From e7cee758c553e3a3f80fb3638004f733148eaf36 Mon Sep 17 00:00:00 2001
From: Scott Frederick <sfrederick@pivotal.io>
Date: Fri, 15 Mar 2019 15:21:53 -0500
Subject: [PATCH] Fail at startup if a configured OAuth2 client ID is not
 valid.

---
 .../core/CredHubRestTemplateFactory.java      |  5 +++++
 .../credhub/core/CredHubWebClientFactory.java |  6 ++---
 ...CredHubTemplateAutoConfigurationTests.java | 22 ++++++++++++++++++-
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/spring-credhub-core/src/main/java/org/springframework/credhub/core/CredHubRestTemplateFactory.java b/spring-credhub-core/src/main/java/org/springframework/credhub/core/CredHubRestTemplateFactory.java
index ab8cbfbe..994fecf9 100644
--- a/spring-credhub-core/src/main/java/org/springframework/credhub/core/CredHubRestTemplateFactory.java
+++ b/spring-credhub-core/src/main/java/org/springframework/credhub/core/CredHubRestTemplateFactory.java
@@ -130,6 +130,11 @@ private static void configureOAuth2(RestTemplate restTemplate,
 										OAuth2AuthorizedClientService authorizedClientService) {
 		ClientRegistration clientRegistration = clientRegistrationRepository.findByRegistrationId(clientId);
 
+		if (clientRegistration == null) {
+			throw new IllegalStateException("The CredHub OAuth2 client registration ID '" + clientId +
+					"' is not a valid Spring Security OAuth2 client registration");
+		}
+
 		RestOperations tokenServerRestTemplate = createTokenServerRestTemplate(clientHttpRequestFactory);
 
 		restTemplate.getInterceptors()
diff --git a/spring-credhub-core/src/main/java/org/springframework/credhub/core/CredHubWebClientFactory.java b/spring-credhub-core/src/main/java/org/springframework/credhub/core/CredHubWebClientFactory.java
index fc8c59c5..a324022a 100644
--- a/spring-credhub-core/src/main/java/org/springframework/credhub/core/CredHubWebClientFactory.java
+++ b/spring-credhub-core/src/main/java/org/springframework/credhub/core/CredHubWebClientFactory.java
@@ -31,8 +31,6 @@
 import org.springframework.web.reactive.function.client.ExchangeStrategies;
 import org.springframework.web.reactive.function.client.WebClient;
 
-import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
-
 /**
  * Factory for creating a {@link WebClient} configured for communication with
  * a CredHub server.
@@ -82,7 +80,9 @@ static WebClient createWebClient(CredHubProperties properties, ClientHttpConnect
 		return buildWebClient(properties.getUrl(), clientHttpConnector)
 				.filter(oauth)
 				.defaultRequest(requestHeadersSpec ->
-						requestHeadersSpec.attributes(clientRegistrationId(properties.getOauth2().getRegistrationId())))
+						requestHeadersSpec.attributes(
+								ServerOAuth2AuthorizedClientExchangeFilterFunction
+										.clientRegistrationId(properties.getOauth2().getRegistrationId())))
 				.build();
 	}
 
diff --git a/spring-credhub-starter/src/test/java/org/springframework/credhub/autoconfig/CredHubTemplateAutoConfigurationTests.java b/spring-credhub-starter/src/test/java/org/springframework/credhub/autoconfig/CredHubTemplateAutoConfigurationTests.java
index 9257effb..f1bd98f3 100644
--- a/spring-credhub-starter/src/test/java/org/springframework/credhub/autoconfig/CredHubTemplateAutoConfigurationTests.java
+++ b/spring-credhub-starter/src/test/java/org/springframework/credhub/autoconfig/CredHubTemplateAutoConfigurationTests.java
@@ -101,6 +101,24 @@ public void credHubTemplatesConfiguredWithOAuth2() {
 				});
 	}
 
+	@Test
+	public void credHubTemplatesNotConfiguredWithInvalidClientRegistration() {
+		context
+				.withPropertyValues(
+						"spring.credhub.url=https://localhost",
+						"spring.credhub.oauth2.registration-id=invalid-credhub-client",
+
+						"spring.security.oauth2.client.registration.credhub-client.provider=uaa",
+						"spring.security.oauth2.client.registration.credhub-client.client-id=test-client",
+						"spring.security.oauth2.client.registration.credhub-client.client-secret=test-secret",
+						"spring.security.oauth2.client.registration.credhub-client.authorization-grant-type=client_credentials",
+						"spring.security.oauth2.client.provider.uaa.token-uri=http://example.com/uaa/oauth/token"
+				)
+				.run(context -> assertThat(context)
+						.getFailure()
+						.hasMessageContaining("The CredHub OAuth2 client registration ID 'invalid-credhub-client' is not a valid"));
+	}
+
 	@Test
 	public void credHubTemplatesNotConfiguredWithMissingClientRegistration() {
 		context
@@ -108,7 +126,9 @@ public void credHubTemplatesNotConfiguredWithMissingClientRegistration() {
 						"spring.credhub.url=https://localhost",
 						"spring.credhub.oauth2.registration-id=credhub-client"
 				)
-				.run(context -> assertThat(context).hasFailed());
+				.run(context -> assertThat(context)
+						.getFailure()
+						.hasMessageContaining("A CredHub OAuth2 client registration is configured but"));
 	}
 
 	@Test