github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

enforce pairwise identifier consistency in UI, closes #969

pull/988/head
Justin Richer 2015-11-25 15:36:15 -05:00
parent 2496dc114c
commit c59f722cc2
2 changed files with 45 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
openid-connect-server-webapp/src/main/webapp/resources/js/client.js
View File

@ -907,7 +907,26 @@ var ClientFormView = Backbone.View.extend({
refreshTokenValiditySeconds = this.getFormTokenNumberValue($('#refreshTokenValidityTime input[type=text]').val(), $('#refreshTokenValidityTime select').val()); refreshTokenValiditySeconds = this.getFormTokenNumberValue($('#refreshTokenValidityTime input[type=text]').val(), $('#refreshTokenValidityTime select').val());
} }
} }
// make sure that the subject identifier is consistent with the redirect URIs
var subjectType = $('#subjectType input').filter(':checked').val();
var redirectUris = this.redirectUrisCollection.pluck("item");
var sectorIdentifierUri = $('#sectorIdentifierUri input').val();
if (subjectType == 'PAIRWISE' && redirectUris.length > 1 && sectorIdentifierUri == '') {
//Display an alert with an error message
$('#modalAlert div.modal-header').html("Consistency error");
$('#modalAlert div.modal-body').html("Pairwise identifiers cannot be used with multiple redirect URIs unless a sector identifier URI is also registered.");
$("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
"backdrop" : "static",
"keyboard" : true,
"show" : true // ensure the modal is shown immediately
});
return false;
}
// process the JWKS // process the JWKS
var jwksUri = null; var jwksUri = null;
var jwks = null; var jwks = null;
@ -947,7 +966,7 @@ var ClientFormView = Backbone.View.extend({
clientId:$('#clientId input').val(), clientId:$('#clientId input').val(),
clientSecret: clientSecret, clientSecret: clientSecret,
generateClientSecret:generateClientSecret, generateClientSecret:generateClientSecret,
redirectUris: this.redirectUrisCollection.pluck("item"), redirectUris: redirectUris,
clientDescription:$('#clientDescription textarea').val(), clientDescription:$('#clientDescription textarea').val(),
logoUri:$('#logoUri input').val(), logoUri:$('#logoUri input').val(),
grantTypes: grantTypes, grantTypes: grantTypes,
@ -963,10 +982,10 @@ var ClientFormView = Backbone.View.extend({
applicationType: $('#applicationType input').filter(':checked').val(), applicationType: $('#applicationType input').filter(':checked').val(),
jwksUri: jwksUri, jwksUri: jwksUri,
jwks: jwks, jwks: jwks,
subjectType: $('#subjectType input').filter(':checked').val(), subjectType: subjectType,
tokenEndpointAuthMethod: tokenEndpointAuthMethod, tokenEndpointAuthMethod: tokenEndpointAuthMethod,
responseTypes: responseTypes, responseTypes: responseTypes,
sectorIdentifierUri: $('#sectorIdentifierUri input').val(), sectorIdentifierUri: sectorIdentifierUri,
initiateLoginUri: $('#initiateLoginUri input').val(), initiateLoginUri: $('#initiateLoginUri input').val(),
postLogoutRedirectUris: this.postLogoutRedirectUrisCollection.pluck('item'), postLogoutRedirectUris: this.postLogoutRedirectUrisCollection.pluck('item'),
reuseRefreshToken: $('#reuseRefreshToken').is(':checked'), reuseRefreshToken: $('#reuseRefreshToken').is(':checked'),

25
openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js
View File

@ -388,6 +388,25 @@ var DynRegEditView = Backbone.View.extend({
} }
} }
// make sure that the subject identifier is consistent with the redirect URIs
var subjectType = $('#subjectType input').filter(':checked').val();
var redirectUris = this.redirectUrisCollection.pluck("item");
var sectorIdentifierUri = $('#sectorIdentifierUri input').val();
if (subjectType == 'PAIRWISE' && redirectUris.length > 1 && sectorIdentifierUri == '') {
//Display an alert with an error message
$('#modalAlert div.modal-header').html("Consistency error");
$('#modalAlert div.modal-body').html("Pairwise identifiers cannot be used with multiple redirect URIs unless a sector identifier URI is also registered.");
$("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
"backdrop" : "static",
"keyboard" : true,
"show" : true // ensure the modal is shown immediately
});
return false;
}
// process the JWKS // process the JWKS
var jwksUri = null; var jwksUri = null;
var jwks = null; var jwks = null;
@ -422,7 +441,7 @@ var DynRegEditView = Backbone.View.extend({
var attrs = { var attrs = {
client_name:$('#clientName input').val(), client_name:$('#clientName input').val(),
redirect_uris: this.redirectUrisCollection.pluck("item"), redirect_uris: redirectUris,
logo_uri:$('#logoUri input').val(), logo_uri:$('#logoUri input').val(),
grant_types: grantTypes, grant_types: grantTypes,
scope: scopes, scope: scopes,
@ -433,10 +452,10 @@ var DynRegEditView = Backbone.View.extend({
application_type: $('#applicationType input').filter(':checked').val(), application_type: $('#applicationType input').filter(':checked').val(),
jwks_uri: jwksUri, jwks_uri: jwksUri,
jwks: jwks, jwks: jwks,
subject_type: $('#subjectType input').filter(':checked').val(), subject_type: subjectType,
token_endpoint_auth_method: $('#tokenEndpointAuthMethod input').filter(':checked').val(), token_endpoint_auth_method: $('#tokenEndpointAuthMethod input').filter(':checked').val(),
response_types: responseTypes, response_types: responseTypes,
sector_identifier_uri: $('#sectorIdentifierUri input').val(), sector_identifier_uri: sectorIdentifierUri,
initiate_login_uri: $('#initiateLoginUri input').val(), initiate_login_uri: $('#initiateLoginUri input').val(),
post_logout_redirect_uris: this.postLogoutRedirectUrisCollection.pluck('item'), post_logout_redirect_uris: this.postLogoutRedirectUrisCollection.pluck('item'),
require_auth_time: $('#requireAuthTime input').is(':checked'), require_auth_time: $('#requireAuthTime input').is(':checked'),