From 0fb32a052e22520f60ed8adb77360d4fd1612d65 Mon Sep 17 00:00:00 2001
From: Joe Grandja <jgrandja@pivotal.io>
Date: Tue, 24 Oct 2017 13:49:31 -0400
Subject: [PATCH] OAuth2LoginAuthenticationFilter processes uri /login/oauth2/*

Fixes gh-4687
---
 .../oauth2/client/OAuth2LoginConfigurer.java           |  7 ++++---
 .../config/oauth2/client/CommonOAuth2Provider.java     | 10 +++++-----
 .../oauth2/client/CommonOAuth2ProviderTests.java       | 10 +++++-----
 .../client/web/OAuth2LoginAuthenticationFilter.java    |  8 ++++----
 .../security/oauth2/client/web/TestUtil.java           |  2 +-
 .../security/samples/OAuth2LoginApplicationTests.java  |  2 +-
 6 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index f2ccda4e7e..aa0e960496 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -35,9 +35,9 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
-import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
+import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
 import org.springframework.security.oauth2.core.AccessToken;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestUriBuilder;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -65,14 +65,15 @@ import java.util.Map;
 public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends
 	AbstractAuthenticationFilterConfigurer<B, OAuth2LoginConfigurer<B>, OAuth2LoginAuthenticationFilter> {
 
-	private static final String DEFAULT_LOGIN_PROCESSING_URI = "/login/oauth2/authorize/code/*";
 	private final AuthorizationEndpointConfig authorizationEndpointConfig = new AuthorizationEndpointConfig();
 	private final TokenEndpointConfig tokenEndpointConfig = new TokenEndpointConfig();
 	private final RedirectionEndpointConfig redirectionEndpointConfig = new RedirectionEndpointConfig();
 	private final UserInfoEndpointConfig userInfoEndpointConfig = new UserInfoEndpointConfig();
 
 	public OAuth2LoginConfigurer() {
-		super(new OAuth2LoginAuthenticationFilter(DEFAULT_LOGIN_PROCESSING_URI), DEFAULT_LOGIN_PROCESSING_URI);
+		super(new OAuth2LoginAuthenticationFilter(
+			OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI),
+			OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
 	}
 
 	public OAuth2LoginConfigurer<B> clients(ClientRegistration... clientRegistrations) {
diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
index 74f1efb902..434d531380 100644
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java
@@ -36,7 +36,7 @@ public enum CommonOAuth2Provider {
 		@Override
 		public Builder getBuilder(String registrationId) {
 			ClientRegistration.Builder builder = getBuilder(registrationId,
-					ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
+					ClientAuthenticationMethod.BASIC, DEFAULT_LOGIN_REDIRECT_URL);
 			builder.scope("openid", "profile", "email", "address", "phone");
 			builder.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth");
 			builder.tokenUri("https://www.googleapis.com/oauth2/v4/token");
@@ -53,7 +53,7 @@ public enum CommonOAuth2Provider {
 		@Override
 		public Builder getBuilder(String registrationId) {
 			ClientRegistration.Builder builder = getBuilder(registrationId,
-					ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
+					ClientAuthenticationMethod.BASIC, DEFAULT_LOGIN_REDIRECT_URL);
 			builder.scope("user");
 			builder.authorizationUri("https://github.com/login/oauth/authorize");
 			builder.tokenUri("https://github.com/login/oauth/access_token");
@@ -69,7 +69,7 @@ public enum CommonOAuth2Provider {
 		@Override
 		public Builder getBuilder(String registrationId) {
 			ClientRegistration.Builder builder = getBuilder(registrationId,
-					ClientAuthenticationMethod.POST, DEFAULT_REDIRECT_URL);
+					ClientAuthenticationMethod.POST, DEFAULT_LOGIN_REDIRECT_URL);
 			builder.scope("public_profile", "email");
 			builder.authorizationUri("https://www.facebook.com/v2.8/dialog/oauth");
 			builder.tokenUri("https://graph.facebook.com/v2.8/oauth/access_token");
@@ -85,7 +85,7 @@ public enum CommonOAuth2Provider {
 		@Override
 		public Builder getBuilder(String registrationId) {
 			ClientRegistration.Builder builder = getBuilder(registrationId,
-					ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
+					ClientAuthenticationMethod.BASIC, DEFAULT_LOGIN_REDIRECT_URL);
 			builder.scope("openid", "profile", "email", "address", "phone");
 			builder.userNameAttributeName(IdTokenClaim.SUB);
 			builder.clientName("Okta");
@@ -93,7 +93,7 @@ public enum CommonOAuth2Provider {
 		}
 	};
 
-	private static final String DEFAULT_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/authorize/code/{registrationId}";
+	private static final String DEFAULT_LOGIN_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/{registrationId}";
 
 	protected final ClientRegistration.Builder getBuilder(String registrationId,
 															ClientAuthenticationMethod method, String redirectUri) {
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
index 51b9a972f1..49c59da0e8 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
@@ -31,7 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class CommonOAuth2ProviderTests {
 
-	private static final String DEFAULT_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/authorize/code/{registrationId}";
+	private static final String DEFAULT_LOGIN_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/login/oauth2/{registrationId}";
 
 	@Test
 	public void getBuilderWhenGoogleShouldHaveGoogleSettings() throws Exception {
@@ -51,7 +51,7 @@ public class CommonOAuth2ProviderTests {
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_LOGIN_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("openid", "profile", "email",
 			"address", "phone");
 		assertThat(registration.getClientName()).isEqualTo("Google");
@@ -75,7 +75,7 @@ public class CommonOAuth2ProviderTests {
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_LOGIN_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("user");
 		assertThat(registration.getClientName()).isEqualTo("GitHub");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");
@@ -98,7 +98,7 @@ public class CommonOAuth2ProviderTests {
 			.isEqualTo(ClientAuthenticationMethod.POST);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_LOGIN_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("public_profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Facebook");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");
@@ -123,7 +123,7 @@ public class CommonOAuth2ProviderTests {
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_LOGIN_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("openid", "profile", "email",
 			"address", "phone");
 		assertThat(registration.getClientName()).isEqualTo("Okta");
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
index f91789f4c7..ba16d541c7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
@@ -74,17 +74,17 @@ import java.io.IOException;
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
  */
 public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
-	public static final String DEFAULT_AUTHORIZATION_RESPONSE_BASE_URI = "/oauth2/authorize/code/*";
+	public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/oauth2/*";
 	private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
 	private ClientRegistrationRepository clientRegistrationRepository;
 	private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
 
 	public OAuth2LoginAuthenticationFilter() {
-		this(DEFAULT_AUTHORIZATION_RESPONSE_BASE_URI);
+		this(DEFAULT_FILTER_PROCESSES_URI);
 	}
 
-	public OAuth2LoginAuthenticationFilter(String authorizationResponseBaseUri) {
-		super(authorizationResponseBaseUri);
+	public OAuth2LoginAuthenticationFilter(String filterProcessesUrl) {
+		super(filterProcessesUrl);
 	}
 
 	@Override
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java
index 76b7f37b4e..942530f4d5 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/TestUtil.java
@@ -31,7 +31,7 @@ class TestUtil {
 	static final int DEFAULT_SERVER_PORT = 8080;
 	static final String DEFAULT_SERVER_URL = DEFAULT_SCHEME + "://" + DEFAULT_SERVER_NAME + ":" + DEFAULT_SERVER_PORT;
 	static final String AUTHORIZATION_BASE_URI = "/oauth2/authorization";
-	static final String AUTHORIZE_BASE_URI = "/oauth2/authorize/code";
+	static final String AUTHORIZE_BASE_URI = "/login/oauth2";
 	static final String GOOGLE_REGISTRATION_ID = "google";
 	static final String GITHUB_REGISTRATION_ID = "github";
 
diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java
index 924ac2c81c..8ee9ee84e9 100644
--- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java
+++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java
@@ -81,7 +81,7 @@ import static org.mockito.Mockito.when;
 @AutoConfigureMockMvc
 public class OAuth2LoginApplicationTests {
 	private static final String AUTHORIZATION_BASE_URI = "/oauth2/authorization";
-	private static final String AUTHORIZE_BASE_URL = "http://localhost:8080/login/oauth2/authorize/code";
+	private static final String AUTHORIZE_BASE_URL = "http://localhost:8080/login/oauth2";
 
 	@Autowired
 	private WebClient webClient;