AUT-1273 Ory Hydra v2: change DELETE /oauth2/auth/sessions/login requ…

…est to use sid query parameter (ory/hydra/pull/2876)
e-gov · Nov 29, 2023 · 90a0606 · 90a0606
1 parent d46fdfd
commit 90a0606
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 7 deletions.
diff --git a/src/main/java/ee/ria/govsso/session/service/hydra/HydraService.java b/src/main/java/ee/ria/govsso/session/service/hydra/HydraService.java
@@ -402,7 +402,8 @@ private void handleConsentRequest(String uri, HttpMethod method) {
 
     public void deleteLoginSessionAndRelatedLoginRequests(String loginSessionId) {
         String uri = UriComponentsBuilder
-                .fromUriString(hydraConfigurationProperties.adminUrl() + "/admin/oauth2/auth/sessions/login/" + loginSessionId)
+                .fromUriString(hydraConfigurationProperties.adminUrl() + "/admin/oauth2/auth/sessions/login")
+                .queryParam("sid", loginSessionId)
                 .toUriString();
 
         try {

diff --git a/src/test/java/ee/ria/govsso/session/controller/LoginInitControllerTest.java b/src/test/java/ee/ria/govsso/session/controller/LoginInitControllerTest.java
@@ -846,7 +846,7 @@ void loginInit_WhenContinueSessionAndConsentsAreMissing_ReAuthenticate() {
         HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/consent?subject=test1234&login_session_id=e56cbaf9-81e9-4473-a733-261e8dd38e95&all=true&trigger_backchannel_logout=true"))
                 .willReturn(aResponse()
                         .withStatus(204)));
-        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login/e56cbaf9-81e9-4473-a733-261e8dd38e95"))
+        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login?sid=e56cbaf9-81e9-4473-a733-261e8dd38e95"))
                 .willReturn(aResponse()
                         .withStatus(204)));
         Cookie hydraCookie = new Cookie.Builder("oauth2_authentication_session_insecure", "a77cbaf9-77e9-5573-a711-919e8dd38a11")
@@ -886,7 +886,7 @@ void loginInit_WhenNoConsentsFoundAtLoginRequestTime_ReAuthenticate(String login
         HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/consent?subject=test1234&login_session_id=e56cbaf9-81e9-4473-a733-261e8dd38e95&all=true&trigger_backchannel_logout=true"))
                 .willReturn(aResponse()
                         .withStatus(204)));
-        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login/e56cbaf9-81e9-4473-a733-261e8dd38e95"))
+        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login?sid=e56cbaf9-81e9-4473-a733-261e8dd38e95"))
                 .willReturn(aResponse()
                         .withStatus(204)));
 

diff --git a/src/test/java/ee/ria/govsso/session/controller/LoginReauthenticateControllerTest.java b/src/test/java/ee/ria/govsso/session/controller/LoginReauthenticateControllerTest.java
@@ -37,7 +37,7 @@ void loginReauthenticate_WhenLoginReauthenticateIsSuccessful_Redirects() {
                 .willReturn(aResponse()
                         .withStatus(204)));
 
-        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login/e56cbaf9-81e9-4473-a733-261e8dd38e95"))
+        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login?sid=e56cbaf9-81e9-4473-a733-261e8dd38e95"))
                 .willReturn(aResponse()
                         .withStatus(204)));
 
@@ -170,7 +170,7 @@ void loginReauthenticate_WhenDeleteLoginReturns400_ThrowsTechnicalGeneralError()
                 .willReturn(aResponse()
                         .withStatus(204)));
 
-        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login/e56cbaf9-81e9-4473-a733-261e8dd38e95"))
+        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login?sid=e56cbaf9-81e9-4473-a733-261e8dd38e95"))
                 .willReturn(aResponse()
                         .withStatus(400)));
 
@@ -200,7 +200,7 @@ void loginReauthenticate_IfHydraSessionCookieExists_HydraSessionCookieIsDeleted(
                 .willReturn(aResponse()
                         .withStatus(204)));
 
-        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login/e56cbaf9-81e9-4473-a733-261e8dd38e95"))
+        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login?sid=e56cbaf9-81e9-4473-a733-261e8dd38e95"))
                 .willReturn(aResponse()
                         .withStatus(204)));
 
@@ -228,7 +228,7 @@ void loginReauthenticate_WhenOriginHeaderIsSet_NoCorsResponseHeadersAreSet() {
                 .willReturn(aResponse()
                         .withStatus(204)));
 
-        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login/e56cbaf9-81e9-4473-a733-261e8dd38e95"))
+        HYDRA_MOCK_SERVER.stubFor(delete(urlEqualTo("/admin/oauth2/auth/sessions/login?sid=e56cbaf9-81e9-4473-a733-261e8dd38e95"))
                 .willReturn(aResponse()
                         .withStatus(204)));