Examples with OrcidOauth2AuthoriziationCodeDetail org.orcid.persistence.jpa.entities.OrcidOauth2AuthoriziationCodeDetail used on opensource projects

Example 11 with OrcidOauth2AuthoriziationCodeDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2AuthoriziationCodeDetail in project ORCID-Source by ORCID.

the class OrcidAuthorizationCodeTokenGranter method getOAuth2Authentication.

@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
    Map<String, String> parameters = tokenRequest.getRequestParameters();
    String authorizationCode = parameters.get("code");
    String redirectUri = parameters.get(OAuth2Utils.REDIRECT_URI);
    LOGGER.info("Getting OAuth2 authentication: code={}, redirectUri={}, clientId={}, scope={}", new Object[] { authorizationCode, redirectUri, tokenRequest.getClientId(), tokenRequest.getScope() });
    if (authorizationCode == null) {
        throw new OAuth2Exception("An authorization code must be supplied.");
    }
    //Validate the client is active
    ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(tokenRequest.getClientId());
    orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails);
    //Validate scopes
    OrcidOauth2AuthoriziationCodeDetail codeDetails = orcidOauth2AuthoriziationCodeDetailDao.find(authorizationCode);
    if (codeDetails == null) {
        throw new InvalidGrantException("Invalid authorization code: " + authorizationCode);
    } else {
        // Check auth code expiration
        Date tokenCreationDate = codeDetails.getDateCreated();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(tokenCreationDate);
        calendar.add(Calendar.MINUTE, authorizationCodeExpiration);
        Date tokenExpirationDate = calendar.getTime();
        if (tokenExpirationDate.before(new Date())) {
            throw new IllegalArgumentException("Authorization code has expired");
        }
        // Check granted scopes
        Set<String> grantedScopes = codeDetails.getScopes();
        Set<String> requestScopes = tokenRequest.getScope();
        for (String requestScope : requestScopes) {
            if (!grantedScopes.contains(requestScope)) {
                throw new InvalidScopeException("Invalid scopes: " + requestScope + " available scopes for this code are: " + grantedScopes);
            }
        }
    }
    //Consume code        
    OAuth2Authentication storedAuth = authorizationCodeServices.consumeAuthorizationCode(authorizationCode);
    if (storedAuth == null) {
        throw new InvalidGrantException("Invalid authorization code: " + authorizationCode);
    }
    OAuth2Request pendingAuthorizationRequest = storedAuth.getOAuth2Request();
    //Regenerate the authorization request but now with the request parameters
    pendingAuthorizationRequest = pendingAuthorizationRequest.createOAuth2Request(parameters);
    LOGGER.info("Found pending authorization request: redirectUri={}, clientId={}, scope={}, is_approved={}", new Object[] { pendingAuthorizationRequest.getRedirectUri(), pendingAuthorizationRequest.getClientId(), pendingAuthorizationRequest.getScope(), pendingAuthorizationRequest.isApproved() });
    // https://jira.springsource.org/browse/SECOAUTH-333
    // This might be null, if the authorization was done without the
    // redirect_uri parameter
    String redirectUriApprovalParameter = pendingAuthorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI);
    if ((redirectUri != null || redirectUriApprovalParameter != null) && !pendingAuthorizationRequest.getRedirectUri().equals(redirectUri)) {
        throw new RedirectMismatchException("Redirect URI mismatch.");
    }
    String pendingClientId = pendingAuthorizationRequest.getClientId();
    String clientId = client.getClientId();
    LOGGER.info("Comparing client ids: pendingClientId={}, authorizationRequest.clientId={}", pendingClientId, clientId);
    if (clientId != null && !clientId.equals(pendingClientId)) {
        // just a sanity check.
        throw new InvalidClientException("Client ID mismatch");
    }
    Authentication userAuth = storedAuth.getUserAuthentication();
    return new OAuth2Authentication(pendingAuthorizationRequest, userAuth);
}

Example 12 with OrcidOauth2AuthoriziationCodeDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2AuthoriziationCodeDetail in project ORCID-Source by ORCID.

the class OrcidClientCredentialEndPointDelegatorTest method generateRefreshTokenThatExpireAfterParentTokenTest.

@Test
public void generateRefreshTokenThatExpireAfterParentTokenTest() {
    //Generate the access token
    SecurityContextTestUtils.setUpSecurityContextForClientOnly(CLIENT_ID_1, ScopePathType.ACTIVITIES_UPDATE, ScopePathType.READ_LIMITED);
    OrcidOauth2AuthoriziationCodeDetail authCode = createAuthorizationCode("code-1", CLIENT_ID_1, "http://www.APP-5555555555555555.com/redirect/oauth", false, "/activities/update");
    MultivaluedMap<String, String> formParams = new MultivaluedMapImpl();
    formParams.add("client_id", CLIENT_ID_1);
    formParams.add("client_secret", "DhkFj5EI0qp6GsUKi55Vja+h+bsaKpBx");
    formParams.add("grant_type", "authorization_code");
    formParams.add("redirect_uri", "http://www.APP-5555555555555555.com/redirect/oauth");
    formParams.add("code", authCode.getId());
    Response response = orcidClientCredentialEndPointDelegator.obtainOauth2Token(null, formParams);
    assertNotNull(response);
    assertNotNull(response.getEntity());
    DefaultOAuth2AccessToken token = (DefaultOAuth2AccessToken) response.getEntity();
    assertNotNull(token);
    assertTrue(!PojoUtil.isEmpty(token.getValue()));
    assertNotNull(token.getRefreshToken());
    assertTrue(!PojoUtil.isEmpty(token.getRefreshToken().getValue()));
    //Generate the refresh token that expires after parent token
    MultivaluedMap<String, String> refreshTokenformParams = new MultivaluedMapImpl();
    refreshTokenformParams.add("client_id", CLIENT_ID_1);
    refreshTokenformParams.add("client_secret", "DhkFj5EI0qp6GsUKi55Vja+h+bsaKpBx");
    refreshTokenformParams.add("grant_type", "refresh_token");
    refreshTokenformParams.add("redirect_uri", "http://www.APP-5555555555555555.com/redirect/oauth");
    refreshTokenformParams.add("refresh_token", token.getRefreshToken().getValue());
    refreshTokenformParams.add("expires_in", String.valueOf(2 * 60 * 60));
    String authorization = "bearer " + token.getValue();
    try {
        orcidClientCredentialEndPointDelegator.obtainOauth2Token(authorization, refreshTokenformParams);
    } catch (IllegalArgumentException e) {
        assertTrue(e.getMessage().contains("Token expiration can't be after"));
    }
    //Try again with a valid expiration value
    refreshTokenformParams = new MultivaluedMapImpl();
    refreshTokenformParams.add("client_id", CLIENT_ID_1);
    refreshTokenformParams.add("client_secret", "DhkFj5EI0qp6GsUKi55Vja+h+bsaKpBx");
    refreshTokenformParams.add("grant_type", "refresh_token");
    refreshTokenformParams.add("redirect_uri", "http://www.APP-5555555555555555.com/redirect/oauth");
    refreshTokenformParams.add("refresh_token", token.getRefreshToken().getValue());
    refreshTokenformParams.add("expires_in", String.valueOf(60 * 30));
    response = orcidClientCredentialEndPointDelegator.obtainOauth2Token(authorization, refreshTokenformParams);
    assertNotNull(response);
    assertNotNull(response.getEntity());
    DefaultOAuth2AccessToken refreshToken = (DefaultOAuth2AccessToken) response.getEntity();
    assertNotNull(refreshToken);
    assertTrue(!PojoUtil.isEmpty(refreshToken.getValue()));
    assertNotNull(refreshToken.getRefreshToken());
    assertTrue(!PojoUtil.isEmpty(refreshToken.getRefreshToken().getValue()));
    assertTrue(token.getExpiration().getTime() > refreshToken.getExpiration().getTime());
}

Example 13 with OrcidOauth2AuthoriziationCodeDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2AuthoriziationCodeDetail in project ORCID-Source by ORCID.

the class OrcidClientCredentialEndPointDelegatorTest method generateAccessTokenTest.

@Test
public void generateAccessTokenTest() {
    SecurityContextTestUtils.setUpSecurityContextForClientOnly(CLIENT_ID_1, ScopePathType.ACTIVITIES_UPDATE, ScopePathType.READ_LIMITED);
    OrcidOauth2AuthoriziationCodeDetail authCode = createAuthorizationCode("code-1", CLIENT_ID_1, "http://www.APP-5555555555555555.com/redirect/oauth", true, "/activities/update");
    MultivaluedMap<String, String> formParams = new MultivaluedMapImpl();
    formParams.add("client_id", CLIENT_ID_1);
    formParams.add("client_secret", "DhkFj5EI0qp6GsUKi55Vja+h+bsaKpBx");
    formParams.add("grant_type", "authorization_code");
    formParams.add("redirect_uri", "http://www.APP-5555555555555555.com/redirect/oauth");
    formParams.add("code", authCode.getId());
    Response response = orcidClientCredentialEndPointDelegator.obtainOauth2Token(null, formParams);
    assertNotNull(response);
    assertNotNull(response.getEntity());
    DefaultOAuth2AccessToken token = (DefaultOAuth2AccessToken) response.getEntity();
    assertNotNull(token);
    assertTrue(!PojoUtil.isEmpty(token.getValue()));
    assertNotNull(token.getRefreshToken());
    assertTrue(!PojoUtil.isEmpty(token.getRefreshToken().getValue()));
}