use of com.predic8.membrane.core.interceptor.oauth2.Client in project ORCID-Source by ORCID.
the class ClientManagerTest method editUpdatingConfigValues.
@Test
public void editUpdatingConfigValues() {
String seed = RandomStringUtils.randomAlphanumeric(15);
Client originalClient = getClient(seed, MEMBER_ID);
assertFalse(originalClient.getId().startsWith("APP-"));
// Create the client
Client client = clientManager.create(originalClient);
String initialClientSecret = client.getDecryptedSecret();
// Update some fields
client.setAllowAutoDeprecate(false);
client.setAuthenticationProviderId("updated-authentication-provider-id");
client.setDescription("updated-desciption");
client.setEmailAccessReason("updated-email-access-reason");
client.setName("updated-client-name");
client.setPersistentTokensEnabled(false);
client.setWebsite("updated-website");
// Change group id, which should not be persisted
client.setGroupProfileId("0000-0000-0000-0000");
// Change client type, which should not be persisted
client.setClientType(ClientType.UPDATER);
// Add a new redirect uri
ClientRedirectUri rUri = new ClientRedirectUri();
Set<ScopePathType> scopes = new HashSet<ScopePathType>();
scopes.add(ScopePathType.READ_LIMITED);
scopes.add(ScopePathType.ACTIVITIES_UPDATE);
rUri.setPredefinedClientScopes(scopes);
rUri.setRedirectUri("new-redirect-uri");
rUri.setRedirectUriType(RedirectUriType.IMPORT_WORKS_WIZARD.value());
rUri.setUriActType("updated-uri-act-type");
rUri.setUriGeoArea("updated-geo-area");
client.getClientRedirectUris().add(rUri);
// Edit the client
Date editTime = new Date();
clientManager.edit(client, true);
// Verify new data is there
ClientDetailsEntity entityClient = clientDetailsDao.find(client.getId());
assertEquals(MEMBER_ID, entityClient.getGroupProfileId());
assertEquals("updated-desciption", entityClient.getClientDescription());
assertEquals("updated-client-name", entityClient.getClientName());
assertEquals("updated-website", entityClient.getClientWebsite());
assertEquals(initialClientSecret, encryptionManager.decryptForInternalUse(entityClient.getClientSecretForJpa()));
assertFalse(entityClient.isAllowAutoDeprecate());
// Verify authentication provider id changed
assertNotEquals(originalClient.getAuthenticationProviderId(), client.getAuthenticationProviderId());
assertEquals(client.getAuthenticationProviderId(), entityClient.getAuthenticationProviderId());
// Verify enable persistent tokens changed
assertNotEquals(originalClient.isPersistentTokensEnabled(), client.isPersistentTokensEnabled());
assertEquals(client.isPersistentTokensEnabled(), entityClient.isPersistentTokensEnabled());
// Verify config data doesn't changed
validateClientConfigSettings(entityClient, editTime);
}
use of com.predic8.membrane.core.interceptor.oauth2.Client in project ORCID-Source by ORCID.
the class ClientManagerTest method editClientDontOverwriteConfigValuesTest.
@Test
@Transactional
public void editClientDontOverwriteConfigValuesTest() {
// Create a new client
String seed = RandomStringUtils.randomAlphanumeric(15);
Client client = getClient(seed, MEMBER_ID);
assertFalse(client.getId().startsWith("APP-"));
client = clientManager.create(client);
assertTrue(client.getId().startsWith("APP-"));
assertEquals(ClientType.PREMIUM_CREATOR, client.getClientType());
ClientDetailsEntity newEntity = clientDetailsDao.find(client.getId());
assertEquals("authentication-provider-id " + seed, newEntity.getAuthenticationProviderId());
assertNull(newEntity.getEmailAccessReason());
newEntity.setAuthenticationProviderId("my-authentication-provider-id");
newEntity.setEmailAccessReason("my-email-access-reason");
newEntity.setPersistentTokensEnabled(true);
newEntity.setAllowAutoDeprecate(true);
clientDetailsDao.merge(newEntity);
client.setName("Updated name");
// Try to disable the persistent tokens
client.setPersistentTokensEnabled(false);
client.setAuthenticationProviderId("another-authentication-provider-id");
client.setClientType(ClientType.PUBLIC_CLIENT);
client.setDescription("Updated description");
client.setEmailAccessReason("another-email-access-reason");
client.setWebsite("http://updated.com");
clientManager.edit(client, false);
ClientDetailsEntity updatedEntity = clientDetailsDao.find(client.getId());
// Check config options where not overwritten
assertEquals(client.getId(), updatedEntity.getId());
assertEquals("my-authentication-provider-id", updatedEntity.getAuthenticationProviderId());
assertEquals("my-email-access-reason", updatedEntity.getEmailAccessReason());
assertTrue(updatedEntity.isPersistentTokensEnabled());
assertEquals(ClientType.PREMIUM_CREATOR, updatedEntity.getClientType());
// Check updated fields where persisted
assertEquals("Updated name", updatedEntity.getClientName());
assertEquals("Updated description", updatedEntity.getClientDescription());
assertEquals("http://updated.com", updatedEntity.getClientWebsite());
}
use of com.predic8.membrane.core.interceptor.oauth2.Client in project service-proxy by membrane.
the class OAuth2ResourceInterceptor method handleLoginRequest.
public void handleLoginRequest(Exchange exc) throws Exception {
Session s = sessionManager.getSession(exc);
String uri = exc.getRequest().getUri().substring(loginPath.length() - 1);
if (uri.indexOf('?') >= 0)
uri = uri.substring(0, uri.indexOf('?'));
exc.getDestinations().set(0, uri);
if (uri.equals("/logout")) {
if (s != null && s.getUserAttributes() != null) {
String token;
synchronized (s) {
token = s.getUserAttributes().get("access_token");
}
Exchange e = new Request.Builder().post(auth.getRevocationEndpoint()).header(Header.CONTENT_TYPE, "application/x-www-form-urlencoded").header(Header.USER_AGENT, Constants.USERAGENT).body(// TODO maybe send client credentials ( as it was before ) but Google doesn't accept that
"token=" + token).buildExchange();
Response response = auth.doRequest(e);
if (response.getStatusCode() != 200)
throw new RuntimeException("Revocation of token did not work. Statuscode: " + response.getStatusCode() + ".");
s.clear();
sessionManager.removeSession(exc);
}
exc.setResponse(Response.redirect("/", false).build());
} else if (uri.equals("/")) {
if (s == null || !s.isAuthorized()) {
String state = new BigInteger(130, new SecureRandom()).toString(32);
showPage(exc, state);
Session session = sessionManager.createSession(exc);
HashMap<String, String> userAttributes = new HashMap<String, String>();
userAttributes.put("state", state);
session.preAuthorize("", userAttributes);
} else {
showPage(exc, s.getUserAttributes().get("state"));
}
} else {
wsi.handleRequest(exc);
}
}
use of com.predic8.membrane.core.interceptor.oauth2.Client in project service-proxy by membrane.
the class OAuth2ResourceInterceptor method init.
@Override
public void init(Router router) throws Exception {
name = "OAuth 2 Client";
setFlow(Flow.Set.REQUEST_RESPONSE);
super.init(router);
auth.init(router);
statistics = new OAuth2Statistics();
uriFactory = router.getUriFactory();
if (sessionManager == null)
sessionManager = new SessionManager();
// TODO maybe do this differently as now the attribute in the bean is overwritten ( when set from external proxies.xml )
sessionManager.setCookieName("SESSION_ID_CLIENT");
sessionManager.init(router);
if (loginLocation != null) {
wsi = new WebServerInterceptor();
wsi.setDocBase(loginLocation);
router.getResolverMap().resolve(ResolverMap.combine(router.getBaseLocation(), wsi.getDocBase(), "./index.html")).close();
wsi.init(router);
}
if (publicURL == null)
initPublicURLOnFirstExchange = true;
else
normalizePublicURL();
firstInitWhenDynamicAuthorizationService = getAuthService().supportsDynamicRegistration();
if (!getAuthService().supportsDynamicRegistration())
firstInitWhenDynamicAuthorizationService = false;
new CleanupThread(sessionManager).start();
}
use of com.predic8.membrane.core.interceptor.oauth2.Client in project service-proxy by membrane.
the class AuthWithoutSessionRequest method processWithParameters.
@Override
protected Response processWithParameters() throws Exception {
Client client;
try {
client = authServer.getClientList().getClient(getClientId());
} catch (Exception e) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "unauthorized_client");
}
if (!OAuth2Util.isAbsoluteUri(getRedirectUri()) || !getRedirectUri().equals(client.getCallbackUrl()))
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_request");
if (promptEqualsNone())
return createParameterizedFormUrlencodedRedirect(exc, getState(), client.getCallbackUrl() + "?error=login_required");
if (!authServer.getSupportedAuthorizationGrants().contains(getResponseType()))
return createParameterizedFormUrlencodedRedirect(exc, getState(), client.getCallbackUrl() + "?error=unsupported_response_type");
String validScopes = verifyScopes(getScope());
if (validScopes.isEmpty())
return createParameterizedFormUrlencodedRedirect(exc, getState(), client.getCallbackUrl() + "?error=invalid_scope");
if (OAuth2Util.isOpenIdScope(validScopes)) {
if (!isCodeRequest())
return createParameterizedFormUrlencodedRedirect(exc, getState(), client.getCallbackUrl() + "?error=invalid_request");
// Parses the claims parameter into a json object. Claim values are always ignored and set to "null" as it is optional to react to those values
addValidClaimsToParams();
} else
removeClaimsWhenNotOpenidScope();
setScope(validScopes);
String invalidScopes = hasGivenInvalidScopes(getScope(), validScopes);
if (!invalidScopes.isEmpty())
setScopeInvalid(invalidScopes);
SessionManager.Session session = authServer.getSessionManager().getOrCreateSession(exc);
addParams(session, params);
return new NoResponse();
}
Aggregations