@Transactional
public AccessKey updateAccessKeyFromOAuthGrant(OAuthGrant grant, User user, Date now) {
AccessKey existing = find(grant.getAccessKey().getId(), user.getId());
deleteAccessKeyPermissions(existing);
if (grant.getAccessType().equals(AccessType.ONLINE)) {
Date expirationDate = new Date(now.getTime() + 600000); // the key is valid for 10 minutes
existing.setExpirationDate(expirationDate);
} else {
existing.setExpirationDate(null);
}
existing.setLabel(
String.format(
Messages.OAUTH_GRANT_TOKEN_LABEL,
grant.getClient().getName(),
System.currentTimeMillis()));
Set<AccessKeyPermission> permissions = new HashSet<>();
AccessKeyPermission permission = new AccessKeyPermission();
permission.setDomainArray(grant.getClient().getDomain());
permission.setActionsArray(StringUtils.split(grant.getScope(), ' '));
permission.setSubnetsArray(grant.getClient().getSubnet());
permission.setNetworkIds(grant.getNetworkIds());
permissions.add(permission);
existing.setPermissions(permissions);
AccessKeyProcessor keyProcessor = new AccessKeyProcessor();
String key = keyProcessor.generateKey();
existing.setKey(key);
for (AccessKeyPermission current : permissions) {
current.setAccessKey(existing);
genericDAO.persist(current);
}
return existing;
}
@Transactional
public AccessKey createAccessKeyFromOAuthGrant(OAuthGrant grant, User user, Date now) {
AccessKey newKey = new AccessKey();
newKey.setType(AccessKeyType.OAUTH);
if (grant.getAccessType().equals(AccessType.ONLINE)) {
Date expirationDate = new Date(now.getTime() + 600000); // the key is valid for 10 minutes
newKey.setExpirationDate(expirationDate);
}
newKey.setUser(user);
newKey.setLabel(
String.format(
Messages.OAUTH_GRANT_TOKEN_LABEL,
grant.getClient().getName(),
System.currentTimeMillis()));
Set<AccessKeyPermission> permissions = new HashSet<>();
AccessKeyPermission permission = new AccessKeyPermission();
permission.setDomainArray(grant.getClient().getDomain());
permission.setActionsArray(StringUtils.split(grant.getScope(), ' '));
permission.setSubnetsArray(grant.getClient().getSubnet());
permission.setNetworkIds(grant.getNetworkIds());
permissions.add(permission);
newKey.setPermissions(permissions);
create(user, newKey);
return newKey;
}
@Transactional
public AccessKey authenticate(@NotNull String key) {
Optional<AccessKey> accessKeyOpt =
genericDAO
.createNamedQuery(AccessKey.class, "AccessKey.getByKey", Optional.of(CacheConfig.get()))
.setParameter("someKey", key)
.getResultList()
.stream()
.findFirst();
if (!accessKeyOpt.isPresent()) {
return null;
}
AccessKey accessKey = accessKeyOpt.get();
final Long expirationPeriod =
configurationService.getLong(Constants.SESSION_TIMEOUT, Constants.DEFAULT_SESSION_TIMEOUT);
if (accessKey.getExpirationDate() != null) {
final Long expiresIn =
accessKey.getExpirationDate().getTime() - timestampService.getTimestamp().getTime();
if (AccessKeyType.SESSION == accessKey.getType()
&& expiresIn > 0
&& expiresIn < expirationPeriod / 2) {
em.refresh(accessKey, LockModeType.PESSIMISTIC_WRITE);
accessKey.setExpirationDate(
new Date(timestampService.getTimestamp().getTime() + expirationPeriod));
return genericDAO.merge(accessKey);
}
}
return accessKey;
}
@Transactional
public boolean update(@NotNull Long userId, @NotNull Long keyId, AccessKeyUpdate toUpdate) {
AccessKey existing = find(keyId, userId);
if (existing == null) {
return false;
}
if (toUpdate == null) {
return true;
}
if (toUpdate.getLabel() != null) {
existing.setLabel(toUpdate.getLabel().orElse(null));
}
if (toUpdate.getExpirationDate() != null) {
existing.setExpirationDate(toUpdate.getExpirationDate().orElse(null));
}
if (toUpdate.getType() != null) {
existing.setType(toUpdate.getType().map(v -> toUpdate.getTypeEnum()).orElse(null));
}
if (toUpdate.getPermissions() != null) {
if (!toUpdate.getPermissions().isPresent()) {
logger.error("New permissions shouldn't be empty in request parameters");
throw new IllegalParametersException(Messages.INVALID_REQUEST_PARAMETERS);
}
Set<AccessKeyPermission> permissionsToReplace = toUpdate.getPermissions().get();
AccessKey toValidate = toUpdate.convertTo();
authenticationUtils.validateActions(toValidate);
deleteAccessKeyPermissions(existing);
for (AccessKeyPermission current : permissionsToReplace) {
AccessKeyPermission permission = preparePermission(current);
permission.setAccessKey(existing);
genericDAO.persist(permission);
}
}
return true;
}
