detached whitelist from approved sites, closes #781

2015-07-08 17:22:55 -04:00 · 2015-07-08 17:22:55 -04:00 · 8c822c0f54
parent 2d6be48732
commit 8c822c0f54
10 changed files with 12 additions and 152 deletions
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
@ -82,9 +82,6 @@ public class ApprovedSite {
 	// this should include all information for what data to access
 	private Set<String> allowedScopes;
 	// If this AP is a WS, link to the WS
 	private WhitelistedSite whitelistedSite;
 	//Link to any access tokens approved through this stored decision
 	private Set<OAuth2AccessTokenEntity> approvedAccessTokens = Sets.newHashSet();
@ -215,26 +212,6 @@ public class ApprovedSite {
 		this.timeoutDate = timeoutDate;
 	}
 	/**
 	 * Does this AP entry correspond to a WS?
 	 * @return
 	 */
 	@Transient
 	public Boolean getIsWhitelisted() {
 		return (whitelistedSite != null);
 	}
 	@ManyToOne
 	@JoinColumn(name="whitelisted_site_id")
 	public WhitelistedSite getWhitelistedSite() {
 		return whitelistedSite;
 	}
 	public void setWhitelistedSite(WhitelistedSite whitelistedSite) {
 		this.whitelistedSite = whitelistedSite;
 	}
 	/**
 	 * Has this approval expired?
 	 * @return
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java
@ -21,7 +21,6 @@ import java.util.Date;
 import java.util.Set;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.model.WhitelistedSite;
 import org.springframework.security.oauth2.provider.ClientDetails;
 /**
@ -33,7 +32,7 @@ import org.springframework.security.oauth2.provider.ClientDetails;
 public interface ApprovedSiteService {
-	public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes, WhitelistedSite whitelistedSite);
+	public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes);
 	/**
 	 * Return a collection of all ApprovedSites
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
@ -801,7 +801,6 @@ var AppRouter = Backbone.Router.extend({
        this.updateSidebar('user/approved');
        var view = new ApprovedSiteListView({model:this.approvedSiteList, clientList: this.clientList, systemScopeList: this.systemScopeList});
    	view.load( 
    		function(collection, response, options) {
    			$('#content').html(view.render().el);
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/grant.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/grant.js
@ -70,7 +70,6 @@ var ApprovedSiteListView = Backbone.View.extend({
 		$(this.el).html($('#tmpl-grant-table').html());
 		var approvedSiteCount = 0;
 		var whitelistCount = 0;
 		var _self = this;
@ -80,17 +79,10 @@ var ApprovedSiteListView = Backbone.View.extend({
 			if (client != null) {
 				if (approvedSite.get('whitelistedSite') != null) {
 					var view = new ApprovedSiteView({model: approvedSite, client: client, systemScopeList: this.options.systemScopeList});
 					view.parentView = _self;
 					$('#grant-whitelist-table', this.el).append(view.render().el);
 					whitelistCount = whitelistCount + 1;
 				} else {
 				var view = new ApprovedSiteView({model: approvedSite, client: client, systemScopeList: this.options.systemScopeList});
 				view.parentView = _self;
 				$('#grant-table', this.el).append(view.render().el);
 				approvedSiteCount = approvedSiteCount + 1;
 				}
 			}
@ -102,25 +94,8 @@ var ApprovedSiteListView = Backbone.View.extend({
 	},
 	togglePlaceholder:function() {
-		// count the whitelisted and non-whitelisted entries
+		// count entries
-		var wl = 0;
+		if (this.model.length > 0) {
 		var gr = 0;
 		for (var i = 0; i < this.model.length; i++) {
 			if (this.model.at(i).get('whitelistedSite') != null) {
 				wl += 1;
 			} else {
 				gr += 1;
 			}
 		}
 		if (wl > 0) {
 			$('#grant-whitelist-table', this.el).show();
 			$('#grant-whitelist-table-empty', this.el).hide();
 		} else {
 			$('#grant-whitelist-table', this.el).hide();
 			$('#grant-whitelist-table-empty', this.el).show();
 		}
 		if (gr > 0) {
 			$('#grant-table', this.el).show();
 			$('#grant-table-empty', this.el).hide();
 		} else {
@ -128,10 +103,6 @@ var ApprovedSiteListView = Backbone.View.extend({
 			$('#grant-table-empty', this.el).show();
 		}
 		$('#approvde-site-count', this.el).html(gr);
 		$('#whitelist-count', this.el).html(wl);
 	},
    refreshTable:function(e) {
@ -231,7 +202,6 @@ var ApprovedSiteView = Backbone.View.extend({
        $('.client-more-info-block', this.el).html(this.moreInfoTemplate({client: this.options.client.toJSON()}));
        this.$('.dynamically-registered').tooltip({title: $.t('grant.grant-table.dynamically-registered')});
        this.$('.whitelisted-site').tooltip({title: $.t('grant.grant-table.whitelisted-site')});
        this.$('.tokens').tooltip({title: $.t('grant.grant-table.active-tokens')});
        $(this.el).i18n();
 		return this;
--- a/openid-connect-server-webapp/src/main/webapp/resources/template/grant.html
+++ b/openid-connect-server-webapp/src/main/webapp/resources/template/grant.html
@ -22,16 +22,7 @@
 		<button class="btn btn-small refresh-table"><i class="icon-refresh"></i> <span data-i18n="common.refresh">Refresh</span></button>
    </div>
-	<div class="tabbable">
+	<div id="grant-approved-tab">
 		<ul class="nav nav-tabs">
 			<li class="active"><a data-target="#grant-approved-tab" data-toggle="tab" href="#"><span data-i18n="grant.grant-table.approved-sites">Approved Sites</span> <span class="label label-info" id="approvde-site-count">?</span></a></li>
 			<li><a data-target="#grant-whitelist-tab" data-toggle="tab" href="#"><span data-i18n="grant.grant-table.whitelisted-sites">Whitelisted Sites</span> <span class="label label-info" id="whitelist-count">?</span></a></li>
 		</ul>
 	<div class="tab-content">
 	<div class="tab-pane active" id="grant-approved-tab">
 	<p data-i18n="grant.grant-table.text">These are sites you have approved manually. If the same site asks for the same access in the future, it will
 		be granted without prompting.</p>
@ -55,34 +46,6 @@
 	</div>
 	<div class="tab-pane" id="grant-whitelist-tab">
 	<p data-i18n="grant.grant-table.pre-approved">These are sites that have been pre-approved by an administrator.</p>
 	<p class="text-warning" data-i18n="[html]grant.grant-table.whitelist-note"><b>NOTE:</b> If you revoke them here, they will automatically be re-approved on your next visit wthout prompting.</p>
 	<div id="grant-whitelist-table-empty" class="alert alert-info" data-i18n="grant.grant-table.no-whitelisted">
 		You have not accessed any whitelisted sites.
 	</div>
    <table id="grant-whitelist-table" class="table table-hover table-striped">
        <thead>
        <tr>
 			<th></th>
            <th data-i18n="grant.grant-table.application">Application</th>
 			<th><i class="icon-time"></i></th>
            <th><i class="icon-edit"></i></th>
        </tr>
        </thead>
        <tbody>
        </tbody>
    </table>
 	</div>
 	</div>
 	</div>
    <div class="well well-small">
 		<button class="btn btn-small refresh-table"><i class="icon-refresh"></i> <span data-i18n="common.refresh">Refresh</span></button>
    </div>
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java
@ -23,7 +23,6 @@ import java.util.Set;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.model.WhitelistedSite;
 import org.mitre.openid.connect.repository.ApprovedSiteRepository;
 import org.mitre.openid.connect.service.ApprovedSiteService;
 import org.mitre.openid.connect.service.StatsService;
@ -99,8 +98,7 @@ public class DefaultApprovedSiteService implements ApprovedSiteService {
 	@Override
 	@Transactional
-	public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes,
+	public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes) {
 			WhitelistedSite whitelistedSite) {
 		ApprovedSite as = approvedSiteRepository.save(new ApprovedSite());
@ -111,7 +109,6 @@ public class DefaultApprovedSiteService implements ApprovedSiteService {
 		as.setUserId(userId);
 		as.setTimeoutDate(timeoutDate);
 		as.setAllowedScopes(allowedScopes);
 		as.setWhitelistedSite(whitelistedSite);
 		return save(as);
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
@ -493,7 +493,6 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 	}
 	Map<Long, Long> grantOldToNewIdMap = new HashMap<>();
 	Map<Long, Long> grantToWhitelistedSiteRefs = new HashMap<>();
 	Map<Long, Set<Long>> grantToAccessTokensRefs = new HashMap<>();
 	/**
@ -553,7 +552,7 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			Long newId = approvedSiteRepository.save(site).getId();
 			grantOldToNewIdMap.put(currentId, newId);
 			if (whitelistedSiteId != null) {
-				grantToWhitelistedSiteRefs.put(currentId, whitelistedSiteId);
+				logger.debug("Ignoring whitelisted site marker on approved site.");
 			}
 			if (tokenIds != null) {
 				grantToAccessTokensRefs.put(currentId, tokenIds);
@ -894,16 +893,6 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			tokenRepository.saveAccessToken(accessToken);
 		}
 		accessTokenToIdTokenRefs.clear();
 		for (Long oldGrantId : grantToWhitelistedSiteRefs.keySet()) {
 			Long oldWhitelistedSiteId = grantToWhitelistedSiteRefs.get(oldGrantId);
 			Long newWhitelistedSiteId = whitelistedSiteOldToNewIdMap.get(oldWhitelistedSiteId);
 			WhitelistedSite wlSite = wlSiteRepository.getById(newWhitelistedSiteId);
 			Long newGrantId = grantOldToNewIdMap.get(oldGrantId);
 			ApprovedSite approvedSite = approvedSiteRepository.getById(newGrantId);
 			approvedSite.setWhitelistedSite(wlSite);
 			approvedSiteRepository.save(approvedSite);
 		}
 		grantToWhitelistedSiteRefs.clear();
 		whitelistedSiteOldToNewIdMap.clear();
 		for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
 			Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
@ -503,7 +503,6 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 	}
 	Map<Long, Long> grantOldToNewIdMap = new HashMap<>();
 	Map<Long, Long> grantToWhitelistedSiteRefs = new HashMap<>();
 	Map<Long, Set<Long>> grantToAccessTokensRefs = new HashMap<>();
 	/**
@ -563,7 +562,7 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			Long newId = approvedSiteRepository.save(site).getId();
 			grantOldToNewIdMap.put(currentId, newId);
 			if (whitelistedSiteId != null) {
-				grantToWhitelistedSiteRefs.put(currentId, whitelistedSiteId);
+				logger.debug("Ignoring whitelisted site marker on approved site.");
 			}
 			if (tokenIds != null) {
 				grantToAccessTokensRefs.put(currentId, tokenIds);
@ -908,16 +907,6 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			tokenRepository.saveAccessToken(accessToken);
 		}
 		accessTokenToIdTokenRefs.clear();
 		for (Long oldGrantId : grantToWhitelistedSiteRefs.keySet()) {
 			Long oldWhitelistedSiteId = grantToWhitelistedSiteRefs.get(oldGrantId);
 			Long newWhitelistedSiteId = whitelistedSiteOldToNewIdMap.get(oldWhitelistedSiteId);
 			WhitelistedSite wlSite = wlSiteRepository.getById(newWhitelistedSiteId);
 			Long newGrantId = grantOldToNewIdMap.get(oldGrantId);
 			ApprovedSite approvedSite = approvedSiteRepository.getById(newGrantId);
 			approvedSite.setWhitelistedSite(wlSite);
 			approvedSiteRepository.save(approvedSite);
 		}
 		grantToWhitelistedSiteRefs.clear();
 		for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
 			Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
 			Set<OAuth2AccessTokenEntity> tokens = new HashSet<>();
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
@ -295,7 +295,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			writer.name("userId").value(site.getUserId());
 			writer.name("allowedScopes");
 			writeNullSafeArray(writer, site.getAllowedScopes());
 			writer.name("whitelistedSiteId").value(site.getIsWhitelisted() ? site.getWhitelistedSite().getId() : null);
 			Set<OAuth2AccessTokenEntity> tokens = site.getApprovedAccessTokens();
 			writer.name("approvedAccessTokens");
 			writer.beginArray();
@ -780,7 +779,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 	}
 	Map<Long, Long> grantOldToNewIdMap = new HashMap<>();
 	Map<Long, Long> grantToWhitelistedSiteRefs = new HashMap<>();
 	Map<Long, Set<Long>> grantToAccessTokensRefs = new HashMap<>();
 	/**
@ -792,7 +790,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		while (reader.hasNext()) {
 			ApprovedSite site = new ApprovedSite();
 			Long currentId = null;
 			Long whitelistedSiteId = null;
 			Set<Long> tokenIds = null;
 			reader.beginObject();
 			while (reader.hasNext()) {
@ -821,8 +818,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 					} else if (name.equals("allowedScopes")) {
 						Set<String> allowedScopes = readSet(reader);
 						site.setAllowedScopes(allowedScopes);
 					} else if (name.equals("whitelistedSiteId")) {
 						whitelistedSiteId = reader.nextLong();
 					} else if (name.equals("approvedAccessTokens")) {
 						tokenIds = readSet(reader);
 					} else {
@ -839,9 +834,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			reader.endObject();
 			Long newId = approvedSiteRepository.save(site).getId();
 			grantOldToNewIdMap.put(currentId, newId);
 			if (whitelistedSiteId != null) {
 				grantToWhitelistedSiteRefs.put(currentId, whitelistedSiteId);
 			}
 			if (tokenIds != null) {
 				grantToAccessTokensRefs.put(currentId, tokenIds);
 			}
@ -1193,16 +1185,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			tokenRepository.saveAccessToken(accessToken);
 		}
 		accessTokenToIdTokenRefs.clear();
 		for (Long oldGrantId : grantToWhitelistedSiteRefs.keySet()) {
 			Long oldWhitelistedSiteId = grantToWhitelistedSiteRefs.get(oldGrantId);
 			Long newWhitelistedSiteId = whitelistedSiteOldToNewIdMap.get(oldWhitelistedSiteId);
 			WhitelistedSite wlSite = wlSiteRepository.getById(newWhitelistedSiteId);
 			Long newGrantId = grantOldToNewIdMap.get(oldGrantId);
 			ApprovedSite approvedSite = approvedSiteRepository.getById(newGrantId);
 			approvedSite.setWhitelistedSite(wlSite);
 			approvedSiteRepository.save(approvedSite);
 		}
 		grantToWhitelistedSiteRefs.clear();
 		for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
 			Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
 			Set<OAuth2AccessTokenEntity> tokens = new HashSet<OAuth2AccessTokenEntity>();
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
@ -175,11 +175,6 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 			if (!alreadyApproved) {
 				WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId);
 				if (ws != null && systemScopes.scopesMatch(ws.getAllowedScopes(), authorizationRequest.getScope())) {
 					//Create an approved site
 					ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws);
 					String newSiteId = newSite.getId().toString();
 					authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId);
 					authorizationRequest.setApproved(true);
 					setAuthTime(authorizationRequest);
@ -253,7 +248,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 					timeout = cal.getTime();
 				}
-				ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null);
+				ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes);
 				String newSiteId = newSite.getId().toString();
 				authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId);
 			}