use of com.microsoft.identity.common.internal.providers.oauth2.TokenResponse in project dockstore by dockstore.
the class Hoverfly method getFakeTokenResponse.
private static TokenResponse getFakeTokenResponse(String suffix) {
TokenResponse fakeTokenResponse = new TokenResponse();
fakeTokenResponse.setAccessToken(getFakeAccessToken(suffix));
fakeTokenResponse.setExpiresInSeconds(9001L);
fakeTokenResponse.setRefreshToken("fakeRefreshToken" + suffix);
return fakeTokenResponse;
}
use of com.microsoft.identity.common.internal.providers.oauth2.TokenResponse in project dockstore by dockstore.
the class TokenResource method addGitlabToken.
@GET
@Timed
@UnitOfWork
@Path("/gitlab.com")
@JsonView(TokenViews.User.class)
@Operation(operationId = "addGitlabToken", description = "Add a new gitlab.com token.", security = @SecurityRequirement(name = OPENAPI_JWT_SECURITY_DEFINITION_NAME))
@ApiOperation(value = "Add a new gitlab.com token.", authorizations = { @Authorization(value = JWT_SECURITY_DEFINITION_NAME) }, notes = "This is used as part of the OAuth 2 web flow. Once a user has approved permissions for CollaboratoryTheir browser will load the redirect URI which should resolve here", response = Token.class)
public Token addGitlabToken(@ApiParam(hidden = true) @Parameter(hidden = true, name = "user") @Auth User user, @QueryParam("code") String code) {
final AuthorizationCodeFlow flow = new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), HTTP_TRANSPORT, JSON_FACTORY, new GenericUrl(GITLAB_URL + "oauth/token"), new ClientParametersAuthentication(gitlabClientID, gitlabClientSecret), gitlabClientID, GITLAB_URL + "oauth/authorize").build();
LOG.info("About to try and grab access token");
String accessToken;
try {
TokenResponse tokenResponse = flow.newTokenRequest(code).setRequestInitializer(request -> request.getHeaders().setAccept("application/json")).setGrantType("authorization_code").setRedirectUri(gitlabRedirectUri).execute();
accessToken = tokenResponse.getAccessToken();
} catch (IOException e) {
LOG.error("Retrieving accessToken was unsuccessful");
throw new CustomWebApplicationException("Could not retrieve gitlab.com token based on code", HttpStatus.SC_BAD_REQUEST);
}
String url = GITLAB_URL + "api/v3/user";
Optional<String> asString = ResourceUtilities.asString(url, accessToken, client);
String username = getUserName(url, asString);
if (user != null) {
Token token = new Token();
token.setTokenSource(TokenType.GITLAB_COM);
token.setContent(accessToken);
token.setUserId(user.getId());
if (username != null) {
token.setUsername(username);
} else {
LOG.info("Gitlab.com tokenusername is null, did not create token");
throw new CustomWebApplicationException("Username not found from resource call " + url, HttpStatus.SC_CONFLICT);
}
checkIfAccountHasBeenLinked(token, TokenType.GITLAB_COM);
long create = tokenDAO.create(token);
LOG.info("Gitlab token created for {}", user.getUsername());
return tokenDAO.findById(create);
} else {
LOG.info("Could not find user");
throw new CustomWebApplicationException("User not found", HttpStatus.SC_CONFLICT);
}
}
use of com.microsoft.identity.common.internal.providers.oauth2.TokenResponse in project dockstore by dockstore.
the class TokenResource method addBitbucketToken.
@GET
@Timed
@UnitOfWork
@Path("/bitbucket.org")
@JsonView(TokenViews.User.class)
@Operation(operationId = "addBitbucketToken", description = "Add a new bitbucket.org token, used by quay.io redirect.", security = @SecurityRequirement(name = OPENAPI_JWT_SECURITY_DEFINITION_NAME))
@ApiOperation(value = "Add a new bitbucket.org token, used by quay.io redirect.", authorizations = { @Authorization(value = JWT_SECURITY_DEFINITION_NAME) }, notes = "This is used as part of the OAuth 2 web flow. " + "Once a user has approved permissions for Collaboratory" + "Their browser will load the redirect URI which should resolve here", response = Token.class)
public Token addBitbucketToken(@ApiParam(hidden = true) @Parameter(hidden = true, name = "user") @Auth User user, @QueryParam("code") String code) {
if (code.isEmpty()) {
throw new CustomWebApplicationException("Please provide an access code", HttpStatus.SC_BAD_REQUEST);
}
final AuthorizationCodeFlow flow = new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), HTTP_TRANSPORT, JSON_FACTORY, new GenericUrl(BITBUCKET_URL + "site/oauth2/access_token"), new ClientParametersAuthentication(bitbucketClientID, bitbucketClientSecret), bitbucketClientID, "https://bitbucket.org/site/oauth2/authorize").build();
String accessToken;
String refreshToken;
try {
TokenResponse tokenResponse = flow.newTokenRequest(code).setScopes(Collections.singletonList("user:email")).setRequestInitializer(request -> request.getHeaders().setAccept("application/json")).execute();
accessToken = tokenResponse.getAccessToken();
refreshToken = tokenResponse.getRefreshToken();
} catch (IOException e) {
LOG.error("Retrieving accessToken was unsuccessful");
throw new CustomWebApplicationException("Could not retrieve bitbucket.org token based on code", HttpStatus.SC_BAD_REQUEST);
}
String url = BITBUCKET_URL + "api/2.0/user";
Optional<String> asString2 = ResourceUtilities.asString(url, accessToken, client);
String username = getUserName(url, asString2);
if (user != null) {
Token token = new Token();
token.setTokenSource(TokenType.BITBUCKET_ORG);
token.setContent(accessToken);
token.setRefreshToken(refreshToken);
token.setUserId(user.getId());
if (username != null) {
token.setUsername(username);
} else {
LOG.info("Bitbucket.org token username is null, did not create token");
throw new CustomWebApplicationException("Username not found from resource call " + url, HttpStatus.SC_CONFLICT);
}
checkIfAccountHasBeenLinked(token, TokenType.BITBUCKET_ORG);
long create = tokenDAO.create(token);
LOG.info("Bitbucket token created for {}", user.getUsername());
return tokenDAO.findById(create);
} else {
LOG.info("Could not find user");
throw new CustomWebApplicationException("User not found", HttpStatus.SC_CONFLICT);
}
}
use of com.microsoft.identity.common.internal.providers.oauth2.TokenResponse in project che-server by eclipse-che.
the class OAuthAuthenticator method callback.
/**
* Process callback request.
*
* @param requestUrl request URI. URI should contain authorization code generated by authorization
* server
* @param scopes specify exactly what type of access needed. This list must be exactly the same as
* list passed to the method {@link #getAuthenticateUrl(URL, java.util.List)}
* @return id of authenticated user
* @throws OAuthAuthenticationException if authentication failed or <code>requestUrl</code> does
* not contain required parameters, e.g. 'code'
*/
public String callback(URL requestUrl, List<String> scopes) throws OAuthAuthenticationException {
if (!isConfigured()) {
throw new OAuthAuthenticationException(AUTHENTICATOR_IS_NOT_CONFIGURED);
}
AuthorizationCodeResponseUrl authorizationCodeResponseUrl = new AuthorizationCodeResponseUrl(requestUrl.toString());
final String error = authorizationCodeResponseUrl.getError();
if (error != null) {
throw new OAuthAuthenticationException("Authentication failed: " + error);
}
final String code = authorizationCodeResponseUrl.getCode();
if (code == null) {
throw new OAuthAuthenticationException("Missing authorization code. ");
}
try {
TokenResponse tokenResponse = flow.newTokenRequest(code).setRequestInitializer(request -> {
if (request.getParser() == null) {
request.setParser(flow.getJsonFactory().createJsonObjectParser());
}
request.getHeaders().setAccept(MediaType.APPLICATION_JSON);
}).setRedirectUri(findRedirectUrl(requestUrl)).setScopes(scopes).execute();
String userId = getUserFromUrl(authorizationCodeResponseUrl);
if (userId == null) {
userId = EnvironmentContext.getCurrent().getSubject().getUserId();
}
flow.createAndStoreCredential(tokenResponse, userId);
return userId;
} catch (IOException ioe) {
throw new OAuthAuthenticationException(ioe.getMessage());
}
}
use of com.microsoft.identity.common.internal.providers.oauth2.TokenResponse in project cyberduck by iterate-ch.
the class SDSSession method connect.
@Override
protected SDSApiClient connect(final Proxy proxy, final HostKeyCallback key, final LoginCallback prompt, final CancelCallback cancel) throws BackgroundException {
final HttpClientBuilder configuration = builder.build(proxy, this, prompt);
if (preferences.getBoolean("sds.oauth.migrate.enable")) {
if (host.getProtocol().isDeprecated()) {
final Credentials credentials = host.getCredentials();
if (!host.getCredentials().validate(host.getProtocol(), new LoginOptions(host.getProtocol()))) {
log.warn(String.format("Skip migration with missing credentials for %s", host));
} else {
if (log.isDebugEnabled()) {
log.debug(String.format("Attempt migration to OAuth flow for %s", host));
}
try {
// Search for installed connection profile using OAuth authorization method
for (Protocol oauth : ProtocolFactory.get().find(new OAuthFinderPredicate(host.getProtocol().getIdentifier()))) {
// Run password flow to attempt to migrate to OAuth
final TokenResponse response = new PasswordTokenRequest(new ApacheHttpTransport(builder.build(proxy, this, prompt).build()), new GsonFactory(), new GenericUrl(Scheme.isURL(oauth.getOAuthTokenUrl()) ? oauth.getOAuthTokenUrl() : new HostUrlProvider().withUsername(false).withPath(true).get(oauth.getScheme(), host.getPort(), null, host.getHostname(), oauth.getOAuthTokenUrl())), host.getCredentials().getUsername(), host.getCredentials().getPassword()).setClientAuthentication(new BasicAuthentication(oauth.getOAuthClientId(), oauth.getOAuthClientSecret())).setRequestInitializer(new UserAgentHttpRequestInitializer(new PreferencesUseragentProvider())).execute();
final long expiryInMilliseconds = System.currentTimeMillis() + response.getExpiresInSeconds() * 1000;
credentials.setOauth(new OAuthTokens(response.getAccessToken(), response.getRefreshToken(), expiryInMilliseconds));
credentials.setSaved(true);
log.warn(String.format("Switch bookmark %s to protocol %s", host, oauth));
host.setProtocol(oauth);
break;
}
} catch (IOException e) {
log.warn(String.format("Failure %s running password flow to migrate to OAuth", e));
}
}
}
}
switch(SDSProtocol.Authorization.valueOf(host.getProtocol().getAuthorization())) {
case oauth:
case password:
authorizationService = new OAuth2RequestInterceptor(builder.build(proxy, this, prompt).addInterceptorLast(new HttpRequestInterceptor() {
@Override
public void process(final HttpRequest request, final HttpContext context) {
if (request instanceof HttpRequestWrapper) {
final HttpRequestWrapper wrapper = (HttpRequestWrapper) request;
if (null != wrapper.getTarget()) {
if (StringUtils.equals(wrapper.getTarget().getHostName(), host.getHostname())) {
request.addHeader(HttpHeaders.AUTHORIZATION, String.format("Basic %s", Base64.encodeToString(String.format("%s:%s", host.getProtocol().getOAuthClientId(), host.getProtocol().getOAuthClientSecret()).getBytes(StandardCharsets.UTF_8), false)));
}
}
}
}
}).build(), host) {
@Override
public void process(final HttpRequest request, final HttpContext context) throws HttpException, IOException {
if (request instanceof HttpRequestWrapper) {
final HttpRequestWrapper wrapper = (HttpRequestWrapper) request;
if (null != wrapper.getTarget()) {
if (StringUtils.equals(wrapper.getTarget().getHostName(), host.getHostname())) {
super.process(request, context);
}
}
}
}
}.withRedirectUri(CYBERDUCK_REDIRECT_URI.equals(host.getProtocol().getOAuthRedirectUrl()) ? host.getProtocol().getOAuthRedirectUrl() : Scheme.isURL(host.getProtocol().getOAuthRedirectUrl()) ? host.getProtocol().getOAuthRedirectUrl() : new HostUrlProvider().withUsername(false).withPath(true).get(host.getProtocol().getScheme(), host.getPort(), null, host.getHostname(), host.getProtocol().getOAuthRedirectUrl()));
try {
authorizationService.withParameter("user_agent_info", Base64.encodeToString(InetAddress.getLocalHost().getHostName().getBytes(StandardCharsets.UTF_8), false));
} catch (UnknownHostException e) {
throw new DefaultIOExceptionMappingService().map(e);
}
configuration.setServiceUnavailableRetryStrategy(new OAuth2ErrorResponseInterceptor(host, authorizationService, prompt));
configuration.addInterceptorLast(authorizationService);
configuration.addInterceptorLast(new HttpRequestInterceptor() {
@Override
public void process(final HttpRequest request, final HttpContext context) {
request.removeHeaders(SDSSession.SDS_AUTH_TOKEN_HEADER);
}
});
break;
default:
retryHandler = new SDSErrorResponseInterceptor(this, nodeid);
configuration.setServiceUnavailableRetryStrategy(retryHandler);
configuration.addInterceptorLast(retryHandler);
break;
}
final CloseableHttpClient apache = configuration.build();
final SDSApiClient client = new SDSApiClient(apache);
client.setBasePath(new HostUrlProvider().withUsername(false).withPath(true).get(host.getProtocol().getScheme(), host.getPort(), null, host.getHostname(), host.getProtocol().getContext()));
client.setHttpClient(ClientBuilder.newClient(new ClientConfig().register(new InputStreamProvider()).register(MultiPartFeature.class).register(new JSON()).register(JacksonFeature.class).connectorProvider(new HttpComponentsProvider(apache))));
final int timeout = preferences.getInteger("connection.timeout.seconds") * 1000;
client.setConnectTimeout(timeout);
client.setReadTimeout(timeout);
client.setUserAgent(new PreferencesUseragentProvider().get());
return client;
}
Aggregations