You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/09/16 13:30:38 UTC
[cxf] 02/03: Fixing OAuth scope test
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit e286615b8caa4778609746f930c033ec2a270f0b
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Sep 11 01:08:19 2019 +0100
Fixing OAuth scope test
(cherry picked from commit 39e32c4a3cf4b6dd35dae7cfccf47e2f23b8d253)
(cherry picked from commit df2f56d8a5d962ec921fe978a46a0314a05c8876)
---
.../cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java | 3 +--
.../jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java | 4 ++--
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 90c3285..0aa14b7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -396,8 +396,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
approvedScope.add(rScope);
}
}
- if (!requestedScope.containsAll(approvedScope)
- || !OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
+ if (!OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
partialMatchScopeValidation)) {
return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
index 752071e..d95dffe 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
@@ -217,13 +217,13 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
client.type("application/json").accept("application/json");
client.query("client_id", "consumer-id");
client.query("response_type", "code");
- client.query("redirect_uri", "http://www.blah.bad.apache.org");
+ client.query("redirect_uri", "http://www.blah.apache.org");
client.query("scope", "unknown-scope");
client.path("authorize/");
// No redirect URI
Response response = client.get();
- assertEquals(400, response.getStatus());
+ assertEquals(303, response.getStatus());
}
// Send the authorization code twice to get an access token