Changed arity on approved sites (now can have many per user/site combo)

openid-connect-common/src/main/java/org/mitre/openid/connect/repository/ApprovedSiteRepository.java

@@ -51,7 +51,7 @@ public interface ApprovedSiteRepository {
 	 * @param userId
 	 * @return
 	 */	
-	public ApprovedSite getByClientIdAndUserId(String clientId, String userId);
+	public Collection<ApprovedSite> getByClientIdAndUserId(String clientId, String userId);
 
 	/**
 	 * Removes the given ApprovedSite from the repository

openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java

@@ -49,7 +49,7 @@ public interface ApprovedSiteService {
 	 * @param userId
 	 * @return
 	 */	
-	public ApprovedSite getByClientIdAndUserId(String clientId, String userId);
+	public Collection<ApprovedSite> getByClientIdAndUserId(String clientId, String userId);
 	
 	/**
 	 * Save an ApprovedSite

openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java

@@ -74,13 +74,13 @@ public class JpaApprovedSiteRepository implements ApprovedSiteRepository {
 	}
 
 	@Override
-	public ApprovedSite getByClientIdAndUserId(String clientId, String userId) {
+	public Collection<ApprovedSite> getByClientIdAndUserId(String clientId, String userId) {
 		
 		TypedQuery<ApprovedSite> query = manager.createNamedQuery("ApprovedSite.getByClientIdAndUserId", ApprovedSite.class);
 		query.setParameter("userId", userId);
 		query.setParameter("clientId", clientId);
 		
-		return JpaUtil.getSingleResult(query.getResultList());
+		return query.getResultList();
 	}
 	
     @Override

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java

@@ -101,7 +101,7 @@ public class DefaultApprovedSiteService implements ApprovedSiteService {
 	}
 
 	@Override
-	public ApprovedSite getByClientIdAndUserId(String clientId, String userId) {
+	public Collection<ApprovedSite> getByClientIdAndUserId(String clientId, String userId) {
 		
 		return approvedSiteRepository.getByClientIdAndUserId(clientId, userId);
 		

openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java

@@ -15,6 +15,7 @@
  ******************************************************************************/
 package org.mitre.openid.connect.token;
 
+import java.util.Collection;
 import java.util.Date;
 import java.util.Map;
 import java.util.Set;
@@ -25,7 +26,6 @@ import org.mitre.openid.connect.service.ApprovedSiteService;
 import org.mitre.openid.connect.service.WhitelistedSiteService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
@@ -86,9 +86,9 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 		Set<String> authRequestScopes = Sets.newHashSet(Splitter.on(" ").split(scopes));
 		
 		//lookup ApprovedSites by userId and clientId
-		ApprovedSite ap = approvedSiteService.getByClientIdAndUserId(clientId, userId);
+		Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId);
-		
+		for (ApprovedSite ap : aps) {
-		if (ap != null) {
+			// if we find one that fits...
 			if (scopesMatch(authRequestScopes, ap.getAllowedScopes())) {
 				
 				//We have a match; update the access date on the AP entry and return true.
@@ -97,7 +97,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 				
 				return true;
 			}
-		}
+        }
 		
 		WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId);
 		if (ws != null && scopesMatch(authRequestScopes, ws.getAllowedScopes())) {