From 7dc7710868070d13fb8c27d16ff3b149707adfb6 Mon Sep 17 00:00:00 2001 From: Sergio del Amo Date: Wed, 2 Oct 2024 13:28:20 +0200 Subject: [PATCH] fix: support deprecated config micronaut.security.oauth2.clients.*.token.auth-method (#1818) support deprecated config `micronaut.security.oauth2.clients.*.token.auth-method` and new `micronaut.security.oauth2.clients.*.token.authentication-method` options. Close: https://github.com/micronaut-projects/micronaut-security/issues/1808 --- gradle/libs.versions.toml | 2 +- .../DefaultSecureEndpointConfiguration.java | 6 ++ .../OauthClientConfigurationTest.java | 55 +++++++++++++++++++ 3 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 security-oauth2/src/test/java/io/micronaut/security/oauth2/configuration/OauthClientConfigurationTest.java diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 9e7efa79bf..e6a8794c85 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -3,7 +3,7 @@ managed-nimbus-jose-jwt = "9.40" managed-jjwt = "0.12.6" micronaut = "4.6.5" -micronaut-platform = "4.5.1" +micronaut-platform = "4.6.2" micronaut-docs = "2.0.0" geb = "7.0" diff --git a/security-oauth2/src/main/java/io/micronaut/security/oauth2/configuration/endpoints/DefaultSecureEndpointConfiguration.java b/security-oauth2/src/main/java/io/micronaut/security/oauth2/configuration/endpoints/DefaultSecureEndpointConfiguration.java index 4b040f26b6..f76bee420b 100644 --- a/security-oauth2/src/main/java/io/micronaut/security/oauth2/configuration/endpoints/DefaultSecureEndpointConfiguration.java +++ b/security-oauth2/src/main/java/io/micronaut/security/oauth2/configuration/endpoints/DefaultSecureEndpointConfiguration.java @@ -53,6 +53,7 @@ public Optional getAuthMethod() { @Deprecated(forRemoval = true) public void setAuthMethod(@NonNull AuthenticationMethod authMethod) { this.authMethod = authMethod; + this.authenticationMethod = authMethod.toString(); } @Override @@ -65,6 +66,11 @@ public Optional getAuthenticationMethod() { * @param authenticationMethod Authentication Method */ public void setAuthenticationMethod(String authenticationMethod) { + try { + this.authMethod = AuthenticationMethod.valueOf(authenticationMethod.toUpperCase()); + } catch (IllegalArgumentException e) { + // don't crash for non-existing enum options + } this.authenticationMethod = authenticationMethod; } } diff --git a/security-oauth2/src/test/java/io/micronaut/security/oauth2/configuration/OauthClientConfigurationTest.java b/security-oauth2/src/test/java/io/micronaut/security/oauth2/configuration/OauthClientConfigurationTest.java new file mode 100644 index 0000000000..6f22171560 --- /dev/null +++ b/security-oauth2/src/test/java/io/micronaut/security/oauth2/configuration/OauthClientConfigurationTest.java @@ -0,0 +1,55 @@ +package io.micronaut.security.oauth2.configuration; + +import io.micronaut.context.annotation.Property; +import io.micronaut.security.oauth2.configuration.endpoints.SecureEndpointConfiguration; +import io.micronaut.security.oauth2.endpoint.AuthenticationMethod; +import io.micronaut.test.extensions.junit5.annotation.MicronautTest; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.*; + +@Property(name = "micronaut.security.oauth2.clients.stravaold.scopes", value = "read") +@Property(name = "micronaut.security.oauth2.clients.stravaold.authorization.url", value = "https://www.strava.com/oauth/authorize") +@Property(name = "micronaut.security.oauth2.clients.stravaold.token.url", value = "https://www.strava.com/oauth/token") +@Property(name = "micronaut.security.oauth2.clients.stravaold.token.auth-method", value = "client_secret_post") +@Property(name = "micronaut.security.oauth2.clients.stravaold.client-id", value = "xxx") +@Property(name = "micronaut.security.oauth2.clients.stravaold.client-secret", value = "yyy") +@Property(name = "micronaut.security.oauth2.clients.stravanew.scopes", value = "read") +@Property(name = "micronaut.security.oauth2.clients.stravanew.authorization.url", value = "https://www.strava.com/oauth/authorize") +@Property(name = "micronaut.security.oauth2.clients.stravanew.token.url", value = "https://www.strava.com/oauth/token") +@Property(name = "micronaut.security.oauth2.clients.stravanew.token.authentication-method", value = "client_secret_post") +@Property(name = "micronaut.security.oauth2.clients.stravanew.client-id", value = "xxx") +@Property(name = "micronaut.security.oauth2.clients.stravanew.client-secret", value = "yyy") +@MicronautTest(startApplication = false) +class OauthClientConfigurationTest { + + @Inject + @Named("stravaold") + OauthClientConfiguration stravaOldConfiguration; + + @Inject + @Named("stravanew") + OauthClientConfiguration stravaNewConfiguration; + + + @Test + void deprecatedAuthMethodConfigurationIsStillSupported() { + assertTrue(stravaOldConfiguration.getToken().isPresent()); + SecureEndpointConfiguration tokenEndpoint = stravaOldConfiguration.getToken().get(); + assertTrue(tokenEndpoint.getAuthenticationMethod().isPresent()); + assertEquals("client_secret_post", tokenEndpoint.getAuthenticationMethod().get()); + assertTrue(tokenEndpoint.getAuthMethod().isPresent()); + assertEquals(AuthenticationMethod.CLIENT_SECRET_POST, tokenEndpoint.getAuthMethod().get()); + + assertTrue(stravaNewConfiguration.getToken().isPresent()); + SecureEndpointConfiguration tokenNewEndpoint = stravaNewConfiguration.getToken().get(); + assertTrue(tokenNewEndpoint.getAuthenticationMethod().isPresent()); + assertEquals("client_secret_post", tokenNewEndpoint.getAuthenticationMethod().get()); + assertTrue(tokenNewEndpoint.getAuthMethod().isPresent()); + assertEquals(AuthenticationMethod.CLIENT_SECRET_POST, tokenNewEndpoint.getAuthMethod().get()); + + } + +} \ No newline at end of file