let user select when grants time out

pull/263/head
Justin Richer 2012-11-26 14:26:07 -05:00
parent 413c477879
commit d07f67bd76
2 changed files with 71 additions and 44 deletions

View File

@ -15,6 +15,7 @@
******************************************************************************/
package org.mitre.openid.connect.token;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Map;
@ -33,6 +34,7 @@ import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Sets;
/**
@ -125,18 +127,22 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
//lookup ApprovedSites by userId and clientId
Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId);
for (ApprovedSite ap : aps) {
// if we find one that fits...
if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) {
//We have a match; update the access date on the AP entry and return true.
ap.setAccessDate(new Date());
approvedSiteService.save(ap);
// TODO: WHY DAVE WHY
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
ar.setApproved(true);
return ar;
if (!ap.isExpired()) {
// if we find one that fits...
if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) {
//We have a match; update the access date on the AP entry and return true.
ap.setAccessDate(new Date());
approvedSiteService.save(ap);
// TODO: WHY DAVE WHY
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
ar.setApproved(true);
return ar;
}
}
}
@ -161,37 +167,44 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
// TODO: Get SECOAUTH to stop breaking polymorphism and start using real objects, SRSLY
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
//Only store an ApprovedSite if the user has checked "remember this decision":
if (ar.getApprovalParameters().get("remember") != null) {
//TODO: Remember may eventually have an option to remember for a specific amount
//of time; this would set the ApprovedSite.timeout.
Set<String> allowedScopes = Sets.newHashSet();
Map<String,String> approvalParams = ar.getApprovalParameters();
Set<String> keys = approvalParams.keySet();
for (String key : keys) {
if (key.contains("scope")) {
//This is a scope parameter from the approval page. The value sent back should
//be the scope string. Check to make sure it is contained in the client's
//registered allowed scopes.
String scope = approvalParams.get(key);
//Make sure this scope is allowed for the given client
if (client.getScope().contains(scope)) {
allowedScopes.add(scope);
}
// process scopes from user input
Set<String> allowedScopes = Sets.newHashSet();
Map<String,String> approvalParams = ar.getApprovalParameters();
Set<String> keys = approvalParams.keySet();
for (String key : keys) {
if (key.startsWith("scope_")) {
//This is a scope parameter from the approval page. The value sent back should
//be the scope string. Check to make sure it is contained in the client's
//registered allowed scopes.
String scope = approvalParams.get(key);
//Make sure this scope is allowed for the given client
if (client.getScope().contains(scope)) {
allowedScopes.add(scope);
}
}
}
// inject the user-allowed scopes into the auth request
// TODO: for the moment this allows both upscoping and downscoping.
ar.setScope(allowedScopes);
// inject the user-allowed scopes into the auth request
// TODO: for the moment this allows both upscoping and downscoping.
ar.setScope(allowedScopes);
//Only store an ApprovedSite if the user has checked "remember this decision":
String remember = ar.getApprovalParameters().get("remember");
if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) {
approvedSiteService.createApprovedSite(clientId, userId, null, allowedScopes, null);
Date timeout = null;
if (remember.equals("one-hour")) {
// set the timeout to one hour from now
Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, 1);
timeout = cal.getTime();
}
approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null);
}
// TODO: should we set approved here? It gets called later via the isApproved method in this class...

View File

@ -111,11 +111,25 @@
<i class="icon-time"></i> offline access
</label>
</c:if>
<input type="checkbox" name="remember" id="remember" value="true" checked="checked"><label for="remember">remember this decision</label>
</fieldset>
</div>
</fieldset>
<fieldset style="text-align:left" class="well">
<legend style="margin-bottom: 0;">Remember this decision:</legend>
<label for="remember-forever" class="radio">
<input type="radio" name="remember" id="remember-forever" value="until-revoked" checked="checked">
<i class="icon-hdd"></i> remember this decision until I revoke it
</label>
<label for="remember-hour" class="radio">
<input type="radio" name="remember" id="remember-hour" value="one-hour">
<i class="icon-hdd"></i> remember this decision for one hour
</label>
<label for="remember-not" class="radio">
<input type="radio" name="remember" id="remember-not" value="none">
<i class="icon-hdd"></i> prompt me again next time
</label>
</fieldset>
</div>
</div>