github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

implemented prompt=consent

pull/324/merge
Justin Richer 2013-04-24 14:08:14 -04:00
parent ce2c90fb30
commit 7292766b51
2 changed files with 41 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
View File

@ -92,7 +92,7 @@ public class RevocationEndpoint {
model.addAttribute("code", HttpStatus.FORBIDDEN); model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView"; return "httpCodeView";
} }
} }
// if we got this far, we're allowed to do this // if we got this far, we're allowed to do this
tokenServices.revokeRefreshToken(refreshToken); tokenServices.revokeRefreshToken(refreshToken);

72
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
View File

@ -124,40 +124,48 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
String userId = userAuthentication.getName(); String userId = userAuthentication.getName();
String clientId = authorizationRequest.getClientId(); String clientId = authorizationRequest.getClientId();
ClientDetails client = clientDetailsService.loadClientByClientId(clientId); ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
//lookup ApprovedSites by userId and clientId
Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId);
for (ApprovedSite ap : aps) {
if (!ap.isExpired()) {
// if we find one that fits...
if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) {
//We have a match; update the access date on the AP entry and return true.
ap.setAccessDate(new Date());
approvedSiteService.save(ap);
// TODO: WHY DAVE WHY
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
ar.setApproved(true);
return ar;
}
}
}
WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId); // find out if we're supposed to prompt the user or not
if (ws != null && scopesMatch(authorizationRequest.getScope(), ws.getAllowedScopes())) { String prompt = authorizationRequest.getAuthorizationParameters().get("prompt");
if (!"consent".equals(prompt)) {
// if the prompt parameter is set to "consent" then we can't use approved sites or whitelisted sites
// otherwise, we need to check them below
//lookup ApprovedSites by userId and clientId
Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId);
for (ApprovedSite ap : aps) {
if (!ap.isExpired()) {
// if we find one that fits...
if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) {
//We have a match; update the access date on the AP entry and return true.
ap.setAccessDate(new Date());
approvedSiteService.save(ap);
// TODO: WHY DAVE WHY
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
ar.setApproved(true);
return ar;
}
}
}
//Create an approved site WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId);
approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws); if (ws != null && scopesMatch(authorizationRequest.getScope(), ws.getAllowedScopes())) {
// TODO: WHY DAVE WHY //Create an approved site
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest); approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws);
ar.setApproved(true);
// TODO: WHY DAVE WHY
return ar; DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
ar.setApproved(true);
return ar;
}
} }
// This must be re-parsed here because SECOAUTH forces us to call things in a strange order // This must be re-parsed here because SECOAUTH forces us to call things in a strange order