use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class DefaultPermissionCheckerTest method testCheckUserPermissionsAuthenticationScopesOrcidAndOrcidMessageWhenWrongUser.
@Test(expected = AccessControlException.class)
@Transactional
@Rollback
public void testCheckUserPermissionsAuthenticationScopesOrcidAndOrcidMessageWhenWrongUser() throws Exception {
Set<String> resourceIds = new HashSet<String>(Arrays.asList("orcid"));
HashSet<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>(Arrays.asList(new SimpleGrantedAuthority("ROLE_CLIENT")));
AuthorizationRequest request = new AuthorizationRequest("4444-4444-4444-4441", Arrays.asList("/orcid-bio/external-identifiers/create"));
request.setAuthorities(grantedAuthorities);
request.setResourceIds(resourceIds);
ProfileEntity entity = profileEntityManager.findByOrcid("4444-4444-4444-4445");
OrcidOauth2UserAuthentication oauth2UserAuthentication = new OrcidOauth2UserAuthentication(entity, true);
OAuth2Authentication oAuth2Authentication = new OrcidOAuth2Authentication(request, oauth2UserAuthentication, "made-up-token");
ScopePathType requiredScope = ScopePathType.ORCID_BIO_EXTERNAL_IDENTIFIERS_CREATE;
OrcidMessage orcidMessage = getOrcidMessage();
String messageOrcid = orcidMessage.getOrcidProfile().getOrcidIdentifier().getPath();
defaultPermissionChecker.checkPermissions(oAuth2Authentication, requiredScope, messageOrcid, orcidMessage);
}
use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class DefaultPermissionCheckerTest method testCheckPermissionsAuthenticationScopesAndOrcidMessage.
@Test
public void testCheckPermissionsAuthenticationScopesAndOrcidMessage() throws Exception {
Set<String> resourceIds = new HashSet<String>(Arrays.asList("orcid"));
HashSet<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>(Arrays.asList(new SimpleGrantedAuthority("ROLE_CLIENT")));
AuthorizationRequest request = new AuthorizationRequest("4444-4444-4444-4441", Arrays.asList(ScopePathType.ORCID_WORKS_CREATE.value()));
request.setAuthorities(grantedAuthorities);
request.setResourceIds(resourceIds);
OAuth2Authentication oAuth2Authentication = new OrcidOAuth2Authentication(request, null, "made-up-token");
ScopePathType requiredScope = ScopePathType.ORCID_WORKS_CREATE;
OrcidMessage orcidMessage = getOrcidMessage();
defaultPermissionChecker.checkPermissions(oAuth2Authentication, requiredScope, orcidMessage);
}
use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class OauthControllerBase method generateRequestInfoForm.
private RequestInfoForm generateRequestInfoForm(String clientId, String scopesString, String redirectUri, String responseType, String stateParam, String email, String orcid, String givenNames, String familyNames, String nonce, String maxAge) throws UnsupportedEncodingException {
RequestInfoForm infoForm = new RequestInfoForm();
//If the user is logged in
String loggedUserOrcid = getEffectiveUserOrcid();
if (!PojoUtil.isEmpty(loggedUserOrcid)) {
infoForm.setUserOrcid(loggedUserOrcid);
ProfileEntity profile = profileEntityCacheManager.retrieve(loggedUserOrcid);
String creditName = "";
RecordNameEntity recordName = profile.getRecordNameEntity();
if (recordName != null) {
if (!PojoUtil.isEmpty(profile.getRecordNameEntity().getCreditName())) {
creditName = profile.getRecordNameEntity().getCreditName();
} else {
creditName = PojoUtil.isEmpty(profile.getRecordNameEntity().getGivenNames()) ? profile.getRecordNameEntity().getFamilyName() : profile.getRecordNameEntity().getGivenNames() + " " + profile.getRecordNameEntity().getFamilyName();
}
}
if (!PojoUtil.isEmpty(creditName)) {
infoForm.setUserName(URLDecoder.decode(creditName, "UTF-8").trim());
}
}
Set<ScopePathType> scopes = new HashSet<ScopePathType>();
if (!PojoUtil.isEmpty(clientId) && !PojoUtil.isEmpty(scopesString)) {
scopesString = URLDecoder.decode(scopesString, "UTF-8").trim();
scopesString = scopesString.replaceAll(" +", " ");
scopes = ScopePathType.getScopesFromSpaceSeparatedString(scopesString);
} else {
throw new InvalidRequestException("Unable to find parameters");
}
for (ScopePathType theScope : scopes) {
ScopeInfoForm scopeInfoForm = new ScopeInfoForm();
scopeInfoForm.setValue(theScope.value());
scopeInfoForm.setName(theScope.name());
try {
scopeInfoForm.setDescription(getMessage(ScopePathType.class.getName() + '.' + theScope.name()));
scopeInfoForm.setLongDescription(getMessage(ScopePathType.class.getName() + '.' + theScope.name() + ".longDesc"));
} catch (NoSuchMessageException e) {
LOGGER.warn("Unable to find key message for scope: " + theScope.name() + " " + theScope.value());
}
infoForm.getScopes().add(scopeInfoForm);
}
// Check if the client has persistent tokens enabled
ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
if (clientDetails.isPersistentTokensEnabled()) {
infoForm.setClientHavePersistentTokens(true);
}
// If client details is ok, continue
String clientName = clientDetails.getClientName() == null ? "" : clientDetails.getClientName();
String clientEmailRequestReason = clientDetails.getEmailAccessReason() == null ? "" : clientDetails.getEmailAccessReason();
String clientDescription = clientDetails.getClientDescription() == null ? "" : clientDetails.getClientDescription();
String memberName = "";
// If client type is null it means it is a public client
if (ClientType.PUBLIC_CLIENT.equals(clientDetails.getClientType())) {
memberName = PUBLIC_MEMBER_NAME;
} else if (!PojoUtil.isEmpty(clientDetails.getGroupProfileId())) {
ProfileEntity groupProfile = profileEntityCacheManager.retrieve(clientDetails.getGroupProfileId());
if (groupProfile.getRecordNameEntity() != null) {
memberName = groupProfile.getRecordNameEntity().getCreditName();
}
}
// name, since it should be a SSO user
if (StringUtils.isBlank(memberName)) {
memberName = clientName;
}
if (!PojoUtil.isEmpty(email) || !PojoUtil.isEmpty(orcid)) {
// Check if orcid exists, if so, show login screen
if (!PojoUtil.isEmpty(orcid)) {
orcid = orcid.trim();
if (orcidProfileManager.exists(orcid)) {
infoForm.setUserId(orcid);
}
} else {
// Check if email exists, if so, show login screen
if (!PojoUtil.isEmpty(email)) {
email = email.trim();
if (emailManager.emailExists(email)) {
infoForm.setUserId(email);
}
}
}
}
infoForm.setUserEmail(email);
if (PojoUtil.isEmpty(loggedUserOrcid))
infoForm.setUserOrcid(orcid);
infoForm.setUserGivenNames(givenNames);
infoForm.setUserFamilyNames(familyNames);
infoForm.setClientId(clientId);
infoForm.setClientDescription(clientDescription);
infoForm.setClientName(clientName);
infoForm.setClientEmailRequestReason(clientEmailRequestReason);
infoForm.setMemberName(memberName);
infoForm.setRedirectUrl(redirectUri);
infoForm.setStateParam(stateParam);
infoForm.setResponseType(responseType);
infoForm.setNonce(nonce);
return infoForm;
}
use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class OpenIDController method getUserInfo.
/** Manually checks bearer token, looks up user or throws 403.
*
* @return
*/
@RequestMapping(value = "/oauth/userinfo", method = { RequestMethod.GET, RequestMethod.POST }, produces = "application/json")
@ResponseBody
public ResponseEntity<OpenIDConnectUserInfo> getUserInfo(HttpServletRequest request) {
//note we do not support form post per https://tools.ietf.org/html/rfc6750 because it's a MAY and pointless
String authHeader = request.getHeader("Authorization");
if (authHeader != null) {
//lookup token, check it's valid, check scope.
String tokenValue = authHeader.replace("Bearer", "").trim();
OAuth2AccessToken tok = tokenStore.readAccessToken(tokenValue);
if (tok != null && !tok.isExpired()) {
boolean hasScope = false;
Set<ScopePathType> requestedScopes = ScopePathType.getScopesFromStrings(tok.getScope());
for (ScopePathType scope : requestedScopes) {
if (scope.hasScope(ScopePathType.OPENID)) {
hasScope = true;
}
}
if (hasScope) {
String orcid = tok.getAdditionalInformation().get("orcid").toString();
Person person = personDetailsManagerReadOnly.getPublicPersonDetails(orcid);
return ResponseEntity.ok(new OpenIDConnectUserInfo(orcid, person));
}
}
}
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class ClientDetailsManagerImpl method getClientRegisteredRedirectUris.
private SortedSet<ClientRedirectUriEntity> getClientRegisteredRedirectUris(Set<RedirectUri> clientRegisteredRedirectUris, ClientDetailsEntity clientDetailsEntity) {
SortedSet<ClientRedirectUriEntity> clientRedirectUriEntities = new TreeSet<ClientRedirectUriEntity>();
for (RedirectUri clientRegisteredRedirectUri : clientRegisteredRedirectUris) {
ClientRedirectUriEntity clientRedirectUriEntity = new ClientRedirectUriEntity();
clientRedirectUriEntity.setClientDetailsEntity(clientDetailsEntity);
clientRedirectUriEntity.setRedirectUri(clientRegisteredRedirectUri.getValue());
clientRedirectUriEntity.setRedirectUriType(clientRegisteredRedirectUri.getType().value());
List<ScopePathType> scopesForRedirect = clientRegisteredRedirectUri.getScope();
String clientPredefinedScopes = scopesForRedirect != null ? ScopePathType.getScopesAsSingleString(scopesForRedirect) : null;
clientRedirectUriEntity.setPredefinedClientScope(clientPredefinedScopes);
clientRedirectUriEntity.setUriActType(clientRegisteredRedirectUri.getActType());
clientRedirectUriEntity.setUriGeoArea(clientRegisteredRedirectUri.getGeoArea());
clientRedirectUriEntities.add(clientRedirectUriEntity);
}
return clientRedirectUriEntities;
}
Aggregations