private Response generalAuthError(String callback, Exception e) throws Exception { logger.error("Generic Auth Error", e); OAuthResponse response = OAuthResponse.errorResponse(SC_BAD_REQUEST) .setError(OAuthError.TokenResponse.INVALID_REQUEST) .buildJSONMessage(); return Response.status(response.getResponseStatus()) .type(jsonMediaType(callback)) .entity(wrapJSONPResponse(callback, response.getBody())) .build(); }
private Response findAndCreateFail(String callback) throws Exception { logger.error("Unable to find or create user"); OAuthResponse response = OAuthResponse.errorResponse(SC_BAD_REQUEST) .setError(OAuthError.TokenResponse.INVALID_REQUEST) .setErrorDescription("invalid user") .buildJSONMessage(); return Response.status(response.getResponseStatus()) .type(jsonMediaType(callback)) .entity(wrapJSONPResponse(callback, response.getBody())) .build(); }
private Response missingTokenFail(String callback) throws Exception { logger.error("Missing Access token"); OAuthResponse response = OAuthResponse.errorResponse(SC_BAD_REQUEST) .setError(OAuthError.TokenResponse.INVALID_REQUEST) .setErrorDescription("missing access token") .buildJSONMessage(); return Response.status(response.getResponseStatus()) .type(jsonMediaType(callback)) .entity(wrapJSONPResponse(callback, response.getBody())) .build(); }
@POST @Path("collection/{collection_name}/export") @Consumes(APPLICATION_JSON) @RequireOrganizationAccess public Response exportPostJson( @Context UriInfo ui, @PathParam("collection_name") String collection_name, Map<String, Object> json, @QueryParam("callback") @DefaultValue("") String callback) throws OAuthSystemException { UsergridAwsCredentials uac = new UsergridAwsCredentials(); UUID jobUUID = null; String colExport = collection_name; Map<String, String> uuidRet = new HashMap<String, String>(); Map<String, Object> properties; Map<String, Object> storage_info; try { // checkJsonExportProperties(json); if ((properties = (Map<String, Object>) json.get("properties")) == null) { throw new NullArgumentException("Could not find 'properties'"); } storage_info = (Map<String, Object>) properties.get("storage_info"); String storage_provider = (String) properties.get("storage_provider"); if (storage_provider == null) { throw new NullArgumentException("Could not find field 'storage_provider'"); } if (storage_info == null) { throw new NullArgumentException("Could not find field 'storage_info'"); } String bucketName = (String) storage_info.get("bucket_location"); String accessId = (String) storage_info.get("s3_access_id"); String secretKey = (String) storage_info.get("s3_key"); if (accessId == null) { throw new NullArgumentException("Could not find field 's3_access_id'"); } if (secretKey == null) { throw new NullArgumentException("Could not find field 's3_key'"); } if (bucketName == null) { throw new NullArgumentException("Could not find field 'bucketName'"); } json.put("organizationId", organization.getUuid()); json.put("applicationId", applicationId); json.put("collectionName", colExport); jobUUID = exportService.schedule(json); uuidRet.put("Export Entity", jobUUID.toString()); } catch (NullArgumentException e) { return Response.status(SC_BAD_REQUEST) .type(JSONPUtils.jsonMediaType(callback)) .entity(ServiceResource.wrapWithCallback(e.getMessage(), callback)) .build(); } catch (Exception e) { // TODO: throw descriptive error message and or include on in the response // TODO: fix below, it doesn't work if there is an exception. // Make it look like the OauthResponse. OAuthResponse errorMsg = OAuthResponse.errorResponse(SC_INTERNAL_SERVER_ERROR) .setErrorDescription(e.getMessage()) .buildJSONMessage(); return Response.status(errorMsg.getResponseStatus()) .type(JSONPUtils.jsonMediaType(callback)) .entity(ServiceResource.wrapWithCallback(errorMsg.getBody(), callback)) .build(); } return Response.status(SC_ACCEPTED).entity(uuidRet).build(); }
@GET @Path("token") public Response getAccessToken( @Context UriInfo ui, @HeaderParam("Authorization") String authorization, @QueryParam("grant_type") String grant_type, @QueryParam("username") String username, @QueryParam("password") String password, @QueryParam("pin") String pin, @QueryParam("client_id") String client_id, @QueryParam("client_secret") String client_secret, @QueryParam("code") String code, @QueryParam("ttl") long ttl, @QueryParam("redirect_uri") String redirect_uri, @QueryParam("callback") @DefaultValue("") String callback) throws Exception { logger.debug("ApplicationResource.getAccessToken"); User user = null; try { if (authorization != null) { String type = stringOrSubstringBeforeFirst(authorization, ' ').toUpperCase(); if ("BASIC".equals(type)) { String token = stringOrSubstringAfterFirst(authorization, ' '); String[] values = Base64.decodeToString(token).split(":"); if (values.length >= 2) { client_id = values[0].toLowerCase(); client_secret = values[1]; } } } // do checking for different grant types String errorDescription = "invalid username or password"; if (GrantType.PASSWORD.toString().equals(grant_type)) { try { user = management.verifyAppUserPasswordCredentials( services.getApplicationId(), username, password); } catch (UnactivatedAppUserException uaue) { errorDescription = "user not activated"; } catch (DisabledAppUserException daue) { errorDescription = "user disabled"; } catch (Exception e1) { } } else if ("pin".equals(grant_type)) { try { user = management.verifyAppUserPinCredentials(services.getApplicationId(), username, pin); } catch (Exception e1) { } } else if ("client_credentials".equals(grant_type)) { try { AccessInfo access_info = management.authorizeClient(client_id, client_secret, ttl); if (access_info != null) { return Response.status(SC_OK) .type(jsonMediaType(callback)) .entity(wrapWithCallback(access_info, callback)) .build(); } } catch (Exception e1) { } } else if ("authorization_code".equals(grant_type)) { AccessInfo access_info = new AccessInfo(); access_info.setAccessToken(code); return Response.status(SC_OK) .type(jsonMediaType(callback)) .entity(wrapWithCallback(access_info, callback)) .build(); } if (user == null) { OAuthResponse response = OAuthResponse.errorResponse(SC_BAD_REQUEST) .setError(OAuthError.TokenResponse.INVALID_GRANT) .setErrorDescription(errorDescription) .buildJSONMessage(); return Response.status(response.getResponseStatus()) .type(jsonMediaType(callback)) .entity(wrapWithCallback(response.getBody(), callback)) .build(); } String token = management.getAccessTokenForAppUser(services.getApplicationId(), user.getUuid(), ttl); AccessInfo access_info = new AccessInfo() .withExpiresIn(tokens.getMaxTokenAge(token) / 1000) .withAccessToken(token) .withProperty("user", user); return Response.status(SC_OK) .type(jsonMediaType(callback)) .entity(wrapWithCallback(access_info, callback)) .build(); } catch (OAuthProblemException e) { logger.error("OAuth Error", e); OAuthResponse res = OAuthResponse.errorResponse(SC_BAD_REQUEST).error(e).buildJSONMessage(); return Response.status(res.getResponseStatus()) .type(jsonMediaType(callback)) .entity(wrapWithCallback(res.getBody(), callback)) .build(); } }
private void doProcess(final HttpServletRequest request, final HttpResponse response) throws OAuthSystemException, IOException { OAuthResponse oauthResponse; String state = request.getParameter(OAuth.OAUTH_STATE); String redirectUri = request.getParameter(OAuth.OAUTH_REDIRECT_URI); try { // Build a request and fail if it is not a valid OAUTH request final OAuthAuthzRequest oAuthAuthzRequest = new OAuthAuthzRequest(request); // Get oauth parameters final String clientId = oAuthAuthzRequest.getClientId(); final String responseType = oAuthAuthzRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE); final Set<String> scopes = oAuthAuthzRequest.getScopes(); redirectUri = oAuthAuthzRequest.getRedirectURI(); state = oAuthAuthzRequest.getState(); int expiresIn = DEFAULT_EXPIRE_TIME; if (scopes.contains("permanent_token")) { expiresIn = DateUtils.SECOND_PER_DAY * 3650; } if (redirectUri == null || redirectUri.isEmpty()) { redirectUri = "pagenotfound"; } final String login = request.getParameter("login"); final String password = request.getParameter("password"); final OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse.authorizationResponse(HttpServletResponse.SC_FOUND); // TODO make a more secure Generator ? final OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new UUIDValueGenerator()); if (responseType.equals(ResponseType.CODE.toString())) { // Create the token final String token = oauthIssuerImpl.authorizationCode(); // build response builder.setCode(token); // Add the external service authenticator.addExternalService(clientId, login, password, token, scopes); } else if (responseType.equals(ResponseType.TOKEN.toString())) { // Create tokens final String token = oauthIssuerImpl.accessToken(); final String refresh = oauthIssuerImpl.refreshToken(); // build response builder.setAccessToken(token); builder.setParam(OAuth.OAUTH_REFRESH_TOKEN, refresh); builder.setExpiresIn(String.valueOf(expiresIn)); // Add in external services authenticator.addExternalService(clientId, login, password, token, scopes); authenticator.authorize(token, token, refresh, expiresIn); } // Finish the construction oauthResponse = builder.location(redirectUri).buildQueryMessage(); } catch (final OAuthProblemException ex) { oauthResponse = OAuthResponse.errorResponse(HttpServletResponse.SC_FOUND) .error(ex) .setState(state) .location(redirectUri) .buildQueryMessage(); } catch (final AuthorizationException e) { oauthResponse = OAuthResponse.errorResponse(HttpServletResponse.SC_FOUND) .setError("server_error") .setErrorDescription("Internal error. Please report.") .setState(state) .location(redirectUri) .buildQueryMessage(); Log.framework().error("Cannot found a just added service ...", e); } catch (final ElementNotFoundException e) { response.writeOAuthRedirect( 302, "/" + OAuthProcessor.OAUTH_GET_CREDENTIAL_PAGENAME + "?fail=true&" + request.getQueryString()); return; } catch (final OAuthSystemException e) { throw new BadProgrammerException(e); } // write the response response.writeOAuthRedirect(oauthResponse.getResponseStatus(), oauthResponse.getLocationUri()); }