You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/09/16 12:21:08 UTC
[cxf] 02/09: Fixing OAuth scope test
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit df2f56d8a5d962ec921fe978a46a0314a05c8876
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Sep 11 01:08:19 2019 +0100
Fixing OAuth scope test
(cherry picked from commit 39e32c4a3cf4b6dd35dae7cfccf47e2f23b8d253)
---
.../cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java | 3 +--
.../jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java | 4 ++--
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index d6e16f2..e4af350 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -396,8 +396,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
approvedScope.add(rScope);
}
}
- if (!requestedScope.containsAll(approvedScope)
- || !OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
+ if (!OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
partialMatchScopeValidation)) {
return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
index 8bbb662..5b70662 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
@@ -212,13 +212,13 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
client.type("application/json").accept("application/json");
client.query("client_id", "consumer-id");
client.query("response_type", "code");
- client.query("redirect_uri", "http://www.blah.bad.apache.org");
+ client.query("redirect_uri", "http://www.blah.apache.org");
client.query("scope", "unknown-scope");
client.path("authorize/");
// No redirect URI
Response response = client.get();
- assertEquals(400, response.getStatus());
+ assertEquals(303, response.getStatus());
}
// Send the authorization code twice to get an access token