Fixed admin clean token API and restrict plugins to confidential only.

Change-Id: Ied9db0db51a013a1b8b28899c64a7dc74ec64611

full/Changes

@@ -20,6 +20,9 @@
 2022-06-03 
  - Implemented searching option using a network endpoint
  - Implemented initial super client registration for user authentication.
+ - Fixed admin clean token API and restrict plugins to confidential only.
+
+
 
 # version 0.67.1
 

full/src/main/java/de/ids_mannheim/korap/oauth2/dao/OAuth2ClientDao.java

@@ -72,8 +72,14 @@ public void registerClient (String id, String secretHashcode, String name,
         client.setRegisteredBy(registeredBy);
         client.setRegistrationDate(ZonedDateTime.now());
         client.setDescription(description);
-        if (source !=null && !source.isNull()) {
-            client.setSource(source.toString());
+        if (source != null && !source.isNull()) {
+            if (type.equals(OAuth2ClientType.CONFIDENTIAL)) {
+                client.setSource(source.toString());
+            }
+            else {
+                throw new KustvaktException(StatusCodes.NOT_SUPPORTED,
+                        "Only confidential plugins are supported.");
+            }
         }
         else {
             client.setPermitted(true);

full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java

@@ -2,6 +2,7 @@
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.FormParam;
+import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.Context;
@@ -35,6 +36,7 @@ public class OAuth2AdminController {
     @Autowired
     private OAuth2ResponseHandler responseHandler;
 
+    @GET
     @Path("token/clean")
     public Response cleanExpiredInvalidToken (
             @Context SecurityContext securityContext) {

full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java

@@ -86,13 +86,17 @@ public void testRegisterPublicPlugin () throws KustvaktException {
         json.setSource(source);
 
         ClientResponse response = registerClient(username, json);
-        assertEquals(Status.OK.getStatusCode(), response.getStatus());
         JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
 
-        String clientId = node.at("/client_id").asText(); 
-        assertTrue(node.at("/client_secret").isMissingNode());
+        assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+        assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
+        assertFalse(node.at("/error_description").isMissingNode());
 
-        deregisterClient(username, clientId);
+//        assertEquals(Status.OK.getStatusCode(), response.getStatus());
+//        String clientId = node.at("/client_id").asText(); 
+//        assertTrue(node.at("/client_secret").isMissingNode());
+//        
+//        deregisterClient(username, clientId);
     }
 
     private void testRetrievePluginInfo (String clientId,