Search in sources :

Example 11 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class DefaultPermissionChecker method checkScopes.

private void checkScopes(OAuth2Authentication oAuth2Authentication, ScopePathType requiredScope) {
    OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
    Set<String> requestedScopes = authorizationRequest.getScope();
    if (requiredScope.isUserGrantWriteScope()) {
        OrcidOAuth2Authentication orcidOauth2Authentication = (OrcidOAuth2Authentication) oAuth2Authentication;
        String activeToken = orcidOauth2Authentication.getActiveToken();
        if (activeToken != null) {
            OrcidOauth2TokenDetail tokenDetail = orcidOauthTokenDetailService.findNonDisabledByTokenValue(activeToken);
            if (removeUserGrantWriteScopePastValitity(tokenDetail)) {
                throw new AccessControlException("Write scopes for this token have expired ");
            }
        }
    }
    if (!hasRequiredScope(requestedScopes, requiredScope)) {
        throw new AccessControlException("Insufficient or wrong scope " + requestedScopes);
    }
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AccessControlException(java.security.AccessControlException) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)

Example 12 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class ProfileEntityManagerImplTest method createToken.

private OrcidOauth2TokenDetail createToken(String clientId, String tokenValue, String userOrcid, Date expirationDate, String scopes, boolean disabled) {
    OrcidOauth2TokenDetail token = new OrcidOauth2TokenDetail();
    token.setApproved(true);
    token.setClientDetailsId(clientId);
    token.setDateCreated(new Date());
    token.setLastModified(new Date());
    token.setProfile(new ProfileEntity(userOrcid));
    token.setScope(scopes);
    token.setTokenDisabled(disabled);
    token.setTokenExpiration(expirationDate);
    token.setTokenType("bearer");
    token.setTokenValue(tokenValue);
    orcidOauth2TokenDetailService.saveOrUpdate(token);
    return token;
}
Also used : OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) Date(java.util.Date) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)

Example 13 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class OrcidOauth2AuthorizationDetailsDaoTest method testFindByTokenValue.

@Test
@Transactional
@Rollback
public void testFindByTokenValue() throws Exception {
    List<OrcidOauth2TokenDetail> all = orcidOauth2TokenDetailDao.getAll();
    assertEquals(5, all.size());
    for (OrcidOauth2TokenDetail detail : all) {
        List<OrcidOauth2TokenDetail> another = orcidOauth2TokenDetailDao.findByAuthenticationKey(detail.getAuthenticationKey());
        assertNotNull(another);
        assertFalse(another.isEmpty());
        for (OrcidOauth2TokenDetail token : another) {
            assertEquals(detail.getId(), token.getId());
            assertTrue(detail.getTokenExpiration().after(new Date()));
            assertTrue(detail.getRefreshTokenExpiration().after(new Date()));
        }
    }
}
Also used : OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) Date(java.util.Date) Test(org.junit.Test) DBUnitTest(org.orcid.test.DBUnitTest) Rollback(org.springframework.test.annotation.Rollback) Transactional(org.springframework.transaction.annotation.Transactional)

Example 14 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class OrcidOauth2AuthorizationDetailsDaoTest method testFindByUsername.

@Test
@Transactional
@Rollback
public void testFindByUsername() throws Exception {
    List<OrcidOauth2TokenDetail> all = orcidOauth2TokenDetailDao.getAll();
    assertEquals(5, all.size());
    for (OrcidOauth2TokenDetail detail : all) {
        List<OrcidOauth2TokenDetail> allForClient = orcidOauth2TokenDetailDao.findByUserName(detail.getProfile().getId());
        assertEquals(1, allForClient.size());
    }
}
Also used : OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) Test(org.junit.Test) DBUnitTest(org.orcid.test.DBUnitTest) Rollback(org.springframework.test.annotation.Rollback) Transactional(org.springframework.transaction.annotation.Transactional)

Example 15 with OrcidOauth2TokenDetail

use of org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail in project ORCID-Source by ORCID.

the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenTest.

@Test
public void createRefreshTokenTest() {
    // Create token, create refresh, parent should be disabled, scopes
    // should be equal
    long time = System.currentTimeMillis();
    String scope = "/activities/update";
    String tokenValue = "parent-token-" + time;
    String refreshTokenValue = "refresh-token-" + time;
    Boolean revokeOld = null;
    Date parentTokenExpiration = new Date(time + 10000);
    Long expireIn = null;
    OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, scope);
    OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn, scope);
    assertNotNull(refresh);
    OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
    assertNotNull(parentToken);
    assertEquals(tokenValue, parentToken.getTokenValue());
    assertTrue(parentToken.getTokenDisabled());
    assertEquals(scope, parentToken.getScope());
    assertNotNull(parentToken.getTokenExpiration());
    OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
    assertNotNull(refreshToken);
    assertNotNull(refreshToken.getTokenValue());
    assertNotNull(refreshToken.getRefreshTokenValue());
    assertFalse(refreshToken.getTokenDisabled());
    assertEquals(scope, refreshToken.getScope());
    assertNotNull(refreshToken.getTokenExpiration());
    assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Date(java.util.Date) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Aggregations

OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)45 Date (java.util.Date)29 Test (org.junit.Test)27 DBUnitTest (org.orcid.test.DBUnitTest)26 Transactional (org.springframework.transaction.annotation.Transactional)13 Rollback (org.springframework.test.annotation.Rollback)12 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)10 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)9 InvalidTokenException (org.springframework.security.oauth2.common.exceptions.InvalidTokenException)8 InvalidScopeException (org.springframework.security.oauth2.common.exceptions.InvalidScopeException)7 NoResultException (javax.persistence.NoResultException)6 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)5 ArrayList (java.util.ArrayList)4 ScopePathType (org.orcid.jaxb.model.message.ScopePathType)4 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)4 OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)3 ApplicationSummary (org.orcid.pojo.ApplicationSummary)3 HashSet (java.util.HashSet)2 OrcidOauth2UserAuthentication (org.orcid.core.oauth.OrcidOauth2UserAuthentication)2 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)2