Boot Migration - Backwards compatible request mappings (end with slash)

server/src/main/java/org/cloudfoundry/identity/uaa/account/PasswordResetEndpoint.java

@@ -63,7 +63,7 @@ public PasswordResetEndpoint(
         this.identityZoneManager = identityZoneManager;
     }
 
-    @PostMapping("/password_resets")
+    @PostMapping({"/password_resets", "/password_resets/"})
     public ResponseEntity<PasswordResetResponse> resetPassword(@RequestBody String email,
             @RequestParam(required = false, value = "client_id") String clientId,
             @RequestParam(required = false, value = "redirect_uri") String redirectUri) {
@@ -95,7 +95,7 @@ private ExpiringCode getExpiringCode(String code) {
         return expiringCode;
     }
 
-    @PostMapping("/password_change")
+    @PostMapping({"/password_change", "/password_change/"})
     public ResponseEntity<LostPasswordChangeResponse> changePassword(@RequestBody LostPasswordChangeRequest passwordChangeRequest) {
         ResponseEntity<LostPasswordChangeResponse> responseEntity;
         if (passwordChangeRequest.getChangeCode() != null) {

server/src/main/java/org/cloudfoundry/identity/uaa/account/ProfileController.java

@@ -70,7 +70,7 @@ public String get(Authentication authentication, Model model) {
     /**
      * Handle form post for revoking chosen approvals
      */
-    @PostMapping("/profile")
+    @PostMapping({"/profile", "/profile/"})
     public String post(@RequestParam(required = false) Collection<String> checkedScopes,
             @RequestParam(required = false) String update,
             @RequestParam(required = false) String delete,

server/src/main/java/org/cloudfoundry/identity/uaa/authentication/RemoteAuthenticationEndpoint.java

@@ -44,7 +44,7 @@ public RemoteAuthenticationEndpoint(
         this.loginAuthenticationManager = loginAuthenticationManager;
     }
 
-    @PostMapping({"/authenticate"})
+    @PostMapping({"/authenticate", "/authenticate/"})
     @ResponseBody
     public HttpEntity<AuthenticationResponse> authenticate(HttpServletRequest request,
             @RequestParam String username,
@@ -77,7 +77,7 @@ public HttpEntity<AuthenticationResponse> authenticate(HttpServletRequest reques
         return new ResponseEntity<>(response, status);
     }
 
-    @PostMapping(value = {"/authenticate"}, params = {"source", "origin", UaaAuthenticationDetails.ADD_NEW})
+    @PostMapping(value = {"/authenticate", "/authenticate/"}, params = {"source", "origin", UaaAuthenticationDetails.ADD_NEW})
     @ResponseBody
     public HttpEntity<AuthenticationResponse> authenticate(HttpServletRequest request,
             @RequestParam String username,

server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpoints.java

@@ -206,7 +206,7 @@ public ClientDetails getClientDetails(@PathVariable String client) {
         }
     }
 
-    @PostMapping("/oauth/clients")
+    @PostMapping({"/oauth/clients", "/oauth/clients/"})
     @ResponseStatus(HttpStatus.CREATED)
     @ResponseBody
     @Transactional
@@ -234,15 +234,15 @@ public List<String> getRestrictedClientScopes() {
     }
 
 
-    @PostMapping("/oauth/clients/restricted")
+    @PostMapping({"/oauth/clients/restricted", "/oauth/clients/restricted/"})
     @ResponseStatus(HttpStatus.CREATED)
     @ResponseBody
     public ClientDetails createRestrictedClientDetails(@RequestBody UaaClientDetails client) {
         restrictedScopesValidator.validate(client, Mode.CREATE);
         return createClientDetailsInternal(client);
     }
 
-    @PostMapping("/oauth/clients/tx")
+    @PostMapping({"/oauth/clients/tx", "/oauth/clients/tx/"})
     @ResponseStatus(HttpStatus.CREATED)
     @ResponseBody
     @Transactional
@@ -265,7 +265,7 @@ protected ClientDetails[] doInsertClientDetails(ClientDetails[] details) {
         return details;
     }
 
-    @PutMapping("/oauth/clients/tx")
+    @PutMapping({"/oauth/clients/tx", "/oauth/clients/tx/"})
     @ResponseStatus(HttpStatus.OK)
     @Transactional
     @ResponseBody
@@ -340,7 +340,7 @@ public ClientDetails removeClientDetails(@PathVariable String client) {
         return removeSecret(details);
     }
 
-    @PostMapping("/oauth/clients/tx/delete")
+    @PostMapping({"/oauth/clients/tx/delete", "/oauth/clients/tx/delete/"})
     @ResponseStatus(HttpStatus.OK)
     @Transactional
     @ResponseBody
@@ -352,7 +352,7 @@ public ClientDetails[] removeClientDetailsTx(@RequestBody UaaClientDetails[] det
         return doProcessDeletes(result);
     }
 
-    @PostMapping("/oauth/clients/tx/modify")
+    @PostMapping({"/oauth/clients/tx/modify", "/oauth/clients/tx/modify/"})
     @ResponseStatus(HttpStatus.OK)
     @Transactional
     @ResponseBody
@@ -406,7 +406,7 @@ private boolean updateClientSecret(ClientDetailsModification detail) {
     }
 
 
-    @PostMapping("/oauth/clients/tx/secret")
+    @PostMapping({"/oauth/clients/tx/secret", "/oauth/clients/tx/secret/"})
     @ResponseStatus(HttpStatus.OK)
     @Transactional
     @ResponseBody
@@ -449,7 +449,7 @@ protected void deleteApprovals(String clientId) {
         approvalStore.revokeApprovalsForClient(clientId, identityZoneManager.getCurrentIdentityZoneId());
     }
 
-    @GetMapping("/oauth/clients")
+    @GetMapping({"/oauth/clients", "/oauth/clients/"})
     @ResponseBody
     public SearchResults<?> listClientDetails(
             @RequestParam(value = "attributes", required = false) String attributesCommaSeparated,

server/src/main/java/org/cloudfoundry/identity/uaa/codestore/CodeStoreEndpoints.java

@@ -29,7 +29,7 @@ public class CodeStoreEndpoints {
         this.identityZoneManager = identityZoneManager;
     }
 
-    @PostMapping({"/Codes"})
+    @PostMapping({"/Codes", "/Codes/"})
     @ResponseStatus(HttpStatus.CREATED)
     @ResponseBody
     public ExpiringCode generateCode(@RequestBody ExpiringCode expiringCode) {

server/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpoint.java

@@ -67,7 +67,7 @@ public InvitationsEndpoint(final ScimUserProvisioning scimUserProvisioning,
         this.expiringCodeStore = expiringCodeStore;
     }
 
-    @PostMapping(value = "/invite_users", consumes = "application/json")
+    @PostMapping(value = {"/invite_users", "/invite_users/"}, consumes = "application/json")
     public ResponseEntity<InvitationsResponse> inviteUsers(@RequestBody InvitationsRequest invitations,
             @RequestParam(value = "client_id", required = false) String clientId,
             @RequestParam(value = "redirect_uri") String redirectUri) {

server/src/main/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeController.java

@@ -32,14 +32,14 @@ public class ForcePasswordChangeController {
     private final ResetPasswordService resetPasswordService;
     private final IdentityZoneManager identityZoneManager;
 
-    @GetMapping("/force_password_change")
+    @GetMapping({"/force_password_change", "/force_password_change/"})
     public String forcePasswordChangePage(Model model) {
         String email = ((UaaAuthentication) SecurityContextHolder.getContext().getAuthentication()).getPrincipal().getEmail();
         model.addAttribute("email", email);
         return "force_password_change";
     }
 
-    @PostMapping("/force_password_change")
+    @PostMapping({"/force_password_change", "/force_password_change/"})
     public String handleForcePasswordChange(Model model,
             @RequestParam String password,
             @RequestParam("password_confirmation") String passwordConfirmation,

server/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.java

@@ -138,7 +138,7 @@ private List<ScimGroup> filterForCurrentUser(List<ScimGroup> input, int startInd
         return response;
     }
 
-    @GetMapping({"/Groups"})
+    @GetMapping({"/Groups", "/Groups/"})
     @ResponseBody
     public SearchResults<?> listGroups(
             @RequestParam(value = "attributes", required = false) String attributesCommaSeparated,
@@ -193,7 +193,7 @@ public SearchResults<?> listExternalGroups(
         return getExternalGroups(startIndex, count, filter, "", "");
     }
 
-    @GetMapping({"/Groups/External"})
+    @GetMapping({"/Groups/External", "/Groups/External/"})
     @ResponseBody
     public SearchResults<?> getExternalGroups(
             @RequestParam(required = false, defaultValue = "1") int startIndex,
@@ -241,7 +241,7 @@ public SearchResults<?> getExternalGroups(
                 Arrays.asList(ScimCore.SCHEMAS));
     }
 
-    @PostMapping({"/Groups/External"})
+    @PostMapping({"/Groups/External", "/Groups/External/"})
     @ResponseBody
     @ResponseStatus(HttpStatus.CREATED)
     public ScimGroupExternalMember mapExternalGroup(@RequestBody ScimGroupExternalMember sgm) {
@@ -366,7 +366,7 @@ public ScimGroup getGroup(@PathVariable String groupId, HttpServletResponse http
         return group;
     }
 
-    @PostMapping({"/Groups"})
+    @PostMapping({"/Groups", "/Groups/"})
     @ResponseStatus(HttpStatus.CREATED)
     @ResponseBody
     public ScimGroup createGroup(@RequestBody ScimGroup group, HttpServletResponse httpServletResponse) {
@@ -472,7 +472,7 @@ public ScimGroup deleteGroup(@PathVariable String groupId,
         return group;
     }
 
-    @PostMapping({"/Groups/zones"})
+    @PostMapping({"/Groups/zones", "/Groups/zones/"})
     @ResponseStatus(HttpStatus.CREATED)
     @ResponseBody
     @Deprecated

server/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpoints.java

@@ -228,7 +228,7 @@ public ScimUser getUser(@PathVariable String userId, HttpServletResponse respons
         return scimUser;
     }
 
-    @PostMapping("/Users")
+    @PostMapping({"/Users", "/Users/"})
     @ResponseStatus(HttpStatus.CREATED)
     @ResponseBody
     public ScimUser createUser(@RequestBody ScimUser user, HttpServletRequest request, HttpServletResponse response) {
@@ -489,7 +489,7 @@ private int getVersion(String userId, String etag) {
         }
     }
 
-    @GetMapping("/Users")
+    @GetMapping({"/Users", "/Users/"})
     @ResponseBody
     public SearchResults<?> findUsers(
             @RequestParam(value = "attributes", required = false) String attributesCommaSeparated,

server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java

@@ -355,7 +355,7 @@ public ResponseEntity<IdentityZone> deleteIdentityZone(@PathVariable String id)
         }
     }
 
-    @PostMapping("{identityZoneId}/clients")
+    @PostMapping({"{identityZoneId}/clients", "{identityZoneId}/clients/"})
     public ResponseEntity<? extends ClientDetails> createClient(
             @PathVariable String identityZoneId, @RequestBody UaaClientDetails clientDetails) {
         if (identityZoneId == null) {

server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordResetEndpointTest.java

@@ -20,6 +20,8 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.Mockito;
 import org.springframework.core.io.support.ResourcePropertySource;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -98,8 +100,9 @@ void setUp() {
                 .thenReturn(new ExpiringCode("secret_code", new Timestamp(System.currentTimeMillis() + UaaResetPasswordService.PASSWORD_RESET_LIFETIME), JsonUtils.writeValueAsString(change), null));
     }
 
-    @Test
-    void passwordResetWithClientIdAndRedirectUri() throws Exception {
+    @ParameterizedTest
+    @ValueSource(strings = {"/password_resets", "/password_resets/"})
+    void passwordResetWithClientIdAndRedirectUri(String url) throws Exception {
         String email = "[email protected]";
         String clientId = "test-client";
         String redirectUri = "redirect.example.com";
@@ -116,7 +119,7 @@ void passwordResetWithClientIdAndRedirectUri() throws Exception {
         when(mockExpiringCodeStore.generateCode(anyString(), any(Timestamp.class), anyString(), anyString()))
                 .thenReturn(new ExpiringCode("secret_code", new Timestamp(System.currentTimeMillis() + UaaResetPasswordService.PASSWORD_RESET_LIFETIME), JsonUtils.writeValueAsString(change), null));
 
-        MockHttpServletRequestBuilder post = post("/password_resets")
+        MockHttpServletRequestBuilder post = post(url)
                 .contentType(APPLICATION_JSON)
                 .param("client_id", clientId)
                 .param("redirect_uri", redirectUri)
@@ -265,8 +268,9 @@ void creatingAPasswordResetWithAUsernameContainingSpecialCharacters() throws Exc
                 .andExpect(status().isConflict());
     }
 
-    @Test
-    void changingAPasswordWithAValidCode() throws Exception {
+    @ParameterizedTest
+    @ValueSource(strings = {"/password_change", "/password_change/"})
+    void changingAPasswordWithAValidCode(String url) throws Exception {
         ExpiringCode code = new ExpiringCode("secret_code", new Timestamp(System.currentTimeMillis() + UaaResetPasswordService.PASSWORD_RESET_LIFETIME),
                 "{\"user_id\":\"eyedee\",\"username\":\"[email protected]\",\"passwordModifiedTime\":null,\"client_id\":\"\",\"redirect_uri\":\"\"}", null);
         when(mockExpiringCodeStore.retrieveCode("secret_code", currentZoneId)).thenReturn(code);
@@ -278,7 +282,7 @@ void changingAPasswordWithAValidCode() throws Exception {
         ExpiringCode autologinCode = new ExpiringCode("autologin-code", new Timestamp(System.currentTimeMillis() + 5 * 60 * 1000), "data", AUTOLOGIN.name());
         when(mockExpiringCodeStore.generateCode(anyString(), any(Timestamp.class), eq(AUTOLOGIN.name()), anyString())).thenReturn(autologinCode);
 
-        MockHttpServletRequestBuilder post = post("/password_change")
+        MockHttpServletRequestBuilder post = post(url)
                 .contentType(APPLICATION_JSON)
                 .content("{\"code\":\"secret_code\",\"new_password\":\"new_secret\"}")
                 .accept(APPLICATION_JSON);

server/src/test/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerTest.java

@@ -9,6 +9,8 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.springframework.core.io.support.ResourcePropertySource;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.test.context.junit.jupiter.SpringJUnitConfig;
@@ -55,25 +57,28 @@ void beforeEach() {
         SecurityContextHolder.getContext().setAuthentication(mockUaaAuthentication);
     }
 
-    @Test
-    void forcePasswordChange() throws Exception {
-        mockMvc.perform(get("/force_password_change"))
+    @ParameterizedTest
+    @ValueSource(strings = {"/force_password_change", "/force_password_change/"})
+    void forcePasswordChange(String url) throws Exception {
+        mockMvc.perform(get(url))
                 .andExpect(status().isOk())
                 .andExpect(view().name("force_password_change"))
                 .andExpect(model().attribute("email", "mail"));
     }
 
-    @Test
-    void redirectToLogInIfPasswordIsNotExpired() throws Exception {
-        mockMvc.perform(get("/force_password_change"))
+    @ParameterizedTest
+    @ValueSource(strings = {"/force_password_change", "/force_password_change/"})
+    void redirectToLogInIfPasswordIsNotExpired(String url) throws Exception {
+        mockMvc.perform(get(url))
                 .andExpect(status().isOk())
                 .andExpect(view().name("force_password_change"));
     }
 
-    @Test
-    void handleForcePasswordChange() throws Exception {
+    @ParameterizedTest
+    @ValueSource(strings = {"/uaa/force_password_change", "/uaa/force_password_change/"})
+    void handleForcePasswordChange(String url) throws Exception {
         mockMvc.perform(
-                        post("/uaa/force_password_change")
+                        post(url)
                                 .param("password", "pwd")
                                 .param("password_confirmation", "pwd")
                                 .contextPath("/uaa"))
@@ -82,21 +87,23 @@ void handleForcePasswordChange() throws Exception {
         verify(mockUaaAuthentication, times(1)).setAuthenticatedTime(anyLong());
     }
 
-    @Test
-    void handleForcePasswordChangeWithRedirect() throws Exception {
+    @ParameterizedTest
+    @ValueSource(strings = {"/force_password_change", "/force_password_change/"})
+    void handleForcePasswordChangeWithRedirect(String url) throws Exception {
         mockMvc.perform(
-                        post("/force_password_change")
+                        post(url)
                                 .param("password", "pwd")
                                 .param("password_confirmation", "pwd"))
                 .andExpect(status().isFound())
                 .andExpect(redirectedUrl("/force_password_change_completed"));
     }
 
-    @Test
-    void passwordAndConfirmAreDifferent() throws Exception {
+    @ParameterizedTest
+    @ValueSource(strings = {"/force_password_change", "/force_password_change/"})
+    void passwordAndConfirmAreDifferent(String url) throws Exception {
         when(mockResourcePropertySource.getProperty("force_password_change.form_error")).thenReturn("Passwords must match and not be empty.");
         mockMvc.perform(
-                        post("/force_password_change")
+                        post(url)
                                 .param("password", "pwd")
                                 .param("password_confirmation", "nopwd"))
                 .andExpect(status().isUnprocessableEntity());

server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java

@@ -19,6 +19,8 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mockito;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -231,9 +233,10 @@ void passwordLinkHiddenWhenUsersOriginIsNotUaa() throws Exception {
                 .andExpect(content().string(not(containsString("Change Password"))));
     }
 
-    @Test
-    void updateProfile() throws Exception {
-        MockHttpServletRequestBuilder post = post("/profile")
+    @ParameterizedTest
+    @ValueSource(strings = {"/profile", "/profile/"})
+    void updateProfile(String url) throws Exception {
+        MockHttpServletRequestBuilder post = post(url)
                 .param("checkedScopes", "app-thing.read")
                 .param("update", "")
                 .param("clientId", "app");