Search in sources :

Example 1 with TokenRequest

use of com.apifest.oauth20.bean.token_request.TokenRequest in project xian by happyyangyuan.

the class Authenticator method issueAccessToken.

/**
 * 支持json和form两种表单形式
 */
public AccessToken issueAccessToken(FullHttpRequest req) throws OAuthException {
    TokenRequest tokenRequest = TokenRequest.create(req);
    tokenRequest.validate();
    // check valid client_id, client_secret and status of the client app should be active
    if (!isActiveClient(tokenRequest.getClientId(), tokenRequest.getClientSecret())) {
        throw new OAuthException(ResponseBuilder.INVALID_CLIENT_CREDENTIALS, HttpResponseStatus.BAD_REQUEST);
    }
    AccessToken accessToken = null;
    if (TokenRequest.AUTHORIZATION_CODE.equals(tokenRequest.getGrantType())) {
        AuthCode authCode = findAuthCode(tokenRequest);
        // TODO: REVISIT: Move client_id check to db query
        if (authCode != null) {
            if (!tokenRequest.getClientId().equals(authCode.getClientId())) {
                throw new OAuthException(ResponseBuilder.INVALID_CLIENT_ID, HttpResponseStatus.BAD_REQUEST);
            }
            if (authCode.getRedirectUri() != null && !tokenRequest.getRedirectUri().equals(authCode.getRedirectUri())) {
                throw new OAuthException(ResponseBuilder.INVALID_REDIRECT_URI, HttpResponseStatus.BAD_REQUEST);
            } else {
                // invalidate the auth code
                db.updateAuthCodeValidStatus(authCode.getCode(), false);
                accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, authCode.getScope()), authCode.getScope(), getExpiresIn(TokenRequest.REFRESH_TOKEN, authCode.getScope()));
                accessToken.setUserId(authCode.getUserId());
                accessToken.setClientId(authCode.getClientId());
                accessToken.setCodeId(authCode.getId());
                db.storeAccessToken(accessToken);
            }
        } else {
            throw new OAuthException(ResponseBuilder.INVALID_AUTH_CODE, HttpResponseStatus.BAD_REQUEST);
        }
    } else if (TokenRequest.REFRESH_TOKEN.equals(tokenRequest.getGrantType())) {
        accessToken = db.findAccessTokenByRefreshToken(tokenRequest.getRefreshToken(), tokenRequest.getClientId());
        if (accessToken != null) {
            if (!accessToken.refreshTokenExpired()) {
                String validScope;
                if (tokenRequest.getScope() != null) {
                    if (scopeService.scopeAllowed(tokenRequest.getScope(), accessToken.getScope())) {
                        validScope = tokenRequest.getScope();
                    } else {
                        throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
                    }
                } else {
                    validScope = accessToken.getScope();
                }
                db.updateAccessTokenValidStatus(accessToken.getToken(), false);
                AccessToken newAccessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, validScope), validScope, accessToken.getRefreshToken(), accessToken.getRefreshExpiresIn());
                newAccessToken.setUserId(accessToken.getUserId());
                newAccessToken.setDetails(accessToken.getDetails());
                newAccessToken.setClientId(accessToken.getClientId());
                db.storeAccessToken(newAccessToken);
                db.removeAccessToken(accessToken.getToken());
                return newAccessToken;
            } else {
                db.removeAccessToken(accessToken.getToken());
                throw new OAuthException(ResponseBuilder.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
            }
        } else {
            throw new OAuthException(ResponseBuilder.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
        }
    } else if (TokenRequest.CLIENT_CREDENTIALS.equals(tokenRequest.getGrantType())) {
        ClientCredentials clientCredentials = db.findClientCredentials(tokenRequest.getClientId());
        String scope = scopeService.getValidScopeByScope(tokenRequest.getScope(), clientCredentials.getScope());
        if (scope == null) {
            throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
        }
        accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.CLIENT_CREDENTIALS, scope), scope, false, null);
        accessToken.setClientId(tokenRequest.getClientId());
        Map<String, String> applicationDetails = clientCredentials.getApplicationDetails();
        if ((applicationDetails != null) && (applicationDetails.size() > 0)) {
            // For backward compatibility
            accessToken.setDetails(applicationDetails);
            accessToken.setApplicationDetails(applicationDetails);
        }
        db.storeAccessToken(accessToken);
    } else if (TokenRequest.PASSWORD.equals(tokenRequest.getGrantType())) {
        ClientCredentials clientCredentials = db.findClientCredentials(tokenRequest.getClientId());
        String scope = scopeService.getValidScopeByScope(tokenRequest.getScope(), clientCredentials.getScope());
        if (scope == null) {
            throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
        }
        try {
            UserDetails userDetails = authenticateUser(tokenRequest.getUsername(), tokenRequest.getPassword(), req);
            if (userDetails != null && userDetails.getUserId() != null) {
                accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, scope), scope, getExpiresIn(TokenRequest.REFRESH_TOKEN, scope));
                accessToken.setUserId(userDetails.getUserId());
                accessToken.setDetails(userDetails.getDetails());
                accessToken.setClientId(tokenRequest.getClientId());
                accessToken.setApplicationDetails(clientCredentials.getApplicationDetails());
                db.storeAccessToken(accessToken);
            } else {
                throw new OAuthException(ResponseBuilder.INVALID_USERNAME_PASSWORD, HttpResponseStatus.UNAUTHORIZED);
            }
        } catch (AuthenticationException e) {
            // for instance, if the user authentication requires more user details as a subsequent step
            if (e.getResponse() != null) {
                String responseContent = ((FullHttpResponse) (e.getResponse())).content().toString(CharsetUtil.UTF_8);
                throw new OAuthException(e, responseContent, e.getResponse().getStatus());
            } else {
                LOG.error("Cannot authenticate user", e);
                // NOSONAR
                throw new OAuthException(e, ResponseBuilder.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
            }
        }
    } else if (tokenRequest.getGrantType().equals(OAuthConfig.getCustomGrantType())) {
        String scope = scopeService.getValidScope(tokenRequest.getScope(), tokenRequest.getClientId());
        if (scope == null) {
            throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
        }
        try {
            accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, scope), scope, getExpiresIn(TokenRequest.REFRESH_TOKEN, scope));
            accessToken.setClientId(tokenRequest.getClientId());
            UserDetails userDetails = callCustomGrantTypeHandler(req);
            if (userDetails != null && userDetails.getUserId() != null) {
                accessToken.setUserId(userDetails.getUserId());
                accessToken.setDetails(userDetails.getDetails());
            }
            db.storeAccessToken(accessToken);
        } catch (AuthenticationException e) {
            LOG.error("Cannot authenticate user", e);
            throw new OAuthException(e, ResponseBuilder.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
        }
    }
    return accessToken;
}
Also used : UserDetails(com.apifest.oauth20.api.UserDetails) AuthenticationException(com.apifest.oauth20.api.AuthenticationException) AccessToken(info.xiancloud.core.support.authen.AccessToken) TokenRequest(com.apifest.oauth20.bean.token_request.TokenRequest)

Aggregations

AuthenticationException (com.apifest.oauth20.api.AuthenticationException)1 UserDetails (com.apifest.oauth20.api.UserDetails)1 TokenRequest (com.apifest.oauth20.bean.token_request.TokenRequest)1 AccessToken (info.xiancloud.core.support.authen.AccessToken)1