Changed UserInfo refs in WhitelistedSite to String ids; updated the user approval handler to check if "remember this decision" is checked and only make a new AP if so, and to pull in the scopes selected on the approval page as the saved allowed scopes for that AP.

pull/165/merge
Amanda Anganes 2012-08-03 16:43:37 -04:00
parent b87d54b06e
commit 2f28cf33e7
8 changed files with 58 additions and 40 deletions

View File

@ -17,6 +17,8 @@ package org.mitre.openid.connect.model;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CollectionTable;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
@ -42,7 +44,7 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
@NamedQueries({
@NamedQuery(name = "WhitelistedSite.getAll", query = "select w from WhitelistedSite w"),
@NamedQuery(name = "WhitelistedSite.getByClientDetails", query = "select w from WhitelistedSite w where w.clientDetails = :clientDetails"),
@NamedQuery(name = "WhitelistedSite.getByUserInfo", query = "select w from WhitelistedSite w where w.creator = :userInfo")
@NamedQuery(name = "WhitelistedSite.getByCreatoruserId", query = "select w from WhitelistedSite w where w.creatorUserId = :userId")
})
public class WhitelistedSite {
@ -50,7 +52,7 @@ public class WhitelistedSite {
private Long id;
// Reference to the admin user who created this entry
private DefaultUserInfo creator;
private String creatorUserId;
// which OAuth2 client is this tied to
private ClientDetailsEntity clientDetails;
@ -102,6 +104,10 @@ public class WhitelistedSite {
* @return the allowedScopes
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="allowed_scopes",
joinColumns=@JoinColumn(name="owner_id")
)
public Set<String> getAllowedScopes() {
return allowedScopes;
}
@ -113,13 +119,12 @@ public class WhitelistedSite {
this.allowedScopes = allowedScopes;
}
@ManyToOne
@JoinColumn(name="userinfo_id")
public DefaultUserInfo getCreator() {
return creator;
@Basic
public String getCreatorUserId() {
return creatorUserId;
}
public void setCreator(DefaultUserInfo creator) {
this.creator = creator;
public void setCreatorUserId(String creatorUserId) {
this.creatorUserId = creatorUserId;
}
}

View File

@ -17,7 +17,6 @@ package org.mitre.openid.connect.repository;
import java.util.Collection;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.model.WhitelistedSite;
import org.springframework.security.oauth2.provider.ClientDetails;
@ -56,10 +55,10 @@ public interface WhitelistedSiteRepository {
/**
* Return a collection of the WhitelistedSites created by a given user
*
* @param creator the UserInfo representing an admin who may have made some WhitelistedSites
* @param creator the id of the admin who may have created some WhitelistedSites
* @return the collection of corresponding WhitelistedSites, if any, or null
*/
public Collection<WhitelistedSite> getByCreator(UserInfo creator);
public Collection<WhitelistedSite> getByCreator(String creatorId);
/**
* Removes the given IdToken from the repository

View File

@ -17,7 +17,6 @@ package org.mitre.openid.connect.service;
import java.util.Collection;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.model.WhitelistedSite;
import org.springframework.security.oauth2.provider.ClientDetails;
@ -56,10 +55,10 @@ public interface WhitelistedSiteService {
/**
* Return a collection of the WhitelistedSites created by a given user
*
* @param creator the UserInfo representing an admin who may have made some WhitelistedSites
* @param creator the user id of an admin who may have made some WhitelistedSites
* @return the collection of corresponding WhitelistedSites, if any, or null
*/
public Collection<WhitelistedSite> getByCreator(UserInfo creator);
public Collection<WhitelistedSite> getByCreator(String creatorId);
/**
* Removes the given WhitelistedSite from the repository

View File

@ -1,5 +1,5 @@
CREATE TABLE whitelistedsite (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
userinfo_id VARCHAR(256),
creatorUserId VARCHAR(256),
clientdetails_id VARCHAR(256)
);

View File

@ -23,7 +23,6 @@ import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.model.WhitelistedSite;
import org.mitre.openid.connect.repository.WhitelistedSiteRepository;
import org.mitre.util.jpa.JpaUtil;
@ -94,9 +93,9 @@ public class JpaWhitelistedSiteRepository implements WhitelistedSiteRepository {
@Override
@Transactional
public Collection<WhitelistedSite> getByCreator(UserInfo creator) {
TypedQuery<WhitelistedSite> query = manager.createNamedQuery("WhitelistedSite.getByUserInfo", WhitelistedSite.class);
query.setParameter("userInfo", creator);
public Collection<WhitelistedSite> getByCreator(String creatorId) {
TypedQuery<WhitelistedSite> query = manager.createNamedQuery("WhitelistedSite.getByCreaterUserId", WhitelistedSite.class);
query.setParameter("userId", creatorId);
return query.getResultList();
}

View File

@ -17,7 +17,6 @@ package org.mitre.openid.connect.service.impl;
import java.util.Collection;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.model.WhitelistedSite;
import org.mitre.openid.connect.repository.WhitelistedSiteRepository;
import org.mitre.openid.connect.service.WhitelistedSiteService;
@ -86,8 +85,8 @@ public class WhitelistedSiteServiceImpl implements WhitelistedSiteService {
}
@Override
public Collection<WhitelistedSite> getByCreator(UserInfo creator) {
return whitelistedSiteRepository.getByCreator(creator);
public Collection<WhitelistedSite> getByCreator(String creatorId) {
return whitelistedSiteRepository.getByCreator(creatorId);
}
}

View File

@ -17,6 +17,7 @@ package org.mitre.openid.connect.token;
import java.util.Collection;
import java.util.Date;
import java.util.Map;
import java.util.Set;
import org.mitre.oauth2.model.ClientDetailsEntity;
@ -113,18 +114,30 @@ public class JdbcUserApprovalHandler implements UserApprovalHandler {
if (approved && !authorizationRequest.getApprovalParameters().isEmpty()) {
//TODO: check approval parameters to see if we should store this request or not
//Only store an ApprovedSite if the user has checked "remember this decision":
if (authorizationRequest.getApprovalParameters().get("remember") != null) {
//Make a new AP
ApprovedSite newAP = new ApprovedSite();
newAP.setAccessDate(new Date());
String scopes = authorizationRequest.getAuthorizationParameters().get("scope");
Set<String> allowedScopes = Sets.newHashSet(Splitter.on(" ").split(scopes));
newAP.setAllowedScopes(allowedScopes);
newAP.setClientDetails((ClientDetailsEntity)client);
newAP.setUserId(userId);
newAP.setCreationDate(new Date());
approvedSiteService.save(newAP);
//Make a new AP
ApprovedSite newAP = new ApprovedSite();
newAP.setAccessDate(new Date());
Set<String> allowedScopes = Sets.newHashSet();
Map<String,String> approvalParams = authorizationRequest.getApprovalParameters();
for (String key : approvalParams.keySet()) {
if (key.contains("scope")) {
//This is a scope parameter from the approval page. The value sent back should
//be the scope string.
allowedScopes.add(approvalParams.get(key));
}
}
newAP.setAllowedScopes(allowedScopes);
newAP.setClientDetails((ClientDetailsEntity)client);
newAP.setUserId(userId);
newAP.setCreationDate(new Date());
approvedSiteService.save(newAP);
}
return true;
}

View File

@ -63,15 +63,19 @@
<fieldset style="text-align:left" class="well">
<legend style="margin-bottom: 0;">Access to:</legend>
<input type="checkbox" name="scope_profile" id="scope_profile" value="true" checked="checked"><label for="scope_profile">basic profile information</label>
<input type="hidden" name="scope_openid" id="scope_openid" value="openid"/>
<input type="checkbox" name="scope_profile" id="scope_profile" value="profile" checked="checked"><label for="scope_profile">basic profile information</label>
<input type="checkbox" name="scope_email" id="scope_email" value="true" checked="checked"><label for="scope_email">email address</label>
<input type="checkbox" name="scope_email" id="scope_email" value="email" checked="checked"><label for="scope_email">email address</label>
<input type="checkbox" name="scope_address" id="scope_address" value="true" checked="checked"><label for="scope_address">address</label>
<input type="checkbox" name="scope_address" id="scope_address" value="address" checked="checked"><label for="scope_address">address</label>
<input type="checkbox" name="scope_phone" id="scope_phone" value="true" checked="checked"><label for="scope_phone">phone number</label>
<input type="checkbox" name="scope_phone" id="scope_phone" value="phone" checked="checked"><label for="scope_phone">phone number</label>
<input type="checkbox" name="scope_offline" id="scope_offline" value="offline" checked="checked"><label for="scope_offline">offline access</label>
<input type="checkbox" name="remember" id="remember" value="true" checked="checked"><label for="remember">remember this decision</label>
<input type="checkbox" name="scope_offline" id="scope_offline" value="true" checked="checked"><label for="scope_offline">offline access</label>
</fieldset>
</div>