package com.perforce.workshop.tjuricek.p4oauth.controllers;
import com.perforce.workshop.tjuricek.p4oauth.config.UrlFactory;
import com.perforce.workshop.tjuricek.p4oauth.services.CodeError;
import com.perforce.workshop.tjuricek.p4oauth.services.CodeResult;
import com.perforce.workshop.tjuricek.p4oauth.services.CodeService;
import com.perforce.workshop.tjuricek.p4oauth.util.HttpServletRequestHelper;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.function.Function;
import java.util.function.Supplier;
/**
* Unlike the authorization code workflow, this one actually posts the user
* login and password along the other information, which we then use to generate
* the authorization code and forward on.
*/
public class PasswordStartPost implements ControllerMethod {
public static final String PASSWORD_PATH = "/grants/password";
private Function<HttpServletRequest, HttpServletRequestHelper> requestWrapper;
private Supplier<CodeService> codeService;
private Supplier<UrlFactory> urlFactory;
public PasswordStartPost(Function<HttpServletRequest, HttpServletRequestHelper> requestWrapper, Supplier<CodeService> codeService, Supplier<UrlFactory> urlFactory) {
this.requestWrapper = requestWrapper;
this.codeService = codeService;
this.urlFactory = urlFactory;
}
@Override
public boolean matches(HttpServletRequest baseRequest) {
HttpServletRequestHelper request = requestWrapper.apply(baseRequest);
return request.pathStartsWith(PASSWORD_PATH) &&
request.hasMethod("POST") &&
request.paramEquals("response_type", "password") &&
request.paramNotEmpty("client_id") &&
request.paramNotEmpty("password") &&
request.paramNotEmpty("redirect_uri");
}
@Override
public void handle(HttpServletRequest baseRequest, HttpServletResponse response) throws IOException, ServletException {
HttpServletRequestHelper request = requestWrapper.apply(baseRequest);
// Validated by matches
String login = request.getParam("client_id").get();
String redirectUri = getOrSendError(request, "redirect_uri", response);
if (redirectUri == null) return;
String password = getOrSendError(request, "password", response);
if (password == null) return;
String state = request.getParam("state").orElse(null);
CodeResult codeResult = codeService.get().authenticateCodeRequest(login, password, redirectUri);
if (codeResult.hasError()) {
if (codeResult.getError() == CodeError.NotWhitelisted) {
response.sendError(HttpServletResponse.SC_FORBIDDEN,
"redirect_uri is not on the whitelist");
return;
}
response.sendError(HttpServletResponse.SC_FORBIDDEN,
"authentication failed");
return;
}
setAccessControlAllowOrigin(redirectUri, response);
String url = urlFactory.get().createAuthRedirect(redirectUri, codeResult.getCode(), state);
response.sendRedirect(url);
}
}
# |
Change |
User |
Description |
Committed |
|
#1
|
9182 |
tjuricek |
0.1.2 Added a password grant workflow |
|
|