Skip to content

NimbusJwtDecoder unknown KID scenario is not correctly tested #12238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 6, 2023
Merged

NimbusJwtDecoder unknown KID scenario is not correctly tested #12238

merged 1 commit into from
Jan 6, 2023

Conversation

jonkjenn
Copy link
Contributor

@jonkjenn jonkjenn commented Nov 18, 2022
edited
Loading

Two different methods are used for accessing the cache and only one of them is correctly mocked. This means the cache will always refresh unrelated to the unknown KID. https://github.com/spring-projects/spring-security/blob/main/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java#L415
The RemoteJWKSet will never actually find a missing KID and do the update because of this. The code seems to be correct though and the test succeeds with the fixed mock.

Relates to this issue #11621

@pivotal-cla
Copy link

@jonkjenn Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@pivotal-cla
Copy link

@jonkjenn Thank you for signing the Contributor License Agreement!

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 18, 2022
@jonkjenn jonkjenn changed the title Missing method mock unit test JwtDecoder unknown KID scenario is not correctly tested Nov 18, 2022
@jonkjenn jonkjenn changed the title JwtDecoder unknown KID scenario is not correctly tested NimbusJwtDecoder unknown KID scenario is not correctly tested Nov 18, 2022
@jonkjenn jonkjenn marked this pull request as ready for review November 18, 2022 11:38
@jzheaux
Copy link
Contributor

jzheaux commented Jan 5, 2023

Thanks, @jonkjenn! Will you please rebase to 5.7.x and squash your commits?

Please also add a brief description to the commit like:

Polish NimbusJwtDecoderTests

- Add missing mock

Closes gh-12238

@jzheaux jzheaux self-assigned this Jan 5, 2023
@jzheaux jzheaux added type: bug A general bug in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 5, 2023
@jzheaux jzheaux added this to the 5.7.7 milestone Jan 5, 2023
@jonkjenn jonkjenn changed the base branch from main to 5.7.x January 6, 2023 08:24
@jonkjenn
Copy link
Contributor Author

jonkjenn commented Jan 6, 2023

@jzheaux Updated

@jzheaux jzheaux merged commit 225dc59 into spring-projects:5.7.x Jan 6, 2023
@jzheaux jzheaux mentioned this pull request Jan 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
Projects
None yet
Milestone
5.7.7
Development

Successfully merging this pull request may close these issues.
4 participants
@jonkjenn @pivotal-cla @jzheaux @spring-projects-issues