From 6b815d28288a41caaaec46ddc5bc3fa969c252ae Mon Sep 17 00:00:00 2001
From: Andre Blanke <andre@blanke.dev>
Date: Sun, 8 Dec 2024 10:59:25 +0100
Subject: [PATCH] Add copy constructor for DefaultOidcUser

---
 .../client/jackson2/DefaultOidcUserMixin.java |  7 +++
 .../oidc/userinfo/OidcUserRequestUtils.java   |  3 +-
 .../core/oidc/user/DefaultOidcUser.java       | 50 +++++++++++++++++++
 .../server/SecurityMockServerConfigurers.java |  2 +-
 .../SecurityMockMvcRequestPostProcessors.java |  2 +-
 5 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
index 5b46dc9396f..8a98e48bee6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java
@@ -43,10 +43,17 @@
 @JsonIgnoreProperties(value = { "attributes" }, ignoreUnknown = true)
 abstract class DefaultOidcUserMixin {
 
+	@Deprecated
 	@JsonCreator
 	DefaultOidcUserMixin(@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
 			@JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo,
 			@JsonProperty("nameAttributeKey") String nameAttributeKey) {
 	}
 
+	@JsonCreator
+	DefaultOidcUserMixin(@JsonProperty("name") String name,
+			@JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo,
+			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
+	}
+
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
index a9f3629aae9..9820f5ccb99 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
@@ -91,9 +91,10 @@ static OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo) {
 			authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
 		}
 		if (StringUtils.hasText(userNameAttributeName)) {
+			// TODO: Get name from OidcUserAuthority.collectClaims.
 			return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
 		}
-		return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
+		return new DefaultOidcUser(userRequest.getIdToken(), userInfo, authorities);
 	}
 
 	private OidcUserRequestUtils() {
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
index 2266fcf0e1c..e7ed67e59ee 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
@@ -51,10 +51,20 @@ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
 	 * @param authorities the authorities granted to the user
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
 	 */
+	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken) {
 		this(authorities, idToken, IdTokenClaimNames.SUB);
 	}
 
+	/**
+	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
+	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
+	 * @param authorities the authorities granted to the user
+	 */
+	public DefaultOidcUser(OidcIdToken idToken, Collection<? extends GrantedAuthority> authorities) {
+		this(null, idToken, authorities);
+	}
+
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
 	 * @param authorities the authorities granted to the user
@@ -62,11 +72,22 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from
 	 * {@link #getAttributes()}
 	 */
+	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
 			String nameAttributeKey) {
 		this(authorities, idToken, null, nameAttributeKey);
 	}
 
+	/**
+	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
+	 * @param name the name of the user
+	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
+	 * @param authorities the authorities granted to the user
+	 */
+	public DefaultOidcUser(String name, OidcIdToken idToken, Collection<? extends GrantedAuthority> authorities) {
+		this(name, idToken, null, authorities);
+	}
+
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
 	 * @param authorities the authorities granted to the user
@@ -74,11 +95,24 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
 	 * may be {@code null}
 	 */
+	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
 			OidcUserInfo userInfo) {
 		this(authorities, idToken, userInfo, IdTokenClaimNames.SUB);
 	}
 
+	/**
+	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
+	 * @param authorities the authorities granted to the user
+	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
+	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
+	 * may be {@code null}
+	 */
+	public DefaultOidcUser(OidcIdToken idToken, OidcUserInfo userInfo,
+			Collection<? extends GrantedAuthority> authorities) {
+		this(null, idToken, userInfo, authorities);
+	}
+
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
 	 * @param authorities the authorities granted to the user
@@ -88,6 +122,7 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from
 	 * {@link #getAttributes()}
 	 */
+	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
 			OidcUserInfo userInfo, String nameAttributeKey) {
 		super(authorities, OidcUserAuthority.collectClaims(idToken, userInfo), nameAttributeKey);
@@ -95,6 +130,21 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 		this.userInfo = userInfo;
 	}
 
+	/**
+	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
+	 * @param name the name of the user
+	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
+	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
+	 * may be {@code null}
+	 * @param authorities the authorities granted to the user
+	 */
+	public DefaultOidcUser(String name, OidcIdToken idToken, OidcUserInfo userInfo,
+			Collection<? extends GrantedAuthority> authorities) {
+		super(name, OidcUserAuthority.collectClaims(idToken, userInfo), authorities);
+		this.idToken = idToken;
+		this.userInfo = userInfo;
+	}
+
 	@Override
 	public Map<String, Object> getClaims() {
 		return this.getAttributes();
diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
index 0cce15b39d1..41fd86fea2c 100644
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@@ -1024,7 +1024,7 @@ private OidcUserInfo getOidcUserInfo() {
 		}
 
 		private OidcUser defaultPrincipal() {
-			return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo);
+			return new DefaultOidcUser(getOidcIdToken(), this.userInfo, getAuthorities());
 		}
 
 	}
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index 2bba7a50f97..247a6ed6d28 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -1534,7 +1534,7 @@ private OidcUserInfo getOidcUserInfo() {
 		}
 
 		private OidcUser defaultPrincipal() {
-			return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo);
+			return new DefaultOidcUser(getOidcIdToken(), this.userInfo, getAuthorities());
 		}
 
 	}