Remove deprecated Authorization Post web-service for API v1.1 (#767)

It is still accessible as long as v1.0 is supported on a Kustvakt
server.

Change-Id: Ibb1f7e2d9af3fa523bd4d8ac27ba21dc55434788
diff --git a/Changes b/Changes
index 1f77927..9c7da74 100644
--- a/Changes
+++ b/Changes
@@ -1,6 +1,8 @@
 # version 0.80-SNAPSHOT
+
 - Introduced APIDeprecationFilter (#759)
 - Deprecated matchInfo web-service has been removed for API v1.1.
+- Remove deprecated Authorization Post web-service for API v1.1.
 
 # version 0.79.1
 
diff --git a/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java b/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
index 60dd425..d0fedcf 100644
--- a/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
+++ b/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
@@ -32,9 +32,11 @@
 import de.ids_mannheim.korap.security.context.TokenContext;
 import de.ids_mannheim.korap.utils.ParameterChecker;
 import de.ids_mannheim.korap.web.OAuth2ResponseHandler;
+import de.ids_mannheim.korap.web.filter.APIDeprecationFilter;
 import de.ids_mannheim.korap.web.filter.APIVersionFilter;
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
 import de.ids_mannheim.korap.web.filter.BlockingFilter;
+import de.ids_mannheim.korap.web.filter.DemoUserFilter;
 import de.ids_mannheim.korap.web.utils.ResourceFilters;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.constraints.NotEmpty;
@@ -106,6 +108,8 @@
     @POST
     @Path("authorize")
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    @ResourceFilters({APIDeprecationFilter.class, 
+    	AuthenticationFilter.class, DemoUserFilter.class})
     public Response requestAuthorizationCode (
             @Context HttpServletRequest request,
             @Context SecurityContext context, @FormParam("scope") String scope,
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
index 4251fc0..ff03278 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
@@ -33,6 +33,37 @@
                 .createBasicAuthorizationHeaderValue("dory", "password");
     }
 
+    @Test
+    public void testAuthorizeConfidentialClient() throws KustvaktException {
+        Form form = new Form();
+        form.param("response_type", "code");
+        form.param("client_id", confidentialClientId);
+        form.param("state", "thisIsMyState");
+        form.param("scope", "search");
+        Response response = requestAuthorizationCode(form, userAuthHeader);
+        assertEquals(Status.NOT_FOUND.getStatusCode(),
+                response.getStatus());
+    }
+
+    @Test
+    public void testAuthorizeConfidentialClientV1_0 () throws KustvaktException {
+        Form form = new Form();
+        form.param("response_type", "code");
+        form.param("client_id", confidentialClientId);
+        form.param("state", "thisIsMyState");
+        form.param("scope", "search");
+        Response response = requestAuthorizationCodeV1_0(form, userAuthHeader);
+        assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
+                response.getStatus());
+        URI redirectUri = response.getLocation();
+        MultiValueMap<String, String> params = UriComponentsBuilder
+                .fromUri(redirectUri).build().getQueryParams();
+        assertNotNull(params.getFirst("code"));
+        assertEquals(params.getFirst("state"), "thisIsMyState");
+        
+        testRequestTokenAuthorizationConfidential(redirectUri);
+    }
+    
     private Response requestAuthorizationCode (Form form, String authHeader)
             throws KustvaktException {
         return target().path(API_VERSION).path("oauth2").path("authorize")
@@ -43,38 +74,24 @@
                 .post(Entity.form(form));
     }
 
-    @Test
-    public void testAuthorizeConfidentialClient () throws KustvaktException {
-        Form form = new Form();
-        form.param("response_type", "code");
-        form.param("client_id", confidentialClientId);
-        form.param("state", "thisIsMyState");
-        form.param("scope", "search");
-        Response response = requestAuthorizationCode(form, userAuthHeader);
-        assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
-                response.getStatus());
-        URI redirectUri = response.getLocation();
-        MultiValueMap<String, String> params = UriComponentsBuilder
-                .fromUri(redirectUri).build().getQueryParams();
-        assertNotNull(params.getFirst("code"));
-        assertEquals("thisIsMyState", params.getFirst("state"));
-    }
-
-    @Test
-    public void testRequestTokenAuthorizationConfidential ()
+    private Response requestAuthorizationCodeV1_0 (Form form, String authHeader)
             throws KustvaktException {
-        Form authForm = new Form();
-        authForm.param("response_type", "code");
-        authForm.param("client_id", confidentialClientId);
-        authForm.param("scope", "search");
-        Response response = requestAuthorizationCode(authForm, userAuthHeader);
-        URI redirectUri = response.getLocation();
+        return target().path(API_VERSION_V1_0).path("oauth2").path("authorize")
+                .request().header(Attributes.AUTHORIZATION, authHeader)
+                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+                .header(HttpHeaders.CONTENT_TYPE,
+                        ContentType.APPLICATION_FORM_URLENCODED)
+                .post(Entity.form(form));
+    }
+    
+	private void testRequestTokenAuthorizationConfidential (URI redirectUri)
+			throws KustvaktException {
 
         MultivaluedMap<String, String> params = UriComponent
                 .decodeQuery(redirectUri, true);
         String code = params.get("code").get(0);
 
-        response = requestTokenWithAuthorizationCodeAndForm(
+        Response response = requestTokenWithAuthorizationCodeAndForm(
                 confidentialClientId, clientSecret, code);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);