All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.clouway.oauth2.ClientAuthorizationActivity Maven / Gradle / Ivy

package com.clouway.oauth2;

import com.clouway.friendlyserve.Request;
import com.clouway.friendlyserve.Response;
import com.clouway.friendlyserve.RsRedirect;
import com.clouway.oauth2.authorization.Authorization;
import com.clouway.oauth2.authorization.ClientAuthorizationRepository;
import com.clouway.oauth2.client.Client;
import com.clouway.oauth2.client.ClientFinder;
import com.clouway.oauth2.util.Params;
import com.google.common.base.Optional;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Sets;

import java.util.Map;
import java.util.Set;

/**
 * @author Miroslav Genov ([email protected])
 */
class ClientAuthorizationActivity implements IdentityActivity {
  private final ClientFinder clientFinder;
  private final ClientAuthorizationRepository clientAuthorizationRepository;

  ClientAuthorizationActivity(ClientFinder clientFinder, ClientAuthorizationRepository clientAuthorizationRepository) {
    this.clientFinder = clientFinder;
    this.clientAuthorizationRepository = clientAuthorizationRepository;
  }

  @Override
  public Response execute(String identityId, Request request) {
    String responseType = request.param("response_type");
    String clientId = request.param("client_id");
    String requestedUrl = request.param("redirect_uri");
    String state = request.param("state");
    String scope = request.param("scope") == null ? "" : request.param("scope");

    Map params = new Params().parse(request, "response_type", "client_id", "redirect_uri", "state", "scope");

    Optional possibleClientResponse = clientFinder.findClient(clientId);

    if (!possibleClientResponse.isPresent()) {
      return OAuthError.unauthorizedClient();
    }

    Client client = possibleClientResponse.get();

    Optional possibleRedirectUrl = client.determineRedirectUrl(requestedUrl);

    if (!possibleRedirectUrl.isPresent()) {
      return OAuthError.unauthorizedClient("Client Redirect URL is not matching the configured one.");
    }

    Set scopes = Sets.newTreeSet(Splitter.on(" ").omitEmptyStrings().split(scope));
    Optional possibleAuthorizationResponse = clientAuthorizationRepository.authorize(client, identityId, scopes, responseType);

    // RFC-6749 - Section: 4.2.2.1
    // The authorization server redirects the user-agent by
    // sending the following HTTP response:
    // HTTP/1.1 302 Found
    // Location: https://client.example.com/cb#error=access_denied&state=xyz
    if (!possibleAuthorizationResponse.isPresent()) {
      return new RsRedirect(possibleRedirectUrl.get() + "?error=access_denied");
    }

    String callback = possibleRedirectUrl.get();

    Authorization authorization = possibleAuthorizationResponse.get();
    return new RsRedirect(createCallbackUrl(callback, authorization.code, state, params));
  }

  private String createCallbackUrl(String callback, String code, String state, Map params) {
    String url;
    if (Strings.isNullOrEmpty(state)) {
      url = String.format("%s?code=%s", callback, code);
    } else {
      url = String.format("%s?code=%s&state=%s", callback, code, state);
    }

    for (String key : params.keySet()) {
      url = url + "&" + key + "=" + params.get(key);
    }

    return url;
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy