github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

detached whitelist from approved sites, closes #781

pull/866/merge
Justin Richer 2015-07-08 17:22:55 -04:00
parent 2d6be48732
commit 8c822c0f54
10 changed files with 12 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
View File

@ -82,9 +82,6 @@ public class ApprovedSite {
// this should include all information for what data to access
private Set<String> allowedScopes;
// If this AP is a WS, link to the WS
private WhitelistedSite whitelistedSite;
//Link to any access tokens approved through this stored decision
private Set<OAuth2AccessTokenEntity> approvedAccessTokens = Sets.newHashSet();
@ -215,26 +212,6 @@ public class ApprovedSite {
this.timeoutDate = timeoutDate;
}
/**
* Does this AP entry correspond to a WS?
* @return
*/
@Transient
public Boolean getIsWhitelisted() {
return (whitelistedSite != null);
}
@ManyToOne
@JoinColumn(name="whitelisted_site_id")
public WhitelistedSite getWhitelistedSite() {
return whitelistedSite;
}
public void setWhitelistedSite(WhitelistedSite whitelistedSite) {
this.whitelistedSite = whitelistedSite;
}
/**
* Has this approval expired?
* @return

3
openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java
View File

@ -21,7 +21,6 @@ import java.util.Date;
import java.util.Set;
import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.openid.connect.model.WhitelistedSite;
import org.springframework.security.oauth2.provider.ClientDetails;
/**
@ -33,7 +32,7 @@ import org.springframework.security.oauth2.provider.ClientDetails;
public interface ApprovedSiteService {
public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes, WhitelistedSite whitelistedSite);
public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes);
/**
* Return a collection of all ApprovedSites

1
openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
View File

@ -801,7 +801,6 @@ var AppRouter = Backbone.Router.extend({
this.updateSidebar('user/approved');
var view = new ApprovedSiteListView({model:this.approvedSiteList, clientList: this.clientList, systemScopeList: this.systemScopeList});
view.load(
function(collection, response, options) {
$('#content').html(view.render().el);

42
openid-connect-server-webapp/src/main/webapp/resources/js/grant.js
View File

@ -70,7 +70,6 @@ var ApprovedSiteListView = Backbone.View.extend({
$(this.el).html($('#tmpl-grant-table').html());
var approvedSiteCount = 0;
var whitelistCount = 0;
var _self = this;
@ -80,17 +79,10 @@ var ApprovedSiteListView = Backbone.View.extend({
if (client != null) {
if (approvedSite.get('whitelistedSite') != null) {
var view = new ApprovedSiteView({model: approvedSite, client: client, systemScopeList: this.options.systemScopeList});
view.parentView = _self;
$('#grant-whitelist-table', this.el).append(view.render().el);
whitelistCount = whitelistCount + 1;
} else {
var view = new ApprovedSiteView({model: approvedSite, client: client, systemScopeList: this.options.systemScopeList});
view.parentView = _self;
$('#grant-table', this.el).append(view.render().el);
approvedSiteCount = approvedSiteCount + 1;
}
var view = new ApprovedSiteView({model: approvedSite, client: client, systemScopeList: this.options.systemScopeList});
view.parentView = _self;
$('#grant-table', this.el).append(view.render().el);
approvedSiteCount = approvedSiteCount + 1;
}
@ -102,25 +94,8 @@ var ApprovedSiteListView = Backbone.View.extend({
},
togglePlaceholder:function() {
// count the whitelisted and non-whitelisted entries
var wl = 0;
var gr = 0;
for (var i = 0; i < this.model.length; i++) {
if (this.model.at(i).get('whitelistedSite') != null) {
wl += 1;
} else {
gr += 1;
}
}
if (wl > 0) {
$('#grant-whitelist-table', this.el).show();
$('#grant-whitelist-table-empty', this.el).hide();
} else {
$('#grant-whitelist-table', this.el).hide();
$('#grant-whitelist-table-empty', this.el).show();
}
if (gr > 0) {
// count entries
if (this.model.length > 0) {
$('#grant-table', this.el).show();
$('#grant-table-empty', this.el).hide();
} else {
@ -128,10 +103,6 @@ var ApprovedSiteListView = Backbone.View.extend({
$('#grant-table-empty', this.el).show();
}
$('#approvde-site-count', this.el).html(gr);
$('#whitelist-count', this.el).html(wl);
},
refreshTable:function(e) {
@ -231,7 +202,6 @@ var ApprovedSiteView = Backbone.View.extend({
$('.client-more-info-block', this.el).html(this.moreInfoTemplate({client: this.options.client.toJSON()}));
this.$('.dynamically-registered').tooltip({title: $.t('grant.grant-table.dynamically-registered')});
this.$('.whitelisted-site').tooltip({title: $.t('grant.grant-table.whitelisted-site')});
this.$('.tokens').tooltip({title: $.t('grant.grant-table.active-tokens')});
$(this.el).i18n();
return this;

39
openid-connect-server-webapp/src/main/webapp/resources/template/grant.html
View File

@ -22,16 +22,7 @@
<button class="btn btn-small refresh-table"><i class="icon-refresh"></i> <span data-i18n="common.refresh">Refresh</span></button>
</div>
<div class="tabbable">
<ul class="nav nav-tabs">
<li class="active"><a data-target="#grant-approved-tab" data-toggle="tab" href="#"><span data-i18n="grant.grant-table.approved-sites">Approved Sites</span> <span class="label label-info" id="approvde-site-count">?</span></a></li>
<li><a data-target="#grant-whitelist-tab" data-toggle="tab" href="#"><span data-i18n="grant.grant-table.whitelisted-sites">Whitelisted Sites</span> <span class="label label-info" id="whitelist-count">?</span></a></li>
</ul>
<div class="tab-content">
<div class="tab-pane active" id="grant-approved-tab">
<div id="grant-approved-tab">
<p data-i18n="grant.grant-table.text">These are sites you have approved manually. If the same site asks for the same access in the future, it will
be granted without prompting.</p>
@ -55,34 +46,6 @@
</div>
<div class="tab-pane" id="grant-whitelist-tab">
<p data-i18n="grant.grant-table.pre-approved">These are sites that have been pre-approved by an administrator.</p>
<p class="text-warning" data-i18n="[html]grant.grant-table.whitelist-note"><b>NOTE:</b> If you revoke them here, they will automatically be re-approved on your next visit wthout prompting.</p>
<div id="grant-whitelist-table-empty" class="alert alert-info" data-i18n="grant.grant-table.no-whitelisted">
You have not accessed any whitelisted sites.
</div>
<table id="grant-whitelist-table" class="table table-hover table-striped">
<thead>
<tr>
<th></th>
<th data-i18n="grant.grant-table.application">Application</th>
<th><i class="icon-time"></i></th>
<th><i class="icon-edit"></i></th>
</tr>
</thead>
<tbody>
</tbody>
</table>
</div>
</div>
</div>
<div class="well well-small">
<button class="btn btn-small refresh-table"><i class="icon-refresh"></i> <span data-i18n="common.refresh">Refresh</span></button>
</div>

5
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java
View File

@ -23,7 +23,6 @@ import java.util.Set;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.repository.OAuth2TokenRepository;
import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.openid.connect.model.WhitelistedSite;
import org.mitre.openid.connect.repository.ApprovedSiteRepository;
import org.mitre.openid.connect.service.ApprovedSiteService;
import org.mitre.openid.connect.service.StatsService;
@ -99,8 +98,7 @@ public class DefaultApprovedSiteService implements ApprovedSiteService {
@Override
@Transactional
public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes,
WhitelistedSite whitelistedSite) {
public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes) {
ApprovedSite as = approvedSiteRepository.save(new ApprovedSite());
@ -111,7 +109,6 @@ public class DefaultApprovedSiteService implements ApprovedSiteService {
as.setUserId(userId);
as.setTimeoutDate(timeoutDate);
as.setAllowedScopes(allowedScopes);
as.setWhitelistedSite(whitelistedSite);
return save(as);

13
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
View File

@ -493,7 +493,6 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
}
Map<Long, Long> grantOldToNewIdMap = new HashMap<>();
Map<Long, Long> grantToWhitelistedSiteRefs = new HashMap<>();
Map<Long, Set<Long>> grantToAccessTokensRefs = new HashMap<>();
/**
@ -553,7 +552,7 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
Long newId = approvedSiteRepository.save(site).getId();
grantOldToNewIdMap.put(currentId, newId);
if (whitelistedSiteId != null) {
grantToWhitelistedSiteRefs.put(currentId, whitelistedSiteId);
logger.debug("Ignoring whitelisted site marker on approved site.");
}
if (tokenIds != null) {
grantToAccessTokensRefs.put(currentId, tokenIds);
@ -894,16 +893,6 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
tokenRepository.saveAccessToken(accessToken);
}
accessTokenToIdTokenRefs.clear();
for (Long oldGrantId : grantToWhitelistedSiteRefs.keySet()) {
Long oldWhitelistedSiteId = grantToWhitelistedSiteRefs.get(oldGrantId);
Long newWhitelistedSiteId = whitelistedSiteOldToNewIdMap.get(oldWhitelistedSiteId);
WhitelistedSite wlSite = wlSiteRepository.getById(newWhitelistedSiteId);
Long newGrantId = grantOldToNewIdMap.get(oldGrantId);
ApprovedSite approvedSite = approvedSiteRepository.getById(newGrantId);
approvedSite.setWhitelistedSite(wlSite);
approvedSiteRepository.save(approvedSite);
}
grantToWhitelistedSiteRefs.clear();
whitelistedSiteOldToNewIdMap.clear();
for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);

13
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
View File

@ -503,7 +503,6 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
}
Map<Long, Long> grantOldToNewIdMap = new HashMap<>();
Map<Long, Long> grantToWhitelistedSiteRefs = new HashMap<>();
Map<Long, Set<Long>> grantToAccessTokensRefs = new HashMap<>();
/**
@ -563,7 +562,7 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
Long newId = approvedSiteRepository.save(site).getId();
grantOldToNewIdMap.put(currentId, newId);
if (whitelistedSiteId != null) {
grantToWhitelistedSiteRefs.put(currentId, whitelistedSiteId);
logger.debug("Ignoring whitelisted site marker on approved site.");
}
if (tokenIds != null) {
grantToAccessTokensRefs.put(currentId, tokenIds);
@ -908,16 +907,6 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
tokenRepository.saveAccessToken(accessToken);
}
accessTokenToIdTokenRefs.clear();
for (Long oldGrantId : grantToWhitelistedSiteRefs.keySet()) {
Long oldWhitelistedSiteId = grantToWhitelistedSiteRefs.get(oldGrantId);
Long newWhitelistedSiteId = whitelistedSiteOldToNewIdMap.get(oldWhitelistedSiteId);
WhitelistedSite wlSite = wlSiteRepository.getById(newWhitelistedSiteId);
Long newGrantId = grantOldToNewIdMap.get(oldGrantId);
ApprovedSite approvedSite = approvedSiteRepository.getById(newGrantId);
approvedSite.setWhitelistedSite(wlSite);
approvedSiteRepository.save(approvedSite);
}
grantToWhitelistedSiteRefs.clear();
for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
Set<OAuth2AccessTokenEntity> tokens = new HashSet<>();

18
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
View File

@ -295,7 +295,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
writer.name("userId").value(site.getUserId());
writer.name("allowedScopes");
writeNullSafeArray(writer, site.getAllowedScopes());
writer.name("whitelistedSiteId").value(site.getIsWhitelisted() ? site.getWhitelistedSite().getId() : null);
Set<OAuth2AccessTokenEntity> tokens = site.getApprovedAccessTokens();
writer.name("approvedAccessTokens");
writer.beginArray();
@ -780,7 +779,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
}
Map<Long, Long> grantOldToNewIdMap = new HashMap<>();
Map<Long, Long> grantToWhitelistedSiteRefs = new HashMap<>();
Map<Long, Set<Long>> grantToAccessTokensRefs = new HashMap<>();
/**
@ -792,7 +790,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
while (reader.hasNext()) {
ApprovedSite site = new ApprovedSite();
Long currentId = null;
Long whitelistedSiteId = null;
Set<Long> tokenIds = null;
reader.beginObject();
while (reader.hasNext()) {
@ -821,8 +818,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
} else if (name.equals("allowedScopes")) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals("whitelistedSiteId")) {
whitelistedSiteId = reader.nextLong();
} else if (name.equals("approvedAccessTokens")) {
tokenIds = readSet(reader);
} else {
@ -839,9 +834,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
reader.endObject();
Long newId = approvedSiteRepository.save(site).getId();
grantOldToNewIdMap.put(currentId, newId);
if (whitelistedSiteId != null) {
grantToWhitelistedSiteRefs.put(currentId, whitelistedSiteId);
}
if (tokenIds != null) {
grantToAccessTokensRefs.put(currentId, tokenIds);
}
@ -1193,16 +1185,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
tokenRepository.saveAccessToken(accessToken);
}
accessTokenToIdTokenRefs.clear();
for (Long oldGrantId : grantToWhitelistedSiteRefs.keySet()) {
Long oldWhitelistedSiteId = grantToWhitelistedSiteRefs.get(oldGrantId);
Long newWhitelistedSiteId = whitelistedSiteOldToNewIdMap.get(oldWhitelistedSiteId);
WhitelistedSite wlSite = wlSiteRepository.getById(newWhitelistedSiteId);
Long newGrantId = grantOldToNewIdMap.get(oldGrantId);
ApprovedSite approvedSite = approvedSiteRepository.getById(newGrantId);
approvedSite.setWhitelistedSite(wlSite);
approvedSiteRepository.save(approvedSite);
}
grantToWhitelistedSiteRefs.clear();
for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
Set<OAuth2AccessTokenEntity> tokens = new HashSet<OAuth2AccessTokenEntity>();

7
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
View File

@ -175,11 +175,6 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
if (!alreadyApproved) {
WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId);
if (ws != null && systemScopes.scopesMatch(ws.getAllowedScopes(), authorizationRequest.getScope())) {
//Create an approved site
ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws);
String newSiteId = newSite.getId().toString();
authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId);
authorizationRequest.setApproved(true);
setAuthTime(authorizationRequest);
@ -253,7 +248,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
timeout = cal.getTime();
}
ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null);
ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes);
String newSiteId = newSite.getId().toString();
authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId);
}