Examples with AuthzCodeDO org.wso2.carbon.identity.oauth2.model.AuthzCodeDO used on opensource projects

Example 41 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class RequestObjectHandlerTest method testHandleEvent.

@Test(dataProvider = "requestObjectRevoke")
public void testHandleEvent(String eventName, List<String> codeList, List<AuthzCodeDO> lstAuthzCode, String propertyName, String code) throws IdentityEventException {
    HashMap<String, Object> properties = new HashMap<>();
    if (CollectionUtils.isNotEmpty(codeList)) {
        properties.put(propertyName, codeList);
    } else if (CollectionUtils.isNotEmpty(lstAuthzCode)) {
        properties.put(propertyName, lstAuthzCode);
    }
    properties.put(OIDCConstants.Event.TOKEN_STATE, OAuthConstants.TokenStates.TOKEN_STATE_EXPIRED);
    properties.put(OIDCConstants.Event.SESSION_DATA_KEY, "sessionDataKey");
    properties.put(OIDCConstants.Event.NEW_ACCESS_TOKEN, "new");
    properties.put(OIDCConstants.Event.OLD_ACCESS_TOKEN, "old");
    Event event = new Event(eventName, properties);
    requestObjectHandler.handleEvent(event);
    Assert.assertEquals(requestObjectHandler.getName(), OIDCConstants.Event.HANDLE_REQUEST_OBJECT);
    Assert.assertNotNull(event.getEventProperties().size());
}

Example 42 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class IdentityOathEventListener method removeTokensFromCache.

private void removeTokensFromCache(String userName, UserStoreManager userStoreManager) throws UserStoreException {
    String userStoreDomain = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
    String tenantDomain = IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId());
    Set<AccessTokenDO> accessTokenDOSet;
    List<AuthzCodeDO> authorizationCodeDOSet;
    AuthenticatedUser authenticatedUser = new AuthenticatedUser();
    authenticatedUser.setUserStoreDomain(userStoreDomain);
    authenticatedUser.setTenantDomain(tenantDomain);
    authenticatedUser.setUserName(userName);
    try {
        /*
             Only the tokens and auth codes issued for openid scope should be removed from the cache, since no
             claims are usually cached against tokens or auth codes, otherwise.
             */
        accessTokenDOSet = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokensByUserForOpenidScope(authenticatedUser);
        authorizationCodeDOSet = OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().getAuthorizationCodesByUserForOpenidScope(authenticatedUser);
        removeAccessTokensFromCache(accessTokenDOSet);
        removeAuthzCodesFromCache(authorizationCodeDOSet);
    } catch (IdentityOAuth2Exception e) {
        String errorMsg = "Error occurred while retrieving access tokens issued for user : " + userName;
        log.error(errorMsg, e);
    }
}

Example 43 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationCodeGrantHandler method revokeExistingAccessTokens.

private void revokeExistingAccessTokens(String tokenId, AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception {
    String userId = null;
    try {
        userId = authzCodeDO.getAuthorizedUser().getUserId();
    } catch (UserIdNotFoundException e) {
        throw new IdentityOAuth2Exception("User id not found for user: " + authzCodeDO.getAuthorizedUser().getLoggableUserId(), e);
    }
    OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessToken(tokenId, userId);
    if (log.isDebugEnabled()) {
        if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) {
            log.debug("Validated authorization code(hashed): " + DigestUtils.sha256Hex(authzCodeDO.getAuthorizationCode()) + " for client: " + authzCodeDO.getConsumerKey() + " is not active. " + "So revoking the access tokens issued for the authorization code.");
        } else {
            log.debug("Validated authorization code for client: " + authzCodeDO.getConsumerKey() + " is not " + "active. So revoking the access tokens issued for the authorization code.");
        }
    }
}

Example 44 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationCodeGrantHandler method clearTokenCache.

private void clearTokenCache(AuthzCodeDO authzCodeBean, String clientId) throws IdentityOAuth2Exception {
    if (cacheEnabled) {
        String cacheKeyString = buildCacheKeyForToken(clientId, authzCodeBean);
        OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(cacheKeyString));
        if (log.isDebugEnabled()) {
            log.debug("Removed token from cache for user : " + authzCodeBean.getAuthorizedUser().toString() + ", for client : " + clientId);
        }
    }
}

Example 45 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationCodeGrantHandler method getPersistedAuthzCode.

/**
 * Provides authorization code request details saved in cache or DB
 * @param tokenReqDTO
 * @return
 * @throws IdentityOAuth2Exception
 */
private AuthzCodeDO getPersistedAuthzCode(OAuth2AccessTokenReqDTO tokenReqDTO) throws IdentityOAuth2Exception {
    AuthzCodeDO authzCodeDO;
    // If cache is enabled, check in the cache first.
    if (cacheEnabled) {
        OAuthCacheKey cacheKey = new OAuthCacheKey(OAuth2Util.buildCacheKeyStringForAuthzCode(tokenReqDTO.getClientId(), tokenReqDTO.getAuthorizationCode()));
        authzCodeDO = (AuthzCodeDO) OAuthCache.getInstance().getValueFromCache(cacheKey);
        if (authzCodeDO != null) {
            return authzCodeDO;
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Authorization Code Info was not available in cache for client id : " + tokenReqDTO.getClientId());
            }
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("Retrieving authorization code information from db for client id : " + tokenReqDTO.getClientId());
    }
    AuthorizationCodeValidationResult validationResult = OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().validateAuthorizationCode(tokenReqDTO.getClientId(), tokenReqDTO.getAuthorizationCode());
    if (validationResult != null) {
        if (!validationResult.isActiveCode()) {
            String tokenAlias = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokenByTokenId(validationResult.getTokenId());
            // revoking access token issued for authorization code as per RFC 6749 Section 4.1.2
            revokeExistingAccessTokens(validationResult.getTokenId(), validationResult.getAuthzCodeDO());
            clearTokenCache(tokenAlias, validationResult.getTokenId());
            String scope = OAuth2Util.buildScopeString(validationResult.getAuthzCodeDO().getScope());
            OAuthUtil.clearOAuthCache(tokenReqDTO.getClientId(), validationResult.getAuthzCodeDO().getAuthorizedUser(), scope);
        }
        return validationResult.getAuthzCodeDO();
    } else {
        // layers expect a null value for an invalid authorization code.
        return null;
    }
}