Search in sources :

Example 1 with HtmlDivision

use of com.gargoylesoftware.htmlunit.html.HtmlDivision in project camel by apache.

the class LinkedInOAuthRequestFilter method getRefreshToken.

@SuppressWarnings("deprecation")
private String getRefreshToken() {
    // disable redirect to avoid loading error redirect URL
    webClient.getOptions().setRedirectEnabled(false);
    try {
        final String csrfId = String.valueOf(new SecureRandom().nextLong());
        final String encodedRedirectUri = URLEncoder.encode(oAuthParams.getRedirectUri(), "UTF-8");
        final OAuthScope[] scopes = oAuthParams.getScopes();
        final String url;
        if (scopes == null || scopes.length == 0) {
            url = String.format(AUTHORIZATION_URL, oAuthParams.getClientId(), csrfId, encodedRedirectUri);
        } else {
            final int nScopes = scopes.length;
            final StringBuilder builder = new StringBuilder();
            int i = 0;
            for (OAuthScope scope : scopes) {
                builder.append(scope.getValue());
                if (++i < nScopes) {
                    builder.append("%20");
                }
            }
            url = String.format(AUTHORIZATION_URL_WITH_SCOPE, oAuthParams.getClientId(), csrfId, builder.toString(), encodedRedirectUri);
        }
        HtmlPage authPage;
        try {
            authPage = webClient.getPage(url);
        } catch (FailingHttpStatusCodeException e) {
            // only handle errors returned with redirects
            if (e.getStatusCode() == HttpStatus.SC_MOVED_TEMPORARILY) {
                final URL location = new URL(e.getResponse().getResponseHeaderValue(HttpHeaders.LOCATION));
                final String locationQuery = location.getQuery();
                if (locationQuery != null && locationQuery.contains("error=")) {
                    throw new IOException(URLDecoder.decode(locationQuery).replaceAll("&", ", "));
                } else {
                    // follow the redirect to login form
                    authPage = webClient.getPage(location);
                }
            } else {
                throw e;
            }
        }
        // look for <div role="alert">
        final HtmlDivision div = authPage.getFirstByXPath("//div[@role='alert']");
        if (div != null) {
            throw new IllegalArgumentException("Error authorizing application: " + div.getTextContent());
        }
        // submit login credentials
        final HtmlForm loginForm = authPage.getFormByName("oauth2SAuthorizeForm");
        final HtmlTextInput login = loginForm.getInputByName("session_key");
        login.setText(oAuthParams.getUserName());
        final HtmlPasswordInput password = loginForm.getInputByName("session_password");
        password.setText(oAuthParams.getUserPassword());
        final HtmlSubmitInput submitInput = loginForm.getInputByName("authorize");
        // validate CSRF and get authorization code
        String redirectQuery;
        try {
            final Page redirectPage = submitInput.click();
            redirectQuery = redirectPage.getUrl().getQuery();
        } catch (FailingHttpStatusCodeException e) {
            // escalate non redirect errors
            if (e.getStatusCode() != HttpStatus.SC_MOVED_TEMPORARILY) {
                throw e;
            }
            final String location = e.getResponse().getResponseHeaderValue("Location");
            redirectQuery = new URL(location).getQuery();
        }
        if (redirectQuery == null) {
            throw new IllegalArgumentException("Redirect response query is null, check username, password and permissions");
        }
        final Map<String, String> params = new HashMap<String, String>();
        final Matcher matcher = QUERY_PARAM_PATTERN.matcher(redirectQuery);
        while (matcher.find()) {
            params.put(matcher.group(1), matcher.group(2));
        }
        final String state = params.get("state");
        if (!csrfId.equals(state)) {
            throw new SecurityException("Invalid CSRF code!");
        } else {
            // TODO check results??
            return params.get("code");
        }
    } catch (IOException e) {
        throw new IllegalArgumentException("Error authorizing application: " + e.getMessage(), e);
    }
}
Also used : HtmlTextInput(com.gargoylesoftware.htmlunit.html.HtmlTextInput) HtmlPage(com.gargoylesoftware.htmlunit.html.HtmlPage) HashMap(java.util.HashMap) Matcher(java.util.regex.Matcher) SecureRandom(java.security.SecureRandom) HtmlPasswordInput(com.gargoylesoftware.htmlunit.html.HtmlPasswordInput) HtmlPage(com.gargoylesoftware.htmlunit.html.HtmlPage) Page(com.gargoylesoftware.htmlunit.Page) IOException(java.io.IOException) HtmlDivision(com.gargoylesoftware.htmlunit.html.HtmlDivision) URL(java.net.URL) HtmlForm(com.gargoylesoftware.htmlunit.html.HtmlForm) HtmlSubmitInput(com.gargoylesoftware.htmlunit.html.HtmlSubmitInput) FailingHttpStatusCodeException(com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException)

Example 2 with HtmlDivision

use of com.gargoylesoftware.htmlunit.html.HtmlDivision in project camel by apache.

the class BoxConnectionHelper method createStandardAuthenticatedConnection.

public static BoxAPIConnection createStandardAuthenticatedConnection(BoxConfiguration configuration) {
    // Create web client for first leg of OAuth2
    //
    final WebClient webClient = new WebClient();
    final WebClientOptions options = webClient.getOptions();
    options.setRedirectEnabled(true);
    options.setJavaScriptEnabled(false);
    options.setThrowExceptionOnFailingStatusCode(true);
    options.setThrowExceptionOnScriptError(true);
    options.setPrintContentOnFailingStatusCode(LOG.isDebugEnabled());
    try {
        // use default SSP to create supported non-SSL protocols list
        final SSLContext sslContext = new SSLContextParameters().createSSLContext(null);
        options.setSSLClientProtocols(sslContext.createSSLEngine().getEnabledProtocols());
    } catch (GeneralSecurityException e) {
        throw ObjectHelper.wrapRuntimeCamelException(e);
    } catch (IOException e) {
        throw ObjectHelper.wrapRuntimeCamelException(e);
    } finally {
        if (webClient != null) {
            webClient.close();
        }
    }
    // disable default gzip compression, as htmlunit does not negotiate
    // pages sent with no compression
    new WebConnectionWrapper(webClient) {

        @Override
        public WebResponse getResponse(WebRequest request) throws IOException {
            request.setAdditionalHeader(HttpHeaders.ACCEPT_ENCODING, "identity");
            return super.getResponse(request);
        }
    };
    // add HTTP proxy if set
    final Map<String, Object> httpParams = configuration.getHttpParams();
    if (httpParams != null && httpParams.get("http.route.default-proxy") != null) {
        final HttpHost proxyHost = (HttpHost) httpParams.get("http.route.default-proxy");
        final Boolean socksProxy = (Boolean) httpParams.get("http.route.socks-proxy");
        final ProxyConfig proxyConfig = new ProxyConfig(proxyHost.getHostName(), proxyHost.getPort(), socksProxy != null ? socksProxy : false);
        options.setProxyConfig(proxyConfig);
    }
    // authorize application on user's behalf
    try {
        // generate anti-forgery token to prevent/detect CSRF attack
        final String csrfToken = String.valueOf(new SecureRandom().nextLong());
        final HtmlPage authPage = webClient.getPage(authorizationUrl(configuration.getClientId(), csrfToken));
        // look for <div role="error_message">
        final HtmlDivision div = authPage.getFirstByXPath("//div[contains(concat(' ', @class, ' '), ' error_message ')]");
        if (div != null) {
            final String errorMessage = div.getTextContent().replaceAll("\\s+", " ").replaceAll(" Show Error Details", ":").trim();
            throw new IllegalArgumentException("Error authorizing application: " + errorMessage);
        }
        // submit login credentials
        final HtmlForm loginForm = authPage.getFormByName("login_form");
        final HtmlTextInput login = loginForm.getInputByName("login");
        login.setText(configuration.getUserName());
        final HtmlPasswordInput password = loginForm.getInputByName("password");
        password.setText(configuration.getUserPassword());
        final HtmlSubmitInput submitInput = loginForm.getInputByName("login_submit");
        // submit consent
        final HtmlPage consentPage = submitInput.click();
        final HtmlForm consentForm = consentPage.getFormByName("consent_form");
        final HtmlButton consentAccept = consentForm.getButtonByName("consent_accept");
        // disable redirect to avoid loading redirect URL
        webClient.getOptions().setRedirectEnabled(false);
        // validate CSRF and get authorization code
        String redirectQuery;
        try {
            final Page redirectPage = consentAccept.click();
            redirectQuery = redirectPage.getUrl().getQuery();
        } catch (FailingHttpStatusCodeException e) {
            // escalate non redirect errors
            if (e.getStatusCode() != HttpStatus.SC_MOVED_TEMPORARILY) {
                throw e;
            }
            final String location = e.getResponse().getResponseHeaderValue("Location");
            redirectQuery = new URL(location).getQuery();
        }
        final Map<String, String> params = new HashMap<String, String>();
        final Matcher matcher = QUERY_PARAM_PATTERN.matcher(redirectQuery);
        while (matcher.find()) {
            params.put(matcher.group(1), matcher.group(2));
        }
        final String state = params.get("state");
        if (!csrfToken.equals(state)) {
            throw new SecurityException("Invalid CSRF code!");
        } else {
            // get authorization code
            final String authorizationCode = params.get("code");
            return new BoxAPIConnection(configuration.getClientId(), configuration.getClientSecret(), authorizationCode);
        }
    } catch (BoxAPIException e) {
        throw new RuntimeCamelException(String.format("Box API connection failed: API returned the error code %d\n\n%s", e.getResponseCode(), e.getResponse()), e);
    } catch (Exception e) {
        throw new RuntimeCamelException(String.format("Box API connection failed: %s", e.getMessage()), e);
    }
}
Also used : WebClientOptions(com.gargoylesoftware.htmlunit.WebClientOptions) HtmlTextInput(com.gargoylesoftware.htmlunit.html.HtmlTextInput) HtmlPage(com.gargoylesoftware.htmlunit.html.HtmlPage) HashMap(java.util.HashMap) Matcher(java.util.regex.Matcher) HtmlPasswordInput(com.gargoylesoftware.htmlunit.html.HtmlPasswordInput) HtmlPage(com.gargoylesoftware.htmlunit.html.HtmlPage) Page(com.gargoylesoftware.htmlunit.Page) HtmlDivision(com.gargoylesoftware.htmlunit.html.HtmlDivision) BoxAPIException(com.box.sdk.BoxAPIException) URL(java.net.URL) WebRequest(com.gargoylesoftware.htmlunit.WebRequest) HtmlForm(com.gargoylesoftware.htmlunit.html.HtmlForm) HtmlSubmitInput(com.gargoylesoftware.htmlunit.html.HtmlSubmitInput) HttpHost(org.apache.http.HttpHost) FailingHttpStatusCodeException(com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException) GeneralSecurityException(java.security.GeneralSecurityException) BoxAPIConnection(com.box.sdk.BoxAPIConnection) SecureRandom(java.security.SecureRandom) GeneralSecurityException(java.security.GeneralSecurityException) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) ProxyConfig(com.gargoylesoftware.htmlunit.ProxyConfig) WebClient(com.gargoylesoftware.htmlunit.WebClient) BoxAPIException(com.box.sdk.BoxAPIException) GeneralSecurityException(java.security.GeneralSecurityException) FailingHttpStatusCodeException(com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException) RuntimeCamelException(org.apache.camel.RuntimeCamelException) IOException(java.io.IOException) SSLContextParameters(org.apache.camel.util.jsse.SSLContextParameters) HtmlButton(com.gargoylesoftware.htmlunit.html.HtmlButton) RuntimeCamelException(org.apache.camel.RuntimeCamelException) WebConnectionWrapper(com.gargoylesoftware.htmlunit.util.WebConnectionWrapper)

Aggregations

FailingHttpStatusCodeException (com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException)2 Page (com.gargoylesoftware.htmlunit.Page)2 HtmlDivision (com.gargoylesoftware.htmlunit.html.HtmlDivision)2 HtmlForm (com.gargoylesoftware.htmlunit.html.HtmlForm)2 HtmlPage (com.gargoylesoftware.htmlunit.html.HtmlPage)2 HtmlPasswordInput (com.gargoylesoftware.htmlunit.html.HtmlPasswordInput)2 HtmlSubmitInput (com.gargoylesoftware.htmlunit.html.HtmlSubmitInput)2 HtmlTextInput (com.gargoylesoftware.htmlunit.html.HtmlTextInput)2 IOException (java.io.IOException)2 URL (java.net.URL)2 SecureRandom (java.security.SecureRandom)2 HashMap (java.util.HashMap)2 Matcher (java.util.regex.Matcher)2 BoxAPIConnection (com.box.sdk.BoxAPIConnection)1 BoxAPIException (com.box.sdk.BoxAPIException)1 ProxyConfig (com.gargoylesoftware.htmlunit.ProxyConfig)1 WebClient (com.gargoylesoftware.htmlunit.WebClient)1 WebClientOptions (com.gargoylesoftware.htmlunit.WebClientOptions)1 WebRequest (com.gargoylesoftware.htmlunit.WebRequest)1 HtmlButton (com.gargoylesoftware.htmlunit.html.HtmlButton)1