Added parameter checking for authorization DAO.
Change-Id: Ic7e089d153829b83d09efeccb275990bd23e6d5c
diff --git a/full/Changes b/full/Changes
index 2b3e4fa..a3308c8 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,9 +1,10 @@
version 0.60.3
-07/05/2018
+09/05/2018
- improved user authentication by using authentication filter for authorization code request (margaretha)
- limited client authentication to client id checking in authorization code request (margaretha)
- added user_id in the oauth2_access_token table (margaretha)
- implemented OAuth2Authentication provider for token context management (margaretha)
+ - added parameter checking for authorization DAO (margaretha)
version 0.60.2
03/05/2018
diff --git a/full/pom.xml b/full/pom.xml
index f0e16a8..9ea7367 100644
--- a/full/pom.xml
+++ b/full/pom.xml
@@ -156,7 +156,7 @@
<dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-core</artifactId>
- <version>0.60.2</version>
+ <version>0.60.3</version>
</dependency>
<!-- LDAP -->
<dependency>
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java
index d60fe63..af04f45 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java
@@ -29,7 +29,13 @@
private EntityManager entityManager;
public void storeAuthorizationCode (String clientId, String userId,
- String code, Set<AccessScope> scopes, String redirectURI) {
+ String code, Set<AccessScope> scopes, String redirectURI)
+ throws KustvaktException {
+ ParameterChecker.checkStringValue(clientId, "client_id");
+ ParameterChecker.checkStringValue(userId, "userId");
+ ParameterChecker.checkStringValue(code, "authorization code");
+ ParameterChecker.checkCollection(scopes, "scopes");
+
Authorization authCode = new Authorization();
authCode.setCode(code);
authCode.setClientId(clientId);
@@ -66,7 +72,9 @@
}
}
- public Authorization updateAuthorization (Authorization authorization) {
+ public Authorization updateAuthorization (Authorization authorization)
+ throws KustvaktException {
+ ParameterChecker.checkObjectValue(authorization, "authorization");
authorization = entityManager.merge(authorization);
return authorization;
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
index a949c92..b258fc0 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
@@ -200,7 +200,8 @@
return authorization;
}
- public void addTotalAttempts (Authorization authorization) {
+ public void addTotalAttempts (Authorization authorization)
+ throws KustvaktException {
int totalAttempts = authorization.getTotalAttempts() + 1;
if (totalAttempts == config.getMaxAuthenticationAttempts()) {
authorization.setRevoked(true);
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
index 59b5e31..eedc744 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
@@ -143,7 +143,7 @@
* @param clientId
* client_id, required
* @param clientSecret
- * clilent_secret, required if client_secret was issued
+ * client_secret, required if client_secret was issued
* for the client in client registration.
* @return an OAuthResponse containing an access token if
* successful
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java
index 3d3c037..b6b1b15 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java
@@ -59,7 +59,6 @@
@Autowired
private VirtualCorpusService service;
- // EM: should system admins be able to create VC for other users?
/** Creates a user virtual corpus, also for system admins
*
* @see VirtualCorpusJson
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index a241afa..0c66a2f 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -72,11 +72,11 @@
// OAuth2 authentication scheme
case BEARER:
- if (request.getPath().equals("oauth2/authorize")) {
- throw new KustvaktException(
- StatusCodes.AUTHENTICATION_FAILED,
- "Bearer is not supported for user authentication at oauth2/authorize");
- }
+// if (request.getPath().equals("oauth2/authorize")) {
+// throw new KustvaktException(
+// StatusCodes.AUTHENTICATION_FAILED,
+// "Bearer is not supported for user authentication at oauth2/authorize");
+// }
context = authenticationManager.getTokenContext(
TokenType.BEARER, authData.getToken(), host,