Merge pull request #88 from SmartThingsOSS/mbridges/feature/coda-1759…

…-opaque-principals

[CODA-1759] removing url encoding for token

dropwizard-guice/src/main/java/smartthings/dw/guice/DwGuice.java

@@ -3,6 +3,7 @@
 import com.codahale.metrics.health.HealthCheck;
 import com.google.common.collect.Lists;
 import com.google.inject.*;
+import com.google.inject.Module;
 import com.google.inject.servlet.GuiceFilter;
 import com.google.inject.servlet.ServletModule;
 import io.dropwizard.lifecycle.Managed;

dropwizard-oauth/src/main/java/smartthings/dw/oauth/SpringSecurityAuthenticator.java

@@ -1,8 +1,6 @@
 package smartthings.dw.oauth;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.escape.Escaper;
-import com.google.common.net.UrlEscapers;
 import com.google.common.primitives.Ints;
 import com.google.inject.Singleton;
 import io.dropwizard.auth.AuthenticationException;
@@ -20,7 +18,6 @@
 @Singleton
 public class SpringSecurityAuthenticator implements OAuthAuthenticator {
 	private static final ObjectMapper MAPPER = Jackson.newObjectMapper();
-	private static final Escaper URL_ESCAPER = UrlEscapers.urlFormParameterEscaper();
 
 	private final AuthConfiguration config;
 	private final Realm realm;
@@ -50,8 +47,9 @@ public Optional<OAuthToken> authenticate(String token) throws AuthenticationExce
 				.setRequestTimeout(timeout)
 				.setRealm(realm)
 				.addHeader("Accept", "application/json")
+                .addHeader("Content-Type", "application/x-www-form-urlencoded")
 				.addHeader(LoggingContext.CORRELATION_ID_HEADER, LoggingContext.getLoggingId())
-				.addFormParam("token", URL_ESCAPER.escape(token))
+				.addFormParam("token", token)
 				.execute()
 				.get();
 

dropwizard-oauth/src/test/groovy/smartthings/dw/oauth/SpringSecurityAuthenticatorSpec.groovy

@@ -39,6 +39,7 @@ class SpringSecurityAuthenticatorSpec extends Specification {
 
 		then:
 		1 * client.preparePost("${config.host}/oauth/check_token") >> requestBuilder
+        1 * requestBuilder.addHeader('Content-Type', 'application/x-www-form-urlencoded') >> requestBuilder
 		1 * requestBuilder.setRequestTimeout(1000) >> requestBuilder
 		1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
 		1 * requestBuilder.addHeader('Accept', 'application/json') >> requestBuilder
@@ -59,6 +60,7 @@ class SpringSecurityAuthenticatorSpec extends Specification {
 		then:
 		1 * client.preparePost("${config.host}/oauth/check_token") >> requestBuilder
 		1 * requestBuilder.setRequestTimeout(1000) >> requestBuilder
+        1 * requestBuilder.addHeader('Content-Type', 'application/x-www-form-urlencoded') >> requestBuilder
 		1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
 		1 * requestBuilder.addHeader('Accept', 'application/json') >> requestBuilder
 		1 * requestBuilder.addHeader(LoggingContext.CORRELATION_ID_HEADER, LoggingContext.loggingId) >> requestBuilder
@@ -79,6 +81,7 @@ class SpringSecurityAuthenticatorSpec extends Specification {
         then:
         1 * client.preparePost("${config.host}/oauth/check_token") >> requestBuilder
         1 * requestBuilder.setRequestTimeout(1000) >> requestBuilder
+        1 * requestBuilder.addHeader('Content-Type', 'application/x-www-form-urlencoded') >> requestBuilder
         1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
         1 * requestBuilder.addHeader('Accept', 'application/json') >> requestBuilder
         1 * requestBuilder.addHeader(LoggingContext.CORRELATION_ID_HEADER, LoggingContext.loggingId) >> requestBuilder
@@ -101,6 +104,7 @@ class SpringSecurityAuthenticatorSpec extends Specification {
 
 		then:
 		1 * client.preparePost("${config.host}/oauth/check_token") >> requestBuilder
+        1 * requestBuilder.addHeader('Content-Type', 'application/x-www-form-urlencoded') >> requestBuilder
 		1 * requestBuilder.setRequestTimeout(1000) >> requestBuilder
 		1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
 		1 * requestBuilder.addHeader('Accept', 'application/json') >> requestBuilder
@@ -130,7 +134,8 @@ class SpringSecurityAuthenticatorSpec extends Specification {
 		then:
 		1 * client.preparePost("${config.host}/oauth/check_token") >> requestBuilder
 		1 * requestBuilder.setRequestTimeout(1000) >> requestBuilder
-		1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
+        1 * requestBuilder.addHeader('Content-Type', 'application/x-www-form-urlencoded') >> requestBuilder
+        1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
 		1 * requestBuilder.addHeader('Accept', 'application/json') >> requestBuilder
 		1 * requestBuilder.addHeader(LoggingContext.CORRELATION_ID_HEADER, LoggingContext.loggingId) >> requestBuilder
 		1 * requestBuilder.addFormParam("token", token) >> requestBuilder
@@ -167,7 +172,8 @@ class SpringSecurityAuthenticatorSpec extends Specification {
 		then:
 		1 * client.preparePost("${config.host}/oauth/check_token") >> requestBuilder
 		1 * requestBuilder.setRequestTimeout(1000) >> requestBuilder
-		1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
+        1 * requestBuilder.addHeader('Content-Type', 'application/x-www-form-urlencoded') >> requestBuilder
+        1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
 		1 * requestBuilder.addHeader('Accept', 'application/json') >> requestBuilder
 		1 * requestBuilder.addHeader(LoggingContext.CORRELATION_ID_HEADER, LoggingContext.loggingId) >> requestBuilder
 		1 * requestBuilder.addFormParam("token", token) >> requestBuilder
@@ -208,7 +214,8 @@ class SpringSecurityAuthenticatorSpec extends Specification {
 		1 * client.preparePost("${config.host}/oauth/check_token") >> requestBuilder
 		1 * requestBuilder.setRequestTimeout(1000) >> requestBuilder
 		1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
-		1 * requestBuilder.addHeader('Accept', 'application/json') >> requestBuilder
+        1 * requestBuilder.addHeader('Content-Type', 'application/x-www-form-urlencoded') >> requestBuilder
+        1 * requestBuilder.addHeader('Accept', 'application/json') >> requestBuilder
 		1 * requestBuilder.addHeader(LoggingContext.CORRELATION_ID_HEADER, LoggingContext.loggingId) >> requestBuilder
 		1 * requestBuilder.addFormParam("token", token) >> requestBuilder
 		1 * requestBuilder.execute() >> future
@@ -252,6 +259,7 @@ class SpringSecurityAuthenticatorSpec extends Specification {
         1 * client.preparePost("${config.host}/oauth/check_token") >> requestBuilder
         1 * requestBuilder.setRequestTimeout(1000) >> requestBuilder
         1 * requestBuilder.setRealm({ it.principal == config.user && it.password == config.password }) >> requestBuilder
+        1 * requestBuilder.addHeader('Content-Type', 'application/x-www-form-urlencoded') >> requestBuilder
         1 * requestBuilder.addHeader('Accept', 'application/json') >> requestBuilder
         1 * requestBuilder.addHeader(LoggingContext.CORRELATION_ID_HEADER, LoggingContext.loggingId) >> requestBuilder
         1 * requestBuilder.addFormParam("token", token) >> requestBuilder