From 9a5ca4d36715bbb9cb5df1b945c47f54688a2589 Mon Sep 17 00:00:00 2001 From: mposolda Date: Tue, 9 Jun 2015 15:58:13 +0200 Subject: [PATCH] Minor improve in error messages and tests --- .../oidc/endpoints/TokenEndpoint.java | 2 +- .../oidc/utils/AuthorizeClientUtil.java | 2 +- .../org/keycloak/testsuite/OAuthClient.java | 258 ++++++++++-------- ...urceOwnerPasswordCredentialsGrantTest.java | 22 ++ 4 files changed, 164 insertions(+), 120 deletions(-) diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java index 53c74c96b1..66d399592d 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java @@ -151,7 +151,7 @@ public class TokenEndpoint { if (legacyGrantType != null) { grantType = legacyGrantType; } else { - throw new ErrorResponseException("invalid_request", "Missing query parameter: " + OIDCLoginProtocol.GRANT_TYPE_PARAM, Response.Status.BAD_REQUEST); + throw new ErrorResponseException("invalid_request", "Missing form parameter: " + OIDCLoginProtocol.GRANT_TYPE_PARAM, Response.Status.BAD_REQUEST); } } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/utils/AuthorizeClientUtil.java b/services/src/main/java/org/keycloak/protocol/oidc/utils/AuthorizeClientUtil.java index a8a9e2a495..0626f1c015 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/utils/AuthorizeClientUtil.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/utils/AuthorizeClientUtil.java @@ -39,7 +39,7 @@ public class AuthorizeClientUtil { if (client_id == null) { Map error = new HashMap(); error.put(OAuth2Constants.ERROR, "invalid_client"); - error.put(OAuth2Constants.ERROR_DESCRIPTION, "Could not find client"); + error.put(OAuth2Constants.ERROR_DESCRIPTION, "Missing client_id parameter"); throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(error).type(MediaType.APPLICATION_JSON_TYPE).build()); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java index 4e4f57a030..2ad8e1be87 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java @@ -28,6 +28,7 @@ import org.apache.http.client.HttpClient; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.utils.URLEncodedUtils; +import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.message.BasicNameValuePair; import org.json.JSONObject; @@ -113,143 +114,164 @@ public class OAuthClient { } public AccessTokenResponse doAccessTokenRequest(String code, String password) { - HttpClient client = new DefaultHttpClient(); - HttpPost post = new HttpPost(getAccessTokenUrl()); - - List parameters = new LinkedList(); - parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.AUTHORIZATION_CODE)); - - if (code != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code)); - } - if (redirectUri != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, redirectUri)); - } - if (clientId != null && password != null) { - String authorization = BasicAuthHelper.createHeader(clientId, password); - post.setHeader("Authorization", authorization); - } - else if (clientId != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId)); - } - - if(clientSessionState != null) { - parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState)); - } - - if(clientSessionHost != null) { - parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost)); - } - - UrlEncodedFormEntity formEntity = null; + CloseableHttpClient client = new DefaultHttpClient(); try { - formEntity = new UrlEncodedFormEntity(parameters, "UTF-8"); - } catch (UnsupportedEncodingException e) { - throw new RuntimeException(e); - } - post.setEntity(formEntity); + HttpPost post = new HttpPost(getAccessTokenUrl()); - try { - return new AccessTokenResponse(client.execute(post)); - } catch (Exception e) { - throw new RuntimeException("Failed to retrieve access token", e); + List parameters = new LinkedList(); + parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.AUTHORIZATION_CODE)); + + if (code != null) { + parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code)); + } + if (redirectUri != null) { + parameters.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, redirectUri)); + } + if (clientId != null && password != null) { + String authorization = BasicAuthHelper.createHeader(clientId, password); + post.setHeader("Authorization", authorization); + } else if (clientId != null) { + parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId)); + } + + if (clientSessionState != null) { + parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState)); + } + + if (clientSessionHost != null) { + parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost)); + } + + UrlEncodedFormEntity formEntity = null; + try { + formEntity = new UrlEncodedFormEntity(parameters, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + post.setEntity(formEntity); + + try { + return new AccessTokenResponse(client.execute(post)); + } catch (Exception e) { + throw new RuntimeException("Failed to retrieve access token", e); + } + } finally { + closeClient(client); } } public AccessTokenResponse doGrantAccessTokenRequest(String clientSecret, String username, String password) throws Exception { - HttpClient client = new DefaultHttpClient(); - HttpPost post = new HttpPost(getResourceOwnerPasswordCredentialGrantUrl()); - - String authorization = BasicAuthHelper.createHeader(clientId, clientSecret); - post.setHeader("Authorization", authorization); - - List parameters = new LinkedList(); - parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD)); - parameters.add(new BasicNameValuePair("username", username)); - parameters.add(new BasicNameValuePair("password", password)); - - if(clientSessionState != null) { - parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState)); - } - if(clientSessionHost != null) { - parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost)); - } - - UrlEncodedFormEntity formEntity; + CloseableHttpClient client = new DefaultHttpClient(); try { - formEntity = new UrlEncodedFormEntity(parameters, "UTF-8"); - } catch (UnsupportedEncodingException e) { - throw new RuntimeException(e); - } - post.setEntity(formEntity); + HttpPost post = new HttpPost(getResourceOwnerPasswordCredentialGrantUrl()); - return new AccessTokenResponse(client.execute(post)); + String authorization = BasicAuthHelper.createHeader(clientId, clientSecret); + post.setHeader("Authorization", authorization); + + List parameters = new LinkedList(); + parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD)); + parameters.add(new BasicNameValuePair("username", username)); + parameters.add(new BasicNameValuePair("password", password)); + + if (clientSessionState != null) { + parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState)); + } + if (clientSessionHost != null) { + parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost)); + } + + UrlEncodedFormEntity formEntity; + try { + formEntity = new UrlEncodedFormEntity(parameters, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + post.setEntity(formEntity); + + return new AccessTokenResponse(client.execute(post)); + } finally { + closeClient(client); + } } public HttpResponse doLogout(String refreshToken, String clientSecret) throws IOException { - HttpClient client = new DefaultHttpClient(); - HttpPost post = new HttpPost(getLogoutUrl(null, null)); - - List parameters = new LinkedList(); - if (refreshToken != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken)); - } - if (clientId != null && clientSecret != null) { - String authorization = BasicAuthHelper.createHeader(clientId, clientSecret); - post.setHeader("Authorization", authorization); - } - else if (clientId != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId)); - } - - UrlEncodedFormEntity formEntity; + CloseableHttpClient client = new DefaultHttpClient(); try { - formEntity = new UrlEncodedFormEntity(parameters, "UTF-8"); - } catch (UnsupportedEncodingException e) { - throw new RuntimeException(e); - } - post.setEntity(formEntity); + HttpPost post = new HttpPost(getLogoutUrl(null, null)); - return client.execute(post); + List parameters = new LinkedList(); + if (refreshToken != null) { + parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken)); + } + if (clientId != null && clientSecret != null) { + String authorization = BasicAuthHelper.createHeader(clientId, clientSecret); + post.setHeader("Authorization", authorization); + } else if (clientId != null) { + parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId)); + } + + UrlEncodedFormEntity formEntity; + try { + formEntity = new UrlEncodedFormEntity(parameters, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + post.setEntity(formEntity); + + return client.execute(post); + } finally { + closeClient(client); + } } public AccessTokenResponse doRefreshTokenRequest(String refreshToken, String password) { - HttpClient client = new DefaultHttpClient(); - HttpPost post = new HttpPost(getRefreshTokenUrl()); - - List parameters = new LinkedList(); - parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN)); - - if (refreshToken != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken)); - } - if (clientId != null && password != null) { - String authorization = BasicAuthHelper.createHeader(clientId, password); - post.setHeader("Authorization", authorization); - } - else if (clientId != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId)); - } - - if(clientSessionState != null) { - parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState)); - } - if(clientSessionHost != null) { - parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost)); - } - - UrlEncodedFormEntity formEntity; + CloseableHttpClient client = new DefaultHttpClient(); try { - formEntity = new UrlEncodedFormEntity(parameters, "UTF-8"); - } catch (UnsupportedEncodingException e) { - throw new RuntimeException(e); - } - post.setEntity(formEntity); + HttpPost post = new HttpPost(getRefreshTokenUrl()); + List parameters = new LinkedList(); + parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN)); + + if (refreshToken != null) { + parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken)); + } + if (clientId != null && password != null) { + String authorization = BasicAuthHelper.createHeader(clientId, password); + post.setHeader("Authorization", authorization); + } else if (clientId != null) { + parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId)); + } + + if (clientSessionState != null) { + parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState)); + } + if (clientSessionHost != null) { + parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost)); + } + + UrlEncodedFormEntity formEntity; + try { + formEntity = new UrlEncodedFormEntity(parameters, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + post.setEntity(formEntity); + + try { + return new AccessTokenResponse(client.execute(post)); + } catch (Exception e) { + throw new RuntimeException("Failed to retrieve access token", e); + } + } finally { + closeClient(client); + } + } + + private void closeClient(CloseableHttpClient client) { try { - return new AccessTokenResponse(client.execute(post)); - } catch (Exception e) { - throw new RuntimeException("Failed to retrieve access token", e); + client.close(); + } catch (IOException ioe) { + throw new RuntimeException(ioe); } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java index cadeb9ed89..59ba8aabd7 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java @@ -1,6 +1,10 @@ package org.keycloak.testsuite.oauth; import org.apache.http.HttpResponse; +import org.apache.http.client.HttpClient; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.DefaultHttpClient; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; @@ -203,4 +207,22 @@ public class ResourceOwnerPasswordCredentialsGrantTest { .assertEvent(); } + @Test + public void grantAccessTokenMissingGrantType() throws Exception { + oauth.clientId("resource-owner"); + + DefaultHttpClient client = new DefaultHttpClient(); + try { + HttpPost post = new HttpPost(oauth.getResourceOwnerPasswordCredentialGrantUrl()); + OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(client.execute(post)); + + assertEquals(400, response.getStatusCode()); + + assertEquals("invalid_request", response.getError()); + assertEquals("Missing form parameter: grant_type", response.getErrorDescription()); + } finally { + client.close(); + } + } + }