Fixed missing scopes after requesting access token with refresh token.
Change-Id: I8819a56bbe1388104e037460a22f66f7ad6b58ab
diff --git a/full/Changes b/full/Changes
index 82ff399..94bed7e 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,7 +1,11 @@
# version 0.62.1
08/07/2019
- - Added tests for public metadata response in search api (margaretha, issue #43)
+ - Added tests for public metadata response in search api (margaretha,
+ issue #43)
- Disabled some tests of unused/disabled web-services (margaretha)
+07/08/2019
+ - Fixed missing scopes after requesting access token with refresh token
+ (margaretha)
# version 0.62
28/02/2019
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
index f7d6405..c18ba88 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
@@ -143,7 +143,8 @@
"Refresh token is expired", OAuth2Error.INVALID_GRANT);
}
- Set<AccessScope> requestedScopes = refreshToken.getScopes();
+ Set<AccessScope> requestedScopes =
+ new HashSet<>(refreshToken.getScopes());
if (scopes != null && !scopes.isEmpty()) {
requestedScopes =
scopeService.verifyRefreshScope(scopes, requestedScopes);
@@ -151,8 +152,7 @@
.convertAccessScopesToStringSet(requestedScopes);
}
- // revoke the refresh token and all access tokens associated
- // to it
+ // revoke the refresh token and all access tokens associated to it
revokeRefreshToken(refreshTokenStr);
return createsAccessTokenResponse(scopes, requestedScopes, clientId,
diff --git a/full/src/main/resources/db/test/V3.5__insert_oauth2_clients.sql b/full/src/main/resources/db/test/V3.5__insert_oauth2_clients.sql
index 369b483..33330c1 100644
--- a/full/src/main/resources/db/test/V3.5__insert_oauth2_clients.sql
+++ b/full/src/main/resources/db/test/V3.5__insert_oauth2_clients.sql
@@ -36,7 +36,7 @@
VALUES ("nW5qM63Rb2a7KdT9L","test public client",null,
"PUBLIC", 0,
"https://korap.ids-mannheim.de/public/redirect","system",
- "This is a test super public client.",
+ "This is a test public client.",
"http://korap.ids-mannheim.de/public", 1360724310);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
index 863a6ec..e1cd67b 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
@@ -5,6 +5,7 @@
import static org.junit.Assert.assertTrue;
import java.net.URI;
+import java.util.Set;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response.Status;
@@ -26,6 +27,9 @@
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
+import de.ids_mannheim.korap.oauth2.dao.RefreshTokenDao;
+import de.ids_mannheim.korap.oauth2.entity.AccessScope;
+import de.ids_mannheim.korap.oauth2.entity.RefreshToken;
import de.ids_mannheim.korap.utils.JsonUtils;
/**
@@ -332,6 +336,12 @@
assertEquals(TokenType.BEARER.toString(),
node.at("/token_type").asText());
assertNotNull(node.at("/expires_in").asText());
+
+ RefreshToken refreshToken = refreshTokenDao
+ .retrieveRefreshToken(node.at("/refresh_token").asText());
+ Set<AccessScope> scopes = refreshToken.getScopes();
+ assertEquals(1, scopes.size());
+ assertEquals("[all]", scopes.toString());
}
@Test
@@ -592,6 +602,11 @@
assertNotNull(node.at("/expires_in").asText());
assertTrue(!node.at("/refresh_token").asText().equals(refreshToken));
+
+ RefreshToken rt = refreshTokenDao.retrieveRefreshToken(refreshToken);
+ assertEquals(true, rt.isRevoked());
+ Set<AccessScope> scopes = rt.getScopes();
+ assertEquals(3, scopes.size());
}
private void testRequestRefreshTokenInvalidClient (String refreshToken)
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
index cfb3f41..a30ca24 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
@@ -9,6 +9,7 @@
import org.apache.http.entity.ContentType;
import org.apache.oltu.oauth2.common.message.types.GrantType;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.MultiValueMap;
import org.springframework.web.util.UriComponentsBuilder;
@@ -24,6 +25,7 @@
import de.ids_mannheim.korap.config.SpringJerseyTest;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
+import de.ids_mannheim.korap.oauth2.dao.RefreshTokenDao;
import de.ids_mannheim.korap.utils.JsonUtils;
/**
@@ -35,6 +37,9 @@
*/
public abstract class OAuth2TestBase extends SpringJerseyTest {
+ @Autowired
+ protected RefreshTokenDao refreshTokenDao;
+
protected String publicClientId = "8bIDtZnH6NvRkW2Fq";
protected String confidentialClientId = "9aHsGW6QflV13ixNpez";
protected String superClientId = "fCBbQkAyYzI4NzUxMg";
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/TokenExpiryTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/TokenExpiryTest.java
index b85b129..b51d912 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/TokenExpiryTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/TokenExpiryTest.java
@@ -23,7 +23,8 @@
/**
* Before running this test:
- * set oauth2.access.token.expiry = 3S
+ * set oauth2.access.token.expiry = 2S
+ * oauth2.authorization.code.expiry = 1S
*
* @author margaretha
*