let user select when grants time out
Justin Richer
parent
413c477879
commit
d07f67bd76
|
|
@ -15,6 +15,7 @@
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
package org.mitre.openid.connect.token;
|
package org.mitre.openid.connect.token;
|
||||||
|
|
||||||
|
import java.util.Calendar;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
@ -33,6 +34,7 @@ import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
|
||||||
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
|
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
|
||||||
|
|
||||||
import com.google.common.base.Splitter;
|
import com.google.common.base.Splitter;
|
||||||
|
import com.google.common.base.Strings;
|
||||||
import com.google.common.collect.Sets;
|
import com.google.common.collect.Sets;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -125,18 +127,22 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
|
||||||
//lookup ApprovedSites by userId and clientId
|
//lookup ApprovedSites by userId and clientId
|
||||||
Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId);
|
Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId);
|
||||||
for (ApprovedSite ap : aps) {
|
for (ApprovedSite ap : aps) {
|
||||||
// if we find one that fits...
|
|
||||||
if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) {
|
if (!ap.isExpired()) {
|
||||||
|
|
||||||
//We have a match; update the access date on the AP entry and return true.
|
// if we find one that fits...
|
||||||
ap.setAccessDate(new Date());
|
if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) {
|
||||||
approvedSiteService.save(ap);
|
|
||||||
|
//We have a match; update the access date on the AP entry and return true.
|
||||||
// TODO: WHY DAVE WHY
|
ap.setAccessDate(new Date());
|
||||||
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
|
approvedSiteService.save(ap);
|
||||||
ar.setApproved(true);
|
|
||||||
|
// TODO: WHY DAVE WHY
|
||||||
return ar;
|
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
|
||||||
|
ar.setApproved(true);
|
||||||
|
|
||||||
|
return ar;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -161,37 +167,44 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
|
||||||
// TODO: Get SECOAUTH to stop breaking polymorphism and start using real objects, SRSLY
|
// TODO: Get SECOAUTH to stop breaking polymorphism and start using real objects, SRSLY
|
||||||
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
|
DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
|
||||||
|
|
||||||
//Only store an ApprovedSite if the user has checked "remember this decision":
|
// process scopes from user input
|
||||||
if (ar.getApprovalParameters().get("remember") != null) {
|
Set<String> allowedScopes = Sets.newHashSet();
|
||||||
|
Map<String,String> approvalParams = ar.getApprovalParameters();
|
||||||
//TODO: Remember may eventually have an option to remember for a specific amount
|
|
||||||
//of time; this would set the ApprovedSite.timeout.
|
Set<String> keys = approvalParams.keySet();
|
||||||
|
|
||||||
Set<String> allowedScopes = Sets.newHashSet();
|
for (String key : keys) {
|
||||||
Map<String,String> approvalParams = ar.getApprovalParameters();
|
if (key.startsWith("scope_")) {
|
||||||
|
//This is a scope parameter from the approval page. The value sent back should
|
||||||
Set<String> keys = approvalParams.keySet();
|
//be the scope string. Check to make sure it is contained in the client's
|
||||||
|
//registered allowed scopes.
|
||||||
for (String key : keys) {
|
|
||||||
if (key.contains("scope")) {
|
String scope = approvalParams.get(key);
|
||||||
//This is a scope parameter from the approval page. The value sent back should
|
|
||||||
//be the scope string. Check to make sure it is contained in the client's
|
//Make sure this scope is allowed for the given client
|
||||||
//registered allowed scopes.
|
if (client.getScope().contains(scope)) {
|
||||||
|
allowedScopes.add(scope);
|
||||||
String scope = approvalParams.get(key);
|
|
||||||
|
|
||||||
//Make sure this scope is allowed for the given client
|
|
||||||
if (client.getScope().contains(scope)) {
|
|
||||||
allowedScopes.add(scope);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// inject the user-allowed scopes into the auth request
|
// inject the user-allowed scopes into the auth request
|
||||||
// TODO: for the moment this allows both upscoping and downscoping.
|
// TODO: for the moment this allows both upscoping and downscoping.
|
||||||
ar.setScope(allowedScopes);
|
ar.setScope(allowedScopes);
|
||||||
|
|
||||||
|
//Only store an ApprovedSite if the user has checked "remember this decision":
|
||||||
|
String remember = ar.getApprovalParameters().get("remember");
|
||||||
|
if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) {
|
||||||
|
|
||||||
approvedSiteService.createApprovedSite(clientId, userId, null, allowedScopes, null);
|
Date timeout = null;
|
||||||
|
if (remember.equals("one-hour")) {
|
||||||
|
// set the timeout to one hour from now
|
||||||
|
Calendar cal = Calendar.getInstance();
|
||||||
|
cal.add(Calendar.HOUR, 1);
|
||||||
|
timeout = cal.getTime();
|
||||||
|
}
|
||||||
|
|
||||||
|
approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: should we set approved here? It gets called later via the isApproved method in this class...
|
// TODO: should we set approved here? It gets called later via the isApproved method in this class...
|
||||||
|
|
|
||||||
|
|
@ -111,11 +111,25 @@
|
||||||
<i class="icon-time"></i> offline access
|
<i class="icon-time"></i> offline access
|
||||||
</label>
|
</label>
|
||||||
</c:if>
|
</c:if>
|
||||||
|
|
||||||
<input type="checkbox" name="remember" id="remember" value="true" checked="checked"><label for="remember">remember this decision</label>
|
</fieldset>
|
||||||
|
|
||||||
</fieldset>
|
<fieldset style="text-align:left" class="well">
|
||||||
</div>
|
<legend style="margin-bottom: 0;">Remember this decision:</legend>
|
||||||
|
<label for="remember-forever" class="radio">
|
||||||
|
<input type="radio" name="remember" id="remember-forever" value="until-revoked" checked="checked">
|
||||||
|
<i class="icon-hdd"></i> remember this decision until I revoke it
|
||||||
|
</label>
|
||||||
|
<label for="remember-hour" class="radio">
|
||||||
|
<input type="radio" name="remember" id="remember-hour" value="one-hour">
|
||||||
|
<i class="icon-hdd"></i> remember this decision for one hour
|
||||||
|
</label>
|
||||||
|
<label for="remember-not" class="radio">
|
||||||
|
<input type="radio" name="remember" id="remember-not" value="none">
|
||||||
|
<i class="icon-hdd"></i> prompt me again next time
|
||||||
|
</label>
|
||||||
|
</fieldset>
|
||||||
|
</div>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue