Search in sources :

Example 6 with ClientSecretEntity

use of org.orcid.persistence.jpa.entities.ClientSecretEntity in project ORCID-Source by ORCID.

the class ClientDetailsManagerImpl method cleanOldClientKeys.

/**
     * Removes all non primary client secret keys
     * 
     * @param clientId
     * */
@Override
@Transactional
public void cleanOldClientKeys() {
    LOGGER.info("Starting cron to delete non primary client keys");
    Date currentDate = new Date();
    List<ClientDetailsEntity> allClientDetails = this.getAll();
    if (allClientDetails != null && allClientDetails != null) {
        for (ClientDetailsEntity clientDetails : allClientDetails) {
            String clientId = clientDetails.getClientId();
            LOGGER.info("Deleting non primary keys for client: {}", clientId);
            Set<ClientSecretEntity> clientSecrets = clientDetails.getClientSecrets();
            for (ClientSecretEntity clientSecret : clientSecrets) {
                if (!clientSecret.isPrimary()) {
                    Date dateRevoked = clientSecret.getLastModified();
                    Date timeToDeleteMe = DateUtils.addHours(dateRevoked, 24);
                    // If the key have been revokend more than 24 hours ago
                    if (timeToDeleteMe.before(currentDate)) {
                        LOGGER.info("Deleting key for client {}", clientId);
                        clientSecretDao.removeClientSecret(clientId, clientSecret.getClientSecret());
                    }
                }
            }
        }
    }
    LOGGER.info("Cron done");
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) ClientSecretEntity(org.orcid.persistence.jpa.entities.ClientSecretEntity) Date(java.util.Date) Transactional(org.springframework.transaction.annotation.Transactional)

Example 7 with ClientSecretEntity

use of org.orcid.persistence.jpa.entities.ClientSecretEntity in project ORCID-Source by ORCID.

the class DeveloperToolsControllerTest method testResetClientSecret.

@Test
public void testResetClientSecret() throws Exception {
    SSOCredentials ssoCredentials = new SSOCredentials();
    ssoCredentials.setClientName(Text.valueOf("Client Name"));
    ssoCredentials.setClientDescription(Text.valueOf("This is a test"));
    ssoCredentials.setClientWebsite(Text.valueOf("http://client.com"));
    Set<RedirectUri> redirectUris = new HashSet<RedirectUri>();
    RedirectUri rUri = new RedirectUri();
    rUri.setType(Text.valueOf("default"));
    rUri.setValue(Text.valueOf("http://test.com"));
    redirectUris.add(rUri);
    ssoCredentials.setRedirectUris(redirectUris);
    SSOCredentials result = developerToolsController.generateSSOCredentialsJson(ssoCredentials);
    assertNotNull(result);
    assertNotNull(result.getErrors());
    assertEquals(result.getErrors().size(), 0);
    Text clientSecret = result.getClientSecret();
    assertTrue(developerToolsController.resetClientSecret(result.getClientOrcid().getValue()));
    ClientDetailsEntity clientDetails = clientDetailsDao.findByClientId(result.getClientOrcid().getValue(), System.currentTimeMillis());
    assertEquals(result.getClientName().getValue(), clientDetails.getClientName());
    assertEquals(result.getClientDescription().getValue(), clientDetails.getClientDescription());
    assertEquals(result.getClientOrcid().getValue(), clientDetails.getClientId());
    assertEquals(result.getClientWebsite().getValue(), clientDetails.getClientWebsite());
    Set<ClientSecretEntity> clientSecrets = clientDetails.getClientSecrets();
    assertNotNull(clientSecrets);
    assertEquals(2, clientSecrets.size());
    for (ClientSecretEntity clientSecretEntity : clientSecrets) {
        String secret = encryptionManager.decryptForInternalUse(clientSecretEntity.getClientSecret());
        if (!clientSecretEntity.isPrimary())
            assertEquals(clientSecret.getValue(), secret);
        else
            assertFalse(clientSecret.getValue().equals(secret));
    }
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) SSOCredentials(org.orcid.pojo.ajaxForm.SSOCredentials) ClientSecretEntity(org.orcid.persistence.jpa.entities.ClientSecretEntity) RedirectUri(org.orcid.pojo.ajaxForm.RedirectUri) Text(org.orcid.pojo.ajaxForm.Text) HashSet(java.util.HashSet) Test(org.junit.Test) BaseControllerTest(org.orcid.frontend.web.util.BaseControllerTest)

Example 8 with ClientSecretEntity

use of org.orcid.persistence.jpa.entities.ClientSecretEntity in project ORCID-Source by ORCID.

the class CreateNewClientSecrets method createNewClientSecret.

private void createNewClientSecret(ClientDetailsEntity clientDetails) {
    String clientSecret = UUID.randomUUID().toString();
    clientDetails.getClientSecrets().add(new ClientSecretEntity(encryptionManager.encryptForInternalUse(clientSecret), clientDetails));
    clientDetails.setLastModified(now);
    clientDetailsManager.merge(clientDetails);
    String output = String.format("%s\t%s\t%s\n", clientDetails.getId(), clientDetails.getClientName(), clientSecret);
    output(output);
}
Also used : ClientSecretEntity(org.orcid.persistence.jpa.entities.ClientSecretEntity)

Example 9 with ClientSecretEntity

use of org.orcid.persistence.jpa.entities.ClientSecretEntity in project ORCID-Source by ORCID.

the class OrcidSSOManagerImpl method grantSSOAccess.

@Override
@Transactional
public ClientDetailsEntity grantSSOAccess(String orcid, String name, String description, String website, Set<String> redirectUris) {
    ProfileEntity profileEntity = profileEntityCacheManager.retrieve(orcid);
    if (profileEntity == null) {
        throw new IllegalArgumentException("ORCID does not exist for " + orcid + " cannot continue");
    }
    String clientId = null;
    ClientDetailsEntity existingPublicClient = clientDetailsManager.getPublicClient(orcid);
    // If it already have SSO client credentials, just return them
    if (existingPublicClient != null) {
        clientId = existingPublicClient.getId();
    } else {
        Set<String> clientScopes = new HashSet<>();
        for (ScopePathType publicClientScope : PUBLIC_CLIENT_SCOPES) {
            clientScopes.add(publicClientScope.getContent());
        }
        Set<String> clientResourceIds = new HashSet<>();
        clientResourceIds.add(RESOURCE_ID);
        Set<String> redirectUrisSet = new HashSet<String>();
        for (String uri : redirectUris) {
            redirectUrisSet.add(uri);
        }
        ClientDetailsEntity clientDetailsEntity = clientDetailsManager.createClientDetails(orcid, name, description, null, website, ClientType.PUBLIC_CLIENT, clientScopes, clientResourceIds, getClientAuthorizedGrantTypes(), getClientRegisteredRedirectUris(redirectUrisSet), getClientGrantedAuthorities(), false);
        clientId = clientDetailsEntity.getId();
    }
    ClientDetailsEntity clientDetailsEntity = clientDetailsManager.findByClientId(clientId);
    if (clientDetailsEntity.getClientSecrets() != null) {
        for (ClientSecretEntity updatedClientSecret : clientDetailsEntity.getClientSecrets()) {
            updatedClientSecret.setDecryptedClientSecret(encryptionManager.decryptForInternalUse(updatedClientSecret.getClientSecret()));
        }
    }
    return clientDetailsEntity;
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) ScopePathType(org.orcid.jaxb.model.message.ScopePathType) ClientSecretEntity(org.orcid.persistence.jpa.entities.ClientSecretEntity) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) HashSet(java.util.HashSet) Transactional(org.springframework.transaction.annotation.Transactional)

Example 10 with ClientSecretEntity

use of org.orcid.persistence.jpa.entities.ClientSecretEntity in project ORCID-Source by ORCID.

the class OrcidSSOManagerImpl method updateUserCredentials.

@Override
@Transactional
public ClientDetailsEntity updateUserCredentials(String orcid, String name, String description, String website, Set<String> redirectUris) {
    ProfileEntity profileEntity = profileEntityCacheManager.retrieve(orcid);
    if (profileEntity == null) {
        throw new IllegalArgumentException("ORCID does not exist for " + orcid + " cannot continue");
    } else {
        ClientDetailsEntity existingPublicClient = clientDetailsManager.getPublicClient(orcid);
        if (existingPublicClient != null) {
            // Set the decrypted secret
            existingPublicClient.setDecryptedClientSecret(encryptionManager.decryptForInternalUse(existingPublicClient.getClientSecretForJpa()));
            // Update the name
            existingPublicClient.setClientName(name);
            // Update the description
            existingPublicClient.setClientDescription(description);
            // Update the website if needed
            existingPublicClient.setClientWebsite(website);
            // Get the existing redirect uris
            SortedSet<ClientRedirectUriEntity> clientRedirectUriEntities = existingPublicClient.getClientRegisteredRedirectUris();
            // Create a set with the redirect uris that are not SSO and the
            // ones that wasnt modified
            Set<ClientRedirectUriEntity> redirectUrisToAdd = new HashSet<ClientRedirectUriEntity>();
            for (ClientRedirectUriEntity existingEntity : clientRedirectUriEntities) {
                // Add to the set all non SSO redirect uris
                if (!SSO_REDIRECT_URI_TYPE.equals(existingEntity.getRedirectUriType())) {
                    redirectUrisToAdd.add(existingEntity);
                } else {
                    // set of redirect uris, leave it
                    if (redirectUris.contains(existingEntity.getRedirectUri())) {
                        redirectUrisToAdd.add(existingEntity);
                    }
                }
            }
            Map<String, ClientRedirectUriEntity> existingClientRedirectUriEntitiesMap = ClientRedirectUriEntity.mapByUri(redirectUrisToAdd);
            // add them
            for (String redirectUri : redirectUris) {
                if (!existingClientRedirectUriEntitiesMap.containsKey(redirectUri)) {
                    // Add the new key
                    ClientRedirectUriEntity newRedirectUri = populateClientRedirectUriEntity(redirectUri, existingPublicClient);
                    redirectUrisToAdd.add(newRedirectUri);
                }
            }
            // Clear the set for orphan removal
            clientRedirectUriEntities.clear();
            // Fill the collection with the redirect uris that should be
            // kept
            clientRedirectUriEntities.addAll(redirectUrisToAdd);
            existingPublicClient = clientDetailsManager.merge(existingPublicClient);
            if (existingPublicClient.getClientSecrets() != null) {
                for (ClientSecretEntity updatedClientSecret : existingPublicClient.getClientSecrets()) {
                    updatedClientSecret.setDecryptedClientSecret(encryptionManager.decryptForInternalUse(updatedClientSecret.getClientSecret()));
                }
            }
            return existingPublicClient;
        }
    }
    return null;
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) ClientSecretEntity(org.orcid.persistence.jpa.entities.ClientSecretEntity) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) ClientRedirectUriEntity(org.orcid.persistence.jpa.entities.ClientRedirectUriEntity) HashSet(java.util.HashSet) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

ClientSecretEntity (org.orcid.persistence.jpa.entities.ClientSecretEntity)10 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)7 HashSet (java.util.HashSet)3 ClientRedirectUriEntity (org.orcid.persistence.jpa.entities.ClientRedirectUriEntity)3 Transactional (org.springframework.transaction.annotation.Transactional)3 Date (java.util.Date)2 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)2 TreeSet (java.util.TreeSet)1 Test (org.junit.Test)1 BaseControllerTest (org.orcid.frontend.web.util.BaseControllerTest)1 OrcidClient (org.orcid.jaxb.model.clientgroup.OrcidClient)1 ScopePathType (org.orcid.jaxb.model.message.ScopePathType)1 Client (org.orcid.pojo.ajaxForm.Client)1 RedirectUri (org.orcid.pojo.ajaxForm.RedirectUri)1 SSOCredentials (org.orcid.pojo.ajaxForm.SSOCredentials)1 Text (org.orcid.pojo.ajaxForm.Text)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1