Fix #23083: SocketTimeoutException in OAuth20Authorization$OAuth20AuthorizationHandler.handleRequest

git-svn-id: https://josm.openstreetmap.de/svn/trunk@18786 0c6e7542-c601-0410-84e7-c038aed88b3b

Author: taylor.smock

src/org/openstreetmap/josm/data/oauth/OAuth20Authorization.java

@@ -101,12 +101,13 @@ public AuthorizationHandler.ResponseRecord handleRequest(String sender, String r
                     consumer.accept(Optional.of(oAuth20Token));
                 } catch (IOException | OAuth20Exception e) {
                     consumer.accept(Optional.empty());
-                    throw new JosmRuntimeException(e);
+                    throw new RequestHandler.RequestHandlerErrorException(e);
                 } finally {
                     tradeCodeForToken.disconnect();
                 }
             } catch (MalformedURLException e) {
-                throw new JosmRuntimeException(e);
+                consumer.accept(Optional.empty());
+                throw new RequestHandler.RequestHandlerBadRequestException(e);
             }
             return null;
         }

src/org/openstreetmap/josm/gui/preferences/server/OAuthAuthenticationPreferencesPanel.java

@@ -20,6 +20,7 @@
 import javax.swing.JButton;
 import javax.swing.JCheckBox;
 import javax.swing.JLabel;
+import javax.swing.JOptionPane;
 import javax.swing.JPanel;
 
 import org.openstreetmap.josm.actions.ExpertToggleAction;
@@ -374,6 +375,12 @@ public void actionPerformed(ActionEvent arg0) {
                     OAuthAccessTokenHolder.getInstance().setAccessToken(OsmApi.getOsmApi().getServerUrl(), token.orElse(null));
                     OAuthAccessTokenHolder.getInstance().save(CredentialsManager.getInstance());
                     GuiHelper.runInEDT(OAuthAuthenticationPreferencesPanel.this::refreshView);
+                    if (!token.isPresent()) {
+                        GuiHelper.runInEDT(() -> JOptionPane.showMessageDialog(MainApplication.getMainPanel(),
+                                tr("Authentication failed, please check browser for details."),
+                                tr("OAuth Authentication Failed"),
+                                JOptionPane.ERROR_MESSAGE));
+                    }
                 }, OsmScopes.read_gpx, OsmScopes.write_gpx,
                         OsmScopes.read_prefs, OsmScopes.write_prefs,
                         OsmScopes.write_api, OsmScopes.write_notes);

test/unit/org/openstreetmap/josm/data/oauth/OAuth20AuthorizationTest.java

@@ -1,12 +1,14 @@
 // License: GPL. For details, see LICENSE file.
 package org.openstreetmap.josm.data.oauth;
 
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
+import java.net.URL;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
@@ -19,6 +21,7 @@
 import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
 import com.github.tomakehurst.wiremock.extension.Parameters;
 import com.github.tomakehurst.wiremock.extension.ResponseTransformer;
+import com.github.tomakehurst.wiremock.http.FixedDelayDistribution;
 import com.github.tomakehurst.wiremock.http.HttpHeader;
 import com.github.tomakehurst.wiremock.http.HttpHeaders;
 import com.github.tomakehurst.wiremock.http.QueryParameter;
@@ -61,8 +64,14 @@ class OAuth20AuthorizationTest {
     private static final String CODE_CHALLENGE_METHOD_VALUE = "S256";
     private static final String CODE_CHALLENGE = "code_challenge";
 
+    private enum ConnectionProblems {
+        NONE,
+        SOCKET_TIMEOUT
+    }
+
     private static class OAuthServerWireMock extends ResponseTransformer {
         String stateToReturn;
+        ConnectionProblems connectionProblems = ConnectionProblems.NONE;
         @Override
         public Response transform(Request request, Response response, FileSource files, Parameters parameters) {
             try {
@@ -88,7 +97,15 @@ private Response tokenRequest(Request request, Response response) {
                     || !queryParameters.containsKey("code") || !queryParameters.containsKey("code_verifier")) {
                 return Response.Builder.like(response).but().status(500).build();
             }
-            return Response.Builder.like(response).but().body("{\"token_type\": \"bearer\", \"access_token\": \"test_access_token\"}").build();
+            switch (connectionProblems) {
+                case SOCKET_TIMEOUT:
+                    return Response.Builder.like(response).but().configureDelay(null, null,
+                                    10_000, new FixedDelayDistribution(0)).build();
+                case NONE:
+                default:
+                    return Response.Builder.like(response).but()
+                            .body("{\"token_type\": \"bearer\", \"access_token\": \"test_access_token\"}").build();
+            }
         }
 
         private Response authorizationRequest(Request request, Response response) {
@@ -135,6 +152,7 @@ void setup() {
         OpenBrowserMocker.getCalledURIs().clear();
         RemoteControl.stop(); // Ensure remote control is stopped
         oauthServer.stateToReturn = null;
+        oauthServer.connectionProblems = ConnectionProblems.NONE;
     }
 
     /**
@@ -163,17 +181,22 @@ public String getDefaultOsmApiUrl() {
         wireMockRuntimeInfo.getWireMock().register(WireMock.post(WireMock.urlPathEqualTo("/oauth2/token")));
     }
 
-    @Test
-    void testAuthorize(WireMockRuntimeInfo wireMockRuntimeInfo) throws IOException {
+    private HttpClient generateClient(WireMockRuntimeInfo wireMockRuntimeInfo, AtomicReference<Optional<IOAuthToken>> consumer) {
         final OAuth20Authorization authorization = new OAuth20Authorization();
-        final AtomicReference<Optional<IOAuthToken>> consumer = new AtomicReference<>();
         OAuth20Parameters parameters = (OAuth20Parameters) OAuthParameters.createDefault(OsmApi.getOsmApi().getBaseUrl(), OAuthVersion.OAuth20);
         RemoteControl.start();
         authorization.authorize(new OAuth20Parameters(parameters.getClientId(), parameters.getClientSecret(),
                 wireMockRuntimeInfo.getHttpBaseUrl() + "/oauth2", wireMockRuntimeInfo.getHttpBaseUrl() + "/api",
                 parameters.getRedirectUri()), consumer::set, OsmScopes.read_gpx);
         assertEquals(1, OpenBrowserMocker.getCalledURIs().size());
-        HttpClient client = HttpClient.create(OpenBrowserMocker.getCalledURIs().get(0).toURL());
+        final URL url = assertDoesNotThrow(() -> OpenBrowserMocker.getCalledURIs().get(0).toURL());
+        return HttpClient.create(url);
+    }
+
+    @Test
+    void testAuthorize(WireMockRuntimeInfo wireMockRuntimeInfo) throws IOException {
+        final AtomicReference<Optional<IOAuthToken>> consumer = new AtomicReference<>();
+        final HttpClient client = generateClient(wireMockRuntimeInfo, consumer);
         try {
             HttpClient.Response response = client.connect();
             assertEquals(200, response.getResponseCode());
@@ -190,15 +213,8 @@ void testAuthorize(WireMockRuntimeInfo wireMockRuntimeInfo) throws IOException {
     @Test
     void testAuthorizeBadState(WireMockRuntimeInfo wireMockRuntimeInfo) throws IOException {
         oauthServer.stateToReturn = "Bad_State";
-        final OAuth20Authorization authorization = new OAuth20Authorization();
         final AtomicReference<Optional<IOAuthToken>> consumer = new AtomicReference<>();
-        OAuth20Parameters parameters = (OAuth20Parameters) OAuthParameters.createDefault(OsmApi.getOsmApi().getBaseUrl(), OAuthVersion.OAuth20);
-        RemoteControl.start();
-        authorization.authorize(new OAuth20Parameters(parameters.getClientId(), parameters.getClientSecret(),
-                wireMockRuntimeInfo.getHttpBaseUrl() + "/oauth2", wireMockRuntimeInfo.getHttpBaseUrl() + "/api",
-                parameters.getRedirectUri()), consumer::set, OsmScopes.read_gpx);
-        assertEquals(1, OpenBrowserMocker.getCalledURIs().size());
-        HttpClient client = HttpClient.create(OpenBrowserMocker.getCalledURIs().get(0).toURL());
+        final HttpClient client = generateClient(wireMockRuntimeInfo, consumer);
         try {
             HttpClient.Response response = client.connect();
             assertEquals(400, response.getResponseCode());
@@ -209,4 +225,25 @@ void testAuthorizeBadState(WireMockRuntimeInfo wireMockRuntimeInfo) throws IOExc
         }
         assertNull(consumer.get(), "The OAuth consumer should not be called since the state does not match");
     }
+
+    @Test
+    void testSocketTimeout(WireMockRuntimeInfo wireMockRuntimeInfo) throws Exception {
+        // 1s before timeout
+        Config.getPref().putInt("socket.timeout.connect", 1);
+        Config.getPref().putInt("socket.timeout.read", 1);
+        oauthServer.connectionProblems = ConnectionProblems.SOCKET_TIMEOUT;
+
+        final AtomicReference<Optional<IOAuthToken>> consumer = new AtomicReference<>();
+        final HttpClient client = generateClient(wireMockRuntimeInfo, consumer)
+                .setConnectTimeout(15_000).setReadTimeout(30_000);
+        try {
+            HttpClient.Response response = client.connect();
+            assertEquals(500, response.getResponseCode());
+            String content = response.fetchContent();
+            assertTrue(content.contains("java.net.SocketTimeoutException: Read timed out"));
+        } finally {
+            client.disconnect();
+        }
+        assertEquals(Optional.empty(), consumer.get());
+    }
 }