Examples with ClientAuthorization com.gw2auth.oauth2.server.service.client.authorization.ClientAuthorization used on opensource projects

Example 6 with ClientAuthorization

use of com.gw2auth.oauth2.server.service.client.authorization.ClientAuthorization in project oauth2-server by gw2auth.

the class ClientConsentControllerTest method getClientConsentLogPage.

@WithGw2AuthLogin
public void getClientConsentLogPage(MockHttpSession session) throws Exception {
    final long accountId = AuthenticationHelper.getUser(session).orElseThrow().getAccountId();
    final ClientRegistrationEntity clientRegistration = this.testHelper.createClientRegistration(accountId, "Name");
    final ClientConsentEntity clientAuthorization = this.testHelper.createClientConsent(accountId, clientRegistration.id(), Set.of(Gw2ApiPermission.ACCOUNT.oauth2()));
    final Queue<ClientConsentLogEntity> insertedLogs = new PriorityQueue<>(Comparator.comparing(ClientConsentLogEntity::timestamp).reversed());
    for (int i = 0; i < 143; i++) {
        final int generateMessageCount = ThreadLocalRandom.current().nextInt(20);
        final List<String> messages = new ArrayList<>(generateMessageCount);
        for (int j = 0; j < generateMessageCount; j++) {
            messages.add(UUID.randomUUID().toString());
        }
        insertedLogs.offer(this.testHelper.createClientLog(accountId, clientAuthorization.clientRegistrationId(), UUID.randomUUID().toString(), messages));
    }
    final ObjectMapper mapper = new ObjectMapper();
    int page = 0;
    do {
        final String responseJson = this.mockMvc.perform(get("/api/client/consent/{clientId}/logs", clientRegistration.clientId()).session(session).queryParam("page", Integer.toString(page))).andExpect(status().isOk()).andExpect(jsonPath("$.page").exists()).andExpect(jsonPath("$.nextPage").exists()).andExpect(jsonPath("$.logs").exists()).andReturn().getResponse().getContentAsString();
        final JsonNode responseNode = mapper.readTree(responseJson);
        final int nextPage = responseNode.get("nextPage").intValue();
        assertEquals(page, responseNode.get("page").intValue());
        assertTrue(nextPage == page + 1 || nextPage == -1);
        final JsonNode logsNode = responseNode.get("logs");
        assertTrue(logsNode.isArray());
        for (int i = 0; i < logsNode.size(); i++) {
            final ClientConsentLogEntity expectedLog = insertedLogs.poll();
            assertNotNull(expectedLog);
            final JsonNode logNode = logsNode.get(i);
            assertInstantEquals(expectedLog.timestamp(), logNode.get("timestamp").textValue());
            assertEquals(expectedLog.type(), logNode.get("type").textValue());
            final JsonNode messagesNode = logNode.get("messages");
            assertTrue(messagesNode.isArray());
            for (int j = 0; j < messagesNode.size(); j++) {
                assertEquals(expectedLog.messages().get(j), messagesNode.get(j).textValue());
            }
        }
        page = nextPage;
    } while (page != -1);
    assertTrue(insertedLogs.isEmpty());
}

Example 7 with ClientAuthorization

use of com.gw2auth.oauth2.server.service.client.authorization.ClientAuthorization in project oauth2-server by gw2auth.

the class OAuth2ConsentController method oauth2ConsentInformation.

@GetMapping(value = "/api/oauth2/consent", produces = MediaType.APPLICATION_JSON_VALUE)
public OAuth2ConsentInfoResponse oauth2ConsentInformation(@AuthenticationPrincipal Gw2AuthUser user, @RequestParam(OAuth2ParameterNames.CLIENT_ID) UUID clientId, @RequestParam(OAuth2ParameterNames.STATE) String state, @RequestParam(OAuth2ParameterNames.SCOPE) String scopes) {
    final ClientRegistration clientRegistration = this.clientRegistrationService.getClientRegistration(clientId).orElseThrow();
    final Set<String> requestedScopes = Utils.split(scopes, " ").collect(Collectors.toSet());
    final Set<Gw2ApiPermission> requestedGw2ApiPermissions = requestedScopes.stream().flatMap((scope) -> Gw2ApiPermission.fromOAuth2(scope).stream()).collect(Collectors.toSet());
    final boolean requestedVerifiedInformation = requestedScopes.contains(ClientConsentService.GW2AUTH_VERIFIED_SCOPE);
    final List<ApiToken> apiTokens = this.apiTokenService.getApiTokens(user.getAccountId());
    final List<OAuth2ConsentInfoResponse.MinimalApiToken> apiTokensWithSufficientPermissionResponses = new ArrayList<>();
    final List<OAuth2ConsentInfoResponse.MinimalApiToken> apiTokensWithInsufficientPermissionResponses = new ArrayList<>();
    final Set<UUID> verifiedGw2AccountIds;
    if (apiTokens.isEmpty() || !requestedVerifiedInformation) {
        verifiedGw2AccountIds = Set.of();
    } else {
        verifiedGw2AccountIds = this.verificationService.getVerifiedGw2AccountIds(user.getAccountId());
    }
    for (ApiToken apiToken : apiTokens) {
        final OAuth2ConsentInfoResponse.MinimalApiToken resultApiToken = OAuth2ConsentInfoResponse.MinimalApiToken.create(apiToken, verifiedGw2AccountIds.contains(apiToken.gw2AccountId()));
        if (apiToken.gw2ApiPermissions().containsAll(requestedGw2ApiPermissions)) {
            apiTokensWithSufficientPermissionResponses.add(resultApiToken);
        } else {
            apiTokensWithInsufficientPermissionResponses.add(resultApiToken);
        }
    }
    final Set<UUID> previouslyConsentedGw2AccountIds = this.clientAuthorizationService.getLatestClientAuthorization(user.getAccountId(), clientRegistration.id(), requestedScopes).map(ClientAuthorization::gw2AccountIds).orElseGet(Set::of);
    final MultiValueMap<String, String> submitFormParameters = new LinkedMultiValueMap<>();
    submitFormParameters.set(OAuth2ParameterNames.CLIENT_ID, clientId.toString());
    submitFormParameters.set(OAuth2ParameterNames.STATE, state);
    requestedScopes.forEach((scope) -> submitFormParameters.add(OAuth2ParameterNames.SCOPE, scope));
    final String cancelUri = UriComponentsBuilder.fromPath("/api/oauth2/consent-deny").replaceQueryParam(OAuth2ParameterNames.CLIENT_ID, clientId).replaceQueryParam(OAuth2ParameterNames.STATE, state).toUriString();
    return new OAuth2ConsentInfoResponse(ClientRegistrationPublicResponse.create(clientRegistration), requestedGw2ApiPermissions, requestedVerifiedInformation, "/oauth2/authorize", submitFormParameters, cancelUri, apiTokensWithSufficientPermissionResponses, apiTokensWithInsufficientPermissionResponses, previouslyConsentedGw2AccountIds);
}

Example 8 with ClientAuthorization

use of com.gw2auth.oauth2.server.service.client.authorization.ClientAuthorization in project oauth2-server by gw2auth.

the class ApiTokenController method updateApiToken.

@PatchMapping(value = "/api/token/{gw2AccountId}", produces = MediaType.APPLICATION_JSON_VALUE)
public ApiTokenResponse updateApiToken(@AuthenticationPrincipal Gw2AuthUser user, @PathVariable("gw2AccountId") UUID gw2AccountId, @RequestParam(value = "displayName", required = false) String displayName, @RequestParam(value = "gw2ApiToken", required = false) String gw2ApiToken) {
    final ApiToken apiToken = this.apiTokenService.updateApiToken(user.getAccountId(), gw2AccountId, gw2ApiToken, displayName);
    final List<ClientAuthorization> clientAuthorizations = this.clientAuthorizationService.getClientAuthorizations(user.getAccountId(), Set.of(apiToken.gw2AccountId()));
    final List<ApiTokenResponse.Authorization> authorizations;
    if (!clientAuthorizations.isEmpty()) {
        final Set<Long> clientRegistrationIds = clientAuthorizations.stream().map(ClientAuthorization::clientRegistrationId).collect(Collectors.toSet());
        authorizations = this.clientRegistrationService.getClientRegistrations(clientRegistrationIds).stream().map(ApiTokenResponse.Authorization::create).collect(Collectors.toList());
    } else {
        authorizations = List.of();
    }
    final boolean isVerified = this.verificationService.getVerifiedAccountId(apiToken.gw2AccountId()).orElse(-1L) == user.getAccountId();
    return ApiTokenResponse.create(apiToken, isVerified, authorizations);
}

Example 9 with ClientAuthorization

use of com.gw2auth.oauth2.server.service.client.authorization.ClientAuthorization in project oauth2-server by gw2auth.

the class ApiTokenController method getApiTokens.

@GetMapping(value = "/api/token", produces = MediaType.APPLICATION_JSON_VALUE)
public List<ApiTokenResponse> getApiTokens(@AuthenticationPrincipal Gw2AuthUser user) {
    final List<ApiToken> apiTokens = this.apiTokenService.getApiTokens(user.getAccountId());
    // get all gw2 account ids for authorization batch lookup
    final Set<UUID> gw2AccountIds = apiTokens.stream().map(ApiToken::gw2AccountId).collect(Collectors.toSet());
    // aggregate authorizations for later lookup
    final List<ClientAuthorization> clientAuthorizations = this.clientAuthorizationService.getClientAuthorizations(user.getAccountId(), gw2AccountIds);
    final Set<Long> clientRegistrationIds = new HashSet<>(clientAuthorizations.size());
    final Map<UUID, Set<Long>> clientRegistrationIdsByGw2AccountId = new HashMap<>(clientAuthorizations.size());
    for (ClientAuthorization clientAuthorization : clientAuthorizations) {
        clientRegistrationIds.add(clientAuthorization.clientRegistrationId());
        for (UUID gw2AccountId : clientAuthorization.gw2AccountIds()) {
            clientRegistrationIdsByGw2AccountId.computeIfAbsent(gw2AccountId, (k) -> new HashSet<>()).add(clientAuthorization.clientRegistrationId());
        }
    }
    // find all client registrations for the registration ids and remember them by id
    final Map<Long, ClientRegistration> clientRegistrationById = this.clientRegistrationService.getClientRegistrations(clientRegistrationIds).stream().collect(Collectors.toMap(ClientRegistration::id, Function.identity()));
    // find all verified gw2 account ids for this account (better than querying for every single one)
    final Set<UUID> verifiedGw2AccountIds = this.verificationService.getVerifiedGw2AccountIds(user.getAccountId());
    final List<ApiTokenResponse> response = new ArrayList<>(apiTokens.size());
    for (ApiToken apiToken : apiTokens) {
        final Set<Long> clientRegistrationIdsForThisToken = clientRegistrationIdsByGw2AccountId.get(apiToken.gw2AccountId());
        final List<ApiTokenResponse.Authorization> authorizations;
        if (clientRegistrationIdsForThisToken != null && !clientRegistrationIdsForThisToken.isEmpty()) {
            authorizations = new ArrayList<>(clientRegistrationIdsForThisToken.size());
            for (long clientRegistrationId : clientRegistrationIdsForThisToken) {
                final ClientRegistration clientRegistration = clientRegistrationById.get(clientRegistrationId);
                if (clientRegistration != null) {
                    authorizations.add(ApiTokenResponse.Authorization.create(clientRegistration));
                }
            }
        } else {
            authorizations = List.of();
        }
        response.add(ApiTokenResponse.create(apiToken, verifiedGw2AccountIds.contains(apiToken.gw2AccountId()), authorizations));
    }
    return response;
}

Example 10 with ClientAuthorization

use of com.gw2auth.oauth2.server.service.client.authorization.ClientAuthorization in project oauth2-server by gw2auth.

the class OAuth2ServerTest method consentSubmitAndHappyFlow.

@WithGw2AuthLogin
public void consentSubmitAndHappyFlow(MockHttpSession session) throws Exception {
    final long accountId = AuthenticationHelper.getUser(session).orElseThrow().getAccountId();
    final ClientRegistrationCreation clientRegistrationCreation = createClientRegistration();
    final ClientRegistration clientRegistration = clientRegistrationCreation.clientRegistration();
    // perform authorization request (which should redirect to the consent page)
    MvcResult result = performAuthorizeWithClient(session, clientRegistration, List.of(Gw2ApiPermission.ACCOUNT.oauth2())).andReturn();
    // submit the consent
    final String tokenA = TestHelper.randomRootToken();
    final String tokenB = TestHelper.randomRootToken();
    final String tokenC = TestHelper.randomRootToken();
    result = performSubmitConsent(session, clientRegistration, URI.create(Objects.requireNonNull(result.getResponse().getRedirectedUrl())), tokenA, tokenB, tokenC).andReturn();
    // verify the consent has been saved
    final ClientConsentEntity clientConsentEntity = this.clientConsentRepository.findByAccountIdAndClientRegistrationId(accountId, clientRegistration.id()).orElse(null);
    assertNotNull(clientConsentEntity);
    assertEquals(Set.of(Gw2ApiPermission.ACCOUNT.oauth2()), clientConsentEntity.authorizedScopes());
    // verify the authorization has been saved
    final List<ClientAuthorizationEntity> authorizations = this.clientAuthorizationRepository.findAllByAccountIdAndClientRegistrationId(accountId, clientConsentEntity.clientRegistrationId());
    assertEquals(1, authorizations.size());
    final ClientAuthorizationEntity clientAuthorization = authorizations.get(0);
    assertEquals(Set.of(Gw2ApiPermission.ACCOUNT.oauth2()), clientAuthorization.authorizedScopes());
    // verify the tokens have been saved
    List<ClientAuthorizationTokenEntity> clientAuthorizationTokenEntities = this.clientAuthorizationTokenRepository.findAllByAccountIdAndClientAuthorizationId(accountId, clientAuthorization.id());
    assertEquals(2, clientAuthorizationTokenEntities.size());
    // set testing clock to token customizer
    final Clock testingClock = Clock.fixed(Instant.now(), ZoneId.systemDefault());
    this.oAuth2TokenCustomizerService.setClock(testingClock);
    // retrieve the initial access and refresh token
    final String dummySubtokenA = TestHelper.createSubtokenJWT(this.gw2AccountId1st, Set.of(Gw2ApiPermission.ACCOUNT), testingClock.instant(), Duration.ofMinutes(30L));
    final String dummySubtokenB = TestHelper.createSubtokenJWT(this.gw2AccountId2nd, Set.of(Gw2ApiPermission.ACCOUNT), testingClock.instant(), Duration.ofMinutes(30L));
    result = performRetrieveTokenByCodeAndExpectValid(clientRegistrationCreation, URI.create(Objects.requireNonNull(result.getResponse().getRedirectedUrl())), Map.of(tokenA, dummySubtokenA, tokenB, dummySubtokenB)).andReturn();
    // verify the subtokens have been saved
    final Set<String> subTokens = this.apiSubTokenRepository.findAllByAccountIdGw2AccountIdsAndGw2ApiPermissionsBitSet(accountId, Set.of(this.gw2AccountId1st, this.gw2AccountId2nd), Gw2ApiPermission.toBitSet(Set.of(Gw2ApiPermission.ACCOUNT))).stream().map(ApiSubTokenEntity::gw2ApiSubtoken).collect(Collectors.toSet());
    assertEquals(2, subTokens.size());
    assertTrue(subTokens.contains(dummySubtokenA));
    assertTrue(subTokens.contains(dummySubtokenB));
    // verify the validity status has been saved
    final List<ApiTokenEntity> apiTokenEntities = this.apiTokenRepository.findAllByAccountIdAndGw2AccountIds(accountId, Set.of(this.gw2AccountId1st, this.gw2AccountId2nd));
    assertEquals(2, apiTokenEntities.size());
    assertTrue(apiTokenEntities.get(0).isValid());
    assertInstantEquals(testingClock.instant(), apiTokenEntities.get(0).lastValidCheckTime());
    assertTrue(apiTokenEntities.get(1).isValid());
    assertInstantEquals(testingClock.instant(), apiTokenEntities.get(1).lastValidCheckTime());
    // verify the access token
    JsonNode tokenResponse = assertTokenResponse(result, () -> Map.of(this.gw2AccountId1st, new com.nimbusds.jose.shaded.json.JSONObject(Map.of("name", "First", "token", dummySubtokenA)), this.gw2AccountId2nd, new com.nimbusds.jose.shaded.json.JSONObject(Map.of("name", "Second", "token", dummySubtokenB))));
    // retrieve a new access token using the refresh token
    final String refreshToken = tokenResponse.get("refresh_token").textValue();
    result = performRetrieveTokensByRefreshTokenAndExpectValid(clientRegistrationCreation, refreshToken).andReturn();
    tokenResponse = assertTokenResponse(result, () -> Map.of(this.gw2AccountId1st, new com.nimbusds.jose.shaded.json.JSONObject(Map.of("name", "First", "token", dummySubtokenA)), this.gw2AccountId2nd, new com.nimbusds.jose.shaded.json.JSONObject(Map.of("name", "Second", "token", dummySubtokenB))));
    assertNotEquals(refreshToken, tokenResponse.get("refresh_token").textValue());
}