Implemented OAuth2 client registration.

Change-Id: I0c51bb1ee031e2a6ff9d0181de7dcb1da53d1d07
diff --git a/full/src/main/java/de/ids_mannheim/korap/constant/ClientType.java b/full/src/main/java/de/ids_mannheim/korap/constant/ClientType.java
new file mode 100644
index 0000000..eb78b40
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/constant/ClientType.java
@@ -0,0 +1,19 @@
+package de.ids_mannheim.korap.constant;
+
+public enum ClientType {
+
+    // EM: from RFC 6749
+        
+//    Clients capable of maintaining the confidentiality of their
+//    credentials (e.g., client implemented on a secure server with
+//    restricted access to the client credentials), or capable of secure
+//    client authentication using other means.
+    CONFIDENTIAL, 
+    
+//    Clients incapable of maintaining the confidentiality of their
+//    credentials (e.g., clients executing on the device used by the
+//    resource owner, such as an installed native application or a web
+//    browser-based application), and incapable of secure client
+//    authentication via any other means.
+    PUBLIC;
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java
new file mode 100644
index 0000000..09d801a
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java
@@ -0,0 +1,43 @@
+package de.ids_mannheim.korap.dao;
+
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.criteria.CriteriaBuilder;
+
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+import de.ids_mannheim.korap.constant.ClientType;
+import de.ids_mannheim.korap.entity.OAuth2Client;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.utils.ParameterChecker;
+
+@Transactional
+@Repository
+public class OAuth2ClientDao {
+
+    @PersistenceContext
+    private EntityManager entityManager;
+
+    public void registerClient (String id, String secret, String name,
+            ClientType type, String url, String redirectURI)
+            throws KustvaktException {
+        ParameterChecker.checkStringValue(id, "client id");
+        ParameterChecker.checkStringValue(name, "client name");
+        ParameterChecker.checkObjectValue(type, "client type");
+        ParameterChecker.checkStringValue(url, "client url");
+        ParameterChecker.checkStringValue(redirectURI, "client redirect uri");
+
+        OAuth2Client client = new OAuth2Client();
+        client.setId(id);
+        client.setName(name);
+        client.setSecret(secret);
+        client.setType(type);
+        client.setUrl(url);
+        client.setRedirectURI(redirectURI);
+
+        entityManager.persist(client);
+    }
+
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/UserGroupDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/UserGroupDao.java
index 1d48b02..74d5b1a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dao/UserGroupDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/UserGroupDao.java
@@ -1,6 +1,5 @@
 package de.ids_mannheim.korap.dao;
 
-import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
diff --git a/full/src/main/java/de/ids_mannheim/korap/entity/OAuth2Client.java b/full/src/main/java/de/ids_mannheim/korap/entity/OAuth2Client.java
new file mode 100644
index 0000000..c299a22
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/entity/OAuth2Client.java
@@ -0,0 +1,39 @@
+package de.ids_mannheim.korap.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import de.ids_mannheim.korap.constant.ClientType;
+import lombok.Getter;
+import lombok.Setter;
+
+/**
+ * @author margaretha
+ *
+ */
+@Getter
+@Setter
+@Entity
+@Table(name = "oauth2_client")
+public class OAuth2Client {
+
+    @Id
+    private String id;
+    private String secret;
+    @Enumerated(EnumType.STRING)
+    private ClientType type;
+    @Column(name = "redirect_uri")
+    private String redirectURI;
+    private String url;
+    private String name;
+
+    @Override
+    public String toString () {
+        return "id=" + id + ", secret=" + secret + ", type=" + type + ", name="
+                + name + ", url=" + url + ", redirectURI=" + redirectURI;
+    }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java
new file mode 100644
index 0000000..dbfdc2e
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java
@@ -0,0 +1,48 @@
+package de.ids_mannheim.korap.service;
+
+import org.apache.commons.validator.routines.UrlValidator;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import de.ids_mannheim.korap.constant.ClientType;
+import de.ids_mannheim.korap.dao.OAuth2ClientDao;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.interfaces.EncryptionIface;
+import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
+
+@Service
+public class OAuth2ClientService {
+
+    @Autowired
+    private OAuth2ClientDao clientDao;
+    @Autowired
+    private UrlValidator urlValidator;
+    @Autowired
+    private EncryptionIface encryption;
+
+
+    public void registerClient (OAuth2ClientJson clientJson)
+            throws KustvaktException {
+        if (!urlValidator.isValid(clientJson.getUrl())) {
+            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
+                    clientJson.getUrl() + " is invalid.", clientJson.getUrl());
+        }
+        if (!urlValidator.isValid(clientJson.getRedirectURI())) {
+            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
+                    clientJson.getRedirectURI() + " is invalid.",
+                    clientJson.getRedirectURI());
+        }
+
+        String secret = null;
+        if (clientJson.getType().equals(ClientType.CONFIDENTIAL)) {
+            secret = encryption.createToken();
+        }
+
+        String id = encryption.createRandomNumber();
+        
+        clientDao.registerClient(id, secret, clientJson.getName(),
+                clientJson.getType(), clientJson.getUrl(),
+                clientJson.getRedirectURI());
+    }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
new file mode 100644
index 0000000..b0b88e4
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
@@ -0,0 +1,59 @@
+package de.ids_mannheim.korap.web.controller;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+
+import com.sun.jersey.spi.container.ResourceFilters;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.service.OAuth2ClientService;
+import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
+import de.ids_mannheim.korap.web.filter.BlockingFilter;
+import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
+
+
+@Controller
+@Path("/client")
+//@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
+//@ResourceFilters({ AuthenticationFilter.class, BlockingFilter.class })
+public class OAuthClientController {
+
+    @Autowired
+    private OAuth2ClientService clientService;
+    @Autowired
+    private FullResponseHandler responseHandler;
+
+    /** EM: who can register a client?
+     * 
+     * The authorization server SHOULD document the size of any identifier 
+     * it issues.
+     * 
+     * @param context
+     * @param clientJson
+     * @return
+     */
+    @POST
+    @Path("register")
+    @Consumes(MediaType.APPLICATION_JSON)
+    public Response registerClient (@Context SecurityContext context,
+            OAuth2ClientJson clientJson) {
+        try {
+            clientService.registerClient(clientJson);
+        }
+        catch (KustvaktException e) {
+            responseHandler.throwit(e);
+        }
+        return Response.ok().build();
+    }
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
index b43893b..fdc2046 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
@@ -54,7 +54,6 @@
 import de.ids_mannheim.korap.handlers.OAuth2Handler;
 import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
 import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.server.KustvaktServer;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.user.UserDetails;
@@ -74,7 +73,7 @@
  */
 //todo: only allow oauth2 access_token requests GET methods?
 //todo: allow refresh tokens
-@Path(KustvaktServer.API_VERSION + "/oauth2")
+@Path("/oauth2")
 public class OAuthController {
 
     @Autowired
@@ -83,17 +82,18 @@
     private OAuth2Handler handler;
     @Autowired
     private AuthenticationManagerIface controller;
-    private EncryptionIface crypto;
+    
+//    private EncryptionIface crypto;
+    @Autowired
     private KustvaktConfiguration config;
 
 
     public OAuthController () {
-        this.handler = new OAuth2Handler(BeansFactory.getKustvaktContext()
-                .getPersistenceClient());
+//        this.handler = new OAuth2Handler(BeansFactory.getKustvaktContext()
+//                .getPersistenceClient());
 //        this.controller = BeansFactory.getKustvaktContext()
 //                .getAuthenticationManager();
-        this.crypto = BeansFactory.getKustvaktContext().getEncryption();
-        this.config = BeansFactory.getKustvaktContext().getConfiguration();
+//        this.crypto = BeansFactory.getKustvaktContext().getEncryption();
     }
 
 
@@ -118,31 +118,31 @@
     }
 
 
-    @POST
-    @Path("register")
-    @ResourceFilters({ AuthenticationFilter.class, BlockingFilter.class })
-    public Response registerClient (@Context SecurityContext context,
-            @HeaderParam("Host") String host,
-            @QueryParam("redirect_url") String rurl) {
-        ClientInfo info = new ClientInfo(crypto.createRandomNumber(),
-                crypto.createToken());
-        info.setUrl(host);
-        if (rurl == null)
-            throw kustvaktResponseHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
-                    "Missing parameter!", "redirect_url");
-        info.setRedirect_uri(rurl);
-        TokenContext ctx = (TokenContext) context.getUserPrincipal();
-        String json = "";
-        try {
-            User user = this.controller.getUser(ctx.getUsername());
-            this.handler.getPersistenceHandler().registerClient(info, user);
-            json = info.toJSON();
-        }
-        catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
-        }
-        return Response.ok(json).build();
-    }
+//    @POST
+//    @Path("register")
+//    @ResourceFilters({ AuthenticationFilter.class, BlockingFilter.class })
+//    public Response registerClient (@Context SecurityContext context,
+//            @HeaderParam("Host") String host,
+//            @QueryParam("redirect_url") String rurl) {
+//        ClientInfo info = new ClientInfo(crypto.createRandomNumber(),
+//                crypto.createToken());
+//        info.setUrl(host);
+//        if (rurl == null)
+//            throw kustvaktResponseHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
+//                    "Missing parameter!", "redirect_url");
+//        info.setRedirect_uri(rurl);
+//        TokenContext ctx = (TokenContext) context.getUserPrincipal();
+//        String json = "";
+//        try {
+//            User user = this.controller.getUser(ctx.getUsername());
+//            this.handler.getPersistenceHandler().registerClient(info, user);
+//            json = info.toJSON();
+//        }
+//        catch (KustvaktException e) {
+//            throw kustvaktResponseHandler.throwit(e);
+//        }
+//        return Response.ok(json).build();
+//    }
 
 
     @GET
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
index ecc00bb..e96ec0a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
@@ -215,6 +215,8 @@
     }
 
     /** Invites group members to join a user-group specified in the JSON object.
+     * Only user-group admins and system admins are allowed. 
+     * 
      * @param securityContext
      * @param group UserGroupJson containing groupId and usernames to be invited
      * as members 
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/input/OAuth2ClientJson.java b/full/src/main/java/de/ids_mannheim/korap/web/input/OAuth2ClientJson.java
new file mode 100644
index 0000000..28a2a6a
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/web/input/OAuth2ClientJson.java
@@ -0,0 +1,16 @@
+package de.ids_mannheim.korap.web.input;
+
+import de.ids_mannheim.korap.constant.ClientType;
+import lombok.Getter;
+import lombok.Setter;
+
+@Setter
+@Getter
+public class OAuth2ClientJson {
+    
+    // all required for registration
+    private String name;
+    private ClientType type;
+    private String url;
+    private String redirectURI;
+}
diff --git a/full/src/main/resources/db/new-mysql/V1.1__create_virtual_corpus_tables.sql b/full/src/main/resources/db/new-mysql/V1.1__create_virtual_corpus_tables.sql
index 1fe0f26..3b8022b 100644
--- a/full/src/main/resources/db/new-mysql/V1.1__create_virtual_corpus_tables.sql
+++ b/full/src/main/resources/db/new-mysql/V1.1__create_virtual_corpus_tables.sql
@@ -61,7 +61,7 @@
   created_by varchar(100) NOT NULL,
   description varchar(255) DEFAULT NULL,
   status varchar(100) DEFAULT NULL,
-  corpus_query varchar(2000) NOT NULL,
+  corpus_query TEXT NOT NULL,
   definition varchar(255) DEFAULT NULL,
   INDEX owner_index (created_by),
   INDEX type_index (type)
diff --git a/full/src/main/resources/db/new-mysql/V1.4__oauth2_tables.sql b/full/src/main/resources/db/new-mysql/V1.4__oauth2_tables.sql
new file mode 100644
index 0000000..e36b0f9
--- /dev/null
+++ b/full/src/main/resources/db/new-mysql/V1.4__oauth2_tables.sql
@@ -0,0 +1,50 @@
+-- EM: modified from Michael Hanl version
+
+-- oauth2 db tables
+create table if not exists oauth2_client (
+	id VARCHAR(100) UNIQUE PRIMARY KEY,
+	secret VARCHAR(200),
+	type VARCHAR(200) NOT NULL,
+	redirect_uri TEXT NOT NULL,
+--is_confidential BOOLEAN DEFAULT FALSE,
+	url TEXT UNIQUE NOT NULL,
+	name VARCHAR(200) NOT NULL
+);
+
+
+-- status 1 = valid, 0 = revoked, -1 = disabled
+create table if not exists oauth2_access_token (
+id INTEGER PRIMARY KEY AUTO_INCREMENT,
+access_token VARCHAR(300),
+auth_code VARCHAR(250),
+client_id VARCHAR(100),
+user_id INTEGER,
+-- make boolean --
+status INTEGER DEFAULT 1,
+-- in case of code authorization, should match auth code scopes!
+-- use scopes for levelaccess descriptor level[rw],level[r]
+scopes VARCHAR(350),
+expiration TIMESTAMP,
+FOREIGN KEY (user_id)
+REFERENCES korap_users(id)
+ON DELETE CASCADE,
+FOREIGN KEY (client_id)
+REFERENCES oauth2_client(client_id)
+ON DELETE CASCADE
+);
+
+
+-- also scopes?
+create table if not exists oauth2_refresh_token (
+id INTEGER PRIMARY KEY AUTO_INCREMENT,
+client_id VARCHAR(100),
+user_id INTEGER,
+expiration TIMESTAMP,
+scopes VARCHAR(350),
+FOREIGN KEY (user_id)
+REFERENCES korap_users(id)
+ON DELETE CASCADE,
+FOREIGN KEY (client_id)
+REFERENCES oauth2_client(client_id)
+ON DELETE CASCADE
+);
\ No newline at end of file
diff --git a/full/src/main/resources/db/new-sqlite/V1.1__create_virtual_corpus_tables.sql b/full/src/main/resources/db/new-sqlite/V1.1__create_virtual_corpus_tables.sql
index d1bbcb7..d2702f7 100644
--- a/full/src/main/resources/db/new-sqlite/V1.1__create_virtual_corpus_tables.sql
+++ b/full/src/main/resources/db/new-sqlite/V1.1__create_virtual_corpus_tables.sql
@@ -71,7 +71,7 @@
   created_by varchar(100) NOT NULL,
   description varchar(255) DEFAULT NULL,
   status varchar(100) DEFAULT NULL,
-  corpus_query varchar(2000) NOT NULL,
+  corpus_query TEXT NOT NULL,
   definition varchar(255) DEFAULT NULL
 );
 
diff --git a/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql b/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql
new file mode 100644
index 0000000..ecf7a24
--- /dev/null
+++ b/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql
@@ -0,0 +1,11 @@
+-- EM: modified from Michael Hanl version
+
+-- oauth2 db tables
+create table IF NOT EXISTS oauth2_client (
+	id VARCHAR(100) NOT NULL,
+	secret VARCHAR(200) NOT NULL,
+	type VARCHAR(200) NOT NULL,
+	redirect_uri TEXT NOT NULL,
+	url TEXT UNIQUE NOT NULL,
+	name VARCHAR(200) NOT NULL
+);
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index e901b2a..2844538 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -169,7 +169,12 @@
 		<constructor-arg value="${krill.indexDir}"/>
 	</bean>
 
-
+	<!-- URLValidator -->
+	<bean id="urlValidator" class="org.apache.commons.validator.routines.UrlValidator">
+		<constructor-arg value="http,https"/>
+	</bean>
+	
+	
 	<bean id="kustvakt_rewrite" class="de.ids_mannheim.korap.rewrite.FullRewriteHandler">
 		<constructor-arg ref="kustvakt_config" />
 	</bean>