From f2fc0dccafb96a5abe4fa25b68064bf733f97436 Mon Sep 17 00:00:00 2001 From: Ovidiu Popa Date: Thu, 29 Jul 2021 17:37:28 +0300 Subject: [PATCH] Set PasswordEncoder in RegisteredClientParameters mapper and hash the client secret before saving it Closes gh-378 --- .../JdbcRegisteredClientRepository.java | 18 +++++++- .../OAuth2AuthorizationCodeGrantTests.java | 9 +++- .../OAuth2ClientCredentialsGrantTests.java | 9 +++- .../OAuth2RefreshTokenGrantTests.java | 9 +++- .../OAuth2TokenIntrospectionTests.java | 9 +++- .../OAuth2TokenRevocationTests.java | 9 +++- .../OidcClientRegistrationTests.java | 6 ++- .../server/authorization/OidcTests.java | 9 +++- .../JdbcRegisteredClientRepositoryTests.java | 46 +++++++++++++++++-- 9 files changed, 106 insertions(+), 18 deletions(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java index 2c38f39d1..1a9fdf28b 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java @@ -36,6 +36,8 @@ import org.springframework.jdbc.core.PreparedStatementSetter; import org.springframework.jdbc.core.RowMapper; import org.springframework.jdbc.core.SqlParameterValue; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.jackson2.SecurityJackson2Modules; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; @@ -291,6 +293,7 @@ private static ClientAuthenticationMethod resolveClientAuthenticationMethod(Stri */ public static class RegisteredClientParametersMapper implements Function> { private ObjectMapper objectMapper = new ObjectMapper(); + private PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); public RegisteredClientParametersMapper() { ClassLoader classLoader = JdbcRegisteredClientRepository.class.getClassLoader(); @@ -319,7 +322,7 @@ public List apply(RegisteredClient registeredClient) { new SqlParameterValue(Types.VARCHAR, registeredClient.getId()), new SqlParameterValue(Types.VARCHAR, registeredClient.getClientId()), new SqlParameterValue(Types.TIMESTAMP, clientIdIssuedAt), - new SqlParameterValue(Types.VARCHAR, registeredClient.getClientSecret()), + new SqlParameterValue(Types.VARCHAR, encode(registeredClient.getClientSecret())), new SqlParameterValue(Types.TIMESTAMP, clientSecretExpiresAt), new SqlParameterValue(Types.VARCHAR, registeredClient.getClientName()), new SqlParameterValue(Types.VARCHAR, StringUtils.collectionToCommaDelimitedString(clientAuthenticationMethods)), @@ -335,6 +338,12 @@ public final void setObjectMapper(ObjectMapper objectMapper) { this.objectMapper = objectMapper; } + + public final void setPasswordEncoder(PasswordEncoder passwordEncoder) { + Assert.notNull(passwordEncoder, "passwordEncoder cannot be null"); + this.passwordEncoder = passwordEncoder; + } + protected final ObjectMapper getObjectMapper() { return this.objectMapper; } @@ -347,6 +356,13 @@ private String writeMap(Map data) { } } + private String encode(String value) { + if (value != null) { + return this.passwordEncoder.encode(value); + } + return null; + } + } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java index a1e2cdf1f..6b94db4fe 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationCodeGrantTests.java @@ -83,6 +83,7 @@ import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository; +import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; @@ -582,8 +583,12 @@ OAuth2AuthorizationConsentService authorizationConsentService(JdbcOperations jdb } @Bean - RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) { - return new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations, PasswordEncoder passwordEncoder) { + JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper(); + registeredClientParametersMapper.setPasswordEncoder(passwordEncoder); + jdbcRegisteredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); + return jdbcRegisteredClientRepository; } @Bean diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java index 6f743a2a9..7674bee70 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java @@ -67,6 +67,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository; +import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; @@ -279,8 +280,12 @@ OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations, R } @Bean - RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) { - return new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations, PasswordEncoder passwordEncoder) { + JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper(); + registeredClientParametersMapper.setPasswordEncoder(passwordEncoder); + jdbcRegisteredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); + return jdbcRegisteredClientRepository; } @Bean diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java index ca11f4013..53300f6a8 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2RefreshTokenGrantTests.java @@ -68,6 +68,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository; +import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; @@ -207,8 +208,12 @@ OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations, R } @Bean - RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) { - return new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations, PasswordEncoder passwordEncoder) { + JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper(); + registeredClientParametersMapper.setPasswordEncoder(passwordEncoder); + jdbcRegisteredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); + return jdbcRegisteredClientRepository; } @Bean diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java index 6ed136c94..217de6a34 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenIntrospectionTests.java @@ -62,6 +62,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository; +import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; @@ -244,8 +245,12 @@ OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations, R } @Bean - RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) { - return new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations, PasswordEncoder passwordEncoder) { + JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper(); + registeredClientParametersMapper.setPasswordEncoder(passwordEncoder); + jdbcRegisteredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); + return jdbcRegisteredClientRepository; } @Bean diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java index 38427f233..640aa4e3c 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java @@ -54,6 +54,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository; +import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; @@ -207,8 +208,12 @@ OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations, R } @Bean - RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) { - return new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations, PasswordEncoder passwordEncoder) { + JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper(); + registeredClientParametersMapper.setPasswordEncoder(passwordEncoder); + jdbcRegisteredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); + return jdbcRegisteredClientRepository; } @Bean diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java index c641d22e2..1035fc4b6 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java @@ -60,6 +60,7 @@ import org.springframework.security.oauth2.jose.TestJwks; import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository; +import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; @@ -226,9 +227,12 @@ private static OidcClientRegistration readClientRegistrationResponse(MockHttpSer static class AuthorizationServerConfiguration { @Bean - RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) { + RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations, PasswordEncoder passwordEncoder) { RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); + RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper(); + registeredClientParametersMapper.setPasswordEncoder(passwordEncoder); JdbcRegisteredClientRepository registeredClientRepository = new JdbcRegisteredClientRepository(jdbcOperations); + registeredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); registeredClientRepository.save(registeredClient); return registeredClientRepository; } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java index 5de86a4f5..15ea8e7d1 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcTests.java @@ -73,6 +73,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository; +import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; @@ -275,8 +276,12 @@ OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations, R } @Bean - RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) { - return new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations, PasswordEncoder passwordEncoder) { + JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcOperations); + RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper(); + registeredClientParametersMapper.setPasswordEncoder(passwordEncoder); + jdbcRegisteredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); + return jdbcRegisteredClientRepository; } @Bean diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java index f7a3395ac..229cb5f05 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java @@ -40,9 +40,13 @@ import org.springframework.jdbc.datasource.embedded.EmbeddedDatabase; import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder; import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType; +import org.springframework.security.crypto.password.NoOpPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.jackson2.SecurityJackson2Modules; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; +import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientRowMapper; import org.springframework.security.oauth2.server.authorization.config.ClientSettings; import org.springframework.security.oauth2.server.authorization.config.TokenSettings; import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module; @@ -52,7 +56,9 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; /** @@ -69,12 +75,27 @@ public class JdbcRegisteredClientRepositoryTests { private EmbeddedDatabase db; private JdbcOperations jdbcOperations; private JdbcRegisteredClientRepository registeredClientRepository; + private PasswordEncoder passwordEncoder; @Before public void setUp() { this.db = createDb(OAUTH2_REGISTERED_CLIENT_SCHEMA_SQL_RESOURCE); this.jdbcOperations = new JdbcTemplate(this.db); this.registeredClientRepository = new JdbcRegisteredClientRepository(this.jdbcOperations); + this.passwordEncoder = spy(new PasswordEncoder() { + @Override + public String encode(CharSequence rawPassword) { + return NoOpPasswordEncoder.getInstance().encode(rawPassword); + } + + @Override + public boolean matches(CharSequence rawPassword, String encodedPassword) { + return NoOpPasswordEncoder.getInstance().matches(rawPassword, encodedPassword); + } + }); + RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper(); + registeredClientParametersMapper.setPasswordEncoder(this.passwordEncoder); + this.registeredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); } @After @@ -144,15 +165,28 @@ public void saveWhenNewThenSaved() { this.registeredClientRepository.save(expectedRegisteredClient); RegisteredClient registeredClient = this.registeredClientRepository.findById(expectedRegisteredClient.getId()); assertThat(registeredClient).isEqualTo(expectedRegisteredClient); + verify(this.passwordEncoder).encode(anyString()); + } + + @Test + public void saveWhenClientSecretNullThenSaved() { + RegisteredClient expectedRegisteredClient = TestRegisteredClients.registeredClient() + .clientSecret(null).build(); + this.registeredClientRepository.save(expectedRegisteredClient); + RegisteredClient registeredClient = this.registeredClientRepository.findById(expectedRegisteredClient.getId()); + assertThat(registeredClient).isEqualTo(expectedRegisteredClient); + verify(this.passwordEncoder, times(0)).encode(anyString()); } @Test public void saveLoadRegisteredClientWhenCustomStrategiesSetThenCalled() throws Exception { RowMapper registeredClientRowMapper = spy( - new JdbcRegisteredClientRepository.RegisteredClientRowMapper()); + new RegisteredClientRowMapper()); this.registeredClientRepository.setRegisteredClientRowMapper(registeredClientRowMapper); + RegisteredClientParametersMapper clientParametersMapper = new RegisteredClientParametersMapper(); + clientParametersMapper.setPasswordEncoder(this.passwordEncoder); Function> registeredClientParametersMapper = spy( - new JdbcRegisteredClientRepository.RegisteredClientParametersMapper()); + clientParametersMapper); this.registeredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); @@ -161,6 +195,7 @@ public void saveLoadRegisteredClientWhenCustomStrategiesSetThenCalled() throws E assertThat(result).isEqualTo(registeredClient); verify(registeredClientRowMapper).mapRow(any(), anyInt()); verify(registeredClientParametersMapper).apply(any()); + verify(this.passwordEncoder).encode(anyString()); } @Test @@ -212,14 +247,17 @@ public void findByClientIdWhenNotExistsThenNotFound() { @Test public void tableDefinitionWhenCustomThenAbleToOverride() { EmbeddedDatabase db = createDb(OAUTH2_CUSTOM_REGISTERED_CLIENT_SCHEMA_SQL_RESOURCE); - RegisteredClientRepository registeredClientRepository = - new CustomJdbcRegisteredClientRepository(new JdbcTemplate(db)); + RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper(); + registeredClientParametersMapper.setPasswordEncoder(this.passwordEncoder); + CustomJdbcRegisteredClientRepository registeredClientRepository = new CustomJdbcRegisteredClientRepository(new JdbcTemplate(db)); + registeredClientRepository.setRegisteredClientParametersMapper(registeredClientParametersMapper); RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); registeredClientRepository.save(registeredClient); RegisteredClient foundRegisteredClient1 = registeredClientRepository.findById(registeredClient.getId()); assertThat(foundRegisteredClient1).isEqualTo(registeredClient); RegisteredClient foundRegisteredClient2 = registeredClientRepository.findByClientId(registeredClient.getClientId()); assertThat(foundRegisteredClient2).isEqualTo(registeredClient); + verify(this.passwordEncoder).encode(anyString()); db.shutdown(); }