cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf] 02/10: Fixing OAuth scope test
Date Mon, 16 Sep 2019 12:20:23 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 39e32c4a3cf4b6dd35dae7cfccf47e2f23b8d253
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Wed Sep 11 01:08:19 2019 +0100

    Fixing OAuth scope test
---
 .../cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java | 3 +--
 .../jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java  | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index d6e16f2..e4af350 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -396,8 +396,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                 approvedScope.add(rScope);
             }
         }
-        if (!requestedScope.containsAll(approvedScope)
-            || !OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
+        if (!OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
                                          partialMatchScopeValidation)) {
             return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
         }
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
index 8bbb662..5b70662 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
@@ -212,13 +212,13 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
         client.type("application/json").accept("application/json");
         client.query("client_id", "consumer-id");
         client.query("response_type", "code");
-        client.query("redirect_uri", "http://www.blah.bad.apache.org");
+        client.query("redirect_uri", "http://www.blah.apache.org");
         client.query("scope", "unknown-scope");
         client.path("authorize/");
 
         // No redirect URI
         Response response = client.get();
-        assertEquals(400, response.getStatus());
+        assertEquals(303, response.getStatus());
     }
 
     // Send the authorization code twice to get an access token


Mime
View raw message