SECOAUTH-250: remember to save refresh token after it is used if disc…

…arded
spring-attic · May 9, 2012 · 7d7f990 · 7d7f990
1 parent e51758a
commit 7d7f990
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 3 deletions.
diff --git a/...rc/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/...rc/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java
@@ -141,6 +141,9 @@ public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, Set<String
 
 		OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
 		tokenStore.storeAccessToken(accessToken, authentication);
+		if (!reuseRefreshToken) {
+			tokenStore.storeRefreshToken(refreshToken, authentication);
+		}
 		return accessToken;
 	}
 

diff --git a/.../org/springframework/security/oauth2/provider/token/AbstractTestDefaultTokenServices.java b/.../org/springframework/security/oauth2/provider/token/AbstractTestDefaultTokenServices.java
@@ -51,8 +51,8 @@ public void testTokenEnhancerUpdatesStoredTokens() throws Exception {
 		tokenServices.setTokenEnhancer(new TokenEnhancer() {
 			public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
 				DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken);
-				ExpiringOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("testToken",
-						new Date(System.currentTimeMillis() + 100000));
+				ExpiringOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("testToken", new Date(
+						System.currentTimeMillis() + 100000));
 				result.setRefreshToken(refreshToken);
 				return result;
 			}
@@ -122,7 +122,8 @@ public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exceptio
 		OAuth2Authentication expectedAuthentication = new OAuth2Authentication(new AuthorizationRequest("id",
 				Collections.singleton("read"), null, null), new TestAuthentication("test2", false));
 		OAuth2AccessToken accessToken = getTokenServices().createAccessToken(expectedAuthentication);
-		DefaultExpiringOAuth2RefreshToken refreshToken = (DefaultExpiringOAuth2RefreshToken) accessToken.getRefreshToken();
+		DefaultExpiringOAuth2RefreshToken refreshToken = (DefaultExpiringOAuth2RefreshToken) accessToken
+				.getRefreshToken();
 		Date expectedExpiryDate = new Date(System.currentTimeMillis() + 102 * 1000L);
 		assertTrue(expectedExpiryDate.after(refreshToken.getExpiration()));
 	}
@@ -165,6 +166,20 @@ public void testRefreshTokenMaintainsState() throws Exception {
 		assertEquals(1, getAccessTokenCount());
 	}
 
+	@Test
+	public void testNotReuseRefreshTokenMaintainsState() throws Exception {
+		OAuth2Authentication expectedAuthentication = new OAuth2Authentication(new AuthorizationRequest("id",
+				Collections.singleton("read"), null, null), new TestAuthentication("test2", false));
+		getTokenServices().setSupportRefreshToken(true);
+		getTokenServices().setReuseRefreshToken(false);
+		OAuth2AccessToken accessToken = getTokenServices().createAccessToken(expectedAuthentication);
+		OAuth2RefreshToken expectedExpiringRefreshToken = accessToken.getRefreshToken();
+		OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(
+				expectedExpiringRefreshToken.getValue(), null);
+		assertNotNull(refreshedAccessToken);
+		assertEquals(1, getRefreshTokenCount());
+	}
+
 	protected abstract int getAccessTokenCount();
 
 	protected abstract int getRefreshTokenCount();