Changed UserInfo refs in WhitelistedSite to String ids; updated the user approval handler to check if "remember this decision" is checked and only make a new AP if so, and to pull in the scopes selected on the approval page as the saved allowed scopes for that AP.
Amanda Anganes
parent
b87d54b06e
commit
2f28cf33e7
|
|
@ -17,6 +17,8 @@ package org.mitre.openid.connect.model;
|
||||||
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import javax.persistence.Basic;
|
||||||
|
import javax.persistence.CollectionTable;
|
||||||
import javax.persistence.ElementCollection;
|
import javax.persistence.ElementCollection;
|
||||||
import javax.persistence.Entity;
|
import javax.persistence.Entity;
|
||||||
import javax.persistence.FetchType;
|
import javax.persistence.FetchType;
|
||||||
|
|
@ -42,7 +44,7 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
@NamedQueries({
|
@NamedQueries({
|
||||||
@NamedQuery(name = "WhitelistedSite.getAll", query = "select w from WhitelistedSite w"),
|
@NamedQuery(name = "WhitelistedSite.getAll", query = "select w from WhitelistedSite w"),
|
||||||
@NamedQuery(name = "WhitelistedSite.getByClientDetails", query = "select w from WhitelistedSite w where w.clientDetails = :clientDetails"),
|
@NamedQuery(name = "WhitelistedSite.getByClientDetails", query = "select w from WhitelistedSite w where w.clientDetails = :clientDetails"),
|
||||||
@NamedQuery(name = "WhitelistedSite.getByUserInfo", query = "select w from WhitelistedSite w where w.creator = :userInfo")
|
@NamedQuery(name = "WhitelistedSite.getByCreatoruserId", query = "select w from WhitelistedSite w where w.creatorUserId = :userId")
|
||||||
})
|
})
|
||||||
public class WhitelistedSite {
|
public class WhitelistedSite {
|
||||||
|
|
||||||
|
|
@ -50,7 +52,7 @@ public class WhitelistedSite {
|
||||||
private Long id;
|
private Long id;
|
||||||
|
|
||||||
// Reference to the admin user who created this entry
|
// Reference to the admin user who created this entry
|
||||||
private DefaultUserInfo creator;
|
private String creatorUserId;
|
||||||
|
|
||||||
// which OAuth2 client is this tied to
|
// which OAuth2 client is this tied to
|
||||||
private ClientDetailsEntity clientDetails;
|
private ClientDetailsEntity clientDetails;
|
||||||
|
|
@ -102,6 +104,10 @@ public class WhitelistedSite {
|
||||||
* @return the allowedScopes
|
* @return the allowedScopes
|
||||||
*/
|
*/
|
||||||
@ElementCollection(fetch = FetchType.EAGER)
|
@ElementCollection(fetch = FetchType.EAGER)
|
||||||
|
@CollectionTable(
|
||||||
|
name="allowed_scopes",
|
||||||
|
joinColumns=@JoinColumn(name="owner_id")
|
||||||
|
)
|
||||||
public Set<String> getAllowedScopes() {
|
public Set<String> getAllowedScopes() {
|
||||||
return allowedScopes;
|
return allowedScopes;
|
||||||
}
|
}
|
||||||
|
|
@ -113,13 +119,12 @@ public class WhitelistedSite {
|
||||||
this.allowedScopes = allowedScopes;
|
this.allowedScopes = allowedScopes;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ManyToOne
|
@Basic
|
||||||
@JoinColumn(name="userinfo_id")
|
public String getCreatorUserId() {
|
||||||
public DefaultUserInfo getCreator() {
|
return creatorUserId;
|
||||||
return creator;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setCreator(DefaultUserInfo creator) {
|
public void setCreatorUserId(String creatorUserId) {
|
||||||
this.creator = creator;
|
this.creatorUserId = creatorUserId;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@ package org.mitre.openid.connect.repository;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
import org.mitre.openid.connect.model.UserInfo;
|
|
||||||
import org.mitre.openid.connect.model.WhitelistedSite;
|
import org.mitre.openid.connect.model.WhitelistedSite;
|
||||||
import org.springframework.security.oauth2.provider.ClientDetails;
|
import org.springframework.security.oauth2.provider.ClientDetails;
|
||||||
|
|
||||||
|
|
@ -56,10 +55,10 @@ public interface WhitelistedSiteRepository {
|
||||||
/**
|
/**
|
||||||
* Return a collection of the WhitelistedSites created by a given user
|
* Return a collection of the WhitelistedSites created by a given user
|
||||||
*
|
*
|
||||||
* @param creator the UserInfo representing an admin who may have made some WhitelistedSites
|
* @param creator the id of the admin who may have created some WhitelistedSites
|
||||||
* @return the collection of corresponding WhitelistedSites, if any, or null
|
* @return the collection of corresponding WhitelistedSites, if any, or null
|
||||||
*/
|
*/
|
||||||
public Collection<WhitelistedSite> getByCreator(UserInfo creator);
|
public Collection<WhitelistedSite> getByCreator(String creatorId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes the given IdToken from the repository
|
* Removes the given IdToken from the repository
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@ package org.mitre.openid.connect.service;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
import org.mitre.openid.connect.model.UserInfo;
|
|
||||||
import org.mitre.openid.connect.model.WhitelistedSite;
|
import org.mitre.openid.connect.model.WhitelistedSite;
|
||||||
import org.springframework.security.oauth2.provider.ClientDetails;
|
import org.springframework.security.oauth2.provider.ClientDetails;
|
||||||
|
|
||||||
|
|
@ -56,10 +55,10 @@ public interface WhitelistedSiteService {
|
||||||
/**
|
/**
|
||||||
* Return a collection of the WhitelistedSites created by a given user
|
* Return a collection of the WhitelistedSites created by a given user
|
||||||
*
|
*
|
||||||
* @param creator the UserInfo representing an admin who may have made some WhitelistedSites
|
* @param creator the user id of an admin who may have made some WhitelistedSites
|
||||||
* @return the collection of corresponding WhitelistedSites, if any, or null
|
* @return the collection of corresponding WhitelistedSites, if any, or null
|
||||||
*/
|
*/
|
||||||
public Collection<WhitelistedSite> getByCreator(UserInfo creator);
|
public Collection<WhitelistedSite> getByCreator(String creatorId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes the given WhitelistedSite from the repository
|
* Removes the given WhitelistedSite from the repository
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
CREATE TABLE whitelistedsite (
|
CREATE TABLE whitelistedsite (
|
||||||
id BIGINT AUTO_INCREMENT PRIMARY KEY,
|
id BIGINT AUTO_INCREMENT PRIMARY KEY,
|
||||||
userinfo_id VARCHAR(256),
|
creatorUserId VARCHAR(256),
|
||||||
clientdetails_id VARCHAR(256)
|
clientdetails_id VARCHAR(256)
|
||||||
);
|
);
|
||||||
|
|
@ -23,7 +23,6 @@ import javax.persistence.EntityManager;
|
||||||
import javax.persistence.PersistenceContext;
|
import javax.persistence.PersistenceContext;
|
||||||
import javax.persistence.TypedQuery;
|
import javax.persistence.TypedQuery;
|
||||||
|
|
||||||
import org.mitre.openid.connect.model.UserInfo;
|
|
||||||
import org.mitre.openid.connect.model.WhitelistedSite;
|
import org.mitre.openid.connect.model.WhitelistedSite;
|
||||||
import org.mitre.openid.connect.repository.WhitelistedSiteRepository;
|
import org.mitre.openid.connect.repository.WhitelistedSiteRepository;
|
||||||
import org.mitre.util.jpa.JpaUtil;
|
import org.mitre.util.jpa.JpaUtil;
|
||||||
|
|
@ -94,9 +93,9 @@ public class JpaWhitelistedSiteRepository implements WhitelistedSiteRepository {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional
|
@Transactional
|
||||||
public Collection<WhitelistedSite> getByCreator(UserInfo creator) {
|
public Collection<WhitelistedSite> getByCreator(String creatorId) {
|
||||||
TypedQuery<WhitelistedSite> query = manager.createNamedQuery("WhitelistedSite.getByUserInfo", WhitelistedSite.class);
|
TypedQuery<WhitelistedSite> query = manager.createNamedQuery("WhitelistedSite.getByCreaterUserId", WhitelistedSite.class);
|
||||||
query.setParameter("userInfo", creator);
|
query.setParameter("userId", creatorId);
|
||||||
|
|
||||||
return query.getResultList();
|
return query.getResultList();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@ package org.mitre.openid.connect.service.impl;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
import org.mitre.openid.connect.model.UserInfo;
|
|
||||||
import org.mitre.openid.connect.model.WhitelistedSite;
|
import org.mitre.openid.connect.model.WhitelistedSite;
|
||||||
import org.mitre.openid.connect.repository.WhitelistedSiteRepository;
|
import org.mitre.openid.connect.repository.WhitelistedSiteRepository;
|
||||||
import org.mitre.openid.connect.service.WhitelistedSiteService;
|
import org.mitre.openid.connect.service.WhitelistedSiteService;
|
||||||
|
|
@ -86,8 +85,8 @@ public class WhitelistedSiteServiceImpl implements WhitelistedSiteService {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Collection<WhitelistedSite> getByCreator(UserInfo creator) {
|
public Collection<WhitelistedSite> getByCreator(String creatorId) {
|
||||||
return whitelistedSiteRepository.getByCreator(creator);
|
return whitelistedSiteRepository.getByCreator(creatorId);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ package org.mitre.openid.connect.token;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
|
|
@ -113,18 +114,30 @@ public class JdbcUserApprovalHandler implements UserApprovalHandler {
|
||||||
|
|
||||||
if (approved && !authorizationRequest.getApprovalParameters().isEmpty()) {
|
if (approved && !authorizationRequest.getApprovalParameters().isEmpty()) {
|
||||||
|
|
||||||
//TODO: check approval parameters to see if we should store this request or not
|
//Only store an ApprovedSite if the user has checked "remember this decision":
|
||||||
|
if (authorizationRequest.getApprovalParameters().get("remember") != null) {
|
||||||
|
|
||||||
//Make a new AP
|
//Make a new AP
|
||||||
ApprovedSite newAP = new ApprovedSite();
|
ApprovedSite newAP = new ApprovedSite();
|
||||||
newAP.setAccessDate(new Date());
|
newAP.setAccessDate(new Date());
|
||||||
String scopes = authorizationRequest.getAuthorizationParameters().get("scope");
|
|
||||||
Set<String> allowedScopes = Sets.newHashSet(Splitter.on(" ").split(scopes));
|
Set<String> allowedScopes = Sets.newHashSet();
|
||||||
newAP.setAllowedScopes(allowedScopes);
|
Map<String,String> approvalParams = authorizationRequest.getApprovalParameters();
|
||||||
newAP.setClientDetails((ClientDetailsEntity)client);
|
|
||||||
newAP.setUserId(userId);
|
for (String key : approvalParams.keySet()) {
|
||||||
newAP.setCreationDate(new Date());
|
if (key.contains("scope")) {
|
||||||
approvedSiteService.save(newAP);
|
//This is a scope parameter from the approval page. The value sent back should
|
||||||
|
//be the scope string.
|
||||||
|
allowedScopes.add(approvalParams.get(key));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
newAP.setAllowedScopes(allowedScopes);
|
||||||
|
newAP.setClientDetails((ClientDetailsEntity)client);
|
||||||
|
newAP.setUserId(userId);
|
||||||
|
newAP.setCreationDate(new Date());
|
||||||
|
approvedSiteService.save(newAP);
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -63,15 +63,19 @@
|
||||||
<fieldset style="text-align:left" class="well">
|
<fieldset style="text-align:left" class="well">
|
||||||
<legend style="margin-bottom: 0;">Access to:</legend>
|
<legend style="margin-bottom: 0;">Access to:</legend>
|
||||||
|
|
||||||
<input type="checkbox" name="scope_profile" id="scope_profile" value="true" checked="checked"><label for="scope_profile">basic profile information</label>
|
<input type="hidden" name="scope_openid" id="scope_openid" value="openid"/>
|
||||||
|
<input type="checkbox" name="scope_profile" id="scope_profile" value="profile" checked="checked"><label for="scope_profile">basic profile information</label>
|
||||||
|
|
||||||
<input type="checkbox" name="scope_email" id="scope_email" value="true" checked="checked"><label for="scope_email">email address</label>
|
<input type="checkbox" name="scope_email" id="scope_email" value="email" checked="checked"><label for="scope_email">email address</label>
|
||||||
|
|
||||||
<input type="checkbox" name="scope_address" id="scope_address" value="true" checked="checked"><label for="scope_address">address</label>
|
<input type="checkbox" name="scope_address" id="scope_address" value="address" checked="checked"><label for="scope_address">address</label>
|
||||||
|
|
||||||
<input type="checkbox" name="scope_phone" id="scope_phone" value="true" checked="checked"><label for="scope_phone">phone number</label>
|
<input type="checkbox" name="scope_phone" id="scope_phone" value="phone" checked="checked"><label for="scope_phone">phone number</label>
|
||||||
|
|
||||||
|
<input type="checkbox" name="scope_offline" id="scope_offline" value="offline" checked="checked"><label for="scope_offline">offline access</label>
|
||||||
|
|
||||||
|
<input type="checkbox" name="remember" id="remember" value="true" checked="checked"><label for="remember">remember this decision</label>
|
||||||
|
|
||||||
<input type="checkbox" name="scope_offline" id="scope_offline" value="true" checked="checked"><label for="scope_offline">offline access</label>
|
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue