next release

apereo · Aug 3, 2022 · 61beea9 · 61beea9
1 parent c8fe0c1
commit 61beea9
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 3 deletions.
diff --git a/gradle.properties b/gradle.properties
@@ -2,7 +2,7 @@
 # Platform metadata for releases, POM generation, etc.
 #################################################
 group=org.apereo.cas
-version=6.4.6.6-SNAPSHOT
+version=6.4.6.6
 
 projectUrl=https://www.apereo.org/cas
 projectInceptionYear=2004

diff --git a/...rg/apereo/cas/support/oauth/web/endpoints/OAuth20CallbackAuthorizeEndpointController.java b/...rg/apereo/cas/support/oauth/web/endpoints/OAuth20CallbackAuthorizeEndpointController.java
@@ -2,6 +2,7 @@
 
 import org.apereo.cas.support.oauth.OAuth20Constants;
 import org.apereo.cas.support.oauth.authenticator.Authenticators;
+import org.apereo.cas.support.oauth.util.OAuth20Utils;
 
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
@@ -43,7 +44,17 @@ public OAuth20CallbackAuthorizeEndpointController(final OAuth20ConfigurationCont
     public ModelAndView handleRequest(final HttpServletRequest request, final HttpServletResponse response) {
         val callback = new OAuth20CallbackLogic();
         val context = new JEEContext(request, response);
-        val defaultUrl = context.getRequestParameter(OAuth20Constants.REDIRECT_URI).orElse(context.getFullRequestURL());
+        String defaultUrl = null;
+        val clientId = context.getRequestParameter(OAuth20Constants.CLIENT_ID);
+        val redirectUri = context.getRequestParameter(OAuth20Constants.REDIRECT_URI);
+        if (clientId.isPresent() && redirectUri.isPresent()) {
+            val servicesManager = getConfigurationContext().getServicesManager();
+            val serviceClient = OAuth20Utils.getRegisteredOAuthServiceByClientId(servicesManager, clientId.get());
+            val serviceRedirectUri = OAuth20Utils.getRegisteredOAuthServiceByRedirectUri(servicesManager, redirectUri.get());
+            if (serviceClient != null && serviceClient.equals(serviceRedirectUri)) {
+                defaultUrl = redirectUri.get();
+            }
+        }
         callback.perform(context, getConfigurationContext().getSessionStore(),
             getConfigurationContext().getOauthConfig(), (object, ctx) -> Boolean.FALSE,
             defaultUrl, Boolean.FALSE, Authenticators.CAS_OAUTH_CLIENT);

diff --git a/...ereo/cas/support/oauth/web/endpoints/OAuth20CallbackAuthorizeEndpointControllerTests.java b/...ereo/cas/support/oauth/web/endpoints/OAuth20CallbackAuthorizeEndpointControllerTests.java
@@ -7,6 +7,7 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
+import org.pac4j.core.util.Pac4jConstants;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -30,6 +31,7 @@ public class OAuth20CallbackAuthorizeEndpointControllerTests extends AbstractOAu
     @BeforeEach
     public void initialize() {
         clearAllServices();
+        addRegisteredService();
     }
 
     @Test
@@ -50,6 +52,38 @@ public void verifyOperationWithoutRedirectUri() {
         val response = new MockHttpServletResponse();
         val view = callbackAuthorizeController.handleRequest(request, response);
         assertNotNull(view);
-        assertEquals("http://localhost", ((RedirectView) view.getView()).getUrl());
+        assertEquals(Pac4jConstants.DEFAULT_URL_VALUE, ((RedirectView) view.getView()).getUrl());
+    }
+
+    @Test
+    public void verifyOperationWithoutClientId() {
+        val request = new MockHttpServletRequest();
+        request.addParameter(OAuth20Constants.REDIRECT_URI, REDIRECT_URI);
+        val response = new MockHttpServletResponse();
+        val view = callbackAuthorizeController.handleRequest(request, response);
+        assertNotNull(view);
+        assertEquals(Pac4jConstants.DEFAULT_URL_VALUE, ((RedirectView) view.getView()).getUrl());
+    }
+
+    @Test
+    public void verifyOperationBadClientId() {
+        val request = new MockHttpServletRequest();
+        request.addParameter(OAuth20Constants.CLIENT_ID, "badClientId");
+        request.addParameter(OAuth20Constants.REDIRECT_URI, REDIRECT_URI);
+        val response = new MockHttpServletResponse();
+        val view = callbackAuthorizeController.handleRequest(request, response);
+        assertNotNull(view);
+        assertEquals(Pac4jConstants.DEFAULT_URL_VALUE, ((RedirectView) view.getView()).getUrl());
+    }
+
+    @Test
+    public void verifyOperationBadRedirectUri() {
+        val request = new MockHttpServletRequest();
+        request.addParameter(OAuth20Constants.CLIENT_ID, CLIENT_ID);
+        request.addParameter(OAuth20Constants.REDIRECT_URI, "http://badredirecturi");
+        val response = new MockHttpServletResponse();
+        val view = callbackAuthorizeController.handleRequest(request, response);
+        assertNotNull(view);
+        assertEquals(Pac4jConstants.DEFAULT_URL_VALUE, ((RedirectView) view.getView()).getUrl());
     }
 }