From dfdc4ed52d56fa344814df41923dac469bd1dc16 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Wed, 28 May 2014 18:21:46 -0400
Subject: [PATCH] fixed information leaks from approved site API

---
 .../mitre/openid/connect/view/JsonApprovedSiteView.java  | 9 +++++++--
 .../org/mitre/openid/connect/web/ApprovedSiteAPI.java    | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java
index 258dc7ffe..c3a99573b 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.openid.connect.model.WhitelistedSite;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
@@ -73,13 +74,17 @@ public class JsonApprovedSiteView extends AbstractView {
 
 	})
 	.registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer<OAuth2AccessTokenEntity>() {
-
 		@Override
 		public JsonElement serialize(OAuth2AccessTokenEntity src,
 				Type typeOfSrc, JsonSerializationContext context) {
 			return new JsonPrimitive(src.getId());
 		}
-
+	})
+	.registerTypeAdapter(WhitelistedSite.class, new JsonSerializer<WhitelistedSite>() {
+		@Override
+		public JsonElement serialize(WhitelistedSite src, Type typeOfSrc, JsonSerializationContext context) {
+			return new JsonPrimitive(src.getId());
+		}
 	})
 	.serializeNulls()
 	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java
index eeef09e2d..a79eeaa4a 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java
@@ -65,7 +65,7 @@ public class ApprovedSiteAPI {
 
 		m.put("entity", all);
 
-		return "jsonEntityView";
+		return "jsonApprovedSiteView";
 	}
 
 	/**