Cleaning up approvedsite => token linkage

openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java

@@ -43,7 +43,6 @@ import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
 
-import org.mitre.openid.connect.model.ApprovedSite;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 
@@ -91,24 +90,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 
 	private Set<String> scope;
 	
-//	private ApprovedSite approvedSite;
-//	
-//	/**
-//	 * @return the approvedSite
-//	 */
-//	@ManyToOne(fetch=FetchType.EAGER)
-//	@JoinColumn(name="approved_site_id", referencedColumnName="id")
-//	public ApprovedSite getApprovedSite() {
-//		return approvedSite;
-//	}
-//
-//	/**
-//	 * @param approvedSite the approvedSite to set
-//	 */
-//	public void setApprovedSite(ApprovedSite approvedSite) {
-//		this.approvedSite = approvedSite;
-//	}
-	
 	/**
 	 * Create a new, blank access token
 	 */

openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java

@@ -15,7 +15,6 @@
  ******************************************************************************/
 package org.mitre.openid.connect.model;
 
-import java.io.Serializable;
 import java.util.Date;
 import java.util.Set;
 
@@ -50,9 +49,7 @@ import com.google.common.collect.Sets;
 	@NamedQuery(name = "ApprovedSite.getByClientId", query = "select a from ApprovedSite a where a.clientId = :clientId"),
 	@NamedQuery(name = "ApprovedSite.getByClientIdAndUserId", query = "select a from ApprovedSite a where a.clientId = :clientId and a.userId = :userId")
 })
-public class ApprovedSite implements Serializable {
+public class ApprovedSite {
-
-	private static final long serialVersionUID = 1L;
 
 	// unique id
     private Long id;
@@ -258,103 +255,5 @@ public class ApprovedSite implements Serializable {
 	public void setApprovedAccessTokens(Set<OAuth2AccessTokenEntity> approvedAccessTokens) {
 		this.approvedAccessTokens = approvedAccessTokens;
 	}
-
-	/* (non-Javadoc)
-	 * @see java.lang.Object#hashCode()
-	 */
-	@Override
-	public int hashCode() {
-		final int prime = 31;
-		int result = 1;
-		result = prime * result
-				+ ((accessDate == null) ? 0 : accessDate.hashCode());
-		result = prime * result
-				+ ((allowedScopes == null) ? 0 : allowedScopes.hashCode());
-		result = prime * result
-				+ ((clientId == null) ? 0 : clientId.hashCode());
-		result = prime * result
-				+ ((creationDate == null) ? 0 : creationDate.hashCode());
-		result = prime * result + ((id == null) ? 0 : id.hashCode());
-		result = prime * result
-				+ ((timeoutDate == null) ? 0 : timeoutDate.hashCode());
-		result = prime * result + ((userId == null) ? 0 : userId.hashCode());
-		result = prime * result
-				+ ((whitelistedSite == null) ? 0 : whitelistedSite.hashCode());
-		return result;
-	}
-
-	/* (non-Javadoc)
-	 * @see java.lang.Object#equals(java.lang.Object)
-	 */
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null) {
-			return false;
-		}
-		if (!(obj instanceof ApprovedSite)) {
-			return false;
-		}
-		ApprovedSite other = (ApprovedSite) obj;
-		if (accessDate == null) {
-			if (other.accessDate != null) {
-				return false;
-			}
-		} else if (!accessDate.equals(other.accessDate)) {
-			return false;
-		}
-		if (allowedScopes == null) {
-			if (other.allowedScopes != null) {
-				return false;
-			}
-		} else if (!allowedScopes.equals(other.allowedScopes)) {
-			return false;
-		}
-		if (clientId == null) {
-			if (other.clientId != null) {
-				return false;
-			}
-		} else if (!clientId.equals(other.clientId)) {
-			return false;
-		}
-		if (creationDate == null) {
-			if (other.creationDate != null) {
-				return false;
-			}
-		} else if (!creationDate.equals(other.creationDate)) {
-			return false;
-		}
-		if (id == null) {
-			if (other.id != null) {
-				return false;
-			}
-		} else if (!id.equals(other.id)) {
-			return false;
-		}
-		if (timeoutDate == null) {
-			if (other.timeoutDate != null) {
-				return false;
-			}
-		} else if (!timeoutDate.equals(other.timeoutDate)) {
-			return false;
-		}
-		if (userId == null) {
-			if (other.userId != null) {
-				return false;
-			}
-		} else if (!userId.equals(other.userId)) {
-			return false;
-		}
-		if (whitelistedSite == null) {
-			if (other.whitelistedSite != null) {
-				return false;
-			}
-		} else if (!whitelistedSite.equals(other.whitelistedSite)) {
-			return false;
-		}
-		return true;
-	}
 	
 }

openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java

@@ -15,7 +15,6 @@
  ******************************************************************************/
 package org.mitre.openid.connect.model;
 
-import java.io.Serializable;
 import java.util.Set;
 
 import javax.persistence.Basic;
@@ -45,9 +44,7 @@ import javax.persistence.Table;
 	@NamedQuery(name = "WhitelistedSite.getByClientId", query = "select w from WhitelistedSite w where w.clientId = :clientId"),
 	@NamedQuery(name = "WhitelistedSite.getByCreatoruserId", query = "select w from WhitelistedSite w where w.creatorUserId = :userId")
 })
-public class WhitelistedSite implements Serializable {
+public class WhitelistedSite {
-
-	private static final long serialVersionUID = 1L;
 
 	// unique id
     private Long id;
@@ -130,67 +127,4 @@ public class WhitelistedSite implements Serializable {
 	public void setCreatorUserId(String creatorUserId) {
 		this.creatorUserId = creatorUserId;
 	}
-
-	/* (non-Javadoc)
-	 * @see java.lang.Object#hashCode()
-	 */
-	@Override
-	public int hashCode() {
-		final int prime = 31;
-		int result = 1;
-		result = prime * result
-				+ ((allowedScopes == null) ? 0 : allowedScopes.hashCode());
-		result = prime * result
-				+ ((clientId == null) ? 0 : clientId.hashCode());
-		result = prime * result
-				+ ((creatorUserId == null) ? 0 : creatorUserId.hashCode());
-		result = prime * result + ((id == null) ? 0 : id.hashCode());
-		return result;
-	}
-
-	/* (non-Javadoc)
-	 * @see java.lang.Object#equals(java.lang.Object)
-	 */
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null) {
-			return false;
-		}
-		if (!(obj instanceof WhitelistedSite)) {
-			return false;
-		}
-		WhitelistedSite other = (WhitelistedSite) obj;
-		if (allowedScopes == null) {
-			if (other.allowedScopes != null) {
-				return false;
-			}
-		} else if (!allowedScopes.equals(other.allowedScopes)) {
-			return false;
-		}
-		if (clientId == null) {
-			if (other.clientId != null) {
-				return false;
-			}
-		} else if (!clientId.equals(other.clientId)) {
-			return false;
-		}
-		if (creatorUserId == null) {
-			if (other.creatorUserId != null) {
-				return false;
-			}
-		} else if (!creatorUserId.equals(other.creatorUserId)) {
-			return false;
-		}
-		if (id == null) {
-			if (other.id != null) {
-				return false;
-			}
-		} else if (!id.equals(other.id)) {
-			return false;
-		}
-		return true;
-	}
 }

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java

@@ -157,7 +157,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 				
 				Long apId = (Long) originalAuthRequest.getExtensionProperties().get("approved_site");
 				ApprovedSite ap = approvedSiteService.getById(apId);
-				//token.setApprovedSite(ap);
 				Set<OAuth2AccessTokenEntity> apTokens = ap.getApprovedAccessTokens();
 				apTokens.add(token);
 				ap.setApprovedAccessTokens(apTokens);

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java

@@ -19,7 +19,8 @@ import java.util.Collection;
 import java.util.Date;
 import java.util.Set;
 
-import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.model.WhitelistedSite;
 import org.mitre.openid.connect.repository.ApprovedSiteRepository;
@@ -41,6 +42,9 @@ public class DefaultApprovedSiteService implements ApprovedSiteService {
 
 	@Autowired
 	private ApprovedSiteRepository approvedSiteRepository;
+	
+	@Autowired
+	private OAuth2TokenRepository tokenRepository;
 
 	/**
 	 * Default constructor
@@ -77,6 +81,17 @@ public class DefaultApprovedSiteService implements ApprovedSiteService {
 	@Override
 	@Transactional
 	public void remove(ApprovedSite approvedSite) {
+		
+		//Remove any associated access and refresh tokens
+		Set<OAuth2AccessTokenEntity> accessTokens = approvedSite.getApprovedAccessTokens();
+
+		for (OAuth2AccessTokenEntity token : accessTokens) {
+			if (token.getRefreshToken() != null) {
+				tokenRepository.removeRefreshToken(token.getRefreshToken());
+			}
+			tokenRepository.removeAccessToken(token);
+		}
+		
 		approvedSiteRepository.remove(approvedSite);
 	}
 

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java

@@ -5,9 +5,7 @@ package org.mitre.openid.connect.web;
 
 import java.security.Principal;
 import java.util.Collection;
-import java.util.Set;
 
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.service.ApprovedSiteService;
@@ -75,19 +73,7 @@ public class ApprovedSiteAPI {
 			return "jsonErrorView";
 		} else {
 			m.put("code", HttpStatus.OK);
-			
+			approvedSiteService.remove(approvedSite);	
-			Set<OAuth2AccessTokenEntity> accessTokens = approvedSite.getApprovedAccessTokens();
-
-			for (OAuth2AccessTokenEntity token : accessTokens) {
-				if (token.getRefreshToken() != null) {
-					//TODO: how should refresh tokens be handled if you delete an approved site?
-					//tokenServices.revokeRefreshToken(token.getRefreshToken());
-				}
-				tokenServices.revokeAccessToken(token);
-			}
-			
-			approvedSiteService.remove(approvedSite);
-			
 		}		
 		
 		return "httpCodeView";