Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kustvakt / 7d7e25e5d4051cf8f4345e522ac699d4116194a6 / . / full / src / main / java / de / ids_mannheim / korap / oauth2 / dao / OAuth2ClientDao.java
blob: 66ba01f11d81323916deef49f14cbcca5520c480 [file] [log] [blame]
margarethaa452c5e2018-04-25 22:48:09 +0200[diff] [blame]1package de.ids_mannheim.korap.oauth2.dao;
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]2
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]3import java.time.ZoneId;
4import java.time.ZonedDateTime;
5import java.util.List;
6
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]7import javax.persistence.EntityManager;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]8import javax.persistence.NoResultException;
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]9import javax.persistence.PersistenceContext;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]10import javax.persistence.Query;
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]11import javax.persistence.TypedQuery;
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]12import javax.persistence.criteria.CriteriaBuilder;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]13import javax.persistence.criteria.CriteriaQuery;
margaretha5a2c34e2018-11-29 19:35:13 +0100[diff] [blame]14import javax.persistence.criteria.Join;
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]15import javax.persistence.criteria.Predicate;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]16import javax.persistence.criteria.Root;
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]17
margarethad7163122022-04-11 09:42:41 +0200[diff] [blame]18import org.springframework.beans.factory.annotation.Autowired;
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]19import org.springframework.stereotype.Repository;
20import org.springframework.transaction.annotation.Transactional;
21
margarethad7163122022-04-11 09:42:41 +0200[diff] [blame]22import com.fasterxml.jackson.databind.JsonNode;
23
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]24import de.ids_mannheim.korap.config.Attributes;
margarethad7163122022-04-11 09:42:41 +0200[diff] [blame]25import de.ids_mannheim.korap.config.FullConfiguration;
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]26import de.ids_mannheim.korap.exceptions.KustvaktException;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]27import de.ids_mannheim.korap.exceptions.StatusCodes;
margarethaa452c5e2018-04-25 22:48:09 +0200[diff] [blame]28import de.ids_mannheim.korap.oauth2.constant.OAuth2ClientType;
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]29import de.ids_mannheim.korap.oauth2.entity.AccessToken;
30import de.ids_mannheim.korap.oauth2.entity.AccessToken_;
margarethaa452c5e2018-04-25 22:48:09 +0200[diff] [blame]31import de.ids_mannheim.korap.oauth2.entity.OAuth2Client;
32import de.ids_mannheim.korap.oauth2.entity.OAuth2Client_;
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]33import de.ids_mannheim.korap.oauth2.entity.RefreshToken;
34import de.ids_mannheim.korap.oauth2.entity.RefreshToken_;
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]35import de.ids_mannheim.korap.utils.ParameterChecker;
36
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]37/**
38 * Manages database queries and transactions regarding OAuth2 clients.
margaretha398f4722019-01-09 19:07:20 +0100[diff] [blame]39 *
40 * @author margaretha
41 *
42 */
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]43@Transactional
44@Repository
45public class OAuth2ClientDao {
46
47 @PersistenceContext
48 private EntityManager entityManager;
margarethad7163122022-04-11 09:42:41 +0200[diff] [blame]49 @Autowired
50 private FullConfiguration config;
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]51
margaretha6d61a552018-04-10 19:26:44 +0200[diff] [blame]52 public void registerClient (String id, String secretHashcode, String name,
Akrondc6d73d2020-04-15 16:40:04 +0200[diff] [blame]53 OAuth2ClientType type, String url, String redirectURI,
margarethad7163122022-04-11 09:42:41 +0200[diff] [blame]54 String registeredBy, String description, int refreshTokenExpiry,
55 JsonNode source) throws KustvaktException {
margaretha18259ce2021-05-03 17:31:58 +0200[diff] [blame]56 ParameterChecker.checkStringValue(id, "client_id");
57 ParameterChecker.checkStringValue(name, "client_name");
58 ParameterChecker.checkObjectValue(type, "client_type");
59 ParameterChecker.checkStringValue(description, "client_description");
margarethad7cab212018-07-02 19:01:43 +0200[diff] [blame]60 // ParameterChecker.checkStringValue(url, "client url");
61 // ParameterChecker.checkStringValue(redirectURI, "client
62 // redirect uri");
margaretha18259ce2021-05-03 17:31:58 +0200[diff] [blame]63 ParameterChecker.checkStringValue(registeredBy, "registered_by");
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]64
65 OAuth2Client client = new OAuth2Client();
66 client.setId(id);
67 client.setName(name);
margaretha6d61a552018-04-10 19:26:44 +0200[diff] [blame]68 client.setSecret(secretHashcode);
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]69 client.setType(type);
margaretha85273f12019-02-04 18:13:17 +0100[diff] [blame]70 client.setUrl(url);
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]71 client.setRedirectURI(redirectURI);
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]72 client.setRegisteredBy(registeredBy);
margarethad7163122022-04-11 09:42:41 +0200[diff] [blame]73 client.setRegistrationDate(ZonedDateTime.now());
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]74 client.setDescription(description);
margarethad7163122022-04-11 09:42:41 +0200[diff] [blame]75 if (source !=null && !source.isNull()) {
76 client.setSource(source.toString());
77 }
78 else {
79 client.setPermitted(true);
80 }
margaretha7d7e25e2022-05-27 08:41:25 +0200[diff] [blame^]81 if (refreshTokenExpiry <= 0) {
82 if (type.equals(OAuth2ClientType.CONFIDENTIAL)){
83 refreshTokenExpiry = config.getRefreshTokenLongExpiry();
84 }
margarethad7163122022-04-11 09:42:41 +0200[diff] [blame]85 }
margaretha7d7e25e2022-05-27 08:41:25 +0200[diff] [blame^]86 else if (type.equals(OAuth2ClientType.PUBLIC)){
87 throw new KustvaktException(StatusCodes.INVALID_REFRESH_TOKEN_EXPIRY,
88 "Custom refresh token expiry is only applicable for confidential clients");
89 }
90 else if (refreshTokenExpiry > 31536000 ){
91 throw new KustvaktException(StatusCodes.INVALID_REFRESH_TOKEN_EXPIRY,
92 "Maximum refresh token expiry is 31536000 seconds (1 year)");
93 }
94
margaretha977fabe2022-04-28 09:23:47 +0200[diff] [blame]95 client.setRefreshTokenExpiry(refreshTokenExpiry);
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]96 entityManager.persist(client);
97 }
98
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]99 public OAuth2Client retrieveClientById (String clientId)
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]100 throws KustvaktException {
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]101
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]102 ParameterChecker.checkStringValue(clientId, "client_id");
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]103
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]104 CriteriaBuilder builder = entityManager.getCriteriaBuilder();
105 CriteriaQuery<OAuth2Client> query =
106 builder.createQuery(OAuth2Client.class);
107
108 Root<OAuth2Client> root = query.from(OAuth2Client.class);
109 query.select(root);
110 query.where(builder.equal(root.get(OAuth2Client_.id), clientId));
111
112 Query q = entityManager.createQuery(query);
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]113 try {
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]114 return (OAuth2Client) q.getSingleResult();
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]115 }
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]116 catch (NoResultException e) {
117 throw new KustvaktException(StatusCodes.CLIENT_NOT_FOUND,
margaretha7da23902022-05-02 08:38:45 +0200[diff] [blame]118 "Unknown client: " + clientId, "invalid_client");
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]119 }
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]120 catch (Exception e) {
121 throw new KustvaktException(StatusCodes.CLIENT_NOT_FOUND,
122 e.getMessage(), "invalid_client");
123 }
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]124 }
125
margaretha835178d2018-08-15 19:04:03 +0200[diff] [blame]126 public void deregisterClient (OAuth2Client client)
127 throws KustvaktException {
margaretha7f5071f2018-08-14 15:58:51 +0200[diff] [blame]128 ParameterChecker.checkObjectValue(client, "client");
margaretha8d804f62018-04-10 12:39:56 +0200[diff] [blame]129 if (!entityManager.contains(client)) {
130 client = entityManager.merge(client);
131 }
132 entityManager.remove(client);
133 }
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]134
margaretha7f5071f2018-08-14 15:58:51 +0200[diff] [blame]135 public void updateClient (OAuth2Client client) throws KustvaktException {
136 ParameterChecker.checkObjectValue(client, "client");
137 client = entityManager.merge(client);
138 }
139
margaretha7a09e482019-11-14 14:34:07 +0100[diff] [blame]140 public List<OAuth2Client> retrieveUserAuthorizedClients (String username)
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]141 throws KustvaktException {
142 ParameterChecker.checkStringValue(username, "username");
143
144 CriteriaBuilder builder = entityManager.getCriteriaBuilder();
145 CriteriaQuery<OAuth2Client> query =
146 builder.createQuery(OAuth2Client.class);
147
148 Root<OAuth2Client> client = query.from(OAuth2Client.class);
margaretha5a2c34e2018-11-29 19:35:13 +0100[diff] [blame]149 Join<OAuth2Client, RefreshToken> refreshToken =
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]150 client.join(OAuth2Client_.refreshTokens);
151 Predicate condition = builder.and(
152 builder.equal(refreshToken.get(RefreshToken_.userId), username),
153 builder.equal(refreshToken.get(RefreshToken_.isRevoked), false),
154 builder.greaterThan(
155 refreshToken
156 .<ZonedDateTime> get(RefreshToken_.expiryDate),
157 ZonedDateTime
158 .now(ZoneId.of(Attributes.DEFAULT_TIME_ZONE))));
159 query.select(client);
160 query.where(condition);
margaretha5a2c34e2018-11-29 19:35:13 +0100[diff] [blame]161 query.distinct(true);
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]162 TypedQuery<OAuth2Client> q = entityManager.createQuery(query);
163 return q.getResultList();
164 }
165
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]166 public List<OAuth2Client> retrieveClientsByAccessTokens (String username)
167 throws KustvaktException {
168 ParameterChecker.checkStringValue(username, "username");
169
170 CriteriaBuilder builder = entityManager.getCriteriaBuilder();
171 CriteriaQuery<OAuth2Client> query =
172 builder.createQuery(OAuth2Client.class);
173
174 Root<OAuth2Client> client = query.from(OAuth2Client.class);
175 Join<OAuth2Client, AccessToken> accessToken =
176 client.join(OAuth2Client_.accessTokens);
177 Predicate condition = builder.and(
178 builder.equal(accessToken.get(AccessToken_.userId), username),
179 builder.equal(accessToken.get(AccessToken_.isRevoked), false),
180 builder.greaterThan(
181 accessToken
182 .<ZonedDateTime> get(AccessToken_.expiryDate),
183 ZonedDateTime
184 .now(ZoneId.of(Attributes.DEFAULT_TIME_ZONE))));
185 query.select(client);
186 query.where(condition);
187 query.distinct(true);
188 TypedQuery<OAuth2Client> q = entityManager.createQuery(query);
189 return q.getResultList();
190 }
191
margaretha7a09e482019-11-14 14:34:07 +0100[diff] [blame]192 public List<OAuth2Client> retrieveUserRegisteredClients (String username)
193 throws KustvaktException {
194 ParameterChecker.checkStringValue(username, "username");
195
196 CriteriaBuilder builder = entityManager.getCriteriaBuilder();
197 CriteriaQuery<OAuth2Client> query =
198 builder.createQuery(OAuth2Client.class);
199
200 Root<OAuth2Client> client = query.from(OAuth2Client.class);
201 query.select(client);
202 query.where(builder.equal(client.get(OAuth2Client_.registeredBy),
203 username));
204 query.distinct(true);
205 TypedQuery<OAuth2Client> q = entityManager.createQuery(query);
206 return q.getResultList();
207 }
208
margarethae20a2802022-04-21 12:37:38 +0200[diff] [blame]209 public List<OAuth2Client> retrievePlugins (boolean isPermittedOnly)
210 throws KustvaktException {
211 CriteriaBuilder builder = entityManager.getCriteriaBuilder();
212 CriteriaQuery<OAuth2Client> query =
213 builder.createQuery(OAuth2Client.class);
214
215 Root<OAuth2Client> client = query.from(OAuth2Client.class);
216 Predicate restrictions =
217 builder.isNotNull(client.get(OAuth2Client_.SOURCE));
218 if (isPermittedOnly) {
219 restrictions = builder.and(restrictions,
220 builder.isTrue(client.get(OAuth2Client_.IS_PERMITTED)));
221 }
222
223 query.select(client);
224 query.where(restrictions);
225 query.distinct(true);
226 TypedQuery<OAuth2Client> q = entityManager.createQuery(query);
227 return q.getResultList();
228 }
229
margaretha31a9f522018-04-03 20:40:45 +0200[diff] [blame]230}