Search in sources :

Example 1 with ClientApplication

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication in project pyramus by otavanopisto.

the class ClientApplicationsViewController method processSend.

@Override
public void processSend(PageRequestContext requestContext) {
    ClientApplicationDAO clientApplicationDAO = DAOFactory.getInstance().getClientApplicationDAO();
    ClientApplicationAuthorizationCodeDAO clientApplicationAuthorizationCodeDAO = DAOFactory.getInstance().getClientApplicationAuthorizationCodeDAO();
    ClientApplicationAccessTokenDAO clientApplicationAccessTokenDAO = DAOFactory.getInstance().getClientApplicationAccessTokenDAO();
    Long clientApplicationsRowCount = requestContext.getLong("clientApplicationsTable.rowCount");
    for (int i = 0; i < clientApplicationsRowCount; i++) {
        String colPrefix = "clientApplicationsTable." + i;
        Long id = requestContext.getLong(colPrefix + ".id");
        Boolean remove = "1".equals(requestContext.getString(colPrefix + ".remove"));
        Boolean regenerateSecret = "1".equals(requestContext.getString(colPrefix + ".regenerateSecret"));
        Boolean skipPrompt = "1".equals(requestContext.getString(colPrefix + ".skipPrompt"));
        String clientName = requestContext.getString(colPrefix + ".appName");
        String clientId = requestContext.getString(colPrefix + ".appId");
        String clientSecret = requestContext.getString(colPrefix + ".appSecret");
        if (id == null && !remove) {
            clientId = UUID.randomUUID().toString();
            clientSecret = new OauthClientSecretGenerator(80).nextString();
            clientApplicationDAO.create(clientName, clientId, clientSecret, skipPrompt);
        } else if (id != null) {
            ClientApplication clientApplication = clientApplicationDAO.findById(id);
            if (remove) {
                List<ClientApplicationAuthorizationCode> authCodes = clientApplicationAuthorizationCodeDAO.listByClientApplication(clientApplication);
                for (ClientApplicationAuthorizationCode clientApplicationAuthorizationCode : authCodes) {
                    ClientApplicationAccessToken clientApplicationAccessToken = clientApplicationAccessTokenDAO.findByAuthCode(clientApplicationAuthorizationCode);
                    if (clientApplicationAccessToken != null) {
                        clientApplicationAccessTokenDAO.delete(clientApplicationAccessToken);
                    }
                    clientApplicationAuthorizationCodeDAO.delete(clientApplicationAuthorizationCode);
                }
                clientApplicationDAO.delete(clientApplication);
            } else {
                if (regenerateSecret) {
                    clientSecret = new OauthClientSecretGenerator(80).nextString();
                    clientApplicationDAO.updateClientSecret(clientApplication, clientSecret);
                }
                clientApplicationDAO.updateName(clientApplication, clientName);
                clientApplicationDAO.updateSkipPrompt(clientApplication, skipPrompt);
            }
        }
    }
    processForm(requestContext);
}
Also used : ClientApplicationAccessTokenDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationAccessTokenDAO) ClientApplicationAuthorizationCodeDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationAuthorizationCodeDAO) ClientApplication(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication) ClientApplicationDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationDAO) ClientApplicationAccessToken(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAccessToken) List(java.util.List) ClientApplicationAuthorizationCode(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode) OauthClientSecretGenerator(fi.otavanopisto.pyramus.util.OauthClientSecretGenerator)

Example 2 with ClientApplication

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication in project pyramus by otavanopisto.

the class ClientApplicationDAO method create.

public ClientApplication create(String clientName, String clientId, String clientSecret, Boolean skipPrompt) {
    ClientApplication clientApplication = new ClientApplication();
    clientApplication.setClientId(clientId);
    clientApplication.setClientName(clientName);
    clientApplication.setClientSecret(clientSecret);
    clientApplication.setSkipPrompt(skipPrompt);
    return persist(clientApplication);
}
Also used : ClientApplication(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication)

Example 3 with ClientApplication

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication in project pyramus by otavanopisto.

the class AuthorizeClientApplicationViewController method processSend.

@Override
public void processSend(PageRequestContext requestContext) {
    if (!requestContext.isLoggedIn()) {
        HttpServletRequest request = requestContext.getRequest();
        StringBuilder currentUrl = new StringBuilder(request.getRequestURL());
        String queryString = request.getQueryString();
        if (!StringUtils.isBlank(queryString)) {
            currentUrl.append('?');
            currentUrl.append(queryString);
        }
        throw new LoginRequiredException(currentUrl.toString());
    }
    UserDAO userDAO = DAOFactory.getInstance().getUserDAO();
    ClientApplicationDAO clientApplicationDAO = DAOFactory.getInstance().getClientApplicationDAO();
    ClientApplicationAuthorizationCodeDAO clientApplicationAuthorizationCodeDAO = DAOFactory.getInstance().getClientApplicationAuthorizationCodeDAO();
    HttpServletRequest request = requestContext.getRequest();
    HttpSession session = request.getSession();
    Boolean authorized = "Authorize".equals(request.getParameter("authorize"));
    if (authorized) {
        Long userId = (Long) session.getAttribute("loggedUserId");
        String authorizationCode = (String) session.getAttribute("pendingAuthCode");
        String redirectURI = (String) session.getAttribute("pendingOauthRedirectUrl");
        ClientApplication clientApplication = clientApplicationDAO.findByClientId((String) session.getAttribute("clientAppId"));
        if (userId != null && authorizationCode != null && redirectURI != null && clientApplication != null) {
            try {
                OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND);
                builder.setCode(authorizationCode);
                final OAuthResponse response = builder.location(redirectURI).buildQueryMessage();
                User user = userDAO.findById(userId);
                clientApplicationAuthorizationCodeDAO.create(user, clientApplication, authorizationCode, redirectURI);
                requestContext.setRedirectURL(response.getLocationUri());
            } catch (OAuthSystemException e) {
                requestContext.setIncludeJSP("/templates/generic/errorpage.jsp");
                throw new SmvcRuntimeException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
            }
        } else {
            requestContext.setIncludeJSP("/templates/generic/errorpage.jsp");
            throw new SmvcRuntimeException(HttpServletResponse.SC_BAD_REQUEST, "Invalid parameters");
        }
    }
}
Also used : LoginRequiredException(fi.internetix.smvc.LoginRequiredException) User(fi.otavanopisto.pyramus.domainmodel.users.User) HttpSession(javax.servlet.http.HttpSession) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) SmvcRuntimeException(fi.internetix.smvc.SmvcRuntimeException) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) HttpServletRequest(javax.servlet.http.HttpServletRequest) ClientApplicationAuthorizationCodeDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationAuthorizationCodeDAO) ClientApplication(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication) ClientApplicationDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationDAO) UserDAO(fi.otavanopisto.pyramus.dao.users.UserDAO) OAuthASResponse(org.apache.oltu.oauth2.as.response.OAuthASResponse)

Example 4 with ClientApplication

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication in project pyramus by otavanopisto.

the class AuthorizeClientApplicationViewController method processForm.

@Override
public void processForm(PageRequestContext requestContext) {
    ClientApplicationDAO clientApplicationDAO = DAOFactory.getInstance().getClientApplicationDAO();
    if (!requestContext.isLoggedIn()) {
        HttpServletRequest request = requestContext.getRequest();
        StringBuilder currentUrl = new StringBuilder(request.getRequestURL());
        String queryString = request.getQueryString();
        if (!StringUtils.isBlank(queryString)) {
            currentUrl.append('?');
            currentUrl.append(queryString);
        }
        String clientId = requestContext.getString("client_id");
        if (StringUtils.isNotBlank(clientId)) {
            ClientApplication clientApplication = clientApplicationDAO.findByClientId(clientId);
            if (clientApplication == null) {
                throw new SmvcRuntimeException(HttpServletResponse.SC_FORBIDDEN, "Client application not found");
            }
            throw new LoginRequiredException(currentUrl.toString(), "OAUTHCLIENT", clientId);
        } else {
            throw new SmvcRuntimeException(HttpServletResponse.SC_FORBIDDEN, "Client application not defined");
        }
    }
    HttpServletRequest request = requestContext.getRequest();
    OAuthAuthzRequest oauthRequest;
    OAuthIssuerImpl oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
    try {
        oauthRequest = new OAuthAuthzRequest(request);
        ClientApplication clientApplication = clientApplicationDAO.findByClientId(oauthRequest.getClientId());
        if (clientApplication != null) {
            request.getSession().setAttribute("clientAppId", oauthRequest.getClientId());
            String responseType = oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE);
            if (!responseType.equals(ResponseType.CODE.toString())) {
                requestContext.setIncludeJSP("/templates/generic/errorpage.jsp");
                throw new SmvcRuntimeException(HttpServletResponse.SC_NOT_IMPLEMENTED, String.format("Response type: %s not supported", responseType));
            }
            String authorizationCode = oauthIssuerImpl.authorizationCode();
            request.getSession().setAttribute("pendingAuthCode", authorizationCode);
            String redirectURI = oauthRequest.getParam(OAuth.OAUTH_REDIRECT_URI);
            request.getSession().setAttribute("pendingOauthRedirectUrl", redirectURI);
            request.setAttribute("clientAppName", clientApplication.getClientName());
            if (clientApplication.getSkipPrompt()) {
                ClientApplicationAuthorizationCodeDAO clientApplicationAuthorizationCodeDAO = DAOFactory.getInstance().getClientApplicationAuthorizationCodeDAO();
                UserDAO userDAO = DAOFactory.getInstance().getUserDAO();
                HttpSession session = request.getSession();
                Long userId = (Long) session.getAttribute("loggedUserId");
                if (userId != null && authorizationCode != null && redirectURI != null && clientApplication != null) {
                    try {
                        OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND);
                        builder.setCode(authorizationCode);
                        final OAuthResponse response = builder.location(redirectURI).buildQueryMessage();
                        User user = userDAO.findById(userId);
                        clientApplicationAuthorizationCodeDAO.create(user, clientApplication, authorizationCode, redirectURI);
                        requestContext.setRedirectURL(response.getLocationUri());
                    } catch (OAuthSystemException e) {
                        requestContext.setIncludeJSP("/templates/generic/errorpage.jsp");
                        throw new SmvcRuntimeException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
                    }
                } else {
                    requestContext.setIncludeJSP("/templates/generic/errorpage.jsp");
                    throw new SmvcRuntimeException(HttpServletResponse.SC_BAD_REQUEST, "Invalid parameters");
                }
            }
        } else {
            requestContext.setIncludeJSP("/templates/generic/errorpage.jsp");
            throw new SmvcRuntimeException(HttpServletResponse.SC_FORBIDDEN, "Client application not found");
        }
    } catch (OAuthProblemException | OAuthSystemException e) {
        throw new SmvcRuntimeException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
    }
    // TODO: show auth page only if everything is ok
    requestContext.setIncludeJSP("/templates/users/authorizeclientapp.jsp");
}
Also used : LoginRequiredException(fi.internetix.smvc.LoginRequiredException) User(fi.otavanopisto.pyramus.domainmodel.users.User) HttpSession(javax.servlet.http.HttpSession) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) SmvcRuntimeException(fi.internetix.smvc.SmvcRuntimeException) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) HttpServletRequest(javax.servlet.http.HttpServletRequest) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) OAuthIssuerImpl(org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl) ClientApplication(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication) ClientApplicationAuthorizationCodeDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationAuthorizationCodeDAO) ClientApplicationDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationDAO) UserDAO(fi.otavanopisto.pyramus.dao.users.UserDAO) OAuthAuthzRequest(org.apache.oltu.oauth2.as.request.OAuthAuthzRequest) MD5Generator(org.apache.oltu.oauth2.as.issuer.MD5Generator) OAuthASResponse(org.apache.oltu.oauth2.as.response.OAuthASResponse)

Example 5 with ClientApplication

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication in project pyramus by otavanopisto.

the class MuikkuRESTService method requestCredentialReset.

@Path("/requestCredentialReset")
@GET
@RESTPermit(MuikkuPermissions.MUIKKU_RESET_CREDENTIALS)
public Response requestCredentialReset(@QueryParam("email") String email) {
    Person person = personController.findUniquePersonByEmail(email);
    if (person == null) {
        return Response.status(Status.NOT_FOUND).build();
    }
    byte[] sec = new byte[4096];
    SecureRandom R = new SecureRandom();
    R.nextBytes(sec);
    Date date = new Date();
    // Secret is for the communication purposes which will be authenticated by clientapplication with it's own secret
    String secret = DigestUtils.md5Hex(sec);
    // ConfirmSecret is the hash of secret + clientapplications secret
    ClientApplication clientApplication = clientApplicationController.getClientApplication();
    if (clientApplication != null) {
        String confirmSecret = DigestUtils.md5Hex(secret + clientApplication.getClientSecret());
        passwordResetRequestDAO.create(person, confirmSecret, date);
        // We return secret which cannot validate a reset by itself because it needs the client secret as authentication
        return Response.ok(secret).build();
    } else {
        return Response.status(Status.BAD_REQUEST).entity("Invalid client application").build();
    }
}
Also used : ClientApplication(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication) SecureRandom(java.security.SecureRandom) Person(fi.otavanopisto.pyramus.domainmodel.base.Person) Date(java.util.Date) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.pyramus.rest.annotation.RESTPermit) GET(javax.ws.rs.GET)

Aggregations

ClientApplication (fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication)10 ClientApplicationDAO (fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationDAO)4 ClientApplicationAuthorizationCodeDAO (fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationAuthorizationCodeDAO)3 ClientApplicationAuthorizationCode (fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode)3 User (fi.otavanopisto.pyramus.domainmodel.users.User)3 OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)3 LoginRequiredException (fi.internetix.smvc.LoginRequiredException)2 SmvcRuntimeException (fi.internetix.smvc.SmvcRuntimeException)2 UserDAO (fi.otavanopisto.pyramus.dao.users.UserDAO)2 ClientApplicationAccessToken (fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAccessToken)2 EntityManager (javax.persistence.EntityManager)2 CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpSession (javax.servlet.http.HttpSession)2 Path (javax.ws.rs.Path)2 MD5Generator (org.apache.oltu.oauth2.as.issuer.MD5Generator)2 OAuthIssuerImpl (org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl)2 OAuthASResponse (org.apache.oltu.oauth2.as.response.OAuthASResponse)2 OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)2 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)2