From 269a354f8cc04d8c7c1a2fa04e23dea92ef6b182 Mon Sep 17 00:00:00 2001
From: Amanda Anganes <aanganes@mitre.org>
Date: Tue, 10 Apr 2012 13:44:10 -0400
Subject: [PATCH] Added tables.sql, which is just a concatenation of all the
 other sql files. Added redirect_uris.sql, which is a NEW table needed to
 support clients registering multiple redirect uris. This updates us to the
 HEAD revision of SECOAUTH, where the redirect uri field on ClientDetails has
 been updated to be a Set<String> instead of a single string. I updated the UI
 code so that it will still work, but it will need to be updated to allow
 users to register multiple uris. This also closes issue #2 from the issue
 tracker.

---
 .../oauth2/model/ClientDetailsEntity.java     | 15 ++-
 .../oauth2/model/OAuth2AccessTokenEntity.java |  3 +-
 .../repository/OAuth2TokenRepository.java     |  3 +
 .../impl/JpaOAuth2TokenRepository.java        | 11 ++-
 ...faultOAuth2ClientDetailsEntityService.java |  6 +-
 .../DefaultOAuth2ProviderTokenService.java    |  6 +-
 .../org/mitre/oauth2/web/OAuthClientAPI.java  |  8 +-
 .../spring/appServlet/servlet-context.xml     |  7 +-
 .../main/webapp/db/tables/redirect_uris.sql   |  4 +
 .../src/main/webapp/db/tables/tables.sql      | 94 +++++++++++++++++++
 spring-security-oauth                         |  2 +-
 11 files changed, 143 insertions(+), 16 deletions(-)
 create mode 100644 openid-connect-server/src/main/webapp/db/tables/redirect_uris.sql
 create mode 100644 openid-connect-server/src/main/webapp/db/tables/tables.sql

diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index 08429c95a..a4eb4170e 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -53,7 +53,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	private Long accessTokenTimeout; // in seconds
 	private Long refreshTokenTimeout; // in seconds
 	private String owner; // userid of who registered it
-	private String registeredRedirectUri;
+	private Set<String> registeredRedirectUri;
 	private Set<String> resourceIds;
 
 	//Additional properties added by OpenID Connect Dynamic Client Registration spec
@@ -300,15 +300,20 @@ public class ClientDetailsEntity implements ClientDetails {
 	/**
      * @return the registeredRedirectUri
      */
-	@Basic
-    public String getRegisteredRedirectUri() {
+	//@Basic
+    @ElementCollection(fetch = FetchType.EAGER)
+	@CollectionTable(
+			name="redirect_uris",
+			joinColumns=@JoinColumn(name="owner_id")
+	)
+    public Set<String> getRegisteredRedirectUri() {
     	return registeredRedirectUri;
     }
 
 	/**
      * @param registeredRedirectUri the registeredRedirectUri to set
      */
-    public void setRegisteredRedirectUri(String registeredRedirectUri) {
+    public void setRegisteredRedirectUri(Set<String> registeredRedirectUri) {
     	this.registeredRedirectUri = registeredRedirectUri;
     }
 
@@ -499,7 +504,7 @@ public class ClientDetailsEntity implements ClientDetails {
          * @param registeredRedirectUri
          * @see org.mitre.oauth2.model.ClientDetailsEntity#setRegisteredRedirectUri(java.lang.String)
          */
-        public ClientDetailsEntityBuilder setRegisteredRedirectUri(String registeredRedirectUri) {
+        public ClientDetailsEntityBuilder setRegisteredRedirectUri(Set<String> registeredRedirectUri) {
 	        instance.setRegisteredRedirectUri(registeredRedirectUri);
 	        return this;
         }
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
index 0649d71cb..787cae18f 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -43,7 +43,8 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
 @NamedQueries({
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getByRefreshToken", query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :refreshToken"),
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getByClient", query = "select a from OAuth2AccessTokenEntity a where a.client = :client"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getExpired", query = "select a from OAuth2AccessTokenEntity a where a.expiration is not null and a.expiration < current_timestamp")
+	@NamedQuery(name = "OAuth2AccessTokenEntity.getExpired", query = "select a from OAuth2AccessTokenEntity a where a.expiration is not null and a.expiration < current_timestamp"),
+	@NamedQuery(name = "OAuth2AccessTokenEntity.getByAuthentication", query = "select a from OAuth2AccessTokenEntity a where a.authentication = :authentication")
 })
 //@JsonSerialize(using = OAuth2AccessTokenSerializer.class)
 //@JsonDeserialize(using = OAuth2AccessTokenDeserializer.class)
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
index 475a5c0c3..7d39e01fb 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
@@ -5,6 +5,7 @@ import java.util.List;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 
 public interface OAuth2TokenRepository {
 
@@ -32,4 +33,6 @@ public interface OAuth2TokenRepository {
 
 	public List<OAuth2RefreshTokenEntity> getExpiredRefreshTokens();
 
+	public OAuth2AccessTokenEntity getByAuthentication(OAuth2Authentication auth);
+	
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
index 85cd9041d..07420a5af 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@@ -11,6 +11,7 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.util.jpa.JpaUtil;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -133,6 +134,14 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getExpired", OAuth2RefreshTokenEntity.class);
 	    List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
 	    return refreshTokens;
-    }	
+    }
+    
+    @Override
+    public OAuth2AccessTokenEntity getByAuthentication(OAuth2Authentication auth) {
+    	TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByAuthentication", OAuth2AccessTokenEntity.class);
+	    queryA.setParameter("authentication", auth);
+	    List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
+	    return JpaUtil.getSingleResult(accessTokens);
+    }
 
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
index e761e0ca3..bf15428b7 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
@@ -1,6 +1,7 @@
 package org.mitre.oauth2.service.impl;
 
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.Set;
 
 import org.mitre.oauth2.model.ClientDetailsEntity;
@@ -74,7 +75,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 		ClientDetailsEntity client = clientFactory.createClient(clientId, clientSecret);
 		client.setScope(scope);
 		client.setAuthorizedGrantTypes(grantTypes);
-		client.setRegisteredRedirectUri(redirectUri);
+		//client.setRegisteredRedirectUri(redirectUri);
+		Set<String> redirectUris = new HashSet<String>();
+		redirectUris.add(redirectUri);
+		client.setRegisteredRedirectUri(redirectUris);
 		client.setAuthorities(authorities);
 		client.setClientName(name);
 		client.setClientDescription(description);
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
index 0ca7b131a..e5e03abea 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
@@ -218,14 +218,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 		}
     }
 
-	/**
-	 * TODO: Implement
-	 * See github issue #2
-	 */
 	@Override
 	public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication) {
 		
-		OAuth2AccessTokenEntity accessToken = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity accessToken = tokenRepository.getByAuthentication(authentication);
 		
 		return accessToken;
 	}
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java
index e9c2b036f..955678af6 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java
@@ -1,6 +1,7 @@
 package org.mitre.oauth2.web;
 
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.Set;
 
 import org.mitre.oauth2.exception.ClientNotFoundException;
@@ -161,7 +162,12 @@ public class OAuthClientAPI {
     	client.setClientSecret(clientSecret);
     	client.setScope(scopeSet);
     	client.setAuthorizedGrantTypes(grantTypesSet);
-    	client.setRegisteredRedirectUri(redirectUri);
+    	
+    	//AANGANES 4/9/2012 client.redirectUri is now a Set<String>
+    	Set<String> redirectUris = new HashSet<String>();
+    	redirectUris.add(redirectUri);
+    	
+    	client.setRegisteredRedirectUri(redirectUris);
     	client.setAuthorities(authoritiesSet);
     	client.setResourceIds(resourceIdSet);
     	client.setClientName(name);
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
index b003a78cd..63167f9e2 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
@@ -46,11 +46,16 @@
 	
 	<beans:import resource="controllers.xml" />
 
+	<beans:bean class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler" id="userApprovalHandler">
+		<beans:property name="tokenServices" ref="defaultOAuth2ProviderTokenService"/>
+	</beans:bean>
+
 	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
 	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
 		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
+		user-approval-handler-ref="userApprovalHandler"
 		authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
-		<oauth:authorization-code authorization-code-services-ref="authCodeServices"/>
+		<oauth:authorization-code authorization-code-services-ref="authCodeServices" />
 	</oauth:authorization-server>
 
 </beans:beans>
diff --git a/openid-connect-server/src/main/webapp/db/tables/redirect_uris.sql b/openid-connect-server/src/main/webapp/db/tables/redirect_uris.sql
new file mode 100644
index 000000000..6b4f81936
--- /dev/null
+++ b/openid-connect-server/src/main/webapp/db/tables/redirect_uris.sql
@@ -0,0 +1,4 @@
+CREATE TABLE redirect_uris (
+	owner_id VARCHAR(256), 
+	registeredRedirectUri VARCHAR(256) 
+);
\ No newline at end of file
diff --git a/openid-connect-server/src/main/webapp/db/tables/tables.sql b/openid-connect-server/src/main/webapp/db/tables/tables.sql
new file mode 100644
index 000000000..3b89fdd3a
--- /dev/null
+++ b/openid-connect-server/src/main/webapp/db/tables/tables.sql
@@ -0,0 +1,94 @@
+CREATE TABLE accesstoken (
+	id VARCHAR(4096),
+	expiration TIMESTAMP,
+	tokenType VARCHAR(256),
+	refresh_token_id VARCHAR(256),
+	client_id VARCHAR(256),
+	authentication LONGBLOB,
+	idTokenString VARCHAR(4096)
+);
+CREATE TABLE address (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	formatted VARCHAR(256),
+	streetAddress VARCHAR(256),
+	locality VARCHAR(256),
+	region VARCHAR(256),
+	postalCode VARCHAR(256),
+	country VARCHAR(256)
+);
+CREATE TABLE approvedsite (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	userinfo_id VARCHAR(256),
+	clientdetails_id VARCHAR(256),
+	creationDate DATE,
+	accessDate DATE,
+	timeoutDate DATE
+);
+CREATE TABLE authorities (
+	owner_id VARCHAR(256),
+	authorities LONGBLOB
+);
+CREATE TABLE clientdetails (
+	clientId VARCHAR(256),
+	clientSecret VARCHAR(2000),
+	registeredRedirectUri VARCHAR(2000),
+	clientName VARCHAR(256),
+	clientDescription VARCHAR(2000),
+	allowRefresh TINYINT,
+	accessTokenTimeout BIGINT,
+	refreshTokenTimeout BIGINT,
+	owner VARCHAR(256)
+);
+CREATE TABLE event (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	type INT(3),
+	timestamp DATE
+);
+CREATE TABLE authorizedgranttypes (
+	owner_id VARCHAR(256),
+	authorizedgranttypes VARCHAR(2000)
+);
+CREATE TABLE idtoken (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY
+);
+CREATE TABLE idtokenclaims (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY
+);
+CREATE TABLE refreshtoken (
+	id VARCHAR(256),
+	expiration TIMESTAMP,
+	client_id VARCHAR(256)
+);
+CREATE TABLE resource_ids (
+	owner_id VARCHAR(256), 
+	resourceids VARCHAR(256) 
+);
+CREATE TABLE scope (
+	owner_id VARCHAR(256),
+	scope VARCHAR(2000)
+);
+CREATE TABLE userinfo (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	userId VARCHAR(256),
+	name VARCHAR(256),
+	givenName VARCHAR(256),
+	familyName VARCHAR(256),
+	middleName VARCHAR(256),
+	nickname VARCHAR(256),
+	profile VARCHAR(256),
+	picture VARCHAR(256),
+	website VARCHAR(256),
+	email VARCHAR(256),
+	verified BOOLEAN,
+	gender VARCHAR(256),
+	zoneinfo VARCHAR(256),
+	locale VARCHAR(256),
+	phoneNumber VARCHAR(256),
+	address_id VARCHAR(256),
+	updatedTime VARCHAR(256)
+);
+CREATE TABLE whitelistedsite (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	userinfo_id VARCHAR(256),
+	clientdetails_id VARCHAR(256)
+);
\ No newline at end of file
diff --git a/spring-security-oauth b/spring-security-oauth
index 5a784a9fb..33acf01dc 160000
--- a/spring-security-oauth
+++ b/spring-security-oauth
@@ -1 +1 @@
-Subproject commit 5a784a9fb7ac11a46cc161e94676e62dac57c2c8
+Subproject commit 33acf01dccc563c184f897448d7d61ed4aa847ff