Updated OAuth2 Client list
Change-Id: I42d7122ad7abeee1534336c14fe1c1dec91a3357
diff --git a/full/Changes b/full/Changes
index c23caf4..0c9a709 100644
--- a/full/Changes
+++ b/full/Changes
@@ -12,6 +12,8 @@
- Added client type in the client list web-service (margaretha)
2021-04-19
- Updated OAuth2Client JSON definition and controller tests (margaretha)
+2021-04-26
+ - Updated OAuth2 Client list (margaretha)
# version 0.63
26/10/2020
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
index 04927c9..ea14eb3 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
@@ -111,15 +111,12 @@
}
/**
- * Deregisters a client requires client owner authentication. For
- * confidential clients, client authentication is also required.
+ * Deregisters a client requires client owner authentication.
*
*
* @param securityContext
* @param clientId
* the client id
- * @param clientSecret
- * the client secret
* @return HTTP Response OK if successful.
*/
@DELETE
@@ -251,7 +248,7 @@
@Context SecurityContext context,
@FormParam("client_id") String clientId,
@FormParam("client_secret") String clientSecret,
- @FormParam("authorized-only") boolean authorizedOnly) {
+ @FormParam("authorized_only") boolean authorizedOnly) {
TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
String username = tokenContext.getUsername();
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
index fec1ba2..e44c725 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
@@ -139,22 +139,10 @@
assertNotNull(clientId);
assertNotNull(clientSecret);
-// testRegisterClientNonUniqueURL();
testResetConfidentialClientSecret(clientId, clientSecret);
-
-// testDeregisterConfidentialClientMissingSecret(clientId);
-// testDeregisterClientIncorrectCredentials(clientId, clientSecret);
testDeregisterConfidentialClient(clientId);
}
- @Deprecated
- private void testRegisterClientNonUniqueURL () throws KustvaktException {
- ClientResponse response = registerConfidentialClient();
- assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
- JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
- assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
- }
-
@Test
public void testRegisterClientNameTooShort ()
throws UniformInterfaceException, ClientHandlerException,
@@ -307,9 +295,6 @@
"https://OAuth2DesktopClient2.com");
}
-
-
-
private void testAccessTokenAfterDeregistration (String clientId,
String clientSecret, String redirectUri) throws KustvaktException {
String userAuthHeader = HttpAuthorizationHandler
@@ -400,54 +385,6 @@
assertEquals(Status.OK.getStatusCode(), response.getStatus());
}
- @Deprecated
- private void testDeregisterConfidentialClientMissingSecret (String clientId)
- throws KustvaktException {
-
- ClientResponse response = resource().path(API_VERSION).path("oauth2")
- .path("client").path("deregister").path(clientId)
- .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
- .createBasicAuthorizationHeaderValue(username, "pass"))
- .header(HttpHeaders.CONTENT_TYPE,
- ContentType.APPLICATION_FORM_URLENCODED)
- .delete(ClientResponse.class);
-
- String entity = response.getEntity(String.class);
- assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-
- JsonNode node = JsonUtils.readTree(entity);
- assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
- assertEquals("Missing parameters: client_secret",
- node.at("/error_description").asText());
- }
-
- @Deprecated
- private void testDeregisterClientIncorrectCredentials (String clientId,
- String clientSecret) throws UniformInterfaceException,
- ClientHandlerException, KustvaktException {
-
- MultivaluedMap<String, String> form = new MultivaluedMapImpl();
- form.add("client_secret", clientSecret);
-
- ClientResponse response = resource().path(API_VERSION).path("oauth2")
- .path("client").path("deregister").path(clientId)
- .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
- .createBasicAuthorizationHeaderValue(username, "pass"))
- .header(HttpHeaders.CONTENT_TYPE,
- ContentType.APPLICATION_FORM_URLENCODED)
- .entity(form).delete(ClientResponse.class);
-
- String entity = response.getEntity(String.class);
- assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
-
- JsonNode node = JsonUtils.readTree(entity);
- assertEquals(OAuth2Error.INVALID_CLIENT, node.at("/error").asText());
- assertEquals("Invalid client credentials",
- node.at("/error_description").asText());
-
- checkWWWAuthenticateHeader(response);
- }
-
private void testResetPublicClientSecret (String clientId)
throws UniformInterfaceException, ClientHandlerException,
KustvaktException {
@@ -577,7 +514,7 @@
MultivaluedMap<String, String> form = new MultivaluedMapImpl();
form.add("client_id", superClientId);
form.add("client_secret", clientSecret);
- form.add("authorized-only", "true");
+ form.add("authorized_only", "true");
ClientResponse response = resource().path(API_VERSION).path("oauth2")
.path("client").path("list")
@@ -628,7 +565,7 @@
requestAuthorizedClientList(userAuthHeader);
testListAuthorizedClientWithMultipleRefreshTokens(userAuthHeader);
testListAuthorizedClientWithMultipleAccessTokens(userAuthHeader);
- testWithClientsFromAnotherUser(userAuthHeader);
+ testListWithClientsFromAnotherUser(userAuthHeader);
// revoke client 1
testRevokeAllTokenViaSuperClient(publicClientId, userAuthHeader,
@@ -670,7 +607,7 @@
requestAuthorizedClientList(userAuthHeader);
}
- private void testWithClientsFromAnotherUser (
+ private void testListWithClientsFromAnotherUser (
String userAuthHeader) throws KustvaktException {
String aaaAuthHeader = HttpAuthorizationHandler