fix: creating oauthsession for not existing client of app results in …

…exception now
supertokens · Oct 25, 2024 · f2747a2 · f2747a2
1 parent 887234d
commit f2747a2
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 9 deletions.
diff --git a/src/main/java/io/supertokens/inmemorydb/Start.java b/src/main/java/io/supertokens/inmemorydb/Start.java
@@ -3196,7 +3196,7 @@ public void deleteOAuthLogoutChallengesBefore(long time) throws StorageQueryExce
     public void createOrUpdateOAuthSession(AppIdentifier appIdentifier, String gid, String clientId,
                                            String externalRefreshToken, String internalRefreshToken,
                                            String sessionHandle, List<String> jtis, long exp)
-            throws StorageQueryException, TenantOrAppNotFoundException {
+            throws StorageQueryException, OAuthClientNotFoundException {
         try {
             OAuthQueries.createOrUpdateOAuthSession(this, appIdentifier, gid, clientId, externalRefreshToken,
                     internalRefreshToken, sessionHandle, jtis, exp);
@@ -3207,10 +3207,10 @@ public void createOrUpdateOAuthSession(AppIdentifier appIdentifier, String gid,
 
                 if (isForeignKeyConstraintError(
                         errorMessage,
-                        config.getAppsTable(),
-                        new String[]{"app_id"},
-                        new Object[]{appIdentifier.getAppId()})) {
-                    throw new TenantOrAppNotFoundException(appIdentifier);
+                        config.getOAuthClientsTable(),
+                        new String[]{"app_id", "client_id"},
+                        new Object[]{appIdentifier.getAppId(), clientId})) {
+                    throw new OAuthClientNotFoundException();
                 }
             }
             throw new StorageQueryException(e);

diff --git a/src/main/java/io/supertokens/oauth/OAuth.java b/src/main/java/io/supertokens/oauth/OAuth.java
@@ -660,7 +660,7 @@ public static String getInternalRefreshToken(Main main, AppIdentifier appIdentif
     public static void createOrUpdateOauthSession(Main main, AppIdentifier appIdentifier, Storage storage,
                                                   String clientId, String gid, String externalRefreshToken, String internalRefreshToken,
                                                   String sessionHandle, List<String> jtis, long exp)
-            throws StorageQueryException, TenantOrAppNotFoundException {
+            throws StorageQueryException, OAuthClientNotFoundException {
         OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage);
         oauthStorage.createOrUpdateOAuthSession(appIdentifier, gid, clientId, externalRefreshToken, internalRefreshToken,
                 sessionHandle, jtis, exp);

diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java
@@ -30,6 +30,7 @@
 import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
 import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
+import io.supertokens.pluginInterface.oauth.exception.OAuthClientNotFoundException;
 import io.supertokens.pluginInterface.session.SessionInfo;
 import io.supertokens.pluginInterface.useridmapping.UserIdMapping;
 import io.supertokens.session.Session;
@@ -157,7 +158,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
                 super.sendJsonResponse(200, finalResponse, resp);
             }
 
-        } catch (IOException | TenantOrAppNotFoundException | BadPermissionException | StorageQueryException e) {
+        } catch (IOException | TenantOrAppNotFoundException | BadPermissionException | StorageQueryException | OAuthClientNotFoundException e) {
             throw new ServletException(e);
         }
     }

diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java
@@ -261,7 +261,10 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
                         }
                     }
 
-                } catch (IOException | InvalidConfigException | TenantOrAppNotFoundException | StorageQueryException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | JWTCreationException | JWTException | StorageTransactionLogicException | UnsupportedJWTSigningAlgorithmException e) {
+                } catch (IOException | InvalidConfigException | TenantOrAppNotFoundException | StorageQueryException
+                         | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException
+                         | JWTCreationException | JWTException | StorageTransactionLogicException
+                         | UnsupportedJWTSigningAlgorithmException | OAuthClientNotFoundException e) {
                     throw new ServletException(e);
                 }
 

diff --git a/src/test/java/io/supertokens/test/oauth/OAuthStorageTest.java b/src/test/java/io/supertokens/test/oauth/OAuthStorageTest.java
@@ -315,7 +315,15 @@ public void testConstraints() throws Exception {
             storage.createOrUpdateOAuthSession(appIdentifier2, "abcd", "clientid", null, null, null, List.of("asdasd"),
                     System.currentTimeMillis() + 10000);
             fail();
-        } catch (TenantOrAppNotFoundException e) {
+        } catch (OAuthClientNotFoundException e) {
+            //expected
+        }
+
+        try {
+            storage.createOrUpdateOAuthSession(appIdentifier2, "abcd", "clientid-not-existing", null, null, null, List.of("asdasd"),
+                    System.currentTimeMillis() + 10000);
+            fail();
+        } catch (OAuthClientNotFoundException e) {
             //expected
         }