Example 1 with DeviceFlowDO
use of org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO in project identity-inbound-auth-oauth by wso2-extensions.
the class DeviceFlowDAOImpl method getAuthenticationDetails.
@Override
@Deprecated
public DeviceFlowDO getAuthenticationDetails(String deviceCode) throws IdentityOAuth2Exception {
if (log.isDebugEnabled()) {
log.debug("Getting authentication details for device_code: " + deviceCode);
}
try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
ResultSet resultSet;
AuthenticatedUser user;
int tenantId = 0;
String userName = null;
// Check for matching deviceCode and clientId.
boolean isMatchingDeviceCodeAndClientId = false;
String userDomain = null;
String authenticatedIDP = null;
DeviceFlowDO deviceFlowDO = new DeviceFlowDO();
try (PreparedStatement prepStmt = connection.prepareStatement(SQLQueries.DeviceFlowDAOSQLQueries.GET_AUTHENTICATION_STATUS)) {
prepStmt.setString(1, deviceCode);
resultSet = prepStmt.executeQuery();
while (resultSet.next()) {
deviceFlowDO.setStatus(resultSet.getString(1));
deviceFlowDO.setLastPollTime(resultSet.getTimestamp(2, Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC))));
deviceFlowDO.setPollTime(resultSet.getLong(3));
deviceFlowDO.setExpiryTime(resultSet.getTimestamp(4, Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC))));
userName = resultSet.getString(5);
tenantId = resultSet.getInt(6);
userDomain = resultSet.getString(7);
authenticatedIDP = resultSet.getString(8);
isMatchingDeviceCodeAndClientId = true;
}
if (isMatchingDeviceCodeAndClientId) {
if (userName != null && tenantId != 0 && userDomain != null) {
String tenantDomain = OAuth2Util.getTenantDomain(tenantId);
user = OAuth2Util.createAuthenticatedUser(userName, userDomain, tenantDomain, authenticatedIDP);
deviceFlowDO.setAuthorizedUser(user);
}
return deviceFlowDO;
} else {
deviceFlowDO.setStatus(Constants.NOT_EXIST);
return deviceFlowDO;
}
}
} catch (SQLException e) {
throw new IdentityOAuth2Exception("Error when getting authentication status for device_code: " + deviceCode, e);
}
}
Also used :
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
SQLException(java.sql.SQLException)
DeviceFlowDO(org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO)
Connection(java.sql.Connection)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
Example 2 with DeviceFlowDO
use of org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO in project identity-inbound-auth-oauth by wso2-extensions.
the class DeviceFlowGrant method setPropertiesForTokenGeneration.
/**
* To set the properties of the token generation.
*
* @param tokReqMsgCtx Token request message context.
* @param deviceFlowDO Device flow DO set.
*/
private void setPropertiesForTokenGeneration(OAuthTokenReqMessageContext tokReqMsgCtx, DeviceFlowDO deviceFlowDO) {
AuthenticatedUser authzUser = deviceFlowDO.getAuthorizedUser();
String[] scopeSet = OAuth2Util.buildScopeArray(deviceFlowDO.getScope());
tokReqMsgCtx.setAuthorizedUser(authzUser);
if (StringUtils.isNotBlank(deviceFlowDO.getScope())) {
tokReqMsgCtx.setScope(scopeSet);
} else {
tokReqMsgCtx.setScope(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getScope());
}
}
Also used :
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
Example 3 with DeviceFlowDO
use of org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO in project identity-inbound-auth-oauth by wso2-extensions.
the class DeviceFlowGrant method validateGrant.
@Override
public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
super.validateGrant(oAuthTokenReqMessageContext);
boolean authStatus = false;
RequestParameter[] parameters = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getRequestParameters();
String deviceCode = null;
String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
String deviceStatus;
for (RequestParameter parameter : parameters) {
if (Constants.DEVICE_CODE.equals(parameter.getKey()) && StringUtils.isNotBlank(parameter.getValue()[0])) {
deviceCode = parameter.getValue()[0];
break;
}
}
if (log.isDebugEnabled()) {
log.debug("Getting ready to release token for device_code: " + deviceCode);
}
DeviceFlowDO deviceFlowDO = DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().getAuthenticationDetails(deviceCode, clientId);
Date date = new Date();
deviceStatus = deviceFlowDO.getStatus();
deviceFlowDO.setScope(getScopes(deviceCode));
deviceFlowDO.setDeviceCode(deviceCode);
if (Constants.NOT_EXIST.equals(deviceStatus)) {
throw new IdentityOAuth2Exception(DeviceErrorCodes.INVALID_REQUEST, DeviceErrorCodes.INVALID_REQUEST);
} else if (Constants.EXPIRED.equals(deviceStatus) || isExpiredDeviceCode(deviceFlowDO, date)) {
throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.EXPIRED_TOKEN, DeviceErrorCodes.SubDeviceErrorCodes.EXPIRED_TOKEN);
} else if (Constants.AUTHORIZED.equals(deviceStatus)) {
authStatus = true;
DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().setDeviceCodeExpired(deviceCode, Constants.EXPIRED);
setPropertiesForTokenGeneration(oAuthTokenReqMessageContext, deviceFlowDO);
} else if (Constants.USED.equals(deviceStatus) || Constants.PENDING.equals(deviceStatus)) {
Timestamp newPollTime = new Timestamp(date.getTime());
if (isValidPollTime(newPollTime, deviceFlowDO)) {
DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().setLastPollTime(deviceCode, newPollTime);
throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.AUTHORIZATION_PENDING, DeviceErrorCodes.SubDeviceErrorCodes.AUTHORIZATION_PENDING);
} else {
DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().setLastPollTime(deviceCode, newPollTime);
throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.SLOW_DOWN, DeviceErrorCodes.SubDeviceErrorCodes.SLOW_DOWN);
}
}
return authStatus;
}
Also used :
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
RequestParameter(org.wso2.carbon.identity.oauth2.model.RequestParameter)
DeviceFlowDO(org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO)
Timestamp(java.sql.Timestamp)
Date(java.util.Date)
Example 4 with DeviceFlowDO
use of org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO in project identity-inbound-auth-oauth by wso2-extensions.
the class DeviceFlowDAOImpl method getDetailsForUserCode.
@Override
public DeviceFlowDO getDetailsForUserCode(String userCode) throws IdentityOAuth2Exception {
if (log.isDebugEnabled()) {
log.debug("Getting authentication details for user_code: " + userCode);
}
try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
ResultSet resultSet;
DeviceFlowDO deviceFlowDO = null;
try (PreparedStatement prepStmt = connection.prepareStatement(SQLQueries.DeviceFlowDAOSQLQueries.GET_AUTHENTICATION_DETAILS)) {
prepStmt.setString(1, userCode);
resultSet = prepStmt.executeQuery();
while (resultSet.next()) {
deviceFlowDO = new DeviceFlowDO();
deviceFlowDO.setStatus(resultSet.getString(1));
deviceFlowDO.setExpiryTime(resultSet.getTimestamp(2, Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC))));
deviceFlowDO.setDeviceCode(resultSet.getString(3));
}
}
return deviceFlowDO;
} catch (SQLException e) {
throw new IdentityOAuth2Exception("Error when getting authentication details for user_code(hashed): " + DigestUtils.sha256Hex(userCode), e);
}
}
Also used :
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
SQLException(java.sql.SQLException)
DeviceFlowDO(org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO)
Connection(java.sql.Connection)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
Example 5 with DeviceFlowDO
use of org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO in project identity-inbound-auth-oauth by wso2-extensions.
the class UserAuthenticationEndpoint method deviceAuthorize.
@POST
@Path("/")
@Consumes("application/x-www-form-urlencoded")
@Produces("text/html")
public Response deviceAuthorize(@Context HttpServletRequest request, @Context HttpServletResponse response) throws InvalidRequestParentException, OAuthSystemException {
try {
String userCode = request.getParameter(Constants.USER_CODE);
// True when input(user_code) is not REQUIRED.
if (StringUtils.isBlank(userCode)) {
if (log.isDebugEnabled()) {
log.debug("user_code is missing in the request.");
}
response.sendRedirect(ServiceURLBuilder.create().addPath(Constants.DEVICE_ENDPOINT_PATH).addParameter("error", OAuth2ErrorCodes.INVALID_REQUEST).build().getAbsolutePublicURL());
return null;
}
String clientId = deviceAuthService.getClientId(userCode);
DeviceFlowDO deviceFlowDODetails = DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().getDetailsForUserCode(userCode);
if (StringUtils.isNotBlank(clientId) && deviceFlowDODetails != null && !isExpiredUserCode(deviceFlowDODetails)) {
setCallbackURI(clientId);
deviceAuthService.setAuthenticationStatus(userCode);
CommonAuthRequestWrapper commonAuthRequestWrapper = new CommonAuthRequestWrapper(request);
commonAuthRequestWrapper.setParameter(Constants.CLIENT_ID, clientId);
commonAuthRequestWrapper.setParameter(Constants.RESPONSE_TYPE, Constants.RESPONSE_TYPE_DEVICE);
commonAuthRequestWrapper.setParameter(Constants.REDIRECTION_URI, deviceFlowDO.getCallbackUri());
if (getScope(userCode) != null) {
String scope = String.join(Constants.SEPARATED_WITH_SPACE, getScope(userCode));
commonAuthRequestWrapper.setParameter(Constants.SCOPE, scope);
}
commonAuthRequestWrapper.setParameter(Constants.NONCE, userCode);
return oAuth2AuthzEndpoint.authorize(commonAuthRequestWrapper, response);
} else {
if (log.isDebugEnabled()) {
log.debug("Incorrect user_code.");
}
response.sendRedirect(ServiceURLBuilder.create().addPath(Constants.DEVICE_ENDPOINT_PATH).addParameter("error", OAuth2ErrorCodes.INVALID_REQUEST).build().getAbsolutePublicURL());
return null;
}
} catch (IdentityOAuth2Exception e) {
return handleIdentityOAuth2Exception(e);
} catch (IOException e) {
return handleIOException(e);
} catch (URLBuilderException e) {
return handleURLBuilderException(e);
} catch (URISyntaxException e) {
return handleURISyntaxException(e);
}
}
Also used :
URLBuilderException(org.wso2.carbon.identity.core.URLBuilderException)
CommonAuthRequestWrapper(org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthRequestWrapper)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
DeviceFlowDO(org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO)
IOException(java.io.IOException)
URISyntaxException(java.net.URISyntaxException)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Aggregations
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)4
DeviceFlowDO (org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO)4
Connection (java.sql.Connection)2
PreparedStatement (java.sql.PreparedStatement)2
ResultSet (java.sql.ResultSet)2
SQLException (java.sql.SQLException)2
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)2
IOException (java.io.IOException)1
URISyntaxException (java.net.URISyntaxException)1
Timestamp (java.sql.Timestamp)1
Date (java.util.Date)1
Consumes (javax.ws.rs.Consumes)1
POST (javax.ws.rs.POST)1
Path (javax.ws.rs.Path)1
Produces (javax.ws.rs.Produces)1
CommonAuthRequestWrapper (org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthRequestWrapper)1
URLBuilderException (org.wso2.carbon.identity.core.URLBuilderException)1
RequestParameter (org.wso2.carbon.identity.oauth2.model.RequestParameter)1
