示例#1
0
 public boolean isTokenRevocationForSelf(HttpServletRequest request, int index) {
   String pathInfo = UaaUrlUtils.getRequestPath(request);
   String tokenId = extractIdFromUrl(index, pathInfo);
   if (hasText(pathInfo) && hasText(tokenId)) {
     try {
       RevocableToken revocableToken = tokenProvisioning.retrieve(tokenId);
       String clientIdFromToken = revocableToken.getClientId();
       String clientIdFromAuthentication =
           extractClientIdFromAuthentication(
               SecurityContextHolder.getContext().getAuthentication());
       if (clientIdFromToken.equals(clientIdFromAuthentication)) {
         return true;
       }
       String userIdFromToken = revocableToken.getUserId();
       String userIdFromAuthentication =
           extractUserIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication());
       if (hasText(userIdFromToken) && userIdFromToken.equals(userIdFromAuthentication)) {
         return true;
       }
     } catch (EmptyResultDataAccessException x) {
       logger.debug("Token not found:" + tokenId);
     }
   }
   return false;
 }
示例#2
0
 public boolean isTokenListForAuthenticatedUser(HttpServletRequest request) {
   String pathInfo = UaaUrlUtils.getRequestPath(request);
   String userId = extractIdFromUrl(4, pathInfo);
   String idFromAuth =
       extractUserIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication());
   return hasText(idFromAuth) && idFromAuth.equals(userId);
 }
示例#3
0
 public boolean isClientTokenRevocationForSelf(HttpServletRequest request, int index) {
   String pathInfo = UaaUrlUtils.getRequestPath(request);
   String clientIdFromPath = extractIdFromUrl(index, pathInfo);
   String clientIdFromAuth =
       extractClientIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication());
   return (hasText(clientIdFromPath) && clientIdFromPath.equals(clientIdFromAuth));
 }
示例#4
0
  public boolean isUserSelf(HttpServletRequest request, int pathParameterIndex) {
    String pathInfo = UaaUrlUtils.getRequestPath(request);
    String idFromUrl = extractIdFromUrl(pathParameterIndex, pathInfo);
    String idFromAuth =
        extractUserIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication());

    return idFromAuth != null && idFromAuth.equals(idFromUrl);
  }
示例#5
0
  @RequestMapping(
      value = "/invite_users",
      method = RequestMethod.POST,
      consumes = "application/json")
  public ResponseEntity<InvitationsResponse> inviteUsers(
      @RequestBody InvitationsRequest invitations,
      @RequestParam(value = "client_id", required = false) String clientId,
      @RequestParam(value = "redirect_uri") String redirectUri) {

    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication instanceof OAuth2Authentication) {
      OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;

      if (clientId == null) {
        clientId = oAuth2Authentication.getOAuth2Request().getClientId();
      }
    }

    InvitationsResponse invitationsResponse = new InvitationsResponse();

    DomainFilter filter = new DomainFilter();
    List<IdentityProvider> activeProviders =
        providers.retrieveActive(IdentityZoneHolder.get().getId());
    ClientDetails client = clients.loadClientByClientId(clientId);
    for (String email : invitations.getEmails()) {
      try {
        List<IdentityProvider> providers = filter.filter(activeProviders, client, email);
        if (providers.size() == 1) {
          ScimUser user = findOrCreateUser(email, providers.get(0).getOriginKey());

          String accountsUrl = UaaUrlUtils.getUaaUrl("/invitations/accept");

          Map<String, String> data = new HashMap<>();
          data.put(InvitationConstants.USER_ID, user.getId());
          data.put(InvitationConstants.EMAIL, user.getPrimaryEmail());
          data.put(CLIENT_ID, clientId);
          data.put(REDIRECT_URI, redirectUri);
          data.put(ORIGIN, user.getOrigin());
          Timestamp expiry =
              new Timestamp(
                  System.currentTimeMillis() + (INVITATION_EXPIRY_DAYS * 24 * 60 * 60 * 1000));
          ExpiringCode code =
              expiringCodeStore.generateCode(JsonUtils.writeValueAsString(data), expiry, null);

          String invitationLink = accountsUrl + "?code=" + code.getCode();
          try {
            URL inviteLink = new URL(invitationLink);
            invitationsResponse
                .getNewInvites()
                .add(
                    InvitationsResponse.success(
                        user.getPrimaryEmail(), user.getId(), user.getOrigin(), inviteLink));
          } catch (MalformedURLException mue) {
            invitationsResponse
                .getFailedInvites()
                .add(
                    InvitationsResponse.failure(
                        email,
                        "invitation.exception.url",
                        String.format("Malformed url", invitationLink)));
          }
        } else if (providers.size() == 0) {
          invitationsResponse
              .getFailedInvites()
              .add(
                  InvitationsResponse.failure(
                      email, "provider.non-existent", "No authentication provider found."));
        } else {
          invitationsResponse
              .getFailedInvites()
              .add(
                  InvitationsResponse.failure(
                      email, "provider.ambiguous", "Multiple authentication providers found."));
        }
      } catch (ScimResourceConflictException x) {
        invitationsResponse
            .getFailedInvites()
            .add(
                InvitationsResponse.failure(
                    email,
                    "user.ambiguous",
                    "Multiple users with the same origin matched to the email address."));
      } catch (UaaException uaae) {
        invitationsResponse
            .getFailedInvites()
            .add(InvitationsResponse.failure(email, "invitation.exception", uaae.getMessage()));
      }
    }
    return new ResponseEntity<>(invitationsResponse, HttpStatus.OK);
  }
示例#6
0
 protected String extractIdFromUrl(int pathParameterIndex, String pathInfo) {
   if (!hasText(pathInfo)) {
     return null;
   }
   return UaaUrlUtils.extractPathVariableFromUrl(pathParameterIndex, pathInfo);
 }