Emergent fix: Authorization consent not working

- The oauth/authorize POST is not called when there is a response_type parameter.
- Remove the response_type from the oauth/authorize POST after the authorization consent.
- Need to create test cases for the Authorization Code module.

Author: patternhelloworld

README.md

@@ -24,7 +24,7 @@
 <dependency>
     <groupId>io.github.patternhelloworld.securityhelper.oauth2.api</groupId>
     <artifactId>spring-oauth2-easyplus</artifactId>
-    <version>4.4.0</version>
+    <version>4.4.1</version>
 </dependency>
 ```
 
@@ -246,7 +246,7 @@ public class CommonDataSourceConfiguration {
     2. Check the login page at the "resources/templates/login.hml"
     3. Ensure the callback URL (http://localhost:8081/callback1) is properly set in the ``oauth2_registered_client`` table in the database.
 - How to use
-    1. Open the web browser by connecting to ``http://localhost:8370/oauth2/authorize?response_type=code&client_id=client_customer&state=xxx&scope=read&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fcallback1&code_challenge=HVoKJYs8JruAxs7hKcG4oLpJXCP-z1jJQtXpQte6GyA&code_challenge_method=S256``, using the values from the ``oauth2_registered_client``
+    1. Open the web browser by connecting to ``http://localhost:8370/oauth2/authorize?client_id=client_customer&state=xxx&scope=read&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fcallback1&code_challenge=HVoKJYs8JruAxs7hKcG4oLpJXCP-z1jJQtXpQte6GyA&code_challenge_method=S256``, using the values from the ``oauth2_registered_client``
         - PKCE (``code_challege, code_challege_METHOD``) is optional.
         - PKCE adds a Code Verifier and a Code Challenge to the flow, enhancing the Authorization Code Grant Flow by preventing the issuance of an Access Token if the Authorization Code is compromised.
     2. Login with ``[email protected] / 1234 ``

client/pom.xml

@@ -7,7 +7,7 @@ http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.patternhelloworld.securityhelper.oauth2.client</groupId>
     <artifactId>spring-oauth2-easyplus-client</artifactId>
-    <version>4.4.0</version>
+    <version>4.4.1</version>
     <packaging>jar</packaging>
 
     <properties>
@@ -48,7 +48,7 @@ http://maven.apache.org/xsd/maven-4.0.0.xsd">
         <dependency>
             <groupId>io.github.patternhelloworld.securityhelper.oauth2.api</groupId>
             <artifactId>spring-oauth2-easyplus</artifactId>
-            <version>4.4.0</version>
+            <version>4.4.1</version>
         </dependency>
 
         <!-- DB -->

client/src/main/java/com/patternhelloworld/securityhelper/oauth2/client/config/securityimpl/response/CustomWebAuthenticationFailureHandlerImpl.java

@@ -57,6 +57,7 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
                 }
                 Map<String, String> consentAttributes = new HashMap<>();
                 consentAttributes.put("clientId", request.getParameter("client_id"));
+                //consentAttributes.put("responseType", request.getParameter("response_type"));
                 consentAttributes.put("redirectUri", request.getParameter("redirect_uri"));
                 consentAttributes.put("code", request.getParameter("code"));
                 consentAttributes.put("state", request.getParameter("state"));

client/src/main/resources/templates/consent.html

@@ -47,6 +47,7 @@ <h1 class="text-center text-primary">App permissions</h1>
         <div class="col text-center">
             <form name="consent_form" method="post" action="/oauth2/authorize">
                 <input type="hidden" name="client_id" th:value="${consentAttributes.clientId}">
+                <!--<input type="hidden" name="response_type" th:value="${consentAttributes.responseType}">-->
                 <input type="hidden" name="redirect_uri" th:value="${consentAttributes.redirectUri}">
                 <input type="hidden" name="code" th:value="${consentAttributes.code}">
                 <input type="hidden" name="state" th:value="${consentAttributes.state}">

client/src/main/resources/templates/login.html

@@ -73,7 +73,7 @@ <h1 class="h3 mb-3 fw-normal">Please sign in</h1>
             const password = passwordInput.value;
 
             // Extract query parameters from the current URL
-            const {client_id, response_type, state, scope, redirect_uri, code_challenge, code_challenge_method} = getQueryParameters();
+            const {client_id, state, scope, redirect_uri, code_challenge, code_challenge_method} = getQueryParameters();
 
             // Basic Auth header creation
             const clientSecret = '12345'; // Enter client secret
@@ -83,7 +83,7 @@ <h1 class="h3 mb-3 fw-normal">Please sign in</h1>
                 'username': username,
                 'password': password,
                 'grant_type': "password",
-                'response_type': response_type,
+                'response_type': "code",
                 'scope': scope
             };
 

lib/pom.xml

@@ -8,7 +8,7 @@ http://maven.apache.org/xsd/maven-4.0.0.xsd">
 
     <groupId>io.github.patternhelloworld.securityhelper.oauth2.api</groupId>
     <artifactId>spring-oauth2-easyplus</artifactId>
-    <version>4.4.0</version>
+    <version>4.4.1</version>
     <name>spring-oauth2-easyplus</name>
     <description>App-Token based easy OAuth2 JPA implementation built to grow with Spring Boot</description>
     <packaging>jar</packaging>

lib/src/main/java/io/github/patternhelloworld/securityhelper/oauth2/api/config/security/validator/endpoint/authorization/CodeRequestValidator.java

@@ -34,14 +34,6 @@ public CodeValidationResult apply(MultiValueMap<String, String> queryParameters)
 
         String clientId = validateClientIdForCodeRequest(queryParameters);
 
-        String responseType = queryParameters.getFirst(OAuth2ParameterNames.RESPONSE_TYPE);
-        if (!StringUtils.hasText(responseType)) {
-            throw new EasyPlusOauth2AuthenticationException(EasyPlusErrorMessages.builder().errorCode(EasyPlusErrorCodeConstants.MISSING_RESPONSE_TYPE).message(EasyPlusErrorCodeConstants.MISSING_RESPONSE_TYPE).userMessage(iSecurityUserExceptionMessageService.getUserMessage(DefaultSecurityUserExceptionMessage.AUTHENTICATION_LOGIN_ERROR)).build());
-        }else{
-            if(!responseType.equals("code")){
-                throw new EasyPlusOauth2AuthenticationException(EasyPlusErrorMessages.builder().errorCode(EasyPlusErrorCodeConstants.WRONG_RESPONSE_TYPE).message(EasyPlusErrorCodeConstants.WRONG_RESPONSE_TYPE).userMessage(iSecurityUserExceptionMessageService.getUserMessage(DefaultSecurityUserExceptionMessage.AUTHENTICATION_LOGIN_ERROR)).build());
-            }
-        }
         String redirectUri = queryParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI);
         if (!StringUtils.hasText(redirectUri)) {
             throw new EasyPlusOauth2AuthenticationException(EasyPlusErrorMessages.builder().errorCode(EasyPlusErrorCodeConstants.MISSING_REDIRECT_URI).message(EasyPlusErrorCodeConstants.MISSING_REDIRECT_URI).userMessage(iSecurityUserExceptionMessageService.getUserMessage(DefaultSecurityUserExceptionMessage.AUTHENTICATION_LOGIN_ERROR)).build());
@@ -65,7 +57,6 @@ public CodeValidationResult apply(MultiValueMap<String, String> queryParameters)
 
         return CodeValidationResult.builder()
                 .clientId(clientId)
-                .responseType(responseType)
                 .redirectUri(redirectUri)
                 .state(state)
                 .scope(registeredScopes)