commit 0034a0c3178815bab42b6e5df46776e3b41ddc1b
author margaretha <margaretha@ids-mannheim.de> Tue May 17 10:37:41 2022 +0200
committer margaretha <margaretha@ids-mannheim.de> Wed May 25 10:13:27 2022 +0200
tree 535f7d274572dcda75de227d15959e89296600fa
parent 641ea63daeb8405d72862ee44038883f90864387

Handled null parameters in authorization requests

Change-Id: I064684c5ade9ebc011513dca7656a08427e0f277

full/Changes

diff --git a/full/Changes b/full/Changes
index b74fca3..a5a1ddc 100644
--- a/full/Changes
+++ b/full/Changes
@@ -2,7 +2,7 @@
 
 2022-05-12
  - Implemented mapping of LDAP username to email
-
+ - Handled null parameters in authorization requests
 
 # version 0.67
 

full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2AuthorizationRequest.java

diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2AuthorizationRequest.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2AuthorizationRequest.java
index 1819c11..6f24d79 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2AuthorizationRequest.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2AuthorizationRequest.java
@@ -50,7 +50,7 @@
         // validators.put(ResponseType.TOKEN.toString(),
         // TokenValidator.class);
         final String requestTypeValue = getParam(OAuth.OAUTH_RESPONSE_TYPE);
-        if (!requestTypeValue.isEmpty()) {
+        if (requestTypeValue!=null && !requestTypeValue.isEmpty()) {
             if (requestTypeValue.equals(ResponseType.CODE.toString())) {
                 
             }

full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java

diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
index 87a3ab2..ed28cf6 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
@@ -128,7 +128,7 @@
     }
 
     @Test
-    public void testAuthorizeMissingResponseType () throws KustvaktException {
+    public void testAuthorizeMissingResponseType() throws KustvaktException {
         ClientResponse response = requestAuthorizationCode("",
                 confidentialClientId, "", "", "", userAuthHeader);
         assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
@@ -138,6 +138,22 @@
                 + "error_description=Missing+parameters%3A+response_type&"
                 + "error=invalid_request", response.getLocation().toString());
     }
+    
+    @Test
+    public void testAuthorizeMissingResponseTypeWithoutClientId () throws KustvaktException {
+        ClientResponse response = requestAuthorizationCode("",
+                "", "", "", "", userAuthHeader);
+        
+        assertEquals(Status.BAD_REQUEST.getStatusCode(),
+                response.getStatus());
+        String entity = response.getEntity(String.class);
+        JsonNode node = JsonUtils.readTree(entity);
+        
+        assertEquals(OAuthError.CodeResponse.INVALID_REQUEST,
+                node.at("/error").asText());
+        assertEquals("Missing parameters: response_type client_id",
+                node.at("/error_description").asText());
+    }
 
     @Test
     public void testAuthorizeInvalidClientId () throws KustvaktException {

full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java

diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
index 1a043d7..9d56e5a 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
@@ -20,6 +20,7 @@
 import com.sun.jersey.api.client.ClientHandlerException;
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.api.client.UniformInterfaceException;
+import com.sun.jersey.api.client.WebResource;
 import com.sun.jersey.api.uri.UriComponent;
 import com.sun.jersey.core.util.MultivaluedMapImpl;
 
@@ -68,13 +69,26 @@
             String clientId, String redirectUri, String scope, String state,
             String authHeader) throws KustvaktException {
 
-        return resource().path(API_VERSION).path("oauth2").path("authorize")
-                .queryParam("response_type", responseType)
-                .queryParam("client_id", clientId)
-                .queryParam("redirect_uri", redirectUri)
-                .queryParam("scope", scope)
-                .queryParam("state", state)
-                .header(Attributes.AUTHORIZATION, authHeader)
+        WebResource request =
+                resource().path(API_VERSION).path("oauth2").path("authorize");
+        
+        if (!responseType.isEmpty()) {
+            request = request.queryParam("response_type", responseType);
+        }
+        if (!clientId.isEmpty()) {
+            request = request.queryParam("client_id", clientId);
+        }
+        if (!redirectUri.isEmpty()) {
+            request = request.queryParam("redirect_uri", redirectUri);
+        }
+        if (!scope.isEmpty()) {
+            request = request.queryParam("scope", scope);
+        }
+        if (!state.isEmpty()) {
+            request = request.queryParam("state", state);
+        }
+        
+        return request.header(Attributes.AUTHORIZATION, authHeader)
                 .get(ClientResponse.class);
     }