Remove deprecated authorized_only param in the client list API for v1.1
Change-Id: Ic39ce8a313b3526fe5aa6e57f347f66d71831ba3
diff --git a/Changes b/Changes
index ce601e1..5f1f4fe 100644
--- a/Changes
+++ b/Changes
@@ -5,6 +5,7 @@
- Remove deprecated Authorization Post web-service for API v1.1 (#767)
- Remove deprecated user-group web-services for API v1.1 (#769)
- Remove deprecated vc web-services for API v1.1 (#771)
+- Remove deprecated authorized_only parameter in the client list API for v1.1 (#760)
# version 0.79.1
diff --git a/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java b/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
index 1c41998..c0dcd8f 100644
--- a/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
+++ b/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
@@ -27,8 +27,10 @@
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.PathSegment;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
@@ -218,11 +220,17 @@
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public List<OAuth2ClientInfoDto> listUserClients (
@Context SecurityContext context,
+ @Context ContainerRequestContext requestContext,
@FormParam("super_client_id") String superClientId,
@FormParam("super_client_secret") String superClientSecret,
@FormParam("authorized_only") boolean authorizedOnly, // deprecated
@FormParam("filter_by") String filterBy) {
+ List<PathSegment> pathSegments = requestContext.getUriInfo()
+ .getPathSegments();
+ String version = pathSegments.get(0).getPath();
+ double requestedVersion = Double.parseDouble(version.substring(1));
+
TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
String username = tokenContext.getUsername();
@@ -234,28 +242,34 @@
List<OAuth2ClientInfoDto> clients = null;
- if (authorizedOnly) {
- clients = clientService.listUserAuthorizedClients(username);
+ if (requestedVersion == 1) {
+ if (authorizedOnly) {
+ clients = clientService.listUserAuthorizedClients(username);
+ return clients;
+ }
+ }
+
+ if (filterBy !=null && !filterBy.isEmpty()) {
+ if (filterBy.equals("authorized_only")) {
+ clients = clientService.listUserAuthorizedClients(username);
+ }
+ else if (filterBy.equals("owned_only")) {
+ clients = clientService.listUserRegisteredClients(username);
+ }
+ else {
+ throw new KustvaktException(
+ StatusCodes.UNSUPPORTED_VALUE, "filter_by");
+ }
}
else {
- if (filterBy !=null && !filterBy.isEmpty()) {
- if (filterBy.equals("authorized_only")) {
- clients = clientService.listUserAuthorizedClients(username);
- }
- else if (filterBy.equals("owned_only")) {
- clients = clientService.listUserRegisteredClients(username);
- }
- else {
- throw new KustvaktException(
- StatusCodes.UNSUPPORTED_VALUE, "filter_by");
- }
- }
- else {
-// clients = clientService.listUserAuthorizedClients(username);
-// clients.addAll(clientService.listUserRegisteredClients(username));
-
- clients = clientService.listUserRegisteredClients(username);
- }
+ if (requestedVersion == 1) {
+ clients = clientService.listUserRegisteredClients(username);
+ }
+ else {
+ clients = clientService.listUserAuthorizedClients(username);
+ clients.addAll(
+ clientService.listUserRegisteredClients(username));
+ }
}
return clients;
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2DeprecationTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2DeprecationTest.java
new file mode 100644
index 0000000..934d6f3
--- /dev/null
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2DeprecationTest.java
@@ -0,0 +1,129 @@
+package de.ids_mannheim.korap.web.controller.oauth2;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.apache.http.entity.ContentType;
+import org.junit.jupiter.api.Test;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.google.common.net.HttpHeaders;
+
+import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.oauth2.constant.OAuth2ClientType;
+import de.ids_mannheim.korap.utils.JsonUtils;
+import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
+import jakarta.ws.rs.client.Entity;
+import jakarta.ws.rs.core.Form;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
+
+public class OAuth2DeprecationTest extends OAuth2TestBase{
+ private String userAuthHeader;
+ private String username = "dory";
+
+ public OAuth2DeprecationTest () throws KustvaktException {
+ userAuthHeader = HttpAuthorizationHandler
+ .createBasicAuthorizationHeaderValue(username, "password");
+ }
+
+ @Test
+ public void testListClients () throws KustvaktException {
+ // authorized client
+ String code = requestAuthorizationCode(publicClientId, userAuthHeader);
+ Response response = requestTokenWithAuthorizationCodeAndForm(
+ publicClientId, "", code);
+
+ // owned client
+ OAuth2ClientJson clientJson = createOAuth2ClientJson(
+ "OAuth2DesktopClient", OAuth2ClientType.PUBLIC,
+ "This is a desktop test client.");
+ response = registerClient(username, clientJson);
+ String entity = response.readEntity(String.class);
+ assertEquals(Status.OK.getStatusCode(), response.getStatus());
+ JsonNode node = JsonUtils.readTree(entity);
+ String clientId = node.at("/client_id").asText();
+ assertNotNull(clientId);
+ assertTrue(node.at("/client_secret").isMissingNode());
+
+ testListAuthorizedClients(publicClientId);
+ testListOwnedClient(clientId);
+ testFilterBy(publicClientId);
+
+ response = target().path(API_VERSION).path("oauth2")
+ .path("client").path("deregister").path(clientId).request()
+ .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+ .createBasicAuthorizationHeaderValue(username, "pass"))
+ .delete();
+ assertEquals(Status.OK.getStatusCode(), response.getStatus());
+ }
+
+ private void testListAuthorizedClients(String clientId) throws KustvaktException {
+ // List clients
+ Form form = getSuperClientForm();
+ form.param("authorized_only","true");
+ // V1.0
+ Response response = target().path(API_VERSION_V1_0).path("oauth2")
+ .path("client").path("list").request()
+ .header(Attributes.AUTHORIZATION, userAuthHeader)
+ .header(HttpHeaders.CONTENT_TYPE,
+ ContentType.APPLICATION_FORM_URLENCODED)
+ .post(Entity.form(form));
+ assertEquals(Status.OK.getStatusCode(), response.getStatus());
+ String entity = response.readEntity(String.class);
+ JsonNode node = JsonUtils.readTree(entity);
+ assertEquals(1, node.size());
+ assertEquals(clientId, node.at("/0/client_id").asText());
+
+ // current version
+ response = target().path(API_VERSION).path("oauth2")
+ .path("client").path("list").request()
+ .header(Attributes.AUTHORIZATION, userAuthHeader)
+ .header(HttpHeaders.CONTENT_TYPE,
+ ContentType.APPLICATION_FORM_URLENCODED)
+ .post(Entity.form(form));
+ assertEquals(Status.OK.getStatusCode(), response.getStatus());
+ entity = response.readEntity(String.class);
+ node = JsonUtils.readTree(entity);
+ assertEquals(2, node.size());
+ }
+
+ private void testListOwnedClient (String clientId) throws KustvaktException {
+ // List clients
+ Form form = getSuperClientForm();
+ // V1.0
+ Response response = target().path(API_VERSION_V1_0).path("oauth2")
+ .path("client").path("list").request()
+ .header(Attributes.AUTHORIZATION, userAuthHeader)
+ .header(HttpHeaders.CONTENT_TYPE,
+ ContentType.APPLICATION_FORM_URLENCODED)
+ .post(Entity.form(form));
+ assertEquals(Status.OK.getStatusCode(), response.getStatus());
+ String entity = response.readEntity(String.class);
+ JsonNode node = JsonUtils.readTree(entity);
+ assertEquals(1, node.size());
+ assertEquals(clientId, node.at("/0/client_id").asText());
+ }
+
+ private void testFilterBy (String clientId) throws KustvaktException {
+ // List clients
+ Form form = getSuperClientForm();
+ form.param("filter_by","authorized_only");
+ // V1.0
+ Response response = target().path(API_VERSION_V1_0).path("oauth2")
+ .path("client").path("list").request()
+ .header(Attributes.AUTHORIZATION, userAuthHeader)
+ .header(HttpHeaders.CONTENT_TYPE,
+ ContentType.APPLICATION_FORM_URLENCODED)
+ .post(Entity.form(form));
+ assertEquals(Status.OK.getStatusCode(), response.getStatus());
+ String entity = response.readEntity(String.class);
+ JsonNode node = JsonUtils.readTree(entity);
+ assertEquals(1, node.size());
+ assertEquals(clientId, node.at("/0/client_id").asText());
+ }
+
+}