package com.perforce.workshop.tjuricek.p4oauth.controllers; import com.perforce.workshop.tjuricek.p4oauth.config.UrlFactory; import com.perforce.workshop.tjuricek.p4oauth.services.CodeError; import com.perforce.workshop.tjuricek.p4oauth.services.CodeResult; import com.perforce.workshop.tjuricek.p4oauth.services.CodeService; import com.perforce.workshop.tjuricek.p4oauth.util.HttpServletRequestHelper; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.function.Function; import java.util.function.Supplier; /** * Called back by the login page directly, to generate the next request to the * CodeService to basically generate the authorization code. * <p> * Note that after this authorization code is generated, it's only valid to * generate keys for up to 10 minutes. * <p> * See also <a href="http://tools.ietf.org/html/rfc6749#section-4.1.2">RFC 6749 Section 4.1.2</a> */ public class AuthorizationFinishPost implements ControllerMethod { public static final String AUTH_FINISH_PATH = "/grants/authorization_code/finish"; private Function<HttpServletRequest, HttpServletRequestHelper> requestWrapper; private Supplier<CodeService> codeServiceSupplier; private Supplier<UrlFactory> urlFactory; public AuthorizationFinishPost(Function<HttpServletRequest, HttpServletRequestHelper> requestWrapper, Supplier<CodeService> codeServiceSupplier, Supplier<UrlFactory> urlFactorySupplier) { this.requestWrapper = requestWrapper; this.codeServiceSupplier = codeServiceSupplier; this.urlFactory = urlFactorySupplier; } @Override public boolean matches(HttpServletRequest baseRequest) { HttpServletRequestHelper request = requestWrapper.apply(baseRequest); return request.pathStartsWith(AUTH_FINISH_PATH) && request.hasMethod("POST"); } /** * Note that the "matches" method pretty much just checks the path, because * we validate most of the request here. * <p> * We need several * * @param request The HttpServletRequest that should indicate most of our input data * @param response The response object to write out to */ @Override public void handle(HttpServletRequest baseRequest, HttpServletResponse response) throws IOException, ServletException { HttpServletRequestHelper request = requestWrapper.apply(baseRequest); String login = getOrSendError(request, "client_id", response); if (login == null) return; String password = getOrSendError(request, "password", response); if (password == null) return; String redirectUri = getOrSendError(request, "redirect_uri", response); if (redirectUri == null) return; String state = request.getParam("state").orElse(null); CodeResult result = this.codeServiceSupplier.get().authenticateCodeRequest(login, password, redirectUri); if (result.hasError()) { if (result.getError() == CodeError.NotWhitelisted) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "redirect_uri is not on the whitelist"); return; } response.sendError(HttpServletResponse.SC_FORBIDDEN, "authentication failed"); return; } String url = urlFactory.get().createAuthRedirect(redirectUri, result.getCode(), state); response.sendRedirect(url); } }
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#2 | 9182 | tjuricek | 0.1.2 Added a password grant workflow | ||
#1 | 9095 | tjuricek | Added some basic test data and renamed "workspace" to "workshop" in package name | ||
//guest/tjuricek/p4oauth/src/main/java/com/perforce/workspace/tjuricek/p4oauth/controllers/AuthorizationFinishPost.java | |||||
#1 | 9089 | tjuricek |
Moving some code that worked via some manual validation to the workshop. This just implements a basic code authorization grant scheme. Automated tests are forthcoming, awating some gradle plugin work that should sit outside of this project. |