This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-oauth-client.git
The following commit(s) were added to refs/heads/master by this push:
new c467b0e chore: remove unused OAuthStateManager (#23)
c467b0e is described below
commit c467b0ed44c48b46a9844970d25b6fb3012649e3
Author: Robert Munteanu <[email protected]>
AuthorDate: Wed Jun 18 16:46:11 2025 +0200
chore: remove unused OAuthStateManager (#23)
---
.../oauth_client/impl/CryptoOAuthStateManager.java | 79 ----------------------
.../oauth_client/impl/OAuthCallbackServlet.java | 8 +--
.../auth/oauth_client/impl/OAuthCookieValue.java | 2 +
.../oauth_client/impl/OAuthEntryPointServlet.java | 2 +-
.../auth/oauth_client/impl/OAuthStateManager.java | 37 ----------
.../impl/OidcAuthenticationHandler.java | 4 +-
.../auth/oauth_client/impl/RedirectHelper.java | 4 +-
.../auth/oauth_client/AuthorizationCodeFlowIT.java | 4 +-
.../impl/CryptoOAuthCookieValueManagerTest.java | 51 --------------
.../impl/OAuthCallbackServletTest.java | 12 ++--
.../impl/OidcAuthenticationHandlerTest.java | 18 ++---
.../oauth_client/impl/StubOAuthStateManager.java | 39 -----------
12 files changed, 27 insertions(+), 233 deletions(-)
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/CryptoOAuthStateManager.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/CryptoOAuthStateManager.java
deleted file mode 100644
index 1077502..0000000
---
a/src/main/java/org/apache/sling/auth/oauth_client/impl/CryptoOAuthStateManager.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sling.auth.oauth_client.impl;
-
-import java.util.Optional;
-
-import com.nimbusds.oauth2.sdk.id.State;
-import org.apache.sling.commons.crypto.CryptoService;
-import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
-import org.osgi.service.component.annotations.Activate;
-import org.osgi.service.component.annotations.Component;
-import org.osgi.service.component.annotations.Reference;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-@Component(
- service = OAuthStateManager.class,
- property = {"service.ranking:Integer=10"})
-public class CryptoOAuthStateManager implements OAuthStateManager {
-
- private static final Logger logger =
LoggerFactory.getLogger(CryptoOAuthStateManager.class);
- private final CryptoService cryptoService;
-
- @Activate
- public CryptoOAuthStateManager(@Reference CryptoService cryptoService) {
- this.cryptoService = cryptoService;
- }
-
- @Override
- public @NotNull State toNimbusState(@NotNull OAuthCookieValue state) {
-
- // Generate and encrypt state
- String rawState = state.perRequestKey() + "|" + state.connectionName();
- if (state.redirect() != null) {
- rawState += "|" + state.redirect();
- }
-
- return new State(cryptoService.encrypt(rawState));
- }
-
- @Override
- public @NotNull Optional<OAuthCookieValue> toOAuthState(@Nullable State
state) {
-
- if (state == null) return Optional.empty();
-
- try {
- String encrypted = state.getValue();
-
- String rawState = cryptoService.decrypt(encrypted);
-
- String[] parts = rawState.split("\\|");
- if (parts.length == 2) return Optional.of(new
OAuthCookieValue(parts[0], parts[1], null));
- else if (parts.length == 3) return Optional.of(new
OAuthCookieValue(parts[0], parts[1], parts[2]));
-
- logger.warn("Decoded state token does not contain the expected
number of parts");
- return Optional.empty();
- } catch (RuntimeException e) {
- logger.warn("Failed to decode state token", e);
- return Optional.empty();
- }
- }
-}
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthCallbackServlet.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthCallbackServlet.java
index 6a83037..579e48a 100644
---
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthCallbackServlet.java
+++
b/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthCallbackServlet.java
@@ -79,7 +79,6 @@ public class OAuthCallbackServlet extends
SlingAllMethodsServlet {
private final Map<String, ClientConnection> connections;
private final OAuthTokenStore tokenStore;
- private final OAuthStateManager stateManager;
private final CryptoService cryptoService;
static String getCallbackUri(HttpServletRequest request) {
@@ -110,11 +109,9 @@ public class OAuthCallbackServlet extends
SlingAllMethodsServlet {
public OAuthCallbackServlet(
@Reference(policyOption = GREEDY) List<ClientConnection>
connections,
@Reference OAuthTokenStore tokenStore,
- @Reference OAuthStateManager stateManager,
@Reference CryptoService cryptoService) {
this.connections =
connections.stream().collect(Collectors.toMap(ClientConnection::name,
Function.identity()));
this.tokenStore = tokenStore;
- this.stateManager = stateManager;
this.cryptoService = cryptoService;
}
@@ -123,11 +120,10 @@ public class OAuthCallbackServlet extends
SlingAllMethodsServlet {
throws ServletException {
// Retrieve the cookie with persisted data for oauth
- Cookie stateCookie =
request.getCookie(OAuthStateManager.COOKIE_NAME_REQUEST_KEY);
+ Cookie stateCookie =
request.getCookie(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY);
if (stateCookie == null) {
logger.debug(
- "Failed state check: No request cookie named '{}' found",
- OAuthStateManager.COOKIE_NAME_REQUEST_KEY);
+ "Failed state check: No request cookie named '{}' found",
OAuthCookieValue.COOKIE_NAME_REQUEST_KEY);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
return;
}
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthCookieValue.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthCookieValue.java
index 3f67f44..c45ec64 100644
---
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthCookieValue.java
+++
b/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthCookieValue.java
@@ -29,6 +29,8 @@ import org.slf4j.LoggerFactory;
public class OAuthCookieValue {
+ public static final String COOKIE_NAME_REQUEST_KEY =
"sling.oauth-request-key";
+
private final @NotNull String perRequestKey;
private final @NotNull String connectionName;
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthEntryPointServlet.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthEntryPointServlet.java
index 94e617b..c5270f9 100644
---
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthEntryPointServlet.java
+++
b/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthEntryPointServlet.java
@@ -109,7 +109,7 @@ public class OAuthEntryPointServlet extends
SlingAllMethodsServlet {
ResolvedConnection conn = ResolvedOAuthConnection.resolve(connection);
// TODO: Should we redirect to the target url when redirect is null?
- String redirect =
request.getParameter(OAuthStateManager.PARAMETER_NAME_REDIRECT);
+ String redirect =
request.getParameter(RedirectHelper.PARAMETER_NAME_REDIRECT);
String perRequestKey = new Identifier().getValue();
OAuthCookieValue oAuthCookieValue = new
OAuthCookieValue(perRequestKey, connection.name(), redirect);
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthStateManager.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthStateManager.java
deleted file mode 100644
index 65e5775..0000000
---
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OAuthStateManager.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sling.auth.oauth_client.impl;
-
-import java.util.Optional;
-
-import com.nimbusds.oauth2.sdk.id.State;
-import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
-
-public interface OAuthStateManager {
-
- String PARAMETER_NAME_REDIRECT = "redirect";
- String COOKIE_NAME_REQUEST_KEY = "sling.oauth-request-key";
-
- @NotNull
- State toNimbusState(@NotNull OAuthCookieValue state);
-
- @NotNull
- Optional<OAuthCookieValue> toOAuthState(@Nullable State state);
-}
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OidcAuthenticationHandler.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/OidcAuthenticationHandler.java
index 86173e6..f97bf6a 100644
---
a/src/main/java/org/apache/sling/auth/oauth_client/impl/OidcAuthenticationHandler.java
+++
b/src/main/java/org/apache/sling/auth/oauth_client/impl/OidcAuthenticationHandler.java
@@ -209,7 +209,7 @@ public class OidcAuthenticationHandler extends
DefaultAuthenticationFeedbackHand
return null;
}
authCode = extractAuthCode(authResponse);
- oauthCookie = extractCookie(request,
OAuthStateManager.COOKIE_NAME_REQUEST_KEY);
+ oauthCookie = extractCookie(request,
OAuthCookieValue.COOKIE_NAME_REQUEST_KEY);
OAuthCookieValue oAuthCookieValue = new
OAuthCookieValue(oauthCookie.getValue(), cryptoService);
// Set the redirect Attribute to the original redirect URI
@@ -555,7 +555,7 @@ public class OidcAuthenticationHandler extends
DefaultAuthenticationFeedbackHand
}
private void deleteAuthenticationCookies(@NotNull String requestUri,
@NotNull HttpServletResponse response) {
- deleteCookie(requestUri, response,
OAuthStateManager.COOKIE_NAME_REQUEST_KEY);
+ deleteCookie(requestUri, response,
OAuthCookieValue.COOKIE_NAME_REQUEST_KEY);
}
private void deleteCookie(
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/RedirectHelper.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/RedirectHelper.java
index 525d34c..48bd3b8 100644
--- a/src/main/java/org/apache/sling/auth/oauth_client/impl/RedirectHelper.java
+++ b/src/main/java/org/apache/sling/auth/oauth_client/impl/RedirectHelper.java
@@ -39,6 +39,8 @@ import org.slf4j.LoggerFactory;
class RedirectHelper {
+ static final String PARAMETER_NAME_REDIRECT = "redirect";
+
// We don't want leave the cookie lying around for a long time because it
is not needed.
// At the same time, some OAuth user authentication flows take a long time
due to
// consent, account selection, 2FA, etc. so we cannot make this too short.
@@ -60,7 +62,7 @@ class RedirectHelper {
// Set the cookie with state, connection name, redirect uri, nonce and
codeverifier
Cookie requestKeyCookie = buildCookie(
- path, OAuthStateManager.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(oAuthCookieValue.getValue()));
+ path, OAuthCookieValue.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(oAuthCookieValue.getValue()));
// We build th redirect url to be sent to the browser
URI authorizationEndpointUri =
URI.create(conn.authorizationEndpoint());
diff --git
a/src/test/java/org/apache/sling/auth/oauth_client/AuthorizationCodeFlowIT.java
b/src/test/java/org/apache/sling/auth/oauth_client/AuthorizationCodeFlowIT.java
index 16e7eea..1b3d4af 100644
---
a/src/test/java/org/apache/sling/auth/oauth_client/AuthorizationCodeFlowIT.java
+++
b/src/test/java/org/apache/sling/auth/oauth_client/AuthorizationCodeFlowIT.java
@@ -55,7 +55,7 @@ import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicNameValuePair;
import org.apache.sling.auth.oauth_client.impl.JcrUserHomeOAuthTokenStore;
import org.apache.sling.auth.oauth_client.impl.OAuthConnectionImpl;
-import org.apache.sling.auth.oauth_client.impl.OAuthStateManager;
+import org.apache.sling.auth.oauth_client.impl.OAuthCookieValue;
import org.apache.sling.auth.oauth_client.impl.OidcConnectionImpl;
import org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl;
import org.apache.sling.auth.oauth_client.itbundle.SupportBundle;
@@ -493,7 +493,7 @@ class AuthorizationCodeFlowIT {
// Assert that cookies are set
assertTrue(cookies.stream()
- .filter(cookie ->
OAuthStateManager.COOKIE_NAME_REQUEST_KEY.equals(cookie.getName()))
+ .filter(cookie ->
OAuthCookieValue.COOKIE_NAME_REQUEST_KEY.equals(cookie.getName()))
.findFirst()
.isPresent());
// load login form from keycloak
diff --git
a/src/test/java/org/apache/sling/auth/oauth_client/impl/CryptoOAuthCookieValueManagerTest.java
b/src/test/java/org/apache/sling/auth/oauth_client/impl/CryptoOAuthCookieValueManagerTest.java
deleted file mode 100644
index 0299f98..0000000
---
a/src/test/java/org/apache/sling/auth/oauth_client/impl/CryptoOAuthCookieValueManagerTest.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sling.auth.oauth_client.impl;
-
-import java.util.stream.Stream;
-
-import com.nimbusds.oauth2.sdk.id.State;
-import org.junit.jupiter.params.ParameterizedTest;
-import org.junit.jupiter.params.provider.MethodSource;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-class CryptoOAuthCookieValueManagerTest {
-
- static Stream<OAuthCookieValue> states() {
- return Stream.of(new OAuthCookieValue("key1", "conn1", "redir1"), new
OAuthCookieValue("key2", "conn2", null));
- }
-
- @ParameterizedTest
- @MethodSource("states")
- void encryptAndDecryptSymmetry(OAuthCookieValue state) {
-
- CryptoOAuthStateManager manager = new CryptoOAuthStateManager(new
StubCryptoService());
-
- State nimbusState = manager.toNimbusState(state);
-
- assertThat(nimbusState.getValue())
- .as("generated Nimbus state")
- .doesNotContain(state.connectionName())
- .doesNotContain(state.redirect() != null ? state.redirect() :
"null") // workaround for null redirects
- .isNotBlank();
-
- assertThat(manager.toOAuthState(nimbusState)).as("decoded OAuth
state").contains(state);
- }
-}
diff --git
a/src/test/java/org/apache/sling/auth/oauth_client/impl/OAuthCallbackServletTest.java
b/src/test/java/org/apache/sling/auth/oauth_client/impl/OAuthCallbackServletTest.java
index 26d455f..334dc20 100644
---
a/src/test/java/org/apache/sling/auth/oauth_client/impl/OAuthCallbackServletTest.java
+++
b/src/test/java/org/apache/sling/auth/oauth_client/impl/OAuthCallbackServletTest.java
@@ -86,7 +86,7 @@ class OAuthCallbackServletTest {
tokenStore = new InMemoryOAuthTokenStore();
cryptoService = new StubCryptoService();
- servlet = new OAuthCallbackServlet(connections, tokenStore, new
StubOAuthStateManager(), cryptoService);
+ servlet = new OAuthCallbackServlet(connections, tokenStore,
cryptoService);
}
@AfterEach
@@ -132,7 +132,7 @@ class OAuthCallbackServletTest {
context.request().setQueryString(format("code=foo&state=bar"));
context.request()
- .addCookie(new
Cookie(OAuthStateManager.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
+ .addCookie(new
Cookie(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
OAuthCallbackException thrown = assertThrowsExactly(
OAuthCallbackException.class, () ->
servlet.service(context.request(), context.response()));
@@ -146,7 +146,7 @@ class OAuthCallbackServletTest {
context.request().setQueryString(format("error=access_denied&state=%s", "bar"));
context.request()
- .addCookie(new
Cookie(OAuthStateManager.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
+ .addCookie(new
Cookie(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
OAuthCallbackException thrown = assertThrowsExactly(
OAuthCallbackException.class, () ->
servlet.service(context.request(), context.response()));
@@ -162,7 +162,7 @@ class OAuthCallbackServletTest {
context.request().setQueryString(format("code=foo&state=%s", "bar"));
context.request()
- .addCookie(new
Cookie(OAuthStateManager.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
+ .addCookie(new
Cookie(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
OAuthCallbackException thrown = assertThrowsExactly(
OAuthCallbackException.class, () ->
servlet.service(context.request(), context.response()));
@@ -185,7 +185,7 @@ class OAuthCallbackServletTest {
context.request().setQueryString(format("code=foo&state=%s", "bar"));
context.request()
- .addCookie(new
Cookie(OAuthStateManager.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
+ .addCookie(new
Cookie(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
OAuthCallbackException thrown = assertThrowsExactly(
OAuthCallbackException.class, () ->
servlet.service(context.request(), context.response()));
@@ -215,7 +215,7 @@ class OAuthCallbackServletTest {
context.request().setQueryString(format("code=foo&state=%s", state));
context.request()
- .addCookie(new
Cookie(OAuthStateManager.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
+ .addCookie(new
Cookie(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY,
cryptoService.encrypt(cookieValue)));
servlet.service(context.request(), context.response());
diff --git
a/src/test/java/org/apache/sling/auth/oauth_client/impl/OidcAuthenticationHandlerTest.java
b/src/test/java/org/apache/sling/auth/oauth_client/impl/OidcAuthenticationHandlerTest.java
index 0d7772a..282ddaf 100644
---
a/src/test/java/org/apache/sling/auth/oauth_client/impl/OidcAuthenticationHandlerTest.java
+++
b/src/test/java/org/apache/sling/auth/oauth_client/impl/OidcAuthenticationHandlerTest.java
@@ -187,14 +187,14 @@ class OidcAuthenticationHandlerTest {
assertEquals(
String.format(
"Failed state check: No request cookie named %s found",
- OAuthStateManager.COOKIE_NAME_REQUEST_KEY),
+ OAuthCookieValue.COOKIE_NAME_REQUEST_KEY),
exception.getMessage());
}
@Test
void extractCredentialsWithNonMatchingState() {
Cookie stateCookie = mock(Cookie.class);
-
when(stateCookie.getName()).thenReturn(OAuthStateManager.COOKIE_NAME_REQUEST_KEY);
+
when(stateCookie.getName()).thenReturn(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY);
when(stateCookie.getValue()).thenReturn(cryptoService.encrypt("non-matchpart1|mock-oidc-param|redirect|nonce"));
when(request.getCookies()).thenReturn(new Cookie[] {stateCookie});
@@ -209,7 +209,7 @@ class OidcAuthenticationHandlerTest {
void extractCredentialsWithMatchingStateWithInvalidConnection() {
when(request.getQueryString()).thenReturn("code=authorizationCode&state=part1&nonce=nonce");
Cookie stateCookie = mock(Cookie.class);
-
when(stateCookie.getName()).thenReturn(OAuthStateManager.COOKIE_NAME_REQUEST_KEY);
+
when(stateCookie.getName()).thenReturn(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY);
when(stateCookie.getValue())
.thenReturn(cryptoService.encrypt(
"part1|invalid-connection|redirect|nonce|0123456789012345678901234567890123456789123"));
@@ -442,7 +442,7 @@ class OidcAuthenticationHandlerTest {
when(config.userInfoEnabled()).thenReturn(true);
Cookie stateCookie = mock(Cookie.class);
-
when(stateCookie.getName()).thenReturn(OAuthStateManager.COOKIE_NAME_REQUEST_KEY);
+
when(stateCookie.getName()).thenReturn(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY);
when(stateCookie.getValue()).thenReturn(cryptoService.encrypt("part1|mock-oidc-param|redirect|invalid-nonce"));
// Test with an id token signed by another key, and expired
@@ -466,7 +466,7 @@ class OidcAuthenticationHandlerTest {
when(config.pkceEnabled()).thenReturn(true);
Cookie stateCookie = mock(Cookie.class);
-
when(stateCookie.getName()).thenReturn(OAuthStateManager.COOKIE_NAME_REQUEST_KEY);
+
when(stateCookie.getName()).thenReturn(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY);
when(stateCookie.getValue())
.thenReturn(cryptoService.encrypt(
"part1|mock-oidc-param|redirect|nonce|12345678901234567890123456789012345678901234"));
@@ -753,7 +753,7 @@ class OidcAuthenticationHandlerTest {
private Cookie[] createMockCookies() {
Cookie stateCookie = mock(Cookie.class);
-
when(stateCookie.getName()).thenReturn(OAuthStateManager.COOKIE_NAME_REQUEST_KEY);
+
when(stateCookie.getName()).thenReturn(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY);
when(stateCookie.getValue())
.thenReturn(cryptoService.encrypt(
"part1|mock-oidc-param|redirect|nonce|0123456789012345678901234567890123456789123"));
@@ -874,7 +874,7 @@ class OidcAuthenticationHandlerTest {
createOidcAuthenticationHandler();
assertTrue(oidcAuthenticationHandler.requestCredentials(request,
mockResponse));
assertTrue(Arrays.stream(mockResponse.getCookies()).anyMatch(cookie ->
{
- if
(OAuthStateManager.COOKIE_NAME_REQUEST_KEY.equals(cookie.getName())) {
+ if
(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY.equals(cookie.getName())) {
OAuthCookieValue oauthCookieValue = new
OAuthCookieValue(cookie.getValue(), cryptoService);
// Verify that state is present in request and in cookie
@@ -932,7 +932,7 @@ class OidcAuthenticationHandlerTest {
createOidcAuthenticationHandler();
assertTrue(oidcAuthenticationHandler.requestCredentials(request,
mockResponse));
assertTrue(Arrays.stream(mockResponse.getCookies()).anyMatch(cookie ->
{
- if
(OAuthStateManager.COOKIE_NAME_REQUEST_KEY.equals(cookie.getName())) {
+ if
(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY.equals(cookie.getName())) {
String cookieValue = cryptoService.decrypt(cookie.getValue());
assertNotNull(cookieValue);
String[] cookieParts = cookieValue.split("\\|");
@@ -1049,7 +1049,7 @@ class OidcAuthenticationHandlerTest {
assertEquals(302, mockResponse.getStatus());
assertTrue(Arrays.stream(mockResponse.getCookies()).anyMatch(cookie ->
{
- if
(OAuthStateManager.COOKIE_NAME_REQUEST_KEY.equals(cookie.getName())) {
+ if
(OAuthCookieValue.COOKIE_NAME_REQUEST_KEY.equals(cookie.getName())) {
int maxAge = cookie.getMaxAge();
assertEquals(0, maxAge);
return true;
diff --git
a/src/test/java/org/apache/sling/auth/oauth_client/impl/StubOAuthStateManager.java
b/src/test/java/org/apache/sling/auth/oauth_client/impl/StubOAuthStateManager.java
deleted file mode 100644
index 0b1c942..0000000
---
a/src/test/java/org/apache/sling/auth/oauth_client/impl/StubOAuthStateManager.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sling.auth.oauth_client.impl;
-
-import org.apache.sling.commons.crypto.CryptoService;
-import org.jetbrains.annotations.NotNull;
-
-class StubOAuthStateManager extends CryptoOAuthStateManager {
-
- public StubOAuthStateManager() {
- super(new CryptoService() {
- @Override
- public @NotNull String encrypt(@NotNull String message) {
- return message;
- }
-
- @Override
- public @NotNull String decrypt(@NotNull String ciphertext) {
- return ciphertext;
- }
- });
- }
-}
