Removed Apache Oltu API from token requests (#650)

Change-Id: I1f22efc4a27983a38ab601b9a7eba71f87d75872
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
index c809daa..40ef907 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
@@ -511,13 +511,8 @@
                 .setScope(String.join(" ", scopes)).buildJSONMessage();
     }
 
-    public void revokeToken (OAuth2RevokeTokenRequest revokeTokenRequest)
-            throws KustvaktException {
-        String clientId = revokeTokenRequest.getClientId();
-        String clientSecret = revokeTokenRequest.getClientSecret();
-        String token = revokeTokenRequest.getToken();
-        String tokenType = revokeTokenRequest.getTokenType();
-
+    public void revokeToken (String clientId, String clientSecret,
+            String token, String tokenType) throws KustvaktException {
         clientService.authenticateClient(clientId, clientSecret);
         if (tokenType != null && tokenType.equals("refresh_token")) {
             if (!revokeRefreshToken(token)) {
@@ -582,11 +577,8 @@
     }
 
     public void revokeAllClientTokensViaSuperClient (String username,
-            OAuth2RevokeAllTokenSuperRequest revokeTokenRequest)
+            String superClientId, String superClientSecret, String clientId)
             throws KustvaktException {
-        String superClientId = revokeTokenRequest.getSuperClientId();
-        String superClientSecret = revokeTokenRequest.getSuperClientSecret();
-
         OAuth2Client superClient = clientService
                 .authenticateClient(superClientId, superClientSecret);
         if (!superClient.isSuper()) {
@@ -594,7 +586,6 @@
                     StatusCodes.CLIENT_AUTHENTICATION_FAILED);
         }
 
-        String clientId = revokeTokenRequest.getClientId();
         revokeAllClientTokensForUser(clientId, username);
     }
     
@@ -618,21 +609,20 @@
     }
     
     public void revokeTokensViaSuperClient (String username,
-            OAuth2RevokeTokenSuperRequest revokeTokenRequest) throws KustvaktException {
-        String superClientId = revokeTokenRequest.getSuperClientId();
-        String superClientSecret = revokeTokenRequest.getSuperClientSecret();
-
+            String superClientId, String superClientSecret, String token)
+            throws KustvaktException {
         OAuth2Client superClient = clientService
                 .authenticateClient(superClientId, superClientSecret);
         if (!superClient.isSuper()) {
             throw new KustvaktException(
                     StatusCodes.CLIENT_AUTHENTICATION_FAILED);
         }
-        
-        String token = revokeTokenRequest.getToken();
-        RefreshToken refreshToken = refreshDao.retrieveRefreshToken(token, username);
-        if (!revokeRefreshToken(refreshToken)){
-            AccessToken accessToken = tokenDao.retrieveAccessToken(token, username);
+
+        RefreshToken refreshToken =
+                refreshDao.retrieveRefreshToken(token, username);
+        if (!revokeRefreshToken(refreshToken)) {
+            AccessToken accessToken =
+                    tokenDao.retrieveAccessToken(token, username);
             revokeAccessToken(accessToken);
         }
     }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
index 5792be4..0686a89 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
@@ -3,6 +3,7 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.time.ZonedDateTime;
+import java.util.List;
 
 import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
 import org.apache.oltu.oauth2.common.message.OAuthResponse;
@@ -16,19 +17,23 @@
 import com.nimbusds.oauth2.sdk.ParseException;
 import com.nimbusds.oauth2.sdk.Scope;
 import com.nimbusds.oauth2.sdk.TokenRequest;
+import com.nimbusds.oauth2.sdk.TokenRevocationRequest;
 import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
 import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
 import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
 import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
 import com.nimbusds.oauth2.sdk.id.ClientID;
+import com.nimbusds.oauth2.sdk.token.Token;
 
 import de.ids_mannheim.korap.constant.OAuth2Scope;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.oauth2.dto.OAuth2TokenDto;
 import de.ids_mannheim.korap.oauth2.service.OAuth2AuthorizationService;
 import de.ids_mannheim.korap.oauth2.service.OAuth2ScopeService;
 import de.ids_mannheim.korap.oauth2.service.OAuth2TokenService;
 import de.ids_mannheim.korap.security.context.TokenContext;
+import de.ids_mannheim.korap.utils.ParameterChecker;
 import de.ids_mannheim.korap.web.OAuth2ResponseHandler;
 import de.ids_mannheim.korap.web.filter.APIVersionFilter;
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
@@ -347,59 +352,54 @@
      * @return 200 if token invalidation is successful or the given
      *         token is invalid
      */
-//    @POST
-//    @Path("revoke")
-//    @ResourceFilters({APIVersionFilter.class})
-//    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-//    public Response revokeAccessToken (@Context HttpServletRequest request,
-//            MultivaluedMap<String, String> form) {
-//
-//        try {
-//            OAuth2RevokeTokenRequest revokeTokenRequest =
-//                    new OAuth2RevokeTokenRequest(
-//                            new FormRequestWrapper(request, form));
-//            tokenService.revokeToken(revokeTokenRequest);
-//            return Response.ok("SUCCESS").build();
-//        }
-//        catch (OAuthProblemException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//        catch (OAuthSystemException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//        catch (KustvaktException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//    }
-//
-//    @POST
-//    @Path("revoke/super")
-//    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-//    public Response revokeTokenViaSuperClient (@Context SecurityContext context,
-//            @Context HttpServletRequest request,
-//            MultivaluedMap<String, String> form) {
-//
-//        TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
-//        String username = tokenContext.getUsername();
-//
-//        try {
-//            OAuth2RevokeTokenSuperRequest revokeTokenRequest =
-//                    new OAuth2RevokeTokenSuperRequest(
-//                            new FormRequestWrapper(request, form));
-//            tokenService.revokeTokensViaSuperClient(username,
-//                    revokeTokenRequest);
-//            return Response.ok("SUCCESS").build();
-//        }
-//        catch (OAuthSystemException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//        catch (OAuthProblemException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//        catch (KustvaktException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//    }
+    @POST
+    @Path("revoke")
+    @ResourceFilters({APIVersionFilter.class})
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    public Response revokeAccessToken (@Context HttpServletRequest request,
+            @FormParam("client_id") String clientId,
+            @FormParam("client_secret") String clientSecret,
+            @FormParam("token") String token,
+            @FormParam("token_type") String tokenType) {
+
+        try {
+            ParameterChecker.checkStringValue("client_id", clientId);
+            ParameterChecker.checkStringValue("token", token);
+            tokenService.revokeToken(clientId,clientSecret,token,tokenType);
+            
+            return Response.ok("SUCCESS").build();
+        }
+        catch (KustvaktException e) {
+            throw responseHandler.throwit(e);
+        }
+    }
+
+    @POST
+    @Path("revoke/super")
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    public Response revokeTokenViaSuperClient (@Context SecurityContext context,
+            @Context HttpServletRequest request,
+            @FormParam("super_client_id") String superClientId,
+            @FormParam("super_client_secret") String superClientSecret,
+            @FormParam("token") String token) {
+
+        try {
+            ParameterChecker.checkStringValue("super_client_id", superClientId);
+            ParameterChecker.checkStringValue("super_client_secret",
+                    superClientSecret);
+            ParameterChecker.checkStringValue("token", token);
+            
+            TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
+            String username = tokenContext.getUsername();
+            
+            tokenService.revokeTokensViaSuperClient(username, superClientId,
+                    superClientSecret, token);
+            return Response.ok("SUCCESS").build();
+        }
+        catch (KustvaktException e) {
+            throw responseHandler.throwit(e);
+        }
+    }
 
     /**
      * Revokes all tokens of a client for the authenticated user from
@@ -415,67 +415,64 @@
      * @return 200 if token invalidation is successful or the given
      *         token is invalid
      */
-//    @POST
-//    @Path("revoke/super/all")
-//    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-//    public Response revokeAllClientTokensViaSuperClient (
-//            @Context SecurityContext context,
-//            @Context HttpServletRequest request,
-//            MultivaluedMap<String, String> form) {
-//
-//        TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
-//        String username = tokenContext.getUsername();
-//
-//        try {
-//            OAuth2RevokeAllTokenSuperRequest revokeTokenRequest =
-//                    new OAuth2RevokeAllTokenSuperRequest(
-//                            new FormRequestWrapper(request, form));
-//            tokenService.revokeAllClientTokensViaSuperClient(username,
-//                    revokeTokenRequest);
-//            return Response.ok("SUCCESS").build();
-//        }
-//        catch (OAuthSystemException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//        catch (OAuthProblemException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//        catch (KustvaktException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//    }
-//
-//    @POST
-//    @Path("token/list")
-//    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-//    public List<OAuth2TokenDto> listUserToken (
-//            @Context SecurityContext context,
-//            @FormParam("super_client_id") String superClientId,
-//            @FormParam("super_client_secret") String superClientSecret,
-//            @FormParam("client_id") String clientId, // optional
-//            @FormParam("token_type") String tokenType) {
-//
-//        TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
-//        String username = tokenContext.getUsername();
-//
-//        try {
-//            if (tokenType.equals("access_token")) {
-//                return tokenService.listUserAccessToken(username, superClientId,
-//                        superClientSecret, clientId);
-//            }
-//            else if (tokenType.equals("refresh_token")) {
-//                return tokenService.listUserRefreshToken(username,
-//                        superClientId, superClientSecret, clientId);
-//            }
-//            else {
-//                throw new KustvaktException(StatusCodes.MISSING_PARAMETER,
-//                        "Missing token_type parameter value",
-//                        OAuth2Error.INVALID_REQUEST);
-//            }
-//        }
-//        catch (KustvaktException e) {
-//            throw responseHandler.throwit(e);
-//        }
-//
-//    }
+    @POST
+    @Path("revoke/super/all")
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    public Response revokeAllClientTokensViaSuperClient (
+            @Context SecurityContext context,
+            @Context HttpServletRequest request,
+            @FormParam("client_id") String clientId,
+            @FormParam("super_client_id") String superClientId,
+            @FormParam("super_client_secret") String superClientSecret) {
+
+        TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
+        String username = tokenContext.getUsername();
+
+        try {
+            ParameterChecker.checkStringValue("super_client_id", superClientId);
+            ParameterChecker.checkStringValue("super_client_secret",
+                    superClientSecret);
+           
+            tokenService.revokeAllClientTokensViaSuperClient(username,
+                    superClientId, superClientSecret, clientId);
+            return Response.ok("SUCCESS").build();
+        }
+        catch (KustvaktException e) {
+            throw responseHandler.throwit(e);
+        }
+    }
+
+    @POST
+    @Path("token/list")
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    public List<OAuth2TokenDto> listUserToken (
+            @Context SecurityContext context,
+            @FormParam("super_client_id") String superClientId,
+            @FormParam("super_client_secret") String superClientSecret,
+            @FormParam("client_id") String clientId, // optional
+            @FormParam("token_type") String tokenType) {
+
+        TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
+        String username = tokenContext.getUsername();
+
+        try {
+            if (tokenType.equals("access_token")) {
+                return tokenService.listUserAccessToken(username, superClientId,
+                        superClientSecret, clientId);
+            }
+            else if (tokenType.equals("refresh_token")) {
+                return tokenService.listUserRefreshToken(username,
+                        superClientId, superClientSecret, clientId);
+            }
+            else {
+                throw new KustvaktException(StatusCodes.MISSING_PARAMETER,
+                        "Missing token_type parameter value",
+                        OAuth2Error.INVALID_REQUEST);
+            }
+        }
+        catch (KustvaktException e) {
+            throw responseHandler.throwit(e);
+        }
+
+    }
 }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
index a529090..c704122 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
@@ -422,7 +422,6 @@
         form.param("client_secret", "secret");
         Response response = requestToken(form);
         String entity = response.readEntity(String.class);
-        System.out.println(entity);
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
 
         JsonNode node = JsonUtils.readTree(entity);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2RClientTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2RClientTest.java
index 55cd834..c034ccb 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2RClientTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2RClientTest.java
@@ -94,7 +94,6 @@
                 .fromUri(redirectUri).build().getQueryParams();
         String code = params.getFirst("code");
         assertNotNull(code);
-        assertEquals("search", params.getFirst("scope"));
         return code;
     }