github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

stopped re-parsing scopes

pull/263/head
Justin Richer 2012-11-26 11:49:29 -05:00
parent 9c3a40779b
commit 1281d75aa9
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
View File

@ -121,15 +121,12 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
String userId = userAuthentication.getName(); String userId = userAuthentication.getName();
String clientId = authorizationRequest.getClientId(); String clientId = authorizationRequest.getClientId();
ClientDetails client = clientDetailsService.loadClientByClientId(clientId); ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
//TODO: ar.scope
String scopes = authorizationRequest.getAuthorizationParameters().get("scope");
Set<String> authRequestScopes = Sets.newHashSet(Splitter.on(" ").split(scopes));
//lookup ApprovedSites by userId and clientId //lookup ApprovedSites by userId and clientId
Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId); Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId);
for (ApprovedSite ap : aps) { for (ApprovedSite ap : aps) {
// if we find one that fits... // if we find one that fits...
if (scopesMatch(authRequestScopes, ap.getAllowedScopes())) { if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) {
//We have a match; update the access date on the AP entry and return true. //We have a match; update the access date on the AP entry and return true.
ap.setAccessDate(new Date()); ap.setAccessDate(new Date());
@ -144,7 +141,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
} }
WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId); WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId);
if (ws != null && scopesMatch(authRequestScopes, ws.getAllowedScopes())) { if (ws != null && scopesMatch(authorizationRequest.getScope(), ws.getAllowedScopes())) {
//Create an approved site //Create an approved site
approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws); approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws);
@ -190,7 +187,8 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
} }
} }
// inject the user-allowed scopes into the auth request // inject the user-allowed scopes into the auth request
// TODO: for the moment this allows both upscoping and downscoping.
ar.setScope(allowedScopes); ar.setScope(allowedScopes);
approvedSiteService.createApprovedSite(clientId, userId, null, allowedScopes, null); approvedSiteService.createApprovedSite(clientId, userId, null, allowedScopes, null);