internalized random string generation for device codes

openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java

@@ -66,7 +66,7 @@ public interface DeviceCodeService {
 	 * @param parameters
 	 * @return
 	 */
-	public DeviceCode createNewDeviceCode(String deviceCode, String userCode, Set<String> requestedScopes, ClientDetailsEntity client, Map<String, String> parameters);
+	public DeviceCode createNewDeviceCode(Set<String> requestedScopes, ClientDetailsEntity client, Map<String, String> parameters);
 
 
 	public void clearExpiredDeviceCodes();

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java

@@ -21,6 +21,7 @@ import java.util.Collection;
 import java.util.Date;
 import java.util.Map;
 import java.util.Set;
+import java.util.UUID;
 
 import org.mitre.data.AbstractPageOperationTemplate;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
@@ -29,6 +30,7 @@ import org.mitre.oauth2.model.DeviceCode;
 import org.mitre.oauth2.repository.impl.DeviceCodeRepository;
 import org.mitre.oauth2.service.DeviceCodeService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Service;
@@ -44,11 +46,19 @@ public class DefaultDeviceCodeService implements DeviceCodeService {
 	@Autowired
 	private DeviceCodeRepository repository;
 
+	private RandomValueStringGenerator randomGenerator = new RandomValueStringGenerator();
+
 	/* (non-Javadoc)
 	 * @see org.mitre.oauth2.service.DeviceCodeService#save(org.mitre.oauth2.model.DeviceCode)
 	 */
 	@Override
-	public DeviceCode createNewDeviceCode(String deviceCode, String userCode, Set<String> requestedScopes, ClientDetailsEntity client, Map<String, String> parameters) {
+	public DeviceCode createNewDeviceCode(Set<String> requestedScopes, ClientDetailsEntity client, Map<String, String> parameters) {
+
+		// create a device code, should be big and random
+		String deviceCode = UUID.randomUUID().toString();
+
+		// create a user code, should be random but small and typable
+		String userCode = randomGenerator.generate();
 
 		DeviceCode dc = new DeviceCode(deviceCode, userCode, requestedScopes, client.getClientId(), parameters);
 

openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java

@@ -91,8 +91,6 @@ public class DeviceEndpoint {
 	@Autowired
 	private OAuth2RequestFactory oAuth2RequestFactory;
 
-	private RandomValueStringGenerator randomGenerator = new RandomValueStringGenerator();
-
 	@RequestMapping(value = "/" + URL, method = RequestMethod.POST, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
 	public String requestDeviceCode(@RequestParam("client_id") String clientId, @RequestParam(name="scope", required=false) String scope, Map<String, String> parameters, ModelMap model) {
 
@@ -134,17 +132,11 @@ public class DeviceEndpoint {
 
 		// if we got here the request is legit
 
-		// create a device code, should be big and random
-		String deviceCode = UUID.randomUUID().toString();
-
-		// create a user code, should be random but small and typable
-		String userCode = randomGenerator.generate();
-
-		deviceCodeService.createNewDeviceCode(deviceCode, userCode, requestedScopes, client, parameters);
+		DeviceCode dc = deviceCodeService.createNewDeviceCode(requestedScopes, client, parameters);
 
 		Map<String, Object> response = new HashMap<>();
-		response.put("device_code", deviceCode);
-		response.put("user_code", userCode);
+		response.put("device_code", dc.getDeviceCode());
+		response.put("user_code", dc.getUserCode());
 		response.put("verification_uri", config.getIssuer() + USER_URL);
 		if (client.getDeviceCodeValiditySeconds() != null) {
 			response.put("expires_in", client.getDeviceCodeValiditySeconds());