Remove deprecated Authorization Post web-service for API v1.1 (#767)
It is still accessible as long as v1.0 is supported on a Kustvakt
server.
Change-Id: Ibb1f7e2d9af3fa523bd4d8ac27ba21dc55434788
diff --git a/Changes b/Changes
index 1f77927..9c7da74 100644
--- a/Changes
+++ b/Changes
@@ -1,6 +1,8 @@
# version 0.80-SNAPSHOT
+
- Introduced APIDeprecationFilter (#759)
- Deprecated matchInfo web-service has been removed for API v1.1.
+- Remove deprecated Authorization Post web-service for API v1.1.
# version 0.79.1
diff --git a/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java b/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
index 60dd425..d0fedcf 100644
--- a/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
+++ b/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
@@ -32,9 +32,11 @@
import de.ids_mannheim.korap.security.context.TokenContext;
import de.ids_mannheim.korap.utils.ParameterChecker;
import de.ids_mannheim.korap.web.OAuth2ResponseHandler;
+import de.ids_mannheim.korap.web.filter.APIDeprecationFilter;
import de.ids_mannheim.korap.web.filter.APIVersionFilter;
import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
import de.ids_mannheim.korap.web.filter.BlockingFilter;
+import de.ids_mannheim.korap.web.filter.DemoUserFilter;
import de.ids_mannheim.korap.web.utils.ResourceFilters;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.validation.constraints.NotEmpty;
@@ -106,6 +108,8 @@
@POST
@Path("authorize")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ @ResourceFilters({APIDeprecationFilter.class,
+ AuthenticationFilter.class, DemoUserFilter.class})
public Response requestAuthorizationCode (
@Context HttpServletRequest request,
@Context SecurityContext context, @FormParam("scope") String scope,
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
index 4251fc0..ff03278 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
@@ -33,6 +33,37 @@
.createBasicAuthorizationHeaderValue("dory", "password");
}
+ @Test
+ public void testAuthorizeConfidentialClient() throws KustvaktException {
+ Form form = new Form();
+ form.param("response_type", "code");
+ form.param("client_id", confidentialClientId);
+ form.param("state", "thisIsMyState");
+ form.param("scope", "search");
+ Response response = requestAuthorizationCode(form, userAuthHeader);
+ assertEquals(Status.NOT_FOUND.getStatusCode(),
+ response.getStatus());
+ }
+
+ @Test
+ public void testAuthorizeConfidentialClientV1_0 () throws KustvaktException {
+ Form form = new Form();
+ form.param("response_type", "code");
+ form.param("client_id", confidentialClientId);
+ form.param("state", "thisIsMyState");
+ form.param("scope", "search");
+ Response response = requestAuthorizationCodeV1_0(form, userAuthHeader);
+ assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
+ response.getStatus());
+ URI redirectUri = response.getLocation();
+ MultiValueMap<String, String> params = UriComponentsBuilder
+ .fromUri(redirectUri).build().getQueryParams();
+ assertNotNull(params.getFirst("code"));
+ assertEquals(params.getFirst("state"), "thisIsMyState");
+
+ testRequestTokenAuthorizationConfidential(redirectUri);
+ }
+
private Response requestAuthorizationCode (Form form, String authHeader)
throws KustvaktException {
return target().path(API_VERSION).path("oauth2").path("authorize")
@@ -43,38 +74,24 @@
.post(Entity.form(form));
}
- @Test
- public void testAuthorizeConfidentialClient () throws KustvaktException {
- Form form = new Form();
- form.param("response_type", "code");
- form.param("client_id", confidentialClientId);
- form.param("state", "thisIsMyState");
- form.param("scope", "search");
- Response response = requestAuthorizationCode(form, userAuthHeader);
- assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
- response.getStatus());
- URI redirectUri = response.getLocation();
- MultiValueMap<String, String> params = UriComponentsBuilder
- .fromUri(redirectUri).build().getQueryParams();
- assertNotNull(params.getFirst("code"));
- assertEquals("thisIsMyState", params.getFirst("state"));
- }
-
- @Test
- public void testRequestTokenAuthorizationConfidential ()
+ private Response requestAuthorizationCodeV1_0 (Form form, String authHeader)
throws KustvaktException {
- Form authForm = new Form();
- authForm.param("response_type", "code");
- authForm.param("client_id", confidentialClientId);
- authForm.param("scope", "search");
- Response response = requestAuthorizationCode(authForm, userAuthHeader);
- URI redirectUri = response.getLocation();
+ return target().path(API_VERSION_V1_0).path("oauth2").path("authorize")
+ .request().header(Attributes.AUTHORIZATION, authHeader)
+ .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+ .header(HttpHeaders.CONTENT_TYPE,
+ ContentType.APPLICATION_FORM_URLENCODED)
+ .post(Entity.form(form));
+ }
+
+ private void testRequestTokenAuthorizationConfidential (URI redirectUri)
+ throws KustvaktException {
MultivaluedMap<String, String> params = UriComponent
.decodeQuery(redirectUri, true);
String code = params.get("code").get(0);
- response = requestTokenWithAuthorizationCodeAndForm(
+ Response response = requestTokenWithAuthorizationCodeAndForm(
confidentialClientId, clientSecret, code);
String entity = response.readEntity(String.class);
JsonNode node = JsonUtils.readTree(entity);