From a80425efcb8d8c3a6124d00fb1de641a0490d97b Mon Sep 17 00:00:00 2001
From: strehle <markus.strehle@sap.com>
Date: Tue, 12 Sep 2023 10:54:33 +0200
Subject: [PATCH] test: Authorization Grant Flow without Redirect URI

Add test for this hidden feature thus not to run into a regression
---
 .../webapp/WEB-INF/spring/oauth-clients.xml   |  2 +-
 ...uthorizationCodeGrantIntegrationTests.java | 30 +++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml
index b2bfeb0b02b..8fa0667a055 100644
--- a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml
+++ b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml
@@ -82,7 +82,7 @@
                             <entry key="secret" value="loginsecret"/>
                             <entry key="scope" value="openid,oauth.approvals"/>
                             <entry key="authorized-grant-types" value="client_credentials,authorization_code"/>
-                            <entry key="redirect-uri" value="http://localhost/**,http://localhost:7000/**"/>
+                            <entry key="redirect-uri" value="http://localhost/**"/>
                             <entry key="authorities"
                                    value="oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write,idps.write"/>
                             <entry key="autoapprove" value="true"/>
diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java
index 0b3f53c77c7..7a86fbc8fd7 100755
--- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java
+++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java
@@ -17,6 +17,7 @@
 import org.cloudfoundry.identity.uaa.oauth.jwt.JwtHelper;
 import org.cloudfoundry.identity.uaa.test.TestAccountSetup;
 import org.cloudfoundry.identity.uaa.test.UaaTestAccounts;
+import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.Test;
 import org.springframework.http.HttpEntity;
@@ -32,6 +33,7 @@
 import java.util.Map;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 import static org.hamcrest.CoreMatchers.containsString;
@@ -192,6 +194,34 @@ public void testZoneInactive() {
         assertEquals(HttpStatus.NOT_FOUND, result.getStatusCode());
     }
 
+    @Test
+    public void testAuthorizationRequestWithoutRedirectUri() {
+
+      Map<String, String> body = IntegrationTestUtils.getAuthorizationCodeTokenMap(serverRunning,
+          testAccounts,
+          "login",
+          "loginsecret",
+          testAccounts.getUserName(),
+          testAccounts.getPassword(),
+          null,
+          null,
+          null,
+          null,
+          false);
+
+      assertNotNull("Token not received", body.get("access_token"));
+
+      try {
+        IntegrationTestUtils.getAuthorizationCodeTokenMap(serverRunning, testAccounts, "app", "appclientsecret",
+            testAccounts.getUserName(), testAccounts.getPassword(),
+            null, null, null, null, false);
+      } catch (AssertionError error) {
+        // expected
+        return;
+      }
+      Assert.fail("Token retrival not allowed");
+    }
+
     public void testSuccessfulAuthorizationCodeFlow_Internal() {
         AuthorizationCodeResourceDetails resource = testAccounts.getDefaultAuthorizationCodeResource();