Revert "Add possibility to disable verification_uri_complete per client"

This reverts commit dae674af67.
2018-05-03 13:50:20 -04:00 · 2018-05-03 13:50:20 -04:00 · 7ad29ae9c6
parent dae674af67
commit 7ad29ae9c6
7 changed files with 7 additions and 67 deletions
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@ -148,7 +148,6 @@ public class ClientDetailsEntity implements ClientDetails {
 	private Date createdAt; // time the client was created
 	private boolean clearAccessTokensOnRefresh = true; // do we clear access tokens on refresh?
 	private Integer deviceCodeValiditySeconds; // timeout for device codes
-	private boolean verificationUriCompleteEnabled = true; // device code optional feature

 	/** fields for UMA */
 	private Set<String> claimsRedirectUris;
@ -1052,22 +1051,6 @@ public class ClientDetailsEntity implements ClientDetails {
 		this.deviceCodeValiditySeconds = deviceCodeValiditySeconds;
 	}

-	/**
-	 * @return true if verification uri complete in device code flow is enabled, false otherwise
-	 */
-	@Basic
-	@Column(name="verification_uri_complete_enabled")
-	public boolean isVerificationUriCompleteEnabled() {
-		return verificationUriCompleteEnabled;
-	}
-
-	/**
-	 * @param verificationUriCompleteEnabled true/false to enable/disable verification uri complete functionality in device code flow
-	 */
-	public void setVerificationUriCompleteEnabled(boolean verificationUriCompleteEnabled) {
-		this.verificationUriCompleteEnabled = verificationUriCompleteEnabled;
-	}
-
 	/**
 	 * @return the softwareId
 	 */
--- a/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
@ -132,7 +132,6 @@ CREATE TABLE IF NOT EXISTS client_details (
 	allow_introspection BOOLEAN DEFAULT false NOT NULL,
 	id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
 	device_code_validity_seconds BIGINT,
-	verification_uri_complete_enabled BOOLEAN DEFAULT true NOT NULL,
 	
 	client_id VARCHAR(256),
 	client_secret VARCHAR(2048),
--- a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
@ -131,7 +131,6 @@ CREATE TABLE IF NOT EXISTS client_details (
 	allow_introspection BOOLEAN DEFAULT false NOT NULL,
 	id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
 	device_code_validity_seconds BIGINT,
-	verification_uri_complete_enabled BOOLEAN DEFAULT true NOT NULL,
 	
 	client_id VARCHAR(256),
 	client_secret VARCHAR(2048),
--- a/openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_tables.sql
@ -147,7 +147,6 @@ CREATE TABLE client_details (
  access_token_validity_seconds NUMBER(19),
  refresh_token_validity_seconds NUMBER(19),
  device_code_validity_seconds NUMBER(19),
-	verification_uri_complete_enabled NUMBER(1) DEFAULT 1 NOT NULL,

  application_type VARCHAR2(256),
  client_name VARCHAR2(256),
--- a/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
@ -132,7 +132,6 @@ CREATE TABLE IF NOT EXISTS client_details (
 	allow_introspection BOOLEAN DEFAULT false NOT NULL,
 	id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
 	device_code_validity_seconds BIGINT,
-	verification_uri_complete_enabled BOOLEAN DEFAULT true NOT NULL,

 	client_id VARCHAR(256),
 	client_secret VARCHAR(2048),
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/exception/CompleteVerificationUriDisabledException.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/exception/CompleteVerificationUriDisabledException.java
@ -1,34 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.oauth2.exception;
-
-/**
- * @author ondrejvelisek
- *
- */
-public class CompleteVerificationUriDisabledException extends RuntimeException {
-
-	/**
-	 * @param clientId of client
-	 */
-	public CompleteVerificationUriDisabledException(String clientId) {
-		super("complete verification uri was attempted to be used but such functionality is not enabled for client " + clientId);
-	}
-
-	private static final long serialVersionUID = -7078098692596870940L;
-
-}
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java
@ -24,11 +24,11 @@ import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.UUID;

 import javax.servlet.http.HttpSession;

 import org.apache.http.client.utils.URIBuilder;
-import org.mitre.oauth2.exception.CompleteVerificationUriDisabledException;
 import org.mitre.oauth2.exception.DeviceCodeCreationException;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.DeviceCode;
@ -50,6 +50,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
+import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
@ -137,16 +138,15 @@ public class DeviceEndpoint {
 		try {
 			DeviceCode dc = deviceCodeService.createNewDeviceCode(requestedScopes, client, parameters);

+			URI verificationUriComplete  = new URIBuilder(config.getIssuer() + USER_URL)
+				.addParameter("user_code", dc.getUserCode())
+				.build();
+
 			Map<String, Object> response = new HashMap<>();
 			response.put("device_code", dc.getDeviceCode());
 			response.put("user_code", dc.getUserCode());
 			response.put("verification_uri", config.getIssuer() + USER_URL);
-			if (client.isVerificationUriCompleteEnabled()) {
-				URI verificationUriComplete  = new URIBuilder(config.getIssuer() + USER_URL)
-					.addParameter("user_code", dc.getUserCode())
-					.build();
-				response.put("verification_uri_complete", verificationUriComplete);
-			}
+			response.put("verification_uri_complete", verificationUriComplete);
 			if (client.getDeviceCodeValiditySeconds() != null) {
 				response.put("expires_in", client.getDeviceCodeValiditySeconds());
 			}
@ -185,7 +185,6 @@ public class DeviceEndpoint {
 			// complete verification uri was used, we received user code directly
 			// skip requesting code page
 			// user must be logged in
-			model.addAttribute("completeVerificationUriUsed", true);
 			return readUserCode(userCode, model, session);
 		}
 	}
@ -217,10 +216,6 @@ public class DeviceEndpoint {

 		ClientDetailsEntity client = clientService.loadClientByClientId(dc.getClientId());

-		if (!client.isVerificationUriCompleteEnabled() && Boolean.TRUE.equals(model.get("completeVerificationUriUsed"))) {
-			throw new CompleteVerificationUriDisabledException(client.getClientId());
-		}
-
 		model.put("client", client);
 		model.put("dc", dc);