Polish spring-projectsgh-441

Author: jgrandja

oauth2-authorization-server/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcUserInfoEndpointConfigurer.java

@@ -57,7 +57,7 @@ public final class OidcUserInfoEndpointConfigurer extends AbstractOAuth2Configur
 
 	/**
 	 * Sets the {@link Function} used to extract claims from an {@link OAuth2AuthenticationContext}
-	 * to an instance of {@link OidcUserInfo}.
+	 * to an instance of {@link OidcUserInfo} for the UserInfo response.
 	 *
 	 * <p>
 	 * The {@link OAuth2AuthenticationContext} gives the mapper access to the {@link OidcUserInfoAuthenticationToken}.
@@ -109,4 +109,5 @@ <B extends HttpSecurityBuilder<B>> void configure(B builder) {
 	RequestMatcher getRequestMatcher() {
 		return this.requestMatcher;
 	}
+
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/core/oidc/http/converter/OidcUserInfoHttpMessageConverter.java

@@ -37,7 +37,7 @@
 import org.springframework.util.Assert;
 
 /**
- * A {@link HttpMessageConverter} for an {@link OidcUserInfo OpenID Connect UserInfo Request and Response}.
+ * A {@link HttpMessageConverter} for an {@link OidcUserInfo OpenID Connect UserInfo Response}.
  *
  * @author Ido Salomon
  * @author Steve Riesenberg
@@ -75,7 +75,7 @@ protected OidcUserInfo readInternal(Class<? extends OidcUserInfo> clazz, HttpInp
 			return this.userInfoConverter.convert(userInfoParameters);
 		} catch (Exception ex) {
 			throw new HttpMessageNotReadableException(
-					"An error occurred reading the UserInfo: " + ex.getMessage(), ex, inputMessage);
+					"An error occurred reading the UserInfo response: " + ex.getMessage(), ex, inputMessage);
 		}
 	}
 
@@ -101,8 +101,7 @@ protected void writeInternal(OidcUserInfo oidcUserInfo, HttpOutputMessage output
 	 * Sets the {@link Converter} used for converting the UserInfo parameters
 	 * to an {@link OidcUserInfo}.
 	 *
-	 * @param userInfoConverter the {@link Converter} used for converting to an
-	 * {@link OidcUserInfo}
+	 * @param userInfoConverter the {@link Converter} used for converting to an {@link OidcUserInfo}
 	 */
 	public final void setUserInfoConverter(Converter<Map<String, Object>, OidcUserInfo> userInfoConverter) {
 		Assert.notNull(userInfoConverter, "userInfoConverter cannot be null");
@@ -123,7 +122,6 @@ public final void setUserInfoParametersConverter(
 	}
 
 	private static final class MapOidcUserInfoConverter implements Converter<Map<String, Object>, OidcUserInfo> {
-
 		private static final ClaimConversionService CLAIM_CONVERSION_SERVICE = ClaimConversionService.getSharedInstance();
 		private static final TypeDescriptor OBJECT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Object.class);
 		private static final TypeDescriptor BOOLEAN_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Boolean.class);

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/ProviderSettings.java

@@ -100,7 +100,7 @@ public String getOidcClientRegistrationEndpoint() {
 	/**
 	 * Returns the Provider's OpenID Connect 1.0 UserInfo endpoint. The default is {@code /userinfo}.
 	 *
-	 * @return the OpenID Connect 1.0 User Info endpoint
+	 * @return the OpenID Connect 1.0 UserInfo endpoint
 	 */
 	public String getOidcUserInfoEndpoint() {
 		return getSetting(ConfigurationSettingNames.Provider.OIDC_USER_INFO_ENDPOINT);
@@ -215,7 +215,7 @@ public Builder oidcClientRegistrationEndpoint(String oidcClientRegistrationEndpo
 		/**
 		 * Sets the Provider's OpenID Connect 1.0 UserInfo endpoint.
 		 *
-		 * @param oidcUserInfoEndpoint the OpenID Connect 1.0 User Info endpoint
+		 * @param oidcUserInfoEndpoint the OpenID Connect 1.0 UserInfo endpoint
 		 * @return the {@link Builder} for further configuration
 		 */
 		public Builder oidcUserInfoEndpoint(String oidcUserInfoEndpoint) {

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcUserInfoAuthenticationProvider.java

@@ -50,9 +50,7 @@
  * @see <a href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfo">5.3. UserInfo Endpoint</a>
  */
 public final class OidcUserInfoAuthenticationProvider implements AuthenticationProvider {
-
 	private final OAuth2AuthorizationService authorizationService;
-
 	private Function<OAuth2AuthenticationContext, OidcUserInfo> userInfoMapper = new DefaultOidcUserInfoMapper();
 
 	/**
@@ -107,6 +105,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
 				userInfoAuthentication, context);
 
 		OidcUserInfo userInfo = this.userInfoMapper.apply(authenticationContext);
+
 		return new OidcUserInfoAuthenticationToken(accessTokenAuthentication, userInfo);
 	}
 
@@ -116,7 +115,7 @@ public boolean supports(Class<?> authentication) {
 	}
 
 	/**
-	 * Sets the {@link Function} used when mapping from an {@link OAuth2AuthenticationContext}
+	 * Sets the {@link Function} used to extract claims from an {@link OAuth2AuthenticationContext}
 	 * to an instance of {@link OidcUserInfo} for the UserInfo response.
 	 *
 	 * <p>
@@ -128,7 +127,7 @@ public boolean supports(Class<?> authentication) {
 	 * {@link OAuth2AccessToken} associated with the bearer token used to make the request.</li>
 	 * </ul>
 	 *
-	 * @param userInfoMapper the {@link Function} used when mapping from an {@link OAuth2AuthenticationContext}
+	 * @param userInfoMapper the {@link Function} used to extract claims from an {@link OAuth2AuthenticationContext} to an instance of {@link OidcUserInfo}
 	 */
 	public void setUserInfoMapper(Function<OAuth2AuthenticationContext, OidcUserInfo> userInfoMapper) {
 		Assert.notNull(userInfoMapper, "userInfoMapper cannot be null");
@@ -173,7 +172,7 @@ public OidcUserInfo apply(OAuth2AuthenticationContext authenticationContext) {
 			return new OidcUserInfo(scopeRequestedClaims);
 		}
 
-		private Map<String, Object> getClaimsRequestedByScope(Map<String, Object> claims, Set<String> requestedScopes) {
+		private static Map<String, Object> getClaimsRequestedByScope(Map<String, Object> claims, Set<String> requestedScopes) {
 			Set<String> scopeRequestedClaimNames = new HashSet<>(32);
 			scopeRequestedClaimNames.add(StandardClaimNames.SUB);
 
@@ -195,5 +194,7 @@ private Map<String, Object> getClaimsRequestedByScope(Map<String, Object> claims
 
 			return requestedClaims;
 		}
+
 	}
+
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcUserInfoAuthenticationToken.java

@@ -33,16 +33,14 @@
  * @see OidcUserInfoAuthenticationProvider
  */
 public class OidcUserInfoAuthenticationToken extends AbstractAuthenticationToken {
-
 	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
-
 	private final Authentication principal;
 	private final OidcUserInfo userInfo;
 
 	/**
 	 * Constructs an {@code OidcUserInfoAuthenticationToken} using the provided parameters.
 	 *
-	 * @param principal the authenticated principal
+	 * @param principal the principal
 	 */
 	public OidcUserInfoAuthenticationToken(Authentication principal) {
 		super(Collections.emptyList());
@@ -64,7 +62,7 @@ public OidcUserInfoAuthenticationToken(Authentication principal, OidcUserInfo us
 		Assert.notNull(userInfo, "userInfo cannot be null");
 		this.principal = principal;
 		this.userInfo = userInfo;
-		setAuthenticated(principal.isAuthenticated());
+		setAuthenticated(true);
 	}
 
 	@Override
@@ -85,4 +83,5 @@ public Object getCredentials() {
 	public OidcUserInfo getUserInfo() {
 		return this.userInfo;
 	}
+
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcUserInfoEndpointFilter.java

@@ -24,7 +24,6 @@
 
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.server.ServletServerHttpResponse;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -125,7 +124,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
 	private void sendUserInfoResponse(HttpServletResponse response, OidcUserInfo userInfo) throws IOException {
 		ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
-		this.userInfoHttpMessageConverter.write(userInfo, MediaType.APPLICATION_JSON, httpResponse);
+		this.userInfoHttpMessageConverter.write(userInfo, null, httpResponse);
 	}
 
 	private void sendErrorResponse(HttpServletResponse response, OAuth2Error error) throws IOException {

oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcUserInfoTests.java

@@ -17,6 +17,7 @@
 
 import java.time.Instant;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.function.Function;
@@ -123,7 +124,7 @@ public void requestWhenUserInfoRequestPostThenUserInfoResponse() throws Exceptio
 	}
 
 	@Test
-	public void requestWhenSignedJwtAndCustomUserInfoMapperThenUserInfoResponse() throws Exception {
+	public void requestWhenSignedJwtAndCustomUserInfoMapperThenMapJwtClaimsToUserInfoResponse() throws Exception {
 		this.spring.register(CustomUserInfoConfiguration.class).autowire();
 
 		OAuth2Authorization authorization = createAuthorization();
@@ -159,7 +160,7 @@ private static ResultMatcher userInfoResponse() {
 				jsonPath("locale").value("en-US"),
 				jsonPath("phone_number").value("+1 (604) 555-1234;ext=5678"),
 				jsonPath("phone_number_verified").value("false"),
-				jsonPath("address").value("Champ de Mars\n5 Av. Anatole France\n75007 Paris\nFrance"),
+				jsonPath("address.formatted").value("Champ de Mars\n5 Av. Anatole France\n75007 Paris\nFrance"),
 				jsonPath("updated_at").value("1970-01-01T00:00:00Z")
 		);
 		// @formatter:on
@@ -210,7 +211,7 @@ private static OidcUserInfo createUserInfo() {
 				.locale("en-US")
 				.phoneNumber("+1 (604) 555-1234;ext=5678")
 				.phoneNumberVerified("false")
-				.address("Champ de Mars\n5 Av. Anatole France\n75007 Paris\nFrance")
+				.claim("address", Collections.singletonMap("formatted", "Champ de Mars\n5 Av. Anatole France\n75007 Paris\nFrance"))
 				.updatedAt("1970-01-01T00:00:00Z")
 				.build();
 		// @formatter:on
@@ -304,5 +305,7 @@ JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
 		JwtEncoder jwtEncoder(JWKSource<SecurityContext> jwkSource) {
 			return new NimbusJwsEncoder(jwkSource);
 		}
+
 	}
+
 }

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/core/oidc/http/converter/OidcUserInfoHttpMessageConverterTests.java

@@ -130,18 +130,18 @@ public void readInternalWhenFailingConverterThenThrowException() {
 
 		assertThatExceptionOfType(HttpMessageNotReadableException.class)
 				.isThrownBy(() -> this.messageConverter.readInternal(OidcUserInfo.class, response))
-				.withMessageContaining("An error occurred reading the UserInfo")
+				.withMessageContaining("An error occurred reading the UserInfo response")
 				.withMessageContaining(errorMessage);
 	}
 
 	@Test
 	public void readInternalWhenInvalidResponseThenThrowException() {
-		String providerConfigurationResponse = "{}";
-		MockClientHttpResponse response = new MockClientHttpResponse(providerConfigurationResponse.getBytes(), HttpStatus.OK);
+		String userInfoResponse = "{}";
+		MockClientHttpResponse response = new MockClientHttpResponse(userInfoResponse.getBytes(), HttpStatus.OK);
 
 		assertThatExceptionOfType(HttpMessageNotReadableException.class)
 				.isThrownBy(() -> this.messageConverter.readInternal(OidcUserInfo.class, response))
-				.withMessageContaining("An error occurred reading the UserInfo")
+				.withMessageContaining("An error occurred reading the UserInfo response")
 				.withMessageContaining("claims cannot be empty");
 	}
 

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcUserInfoAuthenticationProviderTests.java

@@ -60,9 +60,9 @@ public class OidcUserInfoAuthenticationProviderTests {
 	private OidcUserInfoAuthenticationProvider authenticationProvider;
 
 	@Before
-	public void setUp() throws Exception {
+	public void setUp() {
 		this.authorizationService = mock(OAuth2AuthorizationService.class);
-		this.authenticationProvider = new OidcUserInfoAuthenticationProvider(authorizationService);
+		this.authenticationProvider = new OidcUserInfoAuthenticationProvider(this.authorizationService);
 	}
 
 	@Test
@@ -224,7 +224,7 @@ public void authenticateWhenValidAccessTokenThenReturnUserInfo() {
 		assertThat(userInfo.getLocale()).isEqualTo("en-US");
 		assertThat(userInfo.getPhoneNumber()).isEqualTo("+1 (604) 555-1234;ext=5678");
 		assertThat(userInfo.getPhoneNumberVerified()).isEqualTo(false);
-		assertThat(userInfo.getClaimAsString(StandardClaimNames.ADDRESS))
+		assertThat(userInfo.getAddress().getFormatted())
 				.isEqualTo("Champ de Mars\n5 Av. Anatole France\n75007 Paris\nFrance");
 		assertThat(userInfo.getUpdatedAt()).isEqualTo(Instant.parse("1970-01-01T00:00:00Z"));
 
@@ -259,6 +259,7 @@ private static JwtAuthenticationToken createJwtAuthenticationToken(String tokenV
 	}
 
 	private static OidcUserInfo createUserInfo() {
+		// @formatter:off
 		return OidcUserInfo.builder()
 				.subject("user1")
 				.name("First Last")
@@ -278,8 +279,10 @@ private static OidcUserInfo createUserInfo() {
 				.locale("en-US")
 				.phoneNumber("+1 (604) 555-1234;ext=5678")
 				.phoneNumberVerified("false")
-				.address("Champ de Mars\n5 Av. Anatole France\n75007 Paris\nFrance")
+				.claim("address", Collections.singletonMap("formatted", "Champ de Mars\n5 Av. Anatole France\n75007 Paris\nFrance"))
 				.updatedAt("1970-01-01T00:00:00Z")
 				.build();
+		// @formatter:on
 	}
+
 }

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcUserInfoAuthenticationTokenTests.java

@@ -32,6 +32,7 @@
  * @author Steve Riesenberg
  */
 public class OidcUserInfoAuthenticationTokenTests {
+
 	@Test
 	public void constructorWhenPrincipalNullThenThrowIllegalArgumentException() {
 		assertThatIllegalArgumentException()
@@ -55,6 +56,6 @@ public void constructorWhenPrincipalAndUserInfoProvidedThenCreated() {
 		OidcUserInfoAuthenticationToken authentication = new OidcUserInfoAuthenticationToken(principal, userInfo);
 		assertThat(authentication.getPrincipal()).isEqualTo(principal);
 		assertThat(authentication.getUserInfo()).isEqualTo(userInfo);
-		assertThat(authentication.isAuthenticated()).isFalse();
+		assertThat(authentication.isAuthenticated()).isTrue();
 	}
 }