Search in sources :

Example 1 with OAuth20RefreshToken

use of org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken in project cas by apereo.

the class OAuth20DefaultTokenGenerator method updateOAuthCode.

/**
 * Update OAuth code.
 *
 * @param holder      the holder
 * @param accessToken the accessToken
 * @throws Exception the exception
 */
protected void updateOAuthCode(final AccessTokenRequestContext holder, final OAuth20AccessToken accessToken) throws Exception {
    if (holder.isRefreshToken()) {
        val refreshToken = (OAuth20RefreshToken) holder.getToken();
        refreshToken.getAccessTokens().add(accessToken.getId());
        this.centralAuthenticationService.updateTicket(refreshToken);
    } else if (holder.isCodeToken()) {
        val codeState = Ticket.class.cast(holder.getToken());
        codeState.update();
        if (holder.getToken().isExpired()) {
            this.centralAuthenticationService.deleteTicket(holder.getToken().getId());
        } else {
            this.centralAuthenticationService.updateTicket(holder.getToken());
        }
        this.centralAuthenticationService.updateTicket(holder.getTicketGrantingTicket());
    }
}
Also used : lombok.val(lombok.val) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) Ticket(org.apereo.cas.ticket.Ticket) OAuth20RefreshToken(org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken)

Example 2 with OAuth20RefreshToken

use of org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken in project cas by apereo.

the class OAuth20RefreshTokenGrantTypeTokenRequestValidator method validateInternal.

@Override
protected boolean validateInternal(final WebContext context, final String grantType, final ProfileManager manager, final UserProfile uProfile) {
    val clientId = OAuth20Utils.getClientIdAndClientSecret(context, getConfigurationContext().getSessionStore()).getLeft();
    val refreshTokenResult = OAuth20Utils.getRequestParameter(context, OAuth20Constants.REFRESH_TOKEN);
    if (refreshTokenResult.isEmpty() || clientId.isEmpty()) {
        return false;
    }
    var refreshToken = (OAuth20RefreshToken) null;
    val token = refreshTokenResult.get();
    try {
        refreshToken = getConfigurationContext().getCentralAuthenticationService().getTicket(token, OAuth20RefreshToken.class);
        LOGGER.trace("Found valid refresh token [{}] in the registry", refreshToken);
    } catch (final InvalidTicketException e) {
        LOGGER.warn("Provided refresh token [{}] cannot be found in the registry or has expired", token);
        return false;
    }
    LOGGER.debug("Received grant type [{}] with client id [{}]", grantType, clientId);
    val registeredService = OAuth20Utils.getRegisteredOAuthServiceByClientId(getConfigurationContext().getServicesManager(), clientId);
    val audit = AuditableContext.builder().registeredService(registeredService).build();
    val accessResult = getConfigurationContext().getRegisteredServiceAccessStrategyEnforcer().execute(audit);
    accessResult.throwExceptionIfNeeded();
    if (!isGrantTypeSupportedBy(registeredService, grantType)) {
        LOGGER.warn("Requested grant type [{}] is not authorized by service definition [{}]", getGrantType(), Objects.requireNonNull(registeredService).getServiceId());
        return false;
    }
    if (!StringUtils.equalsIgnoreCase(refreshToken.getClientId(), clientId)) {
        LOGGER.warn("Provided refresh token [{}] does not belong to client [{}]", refreshToken.getId(), clientId);
        return false;
    }
    return true;
}
Also used : lombok.val(lombok.val) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) OAuth20RefreshToken(org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken)

Example 3 with OAuth20RefreshToken

use of org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken in project cas by apereo.

the class AbstractOAuth20Tests method assertRefreshTokenOk.

protected Pair<OAuth20AccessToken, OAuth20RefreshToken> assertRefreshTokenOk(final OAuthRegisteredService service, final OAuth20RefreshToken refreshToken, final Principal principal) throws Exception {
    val mockRequest = new MockHttpServletRequest(HttpMethod.GET.name(), CONTEXT + OAuth20Constants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuth20Constants.GRANT_TYPE, OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
    mockRequest.setParameter(OAuth20Constants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuth20Constants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuth20Constants.REFRESH_TOKEN, refreshToken.getId());
    val mockResponse = new MockHttpServletResponse();
    requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
    val mv = accessTokenController.handleRequest(mockRequest, mockResponse);
    assertEquals(HttpStatus.SC_OK, mockResponse.getStatus());
    assertTrue(mv.getModel().containsKey(OAuth20Constants.ACCESS_TOKEN));
    if (service.isGenerateRefreshToken()) {
        assertTrue(mv.getModel().containsKey(OAuth20Constants.REFRESH_TOKEN));
        if (service.isRenewRefreshToken()) {
            assertNull(this.ticketRegistry.getTicket(refreshToken.getId()));
        }
    }
    val newRefreshToken = service.isRenewRefreshToken() ? ticketRegistry.getTicket(mv.getModel().get(OAuth20Constants.REFRESH_TOKEN).toString(), OAuth20RefreshToken.class) : refreshToken;
    assertTrue(mv.getModel().containsKey(OAuth20Constants.EXPIRES_IN));
    val accessTokenId = mv.getModel().get(OAuth20Constants.ACCESS_TOKEN).toString();
    val accessToken = this.ticketRegistry.getTicket(accessTokenId, OAuth20AccessToken.class);
    assertEquals(principal, accessToken.getAuthentication().getPrincipal());
    val timeLeft = Integer.parseInt(mv.getModel().get(OAuth20Constants.EXPIRES_IN).toString());
    assertTrue(timeLeft >= TIMEOUT - 10 - DELTA);
    return Pair.of(accessToken, newRefreshToken);
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) OAuth20RefreshToken(org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken)

Example 4 with OAuth20RefreshToken

use of org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken in project cas by apereo.

the class OAuth20RevocationEndpointController method generateRevocationResponse.

/**
 * Generate revocation token response.
 *
 * @param token    the token to revoke
 * @param clientId the client who requests the revocation
 * @param response the response
 * @return the model and view
 * @throws Exception the exception
 */
protected ModelAndView generateRevocationResponse(final String token, final String clientId, final HttpServletResponse response) throws Exception {
    val registryToken = getConfigurationContext().getTicketRegistry().getTicket(token, OAuth20Token.class);
    if (registryToken == null) {
        LOGGER.error("Provided token [{}] has not been found in the ticket registry", token);
    } else if (isRefreshToken(registryToken) || isAccessToken(registryToken)) {
        if (!StringUtils.equals(clientId, registryToken.getClientId())) {
            LOGGER.warn("Provided token [{}] has not been issued for the service [{}]", token, clientId);
            return OAuth20Utils.writeError(response, OAuth20Constants.INVALID_REQUEST);
        }
        if (isRefreshToken(registryToken)) {
            revokeToken((OAuth20RefreshToken) registryToken);
        } else {
            revokeToken(registryToken.getId());
        }
    } else {
        LOGGER.error("Provided token [{}] is either not a refresh token or not an access token", token);
        return OAuth20Utils.writeError(response, OAuth20Constants.INVALID_REQUEST);
    }
    val mv = new ModelAndView(new MappingJackson2JsonView());
    mv.setStatus(HttpStatus.OK);
    return mv;
}
Also used : lombok.val(lombok.val) ModelAndView(org.springframework.web.servlet.ModelAndView) MappingJackson2JsonView(org.springframework.web.servlet.view.json.MappingJackson2JsonView) OAuth20RefreshToken(org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken)

Aggregations

lombok.val (lombok.val)4 OAuth20RefreshToken (org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken)4 InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)1 Ticket (org.apereo.cas.ticket.Ticket)1 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 ModelAndView (org.springframework.web.servlet.ModelAndView)1 MappingJackson2JsonView (org.springframework.web.servlet.view.json.MappingJackson2JsonView)1