -86,9 +86,7 @@ public final class OAuth2ClientPropertiesRegistrationAdapter { Provider provider = providers.get(providerId); String issuer = provider.getIssuerUri(); if (issuer != null) { - String cleanedIssuer = cleanIssuerPath(issuer); - Builder builder = ClientRegistrations - .fromOidcIssuerLocation(cleanedIssuer) + Builder builder = ClientRegistrations.fromOidcIssuerLocation(issuer) .registrationId(registrationId); return getBuilder(builder, provider); } @@ -96,13 +94,6 @@ public final class OAuth2ClientPropertiesRegistrationAdapter { return null; } - private static String cleanIssuerPath(String issuer) { - if (issuer.endsWith("/")) { - return issuer.substring(0, issuer.length() - 1); - } - return issuer; - } - private static Builder getBuilder(String registrationId, String configuredProviderId, Map providers) { String providerId = (configuredProviderId != null) ? configuredProviderId diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java index d3dfc72cb3..2a1627ea53 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java @@ -269,8 +269,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { this.server = new MockWebServer(); this.server.start(); String issuer = this.server.url("").toString(); - String cleanIssuerPath = cleanIssuerPath(issuer); - setupMockResponse(cleanIssuerPath); + setupMockResponse(issuer); OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration(); registration.setProvider("okta-oidc"); registration.setClientId("clientId"); @@ -297,7 +296,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { assertThat(adapted.getAuthorizationGrantType()) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(adapted.getRegistrationId()).isEqualTo("okta"); - assertThat(adapted.getClientName()).isEqualTo(cleanIssuerPath); + assertThat(adapted.getClientName()).isEqualTo(issuer); assertThat(adapted.getScopes()).containsOnly("user"); assertThat(adapted.getRedirectUriTemplate()) .isEqualTo("http://example.com/redirect"); @@ -316,8 +315,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { this.server = new MockWebServer(); this.server.start(); String issuer = this.server.url("").toString(); - String cleanIssuerPath = cleanIssuerPath(issuer); - setupMockResponse(cleanIssuerPath); + setupMockResponse(issuer); OAuth2ClientProperties properties = new OAuth2ClientProperties(); Provider provider = new Provider(); provider.setIssuerUri(issuer); @@ -332,7 +330,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { assertThat(adapted.getAuthorizationGrantType()) .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(adapted.getRegistrationId()).isEqualTo("okta"); - assertThat(adapted.getClientName()).isEqualTo(cleanIssuerPath); + assertThat(adapted.getClientName()).isEqualTo(issuer); assertThat(adapted.getScopes()).containsOnly("openid"); assertThat(providerDetails.getAuthorizationUri()) .isEqualTo("https://example.com/o/oauth2/v2/auth"); diff --git a/spring-boot-samples/spring-boot-sample-oauth2-client/src/main/resources/application.yml b/spring-boot-samples/spring-boot-sample-oauth2-client/src/main/resources/application.yml index dab564dd4d..d7254a5316 100644 --- a/spring-boot-samples/spring-boot-sample-oauth2-client/src/main/resources/application.yml +++ b/spring-boot-samples/spring-boot-sample-oauth2-client/src/main/resources/application.yml @@ -29,4 +29,4 @@ spring: client-name: GitHub Repositories provider: yahoo-oidc: - issuer-uri: https://api.login.yahoo.com/ \ No newline at end of file + issuer-uri: https://api.login.yahoo.com \ No newline at end of file diff --git a/spring-boot-samples/spring-boot-sample-reactive-oauth2-client/src/main/resources/application.yml b/spring-boot-samples/spring-boot-sample-reactive-oauth2-client/src/main/resources/application.yml index 63fdcfd5b8..de1516ce84 100644 --- a/spring-boot-samples/spring-boot-sample-reactive-oauth2-client/src/main/resources/application.yml +++ b/spring-boot-samples/spring-boot-sample-reactive-oauth2-client/src/main/resources/application.yml @@ -22,4 +22,4 @@ spring: client-secret: ${YAHOO-CLIENT-SECRET} provider: yahoo-oidc: - issuer-uri: https://api.login.yahoo.com/ \ No newline at end of file + issuer-uri: https://api.login.yahoo.com \ No newline at end of file