github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

enhancements to approval page

pull/576/head
Justin Richer 2014-02-16 18:16:14 -05:00
parent ec6a78c1ba
commit dab52ca8a0
2 changed files with 92 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp
View File

@ -19,13 +19,22 @@
<c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION" />
<div class="well" style="text-align: center">
<h1>Approve New Site</h1>
<h1>Approval Required for
<c:choose>
<c:when test="${empty client.clientName}">
<em><c:out value="${client.clientId}" /></em>
</c:when>
<c:otherwise>
<em><c:out value="${client.clientName}" /></em>
</c:otherwise>
</c:choose>
</h1>
<form name="confirmationForm"
action="<%=request.getContextPath()%>/authorize" method="post">
<div class="row">
<div class="span4 offset2 well-small" style="text-align: left">
<div class="span5 offset1 well-small" style="text-align: left">
<%-- TODO: wire up to stats engine and customize display of this block --%>
<c:if test="${ client.dynamicallyRegistered }">
@ -33,8 +42,9 @@
<h4>
<i class="icon-globe"></i> Caution:
</h4>
This client was dynamically registered and has very few other
users on this system.
This software was dynamically registered and has been used by
<span class="label"><c:out value="${ count }" /></span>
users.
</div>
</c:if>
@ -47,30 +57,40 @@
</li>
</ul>
</c:if>
Do you authorize
"<c:choose>
<c:when test="${empty client.clientName}">
<c:out value="${client.clientId}" />
</c:when>
<c:otherwise>
<c:out value="${client.clientName}" />
</c:otherwise>
</c:choose>"
to sign you into their site using your identity?
<c:if test="${not empty client.clientDescription}">
<div>
${client.clientDescription}
</div>
<c:if test="${ (not empty client.clientUri) || (not empty client.policyUri) || (not empty client.tosUri) }">
<div>
<a class="small" href="#"onclick="$('#description').toggle('fast'); return false;"><i class="icon-chevron-right"></i> more information</a>
<a id="toggleMoreInformation" class="small" href="#"><i class="icon-chevron-right"></i> more information</a>
</div>
<div id="moreInformation" class="hide">
<ul>
<c:if test="${ not empty client.clientUri }">
<li>Home page: <a href="<c:out value="${ client.clientUri }" />"><c:out value="${ client.clientUri }" /></a>
</c:if>
</ul>
</div>
<p>
<blockquote id="description" style="display: none">
${client.clientDescription}
</blockquote>
</p>
</c:if>
<div>
<small>
<strong>Redirect URI: </strong><c:out value="${redirect_uri}" />
</small>
<c:choose>
<c:when test="${ empty client.redirectUris }">
<div class="alert alert-block alert-error">
<h4>
<i class="icon-info-sign"></i> Warning:
</h4>
This client does not have any redirect URIs registered and could be using a
malicious URI. You will be redirected to the following page if you click Approve:
<code><c:out value="${redirect_uri}" /></code>
</div>
</c:when>
<c:otherwise>
<small>
<strong>You will be redirected to the following page
if you click Approve: </strong><code><c:out value="${redirect_uri}" /></code>
</small>
</c:otherwise>
</c:choose>
</div>
<c:if test="${ client.subjectType == 'PAIRWISE' }">
@ -84,6 +104,16 @@
<fieldset style="text-align: left" class="well">
<legend style="margin-bottom: 0;">Access to:</legend>
<c:if test="${ empty client.scope }">
<div class="alert alert-block alert-error">
<h4>
<i class="icon-info-sign"></i> Warning:
</h4>
This client does not have any scopes registered and is therefore allowed to
request <em>any</em> scopes available on the system. Proceed with caution.
</div>
</c:if>
<c:forEach var="scope" items="${ scopes }">
<label for="scope_${ scope.value }" class="checkbox">
@ -153,6 +183,17 @@
</div>
<div class="row">
<h3>
Do you authorize
"<c:choose>
<c:when test="${empty client.clientName}">
<c:out value="${client.clientId}" />
</c:when>
<c:otherwise>
<c:out value="${client.clientName}" />
</c:otherwise>
</c:choose>"?
</h3>
<input id="user_oauth_approval" name="user_oauth_approval" value="true" type="hidden" />
<input name="authorize" value="Authorize" type="submit"
onclick="$('#user_oauth_approval').attr('value',true)" class="btn btn-success btn-large" />
@ -170,6 +211,20 @@
$(document).ready(function() {
$('.claim-tooltip').popover();
$('#toggleMoreInformation').on('click', function(event) {
event.preventDefault();
if ($('#moreInformation').is(':visible')) {
// hide it
$('#moreInformation').hide('fast');
$('#toggleMoreInformation i').attr('class', 'icon-chevron-right');
} else {
// show it
$('#moreInformation').show('fast');
$('#toggleMoreInformation i').attr('class', 'icon-chevron-down');
}
});
});
//-->

19
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
View File

@ -26,11 +26,13 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.SystemScope;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.ScopeClaimTranslationService;
import org.mitre.openid.connect.service.StatsService;
import org.mitre.openid.connect.service.UserInfoService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -39,7 +41,6 @@ import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
@ -47,10 +48,6 @@ import org.springframework.web.bind.annotation.SessionAttributes;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Multimap;
import com.google.common.collect.Multimaps;
import com.google.common.collect.Sets;
import com.google.gson.JsonObject;
@ -74,6 +71,9 @@ public class OAuthConfirmationController {
@Autowired
private UserInfoService userInfoService;
@Autowired
private StatsService statsService;
private static Logger logger = LoggerFactory.getLogger(OAuthConfirmationController.class);
public OAuthConfirmationController() {
@ -102,7 +102,7 @@ public class OAuthConfirmationController {
//AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
ClientDetails client = null;
ClientDetailsEntity client = null;
try {
client = clientService.loadClientByClientId(clientAuth.getClientId());
@ -129,6 +129,8 @@ public class OAuthConfirmationController {
model.put("redirect_uri", redirect_uri);
// pre-process the scopes
Set<SystemScope> scopes = scopeService.fromStrings(clientAuth.getScope());
Set<SystemScope> sortedScopes = new LinkedHashSet<SystemScope>(scopes.size());
@ -167,6 +169,11 @@ public class OAuthConfirmationController {
model.put("claims", claimsForScopes);
// client stats
Integer count = statsService.countForClientId(client.getId());
model.put("count", count);
return "approve";
}