Merge pull request #18 from graphql-java-kickstart/update-oauth-security

Replace deprecated code fix #17

Author: oliemansm

graphql-webclient-spring-boot-autoconfigure/build.gradle

@@ -6,4 +6,6 @@ dependencies {
     implementation "org.springframework.boot:spring-boot-autoconfigure"
     implementation "org.springframework.boot:spring-boot-starter-webflux"
     implementation "org.springframework.security:spring-security-oauth2-client"
+
+    testImplementation "org.springframework.boot:spring-boot-starter-test"
 }

graphql-webclient-spring-boot-autoconfigure/src/main/java/graphql/kickstart/spring/webclient/boot/GraphQLWebClientAutoConfiguration.java

@@ -1,6 +1,7 @@
 package graphql.kickstart.spring.webclient.boot;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -13,15 +14,17 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
+import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction;
-import org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository;
 import org.springframework.web.reactive.function.client.WebClient;
 
 @Slf4j
 @Configuration
 @RequiredArgsConstructor
-@AutoConfigureAfter({JacksonAutoConfiguration.class, OAuth2ClientAutoConfiguration.class, WebFluxAutoConfiguration.class})
+@AutoConfigureAfter({JacksonAutoConfiguration.class, OAuth2ClientAutoConfiguration.class,
+    WebFluxAutoConfiguration.class})
 @EnableConfigurationProperties(GraphQLClientProperties.class)
 @ComponentScan(basePackageClasses = GraphQLWebClientImpl.class)
 public class GraphQLWebClientAutoConfiguration {
@@ -36,18 +39,33 @@ public WebClient webClient(
   ) {
     clientBuilder.baseUrl(graphqlClientProperties.getUrl());
 
-    if (clientRegistrations != null && clientRegistrations.findByRegistrationId("graphql").blockOptional().isPresent()) {
-      ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
-          new ServerOAuth2AuthorizedClientExchangeFilterFunction(
-              clientRegistrations,
-              new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
-      oauth.setDefaultClientRegistrationId("graphql");
-      clientBuilder.filter(oauth);
+    if (isGraphQLClientRegistrationPresent(clientRegistrations)) {
+      clientBuilder.filter(createOAuthFilter(clientRegistrations));
     }
 
     return clientBuilder.build();
   }
 
+  @NonNull
+  private ServerOAuth2AuthorizedClientExchangeFilterFunction createOAuthFilter(
+      ReactiveClientRegistrationRepository clientRegistrations) {
+    InMemoryReactiveOAuth2AuthorizedClientService clientService =
+        new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrations);
+    AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =
+        new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations,
+            clientService);
+    ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
+        new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
+    oauth.setDefaultClientRegistrationId("graphql");
+    return oauth;
+  }
+
+  private boolean isGraphQLClientRegistrationPresent(
+      ReactiveClientRegistrationRepository clientRegistrations) {
+    return clientRegistrations != null && clientRegistrations.findByRegistrationId("graphql")
+        .blockOptional().isPresent();
+  }
+
   @Bean
   @ConditionalOnMissingBean
   public ObjectMapper objectMapper() {

graphql-webclient-spring-boot-autoconfigure/src/test/java/graphql/kickstart/spring/webclient/boot/GraphQLWebClientAutoConfigurationTest.java

@@ -0,0 +1,74 @@
+package graphql.kickstart.spring.webclient.boot;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.web.reactive.function.client.WebClient;
+import reactor.core.publisher.Mono;
+
+class GraphQLWebClientAutoConfigurationTest {
+
+  private GraphQLWebClientAutoConfiguration configuration;
+  private WebClient.Builder mockClientBuilder;
+
+  @BeforeEach
+  void setup() {
+    GraphQLClientProperties graphQLClientProperties = new GraphQLClientProperties();
+    configuration = new GraphQLWebClientAutoConfiguration(graphQLClientProperties);
+
+    mockClientBuilder = mock(WebClient.Builder.class);
+  }
+
+  @Test
+  void webClient_nullClientRegistrations_doesNotAddFilter() {
+    configuration.webClient(mockClientBuilder, null);
+    verify(mockClientBuilder, times(0))
+        .filter(isA(ServerOAuth2AuthorizedClientExchangeFilterFunction.class));
+  }
+
+  @Test
+  void webClient_noGraphQLRegistration_doesNotAddFilter() {
+    var registrationRepository = mock(ReactiveClientRegistrationRepository.class);
+    when(registrationRepository.findByRegistrationId("graphql")).thenReturn(Mono.empty());
+    configuration.webClient(mockClientBuilder, registrationRepository);
+    verify(mockClientBuilder, times(0))
+        .filter(isA(ServerOAuth2AuthorizedClientExchangeFilterFunction.class));
+  }
+
+  @Test
+  void webClient_withGraphQLRegistration_doesAddFilter() {
+    var registrationRepository = mock(ReactiveClientRegistrationRepository.class);
+    var registration = ClientRegistration.withRegistrationId("graphql")
+        .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+        .clientId("clientId")
+        .clientSecret("clientSecret")
+        .tokenUri("tokenUri")
+        .build();
+    when(registrationRepository.findByRegistrationId("graphql")).thenReturn(Mono.just(registration));
+    configuration.webClient(mockClientBuilder, registrationRepository);
+    verify(mockClientBuilder, times(1))
+        .filter(isA(ServerOAuth2AuthorizedClientExchangeFilterFunction.class));
+  }
+
+  @Test
+  void webClient_getObjectMapper_returns() {
+    assertNotNull(configuration.objectMapper());
+  }
+
+  @Test
+  void webClient_graphQLWebClient_returns() {
+    assertNotNull(configuration.graphQLWebClient(WebClient.builder().build(), new ObjectMapper()));
+  }
+
+}

graphql-webclient/src/main/java/graphql/kickstart/spring/webclient/boot/GraphQLError.java

@@ -10,6 +10,6 @@ public class GraphQLError {
   private String message;
   private List<Location> locations;
   private List<String> path;
-  private Map<String, Object> extensions  ;
+  private Map<String, Object> extensions;
 
 }

graphql-webclient/src/main/java/graphql/kickstart/spring/webclient/boot/GraphQLErrorsException.java

@@ -2,19 +2,22 @@
 
 import java.util.List;
 import lombok.EqualsAndHashCode;
-import lombok.RequiredArgsConstructor;
+import lombok.NonNull;
 import lombok.Value;
 
 @Value
 @EqualsAndHashCode(callSuper = false)
-@RequiredArgsConstructor
 public class GraphQLErrorsException extends RuntimeException {
 
-  List<GraphQLError> errors;
+  transient List<GraphQLError> errors;
+  String message;
 
-  @Override
-  public String getMessage() {
-    return errors.get(0).getMessage();
+  public GraphQLErrorsException(@NonNull List<GraphQLError> errors) {
+    if (errors.isEmpty()) {
+      throw new IllegalArgumentException("errors must not be empty");
+    }
+    this.errors = errors;
+    this.message = errors.get(0).getMessage();
   }
 
 }

graphql-webclient/src/test/java/graphql/kickstart/spring/webclient/boot/GraphQLErrorsExceptionTest.java

@@ -0,0 +1,35 @@
+package graphql.kickstart.spring.webclient.boot;
+
+import static java.util.Collections.emptyList;
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.util.List;
+import org.junit.jupiter.api.Test;
+
+@SuppressWarnings("ThrowableNotThrown")
+class GraphQLErrorsExceptionTest {
+
+  @Test
+  void construct_nullArg_throwsException() {
+    //noinspection ConstantConditions
+    assertThrows(NullPointerException.class, () -> new GraphQLErrorsException(null));
+  }
+
+  @Test
+  void construct_emptyArg_throwsException() {
+    List<GraphQLError> emptyList = emptyList();
+    assertThrows(IllegalArgumentException.class, () -> new GraphQLErrorsException(emptyList));
+  }
+
+  @Test
+  void construct_errors_returnsErrorsAndFirstMessage() {
+    var error = new GraphQLError();
+    error.setMessage("testmessage");
+    var errors = List.of(error);
+    GraphQLErrorsException e = new GraphQLErrorsException(errors);
+    assertEquals(errors, e.getErrors());
+    assertEquals("testmessage", e.getMessage());
+    assertEquals("testmessage", e.getLocalizedMessage());
+  }
+
+}

lombok.config

@@ -0,0 +1 @@
+lombok.addLombokGeneratedAnnotation = true