Skip to content

Commit

Permalink
sonar
Browse files Browse the repository at this point in the history
  • Loading branch information
@strehle
strehle committed Jul 13, 2023
1 parent b2a260d commit 8159451
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 7 deletions.
8 changes: 4 additions & 4 deletions ...ava/org/cloudfoundry/identity/uaa/authentication/ClientDetailsAuthenticationProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,8 @@ protected void additionalAuthenticationChecks(UserDetails userDetails, UsernameP
// in case of grant_type=authorization_code and code_verifier passed (PKCE) we check if client has option allowpublic with true and proceed even if no secret is provided
UaaClient uaaClient = (UaaClient) userDetails;
Object allowPublic = uaaClient.getAdditionalInformation().get(ClientConstants.ALLOW_PUBLIC);
if (allowPublic instanceof String && Boolean.TRUE.toString().equalsIgnoreCase((String)allowPublic) ||
allowPublic instanceof Boolean && Boolean.TRUE.equals(allowPublic)) {
if ((allowPublic instanceof String && Boolean.TRUE.toString().equalsIgnoreCase((String)allowPublic)) ||
(allowPublic instanceof Boolean && Boolean.TRUE.equals(allowPublic))) {
((UaaAuthenticationDetails) authentication.getDetails()).setAuthenticationMethod(CLIENT_AUTH_NONE);
break;
}
Expand All @@ -83,11 +83,11 @@ private boolean isPublicGrantTypeUsageAllowed(Object uaaAuthenticationDetails) {
UaaAuthenticationDetails authenticationDetails = uaaAuthenticationDetails instanceof UaaAuthenticationDetails ?
(UaaAuthenticationDetails) uaaAuthenticationDetails : new UaaAuthenticationDetails();
Map<String, String[]> requestParameters = authenticationDetails.getParameterMap() != null ?
((UaaAuthenticationDetails)uaaAuthenticationDetails).getParameterMap() : Collections.emptyMap();
authenticationDetails.getParameterMap() : Collections.emptyMap();
return isPublicTokenRequest(authenticationDetails) && (isAuthorizationWithPkce(requestParameters) || isRefreshFlow(requestParameters));
}

private boolean isPublicTokenRequest(UaaAuthenticationDetails authenticationDetails) {
private static boolean isPublicTokenRequest(UaaAuthenticationDetails authenticationDetails) {
return !authenticationDetails.isAuthorizationSet() && "/oauth/token".equals(authenticationDetails.getRequestPath());
}

Expand Down
16 changes: 13 additions & 3 deletions .../test/java/org/cloudfoundry/identity/uaa/authentication/UaaAuthenticationDetailsTest.java
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,15 @@
package org.cloudfoundry.identity.uaa.authentication;

import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.mock.web.MockHttpServletRequest;

import javax.servlet.http.HttpServletRequest;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;

@ExtendWith(PollutionPreventionExtension.class)
class UaaAuthenticationDetailsTest {

@Test
Expand Down Expand Up @@ -44,6 +42,18 @@ void testNoLoginHint() {
assertNull(details.getLoginHint());
}

@Test
void testPublicTokenRequest() {
HttpServletRequest request = new MockHttpServletRequest("POST", "/oauth/token");

UaaAuthenticationDetails details = new UaaAuthenticationDetails(request, "cliendId");
details.setAuthenticationMethod("none");
assertNull(details.getLoginHint());
assertFalse(details.isAuthorizationSet());
assertEquals("/oauth/token", details.getRequestPath());
assertEquals("none", details.getAuthenticationMethod());
}

@Test
void testSavesRequestParameters() {
MockHttpServletRequest request = new MockHttpServletRequest();
Expand Down

0 comments on commit 8159451

Please sign in to comment.