stable

Clone or download

Read-only

Authorization code of not active project cannot be used

Authorization codes of apps in a not active project can not be used anymore. While in the case of the authorization code it is not that important due to the short validity in time, the same restriction will be applied to the access tokens and to the future refresh tokens se everything should be consistent. Test scenario: 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_d>&scope=demo&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Quickly suspend the project 4. Try to exchange the authorization code for an access token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token This is part of story #14542: have OAuth2 flow Change-Id: I615160eab1c1208d2c87235059ea82406bdd14be

Modified Files

Name
M plugins/oauth2_server/db/install.sql +3 −1 Go to diff View file
A plugins/oauth2_server/db/mysql/2020/202003131445_add_app_id_column_oauth2_auth_code.php +52 −0 Go to diff View file
M plugins/oauth2_server/include/AuthorizationServer/AuthorizationCodeResponseFactory.php +3 −1 Go to diff View file
M plugins/oauth2_server/include/AuthorizationServer/AuthorizationEndpointGetController.php +1 −1 Go to diff View file
M plugins/oauth2_server/include/AuthorizationServer/AuthorizationEndpointPostController.php +27 −9 Go to diff View file
M plugins/oauth2_server/include/AuthorizationServer/AuthorizationFormPresenter.php +4 −3 Go to diff View file
M plugins/oauth2_server/include/Grant/AuthorizationCode/OAuth2AuthorizationCodeCreator.php +3 −1 Go to diff View file
M plugins/oauth2_server/include/Grant/AuthorizationCode/OAuth2AuthorizationCodeDAO.php +7 −2 Go to diff View file
M plugins/oauth2_server/include/oauth2_serverPlugin.php +1 −0 Go to diff View file
M plugins/oauth2_server/phpunit/AuthorizationServer/AuthorizationCodeResponseFactoryTest.php +8 −0 Go to diff View file
M plugins/oauth2_server/phpunit/AuthorizationServer/AuthorizationEndpointPostControllerTest.php +49 −5 Go to diff View file
M plugins/oauth2_server/phpunit/Grant/AuthorizationCode/OAuth2AuthorizationCodeCreatorTest.php +11 −1 Go to diff View file
M plugins/oauth2_server/templates/authorization-form.mustache +1 −1 Go to diff View file
M plugins/oauth2_server/tests/integration/Grant/AuthorizationCode/OAuth2AuthorizationCodeDAOTest.php +78 −1 Go to diff View file