From 9b03831d4e045396c57b907804453bb76e493eb4 Mon Sep 17 00:00:00 2001
From: Stephen Moore <srmoore@mitre.org>
Date: Tue, 22 May 2012 16:56:22 -0400
Subject: [PATCH] Filled in the UserInfoEndpoint, and added the JSON view for
 userInfo (openIdSchema)

---
 .../openid/connect/view/JSONUserInfoView.java | 41 ++++++++++++++---
 .../openid/connect/web/UserInfoEndpoint.java  | 46 ++++++++++---------
 2 files changed, 60 insertions(+), 27 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
index 706219898..d3f811fc1 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
@@ -21,6 +21,7 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.mitre.openid.connect.model.UserInfo;
 import org.springframework.validation.BeanPropertyBindingResult;
 import org.springframework.web.servlet.view.AbstractView;
 
@@ -28,6 +29,7 @@ import com.google.gson.ExclusionStrategy;
 import com.google.gson.FieldAttributes;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
+import com.google.gson.JsonObject;
 
 public class JSONUserInfoView extends AbstractView{
 	
@@ -37,6 +39,8 @@ public class JSONUserInfoView extends AbstractView{
 	protected void renderMergedOutputModel(Map<String, Object> model,
 			HttpServletRequest request, HttpServletResponse response)
 			throws Exception {
+		
+		UserInfo userInfo = (UserInfo) model.get("userInfo");
 
 		Gson gson = new GsonBuilder()
 			.setExclusionStrategies(new ExclusionStrategy() {
@@ -57,15 +61,40 @@ public class JSONUserInfoView extends AbstractView{
 			}).create();
 
 		response.setContentType("application/json");
-		
 		Writer out = response.getWriter();
+		gson.toJson(toJson(userInfo),out);
+	}
+	
+	private JsonObject toJson(UserInfo ui) {
+		JsonObject obj = new JsonObject();
 		
-		Object obj = model.get("entity");
-		if (obj == null) {
-			obj = model;
-		}
+		obj.addProperty("user_id", ui.getUserId());
+		obj.addProperty("name", ui.getName());
+		obj.addProperty("given_name", ui.getGivenName());
+		obj.addProperty("family_name", ui.getFamilyName());
+		obj.addProperty("middle_name", ui.getMiddleName());
+		obj.addProperty("nickname", ui.getNickname());
+		obj.addProperty("profile", ui.getProfile());
+		obj.addProperty("picture", ui.getPicture());
+		obj.addProperty("website", ui.getWebsite());
+		obj.addProperty("verified", ui.getVerified());
+		obj.addProperty("gender", ui.getGender());
+		obj.addProperty("zone_info", ui.getZoneinfo());
+		obj.addProperty("locale", ui.getLocale());
+		obj.addProperty("phone_number", ui.getPhoneNumber());
+		obj.addProperty("updated_time", ui.getUpdatedTime());
 		
-		gson.toJson(obj, out);
+		JsonObject addr = new JsonObject();
+		addr.addProperty("formatted", ui.getAddress().getFormatted());
+		addr.addProperty("street_address", ui.getAddress().getStreetAddress());
+		addr.addProperty("locality", ui.getAddress().getLocality());
+		addr.addProperty("region", ui.getAddress().getRegion());
+		addr.addProperty("postal_code", ui.getAddress().getPostalCode());
+		addr.addProperty("country", ui.getAddress().getCountry());
+		
+		obj.add("address", addr);
+		
+		return obj;
 	}
 
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
index 11768c37c..46bb933d2 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
@@ -15,12 +15,15 @@
  ******************************************************************************/
 package org.mitre.openid.connect.web;
 
+import java.security.Principal;
+
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.service.UserInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -42,6 +45,12 @@ public class UserInfoEndpoint {
 	@Autowired
 	UserInfoService userInfoService;
 	
+	// Valid schemas and associated views
+	private static final String openIdSchema = "openId";
+	private static final String pocoSchema = "poco";
+	private static final String jsonUserInfoViewName = "jsonUserInfoView";
+	private static final String pocoUserInfoViewName = "pocoUserInfoView";
+	
 	/**
 	 * Get information about the user as specified in the accessToken->idToken included in this request
 	 * 
@@ -51,34 +60,29 @@ public class UserInfoEndpoint {
 	 * @return				JSON or JWT response containing UserInfo data
 	 */
 	@RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST})
-	public ModelAndView getInfo(@RequestParam("access_token") String accessToken, @RequestParam("schema") String schema, ModelAndView mav) {
+	public ModelAndView getInfo(Principal p, @RequestParam("schema") String schema, ModelAndView mav) {
+
 		
-		//This will throw the proper error if the token cannot be found
-		OAuth2AccessTokenEntity token = tokenService.getAccessToken(accessToken);
-		
-		if (schema != "openid") {
-			//openid is the ONLY defined schema and is a required parameter
-			//Will we be defining other schemas?
-			//if schema is unrecognized, throw an error?
-			
+		if (p == null) {
+			throw new UsernameNotFoundException("Invalid User"); 
 		}
 		
-		String userId = token.getIdToken().getTokenClaims().getUserId();
+		String viewName = null;
+		if (schema.equalsIgnoreCase( openIdSchema )){
+			viewName = jsonUserInfoViewName;
+		} else if (schema.equalsIgnoreCase( pocoSchema )) {
+			viewName = pocoUserInfoViewName;
+		} else {
+			//TODO: Create an Error class *UnknownSchema*
+		}
+		
+		String userId = p.getName(); 
 		
 		UserInfo userInfo = userInfoService.getByUserId(userId);
 		
-		ClientDetailsEntity client = token.getClient();
+		return new ModelAndView(viewName, "userInfo", userInfo);
 		
-		//if client wants plain JSON, give it JSON; if it wants a JWT, give it a JWT
-		
-		//If returning JSON
-		return new ModelAndView("jsonUserInfoView", "userInfo", userInfo);
-		
-		// If returning JWT
-		//Jwt jwt = new Jwt(new JwtHeader(), new JwtClaims(userInfo.toJson()), null);
-		//sign jwt according to client's userinfo_signed_response_algs parameter
-		//mav.addObject(jwt);
-		//return mav;
+
 	}
 	
 }