Refactor

- Convert method returning Optional<T> but never returning "empty" to return T. [#160862761] https://www.pivotaltracker.com/story/show/160862761 Signed-off-by: Bruce Ricard <bricard@pivotal.io>
cloudfoundry · Oct 8, 2018 · b7b11c9 · b7b11c9
1 parent 9ca7f61
commit b7b11c9
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 36 deletions.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/util/TokenValidation.java b/server/src/main/java/org/cloudfoundry/identity/uaa/util/TokenValidation.java
@@ -12,6 +12,7 @@
  *******************************************************************************/
 package org.cloudfoundry.identity.uaa.util;
 
+import com.google.common.collect.Lists;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.cloudfoundry.identity.uaa.oauth.KeyInfo;
@@ -37,16 +38,9 @@
 import org.springframework.security.oauth2.provider.NoSuchClientException;
 import org.springframework.util.Assert;
 
+import javax.validation.constraints.NotNull;
 import java.time.Instant;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.Set;
+import java.util.*;
 import java.util.function.Function;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
@@ -55,14 +49,7 @@
 import static java.util.Optional.ofNullable;
 import static java.util.stream.Collectors.toList;
 import static org.cloudfoundry.identity.uaa.oauth.client.ClientConstants.REQUIRED_USER_GROUPS;
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.AUD;
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.CID;
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.CLIENT_ID;
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.EXP;
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.ISS;
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.JTI;
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.REVOCATION_SIGNATURE;
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.USER_ID;
+import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.*;
 import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.REFRESH_TOKEN_SUFFIX;
 import static org.cloudfoundry.identity.uaa.util.UaaTokenUtils.isUserToken;
 
@@ -94,7 +81,8 @@ public static TokenValidation buildIdTokenValidator(String tokenJwtValue, Signat
 
     abstract ScopeClaimKey scopeClaimKey();
 
-    Optional<List<String>> getScopes() {
+    @NotNull
+    List<String> getScopes() {
         return readScopesFromClaim(scopeClaimKey());
     }
 
@@ -224,16 +212,21 @@ protected TokenValidation checkScopesWithin(String... scopes) {
     }
 
     protected TokenValidation checkScopesWithin(Collection<String> scopes) {
-        Optional<List<String>> scopesGot = getScopes();
-        scopesGot.ifPresent(tokenScopes -> {
-            Set<Pattern> scopePatterns = UaaStringUtils.constructWildcards(scopes);
-            List<String> missingScopes = tokenScopes.stream().filter(s -> !scopePatterns.stream().anyMatch(p -> p.matcher(s).matches())).collect(toList());
-            if (!missingScopes.isEmpty()) {
-                String scopeClaimKey = scopeClaimKey().keyName();
-                String message = String.format("Some required %s are missing: " + missingScopes.stream().collect(Collectors.joining(" ")), scopeClaimKey);
-                throw new InvalidTokenException(message);
-            }
-        });
+        List<String> scopesGot = getScopes();
+        Set<Pattern> scopePatterns = UaaStringUtils.constructWildcards(scopes);
+        List<String> missingScopes =
+                scopesGot.stream().filter(
+                        s -> scopePatterns.stream()
+                                .noneMatch(p -> p.matcher(s).matches())
+                ).collect(toList());
+        if (!missingScopes.isEmpty()) {
+            String scopeClaimKey = scopeClaimKey().keyName();
+            String message =
+                    String.format("Some required %s are missing: %s",
+                            scopeClaimKey,
+                            String.join(" ", missingScopes));
+            throw new InvalidTokenException(message);
+        }
         return this;
     }
 
@@ -407,7 +400,7 @@ private static boolean equals(Object a, Object b) {
         return a.equals(b);
     }
 
-    private Optional<List<String>> readScopesFromClaim(ScopeClaimKey scopeClaimKey) {
+    private List<String> readScopesFromClaim(ScopeClaimKey scopeClaimKey) {
         String scopeKeyName = scopeClaimKey.keyName();
         if (!claims.containsKey(scopeKeyName)) {
             throw new InvalidTokenException(
@@ -417,7 +410,7 @@ private Optional<List<String>> readScopesFromClaim(ScopeClaimKey scopeClaimKey)
 
         Object scopeClaim = claims.get(scopeKeyName);
         if (scopeClaim == null) {
-            return Optional.of(new ArrayList<>());
+            return Lists.newArrayList();
         }
 
         if (!(scopeClaim instanceof List)) {
@@ -429,11 +422,12 @@ private Optional<List<String>> readScopesFromClaim(ScopeClaimKey scopeClaimKey)
             );
         }
 
-        List<String> scopeList = ((List<?>) scopeClaim).stream()
+        List<?> scopes = (List<?>) scopeClaim;
+        //TODO: type check that the elements of the list are strings
+        return scopes.stream()
                 .filter(Objects::nonNull)
                 .map(Object::toString)
                 .collect(toList());
-        return Optional.of(scopeList);
     }
 
     public Jwt getJwt() {

diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java
@@ -384,8 +384,8 @@ public void idTokenValidator_findsScopesFromScopeClaim() {
         content.put(SCOPE, Lists.newArrayList("openid"));
         content.put(GRANTED_SCOPES, Lists.newArrayList("foo.read"));
 
-        Optional<List<String>> scopes = buildIdTokenValidator(getToken(), mock(ChainedSignatureVerifier.class), new KeyInfoService("https://localhost")).getScopes();
-        assertThat(scopes.get(), equalTo(Lists.newArrayList("openid")));
+        List<String> scopes = buildIdTokenValidator(getToken(), mock(ChainedSignatureVerifier.class), new KeyInfoService("https://localhost")).getScopes();
+        assertThat(scopes, equalTo(Lists.newArrayList("openid")));
     }
 
     @Test
@@ -618,11 +618,13 @@ public void validateRefreshToken_withScopeClaimAndGrantedScopeClaim_happycase()
     public void validateRefreshToken_should_fail_when_missing_scopes() {
         // Build a refresh token
         content.put(JTI, content.get(JTI) + "-r");
-        content.put(GRANTED_SCOPES, Collections.singletonList("some-granted-scope"));
+        content.put(GRANTED_SCOPES, Arrays.asList("some-granted-scope", "bruce", "josh"));
 
         String refreshToken = getToken();
 
-        expectedException.expectMessage("Some required granted_scopes are missing: some-granted-scope");
+        expectedException.expectMessage(
+                "Some required granted_scopes are missing: some-granted-scope bruce josh"
+        );
 
         buildRefreshTokenValidator(refreshToken, new KeyInfoService("https://localhost"))
                 .checkScopesWithin((Collection) content.get(SCOPE));