Examples with OrcidOauth2TokenDetail - org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail

Example 6 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method tokenExpiredDoesntWorkTest.

@Test
public void tokenExpiredDoesntWorkTest() {
    OrcidOauth2TokenDetail expiredToken = new OrcidOauth2TokenDetail();
    expiredToken.setApproved(true);
    expiredToken.setAuthenticationKey("authentication-key");
    expiredToken.setClientDetailsId("4444-4444-4444-4441");
    expiredToken.setProfile(new ProfileEntity("4444-4444-4444-4442"));
    expiredToken.setResourceId("orcid");
    expiredToken.setScope("/read-limited");
    expiredToken.setTokenExpiration(new Date(System.currentTimeMillis() - 1000));
    expiredToken.setTokenValue("token-value");
    orcidOauthTokenDetailService.removeConflictsAndCreateNew(expiredToken);
    // The first time we try to use it, we get a InvalidTokenException with message Access token expired: token-value
    try {
        tokenServices.loadAuthentication("token-value");
        fail();
    } catch (InvalidTokenException e) {
        assertEquals("Access token expired: token-value", e.getMessage());
    }
    // Second time we try to use it, we get a InvalidTokenException with message Invalid access token: token-value
    try {
        tokenServices.loadAuthentication("token-value");
        fail();
    } catch (InvalidTokenException e) {
        assertEquals("Invalid access token: token-value", e.getMessage());
    }
}

Also used : InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) Date(java.util.Date) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 7 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class DefaultPermissionCheckerTest method checkRemoveUserGrantWriteScopePastValitityForPersistentTokens.

@Test
@Transactional
@Rollback
public void checkRemoveUserGrantWriteScopePastValitityForPersistentTokens() {
    OrcidOauth2TokenDetail token = tokenDetailService.findIgnoringDisabledByTokenValue("00000002-d80f-4afc-8f95-9b48d28aaadb");
    DefaultPermissionChecker customPermissionChecker = (DefaultPermissionChecker) defaultPermissionChecker;
    if (customPermissionChecker.removeUserGrantWriteScopePastValitity(token))
        fail();
}

Also used : OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test) Rollback(org.springframework.test.annotation.Rollback) Transactional(org.springframework.transaction.annotation.Transactional)

Example 8 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class OrcidTokenStoreServiceTest method createAccessToken.

private OrcidOauth2TokenDetail createAccessToken(String tokenValue, String scope, String clientId, String userOrcid, boolean disabled) {
    OrcidOauth2TokenDetail token = new OrcidOauth2TokenDetail();
    token.setApproved(true);
    token.setClientDetailsId(clientId);
    token.setDateCreated(new Date());
    token.setProfile(new ProfileEntity(userOrcid));
    token.setScope(scope);
    token.setTokenDisabled(disabled);
    token.setTokenValue(tokenValue);
    orcidOauth2TokenDetailService.saveOrUpdate(token);
    return token;
}

Also used : OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) Date(java.util.Date) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)

Example 9 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class OrcidTokenStoreServiceImpl method getAccessToken.

/**
     * Retrieve an access token stored against the provided authentication key,
     * if it exists.
     * 
     * @param authentication
     *            the authentication key for the access token
     * @return the access token or null if there was none
     */
@Override
public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
    String authKey = authenticationKeyGenerator.extractKey(authentication);
    List<OrcidOauth2TokenDetail> details = orcidOauthTokenDetailService.findByAuthenticationKey(authKey);
    // created with these scopes
    if (details != null && !details.isEmpty()) {
        OrcidOauth2TokenDetail oldestToken = null;
        for (OrcidOauth2TokenDetail tokenDetails : details) {
            if (oldestToken == null) {
                oldestToken = tokenDetails;
            } else {
                if (tokenDetails.getDateCreated().before(oldestToken.getDateCreated())) {
                    oldestToken = tokenDetails;
                }
            }
        }
        return getOauth2AccessTokenFromDetails(oldestToken);
    }
    return null;
}

Also used : OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)

Example 10 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesImpl method refreshAccessToken.

@Override
@Transactional
public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenRequest tokenRequest) throws AuthenticationException {
    String parentTokenValue = tokenRequest.getRequestParameters().get(OrcidOauth2Constants.AUTHORIZATION);
    String clientId = tokenRequest.getClientId();
    String scopes = tokenRequest.getRequestParameters().get(OAuth2Utils.SCOPE);
    Long expiresIn = tokenRequest.getRequestParameters().containsKey(OrcidOauth2Constants.EXPIRES_IN) ? Long.valueOf(tokenRequest.getRequestParameters().get(OrcidOauth2Constants.EXPIRES_IN)) : 0L;
    Boolean revokeOld = tokenRequest.getRequestParameters().containsKey(OrcidOauth2Constants.REVOKE_OLD) ? Boolean.valueOf(tokenRequest.getRequestParameters().get(OrcidOauth2Constants.REVOKE_OLD)) : true;
    // Check if the refresh token is enabled
    if (!customSupportRefreshToken) {
        throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
    }
    // Check if the client support refresh token
    ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
    if (!clientDetails.getAuthorizedGrantTypes().contains(OrcidOauth2Constants.REFRESH_TOKEN)) {
        throw new InvalidGrantException("Client " + clientId + " doesnt have refresh token enabled");
    }
    OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailDao.findByTokenValue(parentTokenValue);
    ProfileEntity profileEntity = new ProfileEntity(parentToken.getProfile().getId());
    OrcidOauth2TokenDetail newToken = new OrcidOauth2TokenDetail();
    newToken.setApproved(true);
    newToken.setClientDetailsId(clientId);
    newToken.setDateCreated(new Date());
    newToken.setLastModified(new Date());
    newToken.setPersistent(parentToken.isPersistent());
    newToken.setProfile(profileEntity);
    newToken.setRedirectUri(parentToken.getRedirectUri());
    newToken.setRefreshTokenValue(UUID.randomUUID().toString());
    newToken.setResourceId(parentToken.getResourceId());
    newToken.setResponseType(parentToken.getResponseType());
    newToken.setState(parentToken.getState());
    newToken.setTokenDisabled(false);
    if (expiresIn <= 0) {
        //If expiresIn is 0 or less, set the parent token 
        newToken.setTokenExpiration(parentToken.getTokenExpiration());
    } else {
        //Assumes expireIn already contains the real expired time expressed in millis 
        newToken.setTokenExpiration(new Date(expiresIn));
    }
    newToken.setTokenType(parentToken.getTokenType());
    newToken.setTokenValue(UUID.randomUUID().toString());
    newToken.setVersion(parentToken.getVersion());
    if (PojoUtil.isEmpty(scopes)) {
        newToken.setScope(parentToken.getScope());
    } else {
        newToken.setScope(scopes);
    }
    //Generate an authentication object to be able to generate the authentication key
    Set<String> scopesSet = OAuth2Utils.parseParameterList(newToken.getScope());
    AuthorizationRequest request = new AuthorizationRequest(clientId, scopesSet);
    request.setApproved(true);
    Authentication authentication = new OrcidOauth2UserAuthentication(profileEntity, true);
    OrcidOAuth2Authentication orcidAuthentication = new OrcidOAuth2Authentication(request, authentication, newToken.getTokenValue());
    newToken.setAuthenticationKey(authenticationKeyGenerator.extractKey(orcidAuthentication));
    // Store the new token and return it
    orcidOauth2TokenDetailDao.persist(newToken);
    // Revoke the old token when required
    if (revokeOld) {
        orcidOauth2TokenDetailDao.disableAccessToken(parentTokenValue);
    }
    // Save the changes
    orcidOauth2TokenDetailDao.flush();
    // and return it                
    return toOAuth2AccessToken(newToken);
}

Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) Date(java.util.Date) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)45 Date (java.util.Date)29 Test (org.junit.Test)27 DBUnitTest (org.orcid.test.DBUnitTest)26 Transactional (org.springframework.transaction.annotation.Transactional)13 Rollback (org.springframework.test.annotation.Rollback)12 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)10 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)9 InvalidTokenException (org.springframework.security.oauth2.common.exceptions.InvalidTokenException)8 InvalidScopeException (org.springframework.security.oauth2.common.exceptions.InvalidScopeException)7 NoResultException (javax.persistence.NoResultException)6 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)5 ArrayList (java.util.ArrayList)4 ScopePathType (org.orcid.jaxb.model.message.ScopePathType)4 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)4 OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)3 ApplicationSummary (org.orcid.pojo.ApplicationSummary)3 HashSet (java.util.HashSet)2 OrcidOauth2UserAuthentication (org.orcid.core.oauth.OrcidOauth2UserAuthentication)2 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)2