All Downloads are FREE. Search and download functionalities are using the official Maven repository.

leap.oauth2.server.endpoint.UserInfoEndpoint Maven / Gradle / Ivy

There is a newer version: 0.7.13b
Show newest version
/*
 * Copyright 2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package leap.oauth2.server.endpoint;

import leap.core.annotation.Inject;
import leap.oauth2.server.OAuth2Errors;
import leap.oauth2.server.OAuth2AuthzServerConfig;
import leap.oauth2.server.endpoint.userinfo.UserInfoHandler;
import leap.oauth2.server.token.AuthzAccessToken;
import leap.oauth2.server.token.AuthzTokenManager;
import leap.oauth2.server.token.Token;
import leap.oauth2.server.token.TokenExtractor;
import leap.web.*;
import leap.web.route.Routes;
import leap.web.security.user.UserDetails;
import leap.web.security.user.UserManager;

/**
 * Open ID Connect defined endpoint, see UserInfo Endpoint
 */
public class UserInfoEndpoint extends AbstractAuthzEndpoint implements Endpoint,Handler {

    protected @Inject OAuth2AuthzServerConfig config;
    protected @Inject AuthzTokenManager       tokenManager;
    protected @Inject TokenExtractor          tokenExtractor;
    protected @Inject UserManager             userManager;
    protected @Inject UserInfoHandler[]       handlers;

	@Override
    public void startEndpoint(App app, Routes routes) {
        if(config.isEnabled() && config.isUserInfoEnabled()) {
            sc.ignore(config.getUserInfoEndpointPath());

            routes.create()
                  .handle(config.getUserInfoEndpointPath(), this )
                  .enableCors().disableCsrf()
                  .apply();
        }
    }

	@Override
    public void handle(Request request, Response response) throws Throwable {
        Token token = tokenExtractor.extractTokenFromRequest(request);
        if(null == token) {
            OAuth2Errors.invalidRequest(request,response, null,"Invalid access token");
            return;
        }

        AuthzAccessToken at = tokenManager.loadAccessToken(token.getValue());
        if(null == at) {
            OAuth2Errors.invalidToken(request,response, null,"Invalid access token");
            return;
        }

        if(at.isClientOnly()) {
            OAuth2Errors.invalidToken(request,response, null,"Invalid access token");
            return;
        }

        String userid = at.getUserId();
        UserDetails userDetails = userManager.loadUserDetails(userid);
        if(null == userDetails) {
            OAuth2Errors.invalidToken(request,response,null, "User not found");
            return;
        }

        if(!userDetails.isEnabled()) {
            OAuth2Errors.invalidToken(request,response,null,"User disabled");
            return;
        }

        for(UserInfoHandler h : handlers) {
            if(h.handleUserInfoResponse(request, response, userDetails)) {
                return ;
            }
        }
    }
	
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy