use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class DeviceCodeVerificationResource method verify.
/**
* Handles POST requests to the OAuth2 device/user endpoint.
*/
@Post
public Representation verify(Representation body) throws ServerException, NotFoundException, InvalidGrantException, OAuth2RestletException {
final Request restletRequest = getRequest();
OAuth2Request request = requestFactory.create(restletRequest);
DeviceCode deviceCode;
try {
deviceCode = tokenStore.readDeviceCode(request.<String>getParameter(OAuth2Constants.DeviceCode.USER_CODE), request);
} catch (InvalidGrantException e) {
return getTemplateRepresentation(FORM, request, "not_found");
}
if (deviceCode == null || deviceCode.isIssued()) {
return getTemplateRepresentation(FORM, request, "not_found");
}
addRequestParamsFromDeviceCode(restletRequest, deviceCode);
try {
final String decision = request.getParameter("decision");
if (StringUtils.isNotEmpty(decision)) {
final boolean consentGiven = "allow".equalsIgnoreCase(decision);
final boolean saveConsent = "on".equalsIgnoreCase(request.<String>getParameter("save_consent"));
if (saveConsent) {
saveConsent(request);
}
if (consentGiven) {
ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
deviceCode.setResourceOwnerId(resourceOwner.getId());
deviceCode.setAuthorized(true);
tokenStore.updateDeviceCode(deviceCode, request);
} else {
tokenStore.deleteDeviceCode(deviceCode.getClientId(), deviceCode.getDeviceCode(), request);
}
} else {
authorizationService.authorize(request);
}
} catch (IllegalArgumentException e) {
if (e.getMessage().contains("client_id")) {
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
}
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (ResourceOwnerConsentRequired e) {
return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
} catch (InvalidClientException | RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
return getTemplateRepresentation(THANKS_PAGE, request, null);
}
use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class DeviceCodeVerificationResource method saveConsent.
private void saveConsent(OAuth2Request request) throws NotFoundException, ServerException, InvalidScopeException, AccessDeniedException, ResourceOwnerAuthenticationRequired, InteractionRequiredException, BadRequestException, LoginRequiredException, InvalidClientException {
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
ClientRegistration clientRegistration = clientRegistrationStore.get(request.<String>getParameter(CLIENT_ID), request);
Set<String> scope = Utils.splitScope(request.<String>getParameter(SCOPE));
Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope, request);
providerSettings.saveConsent(resourceOwner, clientRegistration.getClientId(), validatedScope);
}
use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class DeviceCodeGrantTypeHandlerTest method shouldCatchInvalidClients.
@Test
public void shouldCatchInvalidClients() throws Exception {
// Given
InvalidClientException expectedResult = mock(InvalidClientException.class);
when(expectedResult.getError()).thenReturn("invalid_client");
Set<String> scope = new HashSet<>();
mockRequestRealmClientIdClientSecretAndCode("REALM", "CLIENT_ID", "CLIENT_SECRET", "CODE", scope);
given(clientRegistrationStore.get(anyString(), any(OAuth2Request.class))).willThrow(expectedResult);
// When
try {
grantTypeHandler.handle(request);
// Then - exception
fail("Should have exception");
} catch (OAuth2Exception e) {
assertThat(e.getError().equals("invalid_client"));
}
}
use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class DeviceCodeGrantTypeHandlerTest method setup.
@BeforeMethod
public void setup() throws Exception {
initMocks(this);
OAuth2ProviderSettingsFactory providerSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
when(providerSettingsFactory.get(request)).thenReturn(providerSettings);
when(providerSettings.getDeviceCodePollInterval()).thenReturn(5);
when(providerSettings.validateRequestedClaims(anyString())).thenAnswer(new Answer<String>() {
@Override
public String answer(InvocationOnMock invocation) throws Throwable {
return (String) invocation.getArguments()[0];
}
});
OAuth2UrisFactory oAuth2UrisFactory = mock(OAuth2UrisFactory.class);
when(oAuth2UrisFactory.get(request)).thenReturn(oAuth2Uris);
ClientAuthenticator clientAuthenticator = mock(ClientAuthenticator.class);
ClientRegistration clientRegistration = mock(ClientRegistration.class);
when(clientAuthenticator.authenticate(eq(request), anyString())).thenReturn(clientRegistration);
accessTokenGenerator = new GrantTypeAccessTokenGenerator(tokenStore);
when(tokenStore.createAccessToken(anyString(), anyString(), anyString(), anyString(), anyString(), anyString(), anySetOf(String.class), any(RefreshToken.class), anyString(), anyString(), any(OAuth2Request.class))).thenReturn(accessToken);
when(tokenStore.createRefreshToken(anyString(), anyString(), anyString(), anyString(), anySetOf(String.class), any(OAuth2Request.class), anyString())).thenReturn(refreshToken);
ClientAuthenticationFailureFactory failureFactory = mock(ClientAuthenticationFailureFactory.class);
InvalidClientException expectedResult = mock(InvalidClientException.class);
when(expectedResult.getError()).thenReturn("invalid_client");
when(failureFactory.getException()).thenReturn(expectedResult);
when(failureFactory.getException(anyString())).thenReturn(expectedResult);
when(failureFactory.getException(any(OAuth2Request.class), anyString())).thenReturn(expectedResult);
grantTypeHandler = new DeviceCodeGrantTypeHandler(providerSettingsFactory, clientAuthenticator, tokenStore, clientRegistrationStore, failureFactory, oAuth2UrisFactory, accessTokenGenerator);
}
use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class AuthorizeResource method authorize.
/**
* Handles GET requests to the OAuth2 authorize endpoint.
* <br/>
* This method will be called when a client has requested a resource owner grants it authorization to access a
* resource.
*
* @return The body to be sent in the response to the user agent.
* @throws OAuth2RestletException If a OAuth2 error occurs whilst processing the authorization request.
*/
@Get
public Representation authorize() throws OAuth2RestletException {
final OAuth2Request request = requestFactory.create(getRequest());
for (AuthorizeRequestHook hook : hooks) {
hook.beforeAuthorizeHandling(request, getRequest(), getResponse());
}
try {
final AuthorizationToken authorizationToken = authorizationService.authorize(request);
final String redirectUri = getQueryValue("redirect_uri");
Representation response = representation.toRepresentation(getContext(), getRequest(), getResponse(), authorizationToken, redirectUri);
for (AuthorizeRequestHook hook : hooks) {
hook.afterAuthorizeSuccess(request, getRequest(), getResponse());
}
return response;
} catch (IllegalArgumentException e) {
if (e.getMessage().contains("client_id")) {
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
}
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (ResourceOwnerConsentRequired e) {
return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
} catch (InvalidClientException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
}
Aggregations