github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

let user select when grants time out

pull/263/head
Justin Richer 2012-11-26 14:26:07 -05:00
parent 413c477879
commit d07f67bd76
2 changed files with 71 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
View File

@ -15,6 +15,7 @@
******************************************************************************/ ******************************************************************************/
package org.mitre.openid.connect.token; package org.mitre.openid.connect.token;
import java.util.Calendar;
import java.util.Collection; import java.util.Collection;
import java.util.Date; import java.util.Date;
import java.util.Map; import java.util.Map;
@ -33,6 +34,7 @@ import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler; import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import com.google.common.base.Splitter; import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
/** /**
@ -125,6 +127,9 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
//lookup ApprovedSites by userId and clientId //lookup ApprovedSites by userId and clientId
Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId); Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId);
for (ApprovedSite ap : aps) { for (ApprovedSite ap : aps) {
if (!ap.isExpired()) {
// if we find one that fits... // if we find one that fits...
if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) { if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) {
@ -139,6 +144,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
return ar; return ar;
} }
} }
}
WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId); WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId);
if (ws != null && scopesMatch(authorizationRequest.getScope(), ws.getAllowedScopes())) { if (ws != null && scopesMatch(authorizationRequest.getScope(), ws.getAllowedScopes())) {
@ -161,19 +167,14 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
// TODO: Get SECOAUTH to stop breaking polymorphism and start using real objects, SRSLY // TODO: Get SECOAUTH to stop breaking polymorphism and start using real objects, SRSLY
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest); DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
//Only store an ApprovedSite if the user has checked "remember this decision": // process scopes from user input
if (ar.getApprovalParameters().get("remember") != null) {
//TODO: Remember may eventually have an option to remember for a specific amount
//of time; this would set the ApprovedSite.timeout.
Set<String> allowedScopes = Sets.newHashSet(); Set<String> allowedScopes = Sets.newHashSet();
Map<String,String> approvalParams = ar.getApprovalParameters(); Map<String,String> approvalParams = ar.getApprovalParameters();
Set<String> keys = approvalParams.keySet(); Set<String> keys = approvalParams.keySet();
for (String key : keys) { for (String key : keys) {
if (key.contains("scope")) { if (key.startsWith("scope_")) {
//This is a scope parameter from the approval page. The value sent back should //This is a scope parameter from the approval page. The value sent back should
//be the scope string. Check to make sure it is contained in the client's //be the scope string. Check to make sure it is contained in the client's
//registered allowed scopes. //registered allowed scopes.
@ -191,7 +192,19 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
// TODO: for the moment this allows both upscoping and downscoping. // TODO: for the moment this allows both upscoping and downscoping.
ar.setScope(allowedScopes); ar.setScope(allowedScopes);
approvedSiteService.createApprovedSite(clientId, userId, null, allowedScopes, null); //Only store an ApprovedSite if the user has checked "remember this decision":
String remember = ar.getApprovalParameters().get("remember");
if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) {
Date timeout = null;
if (remember.equals("one-hour")) {
// set the timeout to one hour from now
Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, 1);
timeout = cal.getTime();
}
approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null);
} }
// TODO: should we set approved here? It gets called later via the isApproved method in this class... // TODO: should we set approved here? It gets called later via the isApproved method in this class...

16
openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
View File

@ -112,8 +112,22 @@
</label> </label>
</c:if> </c:if>
<input type="checkbox" name="remember" id="remember" value="true" checked="checked"><label for="remember">remember this decision</label> </fieldset>
<fieldset style="text-align:left" class="well">
<legend style="margin-bottom: 0;">Remember this decision:</legend>
<label for="remember-forever" class="radio">
<input type="radio" name="remember" id="remember-forever" value="until-revoked" checked="checked">
<i class="icon-hdd"></i> remember this decision until I revoke it
</label>
<label for="remember-hour" class="radio">
<input type="radio" name="remember" id="remember-hour" value="one-hour">
<i class="icon-hdd"></i> remember this decision for one hour
</label>
<label for="remember-not" class="radio">
<input type="radio" name="remember" id="remember-not" value="none">
<i class="icon-hdd"></i> prompt me again next time
</label>
</fieldset> </fieldset>
</div> </div>