fixup! Expire OAuth2AuthorizationRequest when saving to the session

candrews · candrews · commit 5f98510342ac · 2021-04-06T16:46:15.000-04:00
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
@@ -69,8 +69,8 @@ public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest re
 			return null;
 		}
 		Map<String, OAuth2AuthorizationRequestReference> authorizationRequests = this.getAuthorizationRequests(request);
-		OAuth2AuthorizationRequestReference wrappedWithCreated = authorizationRequests.get(stateParameter);
-		return (wrappedWithCreated != null) ? wrappedWithCreated.wrapped : null;
+		OAuth2AuthorizationRequestReference authorizationRequestReference = authorizationRequests.get(stateParameter);
+		return (authorizationRequestReference != null) ? authorizationRequestReference.authorizationRequest : null;
 	}
 
 	@Override
@@ -103,15 +103,15 @@ public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest
 			return null;
 		}
 		Map<String, OAuth2AuthorizationRequestReference> authorizationRequests = this.getAuthorizationRequests(request);
-		OAuth2AuthorizationRequestReference wrappedWithCreatedOriginalRequest = authorizationRequests
+		OAuth2AuthorizationRequestReference authorizationRequestReference = authorizationRequests
 				.remove(stateParameter);
 		if (!authorizationRequests.isEmpty()) {
 			request.getSession().setAttribute(this.sessionAttributeName, authorizationRequests);
 		}
 		else {
 			request.getSession().removeAttribute(this.sessionAttributeName);
 		}
-		return (wrappedWithCreatedOriginalRequest != null) ? wrappedWithCreatedOriginalRequest.wrapped : null;
+		return (authorizationRequestReference != null) ? authorizationRequestReference.authorizationRequest : null;
 	}
 
 	@Override
@@ -193,12 +193,13 @@ private static final class OAuth2AuthorizationRequestReference implements Serial
 
 		private final Instant expiresAt;
 
-		private final OAuth2AuthorizationRequest wrapped;
+		private final OAuth2AuthorizationRequest authorizationRequest;
 
-		private OAuth2AuthorizationRequestReference(OAuth2AuthorizationRequest wrapped, Instant created) {
-			Assert.notNull(wrapped, "wrapped cannot be null");
-			this.expiresAt = created;
-			this.wrapped = wrapped;
+		private OAuth2AuthorizationRequestReference(OAuth2AuthorizationRequest authorizationRequest,
+				Instant expiresAt) {
+			Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
+			this.expiresAt = expiresAt;
+			this.authorizationRequest = authorizationRequest;
 		}
 
 	}

Original file line number	Diff line number	Diff line change
`@@ -69,8 +69,8 @@ public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest re`
`69`	`69`	`return null;`
`70`	`70`	`}`
`71`	`71`	`Map<String, OAuth2AuthorizationRequestReference> authorizationRequests = this.getAuthorizationRequests(request);`
`72`		`- OAuth2AuthorizationRequestReference wrappedWithCreated = authorizationRequests.get(stateParameter);`
`73`		`- return (wrappedWithCreated != null) ? wrappedWithCreated.wrapped : null;`
	`72`	`+ OAuth2AuthorizationRequestReference authorizationRequestReference = authorizationRequests.get(stateParameter);`
	`73`	`+ return (authorizationRequestReference != null) ? authorizationRequestReference.authorizationRequest : null;`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`@Override`
`@@ -103,15 +103,15 @@ public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest`
`103`	`103`	`return null;`
`104`	`104`	`}`
`105`	`105`	`Map<String, OAuth2AuthorizationRequestReference> authorizationRequests = this.getAuthorizationRequests(request);`
`106`		`- OAuth2AuthorizationRequestReference wrappedWithCreatedOriginalRequest = authorizationRequests`
	`106`	`+ OAuth2AuthorizationRequestReference authorizationRequestReference = authorizationRequests`
`107`	`107`	`.remove(stateParameter);`
`108`	`108`	`if (!authorizationRequests.isEmpty()) {`
`109`	`109`	`request.getSession().setAttribute(this.sessionAttributeName, authorizationRequests);`
`110`	`110`	`}`
`111`	`111`	`else {`
`112`	`112`	`request.getSession().removeAttribute(this.sessionAttributeName);`
`113`	`113`	`}`
`114`		`- return (wrappedWithCreatedOriginalRequest != null) ? wrappedWithCreatedOriginalRequest.wrapped : null;`
	`114`	`+ return (authorizationRequestReference != null) ? authorizationRequestReference.authorizationRequest : null;`
`115`	`115`	`}`
`116`	`116`
`117`	`117`	`@Override`
`@@ -193,12 +193,13 @@ private static final class OAuth2AuthorizationRequestReference implements Serial`
`193`	`193`
`194`	`194`	`private final Instant expiresAt;`
`195`	`195`
`196`		`- private final OAuth2AuthorizationRequest wrapped;`
	`196`	`+ private final OAuth2AuthorizationRequest authorizationRequest;`
`197`	`197`
`198`		`- private OAuth2AuthorizationRequestReference(OAuth2AuthorizationRequest wrapped, Instant created) {`
`199`		`- Assert.notNull(wrapped, "wrapped cannot be null");`
`200`		`- this.expiresAt = created;`
`201`		`- this.wrapped = wrapped;`
	`198`	`+ private OAuth2AuthorizationRequestReference(OAuth2AuthorizationRequest authorizationRequest,`
	`199`	`+ Instant expiresAt) {`
	`200`	`+ Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");`
	`201`	`+ this.expiresAt = expiresAt;`
	`202`	`+ this.authorizationRequest = authorizationRequest;`
`202`	`203`	`}`
`203`	`204`
`204`	`205`	`}`