Example 1 with User
use of com.google.api.server.spi.auth.common.User in project endpoints-java by cloudendpoints.
the class ServletRequestParamReaderTest method testAppEngineUserInjectionThrowsExceptionIfRequired.
@Test
public void testAppEngineUserInjectionThrowsExceptionIfRequired() throws Exception {
@SuppressWarnings("unused")
class TestUser {
@SuppressWarnings("unused")
public void getUser(com.google.appengine.api.users.User user) {
}
}
ApiMethodConfig methodConfig = Mockito.mock(ApiMethodConfig.class);
when(methodConfig.getAuthLevel()).thenReturn(AuthLevel.REQUIRED);
methodConfig.setAuthLevel(AuthLevel.REQUIRED);
try {
Method method = TestUser.class.getDeclaredMethod("getUser", com.google.appengine.api.users.User.class);
readParameters("{}", EndpointMethod.create(method.getDeclaringClass(), method), methodConfig, null, null);
fail("expected unauthorized method exception");
} catch (UnauthorizedException ex) {
// expected
}
}
Also used :
ApiMethodConfig(com.google.api.server.spi.config.model.ApiMethodConfig)
User(com.google.api.server.spi.auth.common.User)
UnauthorizedException(com.google.api.server.spi.response.UnauthorizedException)
Method(java.lang.reflect.Method)
EndpointMethod(com.google.api.server.spi.EndpointMethod)
Test(org.junit.Test)
Example 2 with User
use of com.google.api.server.spi.auth.common.User in project endpoints-java by cloudendpoints.
the class EndpointsAuthenticator method authenticate.
@Override
public User authenticate(HttpServletRequest request) throws ServiceUnavailableException {
Attribute attr = Attribute.from(request);
User user = jwtAuthenticator.authenticate(request);
if (user == null) {
if (EnvUtil.isRunningOnAppEngine() && attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
user = appEngineAuthenticator.authenticate(request);
} else {
user = oauth2Authenticator.authenticate(request);
}
}
return user;
}Example 3 with User
use of com.google.api.server.spi.auth.common.User in project endpoints-java by cloudendpoints.
the class GoogleJwtAuthenticator method authenticate.
@Override
public User authenticate(HttpServletRequest request) {
Attribute attr = Attribute.from(request);
if (attr.isEnabled(Attribute.SKIP_TOKEN_AUTH)) {
return null;
}
String token = GoogleAuth.getAuthToken(request);
if (!GoogleAuth.isJwt(token)) {
return null;
}
GoogleIdToken idToken = verifyToken(token);
if (idToken == null) {
return null;
}
attr.set(Attribute.ID_TOKEN, idToken);
String clientId = idToken.getPayload().getAuthorizedParty();
String audience = (String) idToken.getPayload().getAudience();
ApiMethodConfig config = attr.get(Attribute.API_METHOD_CONFIG);
// Check client id.
if ((attr.isEnabled(Attribute.ENABLE_CLIENT_ID_WHITELIST) && !GoogleAuth.checkClientId(clientId, config.getClientIds(), false))) {
logger.atWarning().log("ClientId is not allowed: %s", clientId);
return null;
}
// Check audience.
if (!GoogleAuth.checkAudience(audience, config.getAudiences(), clientId)) {
logger.atWarning().log("Audience is not allowed: %s", audience);
return null;
}
String userId = idToken.getPayload().getSubject();
String email = idToken.getPayload().getEmail();
User user = (userId == null && email == null) ? null : new User(userId, email);
if (attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
com.google.appengine.api.users.User appEngineUser = (email == null) ? null : new com.google.appengine.api.users.User(email, "");
attr.set(Attribute.AUTHENTICATED_APPENGINE_USER, appEngineUser);
}
return user;
}
Also used :
ApiMethodConfig(com.google.api.server.spi.config.model.ApiMethodConfig)
User(com.google.api.server.spi.auth.common.User)
Attribute(com.google.api.server.spi.request.Attribute)
GoogleIdToken(com.google.api.client.googleapis.auth.oauth2.GoogleIdToken)
Example 4 with User
use of com.google.api.server.spi.auth.common.User in project endpoints-java by cloudendpoints.
the class GoogleOAuth2Authenticator method authenticate.
@Override
public User authenticate(HttpServletRequest request) throws ServiceUnavailableException {
Attribute attr = Attribute.from(request);
if (attr.isEnabled(Attribute.SKIP_TOKEN_AUTH)) {
return null;
}
String token = GoogleAuth.getAuthToken(request);
if (!GoogleAuth.isOAuth2Token(token)) {
return null;
}
GoogleAuth.TokenInfo tokenInfo = getTokenInfoRemote(token);
if (tokenInfo == null) {
return null;
}
attr.set(Attribute.TOKEN_INFO, tokenInfo);
ApiMethodConfig config = (ApiMethodConfig) request.getAttribute(Attribute.API_METHOD_CONFIG);
// Check scopes.
if (Strings.isEmptyOrWhitespace(tokenInfo.scopes)) {
logger.atWarning().log("Access token does not contain a valid scope");
return null;
}
String[] authorizedScopes = tokenInfo.scopes.split("\\s+");
if (!config.getScopeExpression().isAuthorized(ImmutableSet.copyOf(authorizedScopes))) {
logger.atWarning().log("Access token does not contain sufficient scopes from: %s", config.getScopeExpression());
return null;
}
// Check clientId.
if (attr.isEnabled(Attribute.ENABLE_CLIENT_ID_WHITELIST) && !GoogleAuth.checkClientId(tokenInfo.clientId, config.getClientIds(), true)) {
logger.atWarning().log("ClientId is not allowed: %s", tokenInfo.clientId);
return null;
}
User user = new User(tokenInfo.userId, tokenInfo.email);
if (attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
com.google.appengine.api.users.User appEngineUser = new com.google.appengine.api.users.User(tokenInfo.email, "");
request.setAttribute(Attribute.AUTHENTICATED_APPENGINE_USER, appEngineUser);
}
return user;
}
Also used :
User(com.google.api.server.spi.auth.common.User)
TokenInfo(com.google.api.server.spi.auth.GoogleAuth.TokenInfo)
Attribute(com.google.api.server.spi.request.Attribute)
ApiMethodConfig(com.google.api.server.spi.config.model.ApiMethodConfig)
Example 5 with User
use of com.google.api.server.spi.auth.common.User in project endpoints-java by cloudendpoints.
the class GoogleJwtAuthenticatorTest method testAuthenticate.
@Test
public void testAuthenticate() throws Exception {
when(verifier.verify(TOKEN)).thenReturn(token);
when(config.getClientIds()).thenReturn(ImmutableList.of(CLIENT_ID));
when(config.getAudiences()).thenReturn(ImmutableList.of(AUDIENCE));
User user = authenticator.authenticate(request);
assertEquals(EMAIL, user.getEmail());
assertEquals(USER_ID, user.getId());
GoogleIdToken idToken = attr.get(Attribute.ID_TOKEN);
assertNotNull(idToken);
assertEquals(EMAIL, idToken.getPayload().getEmail());
assertEquals(USER_ID, idToken.getPayload().getSubject());
}
Also used :
User(com.google.api.server.spi.auth.common.User)
GoogleIdToken(com.google.api.client.googleapis.auth.oauth2.GoogleIdToken)
Test(org.junit.Test)
Aggregations
User (com.google.api.server.spi.auth.common.User)15
Test (org.junit.Test)8
ApiMethodConfig (com.google.api.server.spi.config.model.ApiMethodConfig)5
Attribute (com.google.api.server.spi.request.Attribute)4
EndpointMethod (com.google.api.server.spi.EndpointMethod)3
UnauthorizedException (com.google.api.server.spi.response.UnauthorizedException)3
GoogleIdToken (com.google.api.client.googleapis.auth.oauth2.GoogleIdToken)2
TokenInfo (com.google.api.server.spi.auth.GoogleAuth.TokenInfo)2
Method (java.lang.reflect.Method)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
EndpointsAuthenticator (com.google.api.server.spi.auth.EndpointsAuthenticator)1
Authenticator (com.google.api.server.spi.config.Authenticator)1
BadRequestException (com.google.api.server.spi.response.BadRequestException)1
TypeToken (com.google.common.reflect.TypeToken)1
ParameterizedType (java.lang.reflect.ParameterizedType)1
Collection (java.util.Collection)1
ServletContext (javax.servlet.ServletContext)1
