Blame - full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java - KorAP/Kustvakt

2018-04-25 22:48:09 +0200

[diff] [blame]

1

package de.ids_mannheim.korap.oauth2.service;

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

2

margaretha

2018-04-17 18:45:57 +0200

[diff] [blame]

3

import java.net.MalformedURLException;

4

import java.net.URI;

5

import java.net.URISyntaxException;

6

import java.net.URL;

margaretha

2018-04-10 12:39:56 +0200

[diff] [blame]

7

import java.sql.SQLException;

margaretha

2018-11-29 17:28:18 +0100

[diff] [blame]

8

import java.util.ArrayList;

9

import java.util.Collections;

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

10

import java.util.List;

margaretha

2018-04-10 12:39:56 +0200

[diff] [blame]

11

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

12

import org.apache.commons.validator.routines.UrlValidator;

13

import org.springframework.beans.factory.annotation.Autowired;

14

import org.springframework.stereotype.Service;

15

margaretha

2018-04-10 19:26:44 +0200

[diff] [blame]

16

import de.ids_mannheim.korap.config.FullConfiguration;

margaretha

2018-04-10 12:39:56 +0200

[diff] [blame]

17

import de.ids_mannheim.korap.dao.AdminDao;

margaretha

2018-07-26 13:50:17 +0200

[diff] [blame]

18

import de.ids_mannheim.korap.encryption.RandomCodeGenerator;

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

19

import de.ids_mannheim.korap.exceptions.KustvaktException;

20

import de.ids_mannheim.korap.exceptions.StatusCodes;

21

import de.ids_mannheim.korap.interfaces.EncryptionIface;

margaretha

2018-04-25 22:48:09 +0200

[diff] [blame]

22

import de.ids_mannheim.korap.oauth2.constant.OAuth2ClientType;

23

import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

24

import de.ids_mannheim.korap.oauth2.dao.AccessTokenDao;

margaretha

3495447

2018-10-24 20:05:17 +0200

[diff] [blame]

25

import de.ids_mannheim.korap.oauth2.dao.AuthorizationDao;

margaretha

2018-04-25 22:48:09 +0200

[diff] [blame]

26

import de.ids_mannheim.korap.oauth2.dao.OAuth2ClientDao;

margaretha

2018-08-23 18:51:49 +0200

[diff] [blame]

27

import de.ids_mannheim.korap.oauth2.dao.RefreshTokenDao;

margaretha

2018-08-15 19:04:03 +0200

[diff] [blame]

28

import de.ids_mannheim.korap.oauth2.dto.OAuth2ClientDto;

29

import de.ids_mannheim.korap.oauth2.dto.OAuth2ClientInfoDto;

margaretha

2018-11-29 17:28:18 +0100

[diff] [blame]

30

import de.ids_mannheim.korap.oauth2.dto.OAuth2UserClientDto;

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

31

import de.ids_mannheim.korap.oauth2.entity.AccessToken;

32

import de.ids_mannheim.korap.oauth2.entity.Authorization;

margaretha

2018-04-25 22:48:09 +0200

[diff] [blame]

33

import de.ids_mannheim.korap.oauth2.entity.OAuth2Client;

margaretha

2018-08-23 18:51:49 +0200

[diff] [blame]

34

import de.ids_mannheim.korap.oauth2.entity.RefreshToken;

margaretha

21d3296

2019-11-14 17:08:15 +0100

[diff] [blame]

35

import de.ids_mannheim.korap.utils.ParameterChecker;

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

36

import de.ids_mannheim.korap.web.input.OAuth2ClientJson;

37

margaretha

2018-04-25 22:48:09 +0200

[diff] [blame]

38

/**

margaretha

398f472

2019-01-09 19:07:20 +0100

[diff] [blame]

39

* Defines business logic related to OAuth2 client including

40

* client registration and client authentication.

41

*

margaretha

2018-04-25 22:48:09 +0200

[diff] [blame]

42

* According to RFC 6749, an authorization server MUST:

margaretha

2018-04-12 19:59:31 +0200

[diff] [blame]

43

* <ul>

44

* <li>

45

* require client authentication for confidential clients or for any

margaretha

2018-04-25 22:48:09 +0200

[diff] [blame]

46

* client that was issued client credentials (or with other

47

* authentication

margaretha

2018-04-12 19:59:31 +0200

[diff] [blame]

* requirements),

* </li>

*

* <li>authenticate the client if client authentication is included

* </li>

* </ul>

*

* @author margaretha

*

*/

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

58

@Service

59

public class OAuth2ClientService {

60

61

@Autowired

62

private OAuth2ClientDao clientDao;

63

@Autowired

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

64

private AccessTokenDao tokenDao;

65

@Autowired

margaretha

2018-08-23 18:51:49 +0200

[diff] [blame]

66

private RefreshTokenDao refreshDao;

67

@Autowired

margaretha

3495447

2018-10-24 20:05:17 +0200

[diff] [blame]

68

private AuthorizationDao authorizationDao;

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

69

@Autowired

margaretha

2018-04-10 12:39:56 +0200

[diff] [blame]

70

private AdminDao adminDao;

71

@Autowired

margaretha

e4034a8

2018-07-02 14:46:59 +0200

[diff] [blame]

72

private UrlValidator redirectURIValidator;

margaretha

2018-04-12 19:59:31 +0200

[diff] [blame]

73

@Autowired

margaretha

2018-07-02 19:01:43 +0200

[diff] [blame]

74

private UrlValidator urlValidator;

75

@Autowired

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

76

private EncryptionIface encryption;

margaretha

2018-04-05 14:11:52 +0200

[diff] [blame]

77

@Autowired

margaretha

2018-07-26 13:50:17 +0200

[diff] [blame]

78

private RandomCodeGenerator codeGenerator;

79

@Autowired

margaretha

2018-04-10 19:26:44 +0200

[diff] [blame]

80

private FullConfiguration config;

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

81

margaretha

2018-04-05 14:11:52 +0200

[diff] [blame]

82

public OAuth2ClientDto registerClient (OAuth2ClientJson clientJson,

83

String registeredBy) throws KustvaktException {

margaretha

21d3296

2019-11-14 17:08:15 +0100

[diff] [blame]

84

85

ParameterChecker.checkNameValue(clientJson.getName(), "clientName");

86

margaretha

2018-07-02 19:01:43 +0200

[diff] [blame]

87

String url = clientJson.getUrl();

margaretha

2018-07-02 19:01:43 +0200

[diff] [blame]

88

if (url != null && !url.isEmpty()) {

margaretha

85273f1

2019-02-04 18:13:17 +0100

[diff] [blame]

89

if (!urlValidator.isValid(url)) {

margaretha

2018-07-02 19:01:43 +0200

[diff] [blame]

90

throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,

91

url + " is invalid.", OAuth2Error.INVALID_REQUEST);

92

}

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

93

}

margaretha

2018-07-02 19:01:43 +0200

[diff] [blame]

94

95

String redirectURI = clientJson.getRedirectURI();

96

if (redirectURI != null && !redirectURI.isEmpty()

margaretha

85273f1

2019-02-04 18:13:17 +0100

[diff] [blame]

97

&& !redirectURIValidator.isValid(redirectURI)) {

margaretha

2018-07-02 19:01:43 +0200

[diff] [blame]

98

throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,

99

redirectURI + " is invalid.", OAuth2Error.INVALID_REQUEST);

100

}

101

margaretha

2018-08-15 19:04:03 +0200

[diff] [blame]

102

// boolean isNative = isNativeClient(url, redirectURI);

margaretha

2018-04-17 18:45:57 +0200

[diff] [blame]

103

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

104

String secret = null;

margaretha

2018-04-10 19:26:44 +0200

[diff] [blame]

105

String secretHashcode = null;

margaretha

2018-04-05 14:11:52 +0200

[diff] [blame]

106

if (clientJson.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {

margaretha

fb1e099

2018-04-10 14:58:28 +0200

[diff] [blame]

107

// RFC 6749:

margaretha

07402f4

2018-05-07 19:07:45 +0200

[diff] [blame]

108

// The authorization server MUST NOT issue client

109

// passwords or other client credentials to native

110

// application (clients installed and executed on the

111

// device used by the resource owner e.g. desktop

112

// application, native mobile application) or

113

// user-agent-based application clients for client

114

// authentication. The authorization server MAY issue a

115

// client password or other credentials for a specific

116

// installation of a native application client on a

margaretha

fb1e099

2018-04-10 14:58:28 +0200

[diff] [blame]

117

// specific device.

118

margaretha

2018-07-26 13:50:17 +0200

[diff] [blame]

119

secret = codeGenerator.createRandomCode();

margaretha

2618beb

2020-01-24 14:12:28 +0100

[diff] [blame]

120

secretHashcode = encryption.secureHash(secret);

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

121

}

122

margaretha

2018-07-26 13:50:17 +0200

[diff] [blame]

123

String id = codeGenerator.createRandomCode();

margaretha

2018-04-10 12:39:56 +0200

[diff] [blame]

124

try {

margaretha

2018-04-10 19:26:44 +0200

[diff] [blame]

125

clientDao.registerClient(id, secretHashcode, clientJson.getName(),

Akron

dc6d73d

2020-04-15 16:40:04 +0200

[diff] [blame]

126

clientJson.getType(), url, redirectURI, registeredBy,

127

clientJson.getDescription());

margaretha

2018-04-10 12:39:56 +0200

[diff] [blame]

128

}

129

catch (Exception e) {

130

Throwable cause = e;

131

Throwable lastCause = null;

132

while ((cause = cause.getCause()) != null

133

&& !cause.equals(lastCause)) {

134

if (cause instanceof SQLException) {

margaretha

b1081b1

2018-07-03 23:35:01 +0200

[diff] [blame]

135

break;

margaretha

2018-04-10 12:39:56 +0200

[diff] [blame]

136

}

137

lastCause = cause;

138

}

margaretha

b1081b1

2018-07-03 23:35:01 +0200

[diff] [blame]

139

throw new KustvaktException(StatusCodes.CLIENT_REGISTRATION_FAILED,

140

cause.getMessage(), OAuth2Error.INVALID_REQUEST);

margaretha

2018-04-10 12:39:56 +0200

[diff] [blame]

141

}

margaretha

2018-04-05 14:11:52 +0200

[diff] [blame]

142

143

return new OAuth2ClientDto(id, secret);

144

}

145

margaretha

2018-08-15 19:04:03 +0200

[diff] [blame]

146

@Deprecated

margaretha

2018-04-17 18:45:57 +0200

[diff] [blame]

147

private boolean isNativeClient (String url, String redirectURI)

148

throws KustvaktException {

margaretha

2018-07-02 19:01:43 +0200

[diff] [blame]

149

if (url == null || url.isEmpty() || redirectURI == null

150

|| redirectURI.isEmpty()) {

return false;

}

margaretha

2018-04-17 18:45:57 +0200

[diff] [blame]

154

String nativeHost = config.getNativeClientHost();

155

String urlHost = null;

156

try {

157

urlHost = new URL(url).getHost();

158

}

159

catch (MalformedURLException e) {

160

throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,

161

"Invalid url :" + e.getMessage(),

margaretha

2018-04-25 22:48:09 +0200

[diff] [blame]

162

OAuth2Error.INVALID_REQUEST);

margaretha

2018-04-17 18:45:57 +0200

[diff] [blame]

163

}

margaretha

2018-07-02 19:01:43 +0200

[diff] [blame]

164

165

if (!urlHost.equals(nativeHost)) {

return false;

}

margaretha

2018-04-17 18:45:57 +0200

[diff] [blame]

169

String uriHost = null;

170

try {

171

uriHost = new URI(redirectURI).getHost();

172

}

173

catch (URISyntaxException e) {

174

throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,

margaretha

2018-04-23 20:00:13 +0200

[diff] [blame]

175

"Invalid redirectURI: " + e.getMessage(),

margaretha

2018-04-25 22:48:09 +0200

[diff] [blame]

176

OAuth2Error.INVALID_REQUEST);

margaretha

2018-04-17 18:45:57 +0200

[diff] [blame]

177

}

margaretha

2018-07-02 19:01:43 +0200

[diff] [blame]

178

if (!uriHost.equals(nativeHost)) {

return false;

}

return true;

margaretha

2018-04-17 18:45:57 +0200

[diff] [blame]

183

}

184

margaretha

2020-02-05 16:31:14 +0100

[diff] [blame]

185

public void deregisterClient (String clientId, String username)

186

throws KustvaktException {

margaretha

2018-04-05 14:11:52 +0200

[diff] [blame]

187

margaretha

2018-04-23 20:00:13 +0200

[diff] [blame]

188

OAuth2Client client = clientDao.retrieveClientById(clientId);

margaretha

2020-02-05 16:31:14 +0100

[diff] [blame]

189

margaretha

2018-07-03 14:22:59 +0200

[diff] [blame]

190

if (adminDao.isAdmin(username)

191

|| client.getRegisteredBy().equals(username)) {

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

192

margaretha

2018-08-16 16:19:53 +0200

[diff] [blame]

193

revokeAllAuthorizationsByClientId(clientId);

margaretha

85273f1

2019-02-04 18:13:17 +0100

[diff] [blame]

194

clientDao.deregisterClient(client);

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

195

}

196

else {

197

throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,

198

"Unauthorized operation for user: " + username, username);

}

}

margaretha

2018-08-16 16:19:53 +0200

[diff] [blame]

202

private void revokeAllAuthorizationsByClientId (String clientId)

203

throws KustvaktException {

204

205

// revoke all related authorization codes

206

List<Authorization> authList =

207

authorizationDao.retrieveAuthorizationsByClientId(clientId);

208

for (Authorization authorization : authList) {

209

authorization.setRevoked(true);

210

authorizationDao.updateAuthorization(authorization);

211

}

212

213

// revoke all related access tokens

214

List<AccessToken> tokens =

margaretha

2020-02-05 10:49:21 +0100

[diff] [blame]

215

tokenDao.retrieveAccessTokenByClientId(clientId,null);

margaretha

2018-08-16 16:19:53 +0200

[diff] [blame]

216

for (AccessToken token : tokens) {

217

token.setRevoked(true);

margaretha

2018-08-16 16:19:53 +0200

[diff] [blame]

218

tokenDao.updateAccessToken(token);

219

}

margaretha

2018-08-23 18:51:49 +0200

[diff] [blame]

220

221

List<RefreshToken> refreshTokens =

margaretha

2020-02-05 10:49:21 +0100

[diff] [blame]

222

refreshDao.retrieveRefreshTokenByClientId(clientId,null);

margaretha

2018-08-23 18:51:49 +0200

[diff] [blame]

223

for (RefreshToken token : refreshTokens) {

224

token.setRevoked(true);

225

refreshDao.updateRefreshToken(token);

226

}

margaretha

2018-08-16 16:19:53 +0200

[diff] [blame]

227

}

228

margaretha

2020-02-05 16:31:14 +0100

[diff] [blame]

229

public OAuth2ClientDto resetSecret (String clientId, String username)

230

throws KustvaktException {

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

231

margaretha

2020-02-05 16:31:14 +0100

[diff] [blame]

232

OAuth2Client client = clientDao.retrieveClientById(clientId);

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

233

if (!client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {

margaretha

2018-08-15 19:04:03 +0200

[diff] [blame]

234

throw new KustvaktException(StatusCodes.NOT_ALLOWED,

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

235

"Operation is not allowed for public clients",

236

OAuth2Error.INVALID_REQUEST);

237

}

238

if (adminDao.isAdmin(username)

239

|| client.getRegisteredBy().equals(username)) {

240

241

String secret = codeGenerator.createRandomCode();

margaretha

2618beb

2020-01-24 14:12:28 +0100

[diff] [blame]

242

String secretHashcode = encryption.secureHash(secret);

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

243

244

client.setSecret(secretHashcode);

245

clientDao.updateClient(client);

246

return new OAuth2ClientDto(clientId, secret);

margaretha

2018-04-10 12:39:56 +0200

[diff] [blame]

247

}

248

else {

249

throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,

250

"Unauthorized operation for user: " + username, username);

251

}

margaretha

2018-04-05 14:11:52 +0200

[diff] [blame]

252

}

253

margaretha

2018-04-23 20:00:13 +0200

[diff] [blame]

254

public OAuth2Client authenticateClient (String clientId,

255

String clientSecret) throws KustvaktException {

margaretha

2018-04-17 18:45:57 +0200

[diff] [blame]

256

margaretha

2018-04-23 20:00:13 +0200

[diff] [blame]

257

if (clientId == null || clientId.isEmpty()) {

margaretha

0512231

2018-04-16 15:01:34 +0200

[diff] [blame]

258

throw new KustvaktException(

259

StatusCodes.CLIENT_AUTHENTICATION_FAILED,

margaretha

2018-04-25 22:48:09 +0200

[diff] [blame]

260

"Missing parameters: client id",

261

OAuth2Error.INVALID_REQUEST);

margaretha

2018-04-12 19:59:31 +0200

[diff] [blame]

262

}

margaretha

2018-04-05 14:11:52 +0200

[diff] [blame]

263

margaretha

2018-04-23 20:00:13 +0200

[diff] [blame]

264

OAuth2Client client = clientDao.retrieveClientById(clientId);

margaretha

2018-07-03 14:22:59 +0200

[diff] [blame]

265

authenticateClient(client, clientSecret);

return client;

}

public void authenticateClient (OAuth2Client client, String clientSecret)

270

throws KustvaktException {

margaretha

2018-08-14 15:58:51 +0200

[diff] [blame]

271

if (clientSecret == null || clientSecret.isEmpty()) {

margaretha

2018-07-03 14:22:59 +0200

[diff] [blame]

272

if (client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {

273

throw new KustvaktException(

274

StatusCodes.CLIENT_AUTHENTICATION_FAILED,

275

"Missing parameters: client_secret",

276

OAuth2Error.INVALID_REQUEST);

margaretha

2018-04-05 14:11:52 +0200

[diff] [blame]

277

}

278

}

margaretha

2018-08-16 16:19:53 +0200

[diff] [blame]

279

else if (client.getSecret() == null || client.getSecret().isEmpty()) {

280

if (client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {

margaretha

2018-08-15 19:04:03 +0200

[diff] [blame]

281

throw new KustvaktException(

282

StatusCodes.CLIENT_AUTHENTICATION_FAILED,

283

"Client secret was not registered",

284

OAuth2Error.INVALID_CLIENT);

285

}

286

}

margaretha

2618beb

2020-01-24 14:12:28 +0100

[diff] [blame]

287

else if (!encryption.checkHash(clientSecret, client.getSecret())) {

margaretha

2018-07-03 14:22:59 +0200

[diff] [blame]

288

throw new KustvaktException(

289

StatusCodes.CLIENT_AUTHENTICATION_FAILED,

290

"Invalid client credentials", OAuth2Error.INVALID_CLIENT);

291

}

margaretha

2018-04-03 20:40:45 +0200

[diff] [blame]

292

}

margaretha

fb1e099

2018-04-10 14:58:28 +0200

[diff] [blame]

293

margaretha

07402f4

2018-05-07 19:07:45 +0200

[diff] [blame]

294

public OAuth2Client authenticateClientId (String clientId)

295

throws KustvaktException {

296

if (clientId == null || clientId.isEmpty()) {

297

throw new KustvaktException(

298

StatusCodes.CLIENT_AUTHENTICATION_FAILED,

299

"Missing parameters: client id",

300

OAuth2Error.INVALID_REQUEST);

301

}

302

303

return clientDao.retrieveClientById(clientId);

304

}

margaretha

2018-08-15 19:04:03 +0200

[diff] [blame]

305

306

public void updatePrivilege (String username, String clientId,

307

boolean isSuper) throws KustvaktException {

308

309

if (adminDao.isAdmin(username)) {

310

OAuth2Client client = clientDao.retrieveClientById(clientId);

margaretha

2018-08-16 16:19:53 +0200

[diff] [blame]

311

if (isSuper) {

312

if (!client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {

313

throw new KustvaktException(StatusCodes.NOT_ALLOWED,

314

"Only confidential clients are allowed to be super clients.");

315

}

margaretha

2018-08-15 19:04:03 +0200

[diff] [blame]

316

}

margaretha

2018-08-16 16:19:53 +0200

[diff] [blame]

317

else {

318

revokeAllAuthorizationsByClientId(clientId);

319

}

320

margaretha

2018-08-15 19:04:03 +0200

[diff] [blame]

321

client.setSuper(isSuper);

322

clientDao.updateClient(client);

323

}

324

else {

325

throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,

326

"Unauthorized operation for user: " + username, username);

}

}

public OAuth2ClientInfoDto retrieveClientInfo (String username,

331

String clientId) throws KustvaktException {

332

OAuth2Client client = clientDao.retrieveClientById(clientId);

333

if (adminDao.isAdmin(username)

334

|| username.equals(client.getRegisteredBy())) {

335

return new OAuth2ClientInfoDto(client);

336

}

337

else {

338

throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,

339

"Unauthorized operation for user: " + username, username);

340

}

341

}

margaretha

2018-11-29 17:28:18 +0100

[diff] [blame]

342

343

public OAuth2Client retrieveClient (String clientId)

344

throws KustvaktException {

345

return clientDao.retrieveClientById(clientId);

346

}

347

margaretha

2019-11-14 14:34:07 +0100

[diff] [blame]

348

public List<OAuth2UserClientDto> listUserAuthorizedClients (String username,

margaretha

2018-11-29 17:28:18 +0100

[diff] [blame]

349

String clientId, String clientSecret) throws KustvaktException {

350

OAuth2Client client = authenticateClient(clientId, clientSecret);

351

if (!client.isSuper()) {

352

throw new KustvaktException(StatusCodes.CLIENT_AUTHORIZATION_FAILED,

margaretha

2019-11-14 14:34:07 +0100

[diff] [blame]

353

"Only super client is allowed to list user authorized clients.",

margaretha

2018-11-29 17:28:18 +0100

[diff] [blame]

354

OAuth2Error.UNAUTHORIZED_CLIENT);

355

}

margaretha

2020-02-05 10:49:21 +0100

[diff] [blame]

356

margaretha

5a2c34e

2018-11-29 19:35:13 +0100

[diff] [blame]

357

List<OAuth2Client> userClients =

margaretha

2019-11-14 14:34:07 +0100

[diff] [blame]

358

clientDao.retrieveUserAuthorizedClients(username);

margaretha

2020-02-05 10:49:21 +0100

[diff] [blame]

359

userClients.addAll(clientDao.retrieveClientsByAccessTokens(username));

360

361

List<String> clientIds = new ArrayList<>();

362

List<OAuth2Client> uniqueClients = new ArrayList<>();

363

for (OAuth2Client c : userClients){

364

String id = c.getId();

365

if (!clientIds.contains(id)){

366

clientIds.add(id);

367

uniqueClients.add(c);

}

}

Collections.sort(uniqueClients);

372

return createClientDtos(uniqueClients);

margaretha

2019-11-14 14:34:07 +0100

[diff] [blame]

373

}

374

375

public List<OAuth2UserClientDto> listUserRegisteredClients (String username,

376

String clientId, String clientSecret) throws KustvaktException {

377

OAuth2Client client = authenticateClient(clientId, clientSecret);

378

if (!client.isSuper()) {

379

throw new KustvaktException(StatusCodes.CLIENT_AUTHORIZATION_FAILED,

380

"Only super client is allowed to list user registered clients.",

381

OAuth2Error.UNAUTHORIZED_CLIENT);

382

}

383

List<OAuth2Client> userClients =

384

clientDao.retrieveUserRegisteredClients(username);

385

Collections.sort(userClients);

386

return createClientDtos(userClients);

387

}

388

389

private List<OAuth2UserClientDto> createClientDtos (List<OAuth2Client> userClients) {

margaretha

2018-11-29 17:28:18 +0100

[diff] [blame]

390

List<OAuth2UserClientDto> dtoList = new ArrayList<>(userClients.size());

391

for (OAuth2Client uc : userClients) {

392

if (uc.isSuper()) continue;

393

OAuth2UserClientDto dto = new OAuth2UserClientDto();

394

dto.setClientId(uc.getId());

395

dto.setClientName(uc.getName());

margaretha

c20cd34

2019-11-14 10:59:39 +0100

[diff] [blame]

396

dto.setDescription(uc.getDescription());

397

dto.setUrl(uc.getUrl());

margaretha

2018-11-29 17:28:18 +0100

[diff] [blame]

dtoList.add(dto);

}

return dtoList;

}

margaretha

2020-02-05 10:49:21 +0100

[diff] [blame]

402

403

public boolean isPublicClient (OAuth2Client oAuth2Client) {

404

return oAuth2Client.getType().equals(OAuth2ClientType.PUBLIC);

405

}

margaretha