github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

account for registration time in approval page, closes #550

pull/592/head
Justin Richer 2014-04-19 07:28:20 -04:00
parent 90b10d7bad
commit 376403fa4a
2 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp
View File

@ -4,7 +4,7 @@
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<o:header title="Approve Access" /> <o:header title="Approve Access" />
<o:topbar pageName="Approve" /> <o:topbar pageName="Approve" />
<div class="container main"> <div class="container main">
@ -37,16 +37,24 @@
<div class="row"> <div class="row">
<div class="span5 offset1 well-small" style="text-align: left"> <div class="span5 offset1 well-small" style="text-align: left">
<%-- TODO: wire up to stats engine and customize display of this block --%>
<c:if test="${ client.dynamicallyRegistered }"> <c:if test="${ client.dynamicallyRegistered }">
<div class="alert alert-block <c:out value="${ count eq 0 ? 'alert-error' : 'alert-warn' }" />"> <c:choose>
<h4> <c:when test="${ gras }">
<i class="icon-globe"></i> Caution: <!-- client is "generally recognized as safe, display a more muted block -->
</h4> <div><p class="alert alert-info"><i class="icon-globe"></i> This client was dynamically registered.</p></div>
This software was dynamically registered and it has been approved </c:when>
<span class="label"><c:out value="${ count }" /></span> <c:otherwise>
time<c:out value="${ count == 1 ? '' : 's' }"/> previously. <!-- client is dynamically registered -->
</div> <div class="alert alert-block <c:out value="${ count eq 0 ? 'alert-error' : 'alert-warn' }" />">
<h4>
<i class="icon-globe"></i> Caution:
</h4>
This software was dynamically registered and it has been approved
<span class="label"><c:out value="${ count }" /></span>
time<c:out value="${ count == 1 ? '' : 's' }"/> previously.
</div>
</c:otherwise>
</c:choose>
</c:if> </c:if>
<c:if test="${ not empty client.logoUri }"> <c:if test="${ not empty client.logoUri }">

11
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
View File

@ -20,6 +20,7 @@
package org.mitre.oauth2.web; package org.mitre.oauth2.web;
import java.security.Principal; import java.security.Principal;
import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.LinkedHashSet; import java.util.LinkedHashSet;
import java.util.List; import java.util.List;
@ -181,6 +182,16 @@ public class OAuthConfirmationController {
model.put("contacts", contacts); model.put("contacts", contacts);
} }
// if the client is over a week old and has more than one registration, don't give such a big warning
// instead, tag as "Generally Recognized As Safe (gras)
Date lastWeek = new Date(System.currentTimeMillis() + (60 * 60 * 24 * 7 * 1000));
//Date lastWeek = new Date(System.currentTimeMillis() - (60 * 60 * 24 * 7 * 1000));
if (count > 1 && client.getCreatedAt() != null && client.getCreatedAt().before(lastWeek)) {
model.put("gras", true);
} else {
model.put("gras", false);
}
return "approve"; return "approve";
} }