Merge 120471467-auth-code-grant to master

[Completes #120471467]

Author: Steve Powell

cloudfoundry-client-spring/src/main/java/org/cloudfoundry/reactor/client/QueryBuilder.java

@@ -58,7 +58,7 @@ public static void augment(UriComponentsBuilder builder, Object instance) {
                 if (value instanceof Collection) {
                     builder.queryParam(queryParameter.value(), ((Collection<?>) value).stream()
                         .map(Object::toString)
-                        .collect(Collectors.joining(",")));
+                        .collect(Collectors.joining(queryParameter.delimiter())));
                 } else {
                     builder.queryParam(queryParameter.value(), value);
                 }

cloudfoundry-client-spring/src/main/java/org/cloudfoundry/reactor/uaa/authorizations/ReactorAuthorizations.java

@@ -20,12 +20,17 @@
 import io.netty.util.AsciiString;
 import org.cloudfoundry.reactor.uaa.AbstractUaaOperations;
 import org.cloudfoundry.reactor.util.AuthorizationProvider;
+import org.cloudfoundry.uaa.ResponseType;
 import org.cloudfoundry.uaa.authorizations.Authorizations;
 import org.cloudfoundry.uaa.authorizations.AuthorizeByAuthorizationCodeGrantApiRequest;
+import org.cloudfoundry.uaa.authorizations.AuthorizeByAuthorizationCodeGrantBrowserRequest;
+import org.cloudfoundry.util.ExceptionUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 import reactor.core.publisher.Mono;
 import reactor.io.netty.http.HttpClient;
 
+import java.util.Optional;
+
 /**
  * The Reactor-based implementation of {@link Authorizations}
  */
@@ -47,9 +52,21 @@ public ReactorAuthorizations(AuthorizationProvider authorizationProvider, HttpCl
 
     @Override
     public Mono<String> authorizeByAuthorizationCodeGrantApi(AuthorizeByAuthorizationCodeGrantApiRequest request) {
-        return get(request, builder -> builder.pathSegment("oauth", "authorize"))
+        return get(request, builder -> builder.pathSegment("oauth", "authorize").queryParam("response_type", ResponseType.CODE))
+            .map(inbound -> inbound.responseHeaders().get(LOCATION))
+            .then(location -> extractParameterFromLocation(location, "code"));
+    }
+
+    @Override
+    public Mono<String> authorizeByAuthorizationCodeGrantBrowser(AuthorizeByAuthorizationCodeGrantBrowserRequest request) {
+        return get(request, builder -> builder.pathSegment("oauth", "authorize").queryParam("response_type", ResponseType.CODE))
             .map(inbound -> inbound.responseHeaders().get(LOCATION))
-            .map(location -> UriComponentsBuilder.fromUriString(location).build().getQueryParams().getFirst("code"));
+            .then(location -> extractParameterFromLocation(location, "code"));
     }
 
+    private static Mono<String> extractParameterFromLocation(String location, String parameter) {
+        return Optional.ofNullable(UriComponentsBuilder.fromUriString(location).build().getQueryParams().getFirst(parameter))
+            .map(parameterValue -> Mono.just(parameterValue))
+            .orElse(ExceptionUtils.illegalState(String.format("Parameter %s not found in location", parameter)));
+    }
 }

cloudfoundry-client-spring/src/main/java/org/cloudfoundry/reactor/uaa/tokens/ReactorTokens.java

@@ -19,6 +19,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.cloudfoundry.reactor.uaa.AbstractUaaOperations;
 import org.cloudfoundry.reactor.util.AuthorizationProvider;
+import org.cloudfoundry.uaa.ResponseType;
 import org.cloudfoundry.uaa.tokens.CheckTokenRequest;
 import org.cloudfoundry.uaa.tokens.CheckTokenResponse;
 import org.cloudfoundry.uaa.tokens.GetTokenByAuthorizationCodeRequest;
@@ -64,29 +65,31 @@ public Mono<CheckTokenResponse> check(CheckTokenRequest request) {
     @Override
     public Mono<GetTokenByAuthorizationCodeResponse> getByAuthorizationCode(GetTokenByAuthorizationCodeRequest request) {
         return postForm(request, GetTokenByAuthorizationCodeResponse.class,
-            builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "authorization_code").queryParam("response_type", "token"));
+            builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "authorization_code").queryParam("response_type", ResponseType.TOKEN));
     }
 
     @Override
     public Mono<GetTokenByClientCredentialsResponse> getByClientCredentials(GetTokenByClientCredentialsRequest request) {
         return postForm(request, GetTokenByClientCredentialsResponse.class,
-            builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "client_credentials").queryParam("response_type", "token"));
+            builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "client_credentials").queryParam("response_type", ResponseType.TOKEN));
     }
 
     @Override
     public Mono<GetTokenByOneTimePasscodeResponse> getByOneTimePasscode(GetTokenByOneTimePasscodeRequest request) {
-        return postForm(request, GetTokenByOneTimePasscodeResponse.class, builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "password").queryParam("response_type", "token"));
+        return postForm(request, GetTokenByOneTimePasscodeResponse.class,
+            builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "password").queryParam("response_type", ResponseType.TOKEN));
     }
 
     @Override
     public Mono<GetTokenByOpenIdResponse> getByOpenId(GetTokenByOpenIdRequest request) {
         return postForm(request, GetTokenByOpenIdResponse.class,
-            builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "authorization_code").queryParam("response_type", "id_token"));
+            builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "authorization_code").queryParam("response_type", ResponseType.ID_TOKEN));
     }
 
     @Override
     public Mono<GetTokenByPasswordResponse> getByPassword(GetTokenByPasswordRequest request) {
-        return postForm(request, GetTokenByPasswordResponse.class, builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "password").queryParam("response_type", "token"));
+        return postForm(request, GetTokenByPasswordResponse.class,
+            builder -> builder.pathSegment("oauth", "token").queryParam("grant_type", "password").queryParam("response_type", ResponseType.TOKEN));
     }
 
     @Override

cloudfoundry-client-spring/src/test/java/org/cloudfoundry/reactor/client/QueryBuilderTest.java

@@ -21,6 +21,9 @@
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.util.UriComponentsBuilder;
 
+import java.util.Arrays;
+import java.util.List;
+
 import static org.junit.Assert.assertEquals;
 
 public final class QueryBuilderTest {
@@ -32,9 +35,10 @@ public void test() {
         QueryBuilder.augment(builder, new StubQueryParamsSubClass());
 
         MultiValueMap<String, String> queryParams = builder.build().getQueryParams();
-        assertEquals(2, queryParams.size());
-        assertEquals("test-value-1", queryParams.getFirst("test-parameter-1"));
+        assertEquals(3, queryParams.size());
+        assertEquals("test-value-1,test-value-2", queryParams.getFirst("test-parameter-1"));
         assertEquals("test-value-3", queryParams.getFirst("test-parameter-3"));
+        assertEquals("test-value-4 test-value-5", queryParams.getFirst("test-parameter-4"));
     }
 
     private static abstract class StubQueryParams {
@@ -45,8 +49,8 @@ final String getNull() {
         }
 
         @QueryParameter("test-parameter-1")
-        final String getParameter1() {
-            return "test-value-1";
+        final List<String> getParameter1() {
+            return Arrays.asList("test-value-1", "test-value-2");
         }
 
     }
@@ -58,6 +62,10 @@ String getParameter2() {
             return "test-value-3";
         }
 
+        @QueryParameter(value = "test-parameter-4", delimiter = " ")
+        List<String> getParameter4() {
+            return Arrays.asList("test-value-4", "test-value-5");
+        }
     }
 
 }

cloudfoundry-client-spring/src/test/java/org/cloudfoundry/reactor/uaa/authorizations/ReactorAuthorizationsTest.java

@@ -21,7 +21,7 @@
 import org.cloudfoundry.reactor.TestResponse;
 import org.cloudfoundry.reactor.uaa.AbstractUaaApiTest;
 import org.cloudfoundry.uaa.authorizations.AuthorizeByAuthorizationCodeGrantApiRequest;
-import org.cloudfoundry.uaa.authorizations.ResponseType;
+import org.cloudfoundry.uaa.authorizations.AuthorizeByAuthorizationCodeGrantBrowserRequest;
 import reactor.core.publisher.Mono;
 
 import static io.netty.handler.codec.http.HttpMethod.GET;
@@ -37,7 +37,7 @@ public static final class AuthorizeByAuthorizationCodeGrantApi extends AbstractU
         protected InteractionContext getInteractionContext() {
             return InteractionContext.builder()
                 .request(TestRequest.builder()
-                    .method(GET).path("/oauth/authorize?client_id=login&redirect_uri=https://uaa.cloudfoundry.com/redirect/cf&response_type=code&state=v4LpFF")
+                    .method(GET).path("/oauth/authorize?client_id=login&redirect_uri=https://uaa.cloudfoundry.com/redirect/cf&state=v4LpFF&response_type=code")
                     .build())
                 .response(TestResponse.builder()
                     .status(FOUND)
@@ -54,7 +54,6 @@ protected String getResponse() {
         @Override
         protected AuthorizeByAuthorizationCodeGrantApiRequest getValidRequest() throws Exception {
             return AuthorizeByAuthorizationCodeGrantApiRequest.builder()
-                .responseType(ResponseType.CODE)
                 .clientId("login")
                 .redirectUri("https://uaa.cloudfoundry.com/redirect/cf")
                 .state("v4LpFF")
@@ -67,4 +66,42 @@ protected Mono<String> invoke(AuthorizeByAuthorizationCodeGrantApiRequest reques
         }
     }
 
+    public static final class AuthorizeByAuthorizationCodeGrantBrowser extends AbstractUaaApiTest<AuthorizeByAuthorizationCodeGrantBrowserRequest, String> {
+
+        private final ReactorAuthorizations authorizations = new ReactorAuthorizations(AUTHORIZATION_PROVIDER, HTTP_CLIENT, OBJECT_MAPPER, this.root);
+
+        @Override
+        protected InteractionContext getInteractionContext() {
+            return InteractionContext.builder()
+                .request(TestRequest.builder()
+                    .method(GET).path("/oauth/authorize?client_id=login&redirect_uri=https://uaa.cloudfoundry.com/redirect/cf&scope=openid%20oauth.approvals&response_type=code")
+                    .build())
+                .response(TestResponse.builder()
+                    .status(FOUND)
+                    .header("Location", "http://redirect.to/app?code=JuEj0D")
+                    .build())
+                .build();
+        }
+
+        @Override
+        protected String getResponse() {
+            return "JuEj0D";
+        }
+
+        @Override
+        protected AuthorizeByAuthorizationCodeGrantBrowserRequest getValidRequest() throws Exception {
+            return AuthorizeByAuthorizationCodeGrantBrowserRequest.builder()
+                .clientId("login")
+                .redirectUri("https://uaa.cloudfoundry.com/redirect/cf")
+                .scope("openid")
+                .scope("oauth.approvals")
+                .build();
+        }
+
+        @Override
+        protected Mono<String> invoke(AuthorizeByAuthorizationCodeGrantBrowserRequest request) {
+            return this.authorizations.authorizeByAuthorizationCodeGrantBrowser(request);
+        }
+    }
+
 }

cloudfoundry-client/src/main/java/org/cloudfoundry/QueryParameter.java

@@ -33,11 +33,17 @@
 @JacksonAnnotationsInside
 public @interface QueryParameter {
 
+    /**
+     * Returns the delimiter to use between Iterable elements
+     *
+     * @return the delimiter to use between Iterable elements
+     */
+    String delimiter() default ",";
+
     /**
      * Returns the name of the query parameter
      *
      * @return the name of the query parameter
      */
     String value();
-
 }

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/authorizations/ResponseType.java renamed to cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/ResponseType.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.cloudfoundry.uaa.authorizations;
+package org.cloudfoundry.uaa;
 
 import com.fasterxml.jackson.annotation.JsonValue;
 
@@ -23,7 +23,11 @@
  */
 public enum ResponseType {
 
-    CODE("code");
+    CODE("code"),
+
+    TOKEN("token"),
+
+    ID_TOKEN("id_token");
 
     private final String value;
 

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/authorizations/Authorizations.java

@@ -27,8 +27,16 @@ public interface Authorizations {
      * Makes the <a href="http://docs.cloudfoundry.com/uaa/#api-flow">Authorize By Authorization Code Grant (API)</a> request
      *
      * @param request Authorize By Authorization Code Grant (API) request
-     * @return the redirect URI
+     * @return the authorization code
      */
     Mono<String> authorizeByAuthorizationCodeGrantApi(AuthorizeByAuthorizationCodeGrantApiRequest request);
 
+    /**
+     * Makes the <a href="http://docs.cloudfoundry.com/uaa/#browser-flow">Authorize By Authorization Code Grant (Browser)</a> request
+     *
+     * @param request Authorize By Authorization Code Grant (Browser) request
+     * @return the authorization code
+     */
+    Mono<String> authorizeByAuthorizationCodeGrantBrowser(AuthorizeByAuthorizationCodeGrantBrowserRequest request);
+
 }

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/authorizations/_AuthorizeByAuthorizationCodeGrantApiRequest.java

@@ -39,12 +39,6 @@ abstract class _AuthorizeByAuthorizationCodeGrantApiRequest {
     @QueryParameter("redirect_uri")
     abstract String getRedirectUri();
 
-    /**
-     * {@code code} for requesting an authorization code for an access token, as per OAuth spec
-     */
-    @QueryParameter("response_type")
-    abstract ResponseType getResponseType();
-
     /**
      * Any random string to be returned in the Location header as a query parameter, used to achieve per-request customization
      */

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/authorizations/_AuthorizeByAuthorizationCodeGrantBrowserRequest.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2013-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.uaa.authorizations;
+
+import org.cloudfoundry.Nullable;
+import org.cloudfoundry.QueryParameter;
+import org.immutables.value.Value;
+
+import java.util.List;
+
+/**
+ * The request payload for authorization with an authorization code grant operation
+ */
+@Value.Immutable
+abstract class _AuthorizeByAuthorizationCodeGrantBrowserRequest {
+
+    /**
+     * A unique string representing the registration information provided by the client
+     */
+    @QueryParameter("client_id")
+    abstract String getClientId();
+
+    /**
+     * Redirection URI to which the authorization server will send the user-agent back once access is granted (or denied), optional if pre-registered by the client
+     */
+    @Nullable
+    @QueryParameter("redirect_uri")
+    abstract String getRedirectUri();
+
+    /**
+     * requested scopes, space-delimited
+     */
+    @Nullable
+    @QueryParameter(value = "scope", delimiter = " ")
+    abstract List<String> getScopes();
+
+}