Skip to content

Commit

Permalink
[3.x] OIDC original uri resolving leaving out query params (helidon-i…
Browse files Browse the repository at this point in the history 
…o#6342)

OIDC original uri resolving query fix

Signed-off-by: David Kral <david.k.kral@oracle.com>
  • Loading branch information
@Verdent
Verdent authored Mar 9, 2023
1 parent a6130ed commit 8aa217e
Show file tree
Hide file tree
Showing 3 changed files with 109 additions and 4 deletions.
4 changes: 2 additions & 2 deletions ...providers/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/Tenant.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2022 Oracle and/or its affiliates.
* Copyright (c) 2022, 2023 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -37,7 +37,7 @@
/**
* Holder of the tenant configuration resolved at runtime. Used for OIDC lazy loading.
*/
public final class Tenant {
public class Tenant {

private final TenantConfig tenantConfig;
private final URI tokenEndpointUri;
Expand Down
12 changes: 10 additions & 2 deletions ...rs/oidc/src/main/java/io/helidon/security/providers/oidc/TenantAuthenticationHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package io.helidon.security.providers.oidc;

import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
Expand Down Expand Up @@ -390,12 +391,19 @@ private String errorHeader(String code, String description) {
return "Bearer realm=\"" + tenantConfig.realm() + "\", error=\"" + code + "\", error_description=\"" + description + "\"";
}

private String origUri(ProviderRequest providerRequest) {
String origUri(ProviderRequest providerRequest) {
List<String> origUri = providerRequest.env().headers()
.getOrDefault(Security.HEADER_ORIG_URI, List.of());

if (origUri.isEmpty()) {
origUri = List.of(providerRequest.env().targetUri().getPath());
URI targetUri = providerRequest.env().targetUri();
String query = targetUri.getQuery();
String path = targetUri.getPath();
if (query == null || query.isEmpty()) {
return path;
} else {
return path + "?" + query;
}
}

return origUri.get(0);
Expand Down
97 changes: 97 additions & 0 deletions ...idc/src/test/java/io/helidon/security/providers/oidc/TenantAuthenticationHandlerTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
/*
* Copyright (c) 2023 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.helidon.security.providers.oidc;

import java.net.URI;

import io.helidon.security.ProviderRequest;
import io.helidon.security.Security;
import io.helidon.security.SecurityEnvironment;
import io.helidon.security.providers.oidc.common.OidcConfig;
import io.helidon.security.providers.oidc.common.Tenant;

import org.junit.jupiter.api.Test;

import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

/**
* Unit test for {@link TenantAuthenticationHandler}.
*/
public class TenantAuthenticationHandlerTest {

@Test
public void testOriginalUri() {
OidcConfig oidcConfig = OidcConfig.builder()
.clientId("test")
.clientSecret("123")
.identityUri(URI.create("http://localhost:1234"))
.build();

Tenant tenant = mock(Tenant.class);
when(tenant.tenantConfig()).thenReturn(oidcConfig);

TenantAuthenticationHandler authenticationHandler = new TenantAuthenticationHandler(oidcConfig, tenant, false, true);
ProviderRequest providerRequest = mock(ProviderRequest.class);
SecurityEnvironment securityEnvironment = SecurityEnvironment.builder()
.header(Security.HEADER_ORIG_URI, "/test?someUri=value")
.targetUri(URI.create("http://localhost:1234/incorrect"))
.build();
when(providerRequest.env()).thenReturn(securityEnvironment);

assertThat(authenticationHandler.origUri(providerRequest), is("/test?someUri=value"));

securityEnvironment = SecurityEnvironment.builder()
.header(Security.HEADER_ORIG_URI, "/noQuery")
.targetUri(URI.create("http://localhost:1234/incorrect"))
.build();
when(providerRequest.env()).thenReturn(securityEnvironment);

assertThat(authenticationHandler.origUri(providerRequest), is("/noQuery"));
}

@Test
public void testOriginalUriMissingHeader() {
OidcConfig oidcConfig = OidcConfig.builder()
.clientId("test")
.clientSecret("123")
.identityUri(URI.create("http://localhost:1234"))
.build();

Tenant tenant = mock(Tenant.class);
when(tenant.tenantConfig()).thenReturn(oidcConfig);

TenantAuthenticationHandler authenticationHandler = new TenantAuthenticationHandler(oidcConfig, tenant, false, true);
ProviderRequest providerRequest = mock(ProviderRequest.class);
SecurityEnvironment securityEnvironment = SecurityEnvironment.builder()
.targetUri(URI.create("http://localhost:1234/test?someUri=value"))
.build();
when(providerRequest.env()).thenReturn(securityEnvironment);

assertThat(authenticationHandler.origUri(providerRequest), is("/test?someUri=value"));

securityEnvironment = SecurityEnvironment.builder()
.targetUri(URI.create("http://localhost:1234/noQuery"))
.build();
when(providerRequest.env()).thenReturn(securityEnvironment);

assertThat(authenticationHandler.origUri(providerRequest), is("/noQuery"));
}

}

0 comments on commit 8aa217e

Please sign in to comment.