use of bio.terra.externalcreds.models.LinkedAccount in project terra-external-credentials-manager by DataBiosphere.
the class ProviderService method getRefreshedPassportsAndVisas.
private LinkedAccountWithPassportAndVisas getRefreshedPassportsAndVisas(LinkedAccount linkedAccount) {
var clientRegistration = providerClientCache.getProviderClient(linkedAccount.getProviderName()).orElseThrow(() -> new ExternalCredsException(String.format("Unable to find configs for the provider: %s", linkedAccount.getProviderName())));
var accessTokenResponse = oAuth2Service.authorizeWithRefreshToken(clientRegistration, new OAuth2RefreshToken(linkedAccount.getRefreshToken(), null));
// save the linked account with the new refresh token and extracted passport
var linkedAccountWithRefreshToken = Optional.ofNullable(accessTokenResponse.getRefreshToken()).map(refreshToken -> linkedAccountService.upsertLinkedAccount(linkedAccount.withRefreshToken(refreshToken.getTokenValue()))).orElse(linkedAccount);
// update the passport and visas
var userInfo = oAuth2Service.getUserInfo(clientRegistration, accessTokenResponse.getAccessToken());
return jwtUtils.enrichAccountWithPassportAndVisas(linkedAccountWithRefreshToken, userInfo);
}
use of bio.terra.externalcreds.models.LinkedAccount in project terra-external-credentials-manager by DataBiosphere.
the class AuthorizationCodeExchangeTest method runTest.
private void runTest(LinkedAccount expectedLinkedAccount, GA4GHPassport expectedPassport, List<GA4GHVisa> expectedVisas) throws URISyntaxException {
var state = new OAuth2State.Builder().provider(expectedLinkedAccount.getProviderName()).random(OAuth2State.generateRandomState(new SecureRandom())).build();
String encodedState = state.encode(objectMapper);
setupMocks(expectedLinkedAccount, expectedPassport, authorizationCode, redirectUri, scopes, encodedState);
linkedAccountService.upsertOAuth2State(expectedLinkedAccount.getUserId(), state);
var linkedAccountWithPassportAndVisas = providerService.createLink(expectedLinkedAccount.getProviderName(), expectedLinkedAccount.getUserId(), authorizationCode, redirectUri, scopes, encodedState);
assertPresent(linkedAccountWithPassportAndVisas);
assertEquals(expectedLinkedAccount, linkedAccountWithPassportAndVisas.get().getLinkedAccount().withExpires(passportExpiresTime).withId(Optional.empty()));
var stablePassport = linkedAccountWithPassportAndVisas.get().getPassport().map(p -> p.withId(Optional.empty()).withLinkedAccountId(Optional.empty()));
assertEquals(Optional.ofNullable(expectedPassport), stablePassport);
var stableVisas = linkedAccountWithPassportAndVisas.get().getVisas().stream().map(visa -> visa.withLastValidated(Optional.empty()).withId(Optional.empty()).withPassportId(Optional.empty())).collect(Collectors.toList());
assertEquals(expectedVisas, stableVisas);
// state should have been removed from the db
assertThrows(BadRequestException.class, () -> linkedAccountService.validateAndDeleteOAuth2State(expectedLinkedAccount.getUserId(), state));
}
use of bio.terra.externalcreds.models.LinkedAccount in project terra-external-credentials-manager by DataBiosphere.
the class ProviderService method refreshExpiringPassports.
/**
* Get a new passport for each linked accounts with visas or passports expiring within
* externalCredsConfig.getVisaAndPassportRefreshInterval time from now
*
* @return the number of linked accounts with expiring visas or passports
*/
public int refreshExpiringPassports() {
var refreshInterval = externalCredsConfig.getVisaAndPassportRefreshDuration();
var expirationCutoff = new Timestamp(Instant.now().plus(refreshInterval).toEpochMilli());
var expiringLinkedAccounts = linkedAccountService.getExpiringLinkedAccounts(expirationCutoff);
for (LinkedAccount linkedAccount : expiringLinkedAccounts) {
try {
authAndRefreshPassport(linkedAccount);
} catch (Exception e) {
log.info("Failed to refresh passport, will try again at the next interval.", e);
}
}
return expiringLinkedAccounts.size();
}
Aggregations