diff --git a/.mvn/wrapper/MavenWrapperDownloader.java b/.mvn/wrapper/MavenWrapperDownloader.java new file mode 100755 index 0000000000..d475a89ce1 --- /dev/null +++ b/.mvn/wrapper/MavenWrapperDownloader.java @@ -0,0 +1,110 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +import java.net.*; +import java.io.*; +import java.nio.channels.*; +import java.util.Properties; + +public class MavenWrapperDownloader { + + /** + * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided. + */ + private static final String DEFAULT_DOWNLOAD_URL = + "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.0/maven-wrapper-0.4.0.jar"; + + /** + * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to + * use instead of the default one. + */ + private static final String MAVEN_WRAPPER_PROPERTIES_PATH = + ".mvn/wrapper/maven-wrapper.properties"; + + /** + * Path where the maven-wrapper.jar will be saved to. + */ + private static final String MAVEN_WRAPPER_JAR_PATH = + ".mvn/wrapper/maven-wrapper.jar"; + + /** + * Name of the property which should be used to override the default download url for the wrapper. + */ + private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl"; + + public static void main(String args[]) { + System.out.println("- Downloader started"); + File baseDirectory = new File(args[0]); + System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath()); + + // If the maven-wrapper.properties exists, read it and check if it contains a custom + // wrapperUrl parameter. + File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH); + String url = DEFAULT_DOWNLOAD_URL; + if(mavenWrapperPropertyFile.exists()) { + FileInputStream mavenWrapperPropertyFileInputStream = null; + try { + mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile); + Properties mavenWrapperProperties = new Properties(); + mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream); + url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url); + } catch (IOException e) { + System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'"); + } finally { + try { + if(mavenWrapperPropertyFileInputStream != null) { + mavenWrapperPropertyFileInputStream.close(); + } + } catch (IOException e) { + // Ignore ... + } + } + } + System.out.println("- Downloading from: : " + url); + + File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH); + if(!outputFile.getParentFile().exists()) { + if(!outputFile.getParentFile().mkdirs()) { + System.out.println( + "- ERROR creating output direcrory '" + outputFile.getParentFile().getAbsolutePath() + "'"); + } + } + System.out.println("- Downloading to: " + outputFile.getAbsolutePath()); + try { + downloadFileFromURL(url, outputFile); + System.out.println("Done"); + System.exit(0); + } catch (Throwable e) { + System.out.println("- Error downloading"); + e.printStackTrace(); + System.exit(1); + } + } + + private static void downloadFileFromURL(String urlString, File destination) throws Exception { + URL website = new URL(urlString); + ReadableByteChannel rbc; + rbc = Channels.newChannel(website.openStream()); + FileOutputStream fos = new FileOutputStream(destination); + fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE); + fos.close(); + rbc.close(); + } + +} diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar new file mode 100755 index 0000000000..08ebbb67f0 Binary files /dev/null and b/.mvn/wrapper/maven-wrapper.jar differ diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties new file mode 100755 index 0000000000..08e2135425 --- /dev/null +++ b/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1 @@ +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip \ No newline at end of file diff --git a/.travis.yml b/.travis.yml index 3d619c8263..da6fe0877a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,11 +1,7 @@ language: java jdk: - - oraclejdk11 + - oraclejdk8 sudo: false after_success: - bash <(curl -s https://codecov.io/bash) - -cache: - directories: - - $HOME/.m2 diff --git a/mvnw b/mvnw new file mode 100755 index 0000000000..961a825001 --- /dev/null +++ b/mvnw @@ -0,0 +1,286 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Maven2 Start Up Batch script +# +# Required ENV vars: +# ------------------ +# JAVA_HOME - location of a JDK home dir +# +# Optional ENV vars +# ----------------- +# M2_HOME - location of maven2's installed home dir +# MAVEN_OPTS - parameters passed to the Java VM when running Maven +# e.g. to debug Maven itself, use +# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 +# MAVEN_SKIP_RC - flag to disable loading of mavenrc files +# ---------------------------------------------------------------------------- + +if [ -z "$MAVEN_SKIP_RC" ] ; then + + if [ -f /etc/mavenrc ] ; then + . /etc/mavenrc + fi + + if [ -f "$HOME/.mavenrc" ] ; then + . "$HOME/.mavenrc" + fi + +fi + +# OS specific support. $var _must_ be set to either true or false. +cygwin=false; +darwin=false; +mingw=false +case "`uname`" in + CYGWIN*) cygwin=true ;; + MINGW*) mingw=true;; + Darwin*) darwin=true + # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home + # See https://developer.apple.com/library/mac/qa/qa1170/_index.html + if [ -z "$JAVA_HOME" ]; then + if [ -x "/usr/libexec/java_home" ]; then + export JAVA_HOME="`/usr/libexec/java_home`" + else + export JAVA_HOME="/Library/Java/Home" + fi + fi + ;; +esac + +if [ -z "$JAVA_HOME" ] ; then + if [ -r /etc/gentoo-release ] ; then + JAVA_HOME=`java-config --jre-home` + fi +fi + +if [ -z "$M2_HOME" ] ; then + ## resolve links - $0 may be a link to maven's home + PRG="$0" + + # need this for relative symlinks + while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG="`dirname "$PRG"`/$link" + fi + done + + saveddir=`pwd` + + M2_HOME=`dirname "$PRG"`/.. + + # make it fully qualified + M2_HOME=`cd "$M2_HOME" && pwd` + + cd "$saveddir" + # echo Using m2 at $M2_HOME +fi + +# For Cygwin, ensure paths are in UNIX format before anything is touched +if $cygwin ; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --unix "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --unix "$CLASSPATH"` +fi + +# For Mingw, ensure paths are in UNIX format before anything is touched +if $mingw ; then + [ -n "$M2_HOME" ] && + M2_HOME="`(cd "$M2_HOME"; pwd)`" + [ -n "$JAVA_HOME" ] && + JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" + # TODO classpath? +fi + +if [ -z "$JAVA_HOME" ]; then + javaExecutable="`which javac`" + if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then + # readlink(1) is not available as standard on Solaris 10. + readLink=`which readlink` + if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then + if $darwin ; then + javaHome="`dirname \"$javaExecutable\"`" + javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" + else + javaExecutable="`readlink -f \"$javaExecutable\"`" + fi + javaHome="`dirname \"$javaExecutable\"`" + javaHome=`expr "$javaHome" : '\(.*\)/bin'` + JAVA_HOME="$javaHome" + export JAVA_HOME + fi + fi +fi + +if [ -z "$JAVACMD" ] ; then + if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + else + JAVACMD="`which java`" + fi +fi + +if [ ! -x "$JAVACMD" ] ; then + echo "Error: JAVA_HOME is not defined correctly." >&2 + echo " We cannot execute $JAVACMD" >&2 + exit 1 +fi + +if [ -z "$JAVA_HOME" ] ; then + echo "Warning: JAVA_HOME environment variable is not set." +fi + +CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher + +# traverses directory structure from process work directory to filesystem root +# first directory with .mvn subdirectory is considered project base directory +find_maven_basedir() { + + if [ -z "$1" ] + then + echo "Path not specified to find_maven_basedir" + return 1 + fi + + basedir="$1" + wdir="$1" + while [ "$wdir" != '/' ] ; do + if [ -d "$wdir"/.mvn ] ; then + basedir=$wdir + break + fi + # workaround for JBEAP-8937 (on Solaris 10/Sparc) + if [ -d "${wdir}" ]; then + wdir=`cd "$wdir/.."; pwd` + fi + # end of workaround + done + echo "${basedir}" +} + +# concatenates all lines of a file +concat_lines() { + if [ -f "$1" ]; then + echo "$(tr -s '\n' ' ' < "$1")" + fi +} + +BASE_DIR=`find_maven_basedir "$(pwd)"` +if [ -z "$BASE_DIR" ]; then + exit 1; +fi + +########################################################################################## +# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central +# This allows using the maven wrapper in projects that prohibit checking in binary data. +########################################################################################## +if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found .mvn/wrapper/maven-wrapper.jar" + fi +else + if [ "$MVNW_VERBOSE" = true ]; then + echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." + fi + jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.0/maven-wrapper-0.4.0.jar" + while IFS="=" read key value; do + case "$key" in (wrapperUrl) jarUrl="$value"; break ;; + esac + done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" + if [ "$MVNW_VERBOSE" = true ]; then + echo "Downloading from: $jarUrl" + fi + wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" + + if command -v wget > /dev/null; then + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found wget ... using wget" + fi + wget "$jarUrl" -O "$wrapperJarPath" + elif command -v curl > /dev/null; then + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found curl ... using curl" + fi + curl -o "$wrapperJarPath" "$jarUrl" + else + if [ "$MVNW_VERBOSE" = true ]; then + echo "Falling back to using Java to download" + fi + javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" + if [ -e "$javaClass" ]; then + if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then + if [ "$MVNW_VERBOSE" = true ]; then + echo " - Compiling MavenWrapperDownloader.java ..." + fi + # Compiling the Java class + ("$JAVA_HOME/bin/javac" "$javaClass") + fi + if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then + # Running the downloader + if [ "$MVNW_VERBOSE" = true ]; then + echo " - Running MavenWrapperDownloader.java ..." + fi + ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") + fi + fi + fi +fi +########################################################################################## +# End of extension +########################################################################################## + +export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} +if [ "$MVNW_VERBOSE" = true ]; then + echo $MAVEN_PROJECTBASEDIR +fi +MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" + +# For Cygwin, switch paths to Windows format before running java +if $cygwin; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --path --windows "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + [ -n "$MAVEN_PROJECTBASEDIR" ] && + MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` +fi + +WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +exec "$JAVACMD" \ + $MAVEN_OPTS \ + -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ + "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ + ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" diff --git a/mvnw.cmd b/mvnw.cmd new file mode 100755 index 0000000000..830073a17e --- /dev/null +++ b/mvnw.cmd @@ -0,0 +1,161 @@ +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM http://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Maven2 Start Up Batch script +@REM +@REM Required ENV vars: +@REM JAVA_HOME - location of a JDK home dir +@REM +@REM Optional ENV vars +@REM M2_HOME - location of maven2's installed home dir +@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands +@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending +@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven +@REM e.g. to debug Maven itself, use +@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 +@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files +@REM ---------------------------------------------------------------------------- + +@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' +@echo off +@REM set title of command window +title %0 +@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' +@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% + +@REM set %HOME% to equivalent of $HOME +if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") + +@REM Execute a user defined script before this one +if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre +@REM check for pre script, once with legacy .bat ending and once with .cmd ending +if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" +if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" +:skipRcPre + +@setlocal + +set ERROR_CODE=0 + +@REM To isolate internal variables from possible post scripts, we use another setlocal +@setlocal + +@REM ==== START VALIDATION ==== +if not "%JAVA_HOME%" == "" goto OkJHome + +echo. +echo Error: JAVA_HOME not found in your environment. >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +:OkJHome +if exist "%JAVA_HOME%\bin\java.exe" goto init + +echo. +echo Error: JAVA_HOME is set to an invalid directory. >&2 +echo JAVA_HOME = "%JAVA_HOME%" >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +@REM ==== END VALIDATION ==== + +:init + +@REM Find the project base dir, i.e. the directory that contains the folder ".mvn". +@REM Fallback to current working directory if not found. + +set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% +IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir + +set EXEC_DIR=%CD% +set WDIR=%EXEC_DIR% +:findBaseDir +IF EXIST "%WDIR%"\.mvn goto baseDirFound +cd .. +IF "%WDIR%"=="%CD%" goto baseDirNotFound +set WDIR=%CD% +goto findBaseDir + +:baseDirFound +set MAVEN_PROJECTBASEDIR=%WDIR% +cd "%EXEC_DIR%" +goto endDetectBaseDir + +:baseDirNotFound +set MAVEN_PROJECTBASEDIR=%EXEC_DIR% +cd "%EXEC_DIR%" + +:endDetectBaseDir + +IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig + +@setlocal EnableExtensions EnableDelayedExpansion +for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a +@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% + +:endReadAdditionalConfig + +SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" +set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" +set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.0/maven-wrapper-0.4.0.jar" +FOR /F "tokens=1,2 delims==" %%A IN (%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties) DO ( + IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B +) + +@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central +@REM This allows using the maven wrapper in projects that prohibit checking in binary data. +if exist %WRAPPER_JAR% ( + echo Found %WRAPPER_JAR% +) else ( + echo Couldn't find %WRAPPER_JAR%, downloading it ... + echo Downloading from: %DOWNLOAD_URL% + powershell -Command "(New-Object Net.WebClient).DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')" + echo Finished downloading %WRAPPER_JAR% +) +@REM End of extension + +%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* +if ERRORLEVEL 1 goto error +goto end + +:error +set ERROR_CODE=1 + +:end +@endlocal & set ERROR_CODE=%ERROR_CODE% + +if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost +@REM check for post script, once with legacy .bat ending and once with .cmd ending +if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" +if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" +:skipRcPost + +@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' +if "%MAVEN_BATCH_PAUSE%" == "on" pause + +if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% + +exit /B %ERROR_CODE% diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml index 3fbbd9e5ec..88beb2716c 100644 --- a/openid-connect-client/pom.xml +++ b/openid-connect-client/pom.xml @@ -22,7 +22,7 @@ openid-connect-parent org.mitre - 1.3.5-SNAPSHOT + 1.3.4.1 .. openid-connect-client @@ -33,6 +33,10 @@ org.mitre openid-connect-common + + jakarta.annotation + jakarta.annotation-api + jar diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java deleted file mode 100644 index b311a84d9c..0000000000 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java +++ /dev/null @@ -1,392 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.introspectingfilter; - -import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC; - -import java.io.IOException; -import java.net.URI; -import java.util.Calendar; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import org.apache.http.client.HttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.mitre.oauth2.introspectingfilter.service.IntrospectionAuthorityGranter; -import org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationService; -import org.mitre.oauth2.introspectingfilter.service.impl.SimpleIntrospectionAuthorityGranter; -import org.mitre.oauth2.model.RegisteredClient; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpMethod; -import org.springframework.http.client.ClientHttpRequest; -import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices; -import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; -import org.springframework.util.LinkedMultiValueMap; -import org.springframework.util.MultiValueMap; -import org.springframework.web.client.RestClientException; -import org.springframework.web.client.RestTemplate; - -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.nimbusds.jose.util.Base64; - -/** - * This ResourceServerTokenServices implementation introspects incoming tokens at a - * server's introspection endpoint URL and passes an Authentication object along - * based on the response from the introspection endpoint. - * @author jricher - * - */ -public class IntrospectingTokenService implements ResourceServerTokenServices { - - private IntrospectionConfigurationService introspectionConfigurationService; - private IntrospectionAuthorityGranter introspectionAuthorityGranter = new SimpleIntrospectionAuthorityGranter(); - - private int defaultExpireTime = 300000; // 5 minutes in milliseconds - private boolean forceCacheExpireTime = false; // force removal of cached tokens based on default expire time - private boolean cacheNonExpiringTokens = false; - private boolean cacheTokens = true; - - private HttpComponentsClientHttpRequestFactory factory; - - public IntrospectingTokenService() { - this(HttpClientBuilder.create().useSystemProperties().build()); - } - - public IntrospectingTokenService(HttpClient httpClient) { - this.factory = new HttpComponentsClientHttpRequestFactory(httpClient); - } - - // Inner class to store in the hash map - private class TokenCacheObject { - OAuth2AccessToken token; - OAuth2Authentication auth; - Date cacheExpire; - - private TokenCacheObject(OAuth2AccessToken token, OAuth2Authentication auth) { - this.token = token; - this.auth = auth; - - // we don't need to check the cacheTokens values, because this won't actually be added to the cache if cacheTokens is false - // if the token isn't null we use the token expire time - // if forceCacheExpireTime is also true, we also make sure that the token expire time is shorter than the default expire time - if ((this.token.getExpiration() != null) && (!forceCacheExpireTime || (forceCacheExpireTime && (this.token.getExpiration().getTime() - System.currentTimeMillis() <= defaultExpireTime)))) { - this.cacheExpire = this.token.getExpiration(); - } else { // if the token doesn't have an expire time, or if the using forceCacheExpireTime the token expire time is longer than the default, then use the default expire time - Calendar cal = Calendar.getInstance(); - cal.add(Calendar.MILLISECOND, defaultExpireTime); - this.cacheExpire = cal.getTime(); - } - } - } - - private Map authCache = new HashMap<>(); - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(IntrospectingTokenService.class); - - /** - * @return the introspectionConfigurationService - */ - public IntrospectionConfigurationService getIntrospectionConfigurationService() { - return introspectionConfigurationService; - } - - /** - * @param introspectionConfigurationService the introspectionConfigurationService to set - */ - public void setIntrospectionConfigurationService(IntrospectionConfigurationService introspectionUrlProvider) { - this.introspectionConfigurationService = introspectionUrlProvider; - } - - /** - * @param introspectionAuthorityGranter the introspectionAuthorityGranter to set - */ - public void setIntrospectionAuthorityGranter(IntrospectionAuthorityGranter introspectionAuthorityGranter) { - this.introspectionAuthorityGranter = introspectionAuthorityGranter; - } - - /** - * @return the introspectionAuthorityGranter - */ - public IntrospectionAuthorityGranter getIntrospectionAuthorityGranter() { - return introspectionAuthorityGranter; - } - - /** - * get the default cache expire time in milliseconds - * @return - */ - public int getDefaultExpireTime() { - return defaultExpireTime; - } - - /** - * set the default cache expire time in milliseconds - * @param defaultExpireTime - */ - public void setDefaultExpireTime(int defaultExpireTime) { - this.defaultExpireTime = defaultExpireTime; - } - - /** - * check if forcing a cache expire time maximum value - * @return the forceCacheExpireTime setting - */ - public boolean isForceCacheExpireTime() { - return forceCacheExpireTime; - } - - /** - * set forcing a cache expire time maximum value - * @param forceCacheExpireTime - */ - public void setForceCacheExpireTime(boolean forceCacheExpireTime) { - this.forceCacheExpireTime = forceCacheExpireTime; - } - - /** - * Are non-expiring tokens cached using the default cache time - * @return state of cacheNonExpiringTokens - */ - public boolean isCacheNonExpiringTokens() { - return cacheNonExpiringTokens; - } - - /** - * should non-expiring tokens be cached using the default cache timeout - * @param cacheNonExpiringTokens - */ - public void setCacheNonExpiringTokens(boolean cacheNonExpiringTokens) { - this.cacheNonExpiringTokens = cacheNonExpiringTokens; - } - - /** - * Is the service caching tokens, or is it hitting the introspection end point every time - * @return true is caching tokens locally, false hits the introspection end point every time - */ - public boolean isCacheTokens() { - return cacheTokens; - } - - /** - * Configure if the client should cache tokens locally or not - * @param cacheTokens - */ - public void setCacheTokens(boolean cacheTokens) { - this.cacheTokens = cacheTokens; - } - - /** - * Check to see if the introspection end point response for a token has been cached locally - * This call will return the token if it has been cached and is still valid according to - * the cache expire time on the TokenCacheObject. If a cached value has been found but is - * expired, either by default expire times or the token's own expire time, then the token is - * removed from the cache and null is returned. - * @param key is the token to check - * @return the cached TokenCacheObject or null - */ - private TokenCacheObject checkCache(String key) { - if (cacheTokens && authCache.containsKey(key)) { - TokenCacheObject tco = authCache.get(key); - - if (tco != null && tco.cacheExpire != null && tco.cacheExpire.after(new Date())) { - return tco; - } else { - // if the token is expired, don't keep things around. - authCache.remove(key); - } - } - return null; - } - - private OAuth2Request createStoredRequest(final JsonObject token) { - String clientId = token.get("client_id").getAsString(); - Set scopes = new HashSet<>(); - if (token.has("scope")) { - scopes.addAll(OAuth2Utils.parseParameterList(token.get("scope").getAsString())); - } - Map parameters = new HashMap<>(); - parameters.put("client_id", clientId); - parameters.put("scope", OAuth2Utils.formatParameterList(scopes)); - OAuth2Request storedRequest = new OAuth2Request(parameters, clientId, null, true, scopes, null, null, null, null); - return storedRequest; - } - - private Authentication createUserAuthentication(JsonObject token) { - JsonElement userId = token.get("user_id"); - if(userId == null) { - userId = token.get("sub"); - if (userId == null) { - return null; - } - } - - return new PreAuthenticatedAuthenticationToken(userId.getAsString(), token, introspectionAuthorityGranter.getAuthorities(token)); - } - - private OAuth2AccessToken createAccessToken(final JsonObject token, final String tokenString) { - OAuth2AccessToken accessToken = new OAuth2AccessTokenImpl(token, tokenString); - return accessToken; - } - - /** - * Validate a token string against the introspection endpoint, - * then parse it and store it in the local cache if caching is enabled. - * - * @param accessToken Token to pass to the introspection endpoint - * @return TokenCacheObject containing authentication and token if the token was valid, otherwise null - */ - private TokenCacheObject parseToken(String accessToken) { - - // find out which URL to ask - String introspectionUrl; - RegisteredClient client; - try { - introspectionUrl = introspectionConfigurationService.getIntrospectionUrl(accessToken); - client = introspectionConfigurationService.getClientConfiguration(accessToken); - } catch (IllegalArgumentException e) { - logger.error("Unable to load introspection URL or client configuration", e); - return null; - } - // Use the SpringFramework RestTemplate to send the request to the - // endpoint - String validatedToken = null; - - RestTemplate restTemplate; - MultiValueMap form = new LinkedMultiValueMap<>(); - - final String clientId = client.getClientId(); - final String clientSecret = client.getClientSecret(); - - if (SECRET_BASIC.equals(client.getTokenEndpointAuthMethod())){ - // use BASIC auth if configured to do so - restTemplate = new RestTemplate(factory) { - - @Override - protected ClientHttpRequest createRequest(URI url, HttpMethod method) throws IOException { - ClientHttpRequest httpRequest = super.createRequest(url, method); - httpRequest.getHeaders().add("Authorization", - String.format("Basic %s", Base64.encode(String.format("%s:%s", clientId, clientSecret)) )); - return httpRequest; - } - }; - } else { //Alternatively use form based auth - restTemplate = new RestTemplate(factory); - - form.add("client_id", clientId); - form.add("client_secret", clientSecret); - } - - form.add("token", accessToken); - - try { - validatedToken = restTemplate.postForObject(introspectionUrl, form, String.class); - } catch (RestClientException rce) { - logger.error("validateToken", rce); - return null; - } - if (validatedToken != null) { - // parse the json - JsonElement jsonRoot = new JsonParser().parse(validatedToken); - if (!jsonRoot.isJsonObject()) { - return null; // didn't get a proper JSON object - } - - JsonObject tokenResponse = jsonRoot.getAsJsonObject(); - - if (tokenResponse.get("error") != null) { - // report an error? - logger.error("Got an error back: " + tokenResponse.get("error") + ", " + tokenResponse.get("error_description")); - return null; - } - - if (!tokenResponse.get("active").getAsBoolean()) { - // non-valid token - logger.info("Server returned non-active token"); - return null; - } - // create an OAuth2Authentication - OAuth2Authentication auth = new OAuth2Authentication(createStoredRequest(tokenResponse), createUserAuthentication(tokenResponse)); - // create an OAuth2AccessToken - OAuth2AccessToken token = createAccessToken(tokenResponse, accessToken); - - if (token.getExpiration() == null || token.getExpiration().after(new Date())) { - // Store them in the cache - TokenCacheObject tco = new TokenCacheObject(token, auth); - if (cacheTokens && (cacheNonExpiringTokens || token.getExpiration() != null)) { - authCache.put(accessToken, tco); - } - return tco; - } - } - - // when the token is invalid for whatever reason - return null; - } - - @Override - public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException { - // First check if the in memory cache has an Authentication object, and - // that it is still valid - // If Valid, return it - TokenCacheObject cacheAuth = checkCache(accessToken); - if (cacheAuth != null) { - return cacheAuth.auth; - } else { - cacheAuth = parseToken(accessToken); - if (cacheAuth != null) { - return cacheAuth.auth; - } else { - return null; - } - } - } - - @Override - public OAuth2AccessToken readAccessToken(String accessToken) { - // First check if the in memory cache has a Token object, and that it is - // still valid - // If Valid, return it - TokenCacheObject cacheAuth = checkCache(accessToken); - if (cacheAuth != null) { - return cacheAuth.token; - } else { - cacheAuth = parseToken(accessToken); - if (cacheAuth != null) { - return cacheAuth.token; - } else { - return null; - } - } - } - -} diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java index 723fcc54d0..4d3219a916 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java @@ -17,88 +17,60 @@ *******************************************************************************/ package org.mitre.oauth2.introspectingfilter; -import java.util.Date; +import java.time.Instant; +import java.util.Arrays; import java.util.HashSet; -import java.util.Map; import java.util.Set; -import java.util.concurrent.TimeUnit; +import java.util.stream.Collectors; -import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.common.OAuth2RefreshToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; -import com.google.common.base.Splitter; -import com.google.common.collect.Sets; import com.google.gson.JsonObject; - -public class OAuth2AccessTokenImpl implements OAuth2AccessToken { +public class OAuth2AccessTokenImpl extends OAuth2AccessToken { private JsonObject introspectionResponse; - private String tokenString; - private Set scopes = new HashSet<>(); - private Date expireDate; + public OAuth2AccessTokenImpl(JsonObject introspectionResponse, String tokenValue) { + super(TokenType.BEARER, + tokenValue, + extractIssuedAt(introspectionResponse), + extractExpiresAt(introspectionResponse), + extractScopes(introspectionResponse)); - public OAuth2AccessTokenImpl(JsonObject introspectionResponse, String tokenString) { this.setIntrospectionResponse(introspectionResponse); - this.tokenString = tokenString; - if (introspectionResponse.get("scope") != null) { - scopes = Sets.newHashSet(Splitter.on(" ").split(introspectionResponse.get("scope").getAsString())); - } - - if (introspectionResponse.get("exp") != null) { - expireDate = new Date(introspectionResponse.get("exp").getAsLong() * 1000L); - } } - - @Override - public Map getAdditionalInformation() { - return null; - } - - @Override - public Set getScope() { - return scopes; - } - - @Override - public OAuth2RefreshToken getRefreshToken() { + private static Instant extractIssuedAt(JsonObject introspectionResponse) { + if (introspectionResponse.has("iat") && !introspectionResponse.get("iat").isJsonNull()) { + return Instant.ofEpochSecond(introspectionResponse.get("iat").getAsLong()); + } return null; } - @Override - public String getTokenType() { - return BEARER_TYPE; - } - - @Override - public boolean isExpired() { - if (expireDate != null && expireDate.before(new Date())) { - return true; + private static Instant extractExpiresAt(JsonObject introspectionResponse) { + if (introspectionResponse.has("exp") && !introspectionResponse.get("exp").isJsonNull()) { + return Instant.ofEpochSecond(introspectionResponse.get("exp").getAsLong()); } - return false; - } - - @Override - public Date getExpiration() { - return expireDate; + return null; } - @Override - public int getExpiresIn() { - if (expireDate != null) { - return (int)TimeUnit.MILLISECONDS.toSeconds(expireDate.getTime() - (new Date()).getTime()); + private static Set extractScopes(JsonObject introspectionResponse) { + if (introspectionResponse.has("scope") && !introspectionResponse.get("scope").isJsonNull()) { + String scopeString = introspectionResponse.get("scope").getAsString(); + if (scopeString != null && !scopeString.trim().isEmpty()) { + return Arrays.stream(scopeString.split(" ")) + .collect(Collectors.toSet()); + } } - return 0; + return new HashSet<>(); // Return empty set if no scopes } @Override - public String getValue() { - return tokenString; + public TokenType getTokenType() { + return TokenType.BEARER; } - /** * @return the token */ @@ -106,7 +78,6 @@ public JsonObject getIntrospectionResponse() { return introspectionResponse; } - /** * @param token the token to set */ diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/ScopeBasedIntrospectionAuthoritiesGranter.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/ScopeBasedIntrospectionAuthoritiesGranter.java index 26bc7f11c7..5c098d933b 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/ScopeBasedIntrospectionAuthoritiesGranter.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/ScopeBasedIntrospectionAuthoritiesGranter.java @@ -17,14 +17,16 @@ package org.mitre.oauth2.introspectingfilter.service.impl; import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; import java.util.List; import java.util.Set; +import java.util.stream.Collectors; import org.mitre.oauth2.introspectingfilter.service.IntrospectionAuthorityGranter; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.common.util.OAuth2Utils; import com.google.gson.JsonObject; @@ -45,7 +47,10 @@ public List getAuthorities(JsonObject introspectionResponse) { if (introspectionResponse.has("scope") && introspectionResponse.get("scope").isJsonPrimitive()) { String scopeString = introspectionResponse.get("scope").getAsString(); - Set scopes = OAuth2Utils.parseParameterList(scopeString); + Set scopes = (scopeString != null && !scopeString.trim().isEmpty()) + ? Arrays.stream(scopeString.split(" ")) + .collect(Collectors.toSet()) + : new HashSet<>(); for (String scope : scopes) { auth.add(new SimpleGrantedAuthority("OAUTH_SCOPE_" + scope)); } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java index 8412525471..4d3bceaffb 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java @@ -29,18 +29,20 @@ import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.text.ParseException; +import java.time.Duration; import java.util.Date; import java.util.Map; import java.util.UUID; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpSession; -import org.apache.http.client.HttpClient; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.hc.client5.http.classic.HttpClient; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.core5.util.Timeout; import org.mitre.jwt.signer.service.JWTSigningAndValidationService; import org.mitre.jwt.signer.service.impl.JWKSetCacheService; import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService; @@ -64,6 +66,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import org.springframework.stereotype.Component; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.client.RestClientException; @@ -93,6 +96,7 @@ * @author nemonik, jricher * */ +@Component public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFilter { protected final static String REDIRECT_URI_SESION_VARIABLE = "redirect_uri"; @@ -348,7 +352,7 @@ protected Authentication handleAuthorizationCodeResponse(HttpServletRequest requ httpClient = HttpClientBuilder.create() .useSystemProperties() .setDefaultRequestConfig(RequestConfig.custom() - .setSocketTimeout(httpSocketTimeout) + .setResponseTimeout(Timeout.ofMilliseconds(httpSocketTimeout)) .build()) .build(); } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java index 5b755617bb..0556d0d360 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java @@ -23,9 +23,9 @@ import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; -import org.apache.http.client.HttpClient; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.hc.client5.http.classic.HttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.core5.net.URIBuilder; import org.mitre.openid.connect.config.ServerConfiguration; import org.mitre.openid.connect.config.ServerConfiguration.UserInfoTokenMethod; import org.mitre.openid.connect.model.DefaultUserInfo; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java index 73a8d377f1..40bdcbf3a0 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java @@ -22,7 +22,7 @@ import java.util.Map; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequest; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.config.ServerConfiguration; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java index 7e4e527024..2fe9ac2264 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java @@ -20,10 +20,10 @@ */ package org.mitre.openid.connect.client.service; -import javax.servlet.http.HttpServletRequest; - import org.mitre.openid.connect.client.model.IssuerServiceResponse; +import jakarta.servlet.http.HttpServletRequest; + /** * * Gets an issuer for the given request. Might do dynamic discovery, or might be statically configured. diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java index 2c32fd8fd9..cb2ba1d97a 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java @@ -24,8 +24,8 @@ import java.util.Set; import java.util.concurrent.ExecutionException; -import org.apache.http.client.HttpClient; -import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.hc.client5.http.classic.HttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; import org.mitre.openid.connect.client.service.ClientConfigurationService; @@ -39,8 +39,8 @@ import org.springframework.http.MediaType; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.security.authentication.AuthenticationServiceException; -import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.web.client.RestClientException; import org.springframework.web.client.RestTemplate; @@ -212,7 +212,7 @@ public RegisteredClient load(ServerConfiguration serverConfig) throws Exception return client; } catch (RestClientException rce) { - throw new InvalidClientException("Error registering client with server"); + throw new OAuth2AuthenticationException("Error registering client with server"); } } else { @@ -220,7 +220,7 @@ public RegisteredClient load(ServerConfiguration serverConfig) throws Exception // load this client's information from the server HttpHeaders headers = new HttpHeaders(); - headers.set("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, knownClient.getRegistrationAccessToken())); + headers.set("Authorization", String.format("%s %s", OAuth2AccessToken.TokenType.BEARER, knownClient.getRegistrationAccessToken())); headers.setAccept(Lists.newArrayList(MediaType.APPLICATION_JSON)); HttpEntity entity = new HttpEntity<>(headers); @@ -233,7 +233,7 @@ public RegisteredClient load(ServerConfiguration serverConfig) throws Exception return client; } catch (RestClientException rce) { - throw new InvalidClientException("Error loading previously registered client information from server"); + throw new OAuth2AuthenticationException("Error loading previously registered client information from server"); } } else { // it's got a client ID from the store, don't bother trying to load it diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java index 5f451c2dcb..3f2d91dd29 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java @@ -31,8 +31,8 @@ import java.util.Set; import java.util.concurrent.ExecutionException; -import org.apache.http.client.HttpClient; -import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.hc.client5.http.classic.HttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; import org.mitre.openid.connect.client.service.ServerConfigurationService; import org.mitre.openid.connect.config.ServerConfiguration; import org.slf4j.Logger; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java index cad7d7399a..8f657acbb5 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java @@ -24,7 +24,7 @@ import java.util.Map; import java.util.Map.Entry; -import org.apache.http.client.utils.URIBuilder; +import org.apache.hc.core5.net.URIBuilder; import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService; import org.mitre.jwt.signer.service.impl.JWKSetCacheService; import org.mitre.oauth2.model.RegisteredClient; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java index 816f03698e..0a59867fdb 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java @@ -19,7 +19,7 @@ import java.util.Set; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequest; import org.mitre.openid.connect.client.model.IssuerServiceResponse; import org.mitre.openid.connect.client.service.IssuerService; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java index 86ecece0ef..e4ff2b793d 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java @@ -24,7 +24,7 @@ import java.util.Map; import java.util.Map.Entry; -import org.apache.http.client.utils.URIBuilder; +import org.apache.hc.core5.net.URIBuilder; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder; import org.mitre.openid.connect.config.ServerConfiguration; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java index 604a72a391..36835235cf 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java @@ -24,7 +24,7 @@ import java.util.Map; import java.util.Map.Entry; -import org.apache.http.client.utils.URIBuilder; +import org.apache.hc.core5.net.URIBuilder; import org.mitre.jwt.signer.service.JWTSigningAndValidationService; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java index 8febc64a09..e0c1ebb6ef 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java @@ -23,7 +23,7 @@ import java.util.HashMap; import java.util.Map; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequest; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.client.service.AuthRequestOptionsService; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java index df31018047..f48ddece95 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java @@ -22,7 +22,7 @@ import java.util.Map; -import javax.annotation.PostConstruct; +import jakarta.annotation.PostConstruct; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.client.service.ClientConfigurationService; @@ -58,7 +58,7 @@ public void setClients(Map clients) { /** * Get the client configured for this issuer * - * @see org.mitre.openid.connect.client.service.ClientConfigurationService#getClientConfiguration(java.lang.String) + * @see org.mitre.openid.connect.client.service.ClientConfigurationService#getClientConfiguration(ServerConfiguration) */ @Override public RegisteredClient getClientConfiguration(ServerConfiguration issuer) { diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java index ebca40c1e4..9845c088e9 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java @@ -22,7 +22,7 @@ import java.util.Map; -import javax.annotation.PostConstruct; +import jakarta.annotation.PostConstruct; import org.mitre.openid.connect.client.service.ServerConfigurationService; import org.mitre.openid.connect.config.ServerConfiguration; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java index c72b655236..349bffa7d5 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java @@ -20,8 +20,8 @@ */ package org.mitre.openid.connect.client.service.impl; -import javax.annotation.PostConstruct; -import javax.servlet.http.HttpServletRequest; +import jakarta.annotation.PostConstruct; +import jakarta.servlet.http.HttpServletRequest; import org.mitre.openid.connect.client.model.IssuerServiceResponse; import org.mitre.openid.connect.client.service.IssuerService; @@ -53,7 +53,7 @@ public void setIssuer(String issuer) { /** * Always returns the configured issuer URL * - * @see org.mitre.openid.connect.client.service.IssuerService#getIssuer(javax.servlet.http.HttpServletRequest) + * @see org.mitre.openid.connect.client.service.IssuerService#getIssuer(HttpServletRequest) */ @Override public IssuerServiceResponse getIssuer(HttpServletRequest request) { diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java index b26b91c897..65c18a93e3 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java @@ -24,10 +24,10 @@ import java.util.HashSet; import java.util.Set; -import javax.annotation.PostConstruct; -import javax.servlet.http.HttpServletRequest; +import jakarta.annotation.PostConstruct; +import jakarta.servlet.http.HttpServletRequest; -import org.apache.http.client.utils.URIBuilder; +import org.apache.hc.core5.net.URIBuilder; import org.mitre.openid.connect.client.model.IssuerServiceResponse; import org.mitre.openid.connect.client.service.IssuerService; import org.springframework.security.authentication.AuthenticationServiceException; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java index ca2fe59494..2f6d4c414d 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java @@ -24,11 +24,11 @@ import java.util.Set; import java.util.concurrent.ExecutionException; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequest; -import org.apache.http.client.HttpClient; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.hc.client5.http.classic.HttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.core5.net.URIBuilder; import org.mitre.discovery.util.WebfingerURLNormalizer; import org.mitre.openid.connect.client.model.IssuerServiceResponse; import org.mitre.openid.connect.client.service.IssuerService; diff --git a/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/TestOAuth2AccessTokenImpl.java b/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/TestOAuth2AccessTokenImpl.java index 051b5a26c2..1f86e381c3 100644 --- a/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/TestOAuth2AccessTokenImpl.java +++ b/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/TestOAuth2AccessTokenImpl.java @@ -42,7 +42,6 @@ public class TestOAuth2AccessTokenImpl { @Test public void testFullToken() { - JsonObject tokenObj = new JsonObject(); tokenObj.addProperty("active", true); tokenObj.addProperty("scope", scopeString); @@ -52,8 +51,8 @@ public void testFullToken() { OAuth2AccessTokenImpl tok = new OAuth2AccessTokenImpl(tokenObj, tokenString); - assertThat(tok.getScope(), is(equalTo(scopes))); - assertThat(tok.getExpiration(), is(equalTo(exp))); + assertThat(tok.getScopes(), is(equalTo(scopes))); + assertThat(tok.getExpiresAt(), is(equalTo(exp.toInstant()))); } @Test @@ -68,8 +67,8 @@ public void testNullExp() { OAuth2AccessTokenImpl tok = new OAuth2AccessTokenImpl(tokenObj, tokenString); - assertThat(tok.getScope(), is(equalTo(scopes))); - assertThat(tok.getExpiration(), is(equalTo(null))); + assertThat(tok.getScopes(), is(equalTo(scopes))); + assertThat(tok.getExpiresAt(), is(equalTo(null))); } @Test @@ -84,8 +83,8 @@ public void testNullScopes() { OAuth2AccessTokenImpl tok = new OAuth2AccessTokenImpl(tokenObj, tokenString); - assertThat(tok.getScope(), is(equalTo(Collections.EMPTY_SET))); - assertThat(tok.getExpiration(), is(equalTo(exp))); + assertThat(tok.getScopes(), is(equalTo(Collections.EMPTY_SET))); + assertThat(tok.getExpiresAt(), is(equalTo(exp.toInstant()))); } @Test @@ -99,8 +98,8 @@ public void testNullScopesNullExp() { OAuth2AccessTokenImpl tok = new OAuth2AccessTokenImpl(tokenObj, tokenString); - assertThat(tok.getScope(), is(equalTo(Collections.EMPTY_SET))); - assertThat(tok.getExpiration(), is(equalTo(null))); + assertThat(tok.getScopes(), is(equalTo(Collections.EMPTY_SET))); + assertThat(tok.getExpiresAt(), is(equalTo(null))); } } diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java index ae3018bbc8..ab6ee11539 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java @@ -15,8 +15,8 @@ *******************************************************************************/ package org.mitre.openid.connect.client; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.junit.Test; import org.mockito.Mockito; diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java index f7455981d9..9242891af4 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java @@ -23,10 +23,9 @@ import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.config.ServerConfiguration; import org.mockito.InjectMocks; -import org.mockito.Matchers; import org.mockito.Mock; import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; +import org.mockito.junit.MockitoJUnitRunner; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.nullValue; @@ -38,7 +37,7 @@ * @author wkim * */ -@RunWith(MockitoJUnitRunner.class) +@RunWith(MockitoJUnitRunner.Silent.class) public class TestHybridClientConfigurationService { @Mock @@ -77,7 +76,7 @@ public void getClientConfiguration_useStatic() { RegisteredClient result = hybridService.getClientConfiguration(mockServerConfig); Mockito.verify(mockStaticService).getClientConfiguration(mockServerConfig); - Mockito.verify(mockDynamicService, Mockito.never()).getClientConfiguration(Matchers.any(ServerConfiguration.class)); + Mockito.verify(mockDynamicService, Mockito.never()).getClientConfiguration(Mockito.any(ServerConfiguration.class)); assertEquals(mockClient, result); } diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java index c14e756f14..a85a5ea9e3 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java @@ -17,22 +17,19 @@ *******************************************************************************/ package org.mitre.openid.connect.client.service.impl; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mitre.openid.connect.config.ServerConfiguration; import org.mockito.InjectMocks; -import org.mockito.Matchers; import org.mockito.Mock; import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; +import org.mockito.junit.MockitoJUnitRunner; /** * @author wkim @@ -71,7 +68,7 @@ public void getServerConfiguration_useStatic() { ServerConfiguration result = hybridService.getServerConfiguration(issuer); Mockito.verify(mockStaticService).getServerConfiguration(issuer); - Mockito.verify(mockDynamicService, Mockito.never()).getServerConfiguration(Matchers.anyString()); + Mockito.verify(mockDynamicService, Mockito.never()).getServerConfiguration(Mockito.anyString()); assertEquals(mockServerConfig, result); } @@ -94,9 +91,6 @@ public void getServerConfiguration_useDynamic() { @Test public void getServerConfiguration_noIssuer() { - Mockito.when(mockStaticService.getServerConfiguration(issuer)).thenReturn(mockServerConfig); - Mockito.when(mockDynamicService.getServerConfiguration(issuer)).thenReturn(mockServerConfig); - String badIssuer = "www.badexample.com"; ServerConfiguration result = hybridService.getServerConfiguration(badIssuer); diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java index 391afb612c..df03dbc7e7 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java @@ -62,7 +62,7 @@ public void buildAuthRequestUrl() { String expectedUrl = "https://server.example.com/authorize?" + "response_type=code" + "&client_id=s6BhdRkqt3" + - "&scope=openid+profile" + // plus sign used for space per application/x-www-form-encoded standard + "&scope=openid%20profile" + // plus sign used for space per application/x-www-form-encoded standard "&redirect_uri=https%3A%2F%2Fclient.example.org%2F" + "&nonce=34fasf3ds" + "&state=af0ifjsldkj" + @@ -81,7 +81,7 @@ public void buildAuthRequestUrl_withLoginHint() { String expectedUrl = "https://server.example.com/authorize?" + "response_type=code" + "&client_id=s6BhdRkqt3" + - "&scope=openid+profile" + // plus sign used for space per application/x-www-form-encoded standard + "&scope=openid%20profile" + // plus sign used for space per application/x-www-form-encoded standard "&redirect_uri=https%3A%2F%2Fclient.example.org%2F" + "&nonce=34fasf3ds" + "&state=af0ifjsldkj" + diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java index 4f251a4e3c..6e544dc44c 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java @@ -27,7 +27,7 @@ import org.mitre.openid.connect.config.ServerConfiguration; import org.mockito.Mock; import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; +import org.mockito.junit.MockitoJUnitRunner; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.notNullValue; diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java index 9f86bd3469..6a4aaa3997 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java @@ -25,7 +25,7 @@ import org.junit.runner.RunWith; import org.mitre.openid.connect.config.ServerConfiguration; import org.mockito.Mock; -import org.mockito.runners.MockitoJUnitRunner; +import org.mockito.junit.MockitoJUnitRunner; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.notNullValue; diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java index 7a54e7d16c..f5b4ca4480 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java @@ -17,7 +17,7 @@ *******************************************************************************/ package org.mitre.openid.connect.client.service.impl; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequest; import org.junit.Before; import org.junit.Test; diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml index 579837ffba..c597962de1 100644 --- a/openid-connect-common/pom.xml +++ b/openid-connect-common/pom.xml @@ -22,7 +22,7 @@ openid-connect-parent org.mitre - 1.3.5-SNAPSHOT + 1.3.4.1 .. openid-connect-common @@ -52,20 +52,24 @@ guava - org.apache.httpcomponents - httpclient + org.apache.httpcomponents.client5 + httpclient5 - org.springframework.security.oauth - spring-security-oauth2 + org.springframework.security + spring-security-oauth2-client + + + org.springframework.security + spring-security-oauth2-resource-server com.nimbusds nimbus-jose-jwt - org.eclipse.persistence - javax.persistence + jakarta.persistence + jakarta.persistence-api com.google.code.gson @@ -75,37 +79,17 @@ org.slf4j slf4j-api - - com.fasterxml.jackson.core - jackson-databind - - - com.fasterxml.jackson.core - jackson-annotations - org.bouncycastle bcprov-jdk15on - javax.annotation - javax.annotation-api + jakarta.annotation + jakarta.annotation-api - jakarta.xml.bind - jakarta.xml.bind-api - - - javax.xml.bind - jaxb-api - - - javax.activation - activation - - - org.glassfish.jaxb - jaxb-runtime + org.springframework.security + spring-security-oauth2-authorization-server diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java index dbe8a530bb..f6ab4f59f5 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java @@ -25,7 +25,7 @@ import java.util.Map; import java.util.Set; -import javax.annotation.PostConstruct; +import jakarta.annotation.PostConstruct; import org.mitre.jose.keystore.JWKSetKeyStore; import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService; diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java index 8c98005115..33df48156d 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java @@ -20,11 +20,12 @@ */ package org.mitre.jwt.signer.service.impl; +import java.util.concurrent.Callable; import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; -import org.apache.http.client.HttpClient; -import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.hc.client5.http.classic.HttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; import org.mitre.jose.keystore.JWKSetKeyStore; import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService; import org.mitre.jwt.encryption.service.impl.DefaultJWTEncryptionAndDecryptionService; @@ -80,7 +81,7 @@ public JWKSetCacheService() { * @param jwksUri * @return * @throws ExecutionException - * @see com.google.common.cache.Cache#get(java.lang.Object) + * @see com.google.common.cache.Cache#get(Object, Callable) */ public JWTSigningAndValidationService getValidator(String jwksUri) { try { diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java index 28accd47e7..0628aa9ecc 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java @@ -19,35 +19,30 @@ import java.io.Serializable; import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; import java.util.Map; import java.util.Set; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.Convert; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.MapKeyColumn; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.OneToOne; -import javax.persistence.Table; -import javax.persistence.Transient; - import org.mitre.oauth2.model.convert.SerializableStringConverter; import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; + +import jakarta.persistence.Basic; +import jakarta.persistence.CascadeType; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.Convert; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.MapKeyColumn; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.OneToOne; +import jakarta.persistence.Table; @Entity @Table(name = "authentication_holder") @@ -100,40 +95,6 @@ public void setId(Long id) { this.id = id; } - @Transient - public OAuth2Authentication getAuthentication() { - // TODO: memoize this - return new OAuth2Authentication(createOAuth2Request(), getUserAuth()); - } - - /** - * @return - */ - private OAuth2Request createOAuth2Request() { - return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions); - } - - public void setAuthentication(OAuth2Authentication authentication) { - - // pull apart the request and save its bits - OAuth2Request o2Request = authentication.getOAuth2Request(); - setAuthorities(o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities())); - setClientId(o2Request.getClientId()); - setExtensions(o2Request.getExtensions() == null ? null : new HashMap<>(o2Request.getExtensions())); - setRedirectUri(o2Request.getRedirectUri()); - setRequestParameters(o2Request.getRequestParameters() == null ? null : new HashMap<>(o2Request.getRequestParameters())); - setResourceIds(o2Request.getResourceIds() == null ? null : new HashSet<>(o2Request.getResourceIds())); - setResponseTypes(o2Request.getResponseTypes() == null ? null : new HashSet<>(o2Request.getResponseTypes())); - setScope(o2Request.getScope() == null ? null : new HashSet<>(o2Request.getScope())); - setApproved(o2Request.isApproved()); - - if (authentication.getUserAuthentication() != null) { - this.userAuth = new SavedUserAuthentication(authentication.getUserAuthentication()); - } else { - this.userAuth = null; - } - } - /** * @return the userAuth */ diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java index 385f467685..24796a1b9c 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java @@ -19,18 +19,18 @@ import java.util.Date; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.ManyToOne; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; -import javax.persistence.Temporal; +import jakarta.persistence.Basic; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.ManyToOne; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.Table; +import jakarta.persistence.Temporal; /** * Entity class for authorization codes @@ -122,14 +122,14 @@ public AuthenticationHolderEntity getAuthenticationHolder() { } /** - * @param authentication the authentication to set + * @param authenticationHolder the authentication to set */ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { this.authenticationHolder = authenticationHolder; } @Basic - @Temporal(javax.persistence.TemporalType.TIMESTAMP) + @Temporal(jakarta.persistence.TemporalType.TIMESTAMP) @Column(name = "expiration") public Date getExpiration() { return expiration; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index c161c07970..b22bfda6a0 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -15,9 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. *******************************************************************************/ -/** - * - */ + package org.mitre.oauth2.model; import java.util.Date; @@ -26,27 +24,27 @@ import java.util.Map; import java.util.Set; -import javax.persistence.Basic; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.Convert; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.EnumType; -import javax.persistence.Enumerated; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.PrePersist; -import javax.persistence.PreUpdate; -import javax.persistence.Table; -import javax.persistence.Temporal; -import javax.persistence.TemporalType; -import javax.persistence.Transient; +import jakarta.persistence.Basic; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.Convert; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.EnumType; +import jakarta.persistence.Enumerated; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.PrePersist; +import jakarta.persistence.PreUpdate; +import jakarta.persistence.Table; +import jakarta.persistence.Temporal; +import jakarta.persistence.TemporalType; +import jakarta.persistence.Transient; import org.mitre.oauth2.model.convert.JWEAlgorithmStringConverter; import org.mitre.oauth2.model.convert.JWEEncryptionMethodStringConverter; @@ -56,7 +54,7 @@ import org.mitre.oauth2.model.convert.PKCEAlgorithmStringConverter; import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.provider.ClientDetails; +import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; @@ -74,7 +72,7 @@ @NamedQuery(name = ClientDetailsEntity.QUERY_ALL, query = "SELECT c FROM ClientDetailsEntity c"), @NamedQuery(name = ClientDetailsEntity.QUERY_BY_CLIENT_ID, query = "select c from ClientDetailsEntity c where c.clientId = :" + ClientDetailsEntity.PARAM_CLIENT_ID) }) -public class ClientDetailsEntity implements ClientDetails { +public class ClientDetailsEntity extends RegisteredClient { public static final String QUERY_BY_CLIENT_ID = "ClientDetailsEntity.getByClientId"; public static final String QUERY_ALL = "ClientDetailsEntity.findAll"; @@ -85,7 +83,7 @@ public class ClientDetailsEntity implements ClientDetails { private static final long serialVersionUID = -1617727085733786296L; - private Long id; + private Long longId; /** Fields from the OAuth2 Dynamic Registration Specification */ private String clientId = null; // client_id @@ -262,16 +260,16 @@ private void prePersist() { @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") - public Long getId() { - return id; + public Long getLongId() { + return longId; } /** * - * @param id the id to set + * @param longId the id to set */ - public void setId(Long id) { - this.id = id; + public void setLongId(Long longId) { + this.longId = longId; } /** @@ -369,7 +367,6 @@ public void setAllowIntrospection(boolean allowIntrospection) { /** * */ - @Override @Transient public boolean isSecretRequired() { if (getTokenEndpointAuthMethod() != null && @@ -386,10 +383,9 @@ public boolean isSecretRequired() { /** * If the scope list is not null or empty, then this client has been scoped. */ - @Override @Transient public boolean isScoped() { - return getScope() != null && !getScope().isEmpty(); + return getScopes() != null && !getScopes().isEmpty(); } /** @@ -436,7 +432,7 @@ public void setClientSecret(String clientSecret) { ) @Override @Column(name="scope") - public Set getScope() { + public Set getScopes() { return scope; } @@ -461,7 +457,7 @@ public Set getGrantTypes() { } /** - * @param authorizedGrantTypes the OAuth2 grant types that this client is allowed to use + * @param grantTypes the OAuth2 grant types that this client is allowed to use */ public void setGrantTypes(Set grantTypes) { this.grantTypes = grantTypes; @@ -470,7 +466,6 @@ public void setGrantTypes(Set grantTypes) { /** * passthrough for SECOAUTH api */ - @Override @Transient public Set getAuthorizedGrantTypes() { return getGrantTypes(); @@ -484,7 +479,6 @@ public Set getAuthorizedGrantTypes() { name="client_authority", joinColumns=@JoinColumn(name="owner_id") ) - @Override @Convert(converter = SimpleGrantedAuthorityStringConverter.class) @Column(name="authority") public Set getAuthorities() { @@ -498,7 +492,6 @@ public void setAuthorities(Set authorities) { this.authorities = authorities; } - @Override @Basic @Column(name="access_token_validity_seconds") public Integer getAccessTokenValiditySeconds() { @@ -506,13 +499,12 @@ public Integer getAccessTokenValiditySeconds() { } /** - * @param accessTokenTimeout the accessTokenTimeout to set + * @param accessTokenValiditySeconds the accessTokenTimeout to set */ public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) { this.accessTokenValiditySeconds = accessTokenValiditySeconds; } - @Override @Basic @Column(name="refresh_token_validity_seconds") public Integer getRefreshTokenValiditySeconds() { @@ -520,7 +512,7 @@ public Integer getRefreshTokenValiditySeconds() { } /** - * @param refreshTokenTimeout Lifetime of refresh tokens, in seconds (optional - leave null for no timeout) + * @param refreshTokenValiditySeconds Lifetime of refresh tokens, in seconds (optional - leave null for no timeout) */ public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) { this.refreshTokenValiditySeconds = refreshTokenValiditySeconds; @@ -540,7 +532,7 @@ public Set getRedirectUris() { } /** - * @param registeredRedirectUri the registeredRedirectUri to set + * @param redirectUris the registeredRedirectUri to set */ public void setRedirectUris(Set redirectUris) { this.redirectUris = redirectUris; @@ -549,7 +541,6 @@ public void setRedirectUris(Set redirectUris) { /** * Pass-through method to fulfill the ClientDetails interface with a bad name */ - @Override @Transient public Set getRegisteredRedirectUri() { return getRedirectUris(); @@ -558,7 +549,6 @@ public Set getRegisteredRedirectUri() { /** * @return the resourceIds */ - @Override @ElementCollection(fetch = FetchType.EAGER) @CollectionTable( name="client_resource", @@ -585,7 +575,6 @@ public void setResourceIds(Set resourceIds) { * * @return an empty map */ - @Override @Transient public Map getAdditionalInformation() { return this.additionalInformation; @@ -678,7 +667,7 @@ public String getClientUri() { } /** - * @param clientUrl the clientUrl to set + * @param clientUri the clientUrl to set */ public void setClientUri(String clientUri) { this.clientUri = clientUri; @@ -694,7 +683,7 @@ public String getTosUri() { } /** - * @param tosUrl the tosUrl to set + * @param tosUri the tosUrl to set */ public void setTosUri(String tosUri) { this.tosUri = tosUri; @@ -960,7 +949,6 @@ public void setCreatedAt(Date createdAt) { /** * Our framework doesn't use this construct, we use WhitelistedSites and ApprovedSites instead. */ - @Override public boolean isAutoApprove(String scope) { return false; } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java index c15a95fe11..aadb365556 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java @@ -20,22 +20,22 @@ import java.util.Map; import java.util.Set; -import javax.persistence.Basic; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.ManyToOne; -import javax.persistence.MapKeyColumn; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; -import javax.persistence.Temporal; +import jakarta.persistence.Basic; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.ManyToOne; +import jakarta.persistence.MapKeyColumn; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.Table; +import jakarta.persistence.Temporal; /** * @author jricher @@ -150,7 +150,7 @@ public void setScope(Set scope) { } @Basic - @Temporal(javax.persistence.TemporalType.TIMESTAMP) + @Temporal(jakarta.persistence.TemporalType.TIMESTAMP) @Column(name = "expiration") public Date getExpiration() { return expiration; @@ -224,7 +224,7 @@ public AuthenticationHolderEntity getAuthenticationHolder() { } /** - * @param authentication the authentication to set + * @param authenticationHolder the authentication to set */ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { this.authenticationHolder = authenticationHolder; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index d1bda807b7..ae43208f34 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -15,48 +15,46 @@ * See the License for the specific language governing permissions and * limitations under the License. *******************************************************************************/ -/** - * - */ + package org.mitre.oauth2.model; -import java.util.Date; +import java.text.ParseException; +import java.time.Duration; +import java.time.Instant; +import java.util.Collections; import java.util.HashMap; import java.util.Map; import java.util.Set; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.Convert; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.JoinTable; -import javax.persistence.ManyToOne; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.OneToMany; -import javax.persistence.Table; -import javax.persistence.Temporal; -import javax.persistence.Transient; - import org.mitre.oauth2.model.convert.JWTStringConverter; import org.mitre.openid.connect.model.ApprovedSite; import org.mitre.uma.model.Permission; -import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson1Deserializer; -import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson1Serializer; -import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Deserializer; -import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Serializer; -import org.springframework.security.oauth2.common.OAuth2RefreshToken; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.OAuth2RefreshToken; import com.nimbusds.jwt.JWT; +import com.nimbusds.jwt.JWTParser; + +import jakarta.persistence.Basic; +import jakarta.persistence.CascadeType; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.Convert; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.JoinTable; +import jakarta.persistence.ManyToOne; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.OneToMany; +import jakarta.persistence.Table; +import jakarta.persistence.Temporal; +import jakarta.persistence.Transient; /** * @author jricher @@ -66,7 +64,7 @@ @Table(name = "access_token") @NamedQueries({ @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_ALL, query = "select a from OAuth2AccessTokenEntity a"), - @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :" + OAuth2AccessTokenEntity.PARAM_DATE), + @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select a from OAuth2AccessTokenEntity a where a.expiresAt <= :" + OAuth2AccessTokenEntity.PARAM_DATE), @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :" + OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN), @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT), @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE), @@ -74,11 +72,8 @@ @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID), @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME) }) -@org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2AccessTokenJackson1Serializer.class) -@org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2AccessTokenJackson1Deserializer.class) -@com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class) -@com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class) -public class OAuth2AccessTokenEntity implements OAuth2AccessToken { + +public class OAuth2AccessTokenEntity extends OAuth2AccessToken { public static final String QUERY_BY_APPROVED_SITE = "OAuth2AccessTokenEntity.getByApprovedSite"; public static final String QUERY_BY_TOKEN_VALUE = "OAuth2AccessTokenEntity.getByTokenValue"; @@ -107,9 +102,9 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { private JWT jwtValue; // JWT-encoded access token value - private Date expiration; + private Instant expiresAt; - private String tokenType = OAuth2AccessToken.BEARER_TYPE; + private TokenType tokenType = TokenType.BEARER; private OAuth2RefreshTokenEntity refreshToken; @@ -121,13 +116,19 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { private Map additionalInformation = new HashMap<>(); // ephemeral map of items to be added to the OAuth token response - /** - * Create a new, blank access token - */ public OAuth2AccessTokenEntity() { - + super(TokenType.BEARER, null, null, null, Collections.emptySet()); } + public OAuth2AccessTokenEntity(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set scopes) + throws ParseException { + super(tokenType, tokenValue, issuedAt, expiresAt, scopes); + this.jwtValue = JWTParser.parse(tokenValue); + this.expiresAt = expiresAt; + this.tokenType = tokenType; + this.scope = scopes; + } + /** * @return the id */ @@ -149,7 +150,6 @@ public void setId(Long id) { * Get all additional information to be sent to the serializer as part of the token response. * This map is not persisted to the database. */ - @Override @Transient public Map getAdditionalInformation() { return additionalInformation; @@ -166,7 +166,7 @@ public AuthenticationHolderEntity getAuthenticationHolder() { } /** - * @param authentication the authentication to set + * @param authenticationHolder the authentication to set */ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { this.authenticationHolder = authenticationHolder; @@ -193,34 +193,33 @@ public void setClient(ClientDetailsEntity client) { */ @Override @Transient - public String getValue() { + public String getTokenValue() { return jwtValue.serialize(); } @Override @Basic - @Temporal(javax.persistence.TemporalType.TIMESTAMP) + @Temporal(jakarta.persistence.TemporalType.TIMESTAMP) @Column(name = "expiration") - public Date getExpiration() { - return expiration; + public Instant getExpiresAt() { + return expiresAt; } - public void setExpiration(Date expiration) { - this.expiration = expiration; + public void getExpiresAt(Instant expiresAt) { + this.expiresAt = expiresAt; } @Override @Basic @Column(name="token_type") - public String getTokenType() { + public TokenType getTokenType() { return tokenType; } - public void setTokenType(String tokenType) { + public void setTokenType(TokenType tokenType) { this.tokenType = tokenType; } - @Override @ManyToOne @JoinColumn(name="refresh_token_id") public OAuth2RefreshTokenEntity getRefreshToken() { @@ -245,18 +244,17 @@ public void setRefreshToken(OAuth2RefreshToken refreshToken) { joinColumns=@JoinColumn(name="owner_id"), name="token_scope" ) - public Set getScope() { + public Set getScopes() { return scope; } - public void setScope(Set scope) { + public void setScopes(Set scope) { this.scope = scope; } - @Override @Transient public boolean isExpired() { - return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime(); + return expiresAt != null && Instant.now().isAfter(expiresAt); } /** @@ -270,24 +268,23 @@ public JWT getJwt() { } /** - * @param jwtValue the jwtValue to set + * @param jwt the jwtValue to set */ public void setJwt(JWT jwt) { this.jwtValue = jwt; } - @Override @Transient public int getExpiresIn() { - if (getExpiration() == null) { + if (getExpiresAt() == null) { return -1; // no expiration time } else { - int secondsRemaining = (int) ((getExpiration().getTime() - System.currentTimeMillis()) / 1000); - if (isExpired()) { - return 0; // has an expiration time and expired - } else { // has an expiration time and not expired - return secondsRemaining; + Duration duration = Duration.between(Instant.now(), getExpiresAt()); + if (duration.isNegative()) { + return 0; // Already expired + } else { + return (int) duration.getSeconds(); } } } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java index f6c2d2153c..cb789bbbb0 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java @@ -22,24 +22,24 @@ import java.util.Date; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Convert; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.ManyToOne; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; -import javax.persistence.Temporal; -import javax.persistence.Transient; +import jakarta.persistence.Basic; +import jakarta.persistence.Column; +import jakarta.persistence.Convert; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.ManyToOne; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.Table; +import jakarta.persistence.Temporal; +import jakarta.persistence.Transient; import org.mitre.oauth2.model.convert.JWTStringConverter; -import org.springframework.security.oauth2.common.OAuth2RefreshToken; +import org.springframework.security.oauth2.core.OAuth2RefreshToken; import com.nimbusds.jwt.JWT; @@ -56,7 +56,7 @@ @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE), @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2RefreshTokenEntity.PARAM_NAME) }) -public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken { +public class OAuth2RefreshTokenEntity extends OAuth2RefreshToken { public static final String QUERY_BY_TOKEN_VALUE = "OAuth2RefreshTokenEntity.getByTokenValue"; public static final String QUERY_BY_CLIENT = "OAuth2RefreshTokenEntity.getByClient"; @@ -85,7 +85,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken { * */ public OAuth2RefreshTokenEntity() { - + super("", null); } /** @@ -118,7 +118,7 @@ public AuthenticationHolderEntity getAuthenticationHolder() { } /** - * @param authentication the authentication to set + * @param authenticationHolder the authentication to set */ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { this.authenticationHolder = authenticationHolder; @@ -129,12 +129,12 @@ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHol */ @Override @Transient - public String getValue() { + public String getTokenValue() { return jwt.serialize(); } @Basic - @Temporal(javax.persistence.TemporalType.TIMESTAMP) + @Temporal(jakarta.persistence.TemporalType.TIMESTAMP) @Column(name = "expiration") public Date getExpiration() { return expiration; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java index 6e4003937f..4d9076bc6f 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java @@ -208,10 +208,10 @@ public void setClientSecret(String clientSecret) { } /** * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getScope() + * @see org.mitre.oauth2.model.ClientDetailsEntity#getScopes() */ public Set getScope() { - return client.getScope(); + return client.getScopes(); } /** * @param scope @@ -574,7 +574,7 @@ public Set getPostLogoutRedirectUris() { } /** * @param postLogoutRedirectUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUris(java.lang.String) + * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUris(Set) */ public void setPostLogoutRedirectUris(Set postLogoutRedirectUri) { client.setPostLogoutRedirectUris(postLogoutRedirectUri); @@ -767,7 +767,7 @@ public Date getClientSecretExpiresAt() { return clientSecretExpiresAt; } /** - * @param clientSecretExpiresAt the clientSecretExpiresAt to set + * @param expiresAt the clientSecretExpiresAt to set */ public void setClientSecretExpiresAt(Date expiresAt) { this.clientSecretExpiresAt = expiresAt; @@ -779,7 +779,7 @@ public Date getClientIdIssuedAt() { return clientIdIssuedAt; } /** - * @param clientIdIssuedAt the clientIdIssuedAt to set + * @param issuedAt the clientIdIssuedAt to set */ public void setClientIdIssuedAt(Date issuedAt) { this.clientIdIssuedAt = issuedAt; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java index 21fa34a830..5448f617b2 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java @@ -19,19 +19,19 @@ import java.util.Collection; import java.util.HashSet; -import javax.persistence.Basic; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.Convert; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.Table; -import javax.persistence.Transient; +import jakarta.persistence.Basic; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.Convert; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.Table; +import jakarta.persistence.Transient; import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter; import org.springframework.security.core.Authentication; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java index 0807b160e8..d004fa88ba 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java @@ -20,15 +20,15 @@ */ package org.mitre.oauth2.model; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.Table; /** * @author jricher diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java index 1341cb4bc8..a4c5e116c4 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java @@ -16,8 +16,8 @@ package org.mitre.oauth2.model.convert; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import com.nimbusds.jose.JWEAlgorithm; @@ -44,4 +44,4 @@ public JWEAlgorithm convertToEntityAttribute(String dbData) { return null; } } -} \ No newline at end of file +} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEEncryptionMethodStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEEncryptionMethodStringConverter.java index a9f0355b8b..8239d2a256 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEEncryptionMethodStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEEncryptionMethodStringConverter.java @@ -16,8 +16,8 @@ package org.mitre.oauth2.model.convert; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import com.nimbusds.jose.EncryptionMethod; @@ -44,4 +44,4 @@ public EncryptionMethod convertToEntityAttribute(String dbData) { return null; } } -} \ No newline at end of file +} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java index f499e1af4b..7da573f0ae 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java @@ -18,8 +18,8 @@ import java.text.ParseException; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java index c671c50fa0..839a09a1ff 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java @@ -16,8 +16,8 @@ package org.mitre.oauth2.model.convert; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import com.nimbusds.jose.JWSAlgorithm; @@ -44,4 +44,4 @@ public JWSAlgorithm convertToEntityAttribute(String dbData) { return null; } } -} \ No newline at end of file +} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java index 6f69c6a88b..904546df09 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java @@ -18,8 +18,8 @@ import java.text.ParseException; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java index 3ee6305372..48c9638291 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java @@ -16,8 +16,8 @@ package org.mitre.oauth2.model.convert; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import com.google.common.base.Strings; import com.google.gson.JsonElement; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/PKCEAlgorithmStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/PKCEAlgorithmStringConverter.java index 4e8359f841..8558a85c04 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/PKCEAlgorithmStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/PKCEAlgorithmStringConverter.java @@ -16,8 +16,8 @@ package org.mitre.oauth2.model.convert; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import org.mitre.oauth2.model.PKCEAlgorithm; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java index 0c3e523884..cb715a1f2e 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java @@ -19,8 +19,8 @@ import java.io.Serializable; import java.util.Date; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java index 875387508f..25135eedec 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java @@ -16,8 +16,8 @@ package org.mitre.oauth2.model.convert; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import org.springframework.security.core.authority.SimpleGrantedAuthority; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java deleted file mode 100644 index 08695c6751..0000000000 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service; - -import java.util.Collection; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; -import org.springframework.security.oauth2.provider.ClientDetailsService; - -public interface ClientDetailsEntityService extends ClientDetailsService { - - public ClientDetailsEntity saveNewClient(ClientDetailsEntity client); - - public ClientDetailsEntity getClientById(Long id); - - @Override - public ClientDetailsEntity loadClientByClientId(String clientId) throws OAuth2Exception; - - public void deleteClient(ClientDetailsEntity client); - - public ClientDetailsEntity updateClient(ClientDetailsEntity oldClient, ClientDetailsEntity newClient); - - public Collection getAllClients(); - - public ClientDetailsEntity generateClientId(ClientDetailsEntity client); - - public ClientDetailsEntity generateClientSecret(ClientDetailsEntity client); - -} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java deleted file mode 100644 index b9601292ee..0000000000 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java +++ /dev/null @@ -1,73 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.service; - -import java.util.Map; -import java.util.Set; - -import org.mitre.oauth2.exception.DeviceCodeCreationException; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.DeviceCode; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.OAuth2Authentication; - -/** - * @author jricher - * - */ -public interface DeviceCodeService { - - /** - * @param userCode - * @return - */ - public DeviceCode lookUpByUserCode(String userCode); - - /** - * @param dc - * @param o2Auth - */ - public DeviceCode approveDeviceCode(DeviceCode dc, OAuth2Authentication o2Auth); - - /** - * @param deviceCode - * @param client - * @return - */ - public DeviceCode findDeviceCode(String deviceCode, ClientDetails client); - - - /** - * - * @param deviceCode - * @param client - */ - public void clearDeviceCode(String deviceCode, ClientDetails client); - - /** - * @param deviceCode - * @param userCode - * @param requestedScopes - * @param client - * @param parameters - * @return - */ - public DeviceCode createNewDeviceCode(Set requestedScopes, ClientDetailsEntity client, Map parameters) throws DeviceCodeCreationException; - - - public void clearExpiredDeviceCodes(); -} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java deleted file mode 100644 index c39ccd90da..0000000000 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java +++ /dev/null @@ -1,63 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service; - -import java.util.List; -import java.util.Set; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; -import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices; - -public interface OAuth2TokenEntityService extends AuthorizationServerTokenServices, ResourceServerTokenServices { - - @Override - public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue); - - public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue); - - public void revokeRefreshToken(OAuth2RefreshTokenEntity refreshToken); - - public void revokeAccessToken(OAuth2AccessTokenEntity accessToken); - - public List getAccessTokensForClient(ClientDetailsEntity client); - - public List getRefreshTokensForClient(ClientDetailsEntity client); - - public void clearExpiredTokens(); - - public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity accessToken); - - public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken); - - @Override - public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication); - - public OAuth2AccessTokenEntity getAccessTokenById(Long id); - - public OAuth2RefreshTokenEntity getRefreshTokenById(Long id); - - public Set getAllAccessTokensForUser(String name); - - public Set getAllRefreshTokensForUser(String name); - - public OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetailsEntity client); -} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java deleted file mode 100644 index da7a177c87..0000000000 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java +++ /dev/null @@ -1,104 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service.impl; - -import java.math.BigInteger; -import java.security.SecureRandom; -import java.util.Collection; -import java.util.HashSet; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.stereotype.Service; - -import com.google.common.base.Strings; - -/** - * Shim layer to convert a ClientDetails service into a UserDetails service - * - * @author AANGANES - * - */ -@Service("clientUserDetailsService") -public class DefaultClientUserDetailsService implements UserDetailsService { - - private static GrantedAuthority ROLE_CLIENT = new SimpleGrantedAuthority("ROLE_CLIENT"); - - @Autowired - private ClientDetailsEntityService clientDetailsService; - - @Autowired - private ConfigurationPropertiesBean config; - - @Override - public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException { - - try { - ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientId); - - if (client != null) { - - String password = Strings.nullToEmpty(client.getClientSecret()); - - if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets - (client.getTokenEndpointAuthMethod() != null && - (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) || - client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) { - - // Issue a random password each time to prevent password auth from being used (or skipped) - // for private key or shared key clients, see #715 - - password = new BigInteger(512, new SecureRandom()).toString(16); - } - - boolean enabled = true; - boolean accountNonExpired = true; - boolean credentialsNonExpired = true; - boolean accountNonLocked = true; - Collection authorities = new HashSet<>(client.getAuthorities()); - authorities.add(ROLE_CLIENT); - - return new User(clientId, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); - } else { - throw new UsernameNotFoundException("Client not found: " + clientId); - } - } catch (InvalidClientException e) { - throw new UsernameNotFoundException("Client not found: " + clientId); - } - - } - - public ClientDetailsEntityService getClientDetailsService() { - return clientDetailsService; - } - - public void setClientDetailsService(ClientDetailsEntityService clientDetailsService) { - this.clientDetailsService = clientDetailsService; - } - -} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java deleted file mode 100644 index 64ef7e45cf..0000000000 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java +++ /dev/null @@ -1,108 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service.impl; - -import java.io.UnsupportedEncodingException; -import java.math.BigInteger; -import java.security.SecureRandom; -import java.util.Collection; -import java.util.HashSet; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.stereotype.Service; -import org.springframework.web.util.UriUtils; - -import com.google.common.base.Strings; - -/** - * Loads client details based on URI encoding as passed in from basic auth. - * - * Should only get called if non-encoded provider fails. - * - * @author AANGANES - * - */ -@Service("uriEncodedClientUserDetailsService") -public class UriEncodedClientUserDetailsService implements UserDetailsService { - - private static GrantedAuthority ROLE_CLIENT = new SimpleGrantedAuthority("ROLE_CLIENT"); - - @Autowired - private ClientDetailsEntityService clientDetailsService; - - @Autowired - private ConfigurationPropertiesBean config; - - @Override - public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException { - - try { - String decodedClientId = UriUtils.decode(clientId, "UTF-8"); - - ClientDetailsEntity client = clientDetailsService.loadClientByClientId(decodedClientId); - - if (client != null) { - - String encodedPassword = UriUtils.encodePathSegment(Strings.nullToEmpty(client.getClientSecret()), "UTF-8"); - - if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets - (client.getTokenEndpointAuthMethod() != null && - (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) || - client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) { - - // Issue a random password each time to prevent password auth from being used (or skipped) - // for private key or shared key clients, see #715 - - encodedPassword = new BigInteger(512, new SecureRandom()).toString(16); - } - - boolean enabled = true; - boolean accountNonExpired = true; - boolean credentialsNonExpired = true; - boolean accountNonLocked = true; - Collection authorities = new HashSet<>(client.getAuthorities()); - authorities.add(ROLE_CLIENT); - - return new User(decodedClientId, encodedPassword, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); - } else { - throw new UsernameNotFoundException("Client not found: " + clientId); - } - } catch (InvalidClientException e) { - throw new UsernameNotFoundException("Client not found: " + clientId); - } - - } - - public ClientDetailsEntityService getClientDetailsService() { - return clientDetailsService; - } - - public void setClientDetailsService(ClientDetailsEntityService clientDetailsService) { - this.clientDetailsService = clientDetailsService; - } - -} diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationBeanLocaleResolver.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationBeanLocaleResolver.java index c351e228a4..72668e0d17 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationBeanLocaleResolver.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationBeanLocaleResolver.java @@ -21,8 +21,8 @@ import java.util.Locale; import java.util.TimeZone; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.i18n.LocaleContext; diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java index 9d286518f1..bdeedc24da 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java @@ -20,7 +20,7 @@ import java.util.List; import java.util.Locale; -import javax.annotation.PostConstruct; +import jakarta.annotation.PostConstruct; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java index c8b530c1ef..a2ef8fcd04 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java @@ -20,21 +20,21 @@ import java.util.Date; import java.util.Set; -import javax.persistence.Basic; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; -import javax.persistence.Temporal; -import javax.persistence.Transient; +import jakarta.persistence.Basic; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.Table; +import jakarta.persistence.Temporal; +import jakarta.persistence.Transient; @Entity @Table(name="approved_site") @@ -136,7 +136,7 @@ public void setClientId(String clientId) { * @return the creationDate */ @Basic - @Temporal(javax.persistence.TemporalType.TIMESTAMP) + @Temporal(jakarta.persistence.TemporalType.TIMESTAMP) @Column(name="creation_date") public Date getCreationDate() { return creationDate; @@ -153,7 +153,7 @@ public void setCreationDate(Date creationDate) { * @return the accessDate */ @Basic - @Temporal(javax.persistence.TemporalType.TIMESTAMP) + @Temporal(jakarta.persistence.TemporalType.TIMESTAMP) @Column(name="access_date") public Date getAccessDate() { return accessDate; @@ -190,7 +190,7 @@ public void setAllowedScopes(Set allowedScopes) { * @return the timeoutDate */ @Basic - @Temporal(javax.persistence.TemporalType.TIMESTAMP) + @Temporal(jakarta.persistence.TemporalType.TIMESTAMP) @Column(name="timeout_date") public Date getTimeoutDate() { return timeoutDate; diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java index bfa4f47667..81900f8f3e 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java @@ -20,15 +20,15 @@ */ package org.mitre.openid.connect.model; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.Table; /** * @author jricher diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultAddress.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultAddress.java index ecdda8bdb8..2485cf8f60 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultAddress.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultAddress.java @@ -15,13 +15,13 @@ *******************************************************************************/ package org.mitre.openid.connect.model; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.Table; @Entity @Table(name="address") diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java index 8b73f3689e..5e92635868 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java @@ -21,19 +21,19 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Convert; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.OneToOne; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.CascadeType; +import jakarta.persistence.Column; +import jakarta.persistence.Convert; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.OneToOne; +import jakarta.persistence.Table; import org.mitre.openid.connect.model.convert.JsonObjectStringConverter; diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java index 3ecf2fefe3..40d586b06a 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java @@ -20,15 +20,15 @@ */ package org.mitre.openid.connect.model; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.Table; /** * diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java index c3e58db0d3..492bbe5595 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java @@ -19,19 +19,19 @@ import java.util.Set; -import javax.persistence.Basic; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.Table; /** * Indicator that login to a site should be automatically granted diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/convert/JsonObjectStringConverter.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/convert/JsonObjectStringConverter.java index 78c33e8cdd..0e77252776 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/convert/JsonObjectStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/convert/JsonObjectStringConverter.java @@ -16,8 +16,8 @@ package org.mitre.openid.connect.model.convert; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import com.google.common.base.Strings; import com.google.gson.JsonObject; diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java deleted file mode 100644 index bf033d8874..0000000000 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java +++ /dev/null @@ -1,114 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service; - -import java.util.Collection; -import java.util.Date; -import java.util.List; -import java.util.Set; - -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.openid.connect.model.ApprovedSite; -import org.springframework.security.oauth2.provider.ClientDetails; - -/** - * Interface for ApprovedSite service - * - * @author Michael Joseph Walsh, aanganes - * - */ -public interface ApprovedSiteService { - - - public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set allowedScopes); - - /** - * Return a collection of all ApprovedSites - * - * @return the ApprovedSite collection, or null - */ - public Collection getAll(); - - /** - * Return a collection of ApprovedSite managed by this repository matching the - * provided client ID and user ID - * - * @param clientId - * @param userId - * @return - */ - public Collection getByClientIdAndUserId(String clientId, String userId); - - /** - * Save an ApprovedSite - * - * @param approvedSite - * the ApprovedSite to be saved - */ - public ApprovedSite save(ApprovedSite approvedSite); - - /** - * Get ApprovedSite for id - * - * @param id - * id for ApprovedSite - * @return ApprovedSite for id, or null - */ - public ApprovedSite getById(Long id); - - /** - * Remove the ApprovedSite - * - * @param approvedSite - * the ApprovedSite to remove - */ - public void remove(ApprovedSite approvedSite); - - /** - * Get all sites approved by this user - * @param userId - * @return - */ - public Collection getByUserId(String userId); - - /** - * Get all sites associated with this client - * @param clientId - * @return - */ - public Collection getByClientId(String clientId); - - /** - * Clear out any approved sites for a given client. - * @param client - */ - public void clearApprovedSitesForClient(ClientDetails client); - - /** - * Remove all expired approved sites fromt he data store. - * @return - */ - public void clearExpiredSites(); - - /** - * Return all approved access tokens for the site. - * @return - */ - public List getApprovedAccessTokens(ApprovedSite approvedSite); - -} diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java deleted file mode 100644 index 146f6164e4..0000000000 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java +++ /dev/null @@ -1,74 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service; - -import java.util.Date; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.springframework.security.oauth2.provider.OAuth2Request; - -import com.nimbusds.jwt.JWT; - -/** - * Service to create specialty OpenID Connect tokens. - * - * @author Amanda Anganes - * - */ -public interface OIDCTokenService { - - /** - * Create an id token with the information provided. - * - * @param client - * @param request - * @param issueTime - * @param sub - * @param signingAlg - * @param accessToken - * @return - */ - public JWT createIdToken( - ClientDetailsEntity client, OAuth2Request request, Date issueTime, - String sub, OAuth2AccessTokenEntity accessToken); - - /** - * Create a registration access token for the given client. - * - * @param client - * @return - */ - public OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client); - - /** - * Create a resource access token for the given client (protected resource). - * - * @param client - * @return - */ - public OAuth2AccessTokenEntity createResourceAccessToken(ClientDetailsEntity client); - - /** - * Rotate the registration or resource token for a client - * @param client - * @return - */ - public OAuth2AccessTokenEntity rotateRegistrationAccessTokenForClient(ClientDetailsEntity client); - -} \ No newline at end of file diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JWKSetView.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JWKSetView.java index f18deaee18..55a4b1468f 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JWKSetView.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JWKSetView.java @@ -25,8 +25,8 @@ import java.util.ArrayList; import java.util.Map; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java deleted file mode 100644 index ac7ab41070..0000000000 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java +++ /dev/null @@ -1,107 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.web; - -import java.lang.reflect.Type; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.openid.connect.model.OIDCAuthenticationToken; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.UserInfoService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.AuthenticationTrustResolver; -import org.springframework.security.authentication.AuthenticationTrustResolverImpl; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; - -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonElement; -import com.google.gson.JsonPrimitive; -import com.google.gson.JsonSerializationContext; -import com.google.gson.JsonSerializer; - -/** - * Injects the UserInfo object for the current user into the current model's context, if both exist. Allows JSPs and the like to call "userInfo.name" and other fields. - * - * @author jricher - * - */ -public class UserInfoInterceptor extends HandlerInterceptorAdapter { - - private Gson gson = new GsonBuilder() - .registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer() { - @Override - public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) { - return new JsonPrimitive(src.getAuthority()); - } - }) - .create(); - - @Autowired (required = false) - private UserInfoService userInfoService; - - private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); - - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - - if (auth instanceof Authentication){ - request.setAttribute("userAuthorities", gson.toJson(auth.getAuthorities())); - } - - if (!trustResolver.isAnonymous(auth)) { // skip lookup on anonymous logins - if (auth instanceof OIDCAuthenticationToken) { - // if they're logging into this server from a remote OIDC server, pass through their user info - OIDCAuthenticationToken oidc = (OIDCAuthenticationToken) auth; - if (oidc.getUserInfo() != null) { - request.setAttribute("userInfo", oidc.getUserInfo()); - request.setAttribute("userInfoJson", oidc.getUserInfo().toJson()); - } else { - request.setAttribute("userInfo", null); - request.setAttribute("userInfoJson", "null"); - } - } else { - // don't bother checking if we don't have a principal or a userInfoService to work with - if (auth != null && auth.getName() != null && userInfoService != null) { - - // try to look up a user based on the principal's name - UserInfo user = userInfoService.getByUsername(auth.getName()); - - // if we have one, inject it so views can use it - if (user != null) { - request.setAttribute("userInfo", user); - request.setAttribute("userInfoJson", user.toJson()); - } - } - } - } - - return true; - } - -} diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java b/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java index d93e99c9c7..49fe457f77 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java @@ -18,18 +18,18 @@ import java.util.Set; -import javax.persistence.Basic; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.Convert; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.Convert; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.Table; import org.mitre.oauth2.model.convert.JsonElementStringConverter; diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java b/openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java index 42fd2d7f7f..4fde6c1f0b 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java @@ -18,17 +18,17 @@ import java.util.Set; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.ManyToOne; -import javax.persistence.Table; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.ManyToOne; +import jakarta.persistence.Table; /** * @author jricher @@ -93,4 +93,4 @@ public Set getScopes() { public void setScopes(Set scopes) { this.scopes = scopes; } -} \ No newline at end of file +} diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java b/openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java index 8b89ef5fda..e80afe00b1 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java @@ -19,23 +19,23 @@ import java.util.Collection; import java.util.Date; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.JoinTable; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.OneToMany; -import javax.persistence.OneToOne; -import javax.persistence.Table; -import javax.persistence.Temporal; -import javax.persistence.TemporalType; +import jakarta.persistence.Basic; +import jakarta.persistence.CascadeType; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.JoinTable; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.OneToMany; +import jakarta.persistence.OneToOne; +import jakarta.persistence.Table; +import jakarta.persistence.Temporal; +import jakarta.persistence.TemporalType; /** * diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java b/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java index 32098e2fb1..8ebbfbc478 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java @@ -19,20 +19,20 @@ import java.util.Collection; import java.util.Set; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.JoinTable; -import javax.persistence.OneToMany; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.CascadeType; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.JoinTable; +import jakarta.persistence.OneToMany; +import jakarta.persistence.Table; /** * A set of claims required to fulfill a given permission. diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java index 6303d377f2..0770e10533 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java @@ -19,21 +19,21 @@ import java.util.HashSet; import java.util.Set; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.OneToMany; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.CascadeType; +import jakarta.persistence.CollectionTable; +import jakarta.persistence.Column; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.NamedQueries; +import jakarta.persistence.NamedQuery; +import jakarta.persistence.OneToMany; +import jakarta.persistence.Table; @Entity @Table(name = "resource_set") diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/SavedRegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/uma/model/SavedRegisteredClient.java index 4b0ed95551..38cb4d6a40 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/model/SavedRegisteredClient.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/model/SavedRegisteredClient.java @@ -16,14 +16,14 @@ package org.mitre.uma.model; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Convert; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; +import jakarta.persistence.Basic; +import jakarta.persistence.Column; +import jakarta.persistence.Convert; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.Table; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.uma.model.convert.RegisteredClientStringConverter; diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/convert/RegisteredClientStringConverter.java b/openid-connect-common/src/main/java/org/mitre/uma/model/convert/RegisteredClientStringConverter.java index 6a68f9da39..eed9b013dc 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/model/convert/RegisteredClientStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/model/convert/RegisteredClientStringConverter.java @@ -16,8 +16,8 @@ package org.mitre.uma.model.convert; -import javax.persistence.AttributeConverter; -import javax.persistence.Converter; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; diff --git a/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java b/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java index ab7ea2e3f6..efcbfd6b70 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java @@ -20,7 +20,6 @@ import org.mitre.uma.model.PermissionTicket; import org.mitre.uma.model.ResourceSet; -import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException; /** diff --git a/openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java b/openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java index 8ee6c86b15..0a8a65971d 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java @@ -19,7 +19,7 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.uma.model.PermissionTicket; import org.mitre.uma.model.Policy; -import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.core.Authentication; /** * Service to create special tokens for UMA. @@ -33,6 +33,6 @@ public interface UmaTokenService { * Create the RPT from the given authentication and ticket. * */ - public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy); + public OAuth2AccessTokenEntity createRequestingPartyToken(Authentication o2auth, PermissionTicket ticket, Policy policy); } diff --git a/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java b/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java index f15e4c371c..08bd9e918f 100644 --- a/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java +++ b/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java @@ -19,8 +19,8 @@ import java.util.List; -import javax.persistence.EntityManager; -import javax.persistence.TypedQuery; +import jakarta.persistence.EntityManager; +import jakarta.persistence.TypedQuery; import org.mitre.data.PageCriteria; diff --git a/openid-connect-server-webapp/.gitignore b/openid-connect-server-webapp/.gitignore deleted file mode 100644 index 016a3b8f82..0000000000 --- a/openid-connect-server-webapp/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -local-values.conf -target -*~ -bin -*.idea -*.iml -*.eml -.project -.settings -.classpath -/target -.springBeans diff --git a/openid-connect-server-webapp/pom.xml b/openid-connect-server-webapp/pom.xml deleted file mode 100644 index a294b1d8bb..0000000000 --- a/openid-connect-server-webapp/pom.xml +++ /dev/null @@ -1,152 +0,0 @@ - - - - 4.0.0 - - org.mitre - openid-connect-parent - 1.3.5-SNAPSHOT - - openid-connect-server-webapp - war - OpenID Connect Server Webapp - - - - org.apache.maven.plugins - maven-compiler-plugin - - ${java-version} - ${java-version} - - - - org.apache.maven.plugins - maven-war-plugin - - openid-connect-server-webapp - - - src/main/webapp - true - - **/*.tag - **/*.jsp - - - - src/main/webapp - false - - **/*.tag - **/*.jsp - - - - less/** - - - - org.apache.maven.plugins - maven-dependency-plugin - - - install - install - - sources - - - - - - org.eclipse.jetty - jetty-maven-plugin - - ${project.build.directory}/openid-connect-server-webapp.war - - /openid-connect-server-webapp - - - - - ro.isdc.wro4j - wro4j-maven-plugin - - bootstrap,bootstrap-responsive - ${project.build.directory}/${project.build.finalName} - ${project.build.directory}/${project.build.finalName}/resources/bootstrap2/css/ - ${project.build.directory}/${project.build.finalName}/js/ - ro.isdc.wro.maven.plugin.manager.factory.ConfigurableWroManagerFactory - - - - - - - - org.mitre - openid-connect-server - - - org.springframework - spring-orm - - - commons-logging - commons-logging - - - - - org.slf4j - jcl-over-slf4j - - - org.slf4j - slf4j-log4j12 - - - log4j - log4j - - - org.hsqldb - hsqldb - - - org.eclipse.persistence - org.eclipse.persistence.jpa - - - org.springframework.security - spring-security-taglibs - - - javax.servlet - jstl - - - - com.zaxxer - HikariCP - - - Deployable package of the OpenID Connect server - diff --git a/openid-connect-server-webapp/src/main/resources/db/hsql/clients.sql b/openid-connect-server-webapp/src/main/resources/db/hsql/clients.sql deleted file mode 100644 index 1410f7bd15..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/hsql/clients.sql +++ /dev/null @@ -1,70 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT FALSE; - -START TRANSACTION; - --- --- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here. --- - -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('client', 'secret', 'Test Client', false, null, 3600, 600, true); - -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES - ('client', 'openid'), - ('client', 'profile'), - ('client', 'email'), - ('client', 'address'), - ('client', 'phone'), - ('client', 'offline_access'); - -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES - ('client', 'http://localhost/'), - ('client', 'http://localhost:8080/'); - -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES - ('client', 'authorization_code'), - ('client', 'urn:ietf:params:oauth:grant_type:redelegate'), - ('client', 'urn:ietf:params:oauth:grant-type:device_code'), - ('client', 'implicit'), - ('client', 'refresh_token'); - --- --- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store. --- - -MERGE INTO client_details - USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) AS vals(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) - ON vals.client_id = client_details.client_id - WHEN NOT MATCHED THEN - INSERT (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection); - -MERGE INTO client_scope - USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) AS vals(id, scope) - ON vals.id = client_scope.owner_id AND vals.scope = client_scope.scope - WHEN NOT MATCHED THEN - INSERT (owner_id, scope) values (vals.id, vals.scope); - -MERGE INTO client_redirect_uri - USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) AS vals(id, redirect_uri) - ON vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri - WHEN NOT MATCHED THEN - INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri); - -MERGE INTO client_grant_type - USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) AS vals(id, grant_type) - ON vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type - WHEN NOT MATCHED THEN - INSERT (owner_id, grant_type) values (vals.id, vals.grant_type); - --- --- Close the transaction and turn autocommit back on --- - -COMMIT; - -SET AUTOCOMMIT TRUE; - diff --git a/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_index.sql b/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_index.sql deleted file mode 100644 index 38636a96f9..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_index.sql +++ /dev/null @@ -1,19 +0,0 @@ --- --- Indexes for HSQLDB --- - -CREATE INDEX IF NOT EXISTS at_tv_idx ON access_token(token_value); -CREATE INDEX IF NOT EXISTS ts_oi_idx ON token_scope(owner_id); -CREATE INDEX IF NOT EXISTS at_exp_idx ON access_token(expiration); -CREATE INDEX IF NOT EXISTS rf_ahi_idx ON refresh_token(auth_holder_id); -CREATE INDEX IF NOT EXISTS rf_tv_idx ON refresh_token(token_value); -CREATE INDEX IF NOT EXISTS cd_ci_idx ON client_details(client_id); -CREATE INDEX IF NOT EXISTS at_ahi_idx ON access_token(auth_holder_id); -CREATE INDEX IF NOT EXISTS aha_oi_idx ON authentication_holder_authority(owner_id); -CREATE INDEX IF NOT EXISTS ahe_oi_idx ON authentication_holder_extension(owner_id); -CREATE INDEX IF NOT EXISTS ahrp_oi_idx ON authentication_holder_request_parameter(owner_id); -CREATE INDEX IF NOT EXISTS ahri_oi_idx ON authentication_holder_resource_id(owner_id); -CREATE INDEX IF NOT EXISTS ahrt_oi_idx ON authentication_holder_response_type(owner_id); -CREATE INDEX IF NOT EXISTS ahs_oi_idx ON authentication_holder_scope(owner_id); -CREATE INDEX IF NOT EXISTS ac_ahi_idx ON authorization_code(auth_holder_id); -CREATE INDEX IF NOT EXISTS suaa_oi_idx ON saved_user_auth_authority(owner_id); diff --git a/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql deleted file mode 100644 index 2a01756298..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql +++ /dev/null @@ -1,384 +0,0 @@ --- --- Tables for OIDC Server functionality, HSQL --- - -CREATE TABLE IF NOT EXISTS access_token ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - token_value VARCHAR(4096), - expiration TIMESTAMP, - token_type VARCHAR(256), - refresh_token_id BIGINT, - client_id BIGINT, - auth_holder_id BIGINT, - approved_site_id BIGINT, - UNIQUE(token_value) -); - -CREATE TABLE IF NOT EXISTS access_token_permissions ( - access_token_id BIGINT NOT NULL, - permission_id BIGINT NOT NULL -); - -CREATE TABLE IF NOT EXISTS address ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - formatted VARCHAR(256), - street_address VARCHAR(256), - locality VARCHAR(256), - region VARCHAR(256), - postal_code VARCHAR(256), - country VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS approved_site ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - user_id VARCHAR(256), - client_id VARCHAR(256), - creation_date TIMESTAMP, - access_date TIMESTAMP, - timeout_date TIMESTAMP, - whitelisted_site_id BIGINT -); - -CREATE TABLE IF NOT EXISTS approved_site_scope ( - owner_id BIGINT, - scope VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authentication_holder ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - user_auth_id BIGINT, - approved BOOLEAN, - redirect_uri VARCHAR(2048), - client_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_authority ( - owner_id BIGINT, - authority VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_resource_id ( - owner_id BIGINT, - resource_id VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_response_type ( - owner_id BIGINT, - response_type VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_extension ( - owner_id BIGINT, - extension VARCHAR(2048), - val VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_scope ( - owner_id BIGINT, - scope VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter ( - owner_id BIGINT, - param VARCHAR(2048), - val VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS saved_user_auth ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - name VARCHAR(1024), - authenticated BOOLEAN, - source_class VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS saved_user_auth_authority ( - owner_id BIGINT, - authority VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS client_authority ( - owner_id BIGINT, - authority VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authorization_code ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - code VARCHAR(256), - auth_holder_id BIGINT, - expiration TIMESTAMP -); - -CREATE TABLE IF NOT EXISTS client_grant_type ( - owner_id BIGINT, - grant_type VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_response_type ( - owner_id BIGINT, - response_type VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS blacklisted_site ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - uri VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS client_details ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - - client_description VARCHAR(1024), - reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL, - dynamically_registered BOOLEAN DEFAULT false NOT NULL, - allow_introspection BOOLEAN DEFAULT false NOT NULL, - id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL, - device_code_validity_seconds BIGINT, - - client_id VARCHAR(256), - client_secret VARCHAR(2048), - access_token_validity_seconds BIGINT, - refresh_token_validity_seconds BIGINT, - - application_type VARCHAR(256), - client_name VARCHAR(256), - token_endpoint_auth_method VARCHAR(256), - subject_type VARCHAR(256), - - logo_uri VARCHAR(2048), - policy_uri VARCHAR(2048), - client_uri VARCHAR(2048), - tos_uri VARCHAR(2048), - - jwks_uri VARCHAR(2048), - jwks VARCHAR(8192), - sector_identifier_uri VARCHAR(2048), - - request_object_signing_alg VARCHAR(256), - - user_info_signed_response_alg VARCHAR(256), - user_info_encrypted_response_alg VARCHAR(256), - user_info_encrypted_response_enc VARCHAR(256), - - id_token_signed_response_alg VARCHAR(256), - id_token_encrypted_response_alg VARCHAR(256), - id_token_encrypted_response_enc VARCHAR(256), - - token_endpoint_auth_signing_alg VARCHAR(256), - - default_max_age BIGINT, - require_auth_time BOOLEAN, - created_at TIMESTAMP, - initiate_login_uri VARCHAR(2048), - clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL, - - software_statement VARCHAR(4096), - software_id VARCHAR(2048), - software_version VARCHAR(2048), - - code_challenge_method VARCHAR(256), - - UNIQUE (client_id) -); - -CREATE TABLE IF NOT EXISTS client_request_uri ( - owner_id BIGINT, - request_uri VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri ( - owner_id BIGINT, - post_logout_redirect_uri VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_default_acr_value ( - owner_id BIGINT, - default_acr_value VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_contact ( - owner_id BIGINT, - contact VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS client_redirect_uri ( - owner_id BIGINT, - redirect_uri VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS client_claims_redirect_uri ( - owner_id BIGINT, - redirect_uri VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS refresh_token ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - token_value VARCHAR(4096), - expiration TIMESTAMP, - auth_holder_id BIGINT, - client_id BIGINT -); - -CREATE TABLE IF NOT EXISTS client_resource ( - owner_id BIGINT, - resource_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS client_scope ( - owner_id BIGINT, - scope VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS token_scope ( - owner_id BIGINT, - scope VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS system_scope ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - scope VARCHAR(256) NOT NULL, - description VARCHAR(4096), - icon VARCHAR(256), - restricted BOOLEAN DEFAULT false NOT NULL, - default_scope BOOLEAN DEFAULT false NOT NULL, - UNIQUE (scope) -); - -CREATE TABLE IF NOT EXISTS user_info ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - sub VARCHAR(256), - preferred_username VARCHAR(256), - name VARCHAR(256), - given_name VARCHAR(256), - family_name VARCHAR(256), - middle_name VARCHAR(256), - nickname VARCHAR(256), - profile VARCHAR(256), - picture VARCHAR(256), - website VARCHAR(256), - email VARCHAR(256), - email_verified BOOLEAN, - gender VARCHAR(256), - zone_info VARCHAR(256), - locale VARCHAR(256), - phone_number VARCHAR(256), - phone_number_verified BOOLEAN, - address_id VARCHAR(256), - updated_time VARCHAR(256), - birthdate VARCHAR(256), - src VARCHAR(4096) -); - -CREATE TABLE IF NOT EXISTS whitelisted_site ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - creator_user_id VARCHAR(256), - client_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS whitelisted_site_scope ( - owner_id BIGINT, - scope VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS pairwise_identifier ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - identifier VARCHAR(256), - sub VARCHAR(256), - sector_identifier VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS resource_set ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - name VARCHAR(1024) NOT NULL, - uri VARCHAR(1024), - icon_uri VARCHAR(1024), - rs_type VARCHAR(256), - owner VARCHAR(256) NOT NULL, - client_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS resource_set_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS permission_ticket ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - ticket VARCHAR(256) NOT NULL, - permission_id BIGINT NOT NULL, - expiration TIMESTAMP -); - -CREATE TABLE IF NOT EXISTS permission ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - resource_set_id BIGINT -); - -CREATE TABLE IF NOT EXISTS permission_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS claim ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - name VARCHAR(256), - friendly_name VARCHAR(1024), - claim_type VARCHAR(1024), - claim_value VARCHAR(1024) -); - -CREATE TABLE IF NOT EXISTS claim_to_policy ( - policy_id BIGINT NOT NULL, - claim_id BIGINT NOT NULL -); - -CREATE TABLE IF NOT EXISTS claim_to_permission_ticket ( - permission_ticket_id BIGINT NOT NULL, - claim_id BIGINT NOT NULL -); - -CREATE TABLE IF NOT EXISTS policy ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - name VARCHAR(1024), - resource_set_id BIGINT -); - -CREATE TABLE IF NOT EXISTS policy_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS claim_token_format ( - owner_id BIGINT NOT NULL, - claim_token_format VARCHAR(1024) -); - -CREATE TABLE IF NOT EXISTS claim_issuer ( - owner_id BIGINT NOT NULL, - issuer VARCHAR(1024) -); - -CREATE TABLE IF NOT EXISTS saved_registered_client ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - issuer VARCHAR(1024), - registered_client VARCHAR(8192) -); - -CREATE TABLE IF NOT EXISTS device_code ( - id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - device_code VARCHAR(1024), - user_code VARCHAR(1024), - expiration TIMESTAMP, - client_id VARCHAR(256), - approved BOOLEAN, - auth_holder_id BIGINT -); - -CREATE TABLE IF NOT EXISTS device_code_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS device_code_request_parameter ( - owner_id BIGINT, - param VARCHAR(2048), - val VARCHAR(2048) -); diff --git a/openid-connect-server-webapp/src/main/resources/db/hsql/loading_temp_tables.sql b/openid-connect-server-webapp/src/main/resources/db/hsql/loading_temp_tables.sql deleted file mode 100644 index 37b0092e75..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/hsql/loading_temp_tables.sql +++ /dev/null @@ -1,73 +0,0 @@ --- --- Temporary tables used during the bootstrapping process to safely load users and clients. --- These are not needed if you're not using the users.sql/clients.sql files to bootstrap the database. --- - -CREATE TEMPORARY TABLE IF NOT EXISTS authorities_TEMP ( - username varchar(50) not null, - authority varchar(50) not null, - constraint ix_authority_TEMP unique (username,authority)); - -CREATE TEMPORARY TABLE IF NOT EXISTS users_TEMP ( - username varchar(50) not null primary key, - password varchar(50) not null, - enabled boolean not null); - -CREATE TEMPORARY TABLE IF NOT EXISTS user_info_TEMP ( - sub VARCHAR(256) not null primary key, - preferred_username VARCHAR(256), - name VARCHAR(256), - given_name VARCHAR(256), - family_name VARCHAR(256), - middle_name VARCHAR(256), - nickname VARCHAR(256), - profile VARCHAR(256), - picture VARCHAR(256), - website VARCHAR(256), - email VARCHAR(256), - email_verified BOOLEAN, - gender VARCHAR(256), - zone_info VARCHAR(256), - locale VARCHAR(256), - phone_number VARCHAR(256), - address_id VARCHAR(256), - updated_time VARCHAR(256), - birthdate VARCHAR(256) -); - -CREATE TEMPORARY TABLE IF NOT EXISTS client_details_TEMP ( - client_description VARCHAR(256), - dynamically_registered BOOLEAN, - id_token_validity_seconds BIGINT, - - client_id VARCHAR(256), - client_secret VARCHAR(2048), - access_token_validity_seconds BIGINT, - refresh_token_validity_seconds BIGINT, - allow_introspection BOOLEAN, - - client_name VARCHAR(256) -); - -CREATE TEMPORARY TABLE IF NOT EXISTS client_scope_TEMP ( - owner_id VARCHAR(256), - scope VARCHAR(2048) -); - -CREATE TEMPORARY TABLE IF NOT EXISTS client_redirect_uri_TEMP ( - owner_id VARCHAR(256), - redirect_uri VARCHAR(2048) -); - -CREATE TEMPORARY TABLE IF NOT EXISTS client_grant_type_TEMP ( - owner_id VARCHAR(256), - grant_type VARCHAR(2000) -); - -CREATE TEMPORARY TABLE IF NOT EXISTS system_scope_TEMP ( - scope VARCHAR(256), - description VARCHAR(4096), - icon VARCHAR(256), - restricted BOOLEAN, - default_scope BOOLEAN -); \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/resources/db/hsql/scopes.sql b/openid-connect-server-webapp/src/main/resources/db/hsql/scopes.sql deleted file mode 100644 index 8e72c88c7f..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/hsql/scopes.sql +++ /dev/null @@ -1,33 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT FALSE; - -START TRANSACTION; - --- --- Insert scope information into the temporary tables. --- - -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('openid', 'log in using your identity', 'user', false, true), - ('profile', 'basic profile information', 'list-alt', false, true), - ('email', 'email address', 'envelope', false, true), - ('address', 'physical address', 'home', false, true), - ('phone', 'telephone number', 'bell', false, true), - ('offline_access', 'offline access', 'time', false, false); - --- --- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. --- - -MERGE INTO system_scope - USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope) - ON vals.scope = system_scope.scope - WHEN NOT MATCHED THEN - INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope); - -COMMIT; - -SET AUTOCOMMIT TRUE; \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/resources/db/hsql/security-schema.sql b/openid-connect-server-webapp/src/main/resources/db/hsql/security-schema.sql deleted file mode 100644 index bc5d70b880..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/hsql/security-schema.sql +++ /dev/null @@ -1,14 +0,0 @@ --- --- Tables for Spring Security's user details service --- - -create table IF NOT EXISTS users( - username varchar(50) not null primary key, - password varchar(50) not null, - enabled boolean not null); - - create table IF NOT EXISTS authorities ( - username varchar(50) not null, - authority varchar(50) not null, - constraint fk_authorities_users foreign key(username) references users(username), - constraint ix_authority unique (username,authority)); \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/resources/db/hsql/users.sql b/openid-connect-server-webapp/src/main/resources/db/hsql/users.sql deleted file mode 100644 index 6e6958e1f5..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/hsql/users.sql +++ /dev/null @@ -1,59 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT FALSE; - -START TRANSACTION; - --- --- Insert user information into the temporary tables. To add users to the HSQL database, edit things here. --- - -INSERT INTO users_TEMP (username, password, enabled) VALUES - ('admin','password',true), - ('user','password',true); - - -INSERT INTO authorities_TEMP (username, authority) VALUES - ('admin','ROLE_ADMIN'), - ('admin','ROLE_USER'), - ('user','ROLE_USER'); - --- By default, the username column here has to match the username column in the users table, above -INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES - ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true), - ('01921.FLANRJQW','user','Demo User','user@example.com', true); - - --- --- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store. --- - -MERGE INTO users - USING (SELECT username, password, enabled FROM users_TEMP) AS vals(username, password, enabled) - ON vals.username = users.username - WHEN NOT MATCHED THEN - INSERT (username, password, enabled) VALUES(vals.username, vals.password, vals.enabled); - -MERGE INTO authorities - USING (SELECT username, authority FROM authorities_TEMP) AS vals(username, authority) - ON vals.username = authorities.username AND vals.authority = authorities.authority - WHEN NOT MATCHED THEN - INSERT (username,authority) values (vals.username, vals.authority); - -MERGE INTO user_info - USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) AS vals(sub, preferred_username, name, email, email_verified) - ON vals.preferred_username = user_info.preferred_username - WHEN NOT MATCHED THEN - INSERT (sub, preferred_username, name, email, email_verified) VALUES (vals.sub, vals.preferred_username, vals.name, vals.email, vals.email_verified); - - --- --- Close the transaction and turn autocommit back on --- - -COMMIT; - -SET AUTOCOMMIT TRUE; - diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/clients.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/clients.sql deleted file mode 100644 index 7f02557899..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/mysql/clients.sql +++ /dev/null @@ -1,61 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT = 0; - -START TRANSACTION; - --- --- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here. --- - -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('client', 'secret', 'Test Client', false, null, 3600, 600, true); - -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES - ('client', 'openid'), - ('client', 'profile'), - ('client', 'email'), - ('client', 'address'), - ('client', 'phone'), - ('client', 'offline_access'); - -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES - ('client', 'http://localhost/'), - ('client', 'http://localhost:8080/'); - -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES - ('client', 'authorization_code'), - ('client', 'urn:ietf:params:oauth:grant_type:redelegate'), - ('client', 'implicit'), - ('client', 'refresh_token'); - --- --- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store. --- - -INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) - SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP - ON DUPLICATE KEY UPDATE client_details.client_id = client_details.client_id; - -INSERT INTO client_scope (owner_id, scope) - SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id - ON DUPLICATE KEY UPDATE client_scope.owner_id = client_scope.owner_id; - -INSERT INTO client_redirect_uri (owner_id, redirect_uri) - SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id - ON DUPLICATE KEY UPDATE client_redirect_uri.owner_id = client_redirect_uri.owner_id; - -INSERT INTO client_grant_type (owner_id, grant_type) - SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id - ON DUPLICATE KEY UPDATE client_grant_type.owner_id = client_grant_type.owner_id; - --- --- Close the transaction and turn autocommit back on --- - -COMMIT; - -SET AUTOCOMMIT = 1; - diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_index.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_index.sql deleted file mode 100644 index f5daf991da..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_index.sql +++ /dev/null @@ -1,19 +0,0 @@ --- --- Indexes for MySQL --- - -CREATE INDEX at_tv_idx ON access_token(token_value(767)); -CREATE INDEX ts_oi_idx ON token_scope(owner_id); -CREATE INDEX at_exp_idx ON access_token(expiration); -CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id); -CREATE INDEX rf_tv_idx ON refresh_token(token_value(105)); -CREATE INDEX cd_ci_idx ON client_details(client_id); -CREATE INDEX at_ahi_idx ON access_token(auth_holder_id); -CREATE INDEX aha_oi_idx ON authentication_holder_authority(owner_id); -CREATE INDEX ahe_oi_idx ON authentication_holder_extension(owner_id); -CREATE INDEX ahrp_oi_idx ON authentication_holder_request_parameter(owner_id); -CREATE INDEX ahri_oi_idx ON authentication_holder_resource_id(owner_id); -CREATE INDEX ahrt_oi_idx ON authentication_holder_response_type(owner_id); -CREATE INDEX ahs_oi_idx ON authentication_holder_scope(owner_id); -CREATE INDEX ac_ahi_idx ON authorization_code(auth_holder_id); -CREATE INDEX suaa_oi_idx ON saved_user_auth_authority(owner_id); diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql deleted file mode 100644 index 7e00cc8762..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql +++ /dev/null @@ -1,383 +0,0 @@ --- --- Tables for OIDC Server functionality, MySQL --- - -CREATE TABLE IF NOT EXISTS access_token ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - token_value VARCHAR(4096), - expiration TIMESTAMP NULL, - token_type VARCHAR(256), - refresh_token_id BIGINT, - client_id BIGINT, - auth_holder_id BIGINT, - approved_site_id BIGINT -); - -CREATE TABLE IF NOT EXISTS access_token_permissions ( - access_token_id BIGINT NOT NULL, - permission_id BIGINT NOT NULL -); - -CREATE TABLE IF NOT EXISTS address ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - formatted VARCHAR(256), - street_address VARCHAR(256), - locality VARCHAR(256), - region VARCHAR(256), - postal_code VARCHAR(256), - country VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS approved_site ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - user_id VARCHAR(256), - client_id VARCHAR(256), - creation_date TIMESTAMP NULL, - access_date TIMESTAMP NULL, - timeout_date TIMESTAMP NULL, - whitelisted_site_id BIGINT -); - -CREATE TABLE IF NOT EXISTS approved_site_scope ( - owner_id BIGINT, - scope VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authentication_holder ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - user_auth_id BIGINT, - approved BOOLEAN, - redirect_uri VARCHAR(2048), - client_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_authority ( - owner_id BIGINT, - authority VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_resource_id ( - owner_id BIGINT, - resource_id VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_response_type ( - owner_id BIGINT, - response_type VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_extension ( - owner_id BIGINT, - extension VARCHAR(2048), - val VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_scope ( - owner_id BIGINT, - scope VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter ( - owner_id BIGINT, - param VARCHAR(2048), - val VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS saved_user_auth ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - name VARCHAR(1024), - authenticated BOOLEAN, - source_class VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS saved_user_auth_authority ( - owner_id BIGINT, - authority VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS client_authority ( - owner_id BIGINT, - authority VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authorization_code ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - code VARCHAR(256), - auth_holder_id BIGINT, - expiration TIMESTAMP NULL -); - -CREATE TABLE IF NOT EXISTS client_grant_type ( - owner_id BIGINT, - grant_type VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_response_type ( - owner_id BIGINT, - response_type VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS blacklisted_site ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - uri VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS client_details ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - - client_description VARCHAR(1024), - reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL, - dynamically_registered BOOLEAN DEFAULT false NOT NULL, - allow_introspection BOOLEAN DEFAULT false NOT NULL, - id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL, - device_code_validity_seconds BIGINT, - - client_id VARCHAR(256), - client_secret VARCHAR(2048), - access_token_validity_seconds BIGINT, - refresh_token_validity_seconds BIGINT, - - application_type VARCHAR(256), - client_name VARCHAR(256), - token_endpoint_auth_method VARCHAR(256), - subject_type VARCHAR(256), - - logo_uri VARCHAR(2048), - policy_uri VARCHAR(2048), - client_uri VARCHAR(2048), - tos_uri VARCHAR(2048), - - jwks_uri VARCHAR(2048), - jwks VARCHAR(8192), - sector_identifier_uri VARCHAR(2048), - - request_object_signing_alg VARCHAR(256), - - user_info_signed_response_alg VARCHAR(256), - user_info_encrypted_response_alg VARCHAR(256), - user_info_encrypted_response_enc VARCHAR(256), - - id_token_signed_response_alg VARCHAR(256), - id_token_encrypted_response_alg VARCHAR(256), - id_token_encrypted_response_enc VARCHAR(256), - - token_endpoint_auth_signing_alg VARCHAR(256), - - default_max_age BIGINT, - require_auth_time BOOLEAN, - created_at TIMESTAMP NULL, - initiate_login_uri VARCHAR(2048), - clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL, - - software_statement VARCHAR(4096), - software_id VARCHAR(2048), - software_version VARCHAR(2048), - - code_challenge_method VARCHAR(256), - - UNIQUE (client_id) -); - -CREATE TABLE IF NOT EXISTS client_request_uri ( - owner_id BIGINT, - request_uri VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri ( - owner_id BIGINT, - post_logout_redirect_uri VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_default_acr_value ( - owner_id BIGINT, - default_acr_value VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_contact ( - owner_id BIGINT, - contact VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS client_redirect_uri ( - owner_id BIGINT, - redirect_uri VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS client_claims_redirect_uri ( - owner_id BIGINT, - redirect_uri VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS refresh_token ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - token_value VARCHAR(4096), - expiration TIMESTAMP NULL, - auth_holder_id BIGINT, - client_id BIGINT -); - -CREATE TABLE IF NOT EXISTS client_resource ( - owner_id BIGINT, - resource_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS client_scope ( - owner_id BIGINT, - scope VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS token_scope ( - owner_id BIGINT, - scope VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS system_scope ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - scope VARCHAR(256) NOT NULL, - description VARCHAR(4096), - icon VARCHAR(256), - restricted BOOLEAN DEFAULT false NOT NULL, - default_scope BOOLEAN DEFAULT false NOT NULL, - UNIQUE (scope) -); - -CREATE TABLE IF NOT EXISTS user_info ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - sub VARCHAR(256), - preferred_username VARCHAR(256), - name VARCHAR(256), - given_name VARCHAR(256), - family_name VARCHAR(256), - middle_name VARCHAR(256), - nickname VARCHAR(256), - profile VARCHAR(256), - picture VARCHAR(256), - website VARCHAR(256), - email VARCHAR(256), - email_verified BOOLEAN, - gender VARCHAR(256), - zone_info VARCHAR(256), - locale VARCHAR(256), - phone_number VARCHAR(256), - phone_number_verified BOOLEAN, - address_id VARCHAR(256), - updated_time VARCHAR(256), - birthdate VARCHAR(256), - src VARCHAR(4096) -); - -CREATE TABLE IF NOT EXISTS whitelisted_site ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - creator_user_id VARCHAR(256), - client_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS whitelisted_site_scope ( - owner_id BIGINT, - scope VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS pairwise_identifier ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - identifier VARCHAR(256), - sub VARCHAR(256), - sector_identifier VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS resource_set ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - name VARCHAR(1024) NOT NULL, - uri VARCHAR(1024), - icon_uri VARCHAR(1024), - rs_type VARCHAR(256), - owner VARCHAR(256) NOT NULL, - client_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS resource_set_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS permission_ticket ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - ticket VARCHAR(256) NOT NULL, - permission_id BIGINT NOT NULL, - expiration TIMESTAMP NULL -); - -CREATE TABLE IF NOT EXISTS permission ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - resource_set_id BIGINT -); - -CREATE TABLE IF NOT EXISTS permission_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS claim ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - name VARCHAR(256), - friendly_name VARCHAR(1024), - claim_type VARCHAR(1024), - claim_value VARCHAR(1024) -); - -CREATE TABLE IF NOT EXISTS claim_to_policy ( - policy_id BIGINT NOT NULL, - claim_id BIGINT NOT NULL -); - -CREATE TABLE IF NOT EXISTS claim_to_permission_ticket ( - permission_ticket_id BIGINT NOT NULL, - claim_id BIGINT NOT NULL -); - -CREATE TABLE IF NOT EXISTS policy ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - name VARCHAR(1024), - resource_set_id BIGINT -); - -CREATE TABLE IF NOT EXISTS policy_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS claim_token_format ( - owner_id BIGINT NOT NULL, - claim_token_format VARCHAR(1024) -); - -CREATE TABLE IF NOT EXISTS claim_issuer ( - owner_id BIGINT NOT NULL, - issuer VARCHAR(1024) -); - -CREATE TABLE IF NOT EXISTS saved_registered_client ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - issuer VARCHAR(1024), - registered_client VARCHAR(8192) -); - -CREATE TABLE IF NOT EXISTS device_code ( - id BIGINT AUTO_INCREMENT PRIMARY KEY, - device_code VARCHAR(1024), - user_code VARCHAR(1024), - expiration TIMESTAMP NULL, - client_id VARCHAR(256), - approved BOOLEAN, - auth_holder_id BIGINT -); - -CREATE TABLE IF NOT EXISTS device_code_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS device_code_request_parameter ( - owner_id BIGINT, - param VARCHAR(2048), - val VARCHAR(2048) -); diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/scopes.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/scopes.sql deleted file mode 100644 index 3768977ec1..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/mysql/scopes.sql +++ /dev/null @@ -1,31 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT = 0; - -START TRANSACTION; - --- --- Insert scope information into the temporary tables. --- - -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('openid', 'log in using your identity', 'user', false, true), - ('profile', 'basic profile information', 'list-alt', false, true), - ('email', 'email address', 'envelope', false, true), - ('address', 'physical address', 'home', false, true), - ('phone', 'telephone number', 'bell', false, true), - ('offline_access', 'offline access', 'time', false, false); - --- --- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. --- - -INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description) - SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP - ON DUPLICATE KEY UPDATE system_scope.scope = system_scope.scope; - -COMMIT; - -SET AUTOCOMMIT = 1; diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/security-schema.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/security-schema.sql deleted file mode 100644 index bc5d70b880..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/mysql/security-schema.sql +++ /dev/null @@ -1,14 +0,0 @@ --- --- Tables for Spring Security's user details service --- - -create table IF NOT EXISTS users( - username varchar(50) not null primary key, - password varchar(50) not null, - enabled boolean not null); - - create table IF NOT EXISTS authorities ( - username varchar(50) not null, - authority varchar(50) not null, - constraint fk_authorities_users foreign key(username) references users(username), - constraint ix_authority unique (username,authority)); \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/users.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/users.sql deleted file mode 100644 index fc82e48006..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/mysql/users.sql +++ /dev/null @@ -1,52 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT = 0; - -START TRANSACTION; - --- --- Insert user information into the temporary tables. To add users to the HSQL database, edit things here. --- - -INSERT INTO users_TEMP (username, password, enabled) VALUES - ('admin','password',true), - ('user','password',true); - - -INSERT INTO authorities_TEMP (username, authority) VALUES - ('admin','ROLE_ADMIN'), - ('admin','ROLE_USER'), - ('user','ROLE_USER'); - --- By default, the username column here has to match the username column in the users table, above -INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES - ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true), - ('01921.FLANRJQW','user','Demo User','user@example.com', true); - - --- --- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store. --- - -INSERT INTO users (username, password, enabled) - SELECT username, password, enabled FROM users_TEMP - ON DUPLICATE KEY UPDATE users.username = users.username; - -INSERT INTO authorities (username,authority) - SELECT username, authority FROM authorities_TEMP - ON DUPLICATE KEY UPDATE authorities.username = authorities.username; - -INSERT INTO user_info (sub, preferred_username, name, email, email_verified) - SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP - ON DUPLICATE KEY UPDATE user_info.preferred_username = user_info.preferred_username; - --- --- Close the transaction and turn autocommit back on --- - -COMMIT; - -SET AUTOCOMMIT = 1; - diff --git a/openid-connect-server-webapp/src/main/resources/db/oracle/clients_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/oracle/clients_oracle.sql deleted file mode 100644 index 488d928457..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/oracle/clients_oracle.sql +++ /dev/null @@ -1,51 +0,0 @@ --- --- Insert client information into the temporary tables. To add clients to the Oracle database, edit things here. --- - -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('client', 'secret', 'Test Client', 0, null, 3600, 600, 1); - -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'openid'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'profile'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'email'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'address'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'phone'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'offline_access'); - -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost/'); -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost:8080/'); - -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'authorization_code'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'urn:ietf:params:oauth:grant_type:redelegate'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'implicit'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'refresh_token'); - --- --- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store. --- - -MERGE INTO client_details - USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) vals - ON (vals.client_id = client_details.client_id) - WHEN NOT MATCHED THEN - INSERT (id, client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, - id_token_validity_seconds, allow_introspection) VALUES(client_details_seq.nextval, vals.client_id, vals.client_secret, vals.client_name, vals.dynamically_registered, - vals.refresh_token_validity_seconds, vals.access_token_validity_seconds, vals.id_token_validity_seconds, vals.allow_introspection); - -MERGE INTO client_scope - USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) vals - ON (vals.id = client_scope.owner_id AND vals.scope = client_scope.scope) - WHEN NOT MATCHED THEN - INSERT (owner_id, scope) values (vals.id, vals.scope); - -MERGE INTO client_redirect_uri - USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) vals - ON (vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri) - WHEN NOT MATCHED THEN - INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri); - -MERGE INTO client_grant_type - USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) vals - ON (vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type) - WHEN NOT MATCHED THEN - INSERT (owner_id, grant_type) values (vals.id, vals.grant_type); diff --git a/openid-connect-server-webapp/src/main/resources/db/oracle/create_db-user b/openid-connect-server-webapp/src/main/resources/db/oracle/create_db-user deleted file mode 100644 index fdbf9d44fb..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/oracle/create_db-user +++ /dev/null @@ -1,15 +0,0 @@ -drop user oauth cascade; -drop tablespace data_ts INCLUDING CONTENTS AND DATAFILES; -drop tablespace temp_ts INCLUDING CONTENTS AND DATAFILES; -CREATE TABLESPACE data_ts DATAFILE 'data_ts.dat' SIZE 40M ONLINE; -CREATE TEMPORARY TABLESPACE temp_ts TEMPFILE 'temp_ts.dbf' SIZE 5M AUTOEXTEND ON; -create user oauth identified by test DEFAULT TABLESPACE data_ts QUOTA 500K ON data_ts TEMPORARY TABLESPACE temp_ts; -GRANT CONNECT TO oauth; -GRANT UNLIMITED TABLESPACE TO oauth; -grant create session to oauth; -grant create table to oauth; -GRANT CREATE TABLESPACE TO oauth; -GRANT CREATE VIEW TO oauth; -GRANT CREATE ANY INDEX TO oauth; -GRANT CREATE SEQUENCE TO oauth; -GRANT CREATE SYNONYM TO oauth; diff --git a/openid-connect-server-webapp/src/main/resources/db/oracle/entity-mappings_oracle.xml b/openid-connect-server-webapp/src/main/resources/db/oracle/entity-mappings_oracle.xml deleted file mode 100644 index 2aba62824f..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/oracle/entity-mappings_oracle.xml +++ /dev/null @@ -1,281 +0,0 @@ - - - - OpenID Connect Server entities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/resources/db/oracle/loading_temp_tables_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/oracle/loading_temp_tables_oracle.sql deleted file mode 100644 index c9a1e7f3d6..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/oracle/loading_temp_tables_oracle.sql +++ /dev/null @@ -1,77 +0,0 @@ --- --- Temporary tables used during the bootstrapping process to safely load users and clients. --- These are not needed if you're not using the users.sql/clients.sql files to bootstrap the database. --- - -CREATE GLOBAL TEMPORARY TABLE authorities_TEMP ( - username varchar2(50) not null, - authority varchar2(50) not null, - constraint ix_authority_TEMP unique (username,authority) -) ON COMMIT PRESERVE ROWS; - -CREATE GLOBAL TEMPORARY TABLE users_TEMP ( - username VARCHAR2(50) not null primary key, - password VARCHAR2(50) not null, - enabled NUMBER(1) not null -) ON COMMIT PRESERVE ROWS; - -CREATE GLOBAL TEMPORARY TABLE user_info_TEMP ( - sub VARCHAR2(256) not null primary key, - preferred_username VARCHAR2(256), - name VARCHAR2(256), - given_name VARCHAR2(256), - family_name VARCHAR2(256), - middle_name VARCHAR2(256), - nickname VARCHAR2(256), - profile VARCHAR2(256), - picture VARCHAR2(256), - website VARCHAR2(256), - email VARCHAR2(256), - email_verified NUMBER(1), - gender VARCHAR2(256), - zone_info VARCHAR2(256), - locale VARCHAR2(256), - phone_number VARCHAR2(256), - address_id VARCHAR2(256), - updated_time VARCHAR2(256), - birthdate VARCHAR2(256) -) ON COMMIT PRESERVE ROWS; - -CREATE GLOBAL TEMPORARY TABLE client_details_TEMP ( - client_description VARCHAR2(256), - dynamically_registered NUMBER(1), - id_token_validity_seconds NUMBER(19), - - client_id VARCHAR2(256), - client_secret VARCHAR2(2048), - access_token_validity_seconds NUMBER(19), - refresh_token_validity_seconds NUMBER(19), - allow_introspection NUMBER(1), - - client_name VARCHAR2(256) -) ON COMMIT PRESERVE ROWS; - -CREATE GLOBAL TEMPORARY TABLE client_scope_TEMP ( - owner_id VARCHAR2(256), - scope VARCHAR2(2048) -) ON COMMIT PRESERVE ROWS; - -CREATE GLOBAL TEMPORARY TABLE client_redirect_uri_TEMP ( - owner_id VARCHAR2(256), - redirect_uri VARCHAR2(2048) -) ON COMMIT PRESERVE ROWS; - -CREATE GLOBAL TEMPORARY TABLE client_grant_type_TEMP ( - owner_id VARCHAR2(256), - grant_type VARCHAR2(2000) -) ON COMMIT PRESERVE ROWS; - -CREATE GLOBAL TEMPORARY TABLE system_scope_TEMP ( - scope VARCHAR2(256), - description VARCHAR2(4000), - icon VARCHAR2(256), - restricted NUMBER(1), - default_scope NUMBER(1), - structured NUMBER(1), - structured_param_description VARCHAR2(256) -) ON COMMIT PRESERVE ROWS; diff --git a/openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_index.sql b/openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_index.sql deleted file mode 100644 index fc70a7ae41..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_index.sql +++ /dev/null @@ -1,18 +0,0 @@ --- --- Indexes for Oracle --- - -CREATE INDEX at_tv_idx ON access_token(token_value); -CREATE INDEX ts_oi_idx ON token_scope(owner_id); -CREATE INDEX at_exp_idx ON access_token(expiration); -CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id); -CREATE INDEX rf_tv_idx ON refresh_token(token_value); -CREATE INDEX at_ahi_idx ON access_token(auth_holder_id); -CREATE INDEX aha_oi_idx ON authentication_holder_authority(owner_id); -CREATE INDEX ahe_oi_idx ON authentication_holder_extension(owner_id); -CREATE INDEX ahrp_oi_idx ON authentication_holder_request_parameter(owner_id); -CREATE INDEX ahri_oi_idx ON authentication_holder_resource_id(owner_id); -CREATE INDEX ahrt_oi_idx ON authentication_holder_response_type(owner_id); -CREATE INDEX ahs_oi_idx ON authentication_holder_scope(owner_id); -CREATE INDEX ac_ahi_idx ON authorization_code(auth_holder_id); -CREATE INDEX suaa_oi_idx ON saved_user_auth_authority(owner_id); diff --git a/openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_tables.sql deleted file mode 100644 index 9f430adace..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_tables.sql +++ /dev/null @@ -1,417 +0,0 @@ --- --- Tables for OIDC Server functionality, Oracle --- - -CREATE TABLE access_token ( - id NUMBER(19) NOT NULL PRIMARY KEY, - token_value VARCHAR2(4000), - expiration TIMESTAMP, - token_type VARCHAR2(256), - refresh_token_id NUMBER(19), - client_id NUMBER(19), - auth_holder_id NUMBER(19), - approved_site_id NUMBER(19) -); -CREATE SEQUENCE access_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE access_token_permissions ( - access_token_id NUMBER(19) NOT NULL, - permission_id NUMBER(19) NOT NULL -); - -CREATE TABLE address ( - id NUMBER(19) NOT NULL PRIMARY KEY, - formatted VARCHAR2(256), - street_address VARCHAR2(256), - locality VARCHAR2(256), - region VARCHAR2(256), - postal_code VARCHAR2(256), - country VARCHAR2(256) -); -CREATE SEQUENCE address_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE approved_site ( - id NUMBER(19) NOT NULL PRIMARY KEY, - user_id VARCHAR2(256), - client_id VARCHAR2(256), - creation_date TIMESTAMP, - access_date TIMESTAMP, - timeout_date TIMESTAMP, - whitelisted_site_id NUMBER(19) -); -CREATE SEQUENCE approved_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE approved_site_scope ( - owner_id NUMBER(19), - scope VARCHAR2(256) -); - -CREATE TABLE authentication_holder ( - id NUMBER(19) NOT NULL PRIMARY KEY, - user_auth_id NUMBER(19), - approved NUMBER(1), - redirect_uri VARCHAR2(2048), - client_id VARCHAR2(256), - - CONSTRAINT approved_check CHECK (approved in (1,0)) -); -CREATE SEQUENCE authentication_holder_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE auth_holder_authority ( - owner_id NUMBER(19), - authority VARCHAR2(256) -); - -CREATE TABLE auth_holder_resource_id ( - owner_id NUMBER(19), - resource_id VARCHAR2(2048) -); - -CREATE TABLE auth_holder_response_type ( - owner_id NUMBER(19), - response_type VARCHAR2(2048) -); - -CREATE TABLE auth_holder_extension ( - owner_id NUMBER(19), - extension VARCHAR2(2048), - val VARCHAR2(2048) -); - -CREATE TABLE authentication_holder_scope ( - owner_id NUMBER(19), - scope VARCHAR2(2048) -); - -CREATE TABLE auth_holder_request_parameter ( - owner_id NUMBER(19), - param VARCHAR2(2048), - val VARCHAR2(2048) -); - -CREATE TABLE saved_user_auth ( - id NUMBER(19) NOT NULL PRIMARY KEY, - name VARCHAR2(1024), - authenticated NUMBER(1), - source_class VARCHAR2(2048), - - CONSTRAINT authenticated_check CHECK (authenticated in (1,0)) -); -CREATE SEQUENCE saved_user_auth_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE saved_user_auth_authority ( - owner_id NUMBER(19), - authority VARCHAR2(256) -); - -CREATE TABLE client_authority ( - owner_id NUMBER(19), - authority VARCHAR2(256) -); - -CREATE TABLE authorization_code ( - id NUMBER(19) NOT NULL PRIMARY KEY, - code VARCHAR2(256), - auth_holder_id NUMBER(19), - expiration TIMESTAMP -); -CREATE SEQUENCE authorization_code_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE client_grant_type ( - owner_id NUMBER(19), - grant_type VARCHAR2(2000) -); - -CREATE TABLE client_response_type ( - owner_id NUMBER(19), - response_type VARCHAR2(2000) -); - -CREATE TABLE blacklisted_site ( - id NUMBER(19) NOT NULL PRIMARY KEY, - uri VARCHAR2(2048) -); -CREATE SEQUENCE blacklisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE client_details ( - id NUMBER(19) NOT NULL PRIMARY KEY, - - client_description VARCHAR2(1024), - reuse_refresh_tokens NUMBER(1) DEFAULT 1 NOT NULL, - dynamically_registered NUMBER(1) DEFAULT 0 NOT NULL, - allow_introspection NUMBER(1) DEFAULT 0 NOT NULL, - id_token_validity_seconds NUMBER(19) DEFAULT 600 NOT NULL, - - client_id VARCHAR2(256), - client_secret VARCHAR2(2048), - access_token_validity_seconds NUMBER(19), - refresh_token_validity_seconds NUMBER(19), - device_code_validity_seconds NUMBER(19), - - application_type VARCHAR2(256), - client_name VARCHAR2(256), - token_endpoint_auth_method VARCHAR2(256), - subject_type VARCHAR2(256), - - logo_uri VARCHAR2(2048), - policy_uri VARCHAR2(2048), - client_uri VARCHAR2(2048), - tos_uri VARCHAR2(2048), - - jwks_uri VARCHAR2(2048), - jwks CLOB, - sector_identifier_uri VARCHAR2(2048), - - request_object_signing_alg VARCHAR2(256), - - user_info_signed_response_alg VARCHAR2(256), - user_info_encrypted_resp_alg VARCHAR2(256), - user_info_encrypted_resp_enc VARCHAR2(256), - - id_token_signed_response_alg VARCHAR2(256), - id_token_encrypted_resp_alg VARCHAR2(256), - id_token_encrypted_resp_enc VARCHAR2(256), - - token_endpoint_auth_sign_alg VARCHAR2(256), - - default_max_age NUMBER(19), - require_auth_time NUMBER(1), - created_at TIMESTAMP, - initiate_login_uri VARCHAR2(2048), - clear_access_tokens_on_refresh NUMBER(1) DEFAULT 1 NOT NULL, - - software_statement VARCHAR(4096), - software_id VARCHAR(2048), - software_statement VARCHAR2(4000), - - code_challenge_method VARCHAR2(256), - - CONSTRAINT client_details_unique UNIQUE (client_id), - CONSTRAINT reuse_refresh_tokens_check CHECK (reuse_refresh_tokens in (1,0)), - CONSTRAINT dynamically_registered_check CHECK (dynamically_registered in (1,0)), - CONSTRAINT allow_introspection_check CHECK (allow_introspection in (1,0)), - CONSTRAINT require_auth_time_check CHECK (require_auth_time in (1,0)), - CONSTRAINT clear_acc_tok_on_refresh_check CHECK (clear_access_tokens_on_refresh in (1,0)) -); -CREATE SEQUENCE client_details_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE client_request_uri ( - owner_id NUMBER(19), - request_uri VARCHAR2(2000) -); - -CREATE TABLE client_post_logout_redir_uri ( - owner_id NUMBER(19), - post_logout_redirect_uri VARCHAR2(2000) -); - -CREATE TABLE client_default_acr_value ( - owner_id NUMBER(19), - default_acr_value VARCHAR2(2000) -); - -CREATE TABLE client_contact ( - owner_id NUMBER(19), - contact VARCHAR2(256) -); - -CREATE TABLE client_redirect_uri ( - owner_id NUMBER(19), - redirect_uri VARCHAR2(2048) -); - -CREATE TABLE client_claims_redirect_uri ( - owner_id NUMBER(19), - redirect_uri VARCHAR2(2048) -); - -CREATE TABLE refresh_token ( - id NUMBER(19) NOT NULL PRIMARY KEY, - token_value VARCHAR2(4000), - expiration TIMESTAMP, - auth_holder_id NUMBER(19), - client_id NUMBER(19) -); -CREATE SEQUENCE refresh_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE client_resource ( - owner_id NUMBER(19), - resource_id VARCHAR2(256) -); - -CREATE TABLE client_scope ( - owner_id NUMBER(19), - scope VARCHAR2(2048) -); - -CREATE TABLE token_scope ( - owner_id NUMBER(19), - scope VARCHAR2(2048) -); - -CREATE TABLE system_scope ( - id NUMBER(19) NOT NULL PRIMARY KEY, - scope VARCHAR2(256) NOT NULL, - description VARCHAR2(4000), - icon VARCHAR2(256), - restricted NUMBER(1) DEFAULT 0 NOT NULL, - default_scope NUMBER(1) DEFAULT 0 NOT NULL - - CONSTRAINT system_scope_unique UNIQUE (scope), - CONSTRAINT default_scope_check CHECK (default_scope in (1,0)), - CONSTRAINT restricted_check CHECK (restricted in (1,0)) -); -CREATE SEQUENCE system_scope_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE user_info ( - id NUMBER(19) NOT NULL PRIMARY KEY, - sub VARCHAR2(256), - preferred_username VARCHAR2(256), - name VARCHAR2(256), - given_name VARCHAR2(256), - family_name VARCHAR2(256), - middle_name VARCHAR2(256), - nickname VARCHAR2(256), - profile VARCHAR2(256), - picture VARCHAR2(256), - website VARCHAR2(256), - email VARCHAR2(256), - email_verified NUMBER(1), - gender VARCHAR2(256), - zone_info VARCHAR2(256), - locale VARCHAR2(256), - phone_number VARCHAR2(256), - phone_number_verified NUMBER(1), - address_id VARCHAR2(256), - updated_time VARCHAR2(256), - birthdate VARCHAR2(256), - src VARCHAR2(4000), - - CONSTRAINT email_verified_check CHECK (email_verified in (1,0)), - CONSTRAINT phone_number_verified_check CHECK (phone_number_verified in (1,0)) -); -CREATE SEQUENCE user_info_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE whitelisted_site ( - id NUMBER(19) NOT NULL PRIMARY KEY, - creator_user_id VARCHAR2(256), - client_id VARCHAR2(256) -); -CREATE SEQUENCE whitelisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE whitelisted_site_scope ( - owner_id NUMBER(19), - scope VARCHAR2(256) -); - -CREATE TABLE pairwise_identifier ( - id NUMBER(19) NOT NULL PRIMARY KEY, - identifier VARCHAR2(256), - sub VARCHAR2(256), - sector_identifier VARCHAR2(2048) -); -CREATE SEQUENCE pairwise_identifier_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE resource_set ( - id NUMBER(19) NOT NULL PRIMARY KEY, - name VARCHAR2(1024) NOT NULL, - uri VARCHAR2(1024), - icon_uri VARCHAR2(1024), - rs_type VARCHAR2(256), - owner VARCHAR2(256) NOT NULL, - client_id VARCHAR2(256) -); -CREATE SEQUENCE resource_set_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE resource_set_scope ( - owner_id NUMBER(19) NOT NULL, - scope VARCHAR2(256) NOT NULL -); - -CREATE TABLE permission_ticket ( - id NUMBER(19) NOT NULL PRIMARY KEY, - ticket VARCHAR2(256) NOT NULL, - permission_id NUMBER(19) NOT NULL, - expiration TIMESTAMP -); -CREATE SEQUENCE permission_ticket_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE permission ( - id NUMBER(19) NOT NULL PRIMARY KEY, - resource_set_id NUMBER(19) -); -CREATE SEQUENCE permission_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE permission_scope ( - owner_id NUMBER(19) NOT NULL, - scope VARCHAR2(256) NOT NULL -); - -CREATE TABLE claim ( - id NUMBER(19) NOT NULL PRIMARY KEY, - name VARCHAR2(256), - friendly_name VARCHAR2(1024), - claim_type VARCHAR2(1024), - claim_value VARCHAR2(1024) -); -CREATE SEQUENCE claim_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE claim_to_policy ( - policy_id NUMBER(19) NOT NULL, - claim_id NUMBER(19) NOT NULL -); - -CREATE TABLE claim_to_permission_ticket ( - permission_ticket_id NUMBER(19) NOT NULL, - claim_id NUMBER(19) NOT NULL -); - -CREATE TABLE policy ( - id NUMBER(19) NOT NULL PRIMARY KEY, - name VARCHAR2(1024), - resource_set_id NUMBER(19) -); -CREATE SEQUENCE policy_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE policy_scope ( - owner_id NUMBER(19) NOT NULL, - scope VARCHAR2(256) NOT NULL -); - -CREATE TABLE claim_token_format ( - owner_id NUMBER(19) NOT NULL, - claim_token_format VARCHAR2(1024) NOT NULL -); - -CREATE TABLE claim_issuer ( - owner_id NUMBER(19) NOT NULL, - issuer VARCHAR2(1024) NOT NULL -); - -CREATE TABLE saved_registered_client ( - id NUMBER(19) NOT NULL PRIMARY KEY, - issuer VARCHAR2(1024), - registered_client CLOB -); -CREATE SEQUENCE saved_registered_client_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; - -CREATE TABLE IF NOT EXISTS device_code ( - id NUMBER(19) NOT NULL PRIMARY KEY, - device_code VARCHAR2(1024), - user_code VARCHAR2(1024), - expiration TIMESTAMP, - client_id VARCHAR2(256), - approved BOOLEAN, - auth_holder_id NUMBER(19) -); - -CREATE TABLE IF NOT EXISTS device_code_scope ( - owner_id NUMBER(19) NOT NULL, - scope VARCHAR2(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS device_code_request_parameter ( - owner_id NUMBER(19), - param VARCHAR2(2048), - val VARCHAR2(2048) -); diff --git a/openid-connect-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql deleted file mode 100644 index bb6bc82a23..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql +++ /dev/null @@ -1,26 +0,0 @@ --- --- Insert scope information into the temporary tables. --- - -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('openid', 'log in using your identity', 'user', 0, 1); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('profile', 'basic profile information', 'list-alt', 0, 1); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('email', 'email address', 'envelope', 0, 1); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('address', 'physical address', 'home', 0, 1); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('phone', 'telephone number', 'bell', 0, 1, 0); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('offline_access', 'offline access', 'time', 0, 0); --- --- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. --- - -MERGE INTO system_scope - USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) vals - ON (vals.scope = system_scope.scope) - WHEN NOT MATCHED THEN - INSERT (id, scope, description, icon, restricted, default_scope) VALUES(system_scope_seq.nextval, vals.scope, - vals.description, vals.icon, vals.restricted, vals.default_scope); diff --git a/openid-connect-server-webapp/src/main/resources/db/oracle/security-schema_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/oracle/security-schema_oracle.sql deleted file mode 100644 index 5b67ef668f..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/oracle/security-schema_oracle.sql +++ /dev/null @@ -1,18 +0,0 @@ --- --- Tables for Spring Security's user details service --- - -create table users( - username varchar2(50) not null primary key, - password varchar2(50) not null, - enabled number(1) not null, - - constraint enabled_check check (enabled in (1, 0)) -); - -create table authorities ( - username varchar2(50) not null, - authority varchar2(50) not null, - constraint fk_authorities_users foreign key(username) references users(username), - constraint ix_authority unique (username,authority) -); diff --git a/openid-connect-server-webapp/src/main/resources/db/oracle/users_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/oracle/users_oracle.sql deleted file mode 100644 index 732a13f16e..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/oracle/users_oracle.sql +++ /dev/null @@ -1,39 +0,0 @@ --- --- Insert user information into the temporary tables. To add users to the Oracle database, edit things here. --- - -INSERT INTO users_TEMP (username, password, enabled) VALUES ('admin','password',1); -INSERT INTO users_TEMP (username, password, enabled) VALUES ('user','password',1); - - -INSERT INTO authorities_TEMP (username, authority) VALUES ('admin','ROLE_ADMIN'); -INSERT INTO authorities_TEMP (username, authority) VALUES('admin','ROLE_USER'); -INSERT INTO authorities_TEMP (username, authority) VALUES('user','ROLE_USER'); - --- By default, the username column here has to match the username column in the users table, above -INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', 1); -INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('01921.FLANRJQW','user','Demo User','user@example.com', 1); - - --- --- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store. --- - -MERGE INTO users - USING (SELECT username, password, enabled FROM users_TEMP) vals - ON (vals.username = users.username) - WHEN NOT MATCHED THEN - INSERT (username, password, enabled) VALUES(vals.username, vals.password, vals.enabled); - -MERGE INTO authorities - USING (SELECT username, authority FROM authorities_TEMP) vals - ON (vals.username = authorities.username AND vals.authority = authorities.authority) - WHEN NOT MATCHED THEN - INSERT (username,authority) values (vals.username, vals.authority); - -MERGE INTO user_info - USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) vals - ON (vals.preferred_username = user_info.preferred_username) - WHEN NOT MATCHED THEN - INSERT (id, sub, preferred_username, name, email, email_verified) VALUES (user_info_seq.nextval, vals.sub, vals.preferred_username, vals.name, vals.email, - vals.email_verified); diff --git a/openid-connect-server-webapp/src/main/resources/db/psql/clients.sql b/openid-connect-server-webapp/src/main/resources/db/psql/clients.sql deleted file mode 100644 index bf14c2b2b6..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/psql/clients.sql +++ /dev/null @@ -1,66 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - ---SET AUTOCOMMIT = OFF; - -START TRANSACTION; - --- --- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here. --- - -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('client', 'secret', 'Test Client', false, null, 3600, 600, true); - -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES - ('client', 'openid'), - ('client', 'profile'), - ('client', 'email'), - ('client', 'address'), - ('client', 'phone'), - ('client', 'offline_access'); - -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES - ('client', 'http://localhost/'), - ('client', 'http://localhost:8080/'); - -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES - ('client', 'authorization_code'), - ('client', 'urn:ietf:params:oauth:grant_type:redelegate'), - ('client', 'implicit'), - ('client', 'refresh_token'); - --- --- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store. --- - -INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) - SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP - ON CONFLICT - DO NOTHING; - -INSERT INTO client_scope (scope) - SELECT scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id - ON CONFLICT - DO NOTHING; - -INSERT INTO client_redirect_uri (redirect_uri) - SELECT redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id - ON CONFLICT - DO NOTHING; - -INSERT INTO client_grant_type (grant_type) - SELECT grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id - ON CONFLICT - DO NOTHING; - --- --- Close the transaction and turn autocommit back on --- - -COMMIT; - ---SET AUTOCOMMIT = ON; - - diff --git a/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_index.sql b/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_index.sql deleted file mode 100644 index a641ff8211..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_index.sql +++ /dev/null @@ -1,19 +0,0 @@ --- --- Indexes for PostgreSQL --- - -CREATE INDEX IF NOT EXISTS at_tv_idx ON access_token(token_value); -CREATE INDEX IF NOT EXISTS ts_oi_idx ON token_scope(owner_id); -CREATE INDEX IF NOT EXISTS at_exp_idx ON access_token(expiration); -CREATE INDEX IF NOT EXISTS rf_ahi_idx ON refresh_token(auth_holder_id); -CREATE INDEX IF NOT EXISTS rf_tv_idx ON refresh_token(token_value); -CREATE INDEX IF NOT EXISTS cd_ci_idx ON client_details(client_id); -CREATE INDEX IF NOT EXISTS at_ahi_idx ON access_token(auth_holder_id); -CREATE INDEX IF NOT EXISTS aha_oi_idx ON authentication_holder_authority(owner_id); -CREATE INDEX IF NOT EXISTS ahe_oi_idx ON authentication_holder_extension(owner_id); -CREATE INDEX IF NOT EXISTS ahrp_oi_idx ON authentication_holder_request_parameter(owner_id); -CREATE INDEX IF NOT EXISTS ahri_oi_idx ON authentication_holder_resource_id(owner_id); -CREATE INDEX IF NOT EXISTS ahrt_oi_idx ON authentication_holder_response_type(owner_id); -CREATE INDEX IF NOT EXISTS ahs_oi_idx ON authentication_holder_scope(owner_id); -CREATE INDEX IF NOT EXISTS ac_ahi_idx ON authorization_code(auth_holder_id); -CREATE INDEX IF NOT EXISTS suaa_oi_idx ON saved_user_auth_authority(owner_id); diff --git a/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql deleted file mode 100644 index be871b7e80..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql +++ /dev/null @@ -1,384 +0,0 @@ --- --- Tables for OIDC Server functionality, PostgreSQL --- - -CREATE TABLE IF NOT EXISTS access_token ( - id BIGSERIAL PRIMARY KEY, - token_value VARCHAR(4096), - expiration TIMESTAMP, - token_type VARCHAR(256), - refresh_token_id BIGINT, - client_id BIGINT, - auth_holder_id BIGINT, - approved_site_id BIGINT, - UNIQUE(token_value) -); - -CREATE TABLE IF NOT EXISTS access_token_permissions ( - access_token_id BIGINT NOT NULL, - permission_id BIGINT NOT NULL -); - -CREATE TABLE IF NOT EXISTS address ( - id BIGSERIAL PRIMARY KEY, - formatted VARCHAR(256), - street_address VARCHAR(256), - locality VARCHAR(256), - region VARCHAR(256), - postal_code VARCHAR(256), - country VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS approved_site ( - id BIGSERIAL PRIMARY KEY, - user_id VARCHAR(256), - client_id VARCHAR(256), - creation_date TIMESTAMP, - access_date TIMESTAMP, - timeout_date TIMESTAMP, - whitelisted_site_id BIGINT -); - -CREATE TABLE IF NOT EXISTS approved_site_scope ( - owner_id BIGINT, - scope VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authentication_holder ( - id BIGSERIAL PRIMARY KEY, - user_auth_id BIGINT, - approved BOOLEAN, - redirect_uri VARCHAR(2048), - client_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_authority ( - owner_id BIGINT, - authority VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_resource_id ( - owner_id BIGINT, - resource_id VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_response_type ( - owner_id BIGINT, - response_type VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_extension ( - owner_id BIGINT, - extension VARCHAR(2048), - val VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_scope ( - owner_id BIGINT, - scope VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter ( - owner_id BIGINT, - param VARCHAR(2048), - val VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS saved_user_auth ( - id BIGSERIAL PRIMARY KEY, - name VARCHAR(1024), - authenticated BOOLEAN, - source_class VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS saved_user_auth_authority ( - owner_id BIGINT, - authority VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS client_authority ( - owner_id BIGINT, - authority VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS authorization_code ( - id BIGSERIAL PRIMARY KEY, - code VARCHAR(256), - auth_holder_id BIGINT, - expiration TIMESTAMP -); - -CREATE TABLE IF NOT EXISTS client_grant_type ( - owner_id BIGINT, - grant_type VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_response_type ( - owner_id BIGINT, - response_type VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS blacklisted_site ( - id BIGSERIAL PRIMARY KEY, - uri VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS client_details ( - id BIGSERIAL PRIMARY KEY, - - client_description VARCHAR(1024), - reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL, - dynamically_registered BOOLEAN DEFAULT false NOT NULL, - allow_introspection BOOLEAN DEFAULT false NOT NULL, - id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL, - device_code_validity_seconds BIGINT, - - client_id VARCHAR(256), - client_secret VARCHAR(2048), - access_token_validity_seconds BIGINT, - refresh_token_validity_seconds BIGINT, - - application_type VARCHAR(256), - client_name VARCHAR(256), - token_endpoint_auth_method VARCHAR(256), - subject_type VARCHAR(256), - - logo_uri VARCHAR(2048), - policy_uri VARCHAR(2048), - client_uri VARCHAR(2048), - tos_uri VARCHAR(2048), - - jwks_uri VARCHAR(2048), - jwks VARCHAR(8192), - sector_identifier_uri VARCHAR(2048), - - request_object_signing_alg VARCHAR(256), - - user_info_signed_response_alg VARCHAR(256), - user_info_encrypted_response_alg VARCHAR(256), - user_info_encrypted_response_enc VARCHAR(256), - - id_token_signed_response_alg VARCHAR(256), - id_token_encrypted_response_alg VARCHAR(256), - id_token_encrypted_response_enc VARCHAR(256), - - token_endpoint_auth_signing_alg VARCHAR(256), - - default_max_age BIGINT, - require_auth_time BOOLEAN, - created_at TIMESTAMP, - initiate_login_uri VARCHAR(2048), - clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL, - - software_statement VARCHAR(4096), - software_id VARCHAR(2048), - software_version VARCHAR(2048), - - code_challenge_method VARCHAR(256), - - UNIQUE (client_id) -); - -CREATE TABLE IF NOT EXISTS client_request_uri ( - owner_id BIGINT, - request_uri VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri ( - owner_id BIGINT, - post_logout_redirect_uri VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_default_acr_value ( - owner_id BIGINT, - default_acr_value VARCHAR(2000) -); - -CREATE TABLE IF NOT EXISTS client_contact ( - owner_id BIGINT, - contact VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS client_redirect_uri ( - owner_id BIGINT, - redirect_uri VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS client_claims_redirect_uri ( - owner_id BIGINT, - redirect_uri VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS refresh_token ( - id BIGSERIAL PRIMARY KEY, - token_value VARCHAR(4096), - expiration TIMESTAMP, - auth_holder_id BIGINT, - client_id BIGINT -); - -CREATE TABLE IF NOT EXISTS client_resource ( - owner_id BIGINT, - resource_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS client_scope ( - owner_id BIGINT, - scope VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS token_scope ( - owner_id BIGINT, - scope VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS system_scope ( - id BIGSERIAL PRIMARY KEY, - scope VARCHAR(256) NOT NULL, - description VARCHAR(4096), - icon VARCHAR(256), - restricted BOOLEAN DEFAULT false NOT NULL, - default_scope BOOLEAN DEFAULT false NOT NULL, - UNIQUE (scope) -); - -CREATE TABLE IF NOT EXISTS user_info ( - id BIGSERIAL PRIMARY KEY, - sub VARCHAR(256), - preferred_username VARCHAR(256), - name VARCHAR(256), - given_name VARCHAR(256), - family_name VARCHAR(256), - middle_name VARCHAR(256), - nickname VARCHAR(256), - profile VARCHAR(256), - picture VARCHAR(256), - website VARCHAR(256), - email VARCHAR(256), - email_verified BOOLEAN, - gender VARCHAR(256), - zone_info VARCHAR(256), - locale VARCHAR(256), - phone_number VARCHAR(256), - phone_number_verified BOOLEAN, - address_id VARCHAR(256), - updated_time VARCHAR(256), - birthdate VARCHAR(256), - src VARCHAR(4096) -); - -CREATE TABLE IF NOT EXISTS whitelisted_site ( - id BIGSERIAL PRIMARY KEY, - creator_user_id VARCHAR(256), - client_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS whitelisted_site_scope ( - owner_id BIGINT, - scope VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS pairwise_identifier ( - id BIGSERIAL PRIMARY KEY, - identifier VARCHAR(256), - sub VARCHAR(256), - sector_identifier VARCHAR(2048) -); - -CREATE TABLE IF NOT EXISTS resource_set ( - id BIGSERIAL PRIMARY KEY, - name VARCHAR(1024) NOT NULL, - uri VARCHAR(1024), - icon_uri VARCHAR(1024), - rs_type VARCHAR(256), - owner VARCHAR(256) NOT NULL, - client_id VARCHAR(256) -); - -CREATE TABLE IF NOT EXISTS resource_set_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS permission_ticket ( - id BIGSERIAL PRIMARY KEY, - ticket VARCHAR(256) NOT NULL, - permission_id BIGINT NOT NULL, - expiration TIMESTAMP -); - -CREATE TABLE IF NOT EXISTS permission ( - id BIGSERIAL PRIMARY KEY, - resource_set_id BIGINT -); - -CREATE TABLE IF NOT EXISTS permission_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS claim ( - id BIGSERIAL PRIMARY KEY, - name VARCHAR(256), - friendly_name VARCHAR(1024), - claim_type VARCHAR(1024), - claim_value VARCHAR(1024) -); - -CREATE TABLE IF NOT EXISTS claim_to_policy ( - policy_id BIGINT NOT NULL, - claim_id BIGINT NOT NULL -); - -CREATE TABLE IF NOT EXISTS claim_to_permission_ticket ( - permission_ticket_id BIGINT NOT NULL, - claim_id BIGINT NOT NULL -); - -CREATE TABLE IF NOT EXISTS policy ( - id BIGSERIAL PRIMARY KEY, - name VARCHAR(1024), - resource_set_id BIGINT -); - -CREATE TABLE IF NOT EXISTS policy_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS claim_token_format ( - owner_id BIGINT NOT NULL, - claim_token_format VARCHAR(1024) -); - -CREATE TABLE IF NOT EXISTS claim_issuer ( - owner_id BIGINT NOT NULL, - issuer VARCHAR(1024) -); - -CREATE TABLE IF NOT EXISTS saved_registered_client ( - id BIGSERIAL PRIMARY KEY, - issuer VARCHAR(1024), - registered_client VARCHAR(8192) -); - -CREATE TABLE IF NOT EXISTS device_code ( - id BIGSERIAL PRIMARY KEY, - device_code VARCHAR(1024), - user_code VARCHAR(1024), - expiration TIMESTAMP NULL, - client_id VARCHAR(256), - approved BOOLEAN, - auth_holder_id BIGINT -); - -CREATE TABLE IF NOT EXISTS device_code_scope ( - owner_id BIGINT NOT NULL, - scope VARCHAR(256) NOT NULL -); - -CREATE TABLE IF NOT EXISTS device_code_request_parameter ( - owner_id BIGINT, - param VARCHAR(2048), - val VARCHAR(2048) -); diff --git a/openid-connect-server-webapp/src/main/resources/db/psql/scopes.sql b/openid-connect-server-webapp/src/main/resources/db/psql/scopes.sql deleted file mode 100644 index 140c727554..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/psql/scopes.sql +++ /dev/null @@ -1,33 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - ---SET AUTOCOMMIT = OFF; - -START TRANSACTION; - --- --- Insert scope information into the temporary tables. --- - -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('openid', 'log in using your identity', 'user', false, true), - ('profile', 'basic profile information', 'list-alt', false, true), - ('email', 'email address', 'envelope', false, true), - ('address', 'physical address', 'home', false, true), - ('phone', 'telephone number', 'bell', false, true), - ('offline_access', 'offline access', 'time', false, false); - --- --- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. --- - -INSERT INTO system_scope (scope, description, icon, restricted, default_scope) - SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP - ON CONFLICT(scope) - DO NOTHING; - -COMMIT; - ---SET AUTOCOMMIT = ON; - diff --git a/openid-connect-server-webapp/src/main/resources/db/psql/security-schema.sql b/openid-connect-server-webapp/src/main/resources/db/psql/security-schema.sql deleted file mode 100644 index bc5d70b880..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/psql/security-schema.sql +++ /dev/null @@ -1,14 +0,0 @@ --- --- Tables for Spring Security's user details service --- - -create table IF NOT EXISTS users( - username varchar(50) not null primary key, - password varchar(50) not null, - enabled boolean not null); - - create table IF NOT EXISTS authorities ( - username varchar(50) not null, - authority varchar(50) not null, - constraint fk_authorities_users foreign key(username) references users(username), - constraint ix_authority unique (username,authority)); \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/resources/db/psql/users.sql b/openid-connect-server-webapp/src/main/resources/db/psql/users.sql deleted file mode 100644 index 537330278c..0000000000 --- a/openid-connect-server-webapp/src/main/resources/db/psql/users.sql +++ /dev/null @@ -1,55 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - ---SET AUTOCOMMIT FALSE; - -START TRANSACTION; - --- --- Insert user information into the temporary tables. To add users to the HSQL database, edit things here. --- - -INSERT INTO users_TEMP (username, password, enabled) VALUES - ('admin','password',true), - ('user','password',true); - - -INSERT INTO authorities_TEMP (username, authority) VALUES - ('admin','ROLE_ADMIN'), - ('admin','ROLE_USER'), - ('user','ROLE_USER'); - --- By default, the username column here has to match the username column in the users table, above -INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES - ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true), - ('01921.FLANRJQW','user','Demo User','user@example.com', true); - - --- --- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store. --- - -INSERT INTO users - SELECT username, password, enabled FROM users_TEMP - ON CONFLICT(username) - DO NOTHING; - -INSERT INTO authorities - SELECT username, authority FROM authorities_TEMP - ON CONFLICT(username, authority) - DO NOTHING; - -INSERT INTO user_info (sub, preferred_username, name, email, email_verified) - SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP - ON CONFLICT - DO NOTHING; - --- --- Close the transaction and turn autocommit back on --- - -COMMIT; - ---SET AUTOCOMMIT TRUE; - diff --git a/openid-connect-server-webapp/src/main/resources/keystore.jwks b/openid-connect-server-webapp/src/main/resources/keystore.jwks deleted file mode 100644 index 461413ffe3..0000000000 --- a/openid-connect-server-webapp/src/main/resources/keystore.jwks +++ /dev/null @@ -1,12 +0,0 @@ -{ - "keys": [ - { - "alg": "RS256", - "d": "PvBAngE3kkTnD3yDKo3wCvHJHm20kb9a0FVGLd0s2Y0E_3H2XnZC8-2zPhN6AQTjPhohSDCew20gzm76lyOvMqRiUP2Zpaopa1d2fGvNIQSdM07yKa6EivEYxqPQxa5esoZnexgnb9fom70I8n5OQRNQikwu-az26CsHX2zWMRodzSdN5CXHvb1PV09DmH8azTYwoMElPIqmcTfxiRw2Ov5ucmXXngKRFJgvfUgKd7v4ScBX7sQoQEjWEtt7ta0WvL3Ar5E1RAW4aHxuubZ6AtloxWCf17AAKw03dfP5RDm5TDmgm2B635ecJ7fTvneFmg8W_fdMTPRfBlCGNBp3wQ", - "e": "AQAB", - "n": "qt6yOiI_wCoCVlGO0MySsez0VkSqhPvDl3rfabOslx35mYEO-n4ABfIT5Gn2zN-CeIcOZ5ugAXvIIRWv5H55-tzjFazi5IKkOIMCiz5__MtsdxKCqGlZu2zt-BLpqTOAPiflNPpM3RUAlxKAhnYEqNha6-allPnFQupnW_eTYoyuzuedT7dSp90ry0ZcQDimntXWeaSbrYKCj9Rr9W1jn2uTowUuXaScKXTCjAmJVnsD75JNzQfa8DweklTyWQF-Y5Ky039I0VIu-0CIGhXY48GAFe2EFb8VpNhf07DP63p138RWQ1d3KPEM9mYJVpQC68j3wzDQYSljpLf9by7TGw", - "kty": "RSA", - "kid": "rsa1" - } - ] -} \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/resources/log4j.xml b/openid-connect-server-webapp/src/main/resources/log4j.xml deleted file mode 100644 index caed28b323..0000000000 --- a/openid-connect-server-webapp/src/main/resources/log4j.xml +++ /dev/null @@ -1,83 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/META-INF/MANIFEST.MF b/openid-connect-server-webapp/src/main/webapp/META-INF/MANIFEST.MF deleted file mode 100644 index 58630c02ef..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/META-INF/MANIFEST.MF +++ /dev/null @@ -1,2 +0,0 @@ -Manifest-Version: 1.0 - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml deleted file mode 100644 index fdbc37ba72..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml +++ /dev/null @@ -1,320 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - /introspect - /revoke - /token - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/assertion-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/assertion-config.xml deleted file mode 100644 index 59ea49fe90..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/assertion-config.xml +++ /dev/null @@ -1,50 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/authz-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/authz-config.xml deleted file mode 100644 index 0c5e5019f8..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/authz-config.xml +++ /dev/null @@ -1,60 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/crypto-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/crypto-config.xml deleted file mode 100644 index 36c043a782..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/crypto-config.xml +++ /dev/null @@ -1,50 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml deleted file mode 100644 index 0313b5b1b5..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml +++ /dev/null @@ -1,128 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml deleted file mode 100644 index bcfc14a6c3..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/jpa-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/jpa-config.xml deleted file mode 100644 index afe40844af..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/jpa-config.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/local-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/local-config.xml deleted file mode 100644 index e580f6e52a..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/local-config.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/locale-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/locale-config.xml deleted file mode 100644 index 60cdb6b0f1..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/locale-config.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml deleted file mode 100644 index bf9f998652..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml +++ /dev/null @@ -1,77 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/spring-servlet.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/spring-servlet.xml deleted file mode 100644 index f37e980ba6..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/spring-servlet.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag deleted file mode 100644 index d391a30ad0..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag +++ /dev/null @@ -1,20 +0,0 @@ -<%@ tag language="java" pageEncoding="UTF-8"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -<%@ taglib prefix="security" - uri="http://www.springframework.org/security/tags"%> - -
    • -
    • -
    • -
    • -
    • -
  • -     -
    • -
    • -
    • -
    • -
  • -
    • -
  • -
  • \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/copyright.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/copyright.tag deleted file mode 100644 index 4b0aa920ad..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/copyright.tag +++ /dev/null @@ -1,4 +0,0 @@ -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -HEART Mode - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/footer.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/footer.tag deleted file mode 100644 index 2b95de6dcb..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/footer.tag +++ /dev/null @@ -1,45 +0,0 @@ -<%@ attribute name="js" required="false"%> -<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -
    - - - - - - - - - - - - - - - - - - - - -
    - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag deleted file mode 100644 index 94f68be330..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag +++ /dev/null @@ -1,87 +0,0 @@ -<%@attribute name="title" required="false"%> -<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -<%@ tag import="com.google.gson.Gson" %> - - - - - - - - ${config.topbarTitle} - ${title} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/navmenu.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/navmenu.tag deleted file mode 100644 index 78bfe15cb5..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/navmenu.tag +++ /dev/null @@ -1,39 +0,0 @@ -<%@attribute name="pageName"%> -<%@ tag language="java" pageEncoding="UTF-8"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -<%@ taglib prefix="security" - uri="http://www.springframework.org/security/tags"%> - - - -
    • - - -
    • -     - - - -
    • -     - -
    • -     -     - - -
    • -     - -
    • -     -     - - -
    • -     - -
    • -     -     diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/sidebar.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/sidebar.tag deleted file mode 100644 index 93f78c871b..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/sidebar.tag +++ /dev/null @@ -1,18 +0,0 @@ -<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> - - - -
    -
    -
      - -
    -
    -
    -     - -
    - -
    -     diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/topbar.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/topbar.tag deleted file mode 100644 index 1bce4a1c5f..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/topbar.tag +++ /dev/null @@ -1,107 +0,0 @@ -<%@attribute name="pageName" required="false"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> -<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> - - - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    - - - - - ${config.shortTopbarTitle} - ${config.topbarTitle} - - - -
    -
      - -
    - - - -
      - -
    - -     - - - - - - - - -
    -     -
    -
    -
    - - \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/task-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/task-config.xml deleted file mode 100644 index 30f3e98a9a..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/task-config.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/ui-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/ui-config.xml deleted file mode 100644 index 2e0cf646bb..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/ui-config.xml +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - - - - resources/js/client.js - resources/js/grant.js - resources/js/scope.js - resources/js/whitelist.js - resources/js/dynreg.js - resources/js/rsreg.js - resources/js/token.js - resources/js/blacklist.js - resources/js/profile.js - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml deleted file mode 100644 index 1bd665d398..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml +++ /dev/null @@ -1,58 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/about.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/about.jsp deleted file mode 100644 index 1bf74f8b5e..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/about.jsp +++ /dev/null @@ -1,29 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - - - -
    -
    - -
    - -
    - -

    -

    - -

    - -
    - - -
    -
    -
    - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp deleted file mode 100644 index 6526fb8426..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp +++ /dev/null @@ -1,320 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ page import="org.springframework.security.core.AuthenticationException"%> -<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%> -<%@ page import="org.springframework.security.web.WebAttributes"%> -<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - - -
    - <% if (session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) != null && !(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof UnapprovedClientAuthenticationException)) { %> -
    - × - -

    - (<%= ((AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).getMessage() %>) -

    -
    - <% } %> - - -
    -

      - - - - - - - - -

    - -
    - -
    -
    - - - - -
    -

    - - - - -

    -
    -     - - -
    "> -

    - : -

    - -

    - -

    -

    - - - - - - - - - - - -

    -
    -     -     -     - - -
      -
    • - -
      • -
    - - -     - -
    - - -
    - -
    -
    -
      - -
    • : ">
      • -       - -
    • : ">
      • -       - -
    • : ">
      • -       - -
    • :
      • -       -
    -
    -     -
    -     -
    - - -
    -

    - : -

    - - -
    -     - - - -     -
    - - -
    - -
    -     - -
    -
    -
    - : - - -
    -

    - : -

    -

    - -

    -
    -     - - - - - -
    - " - > - - - - - - - - - - - -
    - : - - - -
    -
    - -
    - -
    -

    - - " - - - - - - - "? -

    - - - - - -   - -
    - - - -
    - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approveDevice.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approveDevice.jsp deleted file mode 100644 index 162170311e..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approveDevice.jsp +++ /dev/null @@ -1,287 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ page import="org.springframework.security.core.AuthenticationException"%> -<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%> -<%@ page import="org.springframework.security.web.WebAttributes"%> -<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - - -
    - <% if (session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) != null && !(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof UnapprovedClientAuthenticationException)) { %> -
    - × - -

    - (<%= ((AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).getMessage() %>) -

    -
    - <% } %> - - -
    -

      - - - - - - - - -

    - -
    - -
    -
    - - - - -
    -

    - - - - -

    -
    -     - - -
    "> -

    - : -

    - -

    - -

    -

    - - - - - - - - - - - -

    -
    -     -     -     - - -
      -
    • - -
      • -
    - - -     - -
    - - -
    - -
    -
    -
      - -
    • : ">
      • -       - -
    • : ">
      • -       - -
    • : ">
      • -       - -
    • :
      • -       -
    -
    -     -
    -     - - -
    - -
    -     - -
    -
    -
    - : - - -
    -

    - : -

    -

    - -

    -
    -     - -
      - -
    • - - - - - - - - - - - - - - -
    • - : - -
      • -       -
    -
    - " - > - - - - - - - - - -
    - -
    - -
    -

    - - " - - - - - - - "? -

    - - - - - - -   - -
    - - - -
    - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/contact.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/contact.jsp deleted file mode 100644 index cdfcdbcd16..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/contact.jsp +++ /dev/null @@ -1,29 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - - - - -
    -
    - -
    -
    - -

    -

    - -

    - -
    - - -
    -
    -
    - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/deviceApproved.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/deviceApproved.jsp deleted file mode 100644 index 80f601c633..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/deviceApproved.jsp +++ /dev/null @@ -1,39 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ page import="org.springframework.security.core.AuthenticationException"%> -<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%> -<%@ page import="org.springframework.security.web.WebAttributes"%> -<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - - -
    - -
    -

    - - - - - - - -

    - - - -
    -     - -
    -     -     - -
    -
    - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/error.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/error.jsp deleted file mode 100644 index 66c5f585ed..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/error.jsp +++ /dev/null @@ -1,48 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@page import="org.springframework.http.HttpStatus"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> -<%@page import="org.springframework.security.oauth2.common.exceptions.OAuth2Exception"%> -<% - -if (request.getAttribute("error") != null && request.getAttribute("error") instanceof OAuth2Exception) { - request.setAttribute("errorCode", ((OAuth2Exception)request.getAttribute("error")).getOAuth2ErrorCode()); - request.setAttribute("message", ((OAuth2Exception)request.getAttribute("error")).getMessage()); -} else if (request.getAttribute("javax.servlet.error.exception") != null) { - Throwable t = (Throwable)request.getAttribute("javax.servlet.error.exception"); - request.setAttribute("errorCode", t.getClass().getSimpleName() + " (" + request.getAttribute("javax.servlet.error.status_code") + ")"); - request.setAttribute("message", t.getMessage()); -} else if (request.getAttribute("javax.servlet.error.status_code") != null) { - Integer code = (Integer)request.getAttribute("javax.servlet.error.status_code"); - HttpStatus status = HttpStatus.valueOf(code); - request.setAttribute("errorCode", status.toString() + " " + status.getReasonPhrase()); - request.setAttribute("message", request.getAttribute("javax.servlet.error.message")); -} else { - request.setAttribute("errorCode", "Server error"); - request.setAttribute("message", "See the logs for details"); -} - -%> - - - -
    -
    -
    -
    -

    - -

    -

    - -

    -

    - -
    - -
    -
    -
    - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/home.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/home.jsp deleted file mode 100644 index 5fa2495a53..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/home.jsp +++ /dev/null @@ -1,84 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> - - - - -
    -
    - -
    -
    -
    -
    - -
    -

    -

    -
    -
    -
    - -
    -
    -

    - -

    - -

    »

    -
    -
    -

    -

    - -

    -
    - -
    -
    - -
    -
    -

    - -

    - -

    - - - -

    -
    -
    - -
    -
    -
    - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/login.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/login.jsp deleted file mode 100644 index 5be8f9b2a5..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/login.jsp +++ /dev/null @@ -1,51 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - -
    - -

    - - -
    -     - - -
    -
    -
    -
    -
    - - " autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" value="" id="j_username" name="username"> -
    -
    -
    -
    - - " autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" id="j_password" name="password"> -
    -
    -
    - - " name="submit"> -
    -
    -
    -
    -
    - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/logoutConfirmation.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/logoutConfirmation.jsp deleted file mode 100644 index a53199e2f4..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/logoutConfirmation.jsp +++ /dev/null @@ -1,55 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ page import="org.springframework.security.core.AuthenticationException"%> -<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%> -<%@ page import="org.springframework.security.web.WebAttributes"%> -<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - - -
    - -
    - -

    - -
    - -
    -
    - - -
    - - -   - - - - - - - - - -
    -
    - -
    - - -   - -
    -
    - -
    - -
    -
    - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/manage.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/manage.jsp deleted file mode 100644 index 548819d593..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/manage.jsp +++ /dev/null @@ -1,47 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - - - - - - -
    -
    - -
    -
    - -
    -
    -

    :

    -

    -
    -
    -
    -
    -

    ...

    -
    -
    -
    -
    -
    -
    -
    -
    -
    - - \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/postLogout.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/postLogout.jsp deleted file mode 100644 index 03f93974b3..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/postLogout.jsp +++ /dev/null @@ -1,26 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> - - - - -
    - -
    -

    - - -
    -     - -
    -     -
    -
    - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/requestUserCode.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/requestUserCode.jsp deleted file mode 100644 index 9551acbff3..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/requestUserCode.jsp +++ /dev/null @@ -1,61 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ page import="org.springframework.security.core.AuthenticationException"%> -<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%> -<%@ page import="org.springframework.security.web.WebAttributes"%> -<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> -<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - - -
    - -
    - -

    - - - - -
    -     - -
    -     - -
    -     - -
    -     - -
    -     -     -     - - -
    - -
    -
    - -
    -
    - -
    -
    - - -
    -
    - -
    - -
    -
    - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/stats.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/stats.jsp deleted file mode 100644 index 8e97e6b368..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/stats.jsp +++ /dev/null @@ -1,28 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> -<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> - - - - - - -
    -
    - -
    -
    -

    - -

    - - - -

    -
    -
    -
    -
    - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/web.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/web.xml deleted file mode 100644 index 618db1df4a..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/web.xml +++ /dev/null @@ -1,79 +0,0 @@ - - - - - - - - - contextConfigLocation - - /WEB-INF/application-context.xml - - - - - - org.springframework.web.context.ContextLoaderListener - - - - - - springSecurityFilterChain - org.springframework.web.filter.DelegatingFilterProxy - - contextAttribute - org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring - - - - - springSecurityFilterChain - /* - - - - - spring - org.springframework.web.servlet.DispatcherServlet - 1 - - - - spring - / - - - - - *.jsp - true - - - - - /error - - - diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.properties b/openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.properties deleted file mode 100644 index 2bc4d6e62a..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.properties +++ /dev/null @@ -1,17 +0,0 @@ -############################################################################### -# Copyright 2018 The MIT Internet Trust Consortium -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -############################################################################### -preProcessors=cssImport -postProcessors=lessCss diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.xml deleted file mode 100644 index 471fd18432..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - /less/bootstrap.less - - - /less/bootstrap-responsive.less - - \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/less/accordion.less b/openid-connect-server-webapp/src/main/webapp/less/accordion.less deleted file mode 100644 index d63523bc8c..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/accordion.less +++ /dev/null @@ -1,34 +0,0 @@ -// -// Accordion -// -------------------------------------------------- - - -// Parent container -.accordion { - margin-bottom: @baseLineHeight; -} - -// Group == heading + body -.accordion-group { - margin-bottom: 2px; - border: 1px solid #e5e5e5; - .border-radius(@baseBorderRadius); -} -.accordion-heading { - border-bottom: 0; -} -.accordion-heading .accordion-toggle { - display: block; - padding: 8px 15px; -} - -// General toggle styles -.accordion-toggle { - cursor: pointer; -} - -// Inner needs the styles because you can't animate properly with any styles on the element -.accordion-inner { - padding: 9px 15px; - border-top: 1px solid #e5e5e5; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/alerts.less b/openid-connect-server-webapp/src/main/webapp/less/alerts.less deleted file mode 100644 index 0116b191b3..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/alerts.less +++ /dev/null @@ -1,79 +0,0 @@ -// -// Alerts -// -------------------------------------------------- - - -// Base styles -// ------------------------- - -.alert { - padding: 8px 35px 8px 14px; - margin-bottom: @baseLineHeight; - text-shadow: 0 1px 0 rgba(255,255,255,.5); - background-color: @warningBackground; - border: 1px solid @warningBorder; - .border-radius(@baseBorderRadius); -} -.alert, -.alert h4 { - // Specified for the h4 to prevent conflicts of changing @headingsColor - color: @warningText; -} -.alert h4 { - margin: 0; -} - -// Adjust close link position -.alert .close { - position: relative; - top: -2px; - right: -21px; - line-height: @baseLineHeight; -} - - -// Alternate styles -// ------------------------- - -.alert-success { - background-color: @successBackground; - border-color: @successBorder; - color: @successText; -} -.alert-success h4 { - color: @successText; -} -.alert-danger, -.alert-error { - background-color: @errorBackground; - border-color: @errorBorder; - color: @errorText; -} -.alert-danger h4, -.alert-error h4 { - color: @errorText; -} -.alert-info { - background-color: @infoBackground; - border-color: @infoBorder; - color: @infoText; -} -.alert-info h4 { - color: @infoText; -} - - -// Block alerts -// ------------------------- - -.alert-block { - padding-top: 14px; - padding-bottom: 14px; -} -.alert-block > p, -.alert-block > ul { - margin-bottom: 0; -} -.alert-block p + p { - margin-top: 5px; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/bootstrap-responsive.less b/openid-connect-server-webapp/src/main/webapp/less/bootstrap-responsive.less deleted file mode 100644 index 3d4c58cabd..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/bootstrap-responsive.less +++ /dev/null @@ -1,48 +0,0 @@ -/*! - * Bootstrap Responsive v2.3.2 - * - * Copyright 2013 Twitter, Inc - * Licensed under the Apache License v2.0 - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Designed and built with all the love in the world by @mdo and @fat. - */ - - -// Responsive.less -// For phone and tablet devices -// ------------------------------------------------------------- - - -// REPEAT VARIABLES & MIXINS -// ------------------------- -// Required since we compile the responsive stuff separately - -@import "variables.less"; // Modify this for custom colors, font-sizes, etc -@import "mixins.less"; - - -// RESPONSIVE CLASSES -// ------------------ - -@import "responsive-utilities.less"; - - -// MEDIA QUERIES -// ------------------ - -// Large desktops -@import "responsive-1200px-min.less"; - -// Tablets to regular desktops -@import "responsive-768px-979px.less"; - -// Phones to portrait tablets and narrow desktops -@import "responsive-767px-max.less"; - - -// RESPONSIVE NAVBAR -// ------------------ - -// From 979px and below, show a button to toggle navbar contents -@import "responsive-navbar.less"; diff --git a/openid-connect-server-webapp/src/main/webapp/less/bootstrap.less b/openid-connect-server-webapp/src/main/webapp/less/bootstrap.less deleted file mode 100644 index 3eabae1440..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/bootstrap.less +++ /dev/null @@ -1,63 +0,0 @@ -/*! - * Bootstrap v2.3.2 - * - * Copyright 2013 Twitter, Inc - * Licensed under the Apache License v2.0 - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Designed and built with all the love in the world by @mdo and @fat. - */ - -// Core variables and mixins -@import "variables.less"; // Modify this for custom colors, font-sizes, etc -@import "mixins.less"; - -// CSS Reset -@import "reset.less"; - -// Grid system and page structure -@import "scaffolding.less"; -@import "grid.less"; -@import "layouts.less"; - -// Base CSS -@import "type.less"; -@import "code.less"; -@import "forms.less"; -@import "tables.less"; - -// Components: common -@import "sprites.less"; -@import "dropdowns.less"; -@import "wells.less"; -@import "component-animations.less"; -@import "close.less"; - -// Components: Buttons & Alerts -@import "buttons.less"; -@import "button-groups.less"; -@import "alerts.less"; // Note: alerts share common CSS with buttons and thus have styles in buttons.less - -// Components: Nav -@import "navs.less"; -@import "navbar.less"; -@import "breadcrumbs.less"; -@import "pagination.less"; -@import "pager.less"; - -// Components: Popovers -@import "modals.less"; -@import "tooltip.less"; -@import "popovers.less"; - -// Components: Misc -@import "thumbnails.less"; -@import "media.less"; -@import "labels-badges.less"; -@import "progress-bars.less"; -@import "accordion.less"; -@import "carousel.less"; -@import "hero-unit.less"; - -// Utility classes -@import "utilities.less"; // Has to be last to override when necessary diff --git a/openid-connect-server-webapp/src/main/webapp/less/breadcrumbs.less b/openid-connect-server-webapp/src/main/webapp/less/breadcrumbs.less deleted file mode 100644 index f753df6be8..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/breadcrumbs.less +++ /dev/null @@ -1,24 +0,0 @@ -// -// Breadcrumbs -// -------------------------------------------------- - - -.breadcrumb { - padding: 8px 15px; - margin: 0 0 @baseLineHeight; - list-style: none; - background-color: #f5f5f5; - .border-radius(@baseBorderRadius); - > li { - display: inline-block; - .ie7-inline-block(); - text-shadow: 0 1px 0 @white; - > .divider { - padding: 0 5px; - color: #ccc; - } - } - > .active { - color: @grayLight; - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/button-groups.less b/openid-connect-server-webapp/src/main/webapp/less/button-groups.less deleted file mode 100644 index 55cdc60338..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/button-groups.less +++ /dev/null @@ -1,229 +0,0 @@ -// -// Button groups -// -------------------------------------------------- - - -// Make the div behave like a button -.btn-group { - position: relative; - display: inline-block; - .ie7-inline-block(); - font-size: 0; // remove as part 1 of font-size inline-block hack - vertical-align: middle; // match .btn alignment given font-size hack above - white-space: nowrap; // prevent buttons from wrapping when in tight spaces (e.g., the table on the tests page) - .ie7-restore-left-whitespace(); -} - -// Space out series of button groups -.btn-group + .btn-group { - margin-left: 5px; -} - -// Optional: Group multiple button groups together for a toolbar -.btn-toolbar { - font-size: 0; // Hack to remove whitespace that results from using inline-block - margin-top: @baseLineHeight / 2; - margin-bottom: @baseLineHeight / 2; - > .btn + .btn, - > .btn-group + .btn, - > .btn + .btn-group { - margin-left: 5px; - } -} - -// Float them, remove border radius, then re-add to first and last elements -.btn-group > .btn { - position: relative; - .border-radius(0); -} -.btn-group > .btn + .btn { - margin-left: -1px; -} -.btn-group > .btn, -.btn-group > .dropdown-menu, -.btn-group > .popover { - font-size: @baseFontSize; // redeclare as part 2 of font-size inline-block hack -} - -// Reset fonts for other sizes -.btn-group > .btn-mini { - font-size: @fontSizeMini; -} -.btn-group > .btn-small { - font-size: @fontSizeSmall; -} -.btn-group > .btn-large { - font-size: @fontSizeLarge; -} - -// Set corners individual because sometimes a single button can be in a .btn-group and we need :first-child and :last-child to both match -.btn-group > .btn:first-child { - margin-left: 0; - .border-top-left-radius(@baseBorderRadius); - .border-bottom-left-radius(@baseBorderRadius); -} -// Need .dropdown-toggle since :last-child doesn't apply given a .dropdown-menu immediately after it -.btn-group > .btn:last-child, -.btn-group > .dropdown-toggle { - .border-top-right-radius(@baseBorderRadius); - .border-bottom-right-radius(@baseBorderRadius); -} -// Reset corners for large buttons -.btn-group > .btn.large:first-child { - margin-left: 0; - .border-top-left-radius(@borderRadiusLarge); - .border-bottom-left-radius(@borderRadiusLarge); -} -.btn-group > .btn.large:last-child, -.btn-group > .large.dropdown-toggle { - .border-top-right-radius(@borderRadiusLarge); - .border-bottom-right-radius(@borderRadiusLarge); -} - -// On hover/focus/active, bring the proper btn to front -.btn-group > .btn:hover, -.btn-group > .btn:focus, -.btn-group > .btn:active, -.btn-group > .btn.active { - z-index: 2; -} - -// On active and open, don't show outline -.btn-group .dropdown-toggle:active, -.btn-group.open .dropdown-toggle { - outline: 0; -} - - - -// Split button dropdowns -// ---------------------- - -// Give the line between buttons some depth -.btn-group > .btn + .dropdown-toggle { - padding-left: 8px; - padding-right: 8px; - .box-shadow(~"inset 1px 0 0 rgba(255,255,255,.125), inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05)"); - *padding-top: 5px; - *padding-bottom: 5px; -} -.btn-group > .btn-mini + .dropdown-toggle { - padding-left: 5px; - padding-right: 5px; - *padding-top: 2px; - *padding-bottom: 2px; -} -.btn-group > .btn-small + .dropdown-toggle { - *padding-top: 5px; - *padding-bottom: 4px; -} -.btn-group > .btn-large + .dropdown-toggle { - padding-left: 12px; - padding-right: 12px; - *padding-top: 7px; - *padding-bottom: 7px; -} - -.btn-group.open { - - // The clickable button for toggling the menu - // Remove the gradient and set the same inset shadow as the :active state - .dropdown-toggle { - background-image: none; - .box-shadow(~"inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05)"); - } - - // Keep the hover's background when dropdown is open - .btn.dropdown-toggle { - background-color: @btnBackgroundHighlight; - } - .btn-primary.dropdown-toggle { - background-color: @btnPrimaryBackgroundHighlight; - } - .btn-warning.dropdown-toggle { - background-color: @btnWarningBackgroundHighlight; - } - .btn-danger.dropdown-toggle { - background-color: @btnDangerBackgroundHighlight; - } - .btn-success.dropdown-toggle { - background-color: @btnSuccessBackgroundHighlight; - } - .btn-info.dropdown-toggle { - background-color: @btnInfoBackgroundHighlight; - } - .btn-inverse.dropdown-toggle { - background-color: @btnInverseBackgroundHighlight; - } -} - - -// Reposition the caret -.btn .caret { - margin-top: 8px; - margin-left: 0; -} -// Carets in other button sizes -.btn-large .caret { - margin-top: 6px; -} -.btn-large .caret { - border-left-width: 5px; - border-right-width: 5px; - border-top-width: 5px; -} -.btn-mini .caret, -.btn-small .caret { - margin-top: 8px; -} -// Upside down carets for .dropup -.dropup .btn-large .caret { - border-bottom-width: 5px; -} - - - -// Account for other colors -.btn-primary, -.btn-warning, -.btn-danger, -.btn-info, -.btn-success, -.btn-inverse { - .caret { - border-top-color: @white; - border-bottom-color: @white; - } -} - - - -// Vertical button groups -// ---------------------- - -.btn-group-vertical { - display: inline-block; // makes buttons only take up the width they need - .ie7-inline-block(); -} -.btn-group-vertical > .btn { - display: block; - float: none; - max-width: 100%; - .border-radius(0); -} -.btn-group-vertical > .btn + .btn { - margin-left: 0; - margin-top: -1px; -} -.btn-group-vertical > .btn:first-child { - .border-radius(@baseBorderRadius @baseBorderRadius 0 0); -} -.btn-group-vertical > .btn:last-child { - .border-radius(0 0 @baseBorderRadius @baseBorderRadius); -} -.btn-group-vertical > .btn-large:first-child { - .border-radius(@borderRadiusLarge @borderRadiusLarge 0 0); -} -.btn-group-vertical > .btn-large:last-child { - .border-radius(0 0 @borderRadiusLarge @borderRadiusLarge); -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/buttons.less b/openid-connect-server-webapp/src/main/webapp/less/buttons.less deleted file mode 100644 index 4cd4d862b3..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/buttons.less +++ /dev/null @@ -1,228 +0,0 @@ -// -// Buttons -// -------------------------------------------------- - - -// Base styles -// -------------------------------------------------- - -// Core -.btn { - display: inline-block; - .ie7-inline-block(); - padding: 4px 12px; - margin-bottom: 0; // For input.btn - font-size: @baseFontSize; - line-height: @baseLineHeight; - text-align: center; - vertical-align: middle; - cursor: pointer; - .buttonBackground(@btnBackground, @btnBackgroundHighlight, @grayDark, 0 1px 1px rgba(255,255,255,.75)); - border: 1px solid @btnBorder; - *border: 0; // Remove the border to prevent IE7's black border on input:focus - border-bottom-color: darken(@btnBorder, 10%); - .border-radius(@baseBorderRadius); - .ie7-restore-left-whitespace(); // Give IE7 some love - .box-shadow(~"inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05)"); - - // Hover/focus state - &:hover, - &:focus { - color: @grayDark; - text-decoration: none; - background-position: 0 -15px; - - // transition is only when going to hover/focus, otherwise the background - // behind the gradient (there for IE<=9 fallback) gets mismatched - .transition(background-position .1s linear); - } - - // Focus state for keyboard and accessibility - &:focus { - .tab-focus(); - } - - // Active state - &.active, - &:active { - background-image: none; - outline: 0; - .box-shadow(~"inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05)"); - } - - // Disabled state - &.disabled, - &[disabled] { - cursor: default; - background-image: none; - .opacity(65); - .box-shadow(none); - } - -} - - - -// Button Sizes -// -------------------------------------------------- - -// Large -.btn-large { - padding: @paddingLarge; - font-size: @fontSizeLarge; - .border-radius(@borderRadiusLarge); -} -.btn-large [class^="icon-"], -.btn-large [class*=" icon-"] { - margin-top: 4px; -} - -// Small -.btn-small { - padding: @paddingSmall; - font-size: @fontSizeSmall; - .border-radius(@borderRadiusSmall); -} -.btn-small [class^="icon-"], -.btn-small [class*=" icon-"] { - margin-top: 0; -} -.btn-mini [class^="icon-"], -.btn-mini [class*=" icon-"] { - margin-top: -1px; -} - -// Mini -.btn-mini { - padding: @paddingMini; - font-size: @fontSizeMini; - .border-radius(@borderRadiusSmall); -} - - -// Block button -// ------------------------- - -.btn-block { - display: block; - width: 100%; - padding-left: 0; - padding-right: 0; - .box-sizing(border-box); -} - -// Vertically space out multiple block buttons -.btn-block + .btn-block { - margin-top: 5px; -} - -// Specificity overrides -input[type="submit"], -input[type="reset"], -input[type="button"] { - &.btn-block { - width: 100%; - } -} - - - -// Alternate buttons -// -------------------------------------------------- - -// Provide *some* extra contrast for those who can get it -.btn-primary.active, -.btn-warning.active, -.btn-danger.active, -.btn-success.active, -.btn-info.active, -.btn-inverse.active { - color: rgba(255,255,255,.75); -} - -// Set the backgrounds -// ------------------------- -.btn-primary { - .buttonBackground(@btnPrimaryBackground, @btnPrimaryBackgroundHighlight); -} -// Warning appears are orange -.btn-warning { - .buttonBackground(@btnWarningBackground, @btnWarningBackgroundHighlight); -} -// Danger and error appear as red -.btn-danger { - .buttonBackground(@btnDangerBackground, @btnDangerBackgroundHighlight); -} -// Success appears as green -.btn-success { - .buttonBackground(@btnSuccessBackground, @btnSuccessBackgroundHighlight); -} -// Info appears as a neutral blue -.btn-info { - .buttonBackground(@btnInfoBackground, @btnInfoBackgroundHighlight); -} -// Inverse appears as dark gray -.btn-inverse { - .buttonBackground(@btnInverseBackground, @btnInverseBackgroundHighlight); -} - - -// Cross-browser Jank -// -------------------------------------------------- - -button.btn, -input[type="submit"].btn { - - // Firefox 3.6 only I believe - &::-moz-focus-inner { - padding: 0; - border: 0; - } - - // IE7 has some default padding on button controls - *padding-top: 3px; - *padding-bottom: 3px; - - &.btn-large { - *padding-top: 7px; - *padding-bottom: 7px; - } - &.btn-small { - *padding-top: 3px; - *padding-bottom: 3px; - } - &.btn-mini { - *padding-top: 1px; - *padding-bottom: 1px; - } -} - - -// Link buttons -// -------------------------------------------------- - -// Make a button look and behave like a link -.btn-link, -.btn-link:active, -.btn-link[disabled] { - background-color: transparent; - background-image: none; - .box-shadow(none); -} -.btn-link { - border-color: transparent; - cursor: pointer; - color: @linkColor; - .border-radius(0); -} -.btn-link:hover, -.btn-link:focus { - color: @linkColorHover; - text-decoration: underline; - background-color: transparent; -} -.btn-link[disabled]:hover, -.btn-link[disabled]:focus { - color: @grayDark; - text-decoration: none; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/carousel.less b/openid-connect-server-webapp/src/main/webapp/less/carousel.less deleted file mode 100644 index 55bc050144..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/carousel.less +++ /dev/null @@ -1,158 +0,0 @@ -// -// Carousel -// -------------------------------------------------- - - -.carousel { - position: relative; - margin-bottom: @baseLineHeight; - line-height: 1; -} - -.carousel-inner { - overflow: hidden; - width: 100%; - position: relative; -} - -.carousel-inner { - - > .item { - display: none; - position: relative; - .transition(.6s ease-in-out left); - - // Account for jankitude on images - > img, - > a > img { - display: block; - line-height: 1; - } - } - - > .active, - > .next, - > .prev { display: block; } - - > .active { - left: 0; - } - - > .next, - > .prev { - position: absolute; - top: 0; - width: 100%; - } - - > .next { - left: 100%; - } - > .prev { - left: -100%; - } - > .next.left, - > .prev.right { - left: 0; - } - - > .active.left { - left: -100%; - } - > .active.right { - left: 100%; - } - -} - -// Left/right controls for nav -// --------------------------- - -.carousel-control { - position: absolute; - top: 40%; - left: 15px; - width: 40px; - height: 40px; - margin-top: -20px; - font-size: 60px; - font-weight: 100; - line-height: 30px; - color: @white; - text-align: center; - background: @grayDarker; - border: 3px solid @white; - .border-radius(23px); - .opacity(50); - - // we can't have this transition here - // because webkit cancels the carousel - // animation if you trip this while - // in the middle of another animation - // ;_; - // .transition(opacity .2s linear); - - // Reposition the right one - &.right { - left: auto; - right: 15px; - } - - // Hover/focus state - &:hover, - &:focus { - color: @white; - text-decoration: none; - .opacity(90); - } -} - -// Carousel indicator pips -// ----------------------------- -.carousel-indicators { - position: absolute; - top: 15px; - right: 15px; - z-index: 5; - margin: 0; - list-style: none; - - li { - display: block; - float: left; - width: 10px; - height: 10px; - margin-left: 5px; - text-indent: -999px; - background-color: #ccc; - background-color: rgba(255,255,255,.25); - border-radius: 5px; - } - .active { - background-color: #fff; - } -} - -// Caption for text below images -// ----------------------------- - -.carousel-caption { - position: absolute; - left: 0; - right: 0; - bottom: 0; - padding: 15px; - background: @grayDark; - background: rgba(0,0,0,.75); -} -.carousel-caption h4, -.carousel-caption p { - color: @white; - line-height: @baseLineHeight; -} -.carousel-caption h4 { - margin: 0 0 5px; -} -.carousel-caption p { - margin-bottom: 0; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/close.less b/openid-connect-server-webapp/src/main/webapp/less/close.less deleted file mode 100644 index 4c626bda6c..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/close.less +++ /dev/null @@ -1,32 +0,0 @@ -// -// Close icons -// -------------------------------------------------- - - -.close { - float: right; - font-size: 20px; - font-weight: bold; - line-height: @baseLineHeight; - color: @black; - text-shadow: 0 1px 0 rgba(255,255,255,1); - .opacity(20); - &:hover, - &:focus { - color: @black; - text-decoration: none; - cursor: pointer; - .opacity(40); - } -} - -// Additional properties for button version -// iOS requires the button element instead of an anchor tag. -// If you want the anchor version, it requires `href="#"`. -button.close { - padding: 0; - cursor: pointer; - background: transparent; - border: 0; - -webkit-appearance: none; -} \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/less/code.less b/openid-connect-server-webapp/src/main/webapp/less/code.less deleted file mode 100644 index 266a926e73..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/code.less +++ /dev/null @@ -1,61 +0,0 @@ -// -// Code (inline and blocK) -// -------------------------------------------------- - - -// Inline and block code styles -code, -pre { - padding: 0 3px 2px; - #font > #family > .monospace; - font-size: @baseFontSize - 2; - color: @grayDark; - .border-radius(3px); -} - -// Inline code -code { - padding: 2px 4px; - color: #d14; - background-color: #f7f7f9; - border: 1px solid #e1e1e8; - white-space: nowrap; -} - -// Blocks of code -pre { - display: block; - padding: (@baseLineHeight - 1) / 2; - margin: 0 0 @baseLineHeight / 2; - font-size: @baseFontSize - 1; // 14px to 13px - line-height: @baseLineHeight; - word-break: break-all; - word-wrap: break-word; - white-space: pre; - white-space: pre-wrap; - background-color: #f5f5f5; - border: 1px solid #ccc; // fallback for IE7-8 - border: 1px solid rgba(0,0,0,.15); - .border-radius(@baseBorderRadius); - - // Make prettyprint styles more spaced out for readability - &.prettyprint { - margin-bottom: @baseLineHeight; - } - - // Account for some code outputs that place code tags in pre tags - code { - padding: 0; - color: inherit; - white-space: pre; - white-space: pre-wrap; - background-color: transparent; - border: 0; - } -} - -// Enable scrollable blocks of code -.pre-scrollable { - max-height: 340px; - overflow-y: scroll; -} \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/less/component-animations.less b/openid-connect-server-webapp/src/main/webapp/less/component-animations.less deleted file mode 100644 index d614263a76..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/component-animations.less +++ /dev/null @@ -1,22 +0,0 @@ -// -// Component animations -// -------------------------------------------------- - - -.fade { - opacity: 0; - .transition(opacity .15s linear); - &.in { - opacity: 1; - } -} - -.collapse { - position: relative; - height: 0; - overflow: hidden; - .transition(height .35s ease); - &.in { - height: auto; - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/dropdowns.less b/openid-connect-server-webapp/src/main/webapp/less/dropdowns.less deleted file mode 100644 index 9e47b47151..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/dropdowns.less +++ /dev/null @@ -1,248 +0,0 @@ -// -// Dropdown menus -// -------------------------------------------------- - - -// Use the .menu class on any
  • element within the topbar or ul.tabs and you'll get some superfancy dropdowns -.dropup, -.dropdown { - position: relative; -} -.dropdown-toggle { - // The caret makes the toggle a bit too tall in IE7 - *margin-bottom: -3px; -} -.dropdown-toggle:active, -.open .dropdown-toggle { - outline: 0; -} - -// Dropdown arrow/caret -// -------------------- -.caret { - display: inline-block; - width: 0; - height: 0; - vertical-align: top; - border-top: 4px solid @black; - border-right: 4px solid transparent; - border-left: 4px solid transparent; - content: ""; -} - -// Place the caret -.dropdown .caret { - margin-top: 8px; - margin-left: 2px; -} - -// The dropdown menu (ul) -// ---------------------- -.dropdown-menu { - position: absolute; - top: 100%; - left: 0; - z-index: @zindexDropdown; - display: none; // none by default, but block on "open" of the menu - float: left; - min-width: 160px; - padding: 5px 0; - margin: 2px 0 0; // override default ul - list-style: none; - background-color: @dropdownBackground; - border: 1px solid #ccc; // Fallback for IE7-8 - border: 1px solid @dropdownBorder; - *border-right-width: 2px; - *border-bottom-width: 2px; - .border-radius(6px); - .box-shadow(0 5px 10px rgba(0,0,0,.2)); - -webkit-background-clip: padding-box; - -moz-background-clip: padding; - background-clip: padding-box; - - // Aligns the dropdown menu to right - &.pull-right { - right: 0; - left: auto; - } - - // Dividers (basically an hr) within the dropdown - .divider { - .nav-divider(@dropdownDividerTop, @dropdownDividerBottom); - } - - // Links within the dropdown menu - > li > a { - display: block; - padding: 3px 20px; - clear: both; - font-weight: normal; - line-height: @baseLineHeight; - color: @dropdownLinkColor; - white-space: nowrap; - } -} - -// Hover/Focus state -// ----------- -.dropdown-menu > li > a:hover, -.dropdown-menu > li > a:focus, -.dropdown-submenu:hover > a, -.dropdown-submenu:focus > a { - text-decoration: none; - color: @dropdownLinkColorHover; - #gradient > .vertical(@dropdownLinkBackgroundHover, darken(@dropdownLinkBackgroundHover, 5%)); -} - -// Active state -// ------------ -.dropdown-menu > .active > a, -.dropdown-menu > .active > a:hover, -.dropdown-menu > .active > a:focus { - color: @dropdownLinkColorActive; - text-decoration: none; - outline: 0; - #gradient > .vertical(@dropdownLinkBackgroundActive, darken(@dropdownLinkBackgroundActive, 5%)); -} - -// Disabled state -// -------------- -// Gray out text and ensure the hover/focus state remains gray -.dropdown-menu > .disabled > a, -.dropdown-menu > .disabled > a:hover, -.dropdown-menu > .disabled > a:focus { - color: @grayLight; -} -// Nuke hover/focus effects -.dropdown-menu > .disabled > a:hover, -.dropdown-menu > .disabled > a:focus { - text-decoration: none; - background-color: transparent; - background-image: none; // Remove CSS gradient - .reset-filter(); - cursor: default; -} - -// Open state for the dropdown -// --------------------------- -.open { - // IE7's z-index only goes to the nearest positioned ancestor, which would - // make the menu appear below buttons that appeared later on the page - *z-index: @zindexDropdown; - - & > .dropdown-menu { - display: block; - } -} - -// Backdrop to catch body clicks on mobile, etc. -// --------------------------- -.dropdown-backdrop { - position: fixed; - left: 0; - right: 0; - bottom: 0; - top: 0; - z-index: @zindexDropdown - 10; -} - -// Right aligned dropdowns -// --------------------------- -.pull-right > .dropdown-menu { - right: 0; - left: auto; -} - -// Allow for dropdowns to go bottom up (aka, dropup-menu) -// ------------------------------------------------------ -// Just add .dropup after the standard .dropdown class and you're set, bro. -// TODO: abstract this so that the navbar fixed styles are not placed here? -.dropup, -.navbar-fixed-bottom .dropdown { - // Reverse the caret - .caret { - border-top: 0; - border-bottom: 4px solid @black; - content: ""; - } - // Different positioning for bottom up menu - .dropdown-menu { - top: auto; - bottom: 100%; - margin-bottom: 1px; - } -} - -// Sub menus -// --------------------------- -.dropdown-submenu { - position: relative; -} -// Default dropdowns -.dropdown-submenu > .dropdown-menu { - top: 0; - left: 100%; - margin-top: -6px; - margin-left: -1px; - .border-radius(0 6px 6px 6px); -} -.dropdown-submenu:hover > .dropdown-menu { - display: block; -} - -// Dropups -.dropup .dropdown-submenu > .dropdown-menu { - top: auto; - bottom: 0; - margin-top: 0; - margin-bottom: -2px; - .border-radius(5px 5px 5px 0); -} - -// Caret to indicate there is a submenu -.dropdown-submenu > a:after { - display: block; - content: " "; - float: right; - width: 0; - height: 0; - border-color: transparent; - border-style: solid; - border-width: 5px 0 5px 5px; - border-left-color: darken(@dropdownBackground, 20%); - margin-top: 5px; - margin-right: -10px; -} -.dropdown-submenu:hover > a:after { - border-left-color: @dropdownLinkColorHover; -} - -// Left aligned submenus -.dropdown-submenu.pull-left { - // Undo the float - // Yes, this is awkward since .pull-left adds a float, but it sticks to our conventions elsewhere. - float: none; - - // Positioning the submenu - > .dropdown-menu { - left: -100%; - margin-left: 10px; - .border-radius(6px 0 6px 6px); - } -} - -// Tweak nav headers -// ----------------- -// Increase padding from 15px to 20px on sides -.dropdown .dropdown-menu .nav-header { - padding-left: 20px; - padding-right: 20px; -} - -// Typeahead -// --------- -.typeahead { - z-index: 1051; - margin-top: 2px; // give it some space to breathe - .border-radius(@baseBorderRadius); -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/forms.less b/openid-connect-server-webapp/src/main/webapp/less/forms.less deleted file mode 100644 index 06767bdd3e..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/forms.less +++ /dev/null @@ -1,690 +0,0 @@ -// -// Forms -// -------------------------------------------------- - - -// GENERAL STYLES -// -------------- - -// Make all forms have space below them -form { - margin: 0 0 @baseLineHeight; -} - -fieldset { - padding: 0; - margin: 0; - border: 0; -} - -// Groups of fields with labels on top (legends) -legend { - display: block; - width: 100%; - padding: 0; - margin-bottom: @baseLineHeight; - font-size: @baseFontSize * 1.5; - line-height: @baseLineHeight * 2; - color: @grayDark; - border: 0; - border-bottom: 1px solid #e5e5e5; - - // Small - small { - font-size: @baseLineHeight * .75; - color: @grayLight; - } -} - -// Set font for forms -label, -input, -button, -select, -textarea { - #font > .shorthand(@baseFontSize,normal,@baseLineHeight); // Set size, weight, line-height here -} -input, -button, -select, -textarea { - font-family: @baseFontFamily; // And only set font-family here for those that need it (note the missing label element) -} - -// Identify controls by their labels -label { - display: block; - margin-bottom: 5px; -} - -// Form controls -// ------------------------- - -// Shared size and type resets -select, -textarea, -input[type="text"], -input[type="password"], -input[type="datetime"], -input[type="datetime-local"], -input[type="date"], -input[type="month"], -input[type="time"], -input[type="week"], -input[type="number"], -input[type="email"], -input[type="url"], -input[type="search"], -input[type="tel"], -input[type="color"], -.uneditable-input { - display: inline-block; - height: @baseLineHeight; - padding: 4px 6px; - margin-bottom: @baseLineHeight / 2; - font-size: @baseFontSize; - line-height: @baseLineHeight; - color: @gray; - .border-radius(@inputBorderRadius); - vertical-align: middle; -} - -// Reset appearance properties for textual inputs and textarea -// Declare width for legacy (can't be on input[type=*] selectors or it's too specific) -input, -textarea, -.uneditable-input { - width: 206px; // plus 12px padding and 2px border -} -// Reset height since textareas have rows -textarea { - height: auto; -} -// Everything else -textarea, -input[type="text"], -input[type="password"], -input[type="datetime"], -input[type="datetime-local"], -input[type="date"], -input[type="month"], -input[type="time"], -input[type="week"], -input[type="number"], -input[type="email"], -input[type="url"], -input[type="search"], -input[type="tel"], -input[type="color"], -.uneditable-input { - background-color: @inputBackground; - border: 1px solid @inputBorder; - .box-shadow(inset 0 1px 1px rgba(0,0,0,.075)); - .transition(~"border linear .2s, box-shadow linear .2s"); - - // Focus state - &:focus { - border-color: rgba(82,168,236,.8); - outline: 0; - outline: thin dotted \9; /* IE6-9 */ - .box-shadow(~"inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(82,168,236,.6)"); - } -} - -// Position radios and checkboxes better -input[type="radio"], -input[type="checkbox"] { - margin: 4px 0 0; - *margin-top: 0; /* IE7 */ - margin-top: 1px \9; /* IE8-9 */ - line-height: normal; -} - -// Reset width of input images, buttons, radios, checkboxes -input[type="file"], -input[type="image"], -input[type="submit"], -input[type="reset"], -input[type="button"], -input[type="radio"], -input[type="checkbox"] { - width: auto; // Override of generic input selector -} - -// Set the height of select and file controls to match text inputs -select, -input[type="file"] { - height: @inputHeight; /* In IE7, the height of the select element cannot be changed by height, only font-size */ - *margin-top: 4px; /* For IE7, add top margin to align select with labels */ - line-height: @inputHeight; -} - -// Make select elements obey height by applying a border -select { - width: 220px; // default input width + 10px of padding that doesn't get applied - border: 1px solid @inputBorder; - background-color: @inputBackground; // Chrome on Linux and Mobile Safari need background-color -} - -// Make multiple select elements height not fixed -select[multiple], -select[size] { - height: auto; -} - -// Focus for select, file, radio, and checkbox -select:focus, -input[type="file"]:focus, -input[type="radio"]:focus, -input[type="checkbox"]:focus { - .tab-focus(); -} - - -// Uneditable inputs -// ------------------------- - -// Make uneditable inputs look inactive -.uneditable-input, -.uneditable-textarea { - color: @grayLight; - background-color: darken(@inputBackground, 1%); - border-color: @inputBorder; - .box-shadow(inset 0 1px 2px rgba(0,0,0,.025)); - cursor: not-allowed; -} - -// For text that needs to appear as an input but should not be an input -.uneditable-input { - overflow: hidden; // prevent text from wrapping, but still cut it off like an input does - white-space: nowrap; -} - -// Make uneditable textareas behave like a textarea -.uneditable-textarea { - width: auto; - height: auto; -} - - -// Placeholder -// ------------------------- - -// Placeholder text gets special styles because when browsers invalidate entire lines if it doesn't understand a selector -input, -textarea { - .placeholder(); -} - - -// CHECKBOXES & RADIOS -// ------------------- - -// Indent the labels to position radios/checkboxes as hanging -.radio, -.checkbox { - min-height: @baseLineHeight; // clear the floating input if there is no label text - padding-left: 20px; -} -.radio input[type="radio"], -.checkbox input[type="checkbox"] { - float: left; - margin-left: -20px; -} - -// Move the options list down to align with labels -.controls > .radio:first-child, -.controls > .checkbox:first-child { - padding-top: 5px; // has to be padding because margin collaspes -} - -// Radios and checkboxes on same line -// TODO v3: Convert .inline to .control-inline -.radio.inline, -.checkbox.inline { - display: inline-block; - padding-top: 5px; - margin-bottom: 0; - vertical-align: middle; -} -.radio.inline + .radio.inline, -.checkbox.inline + .checkbox.inline { - margin-left: 10px; // space out consecutive inline controls -} - - - -// INPUT SIZES -// ----------- - -// General classes for quick sizes -.input-mini { width: 60px; } -.input-small { width: 90px; } -.input-medium { width: 150px; } -.input-large { width: 210px; } -.input-xlarge { width: 270px; } -.input-xxlarge { width: 530px; } - -// Grid style input sizes -input[class*="span"], -select[class*="span"], -textarea[class*="span"], -.uneditable-input[class*="span"], -// Redeclare since the fluid row class is more specific -.row-fluid input[class*="span"], -.row-fluid select[class*="span"], -.row-fluid textarea[class*="span"], -.row-fluid .uneditable-input[class*="span"] { - float: none; - margin-left: 0; -} -// Ensure input-prepend/append never wraps -.input-append input[class*="span"], -.input-append .uneditable-input[class*="span"], -.input-prepend input[class*="span"], -.input-prepend .uneditable-input[class*="span"], -.row-fluid input[class*="span"], -.row-fluid select[class*="span"], -.row-fluid textarea[class*="span"], -.row-fluid .uneditable-input[class*="span"], -.row-fluid .input-prepend [class*="span"], -.row-fluid .input-append [class*="span"] { - display: inline-block; -} - - - -// GRID SIZING FOR INPUTS -// ---------------------- - -// Grid sizes -#grid > .input(@gridColumnWidth, @gridGutterWidth); - -// Control row for multiple inputs per line -.controls-row { - .clearfix(); // Clear the float from controls -} - -// Float to collapse white-space for proper grid alignment -.controls-row [class*="span"], -// Redeclare the fluid grid collapse since we undo the float for inputs -.row-fluid .controls-row [class*="span"] { - float: left; -} -// Explicity set top padding on all checkboxes/radios, not just first-child -.controls-row .checkbox[class*="span"], -.controls-row .radio[class*="span"] { - padding-top: 5px; -} - - - - -// DISABLED STATE -// -------------- - -// Disabled and read-only inputs -input[disabled], -select[disabled], -textarea[disabled], -input[readonly], -select[readonly], -textarea[readonly] { - cursor: not-allowed; - background-color: @inputDisabledBackground; -} -// Explicitly reset the colors here -input[type="radio"][disabled], -input[type="checkbox"][disabled], -input[type="radio"][readonly], -input[type="checkbox"][readonly] { - background-color: transparent; -} - - - - -// FORM FIELD FEEDBACK STATES -// -------------------------- - -// Warning -.control-group.warning { - .formFieldState(@warningText, @warningText, @warningBackground); -} -// Error -.control-group.error { - .formFieldState(@errorText, @errorText, @errorBackground); -} -// Success -.control-group.success { - .formFieldState(@successText, @successText, @successBackground); -} -// Success -.control-group.info { - .formFieldState(@infoText, @infoText, @infoBackground); -} - -// HTML5 invalid states -// Shares styles with the .control-group.error above -input:focus:invalid, -textarea:focus:invalid, -select:focus:invalid { - color: #b94a48; - border-color: #ee5f5b; - &:focus { - border-color: darken(#ee5f5b, 10%); - @shadow: 0 0 6px lighten(#ee5f5b, 20%); - .box-shadow(@shadow); - } -} - - - -// FORM ACTIONS -// ------------ - -.form-actions { - padding: (@baseLineHeight - 1) 20px @baseLineHeight; - margin-top: @baseLineHeight; - margin-bottom: @baseLineHeight; - background-color: @formActionsBackground; - border-top: 1px solid #e5e5e5; - .clearfix(); // Adding clearfix to allow for .pull-right button containers -} - - - -// HELP TEXT -// --------- - -.help-block, -.help-inline { - color: lighten(@textColor, 15%); // lighten the text some for contrast -} - -.help-block { - display: block; // account for any element using help-block - margin-bottom: @baseLineHeight / 2; -} - -.help-inline { - display: inline-block; - .ie7-inline-block(); - vertical-align: middle; - padding-left: 5px; -} - - - -// INPUT GROUPS -// ------------ - -// Allow us to put symbols and text within the input field for a cleaner look -.input-append, -.input-prepend { - display: inline-block; - margin-bottom: @baseLineHeight / 2; - vertical-align: middle; - font-size: 0; // white space collapse hack - white-space: nowrap; // Prevent span and input from separating - - // Reset the white space collapse hack - input, - select, - .uneditable-input, - .dropdown-menu, - .popover { - font-size: @baseFontSize; - } - - input, - select, - .uneditable-input { - position: relative; // placed here by default so that on :focus we can place the input above the .add-on for full border and box-shadow goodness - margin-bottom: 0; // prevent bottom margin from screwing up alignment in stacked forms - *margin-left: 0; - vertical-align: top; - .border-radius(0 @inputBorderRadius @inputBorderRadius 0); - // Make input on top when focused so blue border and shadow always show - &:focus { - z-index: 2; - } - } - .add-on { - display: inline-block; - width: auto; - height: @baseLineHeight; - min-width: 16px; - padding: 4px 5px; - font-size: @baseFontSize; - font-weight: normal; - line-height: @baseLineHeight; - text-align: center; - text-shadow: 0 1px 0 @white; - background-color: @grayLighter; - border: 1px solid #ccc; - } - .add-on, - .btn, - .btn-group > .dropdown-toggle { - vertical-align: top; - .border-radius(0); - } - .active { - background-color: lighten(@green, 30); - border-color: @green; - } -} - -.input-prepend { - .add-on, - .btn { - margin-right: -1px; - } - .add-on:first-child, - .btn:first-child { - // FYI, `.btn:first-child` accounts for a button group that's prepended - .border-radius(@inputBorderRadius 0 0 @inputBorderRadius); - } -} - -.input-append { - input, - select, - .uneditable-input { - .border-radius(@inputBorderRadius 0 0 @inputBorderRadius); - + .btn-group .btn:last-child { - .border-radius(0 @inputBorderRadius @inputBorderRadius 0); - } - } - .add-on, - .btn, - .btn-group { - margin-left: -1px; - } - .add-on:last-child, - .btn:last-child, - .btn-group:last-child > .dropdown-toggle { - .border-radius(0 @inputBorderRadius @inputBorderRadius 0); - } -} - -// Remove all border-radius for inputs with both prepend and append -.input-prepend.input-append { - input, - select, - .uneditable-input { - .border-radius(0); - + .btn-group .btn { - .border-radius(0 @inputBorderRadius @inputBorderRadius 0); - } - } - .add-on:first-child, - .btn:first-child { - margin-right: -1px; - .border-radius(@inputBorderRadius 0 0 @inputBorderRadius); - } - .add-on:last-child, - .btn:last-child { - margin-left: -1px; - .border-radius(0 @inputBorderRadius @inputBorderRadius 0); - } - .btn-group:first-child { - margin-left: 0; - } -} - - - - -// SEARCH FORM -// ----------- - -input.search-query { - padding-right: 14px; - padding-right: 4px \9; - padding-left: 14px; - padding-left: 4px \9; /* IE7-8 doesn't have border-radius, so don't indent the padding */ - margin-bottom: 0; // Remove the default margin on all inputs - .border-radius(15px); -} - -/* Allow for input prepend/append in search forms */ -.form-search .input-append .search-query, -.form-search .input-prepend .search-query { - .border-radius(0); // Override due to specificity -} -.form-search .input-append .search-query { - .border-radius(14px 0 0 14px); -} -.form-search .input-append .btn { - .border-radius(0 14px 14px 0); -} -.form-search .input-prepend .search-query { - .border-radius(0 14px 14px 0); -} -.form-search .input-prepend .btn { - .border-radius(14px 0 0 14px); -} - - - - -// HORIZONTAL & VERTICAL FORMS -// --------------------------- - -// Common properties -// ----------------- - -.form-search, -.form-inline, -.form-horizontal { - input, - textarea, - select, - .help-inline, - .uneditable-input, - .input-prepend, - .input-append { - display: inline-block; - .ie7-inline-block(); - margin-bottom: 0; - vertical-align: middle; - } - // Re-hide hidden elements due to specifity - .hide { - display: none; - } -} -.form-search label, -.form-inline label, -.form-search .btn-group, -.form-inline .btn-group { - display: inline-block; -} -// Remove margin for input-prepend/-append -.form-search .input-append, -.form-inline .input-append, -.form-search .input-prepend, -.form-inline .input-prepend { - margin-bottom: 0; -} -// Inline checkbox/radio labels (remove padding on left) -.form-search .radio, -.form-search .checkbox, -.form-inline .radio, -.form-inline .checkbox { - padding-left: 0; - margin-bottom: 0; - vertical-align: middle; -} -// Remove float and margin, set to inline-block -.form-search .radio input[type="radio"], -.form-search .checkbox input[type="checkbox"], -.form-inline .radio input[type="radio"], -.form-inline .checkbox input[type="checkbox"] { - float: left; - margin-right: 3px; - margin-left: 0; -} - - -// Margin to space out fieldsets -.control-group { - margin-bottom: @baseLineHeight / 2; -} - -// Legend collapses margin, so next element is responsible for spacing -legend + .control-group { - margin-top: @baseLineHeight; - -webkit-margin-top-collapse: separate; -} - -// Horizontal-specific styles -// -------------------------- - -.form-horizontal { - // Increase spacing between groups - .control-group { - margin-bottom: @baseLineHeight; - .clearfix(); - } - // Float the labels left - .control-label { - float: left; - width: @horizontalComponentOffset - 20; - padding-top: 5px; - text-align: right; - } - // Move over all input controls and content - .controls { - // Super jank IE7 fix to ensure the inputs in .input-append and input-prepend - // don't inherit the margin of the parent, in this case .controls - *display: inline-block; - *padding-left: 20px; - margin-left: @horizontalComponentOffset; - *margin-left: 0; - &:first-child { - *padding-left: @horizontalComponentOffset; - } - } - // Remove bottom margin on block level help text since that's accounted for on .control-group - .help-block { - margin-bottom: 0; - } - // And apply it only to .help-block instances that follow a form control - input, - select, - textarea, - .uneditable-input, - .input-prepend, - .input-append { - + .help-block { - margin-top: @baseLineHeight / 2; - } - } - // Move over buttons in .form-actions to align with .controls - .form-actions { - padding-left: @horizontalComponentOffset; - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/grid.less b/openid-connect-server-webapp/src/main/webapp/less/grid.less deleted file mode 100644 index 750d203514..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/grid.less +++ /dev/null @@ -1,21 +0,0 @@ -// -// Grid system -// -------------------------------------------------- - - -// Fixed (940px) -#grid > .core(@gridColumnWidth, @gridGutterWidth); - -// Fluid (940px) -#grid > .fluid(@fluidGridColumnWidth, @fluidGridGutterWidth); - -// Reset utility classes due to specificity -[class*="span"].hide, -.row-fluid [class*="span"].hide { - display: none; -} - -[class*="span"].pull-right, -.row-fluid [class*="span"].pull-right { - float: right; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/hero-unit.less b/openid-connect-server-webapp/src/main/webapp/less/hero-unit.less deleted file mode 100644 index 763d86aeee..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/hero-unit.less +++ /dev/null @@ -1,25 +0,0 @@ -// -// Hero unit -// -------------------------------------------------- - - -.hero-unit { - padding: 60px; - margin-bottom: 30px; - font-size: 18px; - font-weight: 200; - line-height: @baseLineHeight * 1.5; - color: @heroUnitLeadColor; - background-color: @heroUnitBackground; - .border-radius(6px); - h1 { - margin-bottom: 0; - font-size: 60px; - line-height: 1; - color: @heroUnitHeadingColor; - letter-spacing: -1px; - } - li { - line-height: @baseLineHeight * 1.5; // Reset since we specify in type.less - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/labels-badges.less b/openid-connect-server-webapp/src/main/webapp/less/labels-badges.less deleted file mode 100644 index bc321fe5c1..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/labels-badges.less +++ /dev/null @@ -1,84 +0,0 @@ -// -// Labels and badges -// -------------------------------------------------- - - -// Base classes -.label, -.badge { - display: inline-block; - padding: 2px 4px; - font-size: @baseFontSize * .846; - font-weight: bold; - line-height: 14px; // ensure proper line-height if floated - color: @white; - vertical-align: baseline; - white-space: nowrap; - text-shadow: 0 -1px 0 rgba(0,0,0,.25); - background-color: @grayLight; -} -// Set unique padding and border-radii -.label { - .border-radius(3px); -} -.badge { - padding-left: 9px; - padding-right: 9px; - .border-radius(9px); -} - -// Empty labels/badges collapse -.label, -.badge { - &:empty { - display: none; - } -} - -// Hover/focus state, but only for links -a { - &.label:hover, - &.label:focus, - &.badge:hover, - &.badge:focus { - color: @white; - text-decoration: none; - cursor: pointer; - } -} - -// Colors -// Only give background-color difference to links (and to simplify, we don't qualifty with `a` but [href] attribute) -.label, -.badge { - // Important (red) - &-important { background-color: @errorText; } - &-important[href] { background-color: darken(@errorText, 10%); } - // Warnings (orange) - &-warning { background-color: @orange; } - &-warning[href] { background-color: darken(@orange, 10%); } - // Success (green) - &-success { background-color: @successText; } - &-success[href] { background-color: darken(@successText, 10%); } - // Info (turquoise) - &-info { background-color: @infoText; } - &-info[href] { background-color: darken(@infoText, 10%); } - // Inverse (black) - &-inverse { background-color: @grayDark; } - &-inverse[href] { background-color: darken(@grayDark, 10%); } -} - -// Quick fix for labels/badges in buttons -.btn { - .label, - .badge { - position: relative; - top: -1px; - } -} -.btn-mini { - .label, - .badge { - top: 0; - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/layouts.less b/openid-connect-server-webapp/src/main/webapp/less/layouts.less deleted file mode 100644 index 24a2062117..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/layouts.less +++ /dev/null @@ -1,16 +0,0 @@ -// -// Layouts -// -------------------------------------------------- - - -// Container (centered, fixed-width layouts) -.container { - .container-fixed(); -} - -// Fluid layouts (left aligned, with sidebar, min- & max-width content) -.container-fluid { - padding-right: @gridGutterWidth; - padding-left: @gridGutterWidth; - .clearfix(); -} \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/less/media.less b/openid-connect-server-webapp/src/main/webapp/less/media.less deleted file mode 100644 index e461e446d2..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/media.less +++ /dev/null @@ -1,55 +0,0 @@ -// Media objects -// Source: http://stubbornella.org/content/?p=497 -// -------------------------------------------------- - - -// Common styles -// ------------------------- - -// Clear the floats -.media, -.media-body { - overflow: hidden; - *overflow: visible; - zoom: 1; -} - -// Proper spacing between instances of .media -.media, -.media .media { - margin-top: 15px; -} -.media:first-child { - margin-top: 0; -} - -// For images and videos, set to block -.media-object { - display: block; -} - -// Reset margins on headings for tighter default spacing -.media-heading { - margin: 0 0 5px; -} - - -// Media image alignment -// ------------------------- - -.media > .pull-left { - margin-right: 10px; -} -.media > .pull-right { - margin-left: 10px; -} - - -// Media list variation -// ------------------------- - -// Undo default ul/ol styles -.media-list { - margin-left: 0; - list-style: none; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/mixins.less b/openid-connect-server-webapp/src/main/webapp/less/mixins.less deleted file mode 100644 index 857561e9a0..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/mixins.less +++ /dev/null @@ -1,702 +0,0 @@ -// -// Mixins -// -------------------------------------------------- - - -// UTILITY MIXINS -// -------------------------------------------------- - -// Clearfix -// -------- -// For clearing floats like a boss h5bp.com/q -.clearfix { - *zoom: 1; - &:before, - &:after { - display: table; - content: ""; - // Fixes Opera/contenteditable bug: - // http://nicolasgallagher.com/micro-clearfix-hack/#comment-36952 - line-height: 0; - } - &:after { - clear: both; - } -} - -// Webkit-style focus -// ------------------ -.tab-focus() { - // Default - outline: thin dotted #333; - // Webkit - outline: 5px auto -webkit-focus-ring-color; - outline-offset: -2px; -} - -// Center-align a block level element -// ---------------------------------- -.center-block() { - display: block; - margin-left: auto; - margin-right: auto; -} - -// IE7 inline-block -// ---------------- -.ie7-inline-block() { - *display: inline; /* IE7 inline-block hack */ - *zoom: 1; -} - -// IE7 likes to collapse whitespace on either side of the inline-block elements. -// Ems because we're attempting to match the width of a space character. Left -// version is for form buttons, which typically come after other elements, and -// right version is for icons, which come before. Applying both is ok, but it will -// mean that space between those elements will be .6em (~2 space characters) in IE7, -// instead of the 1 space in other browsers. -.ie7-restore-left-whitespace() { - *margin-left: .3em; - - &:first-child { - *margin-left: 0; - } -} - -.ie7-restore-right-whitespace() { - *margin-right: .3em; -} - -// Sizing shortcuts -// ------------------------- -.size(@height, @width) { - width: @width; - height: @height; -} -.square(@size) { - .size(@size, @size); -} - -// Placeholder text -// ------------------------- -.placeholder(@color: @placeholderText) { - &:-moz-placeholder { - color: @color; - } - &:-ms-input-placeholder { - color: @color; - } - &::-webkit-input-placeholder { - color: @color; - } -} - -// Text overflow -// ------------------------- -// Requires inline-block or block for proper styling -.text-overflow() { - overflow: hidden; - text-overflow: ellipsis; - white-space: nowrap; -} - -// CSS image replacement -// ------------------------- -// Source: https://github.com/h5bp/html5-boilerplate/commit/aa0396eae757 -.hide-text { - font: 0/0 a; - color: transparent; - text-shadow: none; - background-color: transparent; - border: 0; -} - - -// FONTS -// -------------------------------------------------- - -#font { - #family { - .serif() { - font-family: @serifFontFamily; - } - .sans-serif() { - font-family: @sansFontFamily; - } - .monospace() { - font-family: @monoFontFamily; - } - } - .shorthand(@size: @baseFontSize, @weight: normal, @lineHeight: @baseLineHeight) { - font-size: @size; - font-weight: @weight; - line-height: @lineHeight; - } - .serif(@size: @baseFontSize, @weight: normal, @lineHeight: @baseLineHeight) { - #font > #family > .serif; - #font > .shorthand(@size, @weight, @lineHeight); - } - .sans-serif(@size: @baseFontSize, @weight: normal, @lineHeight: @baseLineHeight) { - #font > #family > .sans-serif; - #font > .shorthand(@size, @weight, @lineHeight); - } - .monospace(@size: @baseFontSize, @weight: normal, @lineHeight: @baseLineHeight) { - #font > #family > .monospace; - #font > .shorthand(@size, @weight, @lineHeight); - } -} - - -// FORMS -// -------------------------------------------------- - -// Block level inputs -.input-block-level { - display: block; - width: 100%; - min-height: @inputHeight; // Make inputs at least the height of their button counterpart (base line-height + padding + border) - .box-sizing(border-box); // Makes inputs behave like true block-level elements -} - - - -// Mixin for form field states -.formFieldState(@textColor: #555, @borderColor: #ccc, @backgroundColor: #f5f5f5) { - // Set the text color - .control-label, - .help-block, - .help-inline { - color: @textColor; - } - // Style inputs accordingly - .checkbox, - .radio, - input, - select, - textarea { - color: @textColor; - } - input, - select, - textarea { - border-color: @borderColor; - .box-shadow(inset 0 1px 1px rgba(0,0,0,.075)); // Redeclare so transitions work - &:focus { - border-color: darken(@borderColor, 10%); - @shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 6px lighten(@borderColor, 20%); - .box-shadow(@shadow); - } - } - // Give a small background color for input-prepend/-append - .input-prepend .add-on, - .input-append .add-on { - color: @textColor; - background-color: @backgroundColor; - border-color: @textColor; - } -} - - - -// CSS3 PROPERTIES -// -------------------------------------------------- - -// Border Radius -.border-radius(@radius) { - -webkit-border-radius: @radius; - -moz-border-radius: @radius; - border-radius: @radius; -} - -// Single Corner Border Radius -.border-top-left-radius(@radius) { - -webkit-border-top-left-radius: @radius; - -moz-border-radius-topleft: @radius; - border-top-left-radius: @radius; -} -.border-top-right-radius(@radius) { - -webkit-border-top-right-radius: @radius; - -moz-border-radius-topright: @radius; - border-top-right-radius: @radius; -} -.border-bottom-right-radius(@radius) { - -webkit-border-bottom-right-radius: @radius; - -moz-border-radius-bottomright: @radius; - border-bottom-right-radius: @radius; -} -.border-bottom-left-radius(@radius) { - -webkit-border-bottom-left-radius: @radius; - -moz-border-radius-bottomleft: @radius; - border-bottom-left-radius: @radius; -} - -// Single Side Border Radius -.border-top-radius(@radius) { - .border-top-right-radius(@radius); - .border-top-left-radius(@radius); -} -.border-right-radius(@radius) { - .border-top-right-radius(@radius); - .border-bottom-right-radius(@radius); -} -.border-bottom-radius(@radius) { - .border-bottom-right-radius(@radius); - .border-bottom-left-radius(@radius); -} -.border-left-radius(@radius) { - .border-top-left-radius(@radius); - .border-bottom-left-radius(@radius); -} - -// Drop shadows -.box-shadow(@shadow) { - -webkit-box-shadow: @shadow; - -moz-box-shadow: @shadow; - box-shadow: @shadow; -} - -// Transitions -.transition(@transition) { - -webkit-transition: @transition; - -moz-transition: @transition; - -o-transition: @transition; - transition: @transition; -} -.transition-delay(@transition-delay) { - -webkit-transition-delay: @transition-delay; - -moz-transition-delay: @transition-delay; - -o-transition-delay: @transition-delay; - transition-delay: @transition-delay; -} -.transition-duration(@transition-duration) { - -webkit-transition-duration: @transition-duration; - -moz-transition-duration: @transition-duration; - -o-transition-duration: @transition-duration; - transition-duration: @transition-duration; -} - -// Transformations -.rotate(@degrees) { - -webkit-transform: rotate(@degrees); - -moz-transform: rotate(@degrees); - -ms-transform: rotate(@degrees); - -o-transform: rotate(@degrees); - transform: rotate(@degrees); -} -.scale(@ratio) { - -webkit-transform: scale(@ratio); - -moz-transform: scale(@ratio); - -ms-transform: scale(@ratio); - -o-transform: scale(@ratio); - transform: scale(@ratio); -} -.translate(@x, @y) { - -webkit-transform: translate(@x, @y); - -moz-transform: translate(@x, @y); - -ms-transform: translate(@x, @y); - -o-transform: translate(@x, @y); - transform: translate(@x, @y); -} -.skew(@x, @y) { - -webkit-transform: skew(@x, @y); - -moz-transform: skew(@x, @y); - -ms-transform: skewX(@x) skewY(@y); // See https://github.com/twbs/bootstrap/issues/4885 - -o-transform: skew(@x, @y); - transform: skew(@x, @y); - -webkit-backface-visibility: hidden; // See https://github.com/twbs/bootstrap/issues/5319 -} -.translate3d(@x, @y, @z) { - -webkit-transform: translate3d(@x, @y, @z); - -moz-transform: translate3d(@x, @y, @z); - -o-transform: translate3d(@x, @y, @z); - transform: translate3d(@x, @y, @z); -} - -// Backface visibility -// Prevent browsers from flickering when using CSS 3D transforms. -// Default value is `visible`, but can be changed to `hidden -// See git pull https://github.com/dannykeane/bootstrap.git backface-visibility for examples -.backface-visibility(@visibility){ - -webkit-backface-visibility: @visibility; - -moz-backface-visibility: @visibility; - backface-visibility: @visibility; -} - -// Background clipping -// Heads up: FF 3.6 and under need "padding" instead of "padding-box" -.background-clip(@clip) { - -webkit-background-clip: @clip; - -moz-background-clip: @clip; - background-clip: @clip; -} - -// Background sizing -.background-size(@size) { - -webkit-background-size: @size; - -moz-background-size: @size; - -o-background-size: @size; - background-size: @size; -} - - -// Box sizing -.box-sizing(@boxmodel) { - -webkit-box-sizing: @boxmodel; - -moz-box-sizing: @boxmodel; - box-sizing: @boxmodel; -} - -// User select -// For selecting text on the page -.user-select(@select) { - -webkit-user-select: @select; - -moz-user-select: @select; - -ms-user-select: @select; - -o-user-select: @select; - user-select: @select; -} - -// Resize anything -.resizable(@direction) { - resize: @direction; // Options: horizontal, vertical, both - overflow: auto; // Safari fix -} - -// CSS3 Content Columns -.content-columns(@columnCount, @columnGap: @gridGutterWidth) { - -webkit-column-count: @columnCount; - -moz-column-count: @columnCount; - column-count: @columnCount; - -webkit-column-gap: @columnGap; - -moz-column-gap: @columnGap; - column-gap: @columnGap; -} - -// Optional hyphenation -.hyphens(@mode: auto) { - word-wrap: break-word; - -webkit-hyphens: @mode; - -moz-hyphens: @mode; - -ms-hyphens: @mode; - -o-hyphens: @mode; - hyphens: @mode; -} - -// Opacity -.opacity(@opacity) { - opacity: @opacity / 100; - filter: ~"alpha(opacity=@{opacity})"; -} - - - -// BACKGROUNDS -// -------------------------------------------------- - -// Add an alphatransparency value to any background or border color (via Elyse Holladay) -#translucent { - .background(@color: @white, @alpha: 1) { - background-color: hsla(hue(@color), saturation(@color), lightness(@color), @alpha); - } - .border(@color: @white, @alpha: 1) { - border-color: hsla(hue(@color), saturation(@color), lightness(@color), @alpha); - .background-clip(padding-box); - } -} - -// Gradient Bar Colors for buttons and alerts -.gradientBar(@primaryColor, @secondaryColor, @textColor: #fff, @textShadow: 0 -1px 0 rgba(0,0,0,.25)) { - color: @textColor; - text-shadow: @textShadow; - #gradient > .vertical(@primaryColor, @secondaryColor); - border-color: @secondaryColor @secondaryColor darken(@secondaryColor, 15%); - border-color: rgba(0,0,0,.1) rgba(0,0,0,.1) fadein(rgba(0,0,0,.1), 15%); -} - -// Gradients -#gradient { - .horizontal(@startColor: #555, @endColor: #333) { - background-color: @endColor; - background-image: -moz-linear-gradient(left, @startColor, @endColor); // FF 3.6+ - background-image: -webkit-gradient(linear, 0 0, 100% 0, from(@startColor), to(@endColor)); // Safari 4+, Chrome 2+ - background-image: -webkit-linear-gradient(left, @startColor, @endColor); // Safari 5.1+, Chrome 10+ - background-image: -o-linear-gradient(left, @startColor, @endColor); // Opera 11.10 - background-image: linear-gradient(to right, @startColor, @endColor); // Standard, IE10 - background-repeat: repeat-x; - filter: e(%("progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=1)",argb(@startColor),argb(@endColor))); // IE9 and down - } - .vertical(@startColor: #555, @endColor: #333) { - background-color: mix(@startColor, @endColor, 60%); - background-image: -moz-linear-gradient(top, @startColor, @endColor); // FF 3.6+ - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(@startColor), to(@endColor)); // Safari 4+, Chrome 2+ - background-image: -webkit-linear-gradient(top, @startColor, @endColor); // Safari 5.1+, Chrome 10+ - background-image: -o-linear-gradient(top, @startColor, @endColor); // Opera 11.10 - background-image: linear-gradient(to bottom, @startColor, @endColor); // Standard, IE10 - background-repeat: repeat-x; - filter: e(%("progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=0)",argb(@startColor),argb(@endColor))); // IE9 and down - } - .directional(@startColor: #555, @endColor: #333, @deg: 45deg) { - background-color: @endColor; - background-repeat: repeat-x; - background-image: -moz-linear-gradient(@deg, @startColor, @endColor); // FF 3.6+ - background-image: -webkit-linear-gradient(@deg, @startColor, @endColor); // Safari 5.1+, Chrome 10+ - background-image: -o-linear-gradient(@deg, @startColor, @endColor); // Opera 11.10 - background-image: linear-gradient(@deg, @startColor, @endColor); // Standard, IE10 - } - .horizontal-three-colors(@startColor: #00b3ee, @midColor: #7a43b6, @colorStop: 50%, @endColor: #c3325f) { - background-color: mix(@midColor, @endColor, 80%); - background-image: -webkit-gradient(left, linear, 0 0, 0 100%, from(@startColor), color-stop(@colorStop, @midColor), to(@endColor)); - background-image: -webkit-linear-gradient(left, @startColor, @midColor @colorStop, @endColor); - background-image: -moz-linear-gradient(left, @startColor, @midColor @colorStop, @endColor); - background-image: -o-linear-gradient(left, @startColor, @midColor @colorStop, @endColor); - background-image: linear-gradient(to right, @startColor, @midColor @colorStop, @endColor); - background-repeat: no-repeat; - filter: e(%("progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=0)",argb(@startColor),argb(@endColor))); // IE9 and down, gets no color-stop at all for proper fallback - } - - .vertical-three-colors(@startColor: #00b3ee, @midColor: #7a43b6, @colorStop: 50%, @endColor: #c3325f) { - background-color: mix(@midColor, @endColor, 80%); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(@startColor), color-stop(@colorStop, @midColor), to(@endColor)); - background-image: -webkit-linear-gradient(@startColor, @midColor @colorStop, @endColor); - background-image: -moz-linear-gradient(top, @startColor, @midColor @colorStop, @endColor); - background-image: -o-linear-gradient(@startColor, @midColor @colorStop, @endColor); - background-image: linear-gradient(@startColor, @midColor @colorStop, @endColor); - background-repeat: no-repeat; - filter: e(%("progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=0)",argb(@startColor),argb(@endColor))); // IE9 and down, gets no color-stop at all for proper fallback - } - .radial(@innerColor: #555, @outerColor: #333) { - background-color: @outerColor; - background-image: -webkit-gradient(radial, center center, 0, center center, 460, from(@innerColor), to(@outerColor)); - background-image: -webkit-radial-gradient(circle, @innerColor, @outerColor); - background-image: -moz-radial-gradient(circle, @innerColor, @outerColor); - background-image: -o-radial-gradient(circle, @innerColor, @outerColor); - background-repeat: no-repeat; - } - .striped(@color: #555, @angle: 45deg) { - background-color: @color; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(.25, rgba(255,255,255,.15)), color-stop(.25, transparent), color-stop(.5, transparent), color-stop(.5, rgba(255,255,255,.15)), color-stop(.75, rgba(255,255,255,.15)), color-stop(.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(@angle, rgba(255,255,255,.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,.15) 50%, rgba(255,255,255,.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(@angle, rgba(255,255,255,.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,.15) 50%, rgba(255,255,255,.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(@angle, rgba(255,255,255,.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,.15) 50%, rgba(255,255,255,.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(@angle, rgba(255,255,255,.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,.15) 50%, rgba(255,255,255,.15) 75%, transparent 75%, transparent); - } -} -// Reset filters for IE -.reset-filter() { - filter: e(%("progid:DXImageTransform.Microsoft.gradient(enabled = false)")); -} - - - -// COMPONENT MIXINS -// -------------------------------------------------- - -// Horizontal dividers -// ------------------------- -// Dividers (basically an hr) within dropdowns and nav lists -.nav-divider(@top: #e5e5e5, @bottom: @white) { - // IE7 needs a set width since we gave a height. Restricting just - // to IE7 to keep the 1px left/right space in other browsers. - // It is unclear where IE is getting the extra space that we need - // to negative-margin away, but so it goes. - *width: 100%; - height: 1px; - margin: ((@baseLineHeight / 2) - 1) 1px; // 8px 1px - *margin: -5px 0 5px; - overflow: hidden; - background-color: @top; - border-bottom: 1px solid @bottom; -} - -// Button backgrounds -// ------------------ -.buttonBackground(@startColor, @endColor, @textColor: #fff, @textShadow: 0 -1px 0 rgba(0,0,0,.25)) { - // gradientBar will set the background to a pleasing blend of these, to support IE<=9 - .gradientBar(@startColor, @endColor, @textColor, @textShadow); - *background-color: @endColor; /* Darken IE7 buttons by default so they stand out more given they won't have borders */ - .reset-filter(); - - // in these cases the gradient won't cover the background, so we override - &:hover, &:focus, &:active, &.active, &.disabled, &[disabled] { - color: @textColor; - background-color: @endColor; - *background-color: darken(@endColor, 5%); - } - - // IE 7 + 8 can't handle box-shadow to show active, so we darken a bit ourselves - &:active, - &.active { - background-color: darken(@endColor, 10%) e("\9"); - } -} - -// Navbar vertical align -// ------------------------- -// Vertically center elements in the navbar. -// Example: an element has a height of 30px, so write out `.navbarVerticalAlign(30px);` to calculate the appropriate top margin. -.navbarVerticalAlign(@elementHeight) { - margin-top: (@navbarHeight - @elementHeight) / 2; -} - - - -// Grid System -// ----------- - -// Centered container element -.container-fixed() { - margin-right: auto; - margin-left: auto; - .clearfix(); -} - -// Table columns -.tableColumns(@columnSpan: 1) { - float: none; // undo default grid column styles - width: ((@gridColumnWidth) * @columnSpan) + (@gridGutterWidth * (@columnSpan - 1)) - 16; // 16 is total padding on left and right of table cells - margin-left: 0; // undo default grid column styles -} - -// Make a Grid -// Use .makeRow and .makeColumn to assign semantic layouts grid system behavior -.makeRow() { - margin-left: @gridGutterWidth * -1; - .clearfix(); -} -.makeColumn(@columns: 1, @offset: 0) { - float: left; - margin-left: (@gridColumnWidth * @offset) + (@gridGutterWidth * (@offset - 1)) + (@gridGutterWidth * 2); - width: (@gridColumnWidth * @columns) + (@gridGutterWidth * (@columns - 1)); -} - -// The Grid -#grid { - - .core (@gridColumnWidth, @gridGutterWidth) { - - .spanX (@index) when (@index > 0) { - .span@{index} { .span(@index); } - .spanX(@index - 1); - } - .spanX (0) {} - - .offsetX (@index) when (@index > 0) { - .offset@{index} { .offset(@index); } - .offsetX(@index - 1); - } - .offsetX (0) {} - - .offset (@columns) { - margin-left: (@gridColumnWidth * @columns) + (@gridGutterWidth * (@columns + 1)); - } - - .span (@columns) { - width: (@gridColumnWidth * @columns) + (@gridGutterWidth * (@columns - 1)); - } - - .row { - margin-left: @gridGutterWidth * -1; - .clearfix(); - } - - [class*="span"] { - float: left; - min-height: 1px; // prevent collapsing columns - margin-left: @gridGutterWidth; - } - - // Set the container width, and override it for fixed navbars in media queries - .container, - .navbar-static-top .container, - .navbar-fixed-top .container, - .navbar-fixed-bottom .container { .span(@gridColumns); } - - // generate .spanX and .offsetX - .spanX (@gridColumns); - .offsetX (@gridColumns); - - } - - .fluid (@fluidGridColumnWidth, @fluidGridGutterWidth) { - - .spanX (@index) when (@index > 0) { - .span@{index} { .span(@index); } - .spanX(@index - 1); - } - .spanX (0) {} - - .offsetX (@index) when (@index > 0) { - .offset@{index} { .offset(@index); } - .offset@{index}:first-child { .offsetFirstChild(@index); } - .offsetX(@index - 1); - } - .offsetX (0) {} - - .offset (@columns) { - margin-left: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) + (@fluidGridGutterWidth*2); - *margin-left: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) - (.5 / @gridRowWidth * 100 * 1%) + (@fluidGridGutterWidth*2) - (.5 / @gridRowWidth * 100 * 1%); - } - - .offsetFirstChild (@columns) { - margin-left: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) + (@fluidGridGutterWidth); - *margin-left: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) - (.5 / @gridRowWidth * 100 * 1%) + @fluidGridGutterWidth - (.5 / @gridRowWidth * 100 * 1%); - } - - .span (@columns) { - width: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)); - *width: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) - (.5 / @gridRowWidth * 100 * 1%); - } - - .row-fluid { - width: 100%; - .clearfix(); - [class*="span"] { - .input-block-level(); - float: left; - margin-left: @fluidGridGutterWidth; - *margin-left: @fluidGridGutterWidth - (.5 / @gridRowWidth * 100 * 1%); - } - [class*="span"]:first-child { - margin-left: 0; - } - - // Space grid-sized controls properly if multiple per line - .controls-row [class*="span"] + [class*="span"] { - margin-left: @fluidGridGutterWidth; - } - - // generate .spanX and .offsetX - .spanX (@gridColumns); - .offsetX (@gridColumns); - } - - } - - .input(@gridColumnWidth, @gridGutterWidth) { - - .spanX (@index) when (@index > 0) { - input.span@{index}, textarea.span@{index}, .uneditable-input.span@{index} { .span(@index); } - .spanX(@index - 1); - } - .spanX (0) {} - - .span(@columns) { - width: ((@gridColumnWidth) * @columns) + (@gridGutterWidth * (@columns - 1)) - 14; - } - - input, - textarea, - .uneditable-input { - margin-left: 0; // override margin-left from core grid system - } - - // Space grid-sized controls properly if multiple per line - .controls-row [class*="span"] + [class*="span"] { - margin-left: @gridGutterWidth; - } - - // generate .spanX - .spanX (@gridColumns); - - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/modals.less b/openid-connect-server-webapp/src/main/webapp/less/modals.less deleted file mode 100644 index 8e272d409f..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/modals.less +++ /dev/null @@ -1,95 +0,0 @@ -// -// Modals -// -------------------------------------------------- - -// Background -.modal-backdrop { - position: fixed; - top: 0; - right: 0; - bottom: 0; - left: 0; - z-index: @zindexModalBackdrop; - background-color: @black; - // Fade for backdrop - &.fade { opacity: 0; } -} - -.modal-backdrop, -.modal-backdrop.fade.in { - .opacity(80); -} - -// Base modal -.modal { - position: fixed; - top: 10%; - left: 50%; - z-index: @zindexModal; - width: 560px; - margin-left: -280px; - background-color: @white; - border: 1px solid #999; - border: 1px solid rgba(0,0,0,.3); - *border: 1px solid #999; /* IE6-7 */ - .border-radius(6px); - .box-shadow(0 3px 7px rgba(0,0,0,0.3)); - .background-clip(padding-box); - // Remove focus outline from opened modal - outline: none; - - &.fade { - .transition(e('opacity .3s linear, top .3s ease-out')); - top: -25%; - } - &.fade.in { top: 10%; } -} -.modal-header { - padding: 9px 15px; - border-bottom: 1px solid #eee; - // Close icon - .close { margin-top: 2px; } - // Heading - h3 { - margin: 0; - line-height: 30px; - } -} - -// Body (where all modal content resides) -.modal-body { - position: relative; - overflow-y: auto; - max-height: 400px; - padding: 15px; -} -// Remove bottom margin if need be -.modal-form { - margin-bottom: 0; -} - -// Footer (for actions) -.modal-footer { - padding: 14px 15px 15px; - margin-bottom: 0; - text-align: right; // right align buttons - background-color: #f5f5f5; - border-top: 1px solid #ddd; - .border-radius(0 0 6px 6px); - .box-shadow(inset 0 1px 0 @white); - .clearfix(); // clear it in case folks use .pull-* classes on buttons - - // Properly space out buttons - .btn + .btn { - margin-left: 5px; - margin-bottom: 0; // account for input[type="submit"] which gets the bottom margin like all other inputs - } - // but override that for button groups - .btn-group .btn + .btn { - margin-left: -1px; - } - // and override it for block buttons as well - .btn-block + .btn-block { - margin-left: 0; - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/navbar.less b/openid-connect-server-webapp/src/main/webapp/less/navbar.less deleted file mode 100644 index 93d09bcad0..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/navbar.less +++ /dev/null @@ -1,497 +0,0 @@ -// -// Navbars (Redux) -// -------------------------------------------------- - - -// COMMON STYLES -// ------------- - -// Base class and wrapper -.navbar { - overflow: visible; - margin-bottom: @baseLineHeight; - - // Fix for IE7's bad z-indexing so dropdowns don't appear below content that follows the navbar - *position: relative; - *z-index: 2; -} - -// Inner for background effects -// Gradient is applied to its own element because overflow visible is not honored by IE when filter is present -.navbar-inner { - min-height: @navbarHeight; - padding-left: 20px; - padding-right: 20px; - #gradient > .vertical(@navbarBackgroundHighlight, @navbarBackground); - border: 1px solid @navbarBorder; - .border-radius(@baseBorderRadius); - .box-shadow(0 1px 4px rgba(0,0,0,.065)); - - // Prevent floats from breaking the navbar - .clearfix(); -} - -// Set width to auto for default container -// We then reset it for fixed navbars in the #gridSystem mixin -.navbar .container { - width: auto; -} - -// Override the default collapsed state -.nav-collapse.collapse { - height: auto; - overflow: visible; -} - - -// Brand: website or project name -// ------------------------- -.navbar .brand { - float: left; - display: block; - // Vertically center the text given @navbarHeight - padding: ((@navbarHeight - @baseLineHeight) / 2) 20px ((@navbarHeight - @baseLineHeight) / 2); - margin-left: -20px; // negative indent to left-align the text down the page - font-size: 20px; - font-weight: 200; - color: @navbarBrandColor; - text-shadow: 0 1px 0 @navbarBackgroundHighlight; - &:hover, - &:focus { - text-decoration: none; - } -} - -// Plain text in topbar -// ------------------------- -.navbar-text { - margin-bottom: 0; - line-height: @navbarHeight; - color: @navbarText; -} - -// Janky solution for now to account for links outside the .nav -// ------------------------- -.navbar-link { - color: @navbarLinkColor; - &:hover, - &:focus { - color: @navbarLinkColorHover; - } -} - -// Dividers in navbar -// ------------------------- -.navbar .divider-vertical { - height: @navbarHeight; - margin: 0 9px; - border-left: 1px solid @navbarBackground; - border-right: 1px solid @navbarBackgroundHighlight; -} - -// Buttons in navbar -// ------------------------- -.navbar .btn, -.navbar .btn-group { - .navbarVerticalAlign(30px); // Vertically center in navbar -} -.navbar .btn-group .btn, -.navbar .input-prepend .btn, -.navbar .input-append .btn, -.navbar .input-prepend .btn-group, -.navbar .input-append .btn-group { - margin-top: 0; // then undo the margin here so we don't accidentally double it -} - -// Navbar forms -// ------------------------- -.navbar-form { - margin-bottom: 0; // remove default bottom margin - .clearfix(); - input, - select, - .radio, - .checkbox { - .navbarVerticalAlign(30px); // Vertically center in navbar - } - input, - select, - .btn { - display: inline-block; - margin-bottom: 0; - } - input[type="image"], - input[type="checkbox"], - input[type="radio"] { - margin-top: 3px; - } - .input-append, - .input-prepend { - margin-top: 5px; - white-space: nowrap; // preven two items from separating within a .navbar-form that has .pull-left - input { - margin-top: 0; // remove the margin on top since it's on the parent - } - } -} - -// Navbar search -// ------------------------- -.navbar-search { - position: relative; - float: left; - .navbarVerticalAlign(30px); // Vertically center in navbar - margin-bottom: 0; - .search-query { - margin-bottom: 0; - padding: 4px 14px; - #font > .sans-serif(13px, normal, 1); - .border-radius(15px); // redeclare because of specificity of the type attribute - } -} - - - -// Static navbar -// ------------------------- - -.navbar-static-top { - position: static; - margin-bottom: 0; // remove 18px margin for default navbar - .navbar-inner { - .border-radius(0); - } -} - - - -// Fixed navbar -// ------------------------- - -// Shared (top/bottom) styles -.navbar-fixed-top, -.navbar-fixed-bottom { - position: fixed; - right: 0; - left: 0; - z-index: @zindexFixedNavbar; - margin-bottom: 0; // remove 18px margin for default navbar -} -.navbar-fixed-top .navbar-inner, -.navbar-static-top .navbar-inner { - border-width: 0 0 1px; -} -.navbar-fixed-bottom .navbar-inner { - border-width: 1px 0 0; -} -.navbar-fixed-top .navbar-inner, -.navbar-fixed-bottom .navbar-inner { - padding-left: 0; - padding-right: 0; - .border-radius(0); -} - -// Reset container width -// Required here as we reset the width earlier on and the grid mixins don't override early enough -.navbar-static-top .container, -.navbar-fixed-top .container, -.navbar-fixed-bottom .container { - #grid > .core > .span(@gridColumns); -} - -// Fixed to top -.navbar-fixed-top { - top: 0; -} -.navbar-fixed-top, -.navbar-static-top { - .navbar-inner { - .box-shadow(~"0 1px 10px rgba(0,0,0,.1)"); - } -} - -// Fixed to bottom -.navbar-fixed-bottom { - bottom: 0; - .navbar-inner { - .box-shadow(~"0 -1px 10px rgba(0,0,0,.1)"); - } -} - - - -// NAVIGATION -// ---------- - -.navbar .nav { - position: relative; - left: 0; - display: block; - float: left; - margin: 0 10px 0 0; -} -.navbar .nav.pull-right { - float: right; // redeclare due to specificity - margin-right: 0; // remove margin on float right nav -} -.navbar .nav > li { - float: left; -} - -// Links -.navbar .nav > li > a { - float: none; - // Vertically center the text given @navbarHeight - padding: ((@navbarHeight - @baseLineHeight) / 2) 15px ((@navbarHeight - @baseLineHeight) / 2); - color: @navbarLinkColor; - text-decoration: none; - text-shadow: 0 1px 0 @navbarBackgroundHighlight; -} -.navbar .nav .dropdown-toggle .caret { - margin-top: 8px; -} - -// Hover/focus -.navbar .nav > li > a:focus, -.navbar .nav > li > a:hover { - background-color: @navbarLinkBackgroundHover; // "transparent" is default to differentiate :hover/:focus from .active - color: @navbarLinkColorHover; - text-decoration: none; -} - -// Active nav items -.navbar .nav > .active > a, -.navbar .nav > .active > a:hover, -.navbar .nav > .active > a:focus { - color: @navbarLinkColorActive; - text-decoration: none; - background-color: @navbarLinkBackgroundActive; - .box-shadow(inset 0 3px 8px rgba(0,0,0,.125)); -} - -// Navbar button for toggling navbar items in responsive layouts -// These definitions need to come after '.navbar .btn' -.navbar .btn-navbar { - display: none; - float: right; - padding: 7px 10px; - margin-left: 5px; - margin-right: 5px; - .buttonBackground(darken(@navbarBackgroundHighlight, 5%), darken(@navbarBackground, 5%)); - .box-shadow(~"inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.075)"); -} -.navbar .btn-navbar .icon-bar { - display: block; - width: 18px; - height: 2px; - background-color: #f5f5f5; - .border-radius(1px); - .box-shadow(0 1px 0 rgba(0,0,0,.25)); -} -.btn-navbar .icon-bar + .icon-bar { - margin-top: 3px; -} - - - -// Dropdown menus -// -------------- - -// Menu position and menu carets -.navbar .nav > li > .dropdown-menu { - &:before { - content: ''; - display: inline-block; - border-left: 7px solid transparent; - border-right: 7px solid transparent; - border-bottom: 7px solid #ccc; - border-bottom-color: @dropdownBorder; - position: absolute; - top: -7px; - left: 9px; - } - &:after { - content: ''; - display: inline-block; - border-left: 6px solid transparent; - border-right: 6px solid transparent; - border-bottom: 6px solid @dropdownBackground; - position: absolute; - top: -6px; - left: 10px; - } -} -// Menu position and menu caret support for dropups via extra dropup class -.navbar-fixed-bottom .nav > li > .dropdown-menu { - &:before { - border-top: 7px solid #ccc; - border-top-color: @dropdownBorder; - border-bottom: 0; - bottom: -7px; - top: auto; - } - &:after { - border-top: 6px solid @dropdownBackground; - border-bottom: 0; - bottom: -6px; - top: auto; - } -} - -// Caret should match text color on hover/focus -.navbar .nav li.dropdown > a:hover .caret, -.navbar .nav li.dropdown > a:focus .caret { - border-top-color: @navbarLinkColorHover; - border-bottom-color: @navbarLinkColorHover; -} - -// Remove background color from open dropdown -.navbar .nav li.dropdown.open > .dropdown-toggle, -.navbar .nav li.dropdown.active > .dropdown-toggle, -.navbar .nav li.dropdown.open.active > .dropdown-toggle { - background-color: @navbarLinkBackgroundActive; - color: @navbarLinkColorActive; -} -.navbar .nav li.dropdown > .dropdown-toggle .caret { - border-top-color: @navbarLinkColor; - border-bottom-color: @navbarLinkColor; -} -.navbar .nav li.dropdown.open > .dropdown-toggle .caret, -.navbar .nav li.dropdown.active > .dropdown-toggle .caret, -.navbar .nav li.dropdown.open.active > .dropdown-toggle .caret { - border-top-color: @navbarLinkColorActive; - border-bottom-color: @navbarLinkColorActive; -} - -// Right aligned menus need alt position -.navbar .pull-right > li > .dropdown-menu, -.navbar .nav > li > .dropdown-menu.pull-right { - left: auto; - right: 0; - &:before { - left: auto; - right: 12px; - } - &:after { - left: auto; - right: 13px; - } - .dropdown-menu { - left: auto; - right: 100%; - margin-left: 0; - margin-right: -1px; - .border-radius(6px 0 6px 6px); - } -} - - -// Inverted navbar -// ------------------------- - -.navbar-inverse { - - .navbar-inner { - #gradient > .vertical(@navbarInverseBackgroundHighlight, @navbarInverseBackground); - border-color: @navbarInverseBorder; - } - - .brand, - .nav > li > a { - color: @navbarInverseLinkColor; - text-shadow: 0 -1px 0 rgba(0,0,0,.25); - &:hover, - &:focus { - color: @navbarInverseLinkColorHover; - } - } - - .brand { - color: @navbarInverseBrandColor; - } - - .navbar-text { - color: @navbarInverseText; - } - - .nav > li > a:focus, - .nav > li > a:hover { - background-color: @navbarInverseLinkBackgroundHover; - color: @navbarInverseLinkColorHover; - } - - .nav .active > a, - .nav .active > a:hover, - .nav .active > a:focus { - color: @navbarInverseLinkColorActive; - background-color: @navbarInverseLinkBackgroundActive; - } - - // Inline text links - .navbar-link { - color: @navbarInverseLinkColor; - &:hover, - &:focus { - color: @navbarInverseLinkColorHover; - } - } - - // Dividers in navbar - .divider-vertical { - border-left-color: @navbarInverseBackground; - border-right-color: @navbarInverseBackgroundHighlight; - } - - // Dropdowns - .nav li.dropdown.open > .dropdown-toggle, - .nav li.dropdown.active > .dropdown-toggle, - .nav li.dropdown.open.active > .dropdown-toggle { - background-color: @navbarInverseLinkBackgroundActive; - color: @navbarInverseLinkColorActive; - } - .nav li.dropdown > a:hover .caret, - .nav li.dropdown > a:focus .caret { - border-top-color: @navbarInverseLinkColorActive; - border-bottom-color: @navbarInverseLinkColorActive; - } - .nav li.dropdown > .dropdown-toggle .caret { - border-top-color: @navbarInverseLinkColor; - border-bottom-color: @navbarInverseLinkColor; - } - .nav li.dropdown.open > .dropdown-toggle .caret, - .nav li.dropdown.active > .dropdown-toggle .caret, - .nav li.dropdown.open.active > .dropdown-toggle .caret { - border-top-color: @navbarInverseLinkColorActive; - border-bottom-color: @navbarInverseLinkColorActive; - } - - // Navbar search - .navbar-search { - .search-query { - color: @white; - background-color: @navbarInverseSearchBackground; - border-color: @navbarInverseSearchBorder; - .box-shadow(~"inset 0 1px 2px rgba(0,0,0,.1), 0 1px 0 rgba(255,255,255,.15)"); - .transition(none); - .placeholder(@navbarInverseSearchPlaceholderColor); - - // Focus states (we use .focused since IE7-8 and down doesn't support :focus) - &:focus, - &.focused { - padding: 5px 15px; - color: @grayDark; - text-shadow: 0 1px 0 @white; - background-color: @navbarInverseSearchBackgroundFocus; - border: 0; - .box-shadow(0 0 3px rgba(0,0,0,.15)); - outline: 0; - } - } - } - - // Navbar collapse button - .btn-navbar { - .buttonBackground(darken(@navbarInverseBackgroundHighlight, 5%), darken(@navbarInverseBackground, 5%)); - } - -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/navs.less b/openid-connect-server-webapp/src/main/webapp/less/navs.less deleted file mode 100644 index 01cd805bde..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/navs.less +++ /dev/null @@ -1,409 +0,0 @@ -// -// Navs -// -------------------------------------------------- - - -// BASE CLASS -// ---------- - -.nav { - margin-left: 0; - margin-bottom: @baseLineHeight; - list-style: none; -} - -// Make links block level -.nav > li > a { - display: block; -} -.nav > li > a:hover, -.nav > li > a:focus { - text-decoration: none; - background-color: @grayLighter; -} - -// Prevent IE8 from misplacing imgs -// See https://github.com/h5bp/html5-boilerplate/issues/984#issuecomment-3985989 -.nav > li > a > img { - max-width: none; -} - -// Redeclare pull classes because of specifity -.nav > .pull-right { - float: right; -} - -// Nav headers (for dropdowns and lists) -.nav-header { - display: block; - padding: 3px 15px; - font-size: 11px; - font-weight: bold; - line-height: @baseLineHeight; - color: @grayLight; - text-shadow: 0 1px 0 rgba(255,255,255,.5); - text-transform: uppercase; -} -// Space them out when they follow another list item (link) -.nav li + .nav-header { - margin-top: 9px; -} - - - -// NAV LIST -// -------- - -.nav-list { - padding-left: 15px; - padding-right: 15px; - margin-bottom: 0; -} -.nav-list > li > a, -.nav-list .nav-header { - margin-left: -15px; - margin-right: -15px; - text-shadow: 0 1px 0 rgba(255,255,255,.5); -} -.nav-list > li > a { - padding: 3px 15px; -} -.nav-list > .active > a, -.nav-list > .active > a:hover, -.nav-list > .active > a:focus { - color: @white; - text-shadow: 0 -1px 0 rgba(0,0,0,.2); - background-color: @linkColor; -} -.nav-list [class^="icon-"], -.nav-list [class*=" icon-"] { - margin-right: 2px; -} -// Dividers (basically an hr) within the dropdown -.nav-list .divider { - .nav-divider(); -} - - - -// TABS AND PILLS -// ------------- - -// Common styles -.nav-tabs, -.nav-pills { - .clearfix(); -} -.nav-tabs > li, -.nav-pills > li { - float: left; -} -.nav-tabs > li > a, -.nav-pills > li > a { - padding-right: 12px; - padding-left: 12px; - margin-right: 2px; - line-height: 14px; // keeps the overall height an even number -} - -// TABS -// ---- - -// Give the tabs something to sit on -.nav-tabs { - border-bottom: 1px solid #ddd; -} -// Make the list-items overlay the bottom border -.nav-tabs > li { - margin-bottom: -1px; -} -// Actual tabs (as links) -.nav-tabs > li > a { - padding-top: 8px; - padding-bottom: 8px; - line-height: @baseLineHeight; - border: 1px solid transparent; - .border-radius(4px 4px 0 0); - &:hover, - &:focus { - border-color: @grayLighter @grayLighter #ddd; - } -} -// Active state, and it's :hover/:focus to override normal :hover/:focus -.nav-tabs > .active > a, -.nav-tabs > .active > a:hover, -.nav-tabs > .active > a:focus { - color: @gray; - background-color: @bodyBackground; - border: 1px solid #ddd; - border-bottom-color: transparent; - cursor: default; -} - - -// PILLS -// ----- - -// Links rendered as pills -.nav-pills > li > a { - padding-top: 8px; - padding-bottom: 8px; - margin-top: 2px; - margin-bottom: 2px; - .border-radius(5px); -} - -// Active state -.nav-pills > .active > a, -.nav-pills > .active > a:hover, -.nav-pills > .active > a:focus { - color: @white; - background-color: @linkColor; -} - - - -// STACKED NAV -// ----------- - -// Stacked tabs and pills -.nav-stacked > li { - float: none; -} -.nav-stacked > li > a { - margin-right: 0; // no need for the gap between nav items -} - -// Tabs -.nav-tabs.nav-stacked { - border-bottom: 0; -} -.nav-tabs.nav-stacked > li > a { - border: 1px solid #ddd; - .border-radius(0); -} -.nav-tabs.nav-stacked > li:first-child > a { - .border-top-radius(4px); -} -.nav-tabs.nav-stacked > li:last-child > a { - .border-bottom-radius(4px); -} -.nav-tabs.nav-stacked > li > a:hover, -.nav-tabs.nav-stacked > li > a:focus { - border-color: #ddd; - z-index: 2; -} - -// Pills -.nav-pills.nav-stacked > li > a { - margin-bottom: 3px; -} -.nav-pills.nav-stacked > li:last-child > a { - margin-bottom: 1px; // decrease margin to match sizing of stacked tabs -} - - - -// DROPDOWNS -// --------- - -.nav-tabs .dropdown-menu { - .border-radius(0 0 6px 6px); // remove the top rounded corners here since there is a hard edge above the menu -} -.nav-pills .dropdown-menu { - .border-radius(6px); // make rounded corners match the pills -} - -// Default dropdown links -// ------------------------- -// Make carets use linkColor to start -.nav .dropdown-toggle .caret { - border-top-color: @linkColor; - border-bottom-color: @linkColor; - margin-top: 6px; -} -.nav .dropdown-toggle:hover .caret, -.nav .dropdown-toggle:focus .caret { - border-top-color: @linkColorHover; - border-bottom-color: @linkColorHover; -} -/* move down carets for tabs */ -.nav-tabs .dropdown-toggle .caret { - margin-top: 8px; -} - -// Active dropdown links -// ------------------------- -.nav .active .dropdown-toggle .caret { - border-top-color: #fff; - border-bottom-color: #fff; -} -.nav-tabs .active .dropdown-toggle .caret { - border-top-color: @gray; - border-bottom-color: @gray; -} - -// Active:hover/:focus dropdown links -// ------------------------- -.nav > .dropdown.active > a:hover, -.nav > .dropdown.active > a:focus { - cursor: pointer; -} - -// Open dropdowns -// ------------------------- -.nav-tabs .open .dropdown-toggle, -.nav-pills .open .dropdown-toggle, -.nav > li.dropdown.open.active > a:hover, -.nav > li.dropdown.open.active > a:focus { - color: @white; - background-color: @grayLight; - border-color: @grayLight; -} -.nav li.dropdown.open .caret, -.nav li.dropdown.open.active .caret, -.nav li.dropdown.open a:hover .caret, -.nav li.dropdown.open a:focus .caret { - border-top-color: @white; - border-bottom-color: @white; - .opacity(100); -} - -// Dropdowns in stacked tabs -.tabs-stacked .open > a:hover, -.tabs-stacked .open > a:focus { - border-color: @grayLight; -} - - - -// TABBABLE -// -------- - - -// COMMON STYLES -// ------------- - -// Clear any floats -.tabbable { - .clearfix(); -} -.tab-content { - overflow: auto; // prevent content from running below tabs -} - -// Remove border on bottom, left, right -.tabs-below > .nav-tabs, -.tabs-right > .nav-tabs, -.tabs-left > .nav-tabs { - border-bottom: 0; -} - -// Show/hide tabbable areas -.tab-content > .tab-pane, -.pill-content > .pill-pane { - display: none; -} -.tab-content > .active, -.pill-content > .active { - display: block; -} - - -// BOTTOM -// ------ - -.tabs-below > .nav-tabs { - border-top: 1px solid #ddd; -} -.tabs-below > .nav-tabs > li { - margin-top: -1px; - margin-bottom: 0; -} -.tabs-below > .nav-tabs > li > a { - .border-radius(0 0 4px 4px); - &:hover, - &:focus { - border-bottom-color: transparent; - border-top-color: #ddd; - } -} -.tabs-below > .nav-tabs > .active > a, -.tabs-below > .nav-tabs > .active > a:hover, -.tabs-below > .nav-tabs > .active > a:focus { - border-color: transparent #ddd #ddd #ddd; -} - -// LEFT & RIGHT -// ------------ - -// Common styles -.tabs-left > .nav-tabs > li, -.tabs-right > .nav-tabs > li { - float: none; -} -.tabs-left > .nav-tabs > li > a, -.tabs-right > .nav-tabs > li > a { - min-width: 74px; - margin-right: 0; - margin-bottom: 3px; -} - -// Tabs on the left -.tabs-left > .nav-tabs { - float: left; - margin-right: 19px; - border-right: 1px solid #ddd; -} -.tabs-left > .nav-tabs > li > a { - margin-right: -1px; - .border-radius(4px 0 0 4px); -} -.tabs-left > .nav-tabs > li > a:hover, -.tabs-left > .nav-tabs > li > a:focus { - border-color: @grayLighter #ddd @grayLighter @grayLighter; -} -.tabs-left > .nav-tabs .active > a, -.tabs-left > .nav-tabs .active > a:hover, -.tabs-left > .nav-tabs .active > a:focus { - border-color: #ddd transparent #ddd #ddd; - *border-right-color: @white; -} - -// Tabs on the right -.tabs-right > .nav-tabs { - float: right; - margin-left: 19px; - border-left: 1px solid #ddd; -} -.tabs-right > .nav-tabs > li > a { - margin-left: -1px; - .border-radius(0 4px 4px 0); -} -.tabs-right > .nav-tabs > li > a:hover, -.tabs-right > .nav-tabs > li > a:focus { - border-color: @grayLighter @grayLighter @grayLighter #ddd; -} -.tabs-right > .nav-tabs .active > a, -.tabs-right > .nav-tabs .active > a:hover, -.tabs-right > .nav-tabs .active > a:focus { - border-color: #ddd #ddd #ddd transparent; - *border-left-color: @white; -} - - - -// DISABLED STATES -// --------------- - -// Gray out text -.nav > .disabled > a { - color: @grayLight; -} -// Nuke hover/focus effects -.nav > .disabled > a:hover, -.nav > .disabled > a:focus { - text-decoration: none; - background-color: transparent; - cursor: default; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/pager.less b/openid-connect-server-webapp/src/main/webapp/less/pager.less deleted file mode 100644 index 1476188297..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/pager.less +++ /dev/null @@ -1,43 +0,0 @@ -// -// Pager pagination -// -------------------------------------------------- - - -.pager { - margin: @baseLineHeight 0; - list-style: none; - text-align: center; - .clearfix(); -} -.pager li { - display: inline; -} -.pager li > a, -.pager li > span { - display: inline-block; - padding: 5px 14px; - background-color: #fff; - border: 1px solid #ddd; - .border-radius(15px); -} -.pager li > a:hover, -.pager li > a:focus { - text-decoration: none; - background-color: #f5f5f5; -} -.pager .next > a, -.pager .next > span { - float: right; -} -.pager .previous > a, -.pager .previous > span { - float: left; -} -.pager .disabled > a, -.pager .disabled > a:hover, -.pager .disabled > a:focus, -.pager .disabled > span { - color: @grayLight; - background-color: #fff; - cursor: default; -} \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/less/pagination.less b/openid-connect-server-webapp/src/main/webapp/less/pagination.less deleted file mode 100644 index a789db2d28..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/pagination.less +++ /dev/null @@ -1,123 +0,0 @@ -// -// Pagination (multiple pages) -// -------------------------------------------------- - -// Space out pagination from surrounding content -.pagination { - margin: @baseLineHeight 0; -} - -.pagination ul { - // Allow for text-based alignment - display: inline-block; - .ie7-inline-block(); - // Reset default ul styles - margin-left: 0; - margin-bottom: 0; - // Visuals - .border-radius(@baseBorderRadius); - .box-shadow(0 1px 2px rgba(0,0,0,.05)); -} -.pagination ul > li { - display: inline; // Remove list-style and block-level defaults -} -.pagination ul > li > a, -.pagination ul > li > span { - float: left; // Collapse white-space - padding: 4px 12px; - line-height: @baseLineHeight; - text-decoration: none; - background-color: @paginationBackground; - border: 1px solid @paginationBorder; - border-left-width: 0; -} -.pagination ul > li > a:hover, -.pagination ul > li > a:focus, -.pagination ul > .active > a, -.pagination ul > .active > span { - background-color: @paginationActiveBackground; -} -.pagination ul > .active > a, -.pagination ul > .active > span { - color: @grayLight; - cursor: default; -} -.pagination ul > .disabled > span, -.pagination ul > .disabled > a, -.pagination ul > .disabled > a:hover, -.pagination ul > .disabled > a:focus { - color: @grayLight; - background-color: transparent; - cursor: default; -} -.pagination ul > li:first-child > a, -.pagination ul > li:first-child > span { - border-left-width: 1px; - .border-left-radius(@baseBorderRadius); -} -.pagination ul > li:last-child > a, -.pagination ul > li:last-child > span { - .border-right-radius(@baseBorderRadius); -} - - -// Alignment -// -------------------------------------------------- - -.pagination-centered { - text-align: center; -} -.pagination-right { - text-align: right; -} - - -// Sizing -// -------------------------------------------------- - -// Large -.pagination-large { - ul > li > a, - ul > li > span { - padding: @paddingLarge; - font-size: @fontSizeLarge; - } - ul > li:first-child > a, - ul > li:first-child > span { - .border-left-radius(@borderRadiusLarge); - } - ul > li:last-child > a, - ul > li:last-child > span { - .border-right-radius(@borderRadiusLarge); - } -} - -// Small and mini -.pagination-mini, -.pagination-small { - ul > li:first-child > a, - ul > li:first-child > span { - .border-left-radius(@borderRadiusSmall); - } - ul > li:last-child > a, - ul > li:last-child > span { - .border-right-radius(@borderRadiusSmall); - } -} - -// Small -.pagination-small { - ul > li > a, - ul > li > span { - padding: @paddingSmall; - font-size: @fontSizeSmall; - } -} -// Mini -.pagination-mini { - ul > li > a, - ul > li > span { - padding: @paddingMini; - font-size: @fontSizeMini; - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/popovers.less b/openid-connect-server-webapp/src/main/webapp/less/popovers.less deleted file mode 100644 index aae35c8cd5..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/popovers.less +++ /dev/null @@ -1,133 +0,0 @@ -// -// Popovers -// -------------------------------------------------- - - -.popover { - position: absolute; - top: 0; - left: 0; - z-index: @zindexPopover; - display: none; - max-width: 276px; - padding: 1px; - text-align: left; // Reset given new insertion method - background-color: @popoverBackground; - -webkit-background-clip: padding-box; - -moz-background-clip: padding; - background-clip: padding-box; - border: 1px solid #ccc; - border: 1px solid rgba(0,0,0,.2); - .border-radius(6px); - .box-shadow(0 5px 10px rgba(0,0,0,.2)); - - // Overrides for proper insertion - white-space: normal; - - // Offset the popover to account for the popover arrow - &.top { margin-top: -10px; } - &.right { margin-left: 10px; } - &.bottom { margin-top: 10px; } - &.left { margin-left: -10px; } -} - -.popover-title { - margin: 0; // reset heading margin - padding: 8px 14px; - font-size: 14px; - font-weight: normal; - line-height: 18px; - background-color: @popoverTitleBackground; - border-bottom: 1px solid darken(@popoverTitleBackground, 5%); - .border-radius(5px 5px 0 0); - - &:empty { - display: none; - } -} - -.popover-content { - padding: 9px 14px; -} - -// Arrows -// -// .arrow is outer, .arrow:after is inner - -.popover .arrow, -.popover .arrow:after { - position: absolute; - display: block; - width: 0; - height: 0; - border-color: transparent; - border-style: solid; -} -.popover .arrow { - border-width: @popoverArrowOuterWidth; -} -.popover .arrow:after { - border-width: @popoverArrowWidth; - content: ""; -} - -.popover { - &.top .arrow { - left: 50%; - margin-left: -@popoverArrowOuterWidth; - border-bottom-width: 0; - border-top-color: #999; // IE8 fallback - border-top-color: @popoverArrowOuterColor; - bottom: -@popoverArrowOuterWidth; - &:after { - bottom: 1px; - margin-left: -@popoverArrowWidth; - border-bottom-width: 0; - border-top-color: @popoverArrowColor; - } - } - &.right .arrow { - top: 50%; - left: -@popoverArrowOuterWidth; - margin-top: -@popoverArrowOuterWidth; - border-left-width: 0; - border-right-color: #999; // IE8 fallback - border-right-color: @popoverArrowOuterColor; - &:after { - left: 1px; - bottom: -@popoverArrowWidth; - border-left-width: 0; - border-right-color: @popoverArrowColor; - } - } - &.bottom .arrow { - left: 50%; - margin-left: -@popoverArrowOuterWidth; - border-top-width: 0; - border-bottom-color: #999; // IE8 fallback - border-bottom-color: @popoverArrowOuterColor; - top: -@popoverArrowOuterWidth; - &:after { - top: 1px; - margin-left: -@popoverArrowWidth; - border-top-width: 0; - border-bottom-color: @popoverArrowColor; - } - } - - &.left .arrow { - top: 50%; - right: -@popoverArrowOuterWidth; - margin-top: -@popoverArrowOuterWidth; - border-right-width: 0; - border-left-color: #999; // IE8 fallback - border-left-color: @popoverArrowOuterColor; - &:after { - right: 1px; - border-right-width: 0; - border-left-color: @popoverArrowColor; - bottom: -@popoverArrowWidth; - } - } - -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/progress-bars.less b/openid-connect-server-webapp/src/main/webapp/less/progress-bars.less deleted file mode 100644 index 5e0c3dda01..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/progress-bars.less +++ /dev/null @@ -1,122 +0,0 @@ -// -// Progress bars -// -------------------------------------------------- - - -// ANIMATIONS -// ---------- - -// Webkit -@-webkit-keyframes progress-bar-stripes { - from { background-position: 40px 0; } - to { background-position: 0 0; } -} - -// Firefox -@-moz-keyframes progress-bar-stripes { - from { background-position: 40px 0; } - to { background-position: 0 0; } -} - -// IE9 -@-ms-keyframes progress-bar-stripes { - from { background-position: 40px 0; } - to { background-position: 0 0; } -} - -// Opera -@-o-keyframes progress-bar-stripes { - from { background-position: 0 0; } - to { background-position: 40px 0; } -} - -// Spec -@keyframes progress-bar-stripes { - from { background-position: 40px 0; } - to { background-position: 0 0; } -} - - - -// THE BARS -// -------- - -// Outer container -.progress { - overflow: hidden; - height: @baseLineHeight; - margin-bottom: @baseLineHeight; - #gradient > .vertical(#f5f5f5, #f9f9f9); - .box-shadow(inset 0 1px 2px rgba(0,0,0,.1)); - .border-radius(@baseBorderRadius); -} - -// Bar of progress -.progress .bar { - width: 0%; - height: 100%; - color: @white; - float: left; - font-size: 12px; - text-align: center; - text-shadow: 0 -1px 0 rgba(0,0,0,.25); - #gradient > .vertical(#149bdf, #0480be); - .box-shadow(inset 0 -1px 0 rgba(0,0,0,.15)); - .box-sizing(border-box); - .transition(width .6s ease); -} -.progress .bar + .bar { - .box-shadow(~"inset 1px 0 0 rgba(0,0,0,.15), inset 0 -1px 0 rgba(0,0,0,.15)"); -} - -// Striped bars -.progress-striped .bar { - #gradient > .striped(#149bdf); - .background-size(40px 40px); -} - -// Call animation for the active one -.progress.active .bar { - -webkit-animation: progress-bar-stripes 2s linear infinite; - -moz-animation: progress-bar-stripes 2s linear infinite; - -ms-animation: progress-bar-stripes 2s linear infinite; - -o-animation: progress-bar-stripes 2s linear infinite; - animation: progress-bar-stripes 2s linear infinite; -} - - - -// COLORS -// ------ - -// Danger (red) -.progress-danger .bar, .progress .bar-danger { - #gradient > .vertical(#ee5f5b, #c43c35); -} -.progress-danger.progress-striped .bar, .progress-striped .bar-danger { - #gradient > .striped(#ee5f5b); -} - -// Success (green) -.progress-success .bar, .progress .bar-success { - #gradient > .vertical(#62c462, #57a957); -} -.progress-success.progress-striped .bar, .progress-striped .bar-success { - #gradient > .striped(#62c462); -} - -// Info (teal) -.progress-info .bar, .progress .bar-info { - #gradient > .vertical(#5bc0de, #339bb9); -} -.progress-info.progress-striped .bar, .progress-striped .bar-info { - #gradient > .striped(#5bc0de); -} - -// Warning (orange) -.progress-warning .bar, .progress .bar-warning { - #gradient > .vertical(lighten(@orange, 15%), @orange); -} -.progress-warning.progress-striped .bar, .progress-striped .bar-warning { - #gradient > .striped(lighten(@orange, 15%)); -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/reset.less b/openid-connect-server-webapp/src/main/webapp/less/reset.less deleted file mode 100644 index 4806bd5e59..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/reset.less +++ /dev/null @@ -1,216 +0,0 @@ -// -// Reset CSS -// Adapted from http://github.com/necolas/normalize.css -// -------------------------------------------------- - - -// Display in IE6-9 and FF3 -// ------------------------- - -article, -aside, -details, -figcaption, -figure, -footer, -header, -hgroup, -nav, -section { - display: block; -} - -// Display block in IE6-9 and FF3 -// ------------------------- - -audio, -canvas, -video { - display: inline-block; - *display: inline; - *zoom: 1; -} - -// Prevents modern browsers from displaying 'audio' without controls -// ------------------------- - -audio:not([controls]) { - display: none; -} - -// Base settings -// ------------------------- - -html { - font-size: 100%; - -webkit-text-size-adjust: 100%; - -ms-text-size-adjust: 100%; -} -// Focus states -a:focus { - .tab-focus(); -} -// Hover & Active -a:hover, -a:active { - outline: 0; -} - -// Prevents sub and sup affecting line-height in all browsers -// ------------------------- - -sub, -sup { - position: relative; - font-size: 75%; - line-height: 0; - vertical-align: baseline; -} -sup { - top: -0.5em; -} -sub { - bottom: -0.25em; -} - -// Img border in a's and image quality -// ------------------------- - -img { - /* Responsive images (ensure images don't scale beyond their parents) */ - max-width: 100%; /* Part 1: Set a maxium relative to the parent */ - width: auto\9; /* IE7-8 need help adjusting responsive images */ - height: auto; /* Part 2: Scale the height according to the width, otherwise you get stretching */ - - vertical-align: middle; - border: 0; - -ms-interpolation-mode: bicubic; -} - -// Prevent max-width from affecting Google Maps -#map_canvas img, -.google-maps img { - max-width: none; -} - -// Forms -// ------------------------- - -// Font size in all browsers, margin changes, misc consistency -button, -input, -select, -textarea { - margin: 0; - font-size: 100%; - vertical-align: middle; -} -button, -input { - *overflow: visible; // Inner spacing ie IE6/7 - line-height: normal; // FF3/4 have !important on line-height in UA stylesheet -} -button::-moz-focus-inner, -input::-moz-focus-inner { // Inner padding and border oddities in FF3/4 - padding: 0; - border: 0; -} -button, -html input[type="button"], // Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio` and `video` controls. -input[type="reset"], -input[type="submit"] { - -webkit-appearance: button; // Corrects inability to style clickable `input` types in iOS. - cursor: pointer; // Improves usability and consistency of cursor style between image-type `input` and others. -} -label, -select, -button, -input[type="button"], -input[type="reset"], -input[type="submit"], -input[type="radio"], -input[type="checkbox"] { - cursor: pointer; // Improves usability and consistency of cursor style between image-type `input` and others. -} -input[type="search"] { // Appearance in Safari/Chrome - .box-sizing(content-box); - -webkit-appearance: textfield; -} -input[type="search"]::-webkit-search-decoration, -input[type="search"]::-webkit-search-cancel-button { - -webkit-appearance: none; // Inner-padding issues in Chrome OSX, Safari 5 -} -textarea { - overflow: auto; // Remove vertical scrollbar in IE6-9 - vertical-align: top; // Readability and alignment cross-browser -} - - -// Printing -// ------------------------- -// Source: https://github.com/h5bp/html5-boilerplate/blob/master/css/main.css - -@media print { - - * { - text-shadow: none !important; - color: #000 !important; // Black prints faster: h5bp.com/s - background: transparent !important; - box-shadow: none !important; - } - - a, - a:visited { - text-decoration: underline; - } - - a[href]:after { - content: " (" attr(href) ")"; - } - - abbr[title]:after { - content: " (" attr(title) ")"; - } - - // Don't show links for images, or javascript/internal links - .ir a:after, - a[href^="javascript:"]:after, - a[href^="#"]:after { - content: ""; - } - - pre, - blockquote { - border: 1px solid #999; - page-break-inside: avoid; - } - - thead { - display: table-header-group; // h5bp.com/t - } - - tr, - img { - page-break-inside: avoid; - } - - img { - max-width: 100% !important; - } - - @page { - margin: 0.5cm; - } - - p, - h2, - h3 { - orphans: 3; - widows: 3; - } - - h2, - h3 { - page-break-after: avoid; - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/responsive-1200px-min.less b/openid-connect-server-webapp/src/main/webapp/less/responsive-1200px-min.less deleted file mode 100644 index 4f35ba6ca2..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/responsive-1200px-min.less +++ /dev/null @@ -1,28 +0,0 @@ -// -// Responsive: Large desktop and up -// -------------------------------------------------- - - -@media (min-width: 1200px) { - - // Fixed grid - #grid > .core(@gridColumnWidth1200, @gridGutterWidth1200); - - // Fluid grid - #grid > .fluid(@fluidGridColumnWidth1200, @fluidGridGutterWidth1200); - - // Input grid - #grid > .input(@gridColumnWidth1200, @gridGutterWidth1200); - - // Thumbnails - .thumbnails { - margin-left: -@gridGutterWidth1200; - } - .thumbnails > li { - margin-left: @gridGutterWidth1200; - } - .row-fluid .thumbnails { - margin-left: 0; - } - -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/responsive-767px-max.less b/openid-connect-server-webapp/src/main/webapp/less/responsive-767px-max.less deleted file mode 100644 index 128f4ce30d..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/responsive-767px-max.less +++ /dev/null @@ -1,193 +0,0 @@ -// -// Responsive: Landscape phone to desktop/tablet -// -------------------------------------------------- - - -@media (max-width: 767px) { - - // Padding to set content in a bit - body { - padding-left: 20px; - padding-right: 20px; - } - // Negative indent the now static "fixed" navbar - .navbar-fixed-top, - .navbar-fixed-bottom, - .navbar-static-top { - margin-left: -20px; - margin-right: -20px; - } - // Remove padding on container given explicit padding set on body - .container-fluid { - padding: 0; - } - - // TYPOGRAPHY - // ---------- - // Reset horizontal dl - .dl-horizontal { - dt { - float: none; - clear: none; - width: auto; - text-align: left; - } - dd { - margin-left: 0; - } - } - - // GRID & CONTAINERS - // ----------------- - // Remove width from containers - .container { - width: auto; - } - // Fluid rows - .row-fluid { - width: 100%; - } - // Undo negative margin on rows and thumbnails - .row, - .thumbnails { - margin-left: 0; - } - .thumbnails > li { - float: none; - margin-left: 0; // Reset the default margin for all li elements when no .span* classes are present - } - // Make all grid-sized elements block level again - [class*="span"], - .uneditable-input[class*="span"], // Makes uneditable inputs full-width when using grid sizing - .row-fluid [class*="span"] { - float: none; - display: block; - width: 100%; - margin-left: 0; - .box-sizing(border-box); - } - .span12, - .row-fluid .span12 { - width: 100%; - .box-sizing(border-box); - } - .row-fluid [class*="offset"]:first-child { - margin-left: 0; - } - - // FORM FIELDS - // ----------- - // Make span* classes full width - .input-large, - .input-xlarge, - .input-xxlarge, - input[class*="span"], - select[class*="span"], - textarea[class*="span"], - .uneditable-input { - .input-block-level(); - } - // But don't let it screw up prepend/append inputs - .input-prepend input, - .input-append input, - .input-prepend input[class*="span"], - .input-append input[class*="span"] { - display: inline-block; // redeclare so they don't wrap to new lines - width: auto; - } - .controls-row [class*="span"] + [class*="span"] { - margin-left: 0; - } - - // Modals - .modal { - position: fixed; - top: 20px; - left: 20px; - right: 20px; - width: auto; - margin: 0; - &.fade { top: -100px; } - &.fade.in { top: 20px; } - } - -} - - - -// UP TO LANDSCAPE PHONE -// --------------------- - -@media (max-width: 480px) { - - // Smooth out the collapsing/expanding nav - .nav-collapse { - -webkit-transform: translate3d(0, 0, 0); // activate the GPU - } - - // Block level the page header small tag for readability - .page-header h1 small { - display: block; - line-height: @baseLineHeight; - } - - // Update checkboxes for iOS - input[type="checkbox"], - input[type="radio"] { - border: 1px solid #ccc; - } - - // Remove the horizontal form styles - .form-horizontal { - .control-label { - float: none; - width: auto; - padding-top: 0; - text-align: left; - } - // Move over all input controls and content - .controls { - margin-left: 0; - } - // Move the options list down to align with labels - .control-list { - padding-top: 0; // has to be padding because margin collaspes - } - // Move over buttons in .form-actions to align with .controls - .form-actions { - padding-left: 10px; - padding-right: 10px; - } - } - - // Medias - // Reset float and spacing to stack - .media .pull-left, - .media .pull-right { - float: none; - display: block; - margin-bottom: 10px; - } - // Remove side margins since we stack instead of indent - .media-object { - margin-right: 0; - margin-left: 0; - } - - // Modals - .modal { - top: 10px; - left: 10px; - right: 10px; - } - .modal-header .close { - padding: 10px; - margin: -10px; - } - - // Carousel - .carousel-caption { - position: static; - } - -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/responsive-768px-979px.less b/openid-connect-server-webapp/src/main/webapp/less/responsive-768px-979px.less deleted file mode 100644 index 8e8c486a06..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/responsive-768px-979px.less +++ /dev/null @@ -1,19 +0,0 @@ -// -// Responsive: Tablet to desktop -// -------------------------------------------------- - - -@media (min-width: 768px) and (max-width: 979px) { - - // Fixed grid - #grid > .core(@gridColumnWidth768, @gridGutterWidth768); - - // Fluid grid - #grid > .fluid(@fluidGridColumnWidth768, @fluidGridGutterWidth768); - - // Input grid - #grid > .input(@gridColumnWidth768, @gridGutterWidth768); - - // No need to reset .thumbnails here since it's the same @gridGutterWidth - -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/responsive-navbar.less b/openid-connect-server-webapp/src/main/webapp/less/responsive-navbar.less deleted file mode 100644 index 21cd3ba671..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/responsive-navbar.less +++ /dev/null @@ -1,189 +0,0 @@ -// -// Responsive: Navbar -// -------------------------------------------------- - - -// TABLETS AND BELOW -// ----------------- -@media (max-width: @navbarCollapseWidth) { - - // UNFIX THE TOPBAR - // ---------------- - // Remove any padding from the body - body { - padding-top: 0; - } - // Unfix the navbars - .navbar-fixed-top, - .navbar-fixed-bottom { - position: static; - } - .navbar-fixed-top { - margin-bottom: @baseLineHeight; - } - .navbar-fixed-bottom { - margin-top: @baseLineHeight; - } - .navbar-fixed-top .navbar-inner, - .navbar-fixed-bottom .navbar-inner { - padding: 5px; - } - .navbar .container { - width: auto; - padding: 0; - } - // Account for brand name - .navbar .brand { - padding-left: 10px; - padding-right: 10px; - margin: 0 0 0 -5px; - } - - // COLLAPSIBLE NAVBAR - // ------------------ - // Nav collapse clears brand - .nav-collapse { - clear: both; - } - // Block-level the nav - .nav-collapse .nav { - float: none; - margin: 0 0 (@baseLineHeight / 2); - } - .nav-collapse .nav > li { - float: none; - } - .nav-collapse .nav > li > a { - margin-bottom: 2px; - } - .nav-collapse .nav > .divider-vertical { - display: none; - } - .nav-collapse .nav .nav-header { - color: @navbarText; - text-shadow: none; - } - // Nav and dropdown links in navbar - .nav-collapse .nav > li > a, - .nav-collapse .dropdown-menu a { - padding: 9px 15px; - font-weight: bold; - color: @navbarLinkColor; - .border-radius(3px); - } - // Buttons - .nav-collapse .btn { - padding: 4px 10px 4px; - font-weight: normal; - .border-radius(@baseBorderRadius); - } - .nav-collapse .dropdown-menu li + li a { - margin-bottom: 2px; - } - .nav-collapse .nav > li > a:hover, - .nav-collapse .nav > li > a:focus, - .nav-collapse .dropdown-menu a:hover, - .nav-collapse .dropdown-menu a:focus { - background-color: @navbarBackground; - } - .navbar-inverse .nav-collapse .nav > li > a, - .navbar-inverse .nav-collapse .dropdown-menu a { - color: @navbarInverseLinkColor; - } - .navbar-inverse .nav-collapse .nav > li > a:hover, - .navbar-inverse .nav-collapse .nav > li > a:focus, - .navbar-inverse .nav-collapse .dropdown-menu a:hover, - .navbar-inverse .nav-collapse .dropdown-menu a:focus { - background-color: @navbarInverseBackground; - } - // Buttons in the navbar - .nav-collapse.in .btn-group { - margin-top: 5px; - padding: 0; - } - // Dropdowns in the navbar - .nav-collapse .dropdown-menu { - position: static; - top: auto; - left: auto; - float: none; - display: none; - max-width: none; - margin: 0 15px; - padding: 0; - background-color: transparent; - border: none; - .border-radius(0); - .box-shadow(none); - } - .nav-collapse .open > .dropdown-menu { - display: block; - } - - .nav-collapse .dropdown-menu:before, - .nav-collapse .dropdown-menu:after { - display: none; - } - .nav-collapse .dropdown-menu .divider { - display: none; - } - .nav-collapse .nav > li > .dropdown-menu { - &:before, - &:after { - display: none; - } - } - // Forms in navbar - .nav-collapse .navbar-form, - .nav-collapse .navbar-search { - float: none; - padding: (@baseLineHeight / 2) 15px; - margin: (@baseLineHeight / 2) 0; - border-top: 1px solid @navbarBackground; - border-bottom: 1px solid @navbarBackground; - .box-shadow(~"inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.1)"); - } - .navbar-inverse .nav-collapse .navbar-form, - .navbar-inverse .nav-collapse .navbar-search { - border-top-color: @navbarInverseBackground; - border-bottom-color: @navbarInverseBackground; - } - // Pull right (secondary) nav content - .navbar .nav-collapse .nav.pull-right { - float: none; - margin-left: 0; - } - // Hide everything in the navbar save .brand and toggle button */ - .nav-collapse, - .nav-collapse.collapse { - overflow: hidden; - height: 0; - } - // Navbar button - .navbar .btn-navbar { - display: block; - } - - // STATIC NAVBAR - // ------------- - .navbar-static .navbar-inner { - padding-left: 10px; - padding-right: 10px; - } - - -} - - -// DEFAULT DESKTOP -// --------------- - -@media (min-width: @navbarCollapseDesktopWidth) { - - // Required to make the collapsing navbar work on regular desktops - .nav-collapse.collapse { - height: auto !important; - overflow: visible !important; - } - -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/responsive-utilities.less b/openid-connect-server-webapp/src/main/webapp/less/responsive-utilities.less deleted file mode 100644 index bf43e8ef73..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/responsive-utilities.less +++ /dev/null @@ -1,59 +0,0 @@ -// -// Responsive: Utility classes -// -------------------------------------------------- - - -// IE10 Metro responsive -// Required for Windows 8 Metro split-screen snapping with IE10 -// Source: http://timkadlec.com/2012/10/ie10-snap-mode-and-responsive-design/ -@-ms-viewport{ - width: device-width; -} - -// Hide from screenreaders and browsers -// Credit: HTML5 Boilerplate -.hidden { - display: none; - visibility: hidden; -} - -// Visibility utilities - -// For desktops -.visible-phone { display: none !important; } -.visible-tablet { display: none !important; } -.hidden-phone { } -.hidden-tablet { } -.hidden-desktop { display: none !important; } -.visible-desktop { display: inherit !important; } - -// Tablets & small desktops only -@media (min-width: 768px) and (max-width: 979px) { - // Hide everything else - .hidden-desktop { display: inherit !important; } - .visible-desktop { display: none !important ; } - // Show - .visible-tablet { display: inherit !important; } - // Hide - .hidden-tablet { display: none !important; } -} - -// Phones only -@media (max-width: 767px) { - // Hide everything else - .hidden-desktop { display: inherit !important; } - .visible-desktop { display: none !important; } - // Show - .visible-phone { display: inherit !important; } // Use inherit to restore previous behavior - // Hide - .hidden-phone { display: none !important; } -} - -// Print utilities -.visible-print { display: none !important; } -.hidden-print { } - -@media print { - .visible-print { display: inherit !important; } - .hidden-print { display: none !important; } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/scaffolding.less b/openid-connect-server-webapp/src/main/webapp/less/scaffolding.less deleted file mode 100644 index f17e8cadb4..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/scaffolding.less +++ /dev/null @@ -1,53 +0,0 @@ -// -// Scaffolding -// -------------------------------------------------- - - -// Body reset -// ------------------------- - -body { - margin: 0; - font-family: @baseFontFamily; - font-size: @baseFontSize; - line-height: @baseLineHeight; - color: @textColor; - background-color: @bodyBackground; -} - - -// Links -// ------------------------- - -a { - color: @linkColor; - text-decoration: none; -} -a:hover, -a:focus { - color: @linkColorHover; - text-decoration: underline; -} - - -// Images -// ------------------------- - -// Rounded corners -.img-rounded { - .border-radius(6px); -} - -// Add polaroid-esque trim -.img-polaroid { - padding: 4px; - background-color: #fff; - border: 1px solid #ccc; - border: 1px solid rgba(0,0,0,.2); - .box-shadow(0 1px 3px rgba(0,0,0,.1)); -} - -// Perfect circle -.img-circle { - .border-radius(500px); // crank the border-radius so it works with most reasonably sized images -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/sprites.less b/openid-connect-server-webapp/src/main/webapp/less/sprites.less deleted file mode 100644 index 1812bf71ac..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/sprites.less +++ /dev/null @@ -1,197 +0,0 @@ -// -// Sprites -// -------------------------------------------------- - - -// ICONS -// ----- - -// All icons receive the styles of the tag with a base class -// of .i and are then given a unique class to add width, height, -// and background-position. Your resulting HTML will look like -// . - -// For the white version of the icons, just add the .icon-white class: -// - -[class^="icon-"], -[class*=" icon-"] { - display: inline-block; - width: 14px; - height: 14px; - .ie7-restore-right-whitespace(); - line-height: 14px; - vertical-align: text-top; - background-image: url("@{iconSpritePath}"); - background-position: 14px 14px; - background-repeat: no-repeat; - margin-top: 1px; -} - -/* White icons with optional class, or on hover/focus/active states of certain elements */ -.icon-white, -.nav-pills > .active > a > [class^="icon-"], -.nav-pills > .active > a > [class*=" icon-"], -.nav-list > .active > a > [class^="icon-"], -.nav-list > .active > a > [class*=" icon-"], -.navbar-inverse .nav > .active > a > [class^="icon-"], -.navbar-inverse .nav > .active > a > [class*=" icon-"], -.dropdown-menu > li > a:hover > [class^="icon-"], -.dropdown-menu > li > a:focus > [class^="icon-"], -.dropdown-menu > li > a:hover > [class*=" icon-"], -.dropdown-menu > li > a:focus > [class*=" icon-"], -.dropdown-menu > .active > a > [class^="icon-"], -.dropdown-menu > .active > a > [class*=" icon-"], -.dropdown-submenu:hover > a > [class^="icon-"], -.dropdown-submenu:focus > a > [class^="icon-"], -.dropdown-submenu:hover > a > [class*=" icon-"], -.dropdown-submenu:focus > a > [class*=" icon-"] { - background-image: url("@{iconWhiteSpritePath}"); -} - -.icon-glass { background-position: 0 0; } -.icon-music { background-position: -24px 0; } -.icon-search { background-position: -48px 0; } -.icon-envelope { background-position: -72px 0; } -.icon-heart { background-position: -96px 0; } -.icon-star { background-position: -120px 0; } -.icon-star-empty { background-position: -144px 0; } -.icon-user { background-position: -168px 0; } -.icon-film { background-position: -192px 0; } -.icon-th-large { background-position: -216px 0; } -.icon-th { background-position: -240px 0; } -.icon-th-list { background-position: -264px 0; } -.icon-ok { background-position: -288px 0; } -.icon-remove { background-position: -312px 0; } -.icon-zoom-in { background-position: -336px 0; } -.icon-zoom-out { background-position: -360px 0; } -.icon-off { background-position: -384px 0; } -.icon-signal { background-position: -408px 0; } -.icon-cog { background-position: -432px 0; } -.icon-trash { background-position: -456px 0; } - -.icon-home { background-position: 0 -24px; } -.icon-file { background-position: -24px -24px; } -.icon-time { background-position: -48px -24px; } -.icon-road { background-position: -72px -24px; } -.icon-download-alt { background-position: -96px -24px; } -.icon-download { background-position: -120px -24px; } -.icon-upload { background-position: -144px -24px; } -.icon-inbox { background-position: -168px -24px; } -.icon-play-circle { background-position: -192px -24px; } -.icon-repeat { background-position: -216px -24px; } -.icon-refresh { background-position: -240px -24px; } -.icon-list-alt { background-position: -264px -24px; } -.icon-lock { background-position: -287px -24px; } // 1px off -.icon-flag { background-position: -312px -24px; } -.icon-headphones { background-position: -336px -24px; } -.icon-volume-off { background-position: -360px -24px; } -.icon-volume-down { background-position: -384px -24px; } -.icon-volume-up { background-position: -408px -24px; } -.icon-qrcode { background-position: -432px -24px; } -.icon-barcode { background-position: -456px -24px; } - -.icon-tag { background-position: 0 -48px; } -.icon-tags { background-position: -25px -48px; } // 1px off -.icon-book { background-position: -48px -48px; } -.icon-bookmark { background-position: -72px -48px; } -.icon-print { background-position: -96px -48px; } -.icon-camera { background-position: -120px -48px; } -.icon-font { background-position: -144px -48px; } -.icon-bold { background-position: -167px -48px; } // 1px off -.icon-italic { background-position: -192px -48px; } -.icon-text-height { background-position: -216px -48px; } -.icon-text-width { background-position: -240px -48px; } -.icon-align-left { background-position: -264px -48px; } -.icon-align-center { background-position: -288px -48px; } -.icon-align-right { background-position: -312px -48px; } -.icon-align-justify { background-position: -336px -48px; } -.icon-list { background-position: -360px -48px; } -.icon-indent-left { background-position: -384px -48px; } -.icon-indent-right { background-position: -408px -48px; } -.icon-facetime-video { background-position: -432px -48px; } -.icon-picture { background-position: -456px -48px; } - -.icon-pencil { background-position: 0 -72px; } -.icon-map-marker { background-position: -24px -72px; } -.icon-adjust { background-position: -48px -72px; } -.icon-tint { background-position: -72px -72px; } -.icon-edit { background-position: -96px -72px; } -.icon-share { background-position: -120px -72px; } -.icon-check { background-position: -144px -72px; } -.icon-move { background-position: -168px -72px; } -.icon-step-backward { background-position: -192px -72px; } -.icon-fast-backward { background-position: -216px -72px; } -.icon-backward { background-position: -240px -72px; } -.icon-play { background-position: -264px -72px; } -.icon-pause { background-position: -288px -72px; } -.icon-stop { background-position: -312px -72px; } -.icon-forward { background-position: -336px -72px; } -.icon-fast-forward { background-position: -360px -72px; } -.icon-step-forward { background-position: -384px -72px; } -.icon-eject { background-position: -408px -72px; } -.icon-chevron-left { background-position: -432px -72px; } -.icon-chevron-right { background-position: -456px -72px; } - -.icon-plus-sign { background-position: 0 -96px; } -.icon-minus-sign { background-position: -24px -96px; } -.icon-remove-sign { background-position: -48px -96px; } -.icon-ok-sign { background-position: -72px -96px; } -.icon-question-sign { background-position: -96px -96px; } -.icon-info-sign { background-position: -120px -96px; } -.icon-screenshot { background-position: -144px -96px; } -.icon-remove-circle { background-position: -168px -96px; } -.icon-ok-circle { background-position: -192px -96px; } -.icon-ban-circle { background-position: -216px -96px; } -.icon-arrow-left { background-position: -240px -96px; } -.icon-arrow-right { background-position: -264px -96px; } -.icon-arrow-up { background-position: -289px -96px; } // 1px off -.icon-arrow-down { background-position: -312px -96px; } -.icon-share-alt { background-position: -336px -96px; } -.icon-resize-full { background-position: -360px -96px; } -.icon-resize-small { background-position: -384px -96px; } -.icon-plus { background-position: -408px -96px; } -.icon-minus { background-position: -433px -96px; } -.icon-asterisk { background-position: -456px -96px; } - -.icon-exclamation-sign { background-position: 0 -120px; } -.icon-gift { background-position: -24px -120px; } -.icon-leaf { background-position: -48px -120px; } -.icon-fire { background-position: -72px -120px; } -.icon-eye-open { background-position: -96px -120px; } -.icon-eye-close { background-position: -120px -120px; } -.icon-warning-sign { background-position: -144px -120px; } -.icon-plane { background-position: -168px -120px; } -.icon-calendar { background-position: -192px -120px; } -.icon-random { background-position: -216px -120px; width: 16px; } -.icon-comment { background-position: -240px -120px; } -.icon-magnet { background-position: -264px -120px; } -.icon-chevron-up { background-position: -288px -120px; } -.icon-chevron-down { background-position: -313px -119px; } // 1px, 1px off -.icon-retweet { background-position: -336px -120px; } -.icon-shopping-cart { background-position: -360px -120px; } -.icon-folder-close { background-position: -384px -120px; width: 16px; } -.icon-folder-open { background-position: -408px -120px; width: 16px; } -.icon-resize-vertical { background-position: -432px -119px; } // 1px, 1px off -.icon-resize-horizontal { background-position: -456px -118px; } // 1px, 2px off - -.icon-hdd { background-position: 0 -144px; } -.icon-bullhorn { background-position: -24px -144px; } -.icon-bell { background-position: -48px -144px; } -.icon-certificate { background-position: -72px -144px; } -.icon-thumbs-up { background-position: -96px -144px; } -.icon-thumbs-down { background-position: -120px -144px; } -.icon-hand-right { background-position: -144px -144px; } -.icon-hand-left { background-position: -168px -144px; } -.icon-hand-up { background-position: -192px -144px; } -.icon-hand-down { background-position: -216px -144px; } -.icon-circle-arrow-right { background-position: -240px -144px; } -.icon-circle-arrow-left { background-position: -264px -144px; } -.icon-circle-arrow-up { background-position: -288px -144px; } -.icon-circle-arrow-down { background-position: -312px -144px; } -.icon-globe { background-position: -336px -144px; } -.icon-wrench { background-position: -360px -144px; } -.icon-tasks { background-position: -384px -144px; } -.icon-filter { background-position: -408px -144px; } -.icon-briefcase { background-position: -432px -144px; } -.icon-fullscreen { background-position: -456px -144px; } diff --git a/openid-connect-server-webapp/src/main/webapp/less/tables.less b/openid-connect-server-webapp/src/main/webapp/less/tables.less deleted file mode 100644 index 0e35271e11..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/tables.less +++ /dev/null @@ -1,244 +0,0 @@ -// -// Tables -// -------------------------------------------------- - - -// BASE TABLES -// ----------------- - -table { - max-width: 100%; - background-color: @tableBackground; - border-collapse: collapse; - border-spacing: 0; -} - -// BASELINE STYLES -// --------------- - -.table { - width: 100%; - margin-bottom: @baseLineHeight; - // Cells - th, - td { - padding: 8px; - line-height: @baseLineHeight; - text-align: left; - vertical-align: top; - border-top: 1px solid @tableBorder; - } - th { - font-weight: bold; - } - // Bottom align for column headings - thead th { - vertical-align: bottom; - } - // Remove top border from thead by default - caption + thead tr:first-child th, - caption + thead tr:first-child td, - colgroup + thead tr:first-child th, - colgroup + thead tr:first-child td, - thead:first-child tr:first-child th, - thead:first-child tr:first-child td { - border-top: 0; - } - // Account for multiple tbody instances - tbody + tbody { - border-top: 2px solid @tableBorder; - } - - // Nesting - .table { - background-color: @bodyBackground; - } -} - - - -// CONDENSED TABLE W/ HALF PADDING -// ------------------------------- - -.table-condensed { - th, - td { - padding: 4px 5px; - } -} - - -// BORDERED VERSION -// ---------------- - -.table-bordered { - border: 1px solid @tableBorder; - border-collapse: separate; // Done so we can round those corners! - *border-collapse: collapse; // IE7 can't round corners anyway - border-left: 0; - .border-radius(@baseBorderRadius); - th, - td { - border-left: 1px solid @tableBorder; - } - // Prevent a double border - caption + thead tr:first-child th, - caption + tbody tr:first-child th, - caption + tbody tr:first-child td, - colgroup + thead tr:first-child th, - colgroup + tbody tr:first-child th, - colgroup + tbody tr:first-child td, - thead:first-child tr:first-child th, - tbody:first-child tr:first-child th, - tbody:first-child tr:first-child td { - border-top: 0; - } - // For first th/td in the first row in the first thead or tbody - thead:first-child tr:first-child > th:first-child, - tbody:first-child tr:first-child > td:first-child, - tbody:first-child tr:first-child > th:first-child { - .border-top-left-radius(@baseBorderRadius); - } - // For last th/td in the first row in the first thead or tbody - thead:first-child tr:first-child > th:last-child, - tbody:first-child tr:first-child > td:last-child, - tbody:first-child tr:first-child > th:last-child { - .border-top-right-radius(@baseBorderRadius); - } - // For first th/td (can be either) in the last row in the last thead, tbody, and tfoot - thead:last-child tr:last-child > th:first-child, - tbody:last-child tr:last-child > td:first-child, - tbody:last-child tr:last-child > th:first-child, - tfoot:last-child tr:last-child > td:first-child, - tfoot:last-child tr:last-child > th:first-child { - .border-bottom-left-radius(@baseBorderRadius); - } - // For last th/td (can be either) in the last row in the last thead, tbody, and tfoot - thead:last-child tr:last-child > th:last-child, - tbody:last-child tr:last-child > td:last-child, - tbody:last-child tr:last-child > th:last-child, - tfoot:last-child tr:last-child > td:last-child, - tfoot:last-child tr:last-child > th:last-child { - .border-bottom-right-radius(@baseBorderRadius); - } - - // Clear border-radius for first and last td in the last row in the last tbody for table with tfoot - tfoot + tbody:last-child tr:last-child td:first-child { - .border-bottom-left-radius(0); - } - tfoot + tbody:last-child tr:last-child td:last-child { - .border-bottom-right-radius(0); - } - - // Special fixes to round the left border on the first td/th - caption + thead tr:first-child th:first-child, - caption + tbody tr:first-child td:first-child, - colgroup + thead tr:first-child th:first-child, - colgroup + tbody tr:first-child td:first-child { - .border-top-left-radius(@baseBorderRadius); - } - caption + thead tr:first-child th:last-child, - caption + tbody tr:first-child td:last-child, - colgroup + thead tr:first-child th:last-child, - colgroup + tbody tr:first-child td:last-child { - .border-top-right-radius(@baseBorderRadius); - } - -} - - - - -// ZEBRA-STRIPING -// -------------- - -// Default zebra-stripe styles (alternating gray and transparent backgrounds) -.table-striped { - tbody { - > tr:nth-child(odd) > td, - > tr:nth-child(odd) > th { - background-color: @tableBackgroundAccent; - } - } -} - - -// HOVER EFFECT -// ------------ -// Placed here since it has to come after the potential zebra striping -.table-hover { - tbody { - tr:hover > td, - tr:hover > th { - background-color: @tableBackgroundHover; - } - } -} - - -// TABLE CELL SIZING -// ----------------- - -// Reset default grid behavior -table td[class*="span"], -table th[class*="span"], -.row-fluid table td[class*="span"], -.row-fluid table th[class*="span"] { - display: table-cell; - float: none; // undo default grid column styles - margin-left: 0; // undo default grid column styles -} - -// Change the column widths to account for td/th padding -.table td, -.table th { - &.span1 { .tableColumns(1); } - &.span2 { .tableColumns(2); } - &.span3 { .tableColumns(3); } - &.span4 { .tableColumns(4); } - &.span5 { .tableColumns(5); } - &.span6 { .tableColumns(6); } - &.span7 { .tableColumns(7); } - &.span8 { .tableColumns(8); } - &.span9 { .tableColumns(9); } - &.span10 { .tableColumns(10); } - &.span11 { .tableColumns(11); } - &.span12 { .tableColumns(12); } -} - - - -// TABLE BACKGROUNDS -// ----------------- -// Exact selectors below required to override .table-striped - -.table tbody tr { - &.success > td { - background-color: @successBackground; - } - &.error > td { - background-color: @errorBackground; - } - &.warning > td { - background-color: @warningBackground; - } - &.info > td { - background-color: @infoBackground; - } -} - -// Hover states for .table-hover -.table-hover tbody tr { - &.success:hover > td { - background-color: darken(@successBackground, 5%); - } - &.error:hover > td { - background-color: darken(@errorBackground, 5%); - } - &.warning:hover > td { - background-color: darken(@warningBackground, 5%); - } - &.info:hover > td { - background-color: darken(@infoBackground, 5%); - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/thumbnails.less b/openid-connect-server-webapp/src/main/webapp/less/thumbnails.less deleted file mode 100644 index 4fd07d2533..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/thumbnails.less +++ /dev/null @@ -1,53 +0,0 @@ -// -// Thumbnails -// -------------------------------------------------- - - -// Note: `.thumbnails` and `.thumbnails > li` are overriden in responsive files - -// Make wrapper ul behave like the grid -.thumbnails { - margin-left: -@gridGutterWidth; - list-style: none; - .clearfix(); -} -// Fluid rows have no left margin -.row-fluid .thumbnails { - margin-left: 0; -} - -// Float li to make thumbnails appear in a row -.thumbnails > li { - float: left; // Explicity set the float since we don't require .span* classes - margin-bottom: @baseLineHeight; - margin-left: @gridGutterWidth; -} - -// The actual thumbnail (can be `a` or `div`) -.thumbnail { - display: block; - padding: 4px; - line-height: @baseLineHeight; - border: 1px solid #ddd; - .border-radius(@baseBorderRadius); - .box-shadow(0 1px 3px rgba(0,0,0,.055)); - .transition(all .2s ease-in-out); -} -// Add a hover/focus state for linked versions only -a.thumbnail:hover, -a.thumbnail:focus { - border-color: @linkColor; - .box-shadow(0 1px 4px rgba(0,105,214,.25)); -} - -// Images and captions -.thumbnail > img { - display: block; - max-width: 100%; - margin-left: auto; - margin-right: auto; -} -.thumbnail .caption { - padding: 9px; - color: @gray; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/tooltip.less b/openid-connect-server-webapp/src/main/webapp/less/tooltip.less deleted file mode 100644 index 83d5f2bd76..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/tooltip.less +++ /dev/null @@ -1,70 +0,0 @@ -// -// Tooltips -// -------------------------------------------------- - - -// Base class -.tooltip { - position: absolute; - z-index: @zindexTooltip; - display: block; - visibility: visible; - font-size: 11px; - line-height: 1.4; - .opacity(0); - &.in { .opacity(80); } - &.top { margin-top: -3px; padding: 5px 0; } - &.right { margin-left: 3px; padding: 0 5px; } - &.bottom { margin-top: 3px; padding: 5px 0; } - &.left { margin-left: -3px; padding: 0 5px; } -} - -// Wrapper for the tooltip content -.tooltip-inner { - max-width: 200px; - padding: 8px; - color: @tooltipColor; - text-align: center; - text-decoration: none; - background-color: @tooltipBackground; - .border-radius(@baseBorderRadius); -} - -// Arrows -.tooltip-arrow { - position: absolute; - width: 0; - height: 0; - border-color: transparent; - border-style: solid; -} -.tooltip { - &.top .tooltip-arrow { - bottom: 0; - left: 50%; - margin-left: -@tooltipArrowWidth; - border-width: @tooltipArrowWidth @tooltipArrowWidth 0; - border-top-color: @tooltipArrowColor; - } - &.right .tooltip-arrow { - top: 50%; - left: 0; - margin-top: -@tooltipArrowWidth; - border-width: @tooltipArrowWidth @tooltipArrowWidth @tooltipArrowWidth 0; - border-right-color: @tooltipArrowColor; - } - &.left .tooltip-arrow { - top: 50%; - right: 0; - margin-top: -@tooltipArrowWidth; - border-width: @tooltipArrowWidth 0 @tooltipArrowWidth @tooltipArrowWidth; - border-left-color: @tooltipArrowColor; - } - &.bottom .tooltip-arrow { - top: 0; - left: 50%; - margin-left: -@tooltipArrowWidth; - border-width: 0 @tooltipArrowWidth @tooltipArrowWidth; - border-bottom-color: @tooltipArrowColor; - } -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/type.less b/openid-connect-server-webapp/src/main/webapp/less/type.less deleted file mode 100644 index 6a472db497..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/type.less +++ /dev/null @@ -1,247 +0,0 @@ -// -// Typography -// -------------------------------------------------- - - -// Body text -// ------------------------- - -p { - margin: 0 0 @baseLineHeight / 2; -} -.lead { - margin-bottom: @baseLineHeight; - font-size: @baseFontSize * 1.5; - font-weight: 200; - line-height: @baseLineHeight * 1.5; -} - - -// Emphasis & misc -// ------------------------- - -// Ex: 14px base font * 85% = about 12px -small { font-size: 85%; } - -strong { font-weight: bold; } -em { font-style: italic; } -cite { font-style: normal; } - -// Utility classes -.muted { color: @grayLight; } -a.muted:hover, -a.muted:focus { color: darken(@grayLight, 10%); } - -.text-warning { color: @warningText; } -a.text-warning:hover, -a.text-warning:focus { color: darken(@warningText, 10%); } - -.text-error { color: @errorText; } -a.text-error:hover, -a.text-error:focus { color: darken(@errorText, 10%); } - -.text-info { color: @infoText; } -a.text-info:hover, -a.text-info:focus { color: darken(@infoText, 10%); } - -.text-success { color: @successText; } -a.text-success:hover, -a.text-success:focus { color: darken(@successText, 10%); } - -.text-left { text-align: left; } -.text-right { text-align: right; } -.text-center { text-align: center; } - - -// Headings -// ------------------------- - -h1, h2, h3, h4, h5, h6 { - margin: (@baseLineHeight / 2) 0; - font-family: @headingsFontFamily; - font-weight: @headingsFontWeight; - line-height: @baseLineHeight; - color: @headingsColor; - text-rendering: optimizelegibility; // Fix the character spacing for headings - small { - font-weight: normal; - line-height: 1; - color: @grayLight; - } -} - -h1, -h2, -h3 { line-height: @baseLineHeight * 2; } - -h1 { font-size: @baseFontSize * 2.75; } // ~38px -h2 { font-size: @baseFontSize * 2.25; } // ~32px -h3 { font-size: @baseFontSize * 1.75; } // ~24px -h4 { font-size: @baseFontSize * 1.25; } // ~18px -h5 { font-size: @baseFontSize; } -h6 { font-size: @baseFontSize * 0.85; } // ~12px - -h1 small { font-size: @baseFontSize * 1.75; } // ~24px -h2 small { font-size: @baseFontSize * 1.25; } // ~18px -h3 small { font-size: @baseFontSize; } -h4 small { font-size: @baseFontSize; } - - -// Page header -// ------------------------- - -.page-header { - padding-bottom: (@baseLineHeight / 2) - 1; - margin: @baseLineHeight 0 (@baseLineHeight * 1.5); - border-bottom: 1px solid @grayLighter; -} - - - -// Lists -// -------------------------------------------------- - -// Unordered and Ordered lists -ul, ol { - padding: 0; - margin: 0 0 @baseLineHeight / 2 25px; -} -ul ul, -ul ol, -ol ol, -ol ul { - margin-bottom: 0; -} -li { - line-height: @baseLineHeight; -} - -// Remove default list styles -ul.unstyled, -ol.unstyled { - margin-left: 0; - list-style: none; -} - -// Single-line list items -ul.inline, -ol.inline { - margin-left: 0; - list-style: none; - > li { - display: inline-block; - .ie7-inline-block(); - padding-left: 5px; - padding-right: 5px; - } -} - -// Description Lists -dl { - margin-bottom: @baseLineHeight; -} -dt, -dd { - line-height: @baseLineHeight; -} -dt { - font-weight: bold; -} -dd { - margin-left: @baseLineHeight / 2; -} -// Horizontal layout (like forms) -.dl-horizontal { - .clearfix(); // Ensure dl clears floats if empty dd elements present - dt { - float: left; - width: @horizontalComponentOffset - 20; - clear: left; - text-align: right; - .text-overflow(); - } - dd { - margin-left: @horizontalComponentOffset; - } -} - -// MISC -// ---- - -// Horizontal rules -hr { - margin: @baseLineHeight 0; - border: 0; - border-top: 1px solid @hrBorder; - border-bottom: 1px solid @white; -} - -// Abbreviations and acronyms -abbr[title], -// Added data-* attribute to help out our tooltip plugin, per https://github.com/twbs/bootstrap/issues/5257 -abbr[data-original-title] { - cursor: help; - border-bottom: 1px dotted @grayLight; -} -abbr.initialism { - font-size: 90%; - text-transform: uppercase; -} - -// Blockquotes -blockquote { - padding: 0 0 0 15px; - margin: 0 0 @baseLineHeight; - border-left: 5px solid @grayLighter; - p { - margin-bottom: 0; - font-size: @baseFontSize * 1.25; - font-weight: 300; - line-height: 1.25; - } - small { - display: block; - line-height: @baseLineHeight; - color: @grayLight; - &:before { - content: '\2014 \00A0'; - } - } - - // Float right with text-align: right - &.pull-right { - float: right; - padding-right: 15px; - padding-left: 0; - border-right: 5px solid @grayLighter; - border-left: 0; - p, - small { - text-align: right; - } - small { - &:before { - content: ''; - } - &:after { - content: '\00A0 \2014'; - } - } - } -} - -// Quotes -q:before, -q:after, -blockquote:before, -blockquote:after { - content: ""; -} - -// Addresses -address { - display: block; - margin-bottom: @baseLineHeight; - font-style: normal; - line-height: @baseLineHeight; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/utilities.less b/openid-connect-server-webapp/src/main/webapp/less/utilities.less deleted file mode 100644 index 314b4ffdb4..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/utilities.less +++ /dev/null @@ -1,30 +0,0 @@ -// -// Utility classes -// -------------------------------------------------- - - -// Quick floats -.pull-right { - float: right; -} -.pull-left { - float: left; -} - -// Toggling content -.hide { - display: none; -} -.show { - display: block; -} - -// Visibility -.invisible { - visibility: hidden; -} - -// For Affix plugin -.affix { - position: fixed; -} diff --git a/openid-connect-server-webapp/src/main/webapp/less/variables.less b/openid-connect-server-webapp/src/main/webapp/less/variables.less deleted file mode 100644 index 31c131b1e2..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/variables.less +++ /dev/null @@ -1,301 +0,0 @@ -// -// Variables -// -------------------------------------------------- - - -// Global values -// -------------------------------------------------- - - -// Grays -// ------------------------- -@black: #000; -@grayDarker: #222; -@grayDark: #333; -@gray: #555; -@grayLight: #999; -@grayLighter: #eee; -@white: #fff; - - -// Accent colors -// ------------------------- -@blue: #049cdb; -@blueDark: #0064cd; -@green: #46a546; -@red: #9d261d; -@yellow: #ffc40d; -@orange: #f89406; -@pink: #c3325f; -@purple: #7a43b6; - - -// Scaffolding -// ------------------------- -@bodyBackground: @white; -@textColor: @grayDark; - - -// Links -// ------------------------- -@linkColor: #08c; -@linkColorHover: darken(@linkColor, 15%); - - -// Typography -// ------------------------- -@sansFontFamily: "Helvetica Neue", Helvetica, Arial, sans-serif; -@serifFontFamily: Georgia, "Times New Roman", Times, serif; -@monoFontFamily: Monaco, Menlo, Consolas, "Courier New", monospace; - -@baseFontSize: 14px; -@baseFontFamily: @sansFontFamily; -@baseLineHeight: 20px; -@altFontFamily: @serifFontFamily; - -@headingsFontFamily: inherit; // empty to use BS default, @baseFontFamily -@headingsFontWeight: bold; // instead of browser default, bold -@headingsColor: inherit; // empty to use BS default, @textColor - - -// Component sizing -// ------------------------- -// Based on 14px font-size and 20px line-height - -@fontSizeLarge: @baseFontSize * 1.25; // ~18px -@fontSizeSmall: @baseFontSize * 0.85; // ~12px -@fontSizeMini: @baseFontSize * 0.75; // ~11px - -@paddingLarge: 11px 19px; // 44px -@paddingSmall: 2px 10px; // 26px -@paddingMini: 0 6px; // 22px - -@baseBorderRadius: 4px; -@borderRadiusLarge: 6px; -@borderRadiusSmall: 3px; - - -// Tables -// ------------------------- -@tableBackground: transparent; // overall background-color -@tableBackgroundAccent: #f9f9f9; // for striping -@tableBackgroundHover: #f5f5f5; // for hover -@tableBorder: #ddd; // table and cell border - -// Buttons -// ------------------------- -@btnBackground: @white; -@btnBackgroundHighlight: darken(@white, 10%); -@btnBorder: #ccc; - -@btnPrimaryBackground: @linkColor; -@btnPrimaryBackgroundHighlight: spin(@btnPrimaryBackground, 20%); - -@btnInfoBackground: #5bc0de; -@btnInfoBackgroundHighlight: #2f96b4; - -@btnSuccessBackground: #62c462; -@btnSuccessBackgroundHighlight: #51a351; - -@btnWarningBackground: lighten(@orange, 15%); -@btnWarningBackgroundHighlight: @orange; - -@btnDangerBackground: #ee5f5b; -@btnDangerBackgroundHighlight: #bd362f; - -@btnInverseBackground: #444; -@btnInverseBackgroundHighlight: @grayDarker; - - -// Forms -// ------------------------- -@inputBackground: @white; -@inputBorder: #ccc; -@inputBorderRadius: @baseBorderRadius; -@inputDisabledBackground: @grayLighter; -@formActionsBackground: #f5f5f5; -@inputHeight: @baseLineHeight + 10px; // base line-height + 8px vertical padding + 2px top/bottom border - - -// Dropdowns -// ------------------------- -@dropdownBackground: @white; -@dropdownBorder: rgba(0,0,0,.2); -@dropdownDividerTop: #e5e5e5; -@dropdownDividerBottom: @white; - -@dropdownLinkColor: @grayDark; -@dropdownLinkColorHover: @white; -@dropdownLinkColorActive: @white; - -@dropdownLinkBackgroundActive: @linkColor; -@dropdownLinkBackgroundHover: @dropdownLinkBackgroundActive; - - - -// COMPONENT VARIABLES -// -------------------------------------------------- - - -// Z-index master list -// ------------------------- -// Used for a bird's eye view of components dependent on the z-axis -// Try to avoid customizing these :) -@zindexDropdown: 1000; -@zindexPopover: 1010; -@zindexTooltip: 1030; -@zindexFixedNavbar: 1030; -@zindexModalBackdrop: 1040; -@zindexModal: 1050; - - -// Sprite icons path -// ------------------------- -@iconSpritePath: "../img/glyphicons-halflings.png"; -@iconWhiteSpritePath: "../img/glyphicons-halflings-white.png"; - - -// Input placeholder text color -// ------------------------- -@placeholderText: @grayLight; - - -// Hr border color -// ------------------------- -@hrBorder: @grayLighter; - - -// Horizontal forms & lists -// ------------------------- -@horizontalComponentOffset: 180px; - - -// Wells -// ------------------------- -@wellBackground: #f5f5f5; - - -// Navbar -// ------------------------- -@navbarCollapseWidth: 979px; -@navbarCollapseDesktopWidth: @navbarCollapseWidth + 1; - -@navbarHeight: 40px; -@navbarBackgroundHighlight: #ffffff; -@navbarBackground: darken(@navbarBackgroundHighlight, 5%); -@navbarBorder: darken(@navbarBackground, 12%); - -@navbarText: #777; -@navbarLinkColor: #777; -@navbarLinkColorHover: @grayDark; -@navbarLinkColorActive: @gray; -@navbarLinkBackgroundHover: transparent; -@navbarLinkBackgroundActive: darken(@navbarBackground, 5%); - -@navbarBrandColor: @navbarLinkColor; - -// Inverted navbar -@navbarInverseBackground: #111111; -@navbarInverseBackgroundHighlight: #222222; -@navbarInverseBorder: #252525; - -@navbarInverseText: @grayLight; -@navbarInverseLinkColor: @grayLight; -@navbarInverseLinkColorHover: @white; -@navbarInverseLinkColorActive: @navbarInverseLinkColorHover; -@navbarInverseLinkBackgroundHover: transparent; -@navbarInverseLinkBackgroundActive: @navbarInverseBackground; - -@navbarInverseSearchBackground: lighten(@navbarInverseBackground, 25%); -@navbarInverseSearchBackgroundFocus: @white; -@navbarInverseSearchBorder: @navbarInverseBackground; -@navbarInverseSearchPlaceholderColor: #ccc; - -@navbarInverseBrandColor: @navbarInverseLinkColor; - - -// Pagination -// ------------------------- -@paginationBackground: #fff; -@paginationBorder: #ddd; -@paginationActiveBackground: #f5f5f5; - - -// Hero unit -// ------------------------- -@heroUnitBackground: @grayLighter; -@heroUnitHeadingColor: inherit; -@heroUnitLeadColor: inherit; - - -// Form states and alerts -// ------------------------- -@warningText: #c09853; -@warningBackground: #fcf8e3; -@warningBorder: darken(spin(@warningBackground, -10), 3%); - -@errorText: #b94a48; -@errorBackground: #f2dede; -@errorBorder: darken(spin(@errorBackground, -10), 3%); - -@successText: #468847; -@successBackground: #dff0d8; -@successBorder: darken(spin(@successBackground, -10), 5%); - -@infoText: #3a87ad; -@infoBackground: #d9edf7; -@infoBorder: darken(spin(@infoBackground, -10), 7%); - - -// Tooltips and popovers -// ------------------------- -@tooltipColor: #fff; -@tooltipBackground: #000; -@tooltipArrowWidth: 5px; -@tooltipArrowColor: @tooltipBackground; - -@popoverBackground: #fff; -@popoverArrowWidth: 10px; -@popoverArrowColor: #fff; -@popoverTitleBackground: darken(@popoverBackground, 3%); - -// Special enhancement for popovers -@popoverArrowOuterWidth: @popoverArrowWidth + 1; -@popoverArrowOuterColor: rgba(0,0,0,.25); - - - -// GRID -// -------------------------------------------------- - - -// Default 940px grid -// ------------------------- -@gridColumns: 12; -@gridColumnWidth: 60px; -@gridGutterWidth: 20px; -@gridRowWidth: (@gridColumns * @gridColumnWidth) + (@gridGutterWidth * (@gridColumns - 1)); - -// 1200px min -@gridColumnWidth1200: 70px; -@gridGutterWidth1200: 30px; -@gridRowWidth1200: (@gridColumns * @gridColumnWidth1200) + (@gridGutterWidth1200 * (@gridColumns - 1)); - -// 768px-979px -@gridColumnWidth768: 42px; -@gridGutterWidth768: 20px; -@gridRowWidth768: (@gridColumns * @gridColumnWidth768) + (@gridGutterWidth768 * (@gridColumns - 1)); - - -// Fluid grid -// ------------------------- -@fluidGridColumnWidth: percentage(@gridColumnWidth/@gridRowWidth); -@fluidGridGutterWidth: percentage(@gridGutterWidth/@gridRowWidth); - -// 1200px min -@fluidGridColumnWidth1200: percentage(@gridColumnWidth1200/@gridRowWidth1200); -@fluidGridGutterWidth1200: percentage(@gridGutterWidth1200/@gridRowWidth1200); - -// 768px-979px -@fluidGridColumnWidth768: percentage(@gridColumnWidth768/@gridRowWidth768); -@fluidGridGutterWidth768: percentage(@gridGutterWidth768/@gridRowWidth768); diff --git a/openid-connect-server-webapp/src/main/webapp/less/wells.less b/openid-connect-server-webapp/src/main/webapp/less/wells.less deleted file mode 100644 index 84a744b1c5..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/less/wells.less +++ /dev/null @@ -1,29 +0,0 @@ -// -// Wells -// -------------------------------------------------- - - -// Base class -.well { - min-height: 20px; - padding: 19px; - margin-bottom: 20px; - background-color: @wellBackground; - border: 1px solid darken(@wellBackground, 7%); - .border-radius(@baseBorderRadius); - .box-shadow(inset 0 1px 1px rgba(0,0,0,.05)); - blockquote { - border-color: #ddd; - border-color: rgba(0,0,0,.15); - } -} - -// Sizes -.well-large { - padding: 24px; - .border-radius(@borderRadiusLarge); -} -.well-small { - padding: 9px; - .border-radius(@borderRadiusSmall); -} diff --git a/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings-white.png b/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings-white.png deleted file mode 100644 index 3bf6484a29..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings-white.png and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings.png b/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings.png deleted file mode 100644 index a996999320..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings.png and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/js/bootstrap.js b/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/js/bootstrap.js deleted file mode 100644 index 44109f62d4..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/js/bootstrap.js +++ /dev/null @@ -1,2280 +0,0 @@ -/* =================================================== - * bootstrap-transition.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#transitions - * =================================================== - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================================================== */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* CSS TRANSITION SUPPORT (http://www.modernizr.com/) - * ======================================================= */ - - $(function () { - - $.support.transition = (function () { - - var transitionEnd = (function () { - - var el = document.createElement('bootstrap') - , transEndEventNames = { - 'WebkitTransition' : 'webkitTransitionEnd' - , 'MozTransition' : 'transitionend' - , 'OTransition' : 'oTransitionEnd otransitionend' - , 'transition' : 'transitionend' - } - , name - - for (name in transEndEventNames){ - if (el.style[name] !== undefined) { - return transEndEventNames[name] - } - } - - }()) - - return transitionEnd && { - end: transitionEnd - } - - })() - - }) - -}(window.jQuery);/* ========================================================== - * bootstrap-alert.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#alerts - * ========================================================== - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================================================== */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* ALERT CLASS DEFINITION - * ====================== */ - - var dismiss = '[data-dismiss="alert"]' - , Alert = function (el) { - $(el).on('click', dismiss, this.close) - } - - Alert.prototype.close = function (e) { - var $this = $(this) - , selector = $this.attr('data-target') - , $parent - - if (!selector) { - selector = $this.attr('href') - selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') //strip for ie7 - } - - $parent = $(selector) - - e && e.preventDefault() - - $parent.length || ($parent = $this.hasClass('alert') ? $this : $this.parent()) - - $parent.trigger(e = $.Event('close')) - - if (e.isDefaultPrevented()) return - - $parent.removeClass('in') - - function removeElement() { - $parent - .trigger('closed') - .remove() - } - - $.support.transition && $parent.hasClass('fade') ? - $parent.on($.support.transition.end, removeElement) : - removeElement() - } - - - /* ALERT PLUGIN DEFINITION - * ======================= */ - - var old = $.fn.alert - - $.fn.alert = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('alert') - if (!data) $this.data('alert', (data = new Alert(this))) - if (typeof option == 'string') data[option].call($this) - }) - } - - $.fn.alert.Constructor = Alert - - - /* ALERT NO CONFLICT - * ================= */ - - $.fn.alert.noConflict = function () { - $.fn.alert = old - return this - } - - - /* ALERT DATA-API - * ============== */ - - $(document).on('click.alert.data-api', dismiss, Alert.prototype.close) - -}(window.jQuery);/* ============================================================ - * bootstrap-button.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#buttons - * ============================================================ - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============================================================ */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* BUTTON PUBLIC CLASS DEFINITION - * ============================== */ - - var Button = function (element, options) { - this.$element = $(element) - this.options = $.extend({}, $.fn.button.defaults, options) - } - - Button.prototype.setState = function (state) { - var d = 'disabled' - , $el = this.$element - , data = $el.data() - , val = $el.is('input') ? 'val' : 'html' - - state = state + 'Text' - data.resetText || $el.data('resetText', $el[val]()) - - $el[val](data[state] || this.options[state]) - - // push to event loop to allow forms to submit - setTimeout(function () { - state == 'loadingText' ? - $el.addClass(d).attr(d, d) : - $el.removeClass(d).removeAttr(d) - }, 0) - } - - Button.prototype.toggle = function () { - var $parent = this.$element.closest('[data-toggle="buttons-radio"]') - - $parent && $parent - .find('.active') - .removeClass('active') - - this.$element.toggleClass('active') - } - - - /* BUTTON PLUGIN DEFINITION - * ======================== */ - - var old = $.fn.button - - $.fn.button = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('button') - , options = typeof option == 'object' && option - if (!data) $this.data('button', (data = new Button(this, options))) - if (option == 'toggle') data.toggle() - else if (option) data.setState(option) - }) - } - - $.fn.button.defaults = { - loadingText: 'loading...' - } - - $.fn.button.Constructor = Button - - - /* BUTTON NO CONFLICT - * ================== */ - - $.fn.button.noConflict = function () { - $.fn.button = old - return this - } - - - /* BUTTON DATA-API - * =============== */ - - $(document).on('click.button.data-api', '[data-toggle^=button]', function (e) { - var $btn = $(e.target) - if (!$btn.hasClass('btn')) $btn = $btn.closest('.btn') - $btn.button('toggle') - }) - -}(window.jQuery);/* ========================================================== - * bootstrap-carousel.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#carousel - * ========================================================== - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================================================== */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* CAROUSEL CLASS DEFINITION - * ========================= */ - - var Carousel = function (element, options) { - this.$element = $(element) - this.$indicators = this.$element.find('.carousel-indicators') - this.options = options - this.options.pause == 'hover' && this.$element - .on('mouseenter', $.proxy(this.pause, this)) - .on('mouseleave', $.proxy(this.cycle, this)) - } - - Carousel.prototype = { - - cycle: function (e) { - if (!e) this.paused = false - if (this.interval) clearInterval(this.interval); - this.options.interval - && !this.paused - && (this.interval = setInterval($.proxy(this.next, this), this.options.interval)) - return this - } - - , getActiveIndex: function () { - this.$active = this.$element.find('.item.active') - this.$items = this.$active.parent().children() - return this.$items.index(this.$active) - } - - , to: function (pos) { - var activeIndex = this.getActiveIndex() - , that = this - - if (pos > (this.$items.length - 1) || pos < 0) return - - if (this.sliding) { - return this.$element.one('slid', function () { - that.to(pos) - }) - } - - if (activeIndex == pos) { - return this.pause().cycle() - } - - return this.slide(pos > activeIndex ? 'next' : 'prev', $(this.$items[pos])) - } - - , pause: function (e) { - if (!e) this.paused = true - if (this.$element.find('.next, .prev').length && $.support.transition.end) { - this.$element.trigger($.support.transition.end) - this.cycle(true) - } - clearInterval(this.interval) - this.interval = null - return this - } - - , next: function () { - if (this.sliding) return - return this.slide('next') - } - - , prev: function () { - if (this.sliding) return - return this.slide('prev') - } - - , slide: function (type, next) { - var $active = this.$element.find('.item.active') - , $next = next || $active[type]() - , isCycling = this.interval - , direction = type == 'next' ? 'left' : 'right' - , fallback = type == 'next' ? 'first' : 'last' - , that = this - , e - - this.sliding = true - - isCycling && this.pause() - - $next = $next.length ? $next : this.$element.find('.item')[fallback]() - - e = $.Event('slide', { - relatedTarget: $next[0] - , direction: direction - }) - - if ($next.hasClass('active')) return - - if (this.$indicators.length) { - this.$indicators.find('.active').removeClass('active') - this.$element.one('slid', function () { - var $nextIndicator = $(that.$indicators.children()[that.getActiveIndex()]) - $nextIndicator && $nextIndicator.addClass('active') - }) - } - - if ($.support.transition && this.$element.hasClass('slide')) { - this.$element.trigger(e) - if (e.isDefaultPrevented()) return - $next.addClass(type) - $next[0].offsetWidth // force reflow - $active.addClass(direction) - $next.addClass(direction) - this.$element.one($.support.transition.end, function () { - $next.removeClass([type, direction].join(' ')).addClass('active') - $active.removeClass(['active', direction].join(' ')) - that.sliding = false - setTimeout(function () { that.$element.trigger('slid') }, 0) - }) - } else { - this.$element.trigger(e) - if (e.isDefaultPrevented()) return - $active.removeClass('active') - $next.addClass('active') - this.sliding = false - this.$element.trigger('slid') - } - - isCycling && this.cycle() - - return this - } - - } - - - /* CAROUSEL PLUGIN DEFINITION - * ========================== */ - - var old = $.fn.carousel - - $.fn.carousel = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('carousel') - , options = $.extend({}, $.fn.carousel.defaults, typeof option == 'object' && option) - , action = typeof option == 'string' ? option : options.slide - if (!data) $this.data('carousel', (data = new Carousel(this, options))) - if (typeof option == 'number') data.to(option) - else if (action) data[action]() - else if (options.interval) data.pause().cycle() - }) - } - - $.fn.carousel.defaults = { - interval: 5000 - , pause: 'hover' - } - - $.fn.carousel.Constructor = Carousel - - - /* CAROUSEL NO CONFLICT - * ==================== */ - - $.fn.carousel.noConflict = function () { - $.fn.carousel = old - return this - } - - /* CAROUSEL DATA-API - * ================= */ - - $(document).on('click.carousel.data-api', '[data-slide], [data-slide-to]', function (e) { - var $this = $(this), href - , $target = $($this.attr('data-target') || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) //strip for ie7 - , options = $.extend({}, $target.data(), $this.data()) - , slideIndex - - $target.carousel(options) - - if (slideIndex = $this.attr('data-slide-to')) { - $target.data('carousel').pause().to(slideIndex).cycle() - } - - e.preventDefault() - }) - -}(window.jQuery);/* ============================================================= - * bootstrap-collapse.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#collapse - * ============================================================= - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============================================================ */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* COLLAPSE PUBLIC CLASS DEFINITION - * ================================ */ - - var Collapse = function (element, options) { - this.$element = $(element) - this.options = $.extend({}, $.fn.collapse.defaults, options) - - if (this.options.parent) { - this.$parent = $(this.options.parent) - } - - this.options.toggle && this.toggle() - } - - Collapse.prototype = { - - constructor: Collapse - - , dimension: function () { - var hasWidth = this.$element.hasClass('width') - return hasWidth ? 'width' : 'height' - } - - , show: function () { - var dimension - , scroll - , actives - , hasData - - if (this.transitioning || this.$element.hasClass('in')) return - - dimension = this.dimension() - scroll = $.camelCase(['scroll', dimension].join('-')) - actives = this.$parent && this.$parent.find('> .accordion-group > .in') - - if (actives && actives.length) { - hasData = actives.data('collapse') - if (hasData && hasData.transitioning) return - actives.collapse('hide') - hasData || actives.data('collapse', null) - } - - this.$element[dimension](0) - this.transition('addClass', $.Event('show'), 'shown') - $.support.transition && this.$element[dimension](this.$element[0][scroll]) - } - - , hide: function () { - var dimension - if (this.transitioning || !this.$element.hasClass('in')) return - dimension = this.dimension() - this.reset(this.$element[dimension]()) - this.transition('removeClass', $.Event('hide'), 'hidden') - this.$element[dimension](0) - } - - , reset: function (size) { - var dimension = this.dimension() - - this.$element - .removeClass('collapse') - [dimension](size || 'auto') - [0].offsetWidth - - this.$element[size !== null ? 'addClass' : 'removeClass']('collapse') - - return this - } - - , transition: function (method, startEvent, completeEvent) { - var that = this - , complete = function () { - if (startEvent.type == 'show') that.reset() - that.transitioning = 0 - that.$element.trigger(completeEvent) - } - - this.$element.trigger(startEvent) - - if (startEvent.isDefaultPrevented()) return - - this.transitioning = 1 - - this.$element[method]('in') - - $.support.transition && this.$element.hasClass('collapse') ? - this.$element.one($.support.transition.end, complete) : - complete() - } - - , toggle: function () { - this[this.$element.hasClass('in') ? 'hide' : 'show']() - } - - } - - - /* COLLAPSE PLUGIN DEFINITION - * ========================== */ - - var old = $.fn.collapse - - $.fn.collapse = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('collapse') - , options = $.extend({}, $.fn.collapse.defaults, $this.data(), typeof option == 'object' && option) - if (!data) $this.data('collapse', (data = new Collapse(this, options))) - if (typeof option == 'string') data[option]() - }) - } - - $.fn.collapse.defaults = { - toggle: true - } - - $.fn.collapse.Constructor = Collapse - - - /* COLLAPSE NO CONFLICT - * ==================== */ - - $.fn.collapse.noConflict = function () { - $.fn.collapse = old - return this - } - - - /* COLLAPSE DATA-API - * ================= */ - - $(document).on('click.collapse.data-api', '[data-toggle=collapse]', function (e) { - var $this = $(this), href - , target = $this.attr('data-target') - || e.preventDefault() - || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '') //strip for ie7 - , option = $(target).data('collapse') ? 'toggle' : $this.data() - $this[$(target).hasClass('in') ? 'addClass' : 'removeClass']('collapsed') - $(target).collapse(option) - }) - -}(window.jQuery);/* ============================================================ - * bootstrap-dropdown.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#dropdowns - * ============================================================ - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============================================================ */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* DROPDOWN CLASS DEFINITION - * ========================= */ - - var toggle = '[data-toggle=dropdown]' - , Dropdown = function (element) { - var $el = $(element).on('click.dropdown.data-api', this.toggle) - $('html').on('click.dropdown.data-api', function () { - $el.parent().removeClass('open') - }) - } - - Dropdown.prototype = { - - constructor: Dropdown - - , toggle: function (e) { - var $this = $(this) - , $parent - , isActive - - if ($this.is('.disabled, :disabled')) return - - $parent = getParent($this) - - isActive = $parent.hasClass('open') - - clearMenus() - - if (!isActive) { - if ('ontouchstart' in document.documentElement) { - // if mobile we we use a backdrop because click events don't delegate - $('
    ').insertBefore($(this)).on('click', clearMenus) - } - $parent.toggleClass('open') - } - - $this.focus() - - return false - } - - , keydown: function (e) { - var $this - , $items - , $active - , $parent - , isActive - , index - - if (!/(38|40|27)/.test(e.keyCode)) return - - $this = $(this) - - e.preventDefault() - e.stopPropagation() - - if ($this.is('.disabled, :disabled')) return - - $parent = getParent($this) - - isActive = $parent.hasClass('open') - - if (!isActive || (isActive && e.keyCode == 27)) { - if (e.which == 27) $parent.find(toggle).focus() - return $this.click() - } - - $items = $('[role=menu] li:not(.divider):visible a', $parent) - - if (!$items.length) return - - index = $items.index($items.filter(':focus')) - - if (e.keyCode == 38 && index > 0) index-- // up - if (e.keyCode == 40 && index < $items.length - 1) index++ // down - if (!~index) index = 0 - - $items - .eq(index) - .focus() - } - - } - - function clearMenus() { - $('.dropdown-backdrop').remove() - $(toggle).each(function () { - getParent($(this)).removeClass('open') - }) - } - - function getParent($this) { - var selector = $this.attr('data-target') - , $parent - - if (!selector) { - selector = $this.attr('href') - selector = selector && /#/.test(selector) && selector.replace(/.*(?=#[^\s]*$)/, '') //strip for ie7 - } - - $parent = selector && $(selector) - - if (!$parent || !$parent.length) $parent = $this.parent() - - return $parent - } - - - /* DROPDOWN PLUGIN DEFINITION - * ========================== */ - - var old = $.fn.dropdown - - $.fn.dropdown = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('dropdown') - if (!data) $this.data('dropdown', (data = new Dropdown(this))) - if (typeof option == 'string') data[option].call($this) - }) - } - - $.fn.dropdown.Constructor = Dropdown - - - /* DROPDOWN NO CONFLICT - * ==================== */ - - $.fn.dropdown.noConflict = function () { - $.fn.dropdown = old - return this - } - - - /* APPLY TO STANDARD DROPDOWN ELEMENTS - * =================================== */ - - $(document) - .on('click.dropdown.data-api', clearMenus) - .on('click.dropdown.data-api', '.dropdown form', function (e) { e.stopPropagation() }) - .on('click.dropdown.data-api' , toggle, Dropdown.prototype.toggle) - .on('keydown.dropdown.data-api', toggle + ', [role=menu]' , Dropdown.prototype.keydown) - -}(window.jQuery); -/* ========================================================= - * bootstrap-modal.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#modals - * ========================================================= - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================================================= */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* MODAL CLASS DEFINITION - * ====================== */ - - var Modal = function (element, options) { - this.options = options - this.$element = $(element) - .delegate('[data-dismiss="modal"]', 'click.dismiss.modal', $.proxy(this.hide, this)) - this.options.remote && this.$element.find('.modal-body').load(this.options.remote) - } - - Modal.prototype = { - - constructor: Modal - - , toggle: function () { - return this[!this.isShown ? 'show' : 'hide']() - } - - , show: function () { - var that = this - , e = $.Event('show') - - this.$element.trigger(e) - - if (this.isShown || e.isDefaultPrevented()) return - - this.isShown = true - - this.escape() - - this.backdrop(function () { - var transition = $.support.transition && that.$element.hasClass('fade') - - if (!that.$element.parent().length) { - that.$element.appendTo(document.body) //don't move modals dom position - } - - that.$element.show() - - if (transition) { - that.$element[0].offsetWidth // force reflow - } - - that.$element - .addClass('in') - .attr('aria-hidden', false) - - that.enforceFocus() - - transition ? - that.$element.one($.support.transition.end, function () { that.$element.focus().trigger('shown') }) : - that.$element.focus().trigger('shown') - - }) - } - - , hide: function (e) { - e && e.preventDefault() - - var that = this - - e = $.Event('hide') - - this.$element.trigger(e) - - if (!this.isShown || e.isDefaultPrevented()) return - - this.isShown = false - - this.escape() - - $(document).off('focusin.modal') - - this.$element - .removeClass('in') - .attr('aria-hidden', true) - - $.support.transition && this.$element.hasClass('fade') ? - this.hideWithTransition() : - this.hideModal() - } - - , enforceFocus: function () { - var that = this - $(document).on('focusin.modal', function (e) { - if (that.$element[0] !== e.target && !that.$element.has(e.target).length) { - that.$element.focus() - } - }) - } - - , escape: function () { - var that = this - if (this.isShown && this.options.keyboard) { - this.$element.on('keyup.dismiss.modal', function ( e ) { - e.which == 27 && that.hide() - }) - } else if (!this.isShown) { - this.$element.off('keyup.dismiss.modal') - } - } - - , hideWithTransition: function () { - var that = this - , timeout = setTimeout(function () { - that.$element.off($.support.transition.end) - that.hideModal() - }, 500) - - this.$element.one($.support.transition.end, function () { - clearTimeout(timeout) - that.hideModal() - }) - } - - , hideModal: function () { - var that = this - this.$element.hide() - this.backdrop(function () { - that.removeBackdrop() - that.$element.trigger('hidden') - }) - } - - , removeBackdrop: function () { - this.$backdrop && this.$backdrop.remove() - this.$backdrop = null - } - - , backdrop: function (callback) { - var that = this - , animate = this.$element.hasClass('fade') ? 'fade' : '' - - if (this.isShown && this.options.backdrop) { - var doAnimate = $.support.transition && animate - - this.$backdrop = $('
    ') - .appendTo(document.body) - - this.$backdrop.click( - this.options.backdrop == 'static' ? - $.proxy(this.$element[0].focus, this.$element[0]) - : $.proxy(this.hide, this) - ) - - if (doAnimate) this.$backdrop[0].offsetWidth // force reflow - - this.$backdrop.addClass('in') - - if (!callback) return - - doAnimate ? - this.$backdrop.one($.support.transition.end, callback) : - callback() - - } else if (!this.isShown && this.$backdrop) { - this.$backdrop.removeClass('in') - - $.support.transition && this.$element.hasClass('fade')? - this.$backdrop.one($.support.transition.end, callback) : - callback() - - } else if (callback) { - callback() - } - } - } - - - /* MODAL PLUGIN DEFINITION - * ======================= */ - - var old = $.fn.modal - - $.fn.modal = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('modal') - , options = $.extend({}, $.fn.modal.defaults, $this.data(), typeof option == 'object' && option) - if (!data) $this.data('modal', (data = new Modal(this, options))) - if (typeof option == 'string') data[option]() - else if (options.show) data.show() - }) - } - - $.fn.modal.defaults = { - backdrop: true - , keyboard: true - , show: true - } - - $.fn.modal.Constructor = Modal - - - /* MODAL NO CONFLICT - * ================= */ - - $.fn.modal.noConflict = function () { - $.fn.modal = old - return this - } - - - /* MODAL DATA-API - * ============== */ - - $(document).on('click.modal.data-api', '[data-toggle="modal"]', function (e) { - var $this = $(this) - , href = $this.attr('href') - , $target = $($this.attr('data-target') || (href && href.replace(/.*(?=#[^\s]+$)/, ''))) //strip for ie7 - , option = $target.data('modal') ? 'toggle' : $.extend({ remote:!/#/.test(href) && href }, $target.data(), $this.data()) - - e.preventDefault() - - $target - .modal(option) - .one('hide', function () { - $this.focus() - }) - }) - -}(window.jQuery); -/* =========================================================== - * bootstrap-tooltip.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#tooltips - * Inspired by the original jQuery.tipsy by Jason Frame - * =========================================================== - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================================================== */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* TOOLTIP PUBLIC CLASS DEFINITION - * =============================== */ - - var Tooltip = function (element, options) { - this.init('tooltip', element, options) - } - - Tooltip.prototype = { - - constructor: Tooltip - - , init: function (type, element, options) { - var eventIn - , eventOut - , triggers - , trigger - , i - - this.type = type - this.$element = $(element) - this.options = this.getOptions(options) - this.enabled = true - - triggers = this.options.trigger.split(' ') - - for (i = triggers.length; i--;) { - trigger = triggers[i] - if (trigger == 'click') { - this.$element.on('click.' + this.type, this.options.selector, $.proxy(this.toggle, this)) - } else if (trigger != 'manual') { - eventIn = trigger == 'hover' ? 'mouseenter' : 'focus' - eventOut = trigger == 'hover' ? 'mouseleave' : 'blur' - this.$element.on(eventIn + '.' + this.type, this.options.selector, $.proxy(this.enter, this)) - this.$element.on(eventOut + '.' + this.type, this.options.selector, $.proxy(this.leave, this)) - } - } - - this.options.selector ? - (this._options = $.extend({}, this.options, { trigger: 'manual', selector: '' })) : - this.fixTitle() - } - - , getOptions: function (options) { - options = $.extend({}, $.fn[this.type].defaults, this.$element.data(), options) - - if (options.delay && typeof options.delay == 'number') { - options.delay = { - show: options.delay - , hide: options.delay - } - } - - return options - } - - , enter: function (e) { - var defaults = $.fn[this.type].defaults - , options = {} - , self - - this._options && $.each(this._options, function (key, value) { - if (defaults[key] != value) options[key] = value - }, this) - - self = $(e.currentTarget)[this.type](options).data(this.type) - - if (!self.options.delay || !self.options.delay.show) return self.show() - - clearTimeout(this.timeout) - self.hoverState = 'in' - this.timeout = setTimeout(function() { - if (self.hoverState == 'in') self.show() - }, self.options.delay.show) - } - - , leave: function (e) { - var self = $(e.currentTarget)[this.type](this._options).data(this.type) - - if (this.timeout) clearTimeout(this.timeout) - if (!self.options.delay || !self.options.delay.hide) return self.hide() - - self.hoverState = 'out' - this.timeout = setTimeout(function() { - if (self.hoverState == 'out') self.hide() - }, self.options.delay.hide) - } - - , show: function () { - var $tip - , pos - , actualWidth - , actualHeight - , placement - , tp - , e = $.Event('show') - - if (this.hasContent() && this.enabled) { - this.$element.trigger(e) - if (e.isDefaultPrevented()) return - $tip = this.tip() - this.setContent() - - if (this.options.animation) { - $tip.addClass('fade') - } - - placement = typeof this.options.placement == 'function' ? - this.options.placement.call(this, $tip[0], this.$element[0]) : - this.options.placement - - $tip - .detach() - .css({ top: 0, left: 0, display: 'block' }) - - this.options.container ? $tip.appendTo(this.options.container) : $tip.insertAfter(this.$element) - - pos = this.getPosition() - - actualWidth = $tip[0].offsetWidth - actualHeight = $tip[0].offsetHeight - - switch (placement) { - case 'bottom': - tp = {top: pos.top + pos.height, left: pos.left + pos.width / 2 - actualWidth / 2} - break - case 'top': - tp = {top: pos.top - actualHeight, left: pos.left + pos.width / 2 - actualWidth / 2} - break - case 'left': - tp = {top: pos.top + pos.height / 2 - actualHeight / 2, left: pos.left - actualWidth} - break - case 'right': - tp = {top: pos.top + pos.height / 2 - actualHeight / 2, left: pos.left + pos.width} - break - } - - this.applyPlacement(tp, placement) - this.$element.trigger('shown') - } - } - - , applyPlacement: function(offset, placement){ - var $tip = this.tip() - , width = $tip[0].offsetWidth - , height = $tip[0].offsetHeight - , actualWidth - , actualHeight - , delta - , replace - - $tip - .offset(offset) - .addClass(placement) - .addClass('in') - - actualWidth = $tip[0].offsetWidth - actualHeight = $tip[0].offsetHeight - - if (placement == 'top' && actualHeight != height) { - offset.top = offset.top + height - actualHeight - replace = true - } - - if (placement == 'bottom' || placement == 'top') { - delta = 0 - - if (offset.left < 0){ - delta = offset.left * -2 - offset.left = 0 - $tip.offset(offset) - actualWidth = $tip[0].offsetWidth - actualHeight = $tip[0].offsetHeight - } - - this.replaceArrow(delta - width + actualWidth, actualWidth, 'left') - } else { - this.replaceArrow(actualHeight - height, actualHeight, 'top') - } - - if (replace) $tip.offset(offset) - } - - , replaceArrow: function(delta, dimension, position){ - this - .arrow() - .css(position, delta ? (50 * (1 - delta / dimension) + "%") : '') - } - - , setContent: function () { - var $tip = this.tip() - , title = this.getTitle() - - $tip.find('.tooltip-inner')[this.options.html ? 'html' : 'text'](title) - $tip.removeClass('fade in top bottom left right') - } - - , hide: function () { - var that = this - , $tip = this.tip() - , e = $.Event('hide') - - this.$element.trigger(e) - if (e.isDefaultPrevented()) return - - $tip.removeClass('in') - - function removeWithAnimation() { - var timeout = setTimeout(function () { - $tip.off($.support.transition.end).detach() - }, 500) - - $tip.one($.support.transition.end, function () { - clearTimeout(timeout) - $tip.detach() - }) - } - - $.support.transition && this.$tip.hasClass('fade') ? - removeWithAnimation() : - $tip.detach() - - this.$element.trigger('hidden') - - return this - } - - , fixTitle: function () { - var $e = this.$element - if ($e.attr('title') || typeof($e.attr('data-original-title')) != 'string') { - $e.attr('data-original-title', $e.attr('title') || '').attr('title', '') - } - } - - , hasContent: function () { - return this.getTitle() - } - - , getPosition: function () { - var el = this.$element[0] - return $.extend({}, (typeof el.getBoundingClientRect == 'function') ? el.getBoundingClientRect() : { - width: el.offsetWidth - , height: el.offsetHeight - }, this.$element.offset()) - } - - , getTitle: function () { - var title - , $e = this.$element - , o = this.options - - title = $e.attr('data-original-title') - || (typeof o.title == 'function' ? o.title.call($e[0]) : o.title) - - return title - } - - , tip: function () { - return this.$tip = this.$tip || $(this.options.template) - } - - , arrow: function(){ - return this.$arrow = this.$arrow || this.tip().find(".tooltip-arrow") - } - - , validate: function () { - if (!this.$element[0].parentNode) { - this.hide() - this.$element = null - this.options = null - } - } - - , enable: function () { - this.enabled = true - } - - , disable: function () { - this.enabled = false - } - - , toggleEnabled: function () { - this.enabled = !this.enabled - } - - , toggle: function (e) { - var self = e ? $(e.currentTarget)[this.type](this._options).data(this.type) : this - self.tip().hasClass('in') ? self.hide() : self.show() - } - - , destroy: function () { - this.hide().$element.off('.' + this.type).removeData(this.type) - } - - } - - - /* TOOLTIP PLUGIN DEFINITION - * ========================= */ - - var old = $.fn.tooltip - - $.fn.tooltip = function ( option ) { - return this.each(function () { - var $this = $(this) - , data = $this.data('tooltip') - , options = typeof option == 'object' && option - if (!data) $this.data('tooltip', (data = new Tooltip(this, options))) - if (typeof option == 'string') data[option]() - }) - } - - $.fn.tooltip.Constructor = Tooltip - - $.fn.tooltip.defaults = { - animation: true - , placement: 'top' - , selector: false - , template: '
    ' - , trigger: 'hover focus' - , title: '' - , delay: 0 - , html: false - , container: false - } - - - /* TOOLTIP NO CONFLICT - * =================== */ - - $.fn.tooltip.noConflict = function () { - $.fn.tooltip = old - return this - } - -}(window.jQuery); -/* =========================================================== - * bootstrap-popover.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#popovers - * =========================================================== - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * =========================================================== */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* POPOVER PUBLIC CLASS DEFINITION - * =============================== */ - - var Popover = function (element, options) { - this.init('popover', element, options) - } - - - /* NOTE: POPOVER EXTENDS BOOTSTRAP-TOOLTIP.js - ========================================== */ - - Popover.prototype = $.extend({}, $.fn.tooltip.Constructor.prototype, { - - constructor: Popover - - , setContent: function () { - var $tip = this.tip() - , title = this.getTitle() - , content = this.getContent() - - $tip.find('.popover-title')[this.options.html ? 'html' : 'text'](title) - $tip.find('.popover-content')[this.options.html ? 'html' : 'text'](content) - - $tip.removeClass('fade top bottom left right in') - } - - , hasContent: function () { - return this.getTitle() || this.getContent() - } - - , getContent: function () { - var content - , $e = this.$element - , o = this.options - - content = (typeof o.content == 'function' ? o.content.call($e[0]) : o.content) - || $e.attr('data-content') - - return content - } - - , tip: function () { - if (!this.$tip) { - this.$tip = $(this.options.template) - } - return this.$tip - } - - , destroy: function () { - this.hide().$element.off('.' + this.type).removeData(this.type) - } - - }) - - - /* POPOVER PLUGIN DEFINITION - * ======================= */ - - var old = $.fn.popover - - $.fn.popover = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('popover') - , options = typeof option == 'object' && option - if (!data) $this.data('popover', (data = new Popover(this, options))) - if (typeof option == 'string') data[option]() - }) - } - - $.fn.popover.Constructor = Popover - - $.fn.popover.defaults = $.extend({} , $.fn.tooltip.defaults, { - placement: 'right' - , trigger: 'click' - , content: '' - , template: '

    ' - }) - - - /* POPOVER NO CONFLICT - * =================== */ - - $.fn.popover.noConflict = function () { - $.fn.popover = old - return this - } - -}(window.jQuery); -/* ============================================================= - * bootstrap-scrollspy.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#scrollspy - * ============================================================= - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============================================================== */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* SCROLLSPY CLASS DEFINITION - * ========================== */ - - function ScrollSpy(element, options) { - var process = $.proxy(this.process, this) - , $element = $(element).is('body') ? $(window) : $(element) - , href - this.options = $.extend({}, $.fn.scrollspy.defaults, options) - this.$scrollElement = $element.on('scroll.scroll-spy.data-api', process) - this.selector = (this.options.target - || ((href = $(element).attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) //strip for ie7 - || '') + ' .nav li > a' - this.$body = $('body') - this.refresh() - this.process() - } - - ScrollSpy.prototype = { - - constructor: ScrollSpy - - , refresh: function () { - var self = this - , $targets - - this.offsets = $([]) - this.targets = $([]) - - $targets = this.$body - .find(this.selector) - .map(function () { - var $el = $(this) - , href = $el.data('target') || $el.attr('href') - , $href = /^#\w/.test(href) && $(href) - return ( $href - && $href.length - && [[ $href.position().top + (!$.isWindow(self.$scrollElement.get(0)) && self.$scrollElement.scrollTop()), href ]] ) || null - }) - .sort(function (a, b) { return a[0] - b[0] }) - .each(function () { - self.offsets.push(this[0]) - self.targets.push(this[1]) - }) - } - - , process: function () { - var scrollTop = this.$scrollElement.scrollTop() + this.options.offset - , scrollHeight = this.$scrollElement[0].scrollHeight || this.$body[0].scrollHeight - , maxScroll = scrollHeight - this.$scrollElement.height() - , offsets = this.offsets - , targets = this.targets - , activeTarget = this.activeTarget - , i - - if (scrollTop >= maxScroll) { - return activeTarget != (i = targets.last()[0]) - && this.activate ( i ) - } - - for (i = offsets.length; i--;) { - activeTarget != targets[i] - && scrollTop >= offsets[i] - && (!offsets[i + 1] || scrollTop <= offsets[i + 1]) - && this.activate( targets[i] ) - } - } - - , activate: function (target) { - var active - , selector - - this.activeTarget = target - - $(this.selector) - .parent('.active') - .removeClass('active') - - selector = this.selector - + '[data-target="' + target + '"],' - + this.selector + '[href="' + target + '"]' - - active = $(selector) - .parent('li') - .addClass('active') - - if (active.parent('.dropdown-menu').length) { - active = active.closest('li.dropdown').addClass('active') - } - - active.trigger('activate') - } - - } - - - /* SCROLLSPY PLUGIN DEFINITION - * =========================== */ - - var old = $.fn.scrollspy - - $.fn.scrollspy = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('scrollspy') - , options = typeof option == 'object' && option - if (!data) $this.data('scrollspy', (data = new ScrollSpy(this, options))) - if (typeof option == 'string') data[option]() - }) - } - - $.fn.scrollspy.Constructor = ScrollSpy - - $.fn.scrollspy.defaults = { - offset: 10 - } - - - /* SCROLLSPY NO CONFLICT - * ===================== */ - - $.fn.scrollspy.noConflict = function () { - $.fn.scrollspy = old - return this - } - - - /* SCROLLSPY DATA-API - * ================== */ - - $(window).on('load', function () { - $('[data-spy="scroll"]').each(function () { - var $spy = $(this) - $spy.scrollspy($spy.data()) - }) - }) - -}(window.jQuery);/* ======================================================== - * bootstrap-tab.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#tabs - * ======================================================== - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ======================================================== */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* TAB CLASS DEFINITION - * ==================== */ - - var Tab = function (element) { - this.element = $(element) - } - - Tab.prototype = { - - constructor: Tab - - , show: function () { - var $this = this.element - , $ul = $this.closest('ul:not(.dropdown-menu)') - , selector = $this.attr('data-target') - , previous - , $target - , e - - if (!selector) { - selector = $this.attr('href') - selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') //strip for ie7 - } - - if ( $this.parent('li').hasClass('active') ) return - - previous = $ul.find('.active:last a')[0] - - e = $.Event('show', { - relatedTarget: previous - }) - - $this.trigger(e) - - if (e.isDefaultPrevented()) return - - $target = $(selector) - - this.activate($this.parent('li'), $ul) - this.activate($target, $target.parent(), function () { - $this.trigger({ - type: 'shown' - , relatedTarget: previous - }) - }) - } - - , activate: function ( element, container, callback) { - var $active = container.find('> .active') - , transition = callback - && $.support.transition - && $active.hasClass('fade') - - function next() { - $active - .removeClass('active') - .find('> .dropdown-menu > .active') - .removeClass('active') - - element.addClass('active') - - if (transition) { - element[0].offsetWidth // reflow for transition - element.addClass('in') - } else { - element.removeClass('fade') - } - - if ( element.parent('.dropdown-menu') ) { - element.closest('li.dropdown').addClass('active') - } - - callback && callback() - } - - transition ? - $active.one($.support.transition.end, next) : - next() - - $active.removeClass('in') - } - } - - - /* TAB PLUGIN DEFINITION - * ===================== */ - - var old = $.fn.tab - - $.fn.tab = function ( option ) { - return this.each(function () { - var $this = $(this) - , data = $this.data('tab') - if (!data) $this.data('tab', (data = new Tab(this))) - if (typeof option == 'string') data[option]() - }) - } - - $.fn.tab.Constructor = Tab - - - /* TAB NO CONFLICT - * =============== */ - - $.fn.tab.noConflict = function () { - $.fn.tab = old - return this - } - - - /* TAB DATA-API - * ============ */ - - $(document).on('click.tab.data-api', '[data-toggle="tab"], [data-toggle="pill"]', function (e) { - e.preventDefault() - $(this).tab('show') - }) - -}(window.jQuery);/* ============================================================= - * bootstrap-typeahead.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#typeahead - * ============================================================= - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============================================================ */ - - -!function($){ - - "use strict"; // jshint ;_; - - - /* TYPEAHEAD PUBLIC CLASS DEFINITION - * ================================= */ - - var Typeahead = function (element, options) { - this.$element = $(element) - this.options = $.extend({}, $.fn.typeahead.defaults, options) - this.matcher = this.options.matcher || this.matcher - this.sorter = this.options.sorter || this.sorter - this.highlighter = this.options.highlighter || this.highlighter - this.updater = this.options.updater || this.updater - this.source = this.options.source - this.$menu = $(this.options.menu) - this.shown = false - this.listen() - } - - Typeahead.prototype = { - - constructor: Typeahead - - , select: function () { - var val = this.$menu.find('.active').attr('data-value') - this.$element - .val(this.updater(val)) - .change() - return this.hide() - } - - , updater: function (item) { - return item - } - - , show: function () { - var pos = $.extend({}, this.$element.position(), { - height: this.$element[0].offsetHeight - }) - - this.$menu - .insertAfter(this.$element) - .css({ - top: pos.top + pos.height - , left: pos.left - }) - .show() - - this.shown = true - return this - } - - , hide: function () { - this.$menu.hide() - this.shown = false - return this - } - - , lookup: function (event) { - var items - - this.query = this.$element.val() - - if (!this.query || this.query.length < this.options.minLength) { - return this.shown ? this.hide() : this - } - - items = $.isFunction(this.source) ? this.source(this.query, $.proxy(this.process, this)) : this.source - - return items ? this.process(items) : this - } - - , process: function (items) { - var that = this - - items = $.grep(items, function (item) { - return that.matcher(item) - }) - - items = this.sorter(items) - - if (!items.length) { - return this.shown ? this.hide() : this - } - - return this.render(items.slice(0, this.options.items)).show() - } - - , matcher: function (item) { - return ~item.toLowerCase().indexOf(this.query.toLowerCase()) - } - - , sorter: function (items) { - var beginswith = [] - , caseSensitive = [] - , caseInsensitive = [] - , item - - while (item = items.shift()) { - if (!item.toLowerCase().indexOf(this.query.toLowerCase())) beginswith.push(item) - else if (~item.indexOf(this.query)) caseSensitive.push(item) - else caseInsensitive.push(item) - } - - return beginswith.concat(caseSensitive, caseInsensitive) - } - - , highlighter: function (item) { - var query = this.query.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g, '\\$&') - return item.replace(new RegExp('(' + query + ')', 'ig'), function ($1, match) { - return '' + match + '' - }) - } - - , render: function (items) { - var that = this - - items = $(items).map(function (i, item) { - i = $(that.options.item).attr('data-value', item) - i.find('a').html(that.highlighter(item)) - return i[0] - }) - - items.first().addClass('active') - this.$menu.html(items) - return this - } - - , next: function (event) { - var active = this.$menu.find('.active').removeClass('active') - , next = active.next() - - if (!next.length) { - next = $(this.$menu.find('li')[0]) - } - - next.addClass('active') - } - - , prev: function (event) { - var active = this.$menu.find('.active').removeClass('active') - , prev = active.prev() - - if (!prev.length) { - prev = this.$menu.find('li').last() - } - - prev.addClass('active') - } - - , listen: function () { - this.$element - .on('focus', $.proxy(this.focus, this)) - .on('blur', $.proxy(this.blur, this)) - .on('keypress', $.proxy(this.keypress, this)) - .on('keyup', $.proxy(this.keyup, this)) - - if (this.eventSupported('keydown')) { - this.$element.on('keydown', $.proxy(this.keydown, this)) - } - - this.$menu - .on('click', $.proxy(this.click, this)) - .on('mouseenter', 'li', $.proxy(this.mouseenter, this)) - .on('mouseleave', 'li', $.proxy(this.mouseleave, this)) - } - - , eventSupported: function(eventName) { - var isSupported = eventName in this.$element - if (!isSupported) { - this.$element.setAttribute(eventName, 'return;') - isSupported = typeof this.$element[eventName] === 'function' - } - return isSupported - } - - , move: function (e) { - if (!this.shown) return - - switch(e.keyCode) { - case 9: // tab - case 13: // enter - case 27: // escape - e.preventDefault() - break - - case 38: // up arrow - e.preventDefault() - this.prev() - break - - case 40: // down arrow - e.preventDefault() - this.next() - break - } - - e.stopPropagation() - } - - , keydown: function (e) { - this.suppressKeyPressRepeat = ~$.inArray(e.keyCode, [40,38,9,13,27]) - this.move(e) - } - - , keypress: function (e) { - if (this.suppressKeyPressRepeat) return - this.move(e) - } - - , keyup: function (e) { - switch(e.keyCode) { - case 40: // down arrow - case 38: // up arrow - case 16: // shift - case 17: // ctrl - case 18: // alt - break - - case 9: // tab - case 13: // enter - if (!this.shown) return - this.select() - break - - case 27: // escape - if (!this.shown) return - this.hide() - break - - default: - this.lookup() - } - - e.stopPropagation() - e.preventDefault() - } - - , focus: function (e) { - this.focused = true - } - - , blur: function (e) { - this.focused = false - if (!this.mousedover && this.shown) this.hide() - } - - , click: function (e) { - e.stopPropagation() - e.preventDefault() - this.select() - this.$element.focus() - } - - , mouseenter: function (e) { - this.mousedover = true - this.$menu.find('.active').removeClass('active') - $(e.currentTarget).addClass('active') - } - - , mouseleave: function (e) { - this.mousedover = false - if (!this.focused && this.shown) this.hide() - } - - } - - - /* TYPEAHEAD PLUGIN DEFINITION - * =========================== */ - - var old = $.fn.typeahead - - $.fn.typeahead = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('typeahead') - , options = typeof option == 'object' && option - if (!data) $this.data('typeahead', (data = new Typeahead(this, options))) - if (typeof option == 'string') data[option]() - }) - } - - $.fn.typeahead.defaults = { - source: [] - , items: 8 - , menu: '
      ' - , item: '
      • ' - , minLength: 1 - } - - $.fn.typeahead.Constructor = Typeahead - - - /* TYPEAHEAD NO CONFLICT - * =================== */ - - $.fn.typeahead.noConflict = function () { - $.fn.typeahead = old - return this - } - - - /* TYPEAHEAD DATA-API - * ================== */ - - $(document).on('focus.typeahead.data-api', '[data-provide="typeahead"]', function (e) { - var $this = $(this) - if ($this.data('typeahead')) return - $this.typeahead($this.data()) - }) - -}(window.jQuery); -/* ========================================================== - * bootstrap-affix.js v2.3.2 - * http://getbootstrap.com/2.3.2/javascript.html#affix - * ========================================================== - * Copyright 2013 Twitter, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================================================== */ - - -!function ($) { - - "use strict"; // jshint ;_; - - - /* AFFIX CLASS DEFINITION - * ====================== */ - - var Affix = function (element, options) { - this.options = $.extend({}, $.fn.affix.defaults, options) - this.$window = $(window) - .on('scroll.affix.data-api', $.proxy(this.checkPosition, this)) - .on('click.affix.data-api', $.proxy(function () { setTimeout($.proxy(this.checkPosition, this), 1) }, this)) - this.$element = $(element) - this.checkPosition() - } - - Affix.prototype.checkPosition = function () { - if (!this.$element.is(':visible')) return - - var scrollHeight = $(document).height() - , scrollTop = this.$window.scrollTop() - , position = this.$element.offset() - , offset = this.options.offset - , offsetBottom = offset.bottom - , offsetTop = offset.top - , reset = 'affix affix-top affix-bottom' - , affix - - if (typeof offset != 'object') offsetBottom = offsetTop = offset - if (typeof offsetTop == 'function') offsetTop = offset.top() - if (typeof offsetBottom == 'function') offsetBottom = offset.bottom() - - affix = this.unpin != null && (scrollTop + this.unpin <= position.top) ? - false : offsetBottom != null && (position.top + this.$element.height() >= scrollHeight - offsetBottom) ? - 'bottom' : offsetTop != null && scrollTop <= offsetTop ? - 'top' : false - - if (this.affixed === affix) return - - this.affixed = affix - this.unpin = affix == 'bottom' ? position.top - scrollTop : null - - this.$element.removeClass(reset).addClass('affix' + (affix ? '-' + affix : '')) - } - - - /* AFFIX PLUGIN DEFINITION - * ======================= */ - - var old = $.fn.affix - - $.fn.affix = function (option) { - return this.each(function () { - var $this = $(this) - , data = $this.data('affix') - , options = typeof option == 'object' && option - if (!data) $this.data('affix', (data = new Affix(this, options))) - if (typeof option == 'string') data[option]() - }) - } - - $.fn.affix.Constructor = Affix - - $.fn.affix.defaults = { - offset: 0 - } - - - /* AFFIX NO CONFLICT - * ================= */ - - $.fn.affix.noConflict = function () { - $.fn.affix = old - return this - } - - - /* AFFIX DATA-API - * ============== */ - - $(window).on('load', function () { - $('[data-spy="affix"]').each(function () { - var $spy = $(this) - , data = $spy.data() - - data.offset = data.offset || {} - - data.offsetBottom && (data.offset.bottom = data.offsetBottom) - data.offsetTop && (data.offset.top = data.offsetTop) - - $spy.affix(data) - }) - }) - - -}(window.jQuery); \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/js/bootstrap.min.js b/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/js/bootstrap.min.js deleted file mode 100644 index 848258d380..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/js/bootstrap.min.js +++ /dev/null @@ -1,6 +0,0 @@ -/*! -* Bootstrap.js by @fat & @mdo -* Copyright 2013 Twitter, Inc. -* http://www.apache.org/licenses/LICENSE-2.0.txt -*/ -!function(e){"use strict";e(function(){e.support.transition=function(){var e=function(){var e=document.createElement("bootstrap"),t={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"},n;for(n in t)if(e.style[n]!==undefined)return t[n]}();return e&&{end:e}}()})}(window.jQuery),!function(e){"use strict";var t='[data-dismiss="alert"]',n=function(n){e(n).on("click",t,this.close)};n.prototype.close=function(t){function s(){i.trigger("closed").remove()}var n=e(this),r=n.attr("data-target"),i;r||(r=n.attr("href"),r=r&&r.replace(/.*(?=#[^\s]*$)/,"")),i=e(r),t&&t.preventDefault(),i.length||(i=n.hasClass("alert")?n:n.parent()),i.trigger(t=e.Event("close"));if(t.isDefaultPrevented())return;i.removeClass("in"),e.support.transition&&i.hasClass("fade")?i.on(e.support.transition.end,s):s()};var r=e.fn.alert;e.fn.alert=function(t){return this.each(function(){var r=e(this),i=r.data("alert");i||r.data("alert",i=new n(this)),typeof t=="string"&&i[t].call(r)})},e.fn.alert.Constructor=n,e.fn.alert.noConflict=function(){return e.fn.alert=r,this},e(document).on("click.alert.data-api",t,n.prototype.close)}(window.jQuery),!function(e){"use strict";var t=function(t,n){this.$element=e(t),this.options=e.extend({},e.fn.button.defaults,n)};t.prototype.setState=function(e){var t="disabled",n=this.$element,r=n.data(),i=n.is("input")?"val":"html";e+="Text",r.resetText||n.data("resetText",n[i]()),n[i](r[e]||this.options[e]),setTimeout(function(){e=="loadingText"?n.addClass(t).attr(t,t):n.removeClass(t).removeAttr(t)},0)},t.prototype.toggle=function(){var e=this.$element.closest('[data-toggle="buttons-radio"]');e&&e.find(".active").removeClass("active"),this.$element.toggleClass("active")};var n=e.fn.button;e.fn.button=function(n){return this.each(function(){var r=e(this),i=r.data("button"),s=typeof n=="object"&&n;i||r.data("button",i=new t(this,s)),n=="toggle"?i.toggle():n&&i.setState(n)})},e.fn.button.defaults={loadingText:"loading..."},e.fn.button.Constructor=t,e.fn.button.noConflict=function(){return e.fn.button=n,this},e(document).on("click.button.data-api","[data-toggle^=button]",function(t){var n=e(t.target);n.hasClass("btn")||(n=n.closest(".btn")),n.button("toggle")})}(window.jQuery),!function(e){"use strict";var t=function(t,n){this.$element=e(t),this.$indicators=this.$element.find(".carousel-indicators"),this.options=n,this.options.pause=="hover"&&this.$element.on("mouseenter",e.proxy(this.pause,this)).on("mouseleave",e.proxy(this.cycle,this))};t.prototype={cycle:function(t){return t||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(e.proxy(this.next,this),this.options.interval)),this},getActiveIndex:function(){return this.$active=this.$element.find(".item.active"),this.$items=this.$active.parent().children(),this.$items.index(this.$active)},to:function(t){var n=this.getActiveIndex(),r=this;if(t>this.$items.length-1||t<0)return;return this.sliding?this.$element.one("slid",function(){r.to(t)}):n==t?this.pause().cycle():this.slide(t>n?"next":"prev",e(this.$items[t]))},pause:function(t){return t||(this.paused=!0),this.$element.find(".next, .prev").length&&e.support.transition.end&&(this.$element.trigger(e.support.transition.end),this.cycle(!0)),clearInterval(this.interval),this.interval=null,this},next:function(){if(this.sliding)return;return this.slide("next")},prev:function(){if(this.sliding)return;return this.slide("prev")},slide:function(t,n){var r=this.$element.find(".item.active"),i=n||r[t](),s=this.interval,o=t=="next"?"left":"right",u=t=="next"?"first":"last",a=this,f;this.sliding=!0,s&&this.pause(),i=i.length?i:this.$element.find(".item")[u](),f=e.Event("slide",{relatedTarget:i[0],direction:o});if(i.hasClass("active"))return;this.$indicators.length&&(this.$indicators.find(".active").removeClass("active"),this.$element.one("slid",function(){var t=e(a.$indicators.children()[a.getActiveIndex()]);t&&t.addClass("active")}));if(e.support.transition&&this.$element.hasClass("slide")){this.$element.trigger(f);if(f.isDefaultPrevented())return;i.addClass(t),i[0].offsetWidth,r.addClass(o),i.addClass(o),this.$element.one(e.support.transition.end,function(){i.removeClass([t,o].join(" ")).addClass("active"),r.removeClass(["active",o].join(" ")),a.sliding=!1,setTimeout(function(){a.$element.trigger("slid")},0)})}else{this.$element.trigger(f);if(f.isDefaultPrevented())return;r.removeClass("active"),i.addClass("active"),this.sliding=!1,this.$element.trigger("slid")}return s&&this.cycle(),this}};var n=e.fn.carousel;e.fn.carousel=function(n){return this.each(function(){var r=e(this),i=r.data("carousel"),s=e.extend({},e.fn.carousel.defaults,typeof n=="object"&&n),o=typeof n=="string"?n:s.slide;i||r.data("carousel",i=new t(this,s)),typeof n=="number"?i.to(n):o?i[o]():s.interval&&i.pause().cycle()})},e.fn.carousel.defaults={interval:5e3,pause:"hover"},e.fn.carousel.Constructor=t,e.fn.carousel.noConflict=function(){return e.fn.carousel=n,this},e(document).on("click.carousel.data-api","[data-slide], [data-slide-to]",function(t){var n=e(this),r,i=e(n.attr("data-target")||(r=n.attr("href"))&&r.replace(/.*(?=#[^\s]+$)/,"")),s=e.extend({},i.data(),n.data()),o;i.carousel(s),(o=n.attr("data-slide-to"))&&i.data("carousel").pause().to(o).cycle(),t.preventDefault()})}(window.jQuery),!function(e){"use strict";var t=function(t,n){this.$element=e(t),this.options=e.extend({},e.fn.collapse.defaults,n),this.options.parent&&(this.$parent=e(this.options.parent)),this.options.toggle&&this.toggle()};t.prototype={constructor:t,dimension:function(){var e=this.$element.hasClass("width");return e?"width":"height"},show:function(){var t,n,r,i;if(this.transitioning||this.$element.hasClass("in"))return;t=this.dimension(),n=e.camelCase(["scroll",t].join("-")),r=this.$parent&&this.$parent.find("> .accordion-group > .in");if(r&&r.length){i=r.data("collapse");if(i&&i.transitioning)return;r.collapse("hide"),i||r.data("collapse",null)}this.$element[t](0),this.transition("addClass",e.Event("show"),"shown"),e.support.transition&&this.$element[t](this.$element[0][n])},hide:function(){var t;if(this.transitioning||!this.$element.hasClass("in"))return;t=this.dimension(),this.reset(this.$element[t]()),this.transition("removeClass",e.Event("hide"),"hidden"),this.$element[t](0)},reset:function(e){var t=this.dimension();return this.$element.removeClass("collapse")[t](e||"auto")[0].offsetWidth,this.$element[e!==null?"addClass":"removeClass"]("collapse"),this},transition:function(t,n,r){var i=this,s=function(){n.type=="show"&&i.reset(),i.transitioning=0,i.$element.trigger(r)};this.$element.trigger(n);if(n.isDefaultPrevented())return;this.transitioning=1,this.$element[t]("in"),e.support.transition&&this.$element.hasClass("collapse")?this.$element.one(e.support.transition.end,s):s()},toggle:function(){this[this.$element.hasClass("in")?"hide":"show"]()}};var n=e.fn.collapse;e.fn.collapse=function(n){return this.each(function(){var r=e(this),i=r.data("collapse"),s=e.extend({},e.fn.collapse.defaults,r.data(),typeof n=="object"&&n);i||r.data("collapse",i=new t(this,s)),typeof n=="string"&&i[n]()})},e.fn.collapse.defaults={toggle:!0},e.fn.collapse.Constructor=t,e.fn.collapse.noConflict=function(){return e.fn.collapse=n,this},e(document).on("click.collapse.data-api","[data-toggle=collapse]",function(t){var n=e(this),r,i=n.attr("data-target")||t.preventDefault()||(r=n.attr("href"))&&r.replace(/.*(?=#[^\s]+$)/,""),s=e(i).data("collapse")?"toggle":n.data();n[e(i).hasClass("in")?"addClass":"removeClass"]("collapsed"),e(i).collapse(s)})}(window.jQuery),!function(e){"use strict";function r(){e(".dropdown-backdrop").remove(),e(t).each(function(){i(e(this)).removeClass("open")})}function i(t){var n=t.attr("data-target"),r;n||(n=t.attr("href"),n=n&&/#/.test(n)&&n.replace(/.*(?=#[^\s]*$)/,"")),r=n&&e(n);if(!r||!r.length)r=t.parent();return r}var t="[data-toggle=dropdown]",n=function(t){var n=e(t).on("click.dropdown.data-api",this.toggle);e("html").on("click.dropdown.data-api",function(){n.parent().removeClass("open")})};n.prototype={constructor:n,toggle:function(t){var n=e(this),s,o;if(n.is(".disabled, :disabled"))return;return s=i(n),o=s.hasClass("open"),r(),o||("ontouchstart"in document.documentElement&&e('
      ').insertBefore(e(this)).on("click",r),s.toggleClass("open")),n.focus(),!1},keydown:function(n){var r,s,o,u,a,f;if(!/(38|40|27)/.test(n.keyCode))return;r=e(this),n.preventDefault(),n.stopPropagation();if(r.is(".disabled, :disabled"))return;u=i(r),a=u.hasClass("open");if(!a||a&&n.keyCode==27)return n.which==27&&u.find(t).focus(),r.click();s=e("[role=menu] li:not(.divider):visible a",u);if(!s.length)return;f=s.index(s.filter(":focus")),n.keyCode==38&&f>0&&f--,n.keyCode==40&&f').appendTo(document.body),this.$backdrop.click(this.options.backdrop=="static"?e.proxy(this.$element[0].focus,this.$element[0]):e.proxy(this.hide,this)),i&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in");if(!t)return;i?this.$backdrop.one(e.support.transition.end,t):t()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),e.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(e.support.transition.end,t):t()):t&&t()}};var n=e.fn.modal;e.fn.modal=function(n){return this.each(function(){var r=e(this),i=r.data("modal"),s=e.extend({},e.fn.modal.defaults,r.data(),typeof n=="object"&&n);i||r.data("modal",i=new t(this,s)),typeof n=="string"?i[n]():s.show&&i.show()})},e.fn.modal.defaults={backdrop:!0,keyboard:!0,show:!0},e.fn.modal.Constructor=t,e.fn.modal.noConflict=function(){return e.fn.modal=n,this},e(document).on("click.modal.data-api",'[data-toggle="modal"]',function(t){var n=e(this),r=n.attr("href"),i=e(n.attr("data-target")||r&&r.replace(/.*(?=#[^\s]+$)/,"")),s=i.data("modal")?"toggle":e.extend({remote:!/#/.test(r)&&r},i.data(),n.data());t.preventDefault(),i.modal(s).one("hide",function(){n.focus()})})}(window.jQuery),!function(e){"use strict";var t=function(e,t){this.init("tooltip",e,t)};t.prototype={constructor:t,init:function(t,n,r){var i,s,o,u,a;this.type=t,this.$element=e(n),this.options=this.getOptions(r),this.enabled=!0,o=this.options.trigger.split(" ");for(a=o.length;a--;)u=o[a],u=="click"?this.$element.on("click."+this.type,this.options.selector,e.proxy(this.toggle,this)):u!="manual"&&(i=u=="hover"?"mouseenter":"focus",s=u=="hover"?"mouseleave":"blur",this.$element.on(i+"."+this.type,this.options.selector,e.proxy(this.enter,this)),this.$element.on(s+"."+this.type,this.options.selector,e.proxy(this.leave,this)));this.options.selector?this._options=e.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},getOptions:function(t){return t=e.extend({},e.fn[this.type].defaults,this.$element.data(),t),t.delay&&typeof t.delay=="number"&&(t.delay={show:t.delay,hide:t.delay}),t},enter:function(t){var n=e.fn[this.type].defaults,r={},i;this._options&&e.each(this._options,function(e,t){n[e]!=t&&(r[e]=t)},this),i=e(t.currentTarget)[this.type](r).data(this.type);if(!i.options.delay||!i.options.delay.show)return i.show();clearTimeout(this.timeout),i.hoverState="in",this.timeout=setTimeout(function(){i.hoverState=="in"&&i.show()},i.options.delay.show)},leave:function(t){var n=e(t.currentTarget)[this.type](this._options).data(this.type);this.timeout&&clearTimeout(this.timeout);if(!n.options.delay||!n.options.delay.hide)return n.hide();n.hoverState="out",this.timeout=setTimeout(function(){n.hoverState=="out"&&n.hide()},n.options.delay.hide)},show:function(){var t,n,r,i,s,o,u=e.Event("show");if(this.hasContent()&&this.enabled){this.$element.trigger(u);if(u.isDefaultPrevented())return;t=this.tip(),this.setContent(),this.options.animation&&t.addClass("fade"),s=typeof this.options.placement=="function"?this.options.placement.call(this,t[0],this.$element[0]):this.options.placement,t.detach().css({top:0,left:0,display:"block"}),this.options.container?t.appendTo(this.options.container):t.insertAfter(this.$element),n=this.getPosition(),r=t[0].offsetWidth,i=t[0].offsetHeight;switch(s){case"bottom":o={top:n.top+n.height,left:n.left+n.width/2-r/2};break;case"top":o={top:n.top-i,left:n.left+n.width/2-r/2};break;case"left":o={top:n.top+n.height/2-i/2,left:n.left-r};break;case"right":o={top:n.top+n.height/2-i/2,left:n.left+n.width}}this.applyPlacement(o,s),this.$element.trigger("shown")}},applyPlacement:function(e,t){var n=this.tip(),r=n[0].offsetWidth,i=n[0].offsetHeight,s,o,u,a;n.offset(e).addClass(t).addClass("in"),s=n[0].offsetWidth,o=n[0].offsetHeight,t=="top"&&o!=i&&(e.top=e.top+i-o,a=!0),t=="bottom"||t=="top"?(u=0,e.left<0&&(u=e.left*-2,e.left=0,n.offset(e),s=n[0].offsetWidth,o=n[0].offsetHeight),this.replaceArrow(u-r+s,s,"left")):this.replaceArrow(o-i,o,"top"),a&&n.offset(e)},replaceArrow:function(e,t,n){this.arrow().css(n,e?50*(1-e/t)+"%":"")},setContent:function(){var e=this.tip(),t=this.getTitle();e.find(".tooltip-inner")[this.options.html?"html":"text"](t),e.removeClass("fade in top bottom left right")},hide:function(){function i(){var t=setTimeout(function(){n.off(e.support.transition.end).detach()},500);n.one(e.support.transition.end,function(){clearTimeout(t),n.detach()})}var t=this,n=this.tip(),r=e.Event("hide");this.$element.trigger(r);if(r.isDefaultPrevented())return;return n.removeClass("in"),e.support.transition&&this.$tip.hasClass("fade")?i():n.detach(),this.$element.trigger("hidden"),this},fixTitle:function(){var e=this.$element;(e.attr("title")||typeof e.attr("data-original-title")!="string")&&e.attr("data-original-title",e.attr("title")||"").attr("title","")},hasContent:function(){return this.getTitle()},getPosition:function(){var t=this.$element[0];return e.extend({},typeof t.getBoundingClientRect=="function"?t.getBoundingClientRect():{width:t.offsetWidth,height:t.offsetHeight},this.$element.offset())},getTitle:function(){var e,t=this.$element,n=this.options;return e=t.attr("data-original-title")||(typeof n.title=="function"?n.title.call(t[0]):n.title),e},tip:function(){return this.$tip=this.$tip||e(this.options.template)},arrow:function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},validate:function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},enable:function(){this.enabled=!0},disable:function(){this.enabled=!1},toggleEnabled:function(){this.enabled=!this.enabled},toggle:function(t){var n=t?e(t.currentTarget)[this.type](this._options).data(this.type):this;n.tip().hasClass("in")?n.hide():n.show()},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}};var n=e.fn.tooltip;e.fn.tooltip=function(n){return this.each(function(){var r=e(this),i=r.data("tooltip"),s=typeof n=="object"&&n;i||r.data("tooltip",i=new t(this,s)),typeof n=="string"&&i[n]()})},e.fn.tooltip.Constructor=t,e.fn.tooltip.defaults={animation:!0,placement:"top",selector:!1,template:'
      ',trigger:"hover focus",title:"",delay:0,html:!1,container:!1},e.fn.tooltip.noConflict=function(){return e.fn.tooltip=n,this}}(window.jQuery),!function(e){"use strict";var t=function(e,t){this.init("popover",e,t)};t.prototype=e.extend({},e.fn.tooltip.Constructor.prototype,{constructor:t,setContent:function(){var e=this.tip(),t=this.getTitle(),n=this.getContent();e.find(".popover-title")[this.options.html?"html":"text"](t),e.find(".popover-content")[this.options.html?"html":"text"](n),e.removeClass("fade top bottom left right in")},hasContent:function(){return this.getTitle()||this.getContent()},getContent:function(){var e,t=this.$element,n=this.options;return e=(typeof n.content=="function"?n.content.call(t[0]):n.content)||t.attr("data-content"),e},tip:function(){return this.$tip||(this.$tip=e(this.options.template)),this.$tip},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}});var n=e.fn.popover;e.fn.popover=function(n){return this.each(function(){var r=e(this),i=r.data("popover"),s=typeof n=="object"&&n;i||r.data("popover",i=new t(this,s)),typeof n=="string"&&i[n]()})},e.fn.popover.Constructor=t,e.fn.popover.defaults=e.extend({},e.fn.tooltip.defaults,{placement:"right",trigger:"click",content:"",template:'

      '}),e.fn.popover.noConflict=function(){return e.fn.popover=n,this}}(window.jQuery),!function(e){"use strict";function t(t,n){var r=e.proxy(this.process,this),i=e(t).is("body")?e(window):e(t),s;this.options=e.extend({},e.fn.scrollspy.defaults,n),this.$scrollElement=i.on("scroll.scroll-spy.data-api",r),this.selector=(this.options.target||(s=e(t).attr("href"))&&s.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.$body=e("body"),this.refresh(),this.process()}t.prototype={constructor:t,refresh:function(){var t=this,n;this.offsets=e([]),this.targets=e([]),n=this.$body.find(this.selector).map(function(){var n=e(this),r=n.data("target")||n.attr("href"),i=/^#\w/.test(r)&&e(r);return i&&i.length&&[[i.position().top+(!e.isWindow(t.$scrollElement.get(0))&&t.$scrollElement.scrollTop()),r]]||null}).sort(function(e,t){return e[0]-t[0]}).each(function(){t.offsets.push(this[0]),t.targets.push(this[1])})},process:function(){var e=this.$scrollElement.scrollTop()+this.options.offset,t=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,n=t-this.$scrollElement.height(),r=this.offsets,i=this.targets,s=this.activeTarget,o;if(e>=n)return s!=(o=i.last()[0])&&this.activate(o);for(o=r.length;o--;)s!=i[o]&&e>=r[o]&&(!r[o+1]||e<=r[o+1])&&this.activate(i[o])},activate:function(t){var n,r;this.activeTarget=t,e(this.selector).parent(".active").removeClass("active"),r=this.selector+'[data-target="'+t+'"],'+this.selector+'[href="'+t+'"]',n=e(r).parent("li").addClass("active"),n.parent(".dropdown-menu").length&&(n=n.closest("li.dropdown").addClass("active")),n.trigger("activate")}};var n=e.fn.scrollspy;e.fn.scrollspy=function(n){return this.each(function(){var r=e(this),i=r.data("scrollspy"),s=typeof n=="object"&&n;i||r.data("scrollspy",i=new t(this,s)),typeof n=="string"&&i[n]()})},e.fn.scrollspy.Constructor=t,e.fn.scrollspy.defaults={offset:10},e.fn.scrollspy.noConflict=function(){return e.fn.scrollspy=n,this},e(window).on("load",function(){e('[data-spy="scroll"]').each(function(){var t=e(this);t.scrollspy(t.data())})})}(window.jQuery),!function(e){"use strict";var t=function(t){this.element=e(t)};t.prototype={constructor:t,show:function(){var t=this.element,n=t.closest("ul:not(.dropdown-menu)"),r=t.attr("data-target"),i,s,o;r||(r=t.attr("href"),r=r&&r.replace(/.*(?=#[^\s]*$)/,""));if(t.parent("li").hasClass("active"))return;i=n.find(".active:last a")[0],o=e.Event("show",{relatedTarget:i}),t.trigger(o);if(o.isDefaultPrevented())return;s=e(r),this.activate(t.parent("li"),n),this.activate(s,s.parent(),function(){t.trigger({type:"shown",relatedTarget:i})})},activate:function(t,n,r){function o(){i.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),t.addClass("active"),s?(t[0].offsetWidth,t.addClass("in")):t.removeClass("fade"),t.parent(".dropdown-menu")&&t.closest("li.dropdown").addClass("active"),r&&r()}var i=n.find("> .active"),s=r&&e.support.transition&&i.hasClass("fade");s?i.one(e.support.transition.end,o):o(),i.removeClass("in")}};var n=e.fn.tab;e.fn.tab=function(n){return this.each(function(){var r=e(this),i=r.data("tab");i||r.data("tab",i=new t(this)),typeof n=="string"&&i[n]()})},e.fn.tab.Constructor=t,e.fn.tab.noConflict=function(){return e.fn.tab=n,this},e(document).on("click.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(t){t.preventDefault(),e(this).tab("show")})}(window.jQuery),!function(e){"use strict";var t=function(t,n){this.$element=e(t),this.options=e.extend({},e.fn.typeahead.defaults,n),this.matcher=this.options.matcher||this.matcher,this.sorter=this.options.sorter||this.sorter,this.highlighter=this.options.highlighter||this.highlighter,this.updater=this.options.updater||this.updater,this.source=this.options.source,this.$menu=e(this.options.menu),this.shown=!1,this.listen()};t.prototype={constructor:t,select:function(){var e=this.$menu.find(".active").attr("data-value");return this.$element.val(this.updater(e)).change(),this.hide()},updater:function(e){return e},show:function(){var t=e.extend({},this.$element.position(),{height:this.$element[0].offsetHeight});return this.$menu.insertAfter(this.$element).css({top:t.top+t.height,left:t.left}).show(),this.shown=!0,this},hide:function(){return this.$menu.hide(),this.shown=!1,this},lookup:function(t){var n;return this.query=this.$element.val(),!this.query||this.query.length"+t+""})},render:function(t){var n=this;return t=e(t).map(function(t,r){return t=e(n.options.item).attr("data-value",r),t.find("a").html(n.highlighter(r)),t[0]}),t.first().addClass("active"),this.$menu.html(t),this},next:function(t){var n=this.$menu.find(".active").removeClass("active"),r=n.next();r.length||(r=e(this.$menu.find("li")[0])),r.addClass("active")},prev:function(e){var t=this.$menu.find(".active").removeClass("active"),n=t.prev();n.length||(n=this.$menu.find("li").last()),n.addClass("active")},listen:function(){this.$element.on("focus",e.proxy(this.focus,this)).on("blur",e.proxy(this.blur,this)).on("keypress",e.proxy(this.keypress,this)).on("keyup",e.proxy(this.keyup,this)),this.eventSupported("keydown")&&this.$element.on("keydown",e.proxy(this.keydown,this)),this.$menu.on("click",e.proxy(this.click,this)).on("mouseenter","li",e.proxy(this.mouseenter,this)).on("mouseleave","li",e.proxy(this.mouseleave,this))},eventSupported:function(e){var t=e in this.$element;return t||(this.$element.setAttribute(e,"return;"),t=typeof this.$element[e]=="function"),t},move:function(e){if(!this.shown)return;switch(e.keyCode){case 9:case 13:case 27:e.preventDefault();break;case 38:e.preventDefault(),this.prev();break;case 40:e.preventDefault(),this.next()}e.stopPropagation()},keydown:function(t){this.suppressKeyPressRepeat=~e.inArray(t.keyCode,[40,38,9,13,27]),this.move(t)},keypress:function(e){if(this.suppressKeyPressRepeat)return;this.move(e)},keyup:function(e){switch(e.keyCode){case 40:case 38:case 16:case 17:case 18:break;case 9:case 13:if(!this.shown)return;this.select();break;case 27:if(!this.shown)return;this.hide();break;default:this.lookup()}e.stopPropagation(),e.preventDefault()},focus:function(e){this.focused=!0},blur:function(e){this.focused=!1,!this.mousedover&&this.shown&&this.hide()},click:function(e){e.stopPropagation(),e.preventDefault(),this.select(),this.$element.focus()},mouseenter:function(t){this.mousedover=!0,this.$menu.find(".active").removeClass("active"),e(t.currentTarget).addClass("active")},mouseleave:function(e){this.mousedover=!1,!this.focused&&this.shown&&this.hide()}};var n=e.fn.typeahead;e.fn.typeahead=function(n){return this.each(function(){var r=e(this),i=r.data("typeahead"),s=typeof n=="object"&&n;i||r.data("typeahead",i=new t(this,s)),typeof n=="string"&&i[n]()})},e.fn.typeahead.defaults={source:[],items:8,menu:'
        ',item:'
        • ',minLength:1},e.fn.typeahead.Constructor=t,e.fn.typeahead.noConflict=function(){return e.fn.typeahead=n,this},e(document).on("focus.typeahead.data-api",'[data-provide="typeahead"]',function(t){var n=e(this);if(n.data("typeahead"))return;n.typeahead(n.data())})}(window.jQuery),!function(e){"use strict";var t=function(t,n){this.options=e.extend({},e.fn.affix.defaults,n),this.$window=e(window).on("scroll.affix.data-api",e.proxy(this.checkPosition,this)).on("click.affix.data-api",e.proxy(function(){setTimeout(e.proxy(this.checkPosition,this),1)},this)),this.$element=e(t),this.checkPosition()};t.prototype.checkPosition=function(){if(!this.$element.is(":visible"))return;var t=e(document).height(),n=this.$window.scrollTop(),r=this.$element.offset(),i=this.options.offset,s=i.bottom,o=i.top,u="affix affix-top affix-bottom",a;typeof i!="object"&&(s=o=i),typeof o=="function"&&(o=i.top()),typeof s=="function"&&(s=i.bottom()),a=this.unpin!=null&&n+this.unpin<=r.top?!1:s!=null&&r.top+this.$element.height()>=t-s?"bottom":o!=null&&n<=o?"top":!1;if(this.affixed===a)return;this.affixed=a,this.unpin=a=="bottom"?r.top-n:null,this.$element.removeClass(u).addClass("affix"+(a?"-"+a:""))};var n=e.fn.affix;e.fn.affix=function(n){return this.each(function(){var r=e(this),i=r.data("affix"),s=typeof n=="object"&&n;i||r.data("affix",i=new t(this,s)),typeof n=="string"&&i[n]()})},e.fn.affix.Constructor=t,e.fn.affix.defaults={offset:0},e.fn.affix.noConflict=function(){return e.fn.affix=n,this},e(window).on("load",function(){e('[data-spy="affix"]').each(function(){var t=e(this),n=t.data();n.offset=n.offset||{},n.offsetBottom&&(n.offset.bottom=n.offsetBottom),n.offsetTop&&(n.offset.top=n.offsetTop),t.affix(n)})})}(window.jQuery); \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/resources/css/bootstrap-sheet.css b/openid-connect-server-webapp/src/main/webapp/resources/css/bootstrap-sheet.css deleted file mode 100644 index ad9e44d607..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/css/bootstrap-sheet.css +++ /dev/null @@ -1,57 +0,0 @@ -/*! - * Bootstrap modal sheet - * - * Author: Michaël Perrin - * https://github.com/michaelperrin/bootstrap-modal-sheet - */ - -.sheet form { - margin: 0; -} - -.sheet .form-actions { - margin-top: 10px; - margin-bottom: 0; - padding: 10px 20px 10px; - text-align: right; -} - -.sheet { - position: absolute; - z-index: 1050; - - width: 600px; - background: rgba(240, 240, 240, 0.9); - border-color: #909090; - border-style: solid; - border-width: 0 1px 1px 1px; - box-shadow: inset 0 15px 12px -10px rgba(0, 0, 0, 0.4), 0 5px 12px rgba(0, 0, 0, 0.4); - padding-top: 15px; -} - -.sheet.hide { - display: none; -} - -.sheet .sheet-body { - padding-left: 15px; - padding-right: 15px; -} - -.sheet .sheet-footer { - margin-top: 10px; - margin-bottom: 0; - padding: 10px 20px 10px; - text-align: right; - background-color: #f5f5f5; - border-top: 1px solid #e5e5e5; -} - -.sheet-backdrop { - position: fixed; - top: 0; - right: 0; - bottom: 0; - left: 0; - z-index: 1040; -} diff --git a/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-local.css b/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-local.css deleted file mode 100644 index 266f8b3798..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-local.css +++ /dev/null @@ -1,3 +0,0 @@ -/* - * Overlay this file to provide local style overrides. - */ \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-responsive-local.css b/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-responsive-local.css deleted file mode 100644 index 266f8b3798..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-responsive-local.css +++ /dev/null @@ -1,3 +0,0 @@ -/* - * Overlay this file to provide local style overrides. - */ \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-responsive.css b/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-responsive.css deleted file mode 100644 index cc5e32cfee..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-responsive.css +++ /dev/null @@ -1,16 +0,0 @@ -/* size-responsive CSS to be loaded after bootstrap-responsive */ - -@media ( min-width : 768px) and (max-width: 979px) { - .main { - padding-top: 0px; - } -} - -@media ( max-width : 767px) { - #footer { - margin-left: -20px; - margin-right: -20px; - padding-left: 20px; - padding-right: 20px; - } -} \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect.css b/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect.css deleted file mode 100644 index 21d823f225..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect.css +++ /dev/null @@ -1,202 +0,0 @@ -/* Stylesheet for the MITREid Connect server web application */ - -html,body { - height: 100%; - /* The html and body elements cannot have any padding or margin. */ -} - -.sidebar-nav { - padding: 9px 0; -} - -h1,label { - text-shadow: 1px 1px 1px #FFFFFF; -} - -.navbar .brand { - max-height: 20px; -} - -.navbar .brand img { - max-height: 24px; - width: auto; - position: relative; - top: -2px; - left: -6px; -} - -/* login button */ - -.navbar #userButton, -.navbar #loginButton { - background-repeat: repeat-x; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - box-shadow: 0 3px 8px rgba(255, 255, 255, 0.125) inset; - font-size: 0.9em; -} - -.navbar #userButton { - background-color: #006dcc; - background-image: linear-gradient(to bottom, #0088cc, #0044cc); -} -.navbar #loginButton { - background-color: #5bb75b; - background-image: linear-gradient(to bottom, #62c462, #51a351); -} - -.navbar #userButton:focus, .navbar #userButton:hover, -.navbar #loginButton:focus, .navbar #loginButton:hover { - color: #ffffff; - background-position: 0 -15px; - text-decoration: none; - transition: background-position 0.1s linear 0s; -} - -.navbar #userButton:focus, .navbar #userButton:hover { - background-color: #0044cc; -} -.navbar #loginButton:focus, .navbar #loginButton:hover { - background-color: #51a351; -} - -.navbar #userButton:active, -.navbar #loginButton:active { - color: #ffffff; - background-image: none; - box-shadow: 0 2px 4px rgba(0, 0, 0, 0.15) inset, 0 1px 2px rgba(0, 0, 0, 0.05); - outline: 0 none; -} - -.navbar #userButton:active { - background-color: #0044cc; -} - -.navbar #loginButton:active { - background-color: #51a351; -} - -.navbar #userButton .caret { - border-bottom-color: #ffffff; - border-top-color: #ffffff; -} - -/* Wrapper for page content to push down footer */ -#wrap { - min-height: 100%; - height: auto !important; - height: 100%; - /* Negative indent footer by its height */ - margin: 0 auto -60px; -} - -/* Set the fixed height of the footer here */ -#push,#footer { - min-height: 60px; -} - -#footer { - background-color: #f5f5f5; -} - -.main { - padding-top: 60px; -} - -.credit { - margin: 20px 0; -} - -.inputError { - border: 1px solid #b94a48 !important; -} - -/* Fix for wonky forms */ - -.input-append.input-block-level, -.input-prepend.input-block-level { - display: table; -} - -.input-append.input-block-level .add-on, -.input-prepend.input-block-level .add-on { - display: table-cell; - width: 1%; /* remove this if you want default bootstrap button width */ -} - -.input-append.input-block-level > input, -.input-prepend.input-block-level > input { - box-sizing: border-box; /* use bootstrap mixin or include vendor variants */ - -moz-box-sizing: border-box; /* for Firefox */ - min-height: inherit; - width: 100%; -} - -/* This block applies to Chrome only */ -@media screen and (-webkit-min-device-pixel-ratio:0) { - .input-append.input-block-level > input, - .input-prepend.input-block-level > input { - display: table; /* table-cell is not working well in Chrome for small widths */ - } -} - -.input-append.input-block-level > input { - border-right: 0; -} - -.input-prepend.input-block-level > input { - border-left: 0; -} - -.label-matched, .badge-matched { - background-color: #D1D1FF; -} - -/* get rid of extraneous outline on tabs */ - -.nav-tabs > .active > a, .nav-tabs > .active > a:hover { - outline: 0; -} - -.control-group .controls div { - display: block; -} - -.control-group .controls div { - padding-top: 5px; - margin-bottom: 5px; -} - -.control-group .controls div label.checkbox, -.control-group .controls div label.radio { - display: inline-block; - padding: 0 5px 0 5px; - line-height: 20px; -} - -.control-group .controls div input[type=checkbox], -.control-group .controls div input[type=radio] { - line-height: 20px; - vertical-align: middle; - margin: 0; -} - -/* User profile claims alignment */ -.user-profile dd, .user-profile dt { - height: 20px; -} - -/* Client table images */ -.client-logo { - max-width: 64px; - max-height: 64px -} - -/* Modal and sheet fight for the same z-index otherwise */ -.modal-backdrop { - z-index: 2040; -} -.modal { - z-index: 2050; -} diff --git a/openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode.png b/openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode.png deleted file mode 100644 index bae99657e6..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode.png and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode@2x.png b/openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode@2x.png deleted file mode 100644 index 8f65e47a56..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode@2x.png and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/images/logo_placeholder.gif b/openid-connect-server-webapp/src/main/webapp/resources/images/logo_placeholder.gif deleted file mode 100644 index 035747694a..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/images/logo_placeholder.gif and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/images/mitreid-connect.ico b/openid-connect-server-webapp/src/main/webapp/resources/images/mitreid-connect.ico deleted file mode 100644 index 3dfafe812a..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/images/mitreid-connect.ico and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large.png b/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large.png deleted file mode 100644 index 33eb16eedd..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large.png and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large@2x.png b/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large@2x.png deleted file mode 100644 index 04c094dd09..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large@2x.png and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small.png b/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small.png deleted file mode 100644 index 09bbaadc64..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small.png and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small@2x.png b/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small@2x.png deleted file mode 100644 index 6b845e2bff..0000000000 Binary files a/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small@2x.png and /dev/null differ diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js b/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js deleted file mode 100644 index e6d5d9a768..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js +++ /dev/null @@ -1,580 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -Backbone.Model.prototype.fetchIfNeeded = function(options) { - var _self = this; - if (!options) { - options = {}; - } - var success = options.success; - options.success = function(c, r) { - _self.isFetched = true; - if (success) { - success(c, r); - } - }; - if (!this.isFetched) { - return this.fetch(options); - } else { - return options.success(this, null); - } -}; - -Backbone.Collection.prototype.fetchIfNeeded = function(options) { - var _self = this; - if (!options) { - options = {}; - } - var success = options.success; - options.success = function(c, r) { - _self.isFetched = true; - if (success) { - success(c, r); - } - }; - if (!this.isFetched) { - return this.fetch(options); - } else { - return options.success(this, null); - } -}; - -var URIModel = Backbone.Model - .extend({ - - validate: function(attrs) { - - var expression = /^(?:([a-z0-9+.-]+:\/\/)((?:(?:[a-z0-9-._~!$&'()*+,;=:]|%[0-9A-F]{2})*)@)?((?:[a-z0-9-._~!$&'()*+,;=]|%[0-9A-F]{2})*)(:(?:\d*))?(\/(?:[a-z0-9-._~!$&'()*+,;=:@\/]|%[0-9A-F]{2})*)?|([a-z0-9+.-]+:)(\/?(?:[a-z0-9-._~!$&'()*+,;=:@]|%[0-9A-F]{2})+(?:[a-z0-9-._~!$&'()*+,;=:@\/]|%[0-9A-F]{2})*)?)(\?(?:[a-z0-9-._~!$&'()*+,;=:\/?@]|%[0-9A-F]{2})*)?(#(?:[a-z0-9-._~!$&'()*+,;=:\/?@]|%[0-9A-F]{2})*)?$/i; - var regex = new RegExp(expression); - - if (attrs.item == null || !attrs.item.match(regex)) { - return "Invalid URI"; - } - } - - }); - -/* - * Backbone JS Reusable ListWidget Options { collection: Backbone JS Collection - * type: ('uri'|'default') autocomplete: ['item1','item2'] List of auto complete - * items } - * - */ -var ListWidgetChildView = Backbone.View.extend({ - - tagName: 'tr', - - events: { - "click .btn-delete-list-item": 'deleteItem', - "change .checkbox-list-item": 'toggleCheckbox' - }, - - deleteItem: function(e) { - e.preventDefault(); - e.stopImmediatePropagation(); - // this.$el.tooltip('delete'); - - this.model.destroy({ - dataType: false, - processData: false, - error: app.errorHandlerView.handleError() - }); - - }, - - toggleCheckbox: function(e) { - e.preventDefault(); - e.stopImmediatePropagation(); - if ($(e.target).is(':checked')) { - this.options.collection.add(this.model); - } else { - this.options.collection.remove(this.model); - } - - }, - - initialize: function(options) { - this.options = { - toggle: false, - checked: false - }; - _.extend(this.options, options); - if (!this.template) { - this.template = _.template($('#tmpl-list-widget-child').html()); - } - }, - - render: function() { - - var data = { - model: this.model.toJSON(), - opt: this.options - }; - - this.$el.html(this.template(data)); - - $('.item-full', this.el).hide(); - - if (this.model.get('item').length > 30) { - this.$el.tooltip({ - title: $.t('admin.list-widget.tooltip') - }); - - var _self = this; - - // added span to enable checkbox also - $(this.el).find('span').click(function(event) { - event.preventDefault(); - $('.item-short', _self.el).hide(); - $('.item-full', _self.el).show(); - _self.$el.tooltip('destroy'); - }); - } - - $(this.el).i18n(); - return this; - } -}); - -var ListWidgetView = Backbone.View.extend({ - - tagName: "div", - - events: { - "click .btn-add-list-item": "addItem", - "keypress": function(e) { - // trap the enter key - if (e.which == 13) { - e.preventDefault(); - this.addItem(e); - $("input", this.$el).focus(); - } - } - }, - - initialize: function(options) { - this.options = options; - - if (!this.template) { - this.template = _.template($('#tmpl-list-widget').html()); - } - - this.collection.bind('add', this.render, this); - this.collection.bind('remove', this.render, this); - }, - - addItem: function(e) { - e.preventDefault(); - - var input_value = $("input", this.el).val().trim(); - - if (input_value === "") { - return; - } - - var model; - - if (this.options.type == 'uri') { - model = new URIModel({ - item: input_value - }); - } else { - model = new Backbone.Model({ - item: input_value - }); - model.validate = function(attrs) { - if (!attrs.item) { - return "value can't be null"; - } - }; - } - - // if it's valid and doesn't already exist - if (model.get("item") != null && this.collection.where({ - item: input_value - }).length < 1) { - this.collection.add(model); - } else { - // else add a visual error indicator - $(".control-group", this.el).addClass('error'); - } - }, - - render: function(eventName) { - - this.$el.html(this.template({ - placeholder: this.options.placeholder, - helpBlockText: this.options.helpBlockText - })); - - var _self = this; - - if (_.size(this.collection.models) == 0 && _.size(this.options.autocomplete) == 0) { - $("tbody", _self.el).html($('#tmpl-list-widget-child-empty').html()); - } else { - - // make a copy of our collection to work from - var values = this.collection.clone(); - - // look through our autocomplete values (if we have them) and render - // them all as checkboxes - if (this.options.autocomplete) { - _.each(this.options.autocomplete, function(option) { - var found = _.find(values.models, function(element) { - return element.get('item') == option; - }); - - var model = null; - var checked = false; - - if (found) { - // if we found the element, check the box - model = found; - checked = true; - // and remove it from the list of items to be rendered - // later - values.remove(found, { - silent: true - }); - } else { - model = new Backbone.Model({ - item: option - }); - checked = false; - } - - var el = new ListWidgetChildView({ - model: model, - toggle: true, - checked: checked, - collection: _self.collection - }).render().el; - $("tbody", _self.el).append(el); - - }, this); - } - - // now render everything not in the autocomplete list - _.each(values.models, function(model) { - var el = new ListWidgetChildView({ - model: model, - collection: _self.collection - }).render().el; - $("tbody", _self.el).append(el); - }, this); - } - - $(this.el).i18n(); - return this; - } - -}); - -var BreadCrumbView = Backbone.View.extend({ - - tagName: 'ul', - - initialize: function(options) { - this.options = options; - - if (!this.template) { - this.template = _.template($('#tmpl-breadcrumbs').html()); - } - - this.$el.addClass('breadcrumb'); - - this.collection.bind('add', this.render, this); - }, - - render: function() { - - this.$el.empty(); - var parent = this; - - // go through each of the breadcrumb models - _.each(this.collection.models, function(crumb, index) { - - // if it's the last index in the crumbs then render the link - // inactive - if (index == parent.collection.size() - 1) { - crumb.set({ - active: true - }, { - silent: true - }); - } else { - crumb.set({ - active: false - }, { - silent: true - }); - } - - this.$el.append(this.template(crumb.toJSON())); - }, this); - - $('#breadcrumbs').html(this.el); - $(this.el).i18n(); - } -}); - -// User Profile - -var UserProfileView = Backbone.View.extend({ - tagName: 'span', - - initialize: function(options) { - this.options = options; - if (!this.template) { - this.template = _.template($('#tmpl-user-profile-element').html()); - } - }, - - render: function() { - - $(this.el).html($('#tmpl-user-profile').html()); - - var t = this.template; - - _.each(this.model, function(value, key) { - if (key && value) { - - if (typeof (value) === 'object') { - - var el = this.el; - var k = key; - - _.each(value, function(value, key) { - $('dl', el).append(t({ - key: key, - value: value, - category: k - })); - }); - } else if (typeof (value) === 'array') { - // TODO: handle array types - } else { - $('dl', this.el).append(t({ - key: key, - value: value - })); - } - } - }, this); - - $(this.el).i18n(); - return this; - } -}); - -// error handler -var ErrorHandlerView = Backbone.View.extend({ - - initialize: function(options) { - this.options = options; - if (!this.template) { - this.template = _.template($('#tmpl-error-box').html()); - } - if (!this.headerTemplate) { - this.headerTemplate = _.template($('#tmpl-error-header').html()); - } - }, - - reloadPage: function(event) { - event.preventDefault(); - window.location.reload(true); - }, - - handleError: function(message) { - - if (!message) { - message = {}; - } - - var _self = this; - - return function(model, response, options) { - - if (message.log) { - console.log(message.log); - } - - _self.showErrorMessage(_self.headerTemplate({ - message: message, - model: model, - response: response, - options: options - }), _self.template({ - message: message, - model: model, - response: response, - options: options - })); - - $('#modalAlert .modal-body .page-reload').on('click', _self.reloadPage); - - } - }, - - showErrorMessage: function(header, message) { - // hide the sheet if it's visible - $('#loadingbox').sheet('hide'); - - $('#modalAlert').i18n(); - $('#modalAlert div.modal-header').html(header); - $('#modalAlert .modal-body').html(message); - - $('#modalAlert').modal({ - 'backdrop': 'static', - 'keyboard': true, - 'show': true - }); - - } -}); - -// Router -var AppRouter = Backbone.Router.extend({ - - routes: { - - "": "root" - - }, - - root: function() { - if (isAdmin()) { - this.navigate('admin/clients', { - trigger: true - }); - } else { - this.navigate('user/approved', { - trigger: true - }); - } - }, - - initialize: function() { - - this.breadCrumbView = new BreadCrumbView({ - collection: new Backbone.Collection() - }); - - this.breadCrumbView.render(); - - this.errorHandlerView = new ErrorHandlerView(); - - // call all the extra initialization functions - var app = this; - _.each(ui.init, function(fn) { - fn(app); - }); - - }, - - notImplemented: function() { - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([{ - text: $.t('admin.home'), - href: "" - }]); - - this.updateSidebar('none'); - - $('#content').html("

        Not implemented yet.

        "); - }, - - updateSidebar: function(item) { - $('.sidebar-nav li.active').removeClass('active'); - - $('.sidebar-nav li a[href^="manage/#' + item + '"]').parent().addClass('active'); - } -}); - -// holds the global app. -// this gets init after the templates load -var app = null; - -// main -$(function() { - - var loader = function(source) { - return $.get(source, function(templates) { - console.log('Loading file: ' + source); - $('#templates').append(templates); - }); - }; - - // load templates and append them to the body - $.when.apply(null, ui.templates.map(loader)).done(function() { - console.log('done'); - $.ajaxSetup({ - cache: false - }); - app = new AppRouter(); - - _.each(ui.routes.reverse(), function(route) { - console.log("Adding route: " + route.name); - app.route(route.path, route.name, route.callback); - }); - - app.on('route', function(name, args) { - // scroll to top of page on new route selection - $("html, body").animate({ - scrollTop: 0 - }, "slow"); - }); - - // grab all hashed URLs and send them through the app router instead - $(document).on('click', 'a[href^="manage/#"]', function(event) { - event.preventDefault(); - app.navigate(this.hash.slice(1), { - trigger: true - }); - }); - - var base = $('base').attr('href'); - if (base.substr(-1) !== '/') { - base += '/'; - } - $.getJSON(base + '.well-known/openid-configuration', function(data) { - app.serverConfiguration = data; - var baseUrl = $.url(app.serverConfiguration.issuer); - Backbone.history.start({ - pushState: true, - root: baseUrl.attr('relative') + 'manage/' - }); - }); - }); - - window.onerror = function(message, filename, lineno, colno, error) { - console.log(message); - // Display an alert with an error message - $('#modalAlert div.modal-header').html($.t('error.title')); - $('#modalAlert div.modal-body').html($.t('error.message') + message + '
        ' + [filename, lineno, colno, error]); - - $("#modalAlert").modal({ // wire up the actual modal functionality - // and show the dialog - "backdrop": "static", - "keyboard": true, - "show": true - // ensure the modal is shown immediately - }); - - } -}); diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/blacklist.js b/openid-connect-server-webapp/src/main/webapp/resources/js/blacklist.js deleted file mode 100644 index 502cd7c791..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/blacklist.js +++ /dev/null @@ -1,223 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -var BlackListModel = Backbone.Model.extend({ - idAttribute: 'id', - - urlRoot: 'api/blacklist' -}); - -var BlackListCollection = Backbone.Collection.extend({ - initialize: function() { - }, - - url: "api/blacklist" -}); - -var BlackListListView = Backbone.View.extend({ - tagName: 'span', - - initialize: function(options) { - this.options = options; - }, - - load: function(callback) { - if (this.collection.isFetched) { - callback(); - return; - } - - $('#loadingbox').sheet('show'); - $('#loading').html('' + $.t('admin.blacklist') + ' '); - - $.when(this.collection.fetchIfNeeded({ - success: function(e) { - $('#loading-blacklist').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - })).done(function() { - $('#loadingbox').sheet('hide'); - callback(); - }); - }, - - events: { - "click .refresh-table": "refreshTable", - "click .btn-add": "addItem", - "submit #add-blacklist form": "addItem" - }, - - refreshTable: function(e) { - e.preventDefault(); - - var _self = this; - $('#loadingbox').sheet('show'); - $('#loading').html('' + $.t('admin.blacklist') + ' '); - - $.when(this.collection.fetch()).done(function() { - $('#loadingbox').sheet('hide'); - _self.render(); - }); - }, - - togglePlaceholder: function() { - if (this.collection.length > 0) { - $('#blacklist-table', this.el).show(); - $('#blacklist-table-empty', this.el).hide(); - } else { - $('#blacklist-table', this.el).hide(); - $('#blacklist-table-empty', this.el).show(); - } - }, - - render: function(eventName) { - - $(this.el).html($('#tmpl-blacklist-table').html()); - - var _self = this; - _.each(this.collection.models, function(blacklist) { - var view = new BlackListWidgetView({ - model: blacklist - }); - view.parentView = _self; - $("#blacklist-table", _self.el).append(view.render().el); - }, this); - - this.togglePlaceholder(); - - $(this.el).i18n(); - return this; - }, - - addItem: function(e) { - e.preventDefault(); - - var input_value = $("#blacklist-uri", this.el).val().trim(); - - if (input_value === "") { - return; - } - - // TODO: URI/pattern validation, check against existing clients - - var item = new BlackListModel({ - uri: input_value - }); - - var _self = this; // closures... - - item.save({}, { - success: function() { - _self.collection.add(item); - _self.render(); - }, - error: app.errorHandlerView.handleError() - }); - - } - -}); - -var BlackListWidgetView = Backbone.View.extend({ - - tagName: 'tr', - - initialize: function(options) { - this.options = options; - - if (!this.template) { - this.template = _.template($('#tmpl-blacklist-item').html()); - } - }, - - render: function() { - - this.$el.html(this.template(this.model.toJSON())); - - return this; - - }, - - events: { - 'click .btn-delete': 'deleteBlacklist' - }, - - deleteBlacklist: function(e) { - e.preventDefault(); - - if (confirm($.t("blacklist.confirm"))) { - var _self = this; - - this.model.destroy({ - dataType: false, - processData: false, - success: function() { - - _self.$el.fadeTo("fast", 0.00, function() { // fade - $(this).slideUp("fast", function() { // slide up - $(this).remove(); // then remove from the DOM - _self.parentView.togglePlaceholder(); - }); - }); - }, - error: app.errorHandlerView.handleError() - }); - - _self.parentView.delegateEvents(); - } - - return false; - } - -}); - -ui.routes.push({ - path: "admin/blacklist", - name: "blackList", - callback: function() { - - if (!isAdmin()) { - this.root(); - return; - } - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([{ - text: $.t('admin.home'), - href: "" - }, { - text: $.t('admin.manage-blacklist'), - href: "manage/#admin/blacklist" - }]); - - this.updateSidebar('admin/blacklist'); - - var view = new BlackListListView({ - collection: this.blackListList - }); - - view.load(function(collection, response, options) { - $('#content').html(view.render().el); - setPageTitle($.t('admin.manage-blacklist')); - }); - } - -}); - -ui.templates.push('resources/template/blacklist.html'); - -ui.init.push(function(app) { - app.blackListList = new BlackListCollection(); -}); diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js b/openid-connect-server-webapp/src/main/webapp/resources/js/client.js deleted file mode 100644 index a4c8097b07..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js +++ /dev/null @@ -1,1558 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -var ClientModel = Backbone.Model.extend({ - - idAttribute: "id", - - initialize: function() { - - // bind validation errors to dom elements - // this will display form elements in red if they are not valid - this.bind('error', function(model, errs) { - _.map(errs, function(val, elID) { - $('#' + elID).addClass('error'); - }); - }); - - }, - - // We can pass it default values. - defaults: { - id: null, - - clientId: null, - clientSecret: null, - redirectUris: [], - clientName: null, - clientUri: null, - logoUri: null, - contacts: [], - tosUri: null, - tokenEndpointAuthMethod: null, - scope: [], - grantTypes: [], - responseTypes: [], - policyUri: null, - - jwksUri: null, - jwks: null, - jwksType: "URI", - - applicationType: null, - sectorIdentifierUri: null, - subjectType: null, - - requestObjectSigningAlg: null, - - userInfoSignedResponseAlg: null, - userInfoEncryptedResponseAlg: null, - userInfoEncryptedResponseEnc: null, - - idTokenSignedResponseAlg: null, - idTokenEncryptedResponseAlg: null, - idTokenEncryptedResponseEnc: null, - - tokenEndpointAuthSigningAlg: null, - - defaultMaxAge: null, - requireAuthTime: false, - defaultACRvalues: null, - - initiateLoginUri: null, - postLogoutRedirectUris: [], - - requestUris: [], - - softwareStatement: null, - softwareId: null, - softwareVersion: null, - - codeChallengeMethod: null, - - authorities: [], - accessTokenValiditySeconds: null, - refreshTokenValiditySeconds: null, - resourceIds: [], - // additionalInformation? - - claimsRedirectUris: [], - - clientDescription: null, - reuseRefreshToken: true, - clearAccessTokensOnRefresh: true, - dynamicallyRegistered: false, - allowIntrospection: false, - idTokenValiditySeconds: null, - deviceCodeValiditySeconds: null, - createdAt: null, - - allowRefresh: false, - displayClientSecret: false, - generateClientSecret: false, - }, - - urlRoot: "api/clients", - - matches: function(term) { - - var matches = []; - - if (term) { - if (this.get('clientId').toLowerCase().indexOf(term.toLowerCase()) != -1) { - matches.push($.t('client.client-table.match.id')); - } - if (this.get('clientName') != null && this.get('clientName').toLowerCase().indexOf(term.toLowerCase()) != -1) { - matches.push($.t('client.client-table.match.name')); - } - if (this.get('clientDescription') != null && this.get('clientDescription').toLowerCase().indexOf(term.toLowerCase()) != -1) { - matches.push($.t('client.client-table.match.description')); - } - if (this.get('clientUri') != null && this.get('clientUri').toLowerCase().indexOf(term.toLowerCase()) != -1) { - matches.push($.t('client.client-table.match.homepage')); - } - if (this.get('policyUri') != null && this.get('policyUri').toLowerCase().indexOf(term.toLowerCase()) != -1) { - matches.push($.t('client.client-table.match.policy')); - } - if (this.get('tosUri') != null && this.get('tosUri').toLowerCase().indexOf(term.toLowerCase()) != -1) { - matches.push($.t('client.client-table.match.terms')); - } - if (this.get('logoUri') != null && this.get('logoUri').toLowerCase().indexOf(term.toLowerCase()) != -1) { - matches.push($.t('client.client-table.match.logo')); - } - if (this.get('contacts') != null) { - var f = _.filter(this.get('contacts'), function(item) { - return item.toLowerCase().indexOf(term.toLowerCase()) != -1; - }); - if (f.length > 0) { - matches.push($.t('client.client-table.match.contacts')); - } - } - if (this.get('redirectUris') != null) { - var f = _.filter(this.get('redirectUris'), function(item) { - return item.toLowerCase().indexOf(term.toLowerCase()) != -1; - }); - if (f.length > 0) { - matches.push($.t('client.client-table.match.redirect')); - } - } - if (this.get('scope') != null) { - var f = _.filter(this.get('scope'), function(item) { - return item.toLowerCase().indexOf(term.toLowerCase()) != -1; - }); - if (f.length > 0) { - matches.push($.t('client.client-table.match.scope')); - } - } - if (this.get('softwareId') != null && this.get('softwareId').toLowerCase().indexOf(term.toLowerCase()) != -1) { - matches.push($.t('client.client-table.match.software-id')); - } - if (this.get('softwareVersion') != null && this.get('softwareVersion').toLowerCase().indexOf(term.toLowerCase()) != -1) { - matches.push($.t('client.client-table.match.software-version')); - } - } else { - // there's no search term, we always match - - this.unset('matches', { - silent: true - }); - // console.log('no term'); - return true; - } - - var matchString = matches.join(' | '); - - if (matches.length > 0) { - this.set({ - matches: matchString - }, { - silent: true - }); - - return true; - } else { - this.unset('matches', { - silent: true - }); - - return false; - } - } - -}); - -var RegistrationTokenModel = Backbone.Model.extend({ - idAttribute: 'clientId', - urlRoot: 'api/tokens/registration' -}); - -var ClientStatsModel = Backbone.Model.extend({ - urlRoot: 'api/stats/byclientid' -}); - -var ClientCollection = Backbone.Collection.extend({ - - initialize: function() { - // this.fetch(); - }, - - model: ClientModel, - url: "api/clients", - - getByClientId: function(clientId) { - var clients = this.where({ - clientId: clientId - }); - if (clients.length == 1) { - return clients[0]; - } else { - return null; - } - } -}); - -var ClientView = Backbone.View.extend({ - - tagName: 'tr', - - isRendered: false, - - initialize: function(options) { - this.options = options; - - if (!this.template) { - this.template = _.template($('#tmpl-client-table-item').html()); - } - - if (!this.scopeTemplate) { - this.scopeTemplate = _.template($('#tmpl-scope-list').html()); - } - - if (!this.moreInfoTemplate) { - this.moreInfoTemplate = _.template($('#tmpl-client-more-info-block').html()); - } - - if (!this.registrationTokenTemplate) { - this.registrationTokenTemplate = _.template($('#tmpl-client-registration-token').html()); - } - - if (!this.countTemplate) { - this.countTemplate = _.template($('#tmpl-client-count').html()); - } - - this.model.bind('change', this.render, this); - - }, - - render: function(eventName) { - - var creationDate = this.model.get('createdAt'); - var displayCreationDate = $.t('client.client-table.unknown'); - var hoverCreationDate = ""; - if (creationDate == null || !moment(creationDate).isValid()) { - displayCreationDate = $.t('client.client-table.unknown'); - hoverCreationDate = ""; - } else { - creationDate = moment(creationDate); - if (moment().diff(creationDate, 'months') < 6) { - displayCreationDate = creationDate.fromNow(); - } else { - displayCreationDate = "on " + creationDate.format("LL"); - } - hoverCreationDate = creationDate.format("LLL"); - } - - var json = { - client: this.model.toJSON(), - whiteList: this.options.whiteList, - displayCreationDate: displayCreationDate, - hoverCreationDate: hoverCreationDate - }; - this.$el.html(this.template(json)); - - $('.scope-list', this.el).html(this.scopeTemplate({ - scopes: this.model.get('scope'), - systemScopes: this.options.systemScopeList - })); - - $('.client-more-info-block', this.el).html(this.moreInfoTemplate({ - client: this.model.toJSON() - })); - - $('.clientid-full', this.el).hide(); - - this.$('.dynamically-registered').tooltip({ - title: $.t('client.client-table.dynamically-registered-tooltip') - }); - this.$('.allow-introspection').tooltip({ - title: $.t('client.client-table.allow-introspection-tooltip') - }); - - this.updateMatched(); - this.updateStats(); - - $(this.el).i18n(); - - this.isRendered = true; - - return this; - }, - - updateStats: function(eventName) { - $('.count', this.el).html(this.countTemplate({ - count: this.options.clientStat.get('approvedSiteCount') - })); - }, - - showRegistrationToken: function(e) { - e.preventDefault(); - - $('#modalAlertLabel').html($.t('client.client-form.registration-access-token')); - - var token = new RegistrationTokenModel({ - clientId: this.model.get('clientId') - }); - - var _self = this; - token.fetch({ - success: function() { - var savedModel = { - clientId: _self.model.get('clientId'), - registrationToken: token.get('value') - }; - - $('#modalAlert .modal-body').html(_self.registrationTokenTemplate(savedModel)); - - $('#modalAlert .modal-body #rotate-token').click(function(e) { - if (confirm($.t('client.client-form.rotate-registration-token-confirm'))) { - token.save(null, { - success: function() { - console.log('token:' + token.get('value')); - $('#modalAlert .modal-body #registrationToken').val(token.get('value')); - }, - error: app.errorHandlerView.handleError({ - message: $.t('client.client-form.rotate-registration-token-error') - }) - }); - } - }); - - $('#modalAlert').i18n(); - $('#modalAlert').modal({ - 'backdrop': 'static', - 'keyboard': true, - 'show': true - }); - - }, - error: app.errorHandlerView.handleError({ - log: "An error occurred when fetching the registration token", - message: $.t('client.client-form.registration-token-error') - }) - }); - - }, - - updateMatched: function() { - - // console.log(this.model.get('matches')); - - if (this.model.get('matches')) { - $('.matched', this.el).show(); - $('.matched span', this.el).html(this.model.get('matches')); - } else { - $('.matched', this.el).hide(); - } - }, - - events: { - "click .btn-edit": "editClient", - "click .btn-delete": "deleteClient", - "click .btn-whitelist": "whiteListClient", - 'click .toggleMoreInformation': 'toggleMoreInformation', - "click .clientid-substring": "showClientId", - "click .dynamically-registered": 'showRegistrationToken' - }, - - editClient: function(e) { - e.preventDefault(); - app.navigate('admin/client/' + this.model.id, { - trigger: true - }); - }, - - whiteListClient: function(e) { - e.preventDefault(); - if (this.options.whiteList == null) { - // create a new one - app.navigate('admin/whitelist/new/' + this.model.get('id'), { - trigger: true - }); - } else { - // edit the existing one - app.navigate('admin/whitelist/' + this.options.whiteList.get('id'), { - trigger: true - }); - } - }, - - deleteClient: function(e) { - e.preventDefault(); - - if (confirm($.t('client.client-table.confirm'))) { - var _self = this; - - this.model.destroy({ - dataType: false, - processData: false, - success: function() { - _self.$el.fadeTo("fast", 0.00, function() { // fade - $(this).slideUp("fast", function() { // slide up - $(this).remove(); // then remove from the DOM - _self.parentView.togglePlaceholder(); - }); - }); - }, - error: app.errorHandlerView.handleError({ - log: "An error occurred when deleting a client" - }) - }); - - _self.parentView.delegateEvents(); - } - - return false; - }, - - toggleMoreInformation: function(e) { - e.preventDefault(); - if ($('.moreInformation', this.el).is(':visible')) { - // hide it - $('.moreInformationContainer', this.el).removeClass('alert').removeClass('alert-info').addClass('muted'); - $('.moreInformation', this.el).hide('fast'); - $('.toggleMoreInformation i', this.el).attr('class', 'icon-chevron-right'); - - } else { - // show it - $('.moreInformationContainer', this.el).addClass('alert').addClass('alert-info').removeClass('muted'); - $('.moreInformation', this.el).show('fast'); - $('.toggleMoreInformation i', this.el).attr('class', 'icon-chevron-down'); - } - }, - - showClientId: function(e) { - e.preventDefault(); - - $('.clientid-full', this.el).show(); - - }, - - close: function() { - $(this.el).unbind(); - $(this.el).empty(); - } -}); - -var ClientListView = Backbone.View.extend({ - - tagName: 'span', - - stats: {}, - - initialize: function(options) { - this.options = options; - this.filteredModel = this.model; - }, - - load: function(callback) { - if (this.model.isFetched && this.options.whiteListList.isFetched && this.options.systemScopeList.isFetched) { - callback(); - return; - } - - $('#loadingbox').sheet('show'); - $('#loading').html('' + $.t("common.clients") + ' ' + '' + $.t("whitelist.whitelist") + ' ' + '' + $.t("common.scopes") + ' '); - - $.when(this.model.fetchIfNeeded({ - success: function(e) { - $('#loading-clients').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - }), this.options.whiteListList.fetchIfNeeded({ - success: function(e) { - $('#loading-whitelist').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - }), this.options.systemScopeList.fetchIfNeeded({ - success: function(e) { - $('#loading-scopes').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - })).done(function() { - $('#loadingbox').sheet('hide'); - callback(); - }); - - }, - - events: { - "click .new-client": "newClient", - "click .refresh-table": "refreshTable", - 'keyup .search-query': 'searchTable', - 'click .form-search button': 'clearSearch', - 'page .paginator': 'changePage' - }, - - newClient: function(e) { - e.preventDefault(); - this.remove(); - app.navigate('admin/client/new', { - trigger: true - }); - }, - - render: function(eventName) { - - // append and render table structure - $(this.el).html($('#tmpl-client-table').html()); - - this.renderInner(); - $(this.el).i18n(); - return this; - }, - - renderInner: function(eventName) { - - // set up the rows to render - // (note that this doesn't render until visibility is determined in - // togglePlaceholder) - - _.each(this.filteredModel.models, function(client, index) { - var clientStat = this.getStat(client.get('clientId')); - var view = new ClientView({ - model: client, - clientStat: clientStat, - systemScopeList: this.options.systemScopeList, - whiteList: this.options.whiteListList.getByClientId(client.get('clientId')) - }); - view.parentView = this; - // var element = view.render().el; - var element = view.el; - $("#client-table", this.el).append(element); - this.addView(client.get('id'), view); - }, this); - - this.togglePlaceholder(); - }, - - views: {}, - - addView: function(index, view) { - this.views[index] = view; - }, - - getView: function(index) { - return this.views[index]; - }, - - getStat: function(index) { - if (!this.stats[index]) { - this.stats[index] = new ClientStatsModel({ - id: index - }); - } - return this.stats[index]; - }, - - togglePlaceholder: function() { - // set up pagination - var numPages = Math.ceil(this.filteredModel.length / 10); - if (numPages > 1) { - $('.paginator', this.el).show(); - $('.paginator', this.el).bootpag({ - total: numPages, - maxVisible: 10, - leaps: false, - page: 1 - }); - } else { - $('.paginator', this.el).hide(); - } - - if (this.filteredModel.length > 0) { - this.changePage(undefined, 1); - $('#client-table', this.el).show(); - $('#client-table-empty', this.el).hide(); - $('#client-table-search-empty', this.el).hide(); - } else { - if (this.model.length > 0) { - // there's stuff in the model but it's been filtered out - $('#client-table', this.el).hide(); - $('#client-table-empty', this.el).hide(); - $('#client-table-search-empty', this.el).show(); - } else { - // we're empty - $('#client-table', this.el).hide(); - $('#client-table-empty', this.el).show(); - $('#client-table-search-empty', this.el).hide(); - } - } - }, - - changePage: function(event, num) { - console.log('Page changed: ' + num); - - $('.paginator', this.el).bootpag({ - page: num - }); - var _self = this; - - _.each(this.filteredModel.models, function(client, index) { - var view = _self.getView(client.get('id')); - if (!view) { - console.log('Error: no view for client ' + client.get('id')); - return; - } - - // only show/render clients on the current page - - console.log(':: ' + index + ' ' + num + ' ' + Math.ceil((index + 1) / 10) != num); - - if (Math.ceil((index + 1) / 10) != num) { - $(view.el).hide(); - } else { - if (!view.isRendered) { - view.render(); - var clientStat = view.options.clientStat; - - // load and display the stats - $.when(clientStat.fetchIfNeeded({ - success: function(e) { - - }, - error: app.errorHandlerView.handleError() - })).done(function(e) { - view.updateStats(); - }); - } - $(view.el).show(); - } - }); - - /* - * $('#client-table tbody tr', this.el).each(function(index, element) { - * if (Math.ceil((index + 1) / 10) != num) { // hide the element - * $(element).hide(); } else { // show the element $(element).show(); } - * }); - */ - }, - - refreshTable: function(e) { - e.preventDefault(); - $('#loadingbox').sheet('show'); - $('#loading').html('' + $.t("common.clients") + ' ' + '' + $.t("whitelist.whitelist") + ' ' + '' + $.t("common.scopes") + ' '); - - var _self = this; - $.when(this.model.fetch({ - success: function(e) { - $('#loading-clients').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - }), this.options.whiteListList.fetch({ - success: function(e) { - $('#loading-whitelist').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - }), this.options.systemScopeList.fetch({ - success: function(e) { - $('#loading-scopes').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - })).done(function() { - $('#loadingbox').sheet('hide'); - _self.render(); - }); - }, - - searchTable: function(e) { - var term = $('.search-query', this.el).val(); - - this.filteredModel = new ClientCollection(this.model.filter(function(client) { - return client.matches(term); - })); - - // clear out the table - $('tbody', this.el).html(''); - - // re-render the table - this.renderInner(); - - }, - - clearSearch: function(e) { - $('.search-query', this.el).val(''); - this.searchTable(); - } - -}); - -var ClientFormView = Backbone.View.extend({ - - tagName: "span", - - initialize: function(options) { - this.options = options; - - if (!this.template) { - this.template = _.template($('#tmpl-client-form').html()); - } - - if (!this.clientSavedTemplate) { - this.clientSavedTemplate = _.template($('#tmpl-client-saved').html()); - } - - this.redirectUrisCollection = new Backbone.Collection(); - this.scopeCollection = new Backbone.Collection(); - this.contactsCollection = new Backbone.Collection(); - this.defaultACRvaluesCollection = new Backbone.Collection(); - this.requestUrisCollection = new Backbone.Collection(); - this.postLogoutRedirectUrisCollection = new Backbone.Collection(); - this.claimsRedirectUrisCollection = new Backbone.Collection(); - // TODO: add Spring authorities collection and resource IDs collection? - - // collection of sub-views that need to be sync'd on save - this.listWidgetViews = []; - }, - - events: { - "click .btn-save": "saveClient", - "click #allowRefresh": "toggleRefreshTokenTimeout", - "click #disableAccessTokenTimeout": function() { - $("#access-token-timeout-time", this.$el).prop('disabled', !$("#access-token-timeout-time", this.$el).prop('disabled')); - $("#access-token-timeout-unit", this.$el).prop('disabled', !$("#access-token-timeout-unit", this.$el).prop('disabled')); - document.getElementById("access-token-timeout-time").value = ''; - }, - "click #disableRefreshTokenTimeout": function() { - $("#refresh-token-timeout-time", this.$el).prop('disabled', !$("#refresh-token-timeout-time", this.$el).prop('disabled')); - $("#refresh-token-timeout-unit", this.$el).prop('disabled', !$("#refresh-token-timeout-unit", this.$el).prop('disabled')); - document.getElementById("refresh-token-timeout-time").value = ''; - }, - "click .btn-cancel": "cancel", - "change #tokenEndpointAuthMethod input:radio": "toggleClientCredentials", - "change #displayClientSecret": "toggleDisplayClientSecret", - "change #generateClientSecret": "toggleGenerateClientSecret", - "change #logoUri input": "previewLogo", - "change #jwkSelector input:radio": "toggleJWKSetType" - }, - - cancel: function(e) { - e.preventDefault(); - app.navigate('admin/clients', { - trigger: true - }); - }, - - load: function(callback) { - if (this.model.isFetched && this.options.systemScopeList.isFetched) { - callback(); - return; - } - - $('#loadingbox').sheet('show'); - $('#loading').html('' + $.t('common.clients') + ' ' + '' + $.t("common.scopes") + ' '); - - $.when(this.options.systemScopeList.fetchIfNeeded({ - success: function(e) { - $('#loading-scopes').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - }), this.model.fetchIfNeeded({ - success: function(e) { - $('#loading-clients').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - })).done(function() { - $('#loadingbox').sheet('hide'); - callback(); - }); - }, - - toggleRefreshTokenTimeout: function() { - $("#refreshTokenValidityTime", this.$el).toggle(); - }, - - previewLogo: function() { - if ($('#logoUri input', this.el).val()) { - $('#logoPreview', this.el).empty(); - $('#logoPreview', this.el).attr('src', $('#logoUri input', this.el).val()); - } else { - // $('#logoBlock', this.el).hide(); - $('#logoPreview', this.el).attr('src', 'resources/images/logo_placeholder.gif'); - } - }, - - /** - * Set up the form based on the current state of the tokenEndpointAuthMethod - * parameter - * - * @param event - */ - toggleClientCredentials: function() { - - var tokenEndpointAuthMethod = $('#tokenEndpointAuthMethod input', this.el).filter(':checked').val(); - - if (tokenEndpointAuthMethod == 'SECRET_BASIC' || tokenEndpointAuthMethod == 'SECRET_POST' || tokenEndpointAuthMethod == 'SECRET_JWT') { - - // client secret is required, show all the bits - $('#clientSecretPanel', this.el).show(); - // this function sets up the display portions - this.toggleGenerateClientSecret(); - } else { - // no client secret, hide all the bits - $('#clientSecretPanel', this.el).hide(); - } - - // show or hide the signing algorithm method depending on what's - // selected - if (tokenEndpointAuthMethod == 'PRIVATE_KEY' || tokenEndpointAuthMethod == 'SECRET_JWT') { - $('#tokenEndpointAuthSigningAlg', this.el).show(); - } else { - $('#tokenEndpointAuthSigningAlg', this.el).hide(); - } - }, - - /** - * Set up the form based on the JWK Set selector - */ - toggleJWKSetType: function() { - var jwkSelector = $('#jwkSelector input:radio', this.el).filter(':checked').val(); - - if (jwkSelector == 'URI') { - $('#jwksUri', this.el).show(); - $('#jwks', this.el).hide(); - } else if (jwkSelector == 'VAL') { - $('#jwksUri', this.el).hide(); - $('#jwks', this.el).show(); - } else { - $('#jwksUri', this.el).hide(); - $('#jwks', this.el).hide(); - } - - }, - - /** - * Set up the form based on the "Generate" checkbox - * - * @param event - */ - toggleGenerateClientSecret: function() { - - if ($('#generateClientSecret input', this.el).is(':checked')) { - // show the "generated" block, hide the "display" checkbox - $('#displayClientSecret', this.el).hide(); - $('#clientSecret', this.el).hide(); - $('#clientSecretGenerated', this.el).show(); - $('#clientSecretHidden', this.el).hide(); - } else { - // show the display checkbox, fall back to the "display" logic - $('#displayClientSecret', this.el).show(); - this.toggleDisplayClientSecret(); - } - }, - - /** - * Handle whether or not to display the client secret - * - * @param event - */ - toggleDisplayClientSecret: function() { - - if ($('#displayClientSecret input').is(':checked')) { - // want to display it - $('#clientSecret', this.el).show(); - $('#clientSecretHidden', this.el).hide(); - $('#clientSecretGenerated', this.el).hide(); - } else { - // want to hide it - $('#clientSecret', this.el).hide(); - $('#clientSecretHidden', this.el).show(); - $('#clientSecretGenerated', this.el).hide(); - } - }, - - // rounds down to the nearest integer value in seconds. - getFormTokenNumberValue: function(value, timeUnit) { - if (value == "") { - return null; - } else if (timeUnit == 'hours') { - return parseInt(parseFloat(value) * 3600); - } else if (timeUnit == 'minutes') { - return parseInt(parseFloat(value) * 60); - } else { // seconds - return parseInt(value); - } - }, - - // returns "null" if given the value "default" as a string, otherwise - // returns input value. useful for parsing the JOSE algorithm dropdowns - defaultToNull: function(value) { - if (value == 'default') { - return null; - } else { - return value; - } - }, - - // returns "null" if the given value is falsy - emptyToNull: function(value) { - if (value) { - return value; - } else { - return null; - } - }, - - disableUnsupportedJOSEItems: function(serverSupported, query) { - var supported = ['default']; - if (serverSupported) { - supported = _.union(supported, serverSupported); - } - $(query, this.$el).each(function(idx) { - if (_.contains(supported, $(this).val())) { - $(this).prop('disabled', false); - } else { - $(this).prop('disabled', true); - } - }); - - }, - - // maps from a form-friendly name to the real grant parameter name - grantMap: { - 'authorization_code': 'authorization_code', - 'password': 'password', - 'implicit': 'implicit', - 'client_credentials': 'client_credentials', - 'redelegate': 'urn:ietf:params:oauth:grant_type:redelegate', - 'refresh_token': 'refresh_token', - 'device': 'urn:ietf:params:oauth:grant-type:device_code' - }, - - // maps from a form-friendly name to the real response type parameter name - responseMap: { - 'code': 'code', - 'token': 'token', - 'idtoken': 'id_token', - 'token-idtoken': 'token id_token', - 'code-idtoken': 'code id_token', - 'code-token': 'code token', - 'code-token-idtoken': 'code token id_token' - }, - - saveClient: function(event) { - - $('.control-group').removeClass('error'); - - // sync any leftover collection items - _.each(this.listWidgetViews, function(v) { - v.addItem($.Event('click')); - }); - - // build the scope object - var scopes = this.scopeCollection.pluck("item"); - - // build the grant type object - var grantTypes = []; - $.each(this.grantMap, function(index, type) { - if ($('#grantTypes-' + index).is(':checked')) { - grantTypes.push(type); - } - }); - - // build the response type object - var responseTypes = []; - $.each(this.responseMap, function(index, type) { - if ($('#responseTypes-' + index).is(':checked')) { - responseTypes.push(type); - } - }); - - var generateClientSecret = $('#generateClientSecret input').is(':checked'); - var clientSecret = null; - - var tokenEndpointAuthMethod = $('#tokenEndpointAuthMethod input').filter(':checked').val(); - - // whether or not the client secret changed - var secretChanged = false; - - if (tokenEndpointAuthMethod == 'SECRET_BASIC' || tokenEndpointAuthMethod == 'SECRET_POST' || tokenEndpointAuthMethod == 'SECRET_JWT') { - - if (!generateClientSecret) { - // if it's required but we're not generating it, send the value - // to preserve it - clientSecret = $('#clientSecret input').val(); - - // if it's not the same as before, offer to display it - if (clientSecret != this.model.get('clientSecret')) { - secretChanged = true; - } - } else { - // it's being generated anew - secretChanged = true; - } - } - - var accessTokenValiditySeconds = null; - if (!$('disableAccessTokenTimeout').is(':checked')) { - accessTokenValiditySeconds = this.getFormTokenNumberValue($('#accessTokenValidityTime input[type=text]').val(), $('#accessTokenValidityTime select').val()); - } - - var idTokenValiditySeconds = this.getFormTokenNumberValue($('#idTokenValidityTime input[type=text]').val(), $('#idTokenValidityTime select').val()); - - var deviceCodeValiditySeconds = this.getFormTokenNumberValue($('#deviceCodeValidityTime input[type=text]').val(), $('#deviceCodeValidityTime select').val()); - - var refreshTokenValiditySeconds = null; - if ($('#allowRefresh').is(':checked')) { - - if ($.inArray('refresh_token', grantTypes) == -1) { - grantTypes.push('refresh_token'); - } - - if ($.inArray('offline_access', scopes) == -1) { - scopes.push("offline_access"); - } - - if (!$('disableRefreshTokenTimeout').is(':checked')) { - refreshTokenValiditySeconds = this.getFormTokenNumberValue($('#refreshTokenValidityTime input[type=text]').val(), $('#refreshTokenValidityTime select').val()); - } - } - - // make sure that the subject identifier is consistent with the redirect - // URIs - var subjectType = $('#subjectType input').filter(':checked').val(); - var redirectUris = this.redirectUrisCollection.pluck("item"); - var sectorIdentifierUri = $('#sectorIdentifierUri input').val(); - if (subjectType == 'PAIRWISE' && redirectUris.length > 1 && sectorIdentifierUri == '') { - // Display an alert with an error message - app.errorHandlerView.showErrorMessage($.t("client.client-form.error.consistency"), $.t("client.client-form.error.pairwise-sector")); - return false; - - } - - // process the JWKS - var jwksUri = null; - var jwks = null; - var jwkSelector = $('#jwkSelector input:radio', this.el).filter(':checked').val(); - - if (jwkSelector == 'URI') { - jwksUri = $('#jwksUri input').val(); - jwks = null; - } else if (jwkSelector == 'VAL') { - jwksUri = null; - try { - jwks = JSON.parse($('#jwks textarea').val()); - } catch (e) { - console.log("An error occurred when parsing the JWK Set"); - app.errorHandlerView.showErrorMessage($.t("client.client-form.error.jwk-set"), $.t("client.client-form.error.jwk-set-parse")); - return false; - } - } else { - jwksUri = null; - jwks = null; - } - - var attrs = { - clientName: this.emptyToNull($('#clientName input').val()), - clientId: this.emptyToNull($('#clientId input').val()), - clientSecret: clientSecret, - generateClientSecret: generateClientSecret, - redirectUris: redirectUris, - clientDescription: this.emptyToNull($('#clientDescription textarea').val()), - logoUri: this.emptyToNull($('#logoUri input').val()), - grantTypes: grantTypes, - accessTokenValiditySeconds: accessTokenValiditySeconds, - refreshTokenValiditySeconds: refreshTokenValiditySeconds, - idTokenValiditySeconds: idTokenValiditySeconds, - deviceCodeValiditySeconds: deviceCodeValiditySeconds, - allowRefresh: $('#allowRefresh').is(':checked'), - allowIntrospection: $('#allowIntrospection input').is(':checked'), - scope: scopes, - tosUri: this.emptyToNull($('#tosUri input').val()), - policyUri: this.emptyToNull($('#policyUri input').val()), - clientUri: this.emptyToNull($('#clientUri input').val()), - applicationType: $('#applicationType input').filter(':checked').val(), - jwksUri: jwksUri, - jwks: jwks, - subjectType: subjectType, - softwareStatement: this.emptyToNull($('#softwareStatement textarea').val()), - softwareId: this.emptyToNull($('#softwareId input').val()), - softwareVersion: this.emptyToNull($('#softwareVersion input').val()), - tokenEndpointAuthMethod: tokenEndpointAuthMethod, - responseTypes: responseTypes, - sectorIdentifierUri: sectorIdentifierUri, - initiateLoginUri: this.emptyToNull($('#initiateLoginUri input').val()), - postLogoutRedirectUris: this.postLogoutRedirectUrisCollection.pluck('item'), - claimsRedirectUris: this.claimsRedirectUrisCollection.pluck('item'), - reuseRefreshToken: $('#reuseRefreshToken').is(':checked'), - clearAccessTokensOnRefresh: $('#clearAccessTokensOnRefresh').is(':checked'), - requireAuthTime: $('#requireAuthTime input').is(':checked'), - defaultMaxAge: parseInt($('#defaultMaxAge input').val()), - contacts: this.contactsCollection.pluck('item'), - requestUris: this.requestUrisCollection.pluck('item'), - defaultACRvalues: this.defaultACRvaluesCollection.pluck('item'), - requestObjectSigningAlg: this.defaultToNull($('#requestObjectSigningAlg select').val()), - userInfoSignedResponseAlg: this.defaultToNull($('#userInfoSignedResponseAlg select').val()), - userInfoEncryptedResponseAlg: this.defaultToNull($('#userInfoEncryptedResponseAlg select').val()), - userInfoEncryptedResponseEnc: this.defaultToNull($('#userInfoEncryptedResponseEnc select').val()), - idTokenSignedResponseAlg: this.defaultToNull($('#idTokenSignedResponseAlg select').val()), - idTokenEncryptedResponseAlg: this.defaultToNull($('#idTokenEncryptedResponseAlg select').val()), - idTokenEncryptedResponseEnc: this.defaultToNull($('#idTokenEncryptedResponseEnc select').val()), - tokenEndpointAuthSigningAlg: this.defaultToNull($('#tokenEndpointAuthSigningAlg select').val()), - codeChallengeMethod: this.defaultToNull($('#codeChallengeMethod select').val()) - }; - - // post-validate - if (attrs["allowRefresh"] == false) { - attrs["refreshTokenValiditySeconds"] = null; - } - - if ($('#disableAccessTokenTimeout').is(':checked')) { - attrs["accessTokenValiditySeconds"] = null; - } - - if ($('#disableRefreshTokenTimeout').is(':checked')) { - attrs["refreshTokenValiditySeconds"] = null; - } - - // set all empty strings to nulls - for ( var key in attrs) { - if (attrs[key] === "") { - attrs[key] = null; - } - } - - var _self = this; - this.model.save(attrs, { - success: function() { - - $('#modalAlertLabel').html($.t('client.client-form.saved.saved')); - - var savedModel = { - clientId: _self.model.get('clientId'), - clientSecret: _self.model.get('clientSecret'), - secretChanged: secretChanged - }; - - $('#modalAlert div.modal-header').html($.t('client.client-form.saved.saved')); - - $('#modalAlert .modal-body').html(_self.clientSavedTemplate(savedModel)); - - $('#modalAlert .modal-body #savedClientSecret').hide(); - - $('#modalAlert').on('click', '#clientSaveShow', function(event) { - event.preventDefault(); - $('#clientSaveShow').hide(); - $('#savedClientSecret').show(); - }); - - $('#modalAlert').i18n(); - $('#modalAlert').modal({ - 'backdrop': 'static', - 'keyboard': true, - 'show': true - }); - - app.clientList.add(_self.model); - app.navigate('admin/clients', { - trigger: true - }); - }, - error: app.errorHandlerView.handleError({ - log: "An error occurred when saving a client" - }) - }); - - return false; - }, - - render: function(eventName) { - - var data = { - client: this.model.toJSON(), - heartMode: heartMode - }; - $(this.el).html(this.template(data)); - - var _self = this; - - // clear the sub-view collection - this.listWidgetViews = []; - - // build and bind registered redirect URI collection and view - _.each(this.model.get("redirectUris"), function(redirectUri) { - _self.redirectUrisCollection.add(new URIModel({ - item: redirectUri - })); - }); - - var redirUriView = new ListWidgetView({ - type: 'uri', - placeholder: 'https://', - helpBlockText: $.t('client.client-form.redirect-uris-help'), - collection: this.redirectUrisCollection - }); - $("#redirectUris .controls", this.el).html(redirUriView.render().el); - this.listWidgetViews.push(redirUriView); - - // build and bind scopes - _.each(this.model.get("scope"), function(scope) { - _self.scopeCollection.add(new Backbone.Model({ - item: scope - })); - }); - - var scopeView = new ListWidgetView({ - placeholder: $.t('client.client-form.scope-placeholder'), - autocomplete: _.uniq(_.flatten(this.options.systemScopeList.pluck("value"))), - helpBlockText: $.t('client.client-form.scope-help'), - collection: this.scopeCollection - }); - $("#scope .controls", this.el).html(scopeView.render().el); - this.listWidgetViews.push(scopeView); - - // build and bind contacts - _.each(this.model.get('contacts'), function(contact) { - _self.contactsCollection.add(new Backbone.Model({ - item: contact - })); - }); - - var contactsView = new ListWidgetView({ - placeholder: $.t("client.client-form.contacts-placeholder"), - helpBlockText: $.t("client.client-form.contacts-help"), - collection: this.contactsCollection - }); - $("#contacts .controls", this.el).html(contactsView.render().el); - this.listWidgetViews.push(contactsView); - - // build and bind post-logout redirect URIs - _.each(this.model.get('postLogoutRedirectUris'), function(postLogoutRedirectUri) { - _self.postLogoutRedirectUrisCollection.add(new URIModel({ - item: postLogoutRedirectUri - })); - }); - - var postLogoutRedirectUrisView = new ListWidgetView({ - type: 'uri', - placeholder: 'https://', - helpBlockText: $.t('client.client-form.post-logout-help'), - collection: this.postLogoutRedirectUrisCollection - }); - $('#postLogoutRedirectUris .controls', this.el).html(postLogoutRedirectUrisView.render().el); - this.listWidgetViews.push(postLogoutRedirectUrisView); - - // build and bind claims redirect URIs - _.each(this.model.get('claimsRedirectUris'), function(claimsRedirectUri) { - _self.claimsRedirectUrisCollection.add(new URIModel({ - item: claimsRedirectUri - })); - }); - - var claimsRedirectUrisView = new ListWidgetView({ - type: 'uri', - placeholder: 'https://', - helpBlockText: $.t('client.client-form.claims-redirect-uris-help'), - collection: this.claimsRedirectUrisCollection - }); - $('#claimsRedirectUris .controls', this.el).html(claimsRedirectUrisView.render().el); - this.listWidgetViews.push(claimsRedirectUrisView); - - // build and bind request URIs - _.each(this.model.get('requestUris'), function(requestUri) { - _self.requestUrisCollection.add(new URIModel({ - item: requestUri - })); - }); - - var requestUriView = new ListWidgetView({ - type: 'uri', - placeholder: 'https://', - helpBlockText: $.t('client.client-form.request-uri-help'), - collection: this.requestUrisCollection - }); - $('#requestUris .controls', this.el).html(requestUriView.render().el); - this.listWidgetViews.push(requestUriView); - - // build and bind default ACR values - _.each(this.model.get('defaultACRvalues'), function(defaultACRvalue) { - _self.defaultACRvaluesCollection.add(new Backbone.Model({ - item: defaultACRvalue - })); - }); - - var defaultAcrView = new ListWidgetView({ - placeholder: $.t('client.client-form.acr-values-placeholder'), - // TODO: autocomplete from spec - helpBlockText: $.t('client.client-form.acr-values-help'), - collection: this.defaultACRvaluesCollection - }); - $('#defaultAcrValues .controls', this.el).html(defaultAcrView.render().el); - this.listWidgetViews.push(defaultAcrView); - - // build and bind - - // set up token fields - if (!this.model.get("allowRefresh")) { - $("#refreshTokenValidityTime", this.$el).hide(); - } - - if (this.model.get("accessTokenValiditySeconds") == null) { - $("#access-token-timeout-time", this.$el).prop('disabled', true); - $("#access-token-timeout-unit", this.$el).prop('disabled', true); - } - - if (this.model.get("refreshTokenValiditySeconds") == null) { - $("#refresh-token-timeout-time", this.$el).prop('disabled', true); - $("#refresh-token-timeout-unit", this.$el).prop('disabled', true); - } - - // toggle other dynamic fields - this.toggleClientCredentials(); - this.previewLogo(); - this.toggleJWKSetType(); - - // disable unsupported JOSE algorithms - this.disableUnsupportedJOSEItems(app.serverConfiguration.request_object_signing_alg_values_supported, '#requestObjectSigningAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.userinfo_signing_alg_values_supported, '#userInfoSignedResponseAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.userinfo_encryption_alg_values_supported, '#userInfoEncryptedResponseAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.userinfo_encryption_enc_values_supported, '#userInfoEncryptedResponseEnc option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.id_token_signing_alg_values_supported, '#idTokenSignedResponseAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.id_token_encryption_alg_values_supported, '#idTokenEncryptedResponseAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.id_token_encryption_enc_values_supported, '#idTokenEncryptedResponseEnc option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.token_endpoint_auth_signing_alg_values_supported, '#tokenEndpointAuthSigningAlg option'); - - this.$('.nyi').clickover({ - placement: 'right', - title: $.t('common.not-yet-implemented'), - content: $.t('common.not-yet-implemented-content') - }); - - $(this.el).i18n(); - return this; - } -}); - -ui.routes.push({ - path: "admin/clients", - name: "listClients", - callback: function() { - - if (!isAdmin()) { - this.root(); - return; - } - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([{ - text: $.t('admin.home'), - href: "" - }, { - text: $.t('client.manage'), - href: "manage/#admin/clients" - }]); - - this.updateSidebar('admin/clients'); - - var view = new ClientListView({ - model: this.clientList, - systemScopeList: this.systemScopeList, - whiteListList: this.whiteListList - }); - view.load(function() { - $('#content').html(view.render().el); - view.delegateEvents(); - setPageTitle($.t('client.manage')); - }); - - } - -}); - -ui.routes.push({ - path: "admin/client/new", - name: "newClient", - callback: function() { - console.log("newClient"); - if (!isAdmin()) { - this.root(); - return; - } - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([{ - text: $.t('admin.home'), - href: "" - }, { - text: $.t('client.manage'), - href: "manage/#admin/clients" - }, { - text: $.t('client.client-form.new'), - href: "" - }]); - - this.updateSidebar('admin/clients'); - - var client = new ClientModel(); - - var view = new ClientFormView({ - model: client, - systemScopeList: this.systemScopeList - }); - view.load(function() { - var userInfo = getUserInfo(); - var contacts = []; - if (userInfo != null && userInfo.email != null) { - contacts.push(userInfo.email); - } - - // use a different set of defaults based on heart mode flag - if (heartMode) { - client.set({ - tokenEndpointAuthMethod: "PRIVATE_KEY", - generateClientSecret: false, - displayClientSecret: false, - requireAuthTime: true, - defaultMaxAge: 60000, - scope: _.uniq(_.flatten(app.systemScopeList.defaultScopes().pluck("value"))), - accessTokenValiditySeconds: 3600, - refreshTokenValiditySeconds: 24 * 3600, - idTokenValiditySeconds: 300, - deviceCodeValiditySeconds: 30 * 60, - grantTypes: ["authorization_code"], - responseTypes: ["code"], - subjectType: "PUBLIC", - jwksType: "URI", - contacts: contacts - }, { - silent: true - }); - } else { - // set up this new client to require a secret and have us - // autogenerate one - client.set({ - tokenEndpointAuthMethod: "SECRET_BASIC", - generateClientSecret: true, - displayClientSecret: false, - requireAuthTime: true, - defaultMaxAge: 60000, - scope: _.uniq(_.flatten(app.systemScopeList.defaultScopes().pluck("value"))), - accessTokenValiditySeconds: 3600, - idTokenValiditySeconds: 600, - deviceCodeValiditySeconds: 30 * 60, - grantTypes: ["authorization_code"], - responseTypes: ["code"], - subjectType: "PUBLIC", - jwksType: "URI", - contacts: contacts - }, { - silent: true - }); - } - - $('#content').html(view.render().el); - setPageTitle($.t('client.client-form.new')); - }); - } -}); - -ui.routes.push({ - path: "admin/client/:id", - name: "editClient", - callback: function(id) { - console.log("editClient " + id); - if (!isAdmin()) { - this.root(); - return; - } - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([{ - text: $.t('admin.home'), - href: "" - }, { - text: $.t('client.manage'), - href: "manage/#admin/clients" - }, { - text: $.t('client.client-form.edit'), - href: "manage/#admin/client/" + id - }]); - - this.updateSidebar('admin/clients'); - - var client = this.clientList.get(id); - if (!client) { - client = new ClientModel({ - id: id - }); - } - - var view = new ClientFormView({ - model: client, - systemScopeList: app.systemScopeList - }); - view.load(function() { - if ($.inArray("refresh_token", client.get("grantTypes")) != -1) { - client.set({ - allowRefresh: true - }, { - silent: true - }); - } - - if (client.get("jwks")) { - client.set({ - jwksType: "VAL" - }, { - silent: true - }); - } else { - client.set({ - jwksType: "URI" - }, { - silent: true - }); - } - - client.set({ - generateClientSecret: false, - displayClientSecret: false - }, { - silent: true - }); - - $('#content').html(view.render().el); - setPageTitle($.t('client.client-form.edit')); - }); - - } -}); - -ui.templates.push('resources/template/client.html'); - -ui.init.push(function(app) { - app.clientList = new ClientCollection(); -}); diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js b/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js deleted file mode 100644 index 0bae62621f..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js +++ /dev/null @@ -1,832 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -var DynRegClient = Backbone.Model.extend({ - idAttribute: "client_id", - - defaults: { - client_id: null, - client_secret: null, - redirect_uris: [], - client_name: null, - client_uri: null, - logo_uri: null, - contacts: [], - tos_uri: null, - token_endpoint_auth_method: null, - scope: null, - grant_types: [], - response_types: [], - policy_uri: null, - - jwks_uri: null, - jwks: null, - jwksType: 'URI', - - application_type: null, - sector_identifier_uri: null, - subject_type: null, - - request_object_signing_alg: null, - - userinfo_signed_response_alg: null, - userinfo_encrypted_response_alg: null, - userinfo_encrypted_response_enc: null, - - id_token_signed_response_alg: null, - id_token_encrypted_response_alg: null, - id_token_encrypted_response_enc: null, - - default_max_age: null, - require_auth_time: false, - default_acr_values: null, - - initiate_login_uri: null, - post_logout_redirect_uris: null, - - claims_redirect_uris: [], - - request_uris: [], - - software_statement: null, - software_id: null, - software_version: null, - - code_challenge_method: null, - - registration_access_token: null, - registration_client_uri: null - }, - - sync: function(method, model, options) { - if (model.get('registration_access_token')) { - var headers = options.headers ? options.headers : {}; - headers['Authorization'] = 'Bearer ' + model.get('registration_access_token'); - options.headers = headers; - } - - return this.constructor.__super__.sync(method, model, options); - }, - - urlRoot: 'register' - -}); - -var DynRegRootView = Backbone.View.extend({ - - tagName: 'span', - - initialize: function(options) { - this.options = options; - - }, - - events: { - "click #newreg": "newReg", - "click #editreg": "editReg" - }, - - load: function(callback) { - if (this.options.systemScopeList.isFetched) { - callback(); - return; - } - - $('#loadingbox').sheet('show'); - $('#loading').html('' + $.t('common.scopes') + ' '); - - $.when(this.options.systemScopeList.fetchIfNeeded({ - success: function(e) { - $('#loading-scopes').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - })).done(function() { - $('#loadingbox').sheet('hide'); - callback(); - }); - }, - - render: function() { - $(this.el).html($('#tmpl-dynreg').html()); - $(this.el).i18n(); - return this; - }, - - newReg: function(e) { - e.preventDefault(); - this.remove(); - app.navigate('dev/dynreg/new', { - trigger: true - }); - }, - - editReg: function(e) { - e.preventDefault(); - var clientId = $('#clientId').val(); - var token = $('#regtoken').val(); - - var client = new DynRegClient({ - client_id: clientId, - registration_access_token: token - }); - - var self = this; - - client.fetch({ - success: function() { - - var userInfo = getUserInfo(); - var contacts = client.get("contacts"); - if (userInfo != null && userInfo.email != null && !_.contains(contacts, userInfo.email)) { - contacts.push(userInfo.email); - } - client.set({ - contacts: contacts - }, { - silent: true - }); - - if (client.get("jwks")) { - client.set({ - jwksType: "VAL" - }, { - silent: true - }); - } else { - client.set({ - jwksType: "URI" - }, { - silent: true - }); - } - - var view = new DynRegEditView({ - model: client, - systemScopeList: app.systemScopeList - }); - - view.load(function() { - $('#content').html(view.render().el); - view.delegateEvents(); - setPageTitle($.t('dynreg.edit-dynamically-registered')); - app.navigate('dev/dynreg/edit', { - trigger: true - }); - self.remove(); - }); - }, - error: app.errorHandlerView.handleError({ - message: $.t('dynreg.invalid-access-token') - }) - }); - } - -}); - -var DynRegEditView = Backbone.View.extend({ - - tagName: 'span', - - initialize: function(options) { - this.options = options; - if (!this.template) { - this.template = _.template($('#tmpl-dynreg-client-form').html()); - } - - this.redirectUrisCollection = new Backbone.Collection(); - this.scopeCollection = new Backbone.Collection(); - this.contactsCollection = new Backbone.Collection(); - this.defaultAcrValuesCollection = new Backbone.Collection(); - this.requestUrisCollection = new Backbone.Collection(); - this.postLogoutRedirectUrisCollection = new Backbone.Collection(); - this.claimsRedirectUrisCollection = new Backbone.Collection(); - - this.listWidgetViews = []; - }, - - load: function(callback) { - if (this.options.systemScopeList.isFetched) { - callback(); - return; - } - - $('#loadingbox').sheet('show'); - $('#loading').html('' + $.t('common.scopes') + ' '); - - $.when(this.options.systemScopeList.fetchIfNeeded({ - success: function(e) { - $('#loading-scopes').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - })).done(function() { - $('#loadingbox').sheet('hide'); - callback(); - }); - }, - - events: { - "click .btn-save": "saveClient", - "click .btn-cancel": "cancel", - "click .btn-delete": "deleteClient", - "change #logoUri input": "previewLogo", - "change #tokenEndpointAuthMethod input:radio": "toggleClientCredentials", - "change #jwkSelector input:radio": "toggleJWKSetType" - }, - - cancel: function(e) { - e.preventDefault(); - app.navigate('dev/dynreg', { - trigger: true - }); - }, - - deleteClient: function(e) { - e.preventDefault(); - - if (confirm($.t('client.client-table.confirm'))) { - var self = this; - - this.model.destroy({ - dataType: false, - processData: false, - success: function() { - self.remove(); - app.navigate('dev/dynreg', { - trigger: true - }); - }, - error: app.errorHandlerView.handleError({ - "log": "An error occurred when deleting a client" - }) - }); - - } - - return false; - }, - - previewLogo: function() { - if ($('#logoUri input', this.el).val()) { - $('#logoPreview', this.el).empty(); - $('#logoPreview', this.el).attr('src', $('#logoUri input', this.el).val()); - } else { - // $('#logoBlock', this.el).hide(); - $('#logoPreview', this.el).attr('src', 'resources/images/logo_placeholder.gif'); - } - }, - - /** - * Set up the form based on the current state of the tokenEndpointAuthMethod - * parameter - * - * @param event - */ - toggleClientCredentials: function() { - - var tokenEndpointAuthMethod = $('#tokenEndpointAuthMethod input', this.el).filter(':checked').val(); - - // show or hide the signing algorithm method depending on what's - // selected - if (tokenEndpointAuthMethod == 'private_key_jwt' || tokenEndpointAuthMethod == 'client_secret_jwt') { - $('#tokenEndpointAuthSigningAlg', this.el).show(); - } else { - $('#tokenEndpointAuthSigningAlg', this.el).hide(); - } - }, - - /** - * Set up the form based on the JWK Set selector - */ - toggleJWKSetType: function() { - var jwkSelector = $('#jwkSelector input:radio', this.el).filter(':checked').val(); - - if (jwkSelector == 'URI') { - $('#jwksUri', this.el).show(); - $('#jwks', this.el).hide(); - } else if (jwkSelector == 'VAL') { - $('#jwksUri', this.el).hide(); - $('#jwks', this.el).show(); - } else { - $('#jwksUri', this.el).hide(); - $('#jwks', this.el).hide(); - } - - }, - - disableUnsupportedJOSEItems: function(serverSupported, query) { - var supported = ['default']; - if (serverSupported) { - supported = _.union(supported, serverSupported); - } - $(query, this.$el).each(function(idx) { - if (_.contains(supported, $(this).val())) { - $(this).prop('disabled', false); - } else { - $(this).prop('disabled', true); - } - }); - - }, - - // returns "null" if given the value "default" as a string, - // otherwise returns input value. useful for parsing the JOSE - // algorithm dropdowns - defaultToNull: function(value) { - if (value == 'default') { - return null; - } else { - return value; - } - }, - - // returns "null" if the given value is falsy - emptyToNull: function(value) { - if (value) { - return value; - } else { - return null; - } - }, - - // maps from a form-friendly name to the real grant parameter name - grantMap: { - 'authorization_code': 'authorization_code', - 'password': 'password', - 'implicit': 'implicit', - 'client_credentials': 'client_credentials', - 'redelegate': 'urn:ietf:params:oauth:grant_type:redelegate', - 'refresh_token': 'refresh_token' - }, - - // maps from a form-friendly name to the real response type - // parameter name - responseMap: { - 'code': 'code', - 'token': 'token', - 'idtoken': 'id_token', - 'token-idtoken': 'token id_token', - 'code-idtoken': 'code id_token', - 'code-token': 'code token', - 'code-token-idtoken': 'code token id_token' - }, - - saveClient: function(e) { - e.preventDefault(); - - $('.control-group').removeClass('error'); - - // sync any leftover collection items - _.each(this.listWidgetViews, function(v) { - v.addItem($.Event('click')); - }); - - // build the scope object - var scopes = this.scopeCollection.pluck("item").join(" "); - - // build the grant type object - var grantTypes = []; - $.each(this.grantMap, function(index, type) { - if ($('#grantTypes-' + index).is(':checked')) { - grantTypes.push(type); - } - }); - - // build the response type object - var responseTypes = []; - $.each(this.responseMap, function(index, type) { - if ($('#responseTypes-' + index).is(':checked')) { - responseTypes.push(type); - } - }); - - var contacts = this.contactsCollection.pluck('item'); - var userInfo = getUserInfo(); - if (userInfo && userInfo.email) { - if (!_.contains(contacts, userInfo.email)) { - contacts.push(userInfo.email); - } - } - - // make sure that the subject identifier is consistent with the - // redirect URIs - var subjectType = $('#subjectType input').filter(':checked').val(); - var redirectUris = this.redirectUrisCollection.pluck("item"); - var sectorIdentifierUri = $('#sectorIdentifierUri input').val(); - if (subjectType == 'PAIRWISE' && redirectUris.length > 1 && sectorIdentifierUri == '') { - // Display an alert with an error message - app.errorHandlerView.showErrorMessage($.t("client.client-form.error.consistency"), $.t("client.client-form.error.pairwise-sector")); - return false; - - } - - // process the JWKS - var jwksUri = null; - var jwks = null; - var jwkSelector = $('#jwkSelector input:radio', this.el).filter(':checked').val(); - - if (jwkSelector == 'URI') { - jwksUri = $('#jwksUri input').val(); - jwks = null; - } else if (jwkSelector == 'VAL') { - jwksUri = null; - try { - jwks = JSON.parse($('#jwks textarea').val()); - } catch (e) { - console.log("An error occurred when parsing the JWK Set"); - app.errorHandlerView.showErrorMessage($.t("client.client-form.error.jwk-set"), $.t("client.client-form.error.jwk-set-parse")); - return false; - } - } else { - jwksUri = null; - jwks = null; - } - - var attrs = { - client_name: this.emptyToNull($('#clientName input').val()), - redirect_uris: redirectUris, - logo_uri: this.emptyToNull($('#logoUri input').val()), - grant_types: grantTypes, - scope: scopes, - client_secret: null, // never send a client secret - tos_uri: this.emptyToNull($('#tosUri input').val()), - policy_uri: this.emptyToNull($('#policyUri input').val()), - client_uri: this.emptyToNull($('#clientUri input').val()), - application_type: $('#applicationType input').filter(':checked').val(), - jwks_uri: jwksUri, - jwks: jwks, - subject_type: subjectType, - software_statement: this.emptyToNull($('#softwareStatement textarea').val()), - softwareId: this.emptyToNull($('#softwareId input').val()), - softwareVersion: this.emptyToNull($('#softwareVersion input').val()), - token_endpoint_auth_method: $('#tokenEndpointAuthMethod input').filter(':checked').val(), - response_types: responseTypes, - sector_identifier_uri: sectorIdentifierUri, - initiate_login_uri: this.emptyToNull($('#initiateLoginUri input').val()), - post_logout_redirect_uris: this.postLogoutRedirectUrisCollection.pluck('item'), - claims_redirect_uris: this.claimsRedirectUrisCollection.pluck('item'), - require_auth_time: $('#requireAuthTime input').is(':checked'), - default_max_age: parseInt($('#defaultMaxAge input').val()), - contacts: contacts, - request_uris: this.requestUrisCollection.pluck('item'), - default_acr_values: this.defaultAcrValuesCollection.pluck('item'), - request_object_signing_alg: this.defaultToNull($('#requestObjectSigningAlg select').val()), - userinfo_signed_response_alg: this.defaultToNull($('#userInfoSignedResponseAlg select').val()), - userinfo_encrypted_response_alg: this.defaultToNull($('#userInfoEncryptedResponseAlg select').val()), - userinfo_encrypted_response_enc: this.defaultToNull($('#userInfoEncryptedResponseEnc select').val()), - id_token_signed_response_alg: this.defaultToNull($('#idTokenSignedResponseAlg select').val()), - id_token_encrypted_response_alg: this.defaultToNull($('#idTokenEncryptedResponseAlg select').val()), - id_token_encrypted_response_enc: this.defaultToNull($('#idTokenEncryptedResponseEnc select').val()), - token_endpoint_auth_signing_alg: this.defaultToNull($('#tokenEndpointAuthSigningAlg select').val()), - code_challenge_method: this.defaultToNull($('#codeChallengeMethod select').val()) - }; - - // set all empty strings to nulls - for ( var key in attrs) { - if (attrs[key] === "") { - attrs[key] = null; - } - } - - var _self = this; - this.model.save(attrs, { - success: function() { - // switch to an "edit" view - app.navigate('dev/dynreg/edit', { - trigger: true - }); - _self.remove(); - - var userInfo = getUserInfo(); - var contacts = _self.model.get("contacts"); - if (userInfo != null && userInfo.email != null && !_.contains(contacts, userInfo.email)) { - contacts.push(userInfo.email); - } - _self.model.set({ - contacts: contacts - }, { - silent: true - }); - - if (_self.model.get("jwks")) { - _self.model.set({ - jwksType: "VAL" - }, { - silent: true - }); - } else { - _self.model.set({ - jwksType: "URI" - }, { - silent: true - }); - } - - var view = new DynRegEditView({ - model: _self.model, - systemScopeList: _self.options.systemScopeList - }); - - view.load(function() { - // reload - $('#content').html(view.render().el); - view.delegateEvents(); - }); - }, - error: app.errorHandlerView.handleError({ - log: "An error occurred when saving a client" - }) - }); - - return false; - }, - - render: function() { - var data = { - client: this.model.toJSON(), - userInfo: getUserInfo(), - heartMode: heartMode - }; - $(this.el).html(this.template(data)); - - this.listWidgetViews = []; - - var _self = this; - - // build and bind registered redirect URI collection and view - _.each(this.model.get("redirect_uris"), function(redirectUri) { - _self.redirectUrisCollection.add(new URIModel({ - item: redirectUri - })); - }); - - var redirectUriView = new ListWidgetView({ - type: 'uri', - placeholder: 'https://', - helpBlockText: $.t('client.client-form.redirect-uris-help'), - collection: this.redirectUrisCollection - }); - $("#redirectUris .controls", this.el).html(redirectUriView.render().el); - this.listWidgetViews.push(redirectUriView); - - // build and bind scopes - var scopes = this.model.get("scope"); - var scopeSet = scopes ? scopes.split(" ") : []; - _.each(scopeSet, function(scope) { - _self.scopeCollection.add(new Backbone.Model({ - item: scope - })); - }); - - var scopeView = new ListWidgetView({ - placeholder: $.t('client.client-form.scope-placeholder'), - autocomplete: _.uniq(_.flatten(this.options.systemScopeList.unrestrictedScopes().pluck("value"))), - helpBlockText: $.t('client.client-form.scope-help'), - collection: this.scopeCollection - }); - $("#scope .controls", this.el).html(scopeView.render().el); - this.listWidgetViews.push(scopeView); - - // build and bind contacts - _.each(this.model.get('contacts'), function(contact) { - _self.contactsCollection.add(new Backbone.Model({ - item: contact - })); - }); - - var contactView = new ListWidgetView({ - placeholder: $.t('client.client-form.contacts-placeholder'), - helpBlockText: $.t('client.client-form.contacts-help'), - collection: this.contactsCollection - }); - $("#contacts .controls div", this.el).html(contactView.render().el); - this.listWidgetViews.push(contactView); - - // build and bind post-logout redirect URIs - _.each(this.model.get('post_logout_redirect_uris'), function(postLogoutRedirectUri) { - _self.postLogoutRedirectUrisCollection.add(new URIModel({ - item: postLogoutRedirectUri - })); - }); - - var postLogoutRedirectUrisView = new ListWidgetView({ - type: 'uri', - placeholder: 'https://', - helpBlockText: $.t('client.client-form.post-logout-help'), - collection: this.postLogoutRedirectUrisCollection - }); - $('#postLogoutRedirectUris .controls', this.el).html(postLogoutRedirectUrisView.render().el); - this.listWidgetViews.push(postLogoutRedirectUrisView); - - // build and bind claims redirect URIs - _.each(this.model.get('claimsRedirectUris'), function(claimsRedirectUri) { - _self.claimsRedirectUrisCollection.add(new URIModel({ - item: claimsRedirectUri - })); - }); - - var claimsRedirectUrisView = new ListWidgetView({ - type: 'uri', - placeholder: 'https://', - helpBlockText: $.t('client.client-form.claims-redirect-uris-help'), - collection: this.claimsRedirectUrisCollection - }); - $('#claimsRedirectUris .controls', this.el).html(claimsRedirectUrisView.render().el); - this.listWidgetViews.push(claimsRedirectUrisView); - - // build and bind request URIs - _.each(this.model.get('request_uris'), function(requestUri) { - _self.requestUrisCollection.add(new URIModel({ - item: requestUri - })); - }); - - var requestUriView = new ListWidgetView({ - type: 'uri', - placeholder: 'https://', - helpBlockText: $.t('client.client-form.request-uri-help'), - collection: this.requestUrisCollection - }); - $('#requestUris .controls', this.el).html(requestUriView.render().el); - this.listWidgetViews.push(requestUriView); - - // build and bind default ACR values - _.each(this.model.get('default_acr_values'), function(defaultAcrValue) { - _self.defaultAcrValuesCollection.add(new Backbone.Model({ - item: defaultAcrValue - })); - }); - - var defaultAcrView = new ListWidgetView({ - placeholder: $.t('client.client-form.acr-values-placeholder'), - // TODO: autocomplete from spec - helpBlockText: $.t('client.client-form.acr-values-help'), - collection: this.defaultAcrValuesCollection - }); - $('#defaultAcrValues .controls', this.el).html(defaultAcrView.render().el); - this.listWidgetViews.push(defaultAcrView); - - this.toggleClientCredentials(); - this.previewLogo(); - this.toggleJWKSetType(); - - // disable unsupported JOSE algorithms - this.disableUnsupportedJOSEItems(app.serverConfiguration.request_object_signing_alg_values_supported, '#requestObjectSigningAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.userinfo_signing_alg_values_supported, '#userInfoSignedResponseAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.userinfo_encryption_alg_values_supported, '#userInfoEncryptedResponseAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.userinfo_encryption_enc_values_supported, '#userInfoEncryptedResponseEnc option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.id_token_signing_alg_values_supported, '#idTokenSignedResponseAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.id_token_encryption_alg_values_supported, '#idTokenEncryptedResponseAlg option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.id_token_encryption_enc_values_supported, '#idTokenEncryptedResponseEnc option'); - this.disableUnsupportedJOSEItems(app.serverConfiguration.token_endpoint_auth_signing_alg_values_supported, '#tokenEndpointAuthSigningAlg option'); - - this.$('.nyi').clickover({ - placement: 'right', - title: $.t('common.not-yet-implemented'), - content: $.t('common.not-yet-implemented-content') - }); - - $(this.el).i18n(); - return this; - } - -}); - -ui.routes.push({ - path: "dev/dynreg", - name: "dynReg", - callback: function() { - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([{ - text: $.t('admin.home'), - href: "" - }, { - text: $.t('admin.self-service-client'), - href: "manage/#dev/dynreg" - }]); - - var view = new DynRegRootView({ - systemScopeList: this.systemScopeList - }); - - this.updateSidebar('dev/dynreg'); - - view.load(function() { - $('#content').html(view.render().el); - - setPageTitle($.t('admin.self-service-client')); - }); - - } -}); - -ui.routes.push({ - path: "dev/dynreg/new", - name: "newDynReg", - callback: function() { - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([{ - text: $.t('admin.home'), - href: "" - }, { - text: $.t('admin.self-service-client'), - href: "manage/#dev/dynreg" - }, { - text: $.t('dynreg.new-client'), - href: "manage/#dev/dynreg/new" - }]); - - this.updateSidebar('dev/dynreg'); - - var client = new DynRegClient(); - var view = new DynRegEditView({ - model: client, - systemScopeList: this.systemScopeList - }); - - view.load(function() { - - var userInfo = getUserInfo(); - var contacts = []; - if (userInfo != null && userInfo.email != null) { - contacts.push(userInfo.email); - } - - if (heartMode) { - client.set({ - require_auth_time: true, - default_max_age: 60000, - scope: _.uniq(_.flatten(app.systemScopeList.defaultUnrestrictedScopes().pluck("value"))).join(" "), - token_endpoint_auth_method: 'private_key_jwt', - grant_types: ["authorization_code"], - response_types: ["code"], - subject_type: "public", - contacts: contacts - }, { - silent: true - }); - } else { - client.set({ - require_auth_time: true, - default_max_age: 60000, - scope: _.uniq(_.flatten(app.systemScopeList.defaultUnrestrictedScopes().pluck("value"))).join(" "), - token_endpoint_auth_method: 'client_secret_basic', - grant_types: ["authorization_code"], - response_types: ["code"], - subject_type: "public", - contacts: contacts - }, { - silent: true - }); - } - - $('#content').html(view.render().el); - view.delegateEvents(); - setPageTitle($.t('dynreg.new-client')); - - }); - - } -}); - -ui.routes.push({ - path: "dev/dynreg/edit", - name: "editDynReg", - callback: function() { - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([{ - text: $.t('admin.home'), - href: "" - }, { - text: $.t('admin.self-service-client'), - href: "manage/#dev/dynreg" - }, { - text: $.t('dynreg.edit-existing'), - href: "manage/#dev/dynreg/edit" - }]); - - this.updateSidebar('dev/dynreg'); - - setPageTitle($.t('dynreg.edit-existing')); - // note that this doesn't actually load the client, that's supposed to - // happen elsewhere... - } -}); - -ui.templates.push('resources/template/dynreg.html'); diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/grant.js b/openid-connect-server-webapp/src/main/webapp/resources/js/grant.js deleted file mode 100644 index f21a1694bf..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/grant.js +++ /dev/null @@ -1,332 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -var ApprovedSiteModel = Backbone.Model.extend({ - idAttribute: 'id', - - initialize: function() { - }, - - urlRoot: 'api/approved' - -}); - -var ApprovedSiteCollection = Backbone.Collection.extend({ - initialize: function() { - }, - - model: ApprovedSiteModel, - url: 'api/approved' -}); - -var ApprovedSiteListView = Backbone.View.extend({ - tagName: 'span', - - initialize: function(options) { - this.options = options; - }, - - load: function(callback) { - if (this.model.isFetched && this.options.clientList.isFetched && this.options.systemScopeList.isFetched) { - callback(); - return; - } - - $('#loadingbox').sheet('show'); - $('#loading').html('' + $.t('grant.grant-table.approved-sites') + ' ' + '' + $.t('common.clients') + ' ' + '' + $.t('common.scopes') + ' '); - - $.when(this.model.fetchIfNeeded({ - success: function(e) { - $('#loading-grants').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - }), this.options.clientList.fetchIfNeeded({ - success: function(e) { - $('#loading-clients').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - }), this.options.systemScopeList.fetchIfNeeded({ - success: function(e) { - $('#loading-scopes').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - })).done(function() { - $('#loadingbox').sheet('hide'); - callback(); - }); - }, - - events: { - "click .refresh-table": "refreshTable" - }, - - render: function(eventName) { - $(this.el).html($('#tmpl-grant-table').html()); - - var approvedSiteCount = 0; - - var _self = this; - - _.each(this.model.models, function(approvedSite) { - // look up client - var client = this.options.clientList.getByClientId(approvedSite.get('clientId')); - - if (client != null) { - - var view = new ApprovedSiteView({ - model: approvedSite, - client: client, - systemScopeList: this.options.systemScopeList - }); - view.parentView = _self; - $('#grant-table', this.el).append(view.render().el); - approvedSiteCount = approvedSiteCount + 1; - - } - - }, this); - - this.togglePlaceholder(); - $(this.el).i18n(); - return this; - }, - - togglePlaceholder: function() { - // count entries - if (this.model.length > 0) { - $('#grant-table', this.el).show(); - $('#grant-table-empty', this.el).hide(); - } else { - $('#grant-table', this.el).hide(); - $('#grant-table-empty', this.el).show(); - } - - }, - - refreshTable: function(e) { - e.preventDefault(); - var _self = this; - $('#loadingbox').sheet('show'); - $('#loading').html('' + $.t('grant.grant-table.approved-sites') + ' ' + '' + $.t('common.clients') + ' ' + '' + $.t('common.scopes') + ' '); - - $.when(this.model.fetch({ - success: function(e) { - $('#loading-grants').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - }), this.options.clientList.fetch({ - success: function(e) { - $('#loading-clients').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - }), this.options.systemScopeList.fetch({ - success: function(e) { - $('#loading-scopes').addClass('label-success'); - }, - error: app.errorHandlerView.handleError() - })).done(function() { - $('#loadingbox').sheet('hide'); - _self.render(); - }); - } - -}); - -var ApprovedSiteView = Backbone.View.extend({ - tagName: 'tr', - - initialize: function(options) { - this.options = options; - if (!this.template) { - this.template = _.template($('#tmpl-grant').html()); - } - if (!this.scopeTemplate) { - this.scopeTemplate = _.template($('#tmpl-scope-list').html()); - } - - if (!this.moreInfoTemplate) { - this.moreInfoTemplate = _.template($('#tmpl-client-more-info-block').html()); - } - - }, - - render: function() { - - var creationDate = this.model.get("creationDate"); - var accessDate = this.model.get("accessDate"); - var timeoutDate = this.model.get("timeoutDate"); - - var displayCreationDate = $.t('grant.grant-table.unknown'); - var hoverCreationDate = ""; - if ((creationDate != null) && moment(creationDate).isValid()) { - creationDate = moment(creationDate); - if (moment().diff(creationDate, 'months') < 6) { - displayCreationDate = creationDate.fromNow(); - } else { - displayCreationDate = creationDate.format("LL"); - } - hoverCreationDate = creationDate.format("LLL"); - } - - var displayAccessDate = $.t('grant.grant-table.unknown'); - var hoverAccessDate = ""; - if ((accessDate != null) && moment(accessDate).isValid()) { - accessDate = moment(accessDate); - if (moment().diff(accessDate, 'months') < 6) { - displayAccessDate = accessDate.fromNow(); - } else { - displayAccessDate = accessDate.format("LL"); - } - hoverAccessDate = accessDate.format("LLL"); - } - - var displayTimeoutDate = $.t('grant.grant-table.unknown'); - var hoverTimeoutDate = ""; - if (timeoutDate == null) { - displayTimeoutDate = $.t('grant.grant-table.never'); - } else if (moment(timeoutDate).isValid()) { - timeoutDate = moment(timeoutDate); - if (moment().diff(timeoutDate, 'months') < 6) { - displayTimeoutDate = timeoutDate.fromNow(); - } else { - displayTimeoutDate = timeoutDate.format("LL"); - } - hoverTimeoutDate = timeoutDate.format("LLL"); - } - - var formattedDate = { - displayCreationDate: displayCreationDate, - hoverCreationDate: hoverCreationDate, - displayAccessDate: displayAccessDate, - hoverAccessDate: hoverAccessDate, - displayTimeoutDate: displayTimeoutDate, - hoverTimeoutDate: hoverTimeoutDate - }; - - var json = { - grant: this.model.toJSON(), - client: this.options.client.toJSON(), - formattedDate: formattedDate - }; - - this.$el.html(this.template(json)); - - $('.scope-list', this.el).html(this.scopeTemplate({ - scopes: this.model.get('allowedScopes'), - systemScopes: this.options.systemScopeList - })); - - $('.client-more-info-block', this.el).html(this.moreInfoTemplate({ - client: this.options.client.toJSON() - })); - - this.$('.dynamically-registered').tooltip({ - title: $.t('grant.grant-table.dynamically-registered') - }); - this.$('.tokens').tooltip({ - title: $.t('grant.grant-table.active-tokens') - }); - $(this.el).i18n(); - return this; - }, - - events: { - 'click .btn-delete': 'deleteApprovedSite', - 'click .toggleMoreInformation': 'toggleMoreInformation' - }, - - deleteApprovedSite: function(e) { - e.preventDefault(); - if (confirm("Are you sure you want to revoke access to this site?")) { - var self = this; - - this.model.destroy({ - dataType: false, - processData: false, - success: function() { - self.$el.fadeTo("fast", 0.00, function() { // fade - $(this).slideUp("fast", function() { // slide up - $(this).remove(); // then remove from the DOM - self.parentView.togglePlaceholder(); - }); - }); - }, - error: app.errorHandlerView.handleError() - }); - - this.parentView.delegateEvents(); - } - - return false; - }, - - toggleMoreInformation: function(e) { - e.preventDefault(); - if ($('.moreInformation', this.el).is(':visible')) { - // hide it - $('.moreInformation', this.el).hide('fast'); - $('.toggleMoreInformation i', this.el).attr('class', 'icon-chevron-right'); - $('.moreInformationContainer', this.el).removeClass('alert').removeClass('alert-info').addClass('muted'); - - } else { - // show it - $('.moreInformation', this.el).show('fast'); - $('.toggleMoreInformation i', this.el).attr('class', 'icon-chevron-down'); - $('.moreInformationContainer', this.el).addClass('alert').addClass('alert-info').removeClass('muted'); - } - }, - - close: function() { - $(this.el).unbind(); - $(this.el).empty(); - } -}); - -ui.routes.push({ - path: "user/approved", - name: "approvedSites", - callback: - - function() { - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([{ - text: $.t('admin.home'), - href: "" - }, { - text: $.t('grant.manage-approved-sites'), - href: "manage/#user/approve" - }]); - - this.updateSidebar('user/approved'); - - var view = new ApprovedSiteListView({ - model: this.approvedSiteList, - clientList: this.clientList, - systemScopeList: this.systemScopeList - }); - view.load(function(collection, response, options) { - $('#content').html(view.render().el); - setPageTitle($.t('grant.manage-approved-sites')); - }); - } -}); - -ui.templates.push('resources/template/grant.html'); - -ui.init.push(function(app) { - app.approvedSiteList = new ApprovedSiteCollection(); -}); diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/backbone.js b/openid-connect-server-webapp/src/main/webapp/resources/js/lib/backbone.js deleted file mode 100644 index 3cdcfdc821..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/backbone.js +++ /dev/null @@ -1,2096 +0,0 @@ -// Backbone.js 1.4.0 - -// (c) 2010-2019 Jeremy Ashkenas and DocumentCloud -// Backbone may be freely distributed under the MIT license. -// For all details and documentation: -// http://backbonejs.org - -(function(factory) { - - // Establish the root object, `window` (`self`) in the browser, or `global` on the server. - // We use `self` instead of `window` for `WebWorker` support. - var root = typeof self == 'object' && self.self === self && self || - typeof global == 'object' && global.global === global && global; - - // Set up Backbone appropriately for the environment. Start with AMD. - if (typeof define === 'function' && define.amd) { - define(['underscore', 'jquery', 'exports'], function(_, $, exports) { - // Export global even in AMD case in case this script is loaded with - // others that may still expect a global Backbone. - root.Backbone = factory(root, exports, _, $); - }); - - // Next for Node.js or CommonJS. jQuery may not be needed as a module. - } else if (typeof exports !== 'undefined') { - var _ = require('underscore'), $; - try { $ = require('jquery'); } catch (e) {} - factory(root, exports, _, $); - - // Finally, as a browser global. - } else { - root.Backbone = factory(root, {}, root._, root.jQuery || root.Zepto || root.ender || root.$); - } - -})(function(root, Backbone, _, $) { - - // Initial Setup - // ------------- - - // Save the previous value of the `Backbone` variable, so that it can be - // restored later on, if `noConflict` is used. - var previousBackbone = root.Backbone; - - // Create a local reference to a common array method we'll want to use later. - var slice = Array.prototype.slice; - - // Current version of the library. Keep in sync with `package.json`. - Backbone.VERSION = '1.4.0'; - - // For Backbone's purposes, jQuery, Zepto, Ender, or My Library (kidding) owns - // the `$` variable. - Backbone.$ = $; - - // Runs Backbone.js in *noConflict* mode, returning the `Backbone` variable - // to its previous owner. Returns a reference to this Backbone object. - Backbone.noConflict = function() { - root.Backbone = previousBackbone; - return this; - }; - - // Turn on `emulateHTTP` to support legacy HTTP servers. Setting this option - // will fake `"PATCH"`, `"PUT"` and `"DELETE"` requests via the `_method` parameter and - // set a `X-Http-Method-Override` header. - Backbone.emulateHTTP = false; - - // Turn on `emulateJSON` to support legacy servers that can't deal with direct - // `application/json` requests ... this will encode the body as - // `application/x-www-form-urlencoded` instead and will send the model in a - // form param named `model`. - Backbone.emulateJSON = false; - - // Backbone.Events - // --------------- - - // A module that can be mixed in to *any object* in order to provide it with - // a custom event channel. You may bind a callback to an event with `on` or - // remove with `off`; `trigger`-ing an event fires all callbacks in - // succession. - // - // var object = {}; - // _.extend(object, Backbone.Events); - // object.on('expand', function(){ alert('expanded'); }); - // object.trigger('expand'); - // - var Events = Backbone.Events = {}; - - // Regular expression used to split event strings. - var eventSplitter = /\s+/; - - // A private global variable to share between listeners and listenees. - var _listening; - - // Iterates over the standard `event, callback` (as well as the fancy multiple - // space-separated events `"change blur", callback` and jQuery-style event - // maps `{event: callback}`). - var eventsApi = function(iteratee, events, name, callback, opts) { - var i = 0, names; - if (name && typeof name === 'object') { - // Handle event maps. - if (callback !== void 0 && 'context' in opts && opts.context === void 0) opts.context = callback; - for (names = _.keys(name); i < names.length ; i++) { - events = eventsApi(iteratee, events, names[i], name[names[i]], opts); - } - } else if (name && eventSplitter.test(name)) { - // Handle space-separated event names by delegating them individually. - for (names = name.split(eventSplitter); i < names.length; i++) { - events = iteratee(events, names[i], callback, opts); - } - } else { - // Finally, standard events. - events = iteratee(events, name, callback, opts); - } - return events; - }; - - // Bind an event to a `callback` function. Passing `"all"` will bind - // the callback to all events fired. - Events.on = function(name, callback, context) { - this._events = eventsApi(onApi, this._events || {}, name, callback, { - context: context, - ctx: this, - listening: _listening - }); - - if (_listening) { - var listeners = this._listeners || (this._listeners = {}); - listeners[_listening.id] = _listening; - // Allow the listening to use a counter, instead of tracking - // callbacks for library interop - _listening.interop = false; - } - - return this; - }; - - // Inversion-of-control versions of `on`. Tell *this* object to listen to - // an event in another object... keeping track of what it's listening to - // for easier unbinding later. - Events.listenTo = function(obj, name, callback) { - if (!obj) return this; - var id = obj._listenId || (obj._listenId = _.uniqueId('l')); - var listeningTo = this._listeningTo || (this._listeningTo = {}); - var listening = _listening = listeningTo[id]; - - // This object is not listening to any other events on `obj` yet. - // Setup the necessary references to track the listening callbacks. - if (!listening) { - this._listenId || (this._listenId = _.uniqueId('l')); - listening = _listening = listeningTo[id] = new Listening(this, obj); - } - - // Bind callbacks on obj. - var error = tryCatchOn(obj, name, callback, this); - _listening = void 0; - - if (error) throw error; - // If the target obj is not Backbone.Events, track events manually. - if (listening.interop) listening.on(name, callback); - - return this; - }; - - // The reducing API that adds a callback to the `events` object. - var onApi = function(events, name, callback, options) { - if (callback) { - var handlers = events[name] || (events[name] = []); - var context = options.context, ctx = options.ctx, listening = options.listening; - if (listening) listening.count++; - - handlers.push({callback: callback, context: context, ctx: context || ctx, listening: listening}); - } - return events; - }; - - // An try-catch guarded #on function, to prevent poisoning the global - // `_listening` variable. - var tryCatchOn = function(obj, name, callback, context) { - try { - obj.on(name, callback, context); - } catch (e) { - return e; - } - }; - - // Remove one or many callbacks. If `context` is null, removes all - // callbacks with that function. If `callback` is null, removes all - // callbacks for the event. If `name` is null, removes all bound - // callbacks for all events. - Events.off = function(name, callback, context) { - if (!this._events) return this; - this._events = eventsApi(offApi, this._events, name, callback, { - context: context, - listeners: this._listeners - }); - - return this; - }; - - // Tell this object to stop listening to either specific events ... or - // to every object it's currently listening to. - Events.stopListening = function(obj, name, callback) { - var listeningTo = this._listeningTo; - if (!listeningTo) return this; - - var ids = obj ? [obj._listenId] : _.keys(listeningTo); - for (var i = 0; i < ids.length; i++) { - var listening = listeningTo[ids[i]]; - - // If listening doesn't exist, this object is not currently - // listening to obj. Break out early. - if (!listening) break; - - listening.obj.off(name, callback, this); - if (listening.interop) listening.off(name, callback); - } - if (_.isEmpty(listeningTo)) this._listeningTo = void 0; - - return this; - }; - - // The reducing API that removes a callback from the `events` object. - var offApi = function(events, name, callback, options) { - if (!events) return; - - var context = options.context, listeners = options.listeners; - var i = 0, names; - - // Delete all event listeners and "drop" events. - if (!name && !context && !callback) { - for (names = _.keys(listeners); i < names.length; i++) { - listeners[names[i]].cleanup(); - } - return; - } - - names = name ? [name] : _.keys(events); - for (; i < names.length; i++) { - name = names[i]; - var handlers = events[name]; - - // Bail out if there are no events stored. - if (!handlers) break; - - // Find any remaining events. - var remaining = []; - for (var j = 0; j < handlers.length; j++) { - var handler = handlers[j]; - if ( - callback && callback !== handler.callback && - callback !== handler.callback._callback || - context && context !== handler.context - ) { - remaining.push(handler); - } else { - var listening = handler.listening; - if (listening) listening.off(name, callback); - } - } - - // Replace events if there are any remaining. Otherwise, clean up. - if (remaining.length) { - events[name] = remaining; - } else { - delete events[name]; - } - } - - return events; - }; - - // Bind an event to only be triggered a single time. After the first time - // the callback is invoked, its listener will be removed. If multiple events - // are passed in using the space-separated syntax, the handler will fire - // once for each event, not once for a combination of all events. - Events.once = function(name, callback, context) { - // Map the event into a `{event: once}` object. - var events = eventsApi(onceMap, {}, name, callback, this.off.bind(this)); - if (typeof name === 'string' && context == null) callback = void 0; - return this.on(events, callback, context); - }; - - // Inversion-of-control versions of `once`. - Events.listenToOnce = function(obj, name, callback) { - // Map the event into a `{event: once}` object. - var events = eventsApi(onceMap, {}, name, callback, this.stopListening.bind(this, obj)); - return this.listenTo(obj, events); - }; - - // Reduces the event callbacks into a map of `{event: onceWrapper}`. - // `offer` unbinds the `onceWrapper` after it has been called. - var onceMap = function(map, name, callback, offer) { - if (callback) { - var once = map[name] = _.once(function() { - offer(name, once); - callback.apply(this, arguments); - }); - once._callback = callback; - } - return map; - }; - - // Trigger one or many events, firing all bound callbacks. Callbacks are - // passed the same arguments as `trigger` is, apart from the event name - // (unless you're listening on `"all"`, which will cause your callback to - // receive the true name of the event as the first argument). - Events.trigger = function(name) { - if (!this._events) return this; - - var length = Math.max(0, arguments.length - 1); - var args = Array(length); - for (var i = 0; i < length; i++) args[i] = arguments[i + 1]; - - eventsApi(triggerApi, this._events, name, void 0, args); - return this; - }; - - // Handles triggering the appropriate event callbacks. - var triggerApi = function(objEvents, name, callback, args) { - if (objEvents) { - var events = objEvents[name]; - var allEvents = objEvents.all; - if (events && allEvents) allEvents = allEvents.slice(); - if (events) triggerEvents(events, args); - if (allEvents) triggerEvents(allEvents, [name].concat(args)); - } - return objEvents; - }; - - // A difficult-to-believe, but optimized internal dispatch function for - // triggering events. Tries to keep the usual cases speedy (most internal - // Backbone events have 3 arguments). - var triggerEvents = function(events, args) { - var ev, i = -1, l = events.length, a1 = args[0], a2 = args[1], a3 = args[2]; - switch (args.length) { - case 0: while (++i < l) (ev = events[i]).callback.call(ev.ctx); return; - case 1: while (++i < l) (ev = events[i]).callback.call(ev.ctx, a1); return; - case 2: while (++i < l) (ev = events[i]).callback.call(ev.ctx, a1, a2); return; - case 3: while (++i < l) (ev = events[i]).callback.call(ev.ctx, a1, a2, a3); return; - default: while (++i < l) (ev = events[i]).callback.apply(ev.ctx, args); return; - } - }; - - // A listening class that tracks and cleans up memory bindings - // when all callbacks have been offed. - var Listening = function(listener, obj) { - this.id = listener._listenId; - this.listener = listener; - this.obj = obj; - this.interop = true; - this.count = 0; - this._events = void 0; - }; - - Listening.prototype.on = Events.on; - - // Offs a callback (or several). - // Uses an optimized counter if the listenee uses Backbone.Events. - // Otherwise, falls back to manual tracking to support events - // library interop. - Listening.prototype.off = function(name, callback) { - var cleanup; - if (this.interop) { - this._events = eventsApi(offApi, this._events, name, callback, { - context: void 0, - listeners: void 0 - }); - cleanup = !this._events; - } else { - this.count--; - cleanup = this.count === 0; - } - if (cleanup) this.cleanup(); - }; - - // Cleans up memory bindings between the listener and the listenee. - Listening.prototype.cleanup = function() { - delete this.listener._listeningTo[this.obj._listenId]; - if (!this.interop) delete this.obj._listeners[this.id]; - }; - - // Aliases for backwards compatibility. - Events.bind = Events.on; - Events.unbind = Events.off; - - // Allow the `Backbone` object to serve as a global event bus, for folks who - // want global "pubsub" in a convenient place. - _.extend(Backbone, Events); - - // Backbone.Model - // -------------- - - // Backbone **Models** are the basic data object in the framework -- - // frequently representing a row in a table in a database on your server. - // A discrete chunk of data and a bunch of useful, related methods for - // performing computations and transformations on that data. - - // Create a new model with the specified attributes. A client id (`cid`) - // is automatically generated and assigned for you. - var Model = Backbone.Model = function(attributes, options) { - var attrs = attributes || {}; - options || (options = {}); - this.preinitialize.apply(this, arguments); - this.cid = _.uniqueId(this.cidPrefix); - this.attributes = {}; - if (options.collection) this.collection = options.collection; - if (options.parse) attrs = this.parse(attrs, options) || {}; - var defaults = _.result(this, 'defaults'); - attrs = _.defaults(_.extend({}, defaults, attrs), defaults); - this.set(attrs, options); - this.changed = {}; - this.initialize.apply(this, arguments); - }; - - // Attach all inheritable methods to the Model prototype. - _.extend(Model.prototype, Events, { - - // A hash of attributes whose current and previous value differ. - changed: null, - - // The value returned during the last failed validation. - validationError: null, - - // The default name for the JSON `id` attribute is `"id"`. MongoDB and - // CouchDB users may want to set this to `"_id"`. - idAttribute: 'id', - - // The prefix is used to create the client id which is used to identify models locally. - // You may want to override this if you're experiencing name clashes with model ids. - cidPrefix: 'c', - - // preinitialize is an empty function by default. You can override it with a function - // or object. preinitialize will run before any instantiation logic is run in the Model. - preinitialize: function(){}, - - // Initialize is an empty function by default. Override it with your own - // initialization logic. - initialize: function(){}, - - // Return a copy of the model's `attributes` object. - toJSON: function(options) { - return _.clone(this.attributes); - }, - - // Proxy `Backbone.sync` by default -- but override this if you need - // custom syncing semantics for *this* particular model. - sync: function() { - return Backbone.sync.apply(this, arguments); - }, - - // Get the value of an attribute. - get: function(attr) { - return this.attributes[attr]; - }, - - // Get the HTML-escaped value of an attribute. - escape: function(attr) { - return _.escape(this.get(attr)); - }, - - // Returns `true` if the attribute contains a value that is not null - // or undefined. - has: function(attr) { - return this.get(attr) != null; - }, - - // Special-cased proxy to underscore's `_.matches` method. - matches: function(attrs) { - return !!_.iteratee(attrs, this)(this.attributes); - }, - - // Set a hash of model attributes on the object, firing `"change"`. This is - // the core primitive operation of a model, updating the data and notifying - // anyone who needs to know about the change in state. The heart of the beast. - set: function(key, val, options) { - if (key == null) return this; - - // Handle both `"key", value` and `{key: value}` -style arguments. - var attrs; - if (typeof key === 'object') { - attrs = key; - options = val; - } else { - (attrs = {})[key] = val; - } - - options || (options = {}); - - // Run validation. - if (!this._validate(attrs, options)) return false; - - // Extract attributes and options. - var unset = options.unset; - var silent = options.silent; - var changes = []; - var changing = this._changing; - this._changing = true; - - if (!changing) { - this._previousAttributes = _.clone(this.attributes); - this.changed = {}; - } - - var current = this.attributes; - var changed = this.changed; - var prev = this._previousAttributes; - - // For each `set` attribute, update or delete the current value. - for (var attr in attrs) { - val = attrs[attr]; - if (!_.isEqual(current[attr], val)) changes.push(attr); - if (!_.isEqual(prev[attr], val)) { - changed[attr] = val; - } else { - delete changed[attr]; - } - unset ? delete current[attr] : current[attr] = val; - } - - // Update the `id`. - if (this.idAttribute in attrs) this.id = this.get(this.idAttribute); - - // Trigger all relevant attribute changes. - if (!silent) { - if (changes.length) this._pending = options; - for (var i = 0; i < changes.length; i++) { - this.trigger('change:' + changes[i], this, current[changes[i]], options); - } - } - - // You might be wondering why there's a `while` loop here. Changes can - // be recursively nested within `"change"` events. - if (changing) return this; - if (!silent) { - while (this._pending) { - options = this._pending; - this._pending = false; - this.trigger('change', this, options); - } - } - this._pending = false; - this._changing = false; - return this; - }, - - // Remove an attribute from the model, firing `"change"`. `unset` is a noop - // if the attribute doesn't exist. - unset: function(attr, options) { - return this.set(attr, void 0, _.extend({}, options, {unset: true})); - }, - - // Clear all attributes on the model, firing `"change"`. - clear: function(options) { - var attrs = {}; - for (var key in this.attributes) attrs[key] = void 0; - return this.set(attrs, _.extend({}, options, {unset: true})); - }, - - // Determine if the model has changed since the last `"change"` event. - // If you specify an attribute name, determine if that attribute has changed. - hasChanged: function(attr) { - if (attr == null) return !_.isEmpty(this.changed); - return _.has(this.changed, attr); - }, - - // Return an object containing all the attributes that have changed, or - // false if there are no changed attributes. Useful for determining what - // parts of a view need to be updated and/or what attributes need to be - // persisted to the server. Unset attributes will be set to undefined. - // You can also pass an attributes object to diff against the model, - // determining if there *would be* a change. - changedAttributes: function(diff) { - if (!diff) return this.hasChanged() ? _.clone(this.changed) : false; - var old = this._changing ? this._previousAttributes : this.attributes; - var changed = {}; - var hasChanged; - for (var attr in diff) { - var val = diff[attr]; - if (_.isEqual(old[attr], val)) continue; - changed[attr] = val; - hasChanged = true; - } - return hasChanged ? changed : false; - }, - - // Get the previous value of an attribute, recorded at the time the last - // `"change"` event was fired. - previous: function(attr) { - if (attr == null || !this._previousAttributes) return null; - return this._previousAttributes[attr]; - }, - - // Get all of the attributes of the model at the time of the previous - // `"change"` event. - previousAttributes: function() { - return _.clone(this._previousAttributes); - }, - - // Fetch the model from the server, merging the response with the model's - // local attributes. Any changed attributes will trigger a "change" event. - fetch: function(options) { - options = _.extend({parse: true}, options); - var model = this; - var success = options.success; - options.success = function(resp) { - var serverAttrs = options.parse ? model.parse(resp, options) : resp; - if (!model.set(serverAttrs, options)) return false; - if (success) success.call(options.context, model, resp, options); - model.trigger('sync', model, resp, options); - }; - wrapError(this, options); - return this.sync('read', this, options); - }, - - // Set a hash of model attributes, and sync the model to the server. - // If the server returns an attributes hash that differs, the model's - // state will be `set` again. - save: function(key, val, options) { - // Handle both `"key", value` and `{key: value}` -style arguments. - var attrs; - if (key == null || typeof key === 'object') { - attrs = key; - options = val; - } else { - (attrs = {})[key] = val; - } - - options = _.extend({validate: true, parse: true}, options); - var wait = options.wait; - - // If we're not waiting and attributes exist, save acts as - // `set(attr).save(null, opts)` with validation. Otherwise, check if - // the model will be valid when the attributes, if any, are set. - if (attrs && !wait) { - if (!this.set(attrs, options)) return false; - } else if (!this._validate(attrs, options)) { - return false; - } - - // After a successful server-side save, the client is (optionally) - // updated with the server-side state. - var model = this; - var success = options.success; - var attributes = this.attributes; - options.success = function(resp) { - // Ensure attributes are restored during synchronous saves. - model.attributes = attributes; - var serverAttrs = options.parse ? model.parse(resp, options) : resp; - if (wait) serverAttrs = _.extend({}, attrs, serverAttrs); - if (serverAttrs && !model.set(serverAttrs, options)) return false; - if (success) success.call(options.context, model, resp, options); - model.trigger('sync', model, resp, options); - }; - wrapError(this, options); - - // Set temporary attributes if `{wait: true}` to properly find new ids. - if (attrs && wait) this.attributes = _.extend({}, attributes, attrs); - - var method = this.isNew() ? 'create' : options.patch ? 'patch' : 'update'; - if (method === 'patch' && !options.attrs) options.attrs = attrs; - var xhr = this.sync(method, this, options); - - // Restore attributes. - this.attributes = attributes; - - return xhr; - }, - - // Destroy this model on the server if it was already persisted. - // Optimistically removes the model from its collection, if it has one. - // If `wait: true` is passed, waits for the server to respond before removal. - destroy: function(options) { - options = options ? _.clone(options) : {}; - var model = this; - var success = options.success; - var wait = options.wait; - - var destroy = function() { - model.stopListening(); - model.trigger('destroy', model, model.collection, options); - }; - - options.success = function(resp) { - if (wait) destroy(); - if (success) success.call(options.context, model, resp, options); - if (!model.isNew()) model.trigger('sync', model, resp, options); - }; - - var xhr = false; - if (this.isNew()) { - _.defer(options.success); - } else { - wrapError(this, options); - xhr = this.sync('delete', this, options); - } - if (!wait) destroy(); - return xhr; - }, - - // Default URL for the model's representation on the server -- if you're - // using Backbone's restful methods, override this to change the endpoint - // that will be called. - url: function() { - var base = - _.result(this, 'urlRoot') || - _.result(this.collection, 'url') || - urlError(); - if (this.isNew()) return base; - var id = this.get(this.idAttribute); - return base.replace(/[^\/]$/, '$&/') + encodeURIComponent(id); - }, - - // **parse** converts a response into the hash of attributes to be `set` on - // the model. The default implementation is just to pass the response along. - parse: function(resp, options) { - return resp; - }, - - // Create a new model with identical attributes to this one. - clone: function() { - return new this.constructor(this.attributes); - }, - - // A model is new if it has never been saved to the server, and lacks an id. - isNew: function() { - return !this.has(this.idAttribute); - }, - - // Check if the model is currently in a valid state. - isValid: function(options) { - return this._validate({}, _.extend({}, options, {validate: true})); - }, - - // Run validation against the next complete set of model attributes, - // returning `true` if all is well. Otherwise, fire an `"invalid"` event. - _validate: function(attrs, options) { - if (!options.validate || !this.validate) return true; - attrs = _.extend({}, this.attributes, attrs); - var error = this.validationError = this.validate(attrs, options) || null; - if (!error) return true; - this.trigger('invalid', this, error, _.extend(options, {validationError: error})); - return false; - } - - }); - - // Backbone.Collection - // ------------------- - - // If models tend to represent a single row of data, a Backbone Collection is - // more analogous to a table full of data ... or a small slice or page of that - // table, or a collection of rows that belong together for a particular reason - // -- all of the messages in this particular folder, all of the documents - // belonging to this particular author, and so on. Collections maintain - // indexes of their models, both in order, and for lookup by `id`. - - // Create a new **Collection**, perhaps to contain a specific type of `model`. - // If a `comparator` is specified, the Collection will maintain - // its models in sort order, as they're added and removed. - var Collection = Backbone.Collection = function(models, options) { - options || (options = {}); - this.preinitialize.apply(this, arguments); - if (options.model) this.model = options.model; - if (options.comparator !== void 0) this.comparator = options.comparator; - this._reset(); - this.initialize.apply(this, arguments); - if (models) this.reset(models, _.extend({silent: true}, options)); - }; - - // Default options for `Collection#set`. - var setOptions = {add: true, remove: true, merge: true}; - var addOptions = {add: true, remove: false}; - - // Splices `insert` into `array` at index `at`. - var splice = function(array, insert, at) { - at = Math.min(Math.max(at, 0), array.length); - var tail = Array(array.length - at); - var length = insert.length; - var i; - for (i = 0; i < tail.length; i++) tail[i] = array[i + at]; - for (i = 0; i < length; i++) array[i + at] = insert[i]; - for (i = 0; i < tail.length; i++) array[i + length + at] = tail[i]; - }; - - // Define the Collection's inheritable methods. - _.extend(Collection.prototype, Events, { - - // The default model for a collection is just a **Backbone.Model**. - // This should be overridden in most cases. - model: Model, - - - // preinitialize is an empty function by default. You can override it with a function - // or object. preinitialize will run before any instantiation logic is run in the Collection. - preinitialize: function(){}, - - // Initialize is an empty function by default. Override it with your own - // initialization logic. - initialize: function(){}, - - // The JSON representation of a Collection is an array of the - // models' attributes. - toJSON: function(options) { - return this.map(function(model) { return model.toJSON(options); }); - }, - - // Proxy `Backbone.sync` by default. - sync: function() { - return Backbone.sync.apply(this, arguments); - }, - - // Add a model, or list of models to the set. `models` may be Backbone - // Models or raw JavaScript objects to be converted to Models, or any - // combination of the two. - add: function(models, options) { - return this.set(models, _.extend({merge: false}, options, addOptions)); - }, - - // Remove a model, or a list of models from the set. - remove: function(models, options) { - options = _.extend({}, options); - var singular = !_.isArray(models); - models = singular ? [models] : models.slice(); - var removed = this._removeModels(models, options); - if (!options.silent && removed.length) { - options.changes = {added: [], merged: [], removed: removed}; - this.trigger('update', this, options); - } - return singular ? removed[0] : removed; - }, - - // Update a collection by `set`-ing a new list of models, adding new ones, - // removing models that are no longer present, and merging models that - // already exist in the collection, as necessary. Similar to **Model#set**, - // the core operation for updating the data contained by the collection. - set: function(models, options) { - if (models == null) return; - - options = _.extend({}, setOptions, options); - if (options.parse && !this._isModel(models)) { - models = this.parse(models, options) || []; - } - - var singular = !_.isArray(models); - models = singular ? [models] : models.slice(); - - var at = options.at; - if (at != null) at = +at; - if (at > this.length) at = this.length; - if (at < 0) at += this.length + 1; - - var set = []; - var toAdd = []; - var toMerge = []; - var toRemove = []; - var modelMap = {}; - - var add = options.add; - var merge = options.merge; - var remove = options.remove; - - var sort = false; - var sortable = this.comparator && at == null && options.sort !== false; - var sortAttr = _.isString(this.comparator) ? this.comparator : null; - - // Turn bare objects into model references, and prevent invalid models - // from being added. - var model, i; - for (i = 0; i < models.length; i++) { - model = models[i]; - - // If a duplicate is found, prevent it from being added and - // optionally merge it into the existing model. - var existing = this.get(model); - if (existing) { - if (merge && model !== existing) { - var attrs = this._isModel(model) ? model.attributes : model; - if (options.parse) attrs = existing.parse(attrs, options); - existing.set(attrs, options); - toMerge.push(existing); - if (sortable && !sort) sort = existing.hasChanged(sortAttr); - } - if (!modelMap[existing.cid]) { - modelMap[existing.cid] = true; - set.push(existing); - } - models[i] = existing; - - // If this is a new, valid model, push it to the `toAdd` list. - } else if (add) { - model = models[i] = this._prepareModel(model, options); - if (model) { - toAdd.push(model); - this._addReference(model, options); - modelMap[model.cid] = true; - set.push(model); - } - } - } - - // Remove stale models. - if (remove) { - for (i = 0; i < this.length; i++) { - model = this.models[i]; - if (!modelMap[model.cid]) toRemove.push(model); - } - if (toRemove.length) this._removeModels(toRemove, options); - } - - // See if sorting is needed, update `length` and splice in new models. - var orderChanged = false; - var replace = !sortable && add && remove; - if (set.length && replace) { - orderChanged = this.length !== set.length || _.some(this.models, function(m, index) { - return m !== set[index]; - }); - this.models.length = 0; - splice(this.models, set, 0); - this.length = this.models.length; - } else if (toAdd.length) { - if (sortable) sort = true; - splice(this.models, toAdd, at == null ? this.length : at); - this.length = this.models.length; - } - - // Silently sort the collection if appropriate. - if (sort) this.sort({silent: true}); - - // Unless silenced, it's time to fire all appropriate add/sort/update events. - if (!options.silent) { - for (i = 0; i < toAdd.length; i++) { - if (at != null) options.index = at + i; - model = toAdd[i]; - model.trigger('add', model, this, options); - } - if (sort || orderChanged) this.trigger('sort', this, options); - if (toAdd.length || toRemove.length || toMerge.length) { - options.changes = { - added: toAdd, - removed: toRemove, - merged: toMerge - }; - this.trigger('update', this, options); - } - } - - // Return the added (or merged) model (or models). - return singular ? models[0] : models; - }, - - // When you have more items than you want to add or remove individually, - // you can reset the entire set with a new list of models, without firing - // any granular `add` or `remove` events. Fires `reset` when finished. - // Useful for bulk operations and optimizations. - reset: function(models, options) { - options = options ? _.clone(options) : {}; - for (var i = 0; i < this.models.length; i++) { - this._removeReference(this.models[i], options); - } - options.previousModels = this.models; - this._reset(); - models = this.add(models, _.extend({silent: true}, options)); - if (!options.silent) this.trigger('reset', this, options); - return models; - }, - - // Add a model to the end of the collection. - push: function(model, options) { - return this.add(model, _.extend({at: this.length}, options)); - }, - - // Remove a model from the end of the collection. - pop: function(options) { - var model = this.at(this.length - 1); - return this.remove(model, options); - }, - - // Add a model to the beginning of the collection. - unshift: function(model, options) { - return this.add(model, _.extend({at: 0}, options)); - }, - - // Remove a model from the beginning of the collection. - shift: function(options) { - var model = this.at(0); - return this.remove(model, options); - }, - - // Slice out a sub-array of models from the collection. - slice: function() { - return slice.apply(this.models, arguments); - }, - - // Get a model from the set by id, cid, model object with id or cid - // properties, or an attributes object that is transformed through modelId. - get: function(obj) { - if (obj == null) return void 0; - return this._byId[obj] || - this._byId[this.modelId(this._isModel(obj) ? obj.attributes : obj)] || - obj.cid && this._byId[obj.cid]; - }, - - // Returns `true` if the model is in the collection. - has: function(obj) { - return this.get(obj) != null; - }, - - // Get the model at the given index. - at: function(index) { - if (index < 0) index += this.length; - return this.models[index]; - }, - - // Return models with matching attributes. Useful for simple cases of - // `filter`. - where: function(attrs, first) { - return this[first ? 'find' : 'filter'](attrs); - }, - - // Return the first model with matching attributes. Useful for simple cases - // of `find`. - findWhere: function(attrs) { - return this.where(attrs, true); - }, - - // Force the collection to re-sort itself. You don't need to call this under - // normal circumstances, as the set will maintain sort order as each item - // is added. - sort: function(options) { - var comparator = this.comparator; - if (!comparator) throw new Error('Cannot sort a set without a comparator'); - options || (options = {}); - - var length = comparator.length; - if (_.isFunction(comparator)) comparator = comparator.bind(this); - - // Run sort based on type of `comparator`. - if (length === 1 || _.isString(comparator)) { - this.models = this.sortBy(comparator); - } else { - this.models.sort(comparator); - } - if (!options.silent) this.trigger('sort', this, options); - return this; - }, - - // Pluck an attribute from each model in the collection. - pluck: function(attr) { - return this.map(attr + ''); - }, - - // Fetch the default set of models for this collection, resetting the - // collection when they arrive. If `reset: true` is passed, the response - // data will be passed through the `reset` method instead of `set`. - fetch: function(options) { - options = _.extend({parse: true}, options); - var success = options.success; - var collection = this; - options.success = function(resp) { - var method = options.reset ? 'reset' : 'set'; - collection[method](resp, options); - if (success) success.call(options.context, collection, resp, options); - collection.trigger('sync', collection, resp, options); - }; - wrapError(this, options); - return this.sync('read', this, options); - }, - - // Create a new instance of a model in this collection. Add the model to the - // collection immediately, unless `wait: true` is passed, in which case we - // wait for the server to agree. - create: function(model, options) { - options = options ? _.clone(options) : {}; - var wait = options.wait; - model = this._prepareModel(model, options); - if (!model) return false; - if (!wait) this.add(model, options); - var collection = this; - var success = options.success; - options.success = function(m, resp, callbackOpts) { - if (wait) collection.add(m, callbackOpts); - if (success) success.call(callbackOpts.context, m, resp, callbackOpts); - }; - model.save(null, options); - return model; - }, - - // **parse** converts a response into a list of models to be added to the - // collection. The default implementation is just to pass it through. - parse: function(resp, options) { - return resp; - }, - - // Create a new collection with an identical list of models as this one. - clone: function() { - return new this.constructor(this.models, { - model: this.model, - comparator: this.comparator - }); - }, - - // Define how to uniquely identify models in the collection. - modelId: function(attrs) { - return attrs[this.model.prototype.idAttribute || 'id']; - }, - - // Get an iterator of all models in this collection. - values: function() { - return new CollectionIterator(this, ITERATOR_VALUES); - }, - - // Get an iterator of all model IDs in this collection. - keys: function() { - return new CollectionIterator(this, ITERATOR_KEYS); - }, - - // Get an iterator of all [ID, model] tuples in this collection. - entries: function() { - return new CollectionIterator(this, ITERATOR_KEYSVALUES); - }, - - // Private method to reset all internal state. Called when the collection - // is first initialized or reset. - _reset: function() { - this.length = 0; - this.models = []; - this._byId = {}; - }, - - // Prepare a hash of attributes (or other model) to be added to this - // collection. - _prepareModel: function(attrs, options) { - if (this._isModel(attrs)) { - if (!attrs.collection) attrs.collection = this; - return attrs; - } - options = options ? _.clone(options) : {}; - options.collection = this; - var model = new this.model(attrs, options); - if (!model.validationError) return model; - this.trigger('invalid', this, model.validationError, options); - return false; - }, - - // Internal method called by both remove and set. - _removeModels: function(models, options) { - var removed = []; - for (var i = 0; i < models.length; i++) { - var model = this.get(models[i]); - if (!model) continue; - - var index = this.indexOf(model); - this.models.splice(index, 1); - this.length--; - - // Remove references before triggering 'remove' event to prevent an - // infinite loop. #3693 - delete this._byId[model.cid]; - var id = this.modelId(model.attributes); - if (id != null) delete this._byId[id]; - - if (!options.silent) { - options.index = index; - model.trigger('remove', model, this, options); - } - - removed.push(model); - this._removeReference(model, options); - } - return removed; - }, - - // Method for checking whether an object should be considered a model for - // the purposes of adding to the collection. - _isModel: function(model) { - return model instanceof Model; - }, - - // Internal method to create a model's ties to a collection. - _addReference: function(model, options) { - this._byId[model.cid] = model; - var id = this.modelId(model.attributes); - if (id != null) this._byId[id] = model; - model.on('all', this._onModelEvent, this); - }, - - // Internal method to sever a model's ties to a collection. - _removeReference: function(model, options) { - delete this._byId[model.cid]; - var id = this.modelId(model.attributes); - if (id != null) delete this._byId[id]; - if (this === model.collection) delete model.collection; - model.off('all', this._onModelEvent, this); - }, - - // Internal method called every time a model in the set fires an event. - // Sets need to update their indexes when models change ids. All other - // events simply proxy through. "add" and "remove" events that originate - // in other collections are ignored. - _onModelEvent: function(event, model, collection, options) { - if (model) { - if ((event === 'add' || event === 'remove') && collection !== this) return; - if (event === 'destroy') this.remove(model, options); - if (event === 'change') { - var prevId = this.modelId(model.previousAttributes()); - var id = this.modelId(model.attributes); - if (prevId !== id) { - if (prevId != null) delete this._byId[prevId]; - if (id != null) this._byId[id] = model; - } - } - } - this.trigger.apply(this, arguments); - } - - }); - - // Defining an @@iterator method implements JavaScript's Iterable protocol. - // In modern ES2015 browsers, this value is found at Symbol.iterator. - /* global Symbol */ - var $$iterator = typeof Symbol === 'function' && Symbol.iterator; - if ($$iterator) { - Collection.prototype[$$iterator] = Collection.prototype.values; - } - - // CollectionIterator - // ------------------ - - // A CollectionIterator implements JavaScript's Iterator protocol, allowing the - // use of `for of` loops in modern browsers and interoperation between - // Backbone.Collection and other JavaScript functions and third-party libraries - // which can operate on Iterables. - var CollectionIterator = function(collection, kind) { - this._collection = collection; - this._kind = kind; - this._index = 0; - }; - - // This "enum" defines the three possible kinds of values which can be emitted - // by a CollectionIterator that correspond to the values(), keys() and entries() - // methods on Collection, respectively. - var ITERATOR_VALUES = 1; - var ITERATOR_KEYS = 2; - var ITERATOR_KEYSVALUES = 3; - - // All Iterators should themselves be Iterable. - if ($$iterator) { - CollectionIterator.prototype[$$iterator] = function() { - return this; - }; - } - - CollectionIterator.prototype.next = function() { - if (this._collection) { - - // Only continue iterating if the iterated collection is long enough. - if (this._index < this._collection.length) { - var model = this._collection.at(this._index); - this._index++; - - // Construct a value depending on what kind of values should be iterated. - var value; - if (this._kind === ITERATOR_VALUES) { - value = model; - } else { - var id = this._collection.modelId(model.attributes); - if (this._kind === ITERATOR_KEYS) { - value = id; - } else { // ITERATOR_KEYSVALUES - value = [id, model]; - } - } - return {value: value, done: false}; - } - - // Once exhausted, remove the reference to the collection so future - // calls to the next method always return done. - this._collection = void 0; - } - - return {value: void 0, done: true}; - }; - - // Backbone.View - // ------------- - - // Backbone Views are almost more convention than they are actual code. A View - // is simply a JavaScript object that represents a logical chunk of UI in the - // DOM. This might be a single item, an entire list, a sidebar or panel, or - // even the surrounding frame which wraps your whole app. Defining a chunk of - // UI as a **View** allows you to define your DOM events declaratively, without - // having to worry about render order ... and makes it easy for the view to - // react to specific changes in the state of your models. - - // Creating a Backbone.View creates its initial element outside of the DOM, - // if an existing element is not provided... - var View = Backbone.View = function(options) { - this.cid = _.uniqueId('view'); - this.preinitialize.apply(this, arguments); - _.extend(this, _.pick(options, viewOptions)); - this._ensureElement(); - this.initialize.apply(this, arguments); - }; - - // Cached regex to split keys for `delegate`. - var delegateEventSplitter = /^(\S+)\s*(.*)$/; - - // List of view options to be set as properties. - var viewOptions = ['model', 'collection', 'el', 'id', 'attributes', 'className', 'tagName', 'events']; - - // Set up all inheritable **Backbone.View** properties and methods. - _.extend(View.prototype, Events, { - - // The default `tagName` of a View's element is `"div"`. - tagName: 'div', - - // jQuery delegate for element lookup, scoped to DOM elements within the - // current view. This should be preferred to global lookups where possible. - $: function(selector) { - return this.$el.find(selector); - }, - - // preinitialize is an empty function by default. You can override it with a function - // or object. preinitialize will run before any instantiation logic is run in the View - preinitialize: function(){}, - - // Initialize is an empty function by default. Override it with your own - // initialization logic. - initialize: function(){}, - - // **render** is the core function that your view should override, in order - // to populate its element (`this.el`), with the appropriate HTML. The - // convention is for **render** to always return `this`. - render: function() { - return this; - }, - - // Remove this view by taking the element out of the DOM, and removing any - // applicable Backbone.Events listeners. - remove: function() { - this._removeElement(); - this.stopListening(); - return this; - }, - - // Remove this view's element from the document and all event listeners - // attached to it. Exposed for subclasses using an alternative DOM - // manipulation API. - _removeElement: function() { - this.$el.remove(); - }, - - // Change the view's element (`this.el` property) and re-delegate the - // view's events on the new element. - setElement: function(element) { - this.undelegateEvents(); - this._setElement(element); - this.delegateEvents(); - return this; - }, - - // Creates the `this.el` and `this.$el` references for this view using the - // given `el`. `el` can be a CSS selector or an HTML string, a jQuery - // context or an element. Subclasses can override this to utilize an - // alternative DOM manipulation API and are only required to set the - // `this.el` property. - _setElement: function(el) { - this.$el = el instanceof Backbone.$ ? el : Backbone.$(el); - this.el = this.$el[0]; - }, - - // Set callbacks, where `this.events` is a hash of - // - // *{"event selector": "callback"}* - // - // { - // 'mousedown .title': 'edit', - // 'click .button': 'save', - // 'click .open': function(e) { ... } - // } - // - // pairs. Callbacks will be bound to the view, with `this` set properly. - // Uses event delegation for efficiency. - // Omitting the selector binds the event to `this.el`. - delegateEvents: function(events) { - events || (events = _.result(this, 'events')); - if (!events) return this; - this.undelegateEvents(); - for (var key in events) { - var method = events[key]; - if (!_.isFunction(method)) method = this[method]; - if (!method) continue; - var match = key.match(delegateEventSplitter); - this.delegate(match[1], match[2], method.bind(this)); - } - return this; - }, - - // Add a single event listener to the view's element (or a child element - // using `selector`). This only works for delegate-able events: not `focus`, - // `blur`, and not `change`, `submit`, and `reset` in Internet Explorer. - delegate: function(eventName, selector, listener) { - this.$el.on(eventName + '.delegateEvents' + this.cid, selector, listener); - return this; - }, - - // Clears all callbacks previously bound to the view by `delegateEvents`. - // You usually don't need to use this, but may wish to if you have multiple - // Backbone views attached to the same DOM element. - undelegateEvents: function() { - if (this.$el) this.$el.off('.delegateEvents' + this.cid); - return this; - }, - - // A finer-grained `undelegateEvents` for removing a single delegated event. - // `selector` and `listener` are both optional. - undelegate: function(eventName, selector, listener) { - this.$el.off(eventName + '.delegateEvents' + this.cid, selector, listener); - return this; - }, - - // Produces a DOM element to be assigned to your view. Exposed for - // subclasses using an alternative DOM manipulation API. - _createElement: function(tagName) { - return document.createElement(tagName); - }, - - // Ensure that the View has a DOM element to render into. - // If `this.el` is a string, pass it through `$()`, take the first - // matching element, and re-assign it to `el`. Otherwise, create - // an element from the `id`, `className` and `tagName` properties. - _ensureElement: function() { - if (!this.el) { - var attrs = _.extend({}, _.result(this, 'attributes')); - if (this.id) attrs.id = _.result(this, 'id'); - if (this.className) attrs['class'] = _.result(this, 'className'); - this.setElement(this._createElement(_.result(this, 'tagName'))); - this._setAttributes(attrs); - } else { - this.setElement(_.result(this, 'el')); - } - }, - - // Set attributes from a hash on this view's element. Exposed for - // subclasses using an alternative DOM manipulation API. - _setAttributes: function(attributes) { - this.$el.attr(attributes); - } - - }); - - // Proxy Backbone class methods to Underscore functions, wrapping the model's - // `attributes` object or collection's `models` array behind the scenes. - // - // collection.filter(function(model) { return model.get('age') > 10 }); - // collection.each(this.addView); - // - // `Function#apply` can be slow so we use the method's arg count, if we know it. - var addMethod = function(base, length, method, attribute) { - switch (length) { - case 1: return function() { - return base[method](this[attribute]); - }; - case 2: return function(value) { - return base[method](this[attribute], value); - }; - case 3: return function(iteratee, context) { - return base[method](this[attribute], cb(iteratee, this), context); - }; - case 4: return function(iteratee, defaultVal, context) { - return base[method](this[attribute], cb(iteratee, this), defaultVal, context); - }; - default: return function() { - var args = slice.call(arguments); - args.unshift(this[attribute]); - return base[method].apply(base, args); - }; - } - }; - - var addUnderscoreMethods = function(Class, base, methods, attribute) { - _.each(methods, function(length, method) { - if (base[method]) Class.prototype[method] = addMethod(base, length, method, attribute); - }); - }; - - // Support `collection.sortBy('attr')` and `collection.findWhere({id: 1})`. - var cb = function(iteratee, instance) { - if (_.isFunction(iteratee)) return iteratee; - if (_.isObject(iteratee) && !instance._isModel(iteratee)) return modelMatcher(iteratee); - if (_.isString(iteratee)) return function(model) { return model.get(iteratee); }; - return iteratee; - }; - var modelMatcher = function(attrs) { - var matcher = _.matches(attrs); - return function(model) { - return matcher(model.attributes); - }; - }; - - // Underscore methods that we want to implement on the Collection. - // 90% of the core usefulness of Backbone Collections is actually implemented - // right here: - var collectionMethods = {forEach: 3, each: 3, map: 3, collect: 3, reduce: 0, - foldl: 0, inject: 0, reduceRight: 0, foldr: 0, find: 3, detect: 3, filter: 3, - select: 3, reject: 3, every: 3, all: 3, some: 3, any: 3, include: 3, includes: 3, - contains: 3, invoke: 0, max: 3, min: 3, toArray: 1, size: 1, first: 3, - head: 3, take: 3, initial: 3, rest: 3, tail: 3, drop: 3, last: 3, - without: 0, difference: 0, indexOf: 3, shuffle: 1, lastIndexOf: 3, - isEmpty: 1, chain: 1, sample: 3, partition: 3, groupBy: 3, countBy: 3, - sortBy: 3, indexBy: 3, findIndex: 3, findLastIndex: 3}; - - - // Underscore methods that we want to implement on the Model, mapped to the - // number of arguments they take. - var modelMethods = {keys: 1, values: 1, pairs: 1, invert: 1, pick: 0, - omit: 0, chain: 1, isEmpty: 1}; - - // Mix in each Underscore method as a proxy to `Collection#models`. - - _.each([ - [Collection, collectionMethods, 'models'], - [Model, modelMethods, 'attributes'] - ], function(config) { - var Base = config[0], - methods = config[1], - attribute = config[2]; - - Base.mixin = function(obj) { - var mappings = _.reduce(_.functions(obj), function(memo, name) { - memo[name] = 0; - return memo; - }, {}); - addUnderscoreMethods(Base, obj, mappings, attribute); - }; - - addUnderscoreMethods(Base, _, methods, attribute); - }); - - // Backbone.sync - // ------------- - - // Override this function to change the manner in which Backbone persists - // models to the server. You will be passed the type of request, and the - // model in question. By default, makes a RESTful Ajax request - // to the model's `url()`. Some possible customizations could be: - // - // * Use `setTimeout` to batch rapid-fire updates into a single request. - // * Send up the models as XML instead of JSON. - // * Persist models via WebSockets instead of Ajax. - // - // Turn on `Backbone.emulateHTTP` in order to send `PUT` and `DELETE` requests - // as `POST`, with a `_method` parameter containing the true HTTP method, - // as well as all requests with the body as `application/x-www-form-urlencoded` - // instead of `application/json` with the model in a param named `model`. - // Useful when interfacing with server-side languages like **PHP** that make - // it difficult to read the body of `PUT` requests. - Backbone.sync = function(method, model, options) { - var type = methodMap[method]; - - // Default options, unless specified. - _.defaults(options || (options = {}), { - emulateHTTP: Backbone.emulateHTTP, - emulateJSON: Backbone.emulateJSON - }); - - // Default JSON-request options. - var params = {type: type, dataType: 'json'}; - - // Ensure that we have a URL. - if (!options.url) { - params.url = _.result(model, 'url') || urlError(); - } - - // Ensure that we have the appropriate request data. - if (options.data == null && model && (method === 'create' || method === 'update' || method === 'patch')) { - params.contentType = 'application/json'; - params.data = JSON.stringify(options.attrs || model.toJSON(options)); - } - - // For older servers, emulate JSON by encoding the request into an HTML-form. - if (options.emulateJSON) { - params.contentType = 'application/x-www-form-urlencoded'; - params.data = params.data ? {model: params.data} : {}; - } - - // For older servers, emulate HTTP by mimicking the HTTP method with `_method` - // And an `X-HTTP-Method-Override` header. - if (options.emulateHTTP && (type === 'PUT' || type === 'DELETE' || type === 'PATCH')) { - params.type = 'POST'; - if (options.emulateJSON) params.data._method = type; - var beforeSend = options.beforeSend; - options.beforeSend = function(xhr) { - xhr.setRequestHeader('X-HTTP-Method-Override', type); - if (beforeSend) return beforeSend.apply(this, arguments); - }; - } - - // Don't process data on a non-GET request. - if (params.type !== 'GET' && !options.emulateJSON) { - params.processData = false; - } - - // Pass along `textStatus` and `errorThrown` from jQuery. - var error = options.error; - options.error = function(xhr, textStatus, errorThrown) { - options.textStatus = textStatus; - options.errorThrown = errorThrown; - if (error) error.call(options.context, xhr, textStatus, errorThrown); - }; - - // Make the request, allowing the user to override any Ajax options. - var xhr = options.xhr = Backbone.ajax(_.extend(params, options)); - model.trigger('request', model, xhr, options); - return xhr; - }; - - // Map from CRUD to HTTP for our default `Backbone.sync` implementation. - var methodMap = { - create: 'POST', - update: 'PUT', - patch: 'PATCH', - delete: 'DELETE', - read: 'GET' - }; - - // Set the default implementation of `Backbone.ajax` to proxy through to `$`. - // Override this if you'd like to use a different library. - Backbone.ajax = function() { - return Backbone.$.ajax.apply(Backbone.$, arguments); - }; - - // Backbone.Router - // --------------- - - // Routers map faux-URLs to actions, and fire events when routes are - // matched. Creating a new one sets its `routes` hash, if not set statically. - var Router = Backbone.Router = function(options) { - options || (options = {}); - this.preinitialize.apply(this, arguments); - if (options.routes) this.routes = options.routes; - this._bindRoutes(); - this.initialize.apply(this, arguments); - }; - - // Cached regular expressions for matching named param parts and splatted - // parts of route strings. - var optionalParam = /\((.*?)\)/g; - var namedParam = /(\(\?)?:\w+/g; - var splatParam = /\*\w+/g; - var escapeRegExp = /[\-{}\[\]+?.,\\\^$|#\s]/g; - - // Set up all inheritable **Backbone.Router** properties and methods. - _.extend(Router.prototype, Events, { - - // preinitialize is an empty function by default. You can override it with a function - // or object. preinitialize will run before any instantiation logic is run in the Router. - preinitialize: function(){}, - - // Initialize is an empty function by default. Override it with your own - // initialization logic. - initialize: function(){}, - - // Manually bind a single named route to a callback. For example: - // - // this.route('search/:query/p:num', 'search', function(query, num) { - // ... - // }); - // - route: function(route, name, callback) { - if (!_.isRegExp(route)) route = this._routeToRegExp(route); - if (_.isFunction(name)) { - callback = name; - name = ''; - } - if (!callback) callback = this[name]; - var router = this; - Backbone.history.route(route, function(fragment) { - var args = router._extractParameters(route, fragment); - if (router.execute(callback, args, name) !== false) { - router.trigger.apply(router, ['route:' + name].concat(args)); - router.trigger('route', name, args); - Backbone.history.trigger('route', router, name, args); - } - }); - return this; - }, - - // Execute a route handler with the provided parameters. This is an - // excellent place to do pre-route setup or post-route cleanup. - execute: function(callback, args, name) { - if (callback) callback.apply(this, args); - }, - - // Simple proxy to `Backbone.history` to save a fragment into the history. - navigate: function(fragment, options) { - Backbone.history.navigate(fragment, options); - return this; - }, - - // Bind all defined routes to `Backbone.history`. We have to reverse the - // order of the routes here to support behavior where the most general - // routes can be defined at the bottom of the route map. - _bindRoutes: function() { - if (!this.routes) return; - this.routes = _.result(this, 'routes'); - var route, routes = _.keys(this.routes); - while ((route = routes.pop()) != null) { - this.route(route, this.routes[route]); - } - }, - - // Convert a route string into a regular expression, suitable for matching - // against the current location hash. - _routeToRegExp: function(route) { - route = route.replace(escapeRegExp, '\\$&') - .replace(optionalParam, '(?:$1)?') - .replace(namedParam, function(match, optional) { - return optional ? match : '([^/?]+)'; - }) - .replace(splatParam, '([^?]*?)'); - return new RegExp('^' + route + '(?:\\?([\\s\\S]*))?$'); - }, - - // Given a route, and a URL fragment that it matches, return the array of - // extracted decoded parameters. Empty or unmatched parameters will be - // treated as `null` to normalize cross-browser behavior. - _extractParameters: function(route, fragment) { - var params = route.exec(fragment).slice(1); - return _.map(params, function(param, i) { - // Don't decode the search params. - if (i === params.length - 1) return param || null; - return param ? decodeURIComponent(param) : null; - }); - } - - }); - - // Backbone.History - // ---------------- - - // Handles cross-browser history management, based on either - // [pushState](http://diveintohtml5.info/history.html) and real URLs, or - // [onhashchange](https://developer.mozilla.org/en-US/docs/DOM/window.onhashchange) - // and URL fragments. If the browser supports neither (old IE, natch), - // falls back to polling. - var History = Backbone.History = function() { - this.handlers = []; - this.checkUrl = this.checkUrl.bind(this); - - // Ensure that `History` can be used outside of the browser. - if (typeof window !== 'undefined') { - this.location = window.location; - this.history = window.history; - } - }; - - // Cached regex for stripping a leading hash/slash and trailing space. - var routeStripper = /^[#\/]|\s+$/g; - - // Cached regex for stripping leading and trailing slashes. - var rootStripper = /^\/+|\/+$/g; - - // Cached regex for stripping urls of hash. - var pathStripper = /#.*$/; - - // Has the history handling already been started? - History.started = false; - - // Set up all inheritable **Backbone.History** properties and methods. - _.extend(History.prototype, Events, { - - // The default interval to poll for hash changes, if necessary, is - // twenty times a second. - interval: 50, - - // Are we at the app root? - atRoot: function() { - var path = this.location.pathname.replace(/[^\/]$/, '$&/'); - return path === this.root && !this.getSearch(); - }, - - // Does the pathname match the root? - matchRoot: function() { - var path = this.decodeFragment(this.location.pathname); - var rootPath = path.slice(0, this.root.length - 1) + '/'; - return rootPath === this.root; - }, - - // Unicode characters in `location.pathname` are percent encoded so they're - // decoded for comparison. `%25` should not be decoded since it may be part - // of an encoded parameter. - decodeFragment: function(fragment) { - return decodeURI(fragment.replace(/%25/g, '%2525')); - }, - - // In IE6, the hash fragment and search params are incorrect if the - // fragment contains `?`. - getSearch: function() { - var match = this.location.href.replace(/#.*/, '').match(/\?.+/); - return match ? match[0] : ''; - }, - - // Gets the true hash value. Cannot use location.hash directly due to bug - // in Firefox where location.hash will always be decoded. - getHash: function(window) { - var match = (window || this).location.href.match(/#(.*)$/); - return match ? match[1] : ''; - }, - - // Get the pathname and search params, without the root. - getPath: function() { - var path = this.decodeFragment( - this.location.pathname + this.getSearch() - ).slice(this.root.length - 1); - return path.charAt(0) === '/' ? path.slice(1) : path; - }, - - // Get the cross-browser normalized URL fragment from the path or hash. - getFragment: function(fragment) { - if (fragment == null) { - if (this._usePushState || !this._wantsHashChange) { - fragment = this.getPath(); - } else { - fragment = this.getHash(); - } - } - return fragment.replace(routeStripper, ''); - }, - - // Start the hash change handling, returning `true` if the current URL matches - // an existing route, and `false` otherwise. - start: function(options) { - if (History.started) throw new Error('Backbone.history has already been started'); - History.started = true; - - // Figure out the initial configuration. Do we need an iframe? - // Is pushState desired ... is it available? - this.options = _.extend({root: '/'}, this.options, options); - this.root = this.options.root; - this._wantsHashChange = this.options.hashChange !== false; - this._hasHashChange = 'onhashchange' in window && (document.documentMode === void 0 || document.documentMode > 7); - this._useHashChange = this._wantsHashChange && this._hasHashChange; - this._wantsPushState = !!this.options.pushState; - this._hasPushState = !!(this.history && this.history.pushState); - this._usePushState = this._wantsPushState && this._hasPushState; - this.fragment = this.getFragment(); - - // Normalize root to always include a leading and trailing slash. - this.root = ('/' + this.root + '/').replace(rootStripper, '/'); - - // Transition from hashChange to pushState or vice versa if both are - // requested. - if (this._wantsHashChange && this._wantsPushState) { - - // If we've started off with a route from a `pushState`-enabled - // browser, but we're currently in a browser that doesn't support it... - if (!this._hasPushState && !this.atRoot()) { - var rootPath = this.root.slice(0, -1) || '/'; - this.location.replace(rootPath + '#' + this.getPath()); - // Return immediately as browser will do redirect to new url - return true; - - // Or if we've started out with a hash-based route, but we're currently - // in a browser where it could be `pushState`-based instead... - } else if (this._hasPushState && this.atRoot()) { - this.navigate(this.getHash(), {replace: true}); - } - - } - - // Proxy an iframe to handle location events if the browser doesn't - // support the `hashchange` event, HTML5 history, or the user wants - // `hashChange` but not `pushState`. - if (!this._hasHashChange && this._wantsHashChange && !this._usePushState) { - this.iframe = document.createElement('iframe'); - this.iframe.src = 'javascript:0'; - this.iframe.style.display = 'none'; - this.iframe.tabIndex = -1; - var body = document.body; - // Using `appendChild` will throw on IE < 9 if the document is not ready. - var iWindow = body.insertBefore(this.iframe, body.firstChild).contentWindow; - iWindow.document.open(); - iWindow.document.close(); - iWindow.location.hash = '#' + this.fragment; - } - - // Add a cross-platform `addEventListener` shim for older browsers. - var addEventListener = window.addEventListener || function(eventName, listener) { - return attachEvent('on' + eventName, listener); - }; - - // Depending on whether we're using pushState or hashes, and whether - // 'onhashchange' is supported, determine how we check the URL state. - if (this._usePushState) { - addEventListener('popstate', this.checkUrl, false); - } else if (this._useHashChange && !this.iframe) { - addEventListener('hashchange', this.checkUrl, false); - } else if (this._wantsHashChange) { - this._checkUrlInterval = setInterval(this.checkUrl, this.interval); - } - - if (!this.options.silent) return this.loadUrl(); - }, - - // Disable Backbone.history, perhaps temporarily. Not useful in a real app, - // but possibly useful for unit testing Routers. - stop: function() { - // Add a cross-platform `removeEventListener` shim for older browsers. - var removeEventListener = window.removeEventListener || function(eventName, listener) { - return detachEvent('on' + eventName, listener); - }; - - // Remove window listeners. - if (this._usePushState) { - removeEventListener('popstate', this.checkUrl, false); - } else if (this._useHashChange && !this.iframe) { - removeEventListener('hashchange', this.checkUrl, false); - } - - // Clean up the iframe if necessary. - if (this.iframe) { - document.body.removeChild(this.iframe); - this.iframe = null; - } - - // Some environments will throw when clearing an undefined interval. - if (this._checkUrlInterval) clearInterval(this._checkUrlInterval); - History.started = false; - }, - - // Add a route to be tested when the fragment changes. Routes added later - // may override previous routes. - route: function(route, callback) { - this.handlers.unshift({route: route, callback: callback}); - }, - - // Checks the current URL to see if it has changed, and if it has, - // calls `loadUrl`, normalizing across the hidden iframe. - checkUrl: function(e) { - var current = this.getFragment(); - - // If the user pressed the back button, the iframe's hash will have - // changed and we should use that for comparison. - if (current === this.fragment && this.iframe) { - current = this.getHash(this.iframe.contentWindow); - } - - if (current === this.fragment) return false; - if (this.iframe) this.navigate(current); - this.loadUrl(); - }, - - // Attempt to load the current URL fragment. If a route succeeds with a - // match, returns `true`. If no defined routes matches the fragment, - // returns `false`. - loadUrl: function(fragment) { - // If the root doesn't match, no routes can match either. - if (!this.matchRoot()) return false; - fragment = this.fragment = this.getFragment(fragment); - return _.some(this.handlers, function(handler) { - if (handler.route.test(fragment)) { - handler.callback(fragment); - return true; - } - }); - }, - - // Save a fragment into the hash history, or replace the URL state if the - // 'replace' option is passed. You are responsible for properly URL-encoding - // the fragment in advance. - // - // The options object can contain `trigger: true` if you wish to have the - // route callback be fired (not usually desirable), or `replace: true`, if - // you wish to modify the current URL without adding an entry to the history. - navigate: function(fragment, options) { - if (!History.started) return false; - if (!options || options === true) options = {trigger: !!options}; - - // Normalize the fragment. - fragment = this.getFragment(fragment || ''); - - // Don't include a trailing slash on the root. - var rootPath = this.root; - if (fragment === '' || fragment.charAt(0) === '?') { - rootPath = rootPath.slice(0, -1) || '/'; - } - var url = rootPath + fragment; - - // Strip the fragment of the query and hash for matching. - fragment = fragment.replace(pathStripper, ''); - - // Decode for matching. - var decodedFragment = this.decodeFragment(fragment); - - if (this.fragment === decodedFragment) return; - this.fragment = decodedFragment; - - // If pushState is available, we use it to set the fragment as a real URL. - if (this._usePushState) { - this.history[options.replace ? 'replaceState' : 'pushState']({}, document.title, url); - - // If hash changes haven't been explicitly disabled, update the hash - // fragment to store history. - } else if (this._wantsHashChange) { - this._updateHash(this.location, fragment, options.replace); - if (this.iframe && fragment !== this.getHash(this.iframe.contentWindow)) { - var iWindow = this.iframe.contentWindow; - - // Opening and closing the iframe tricks IE7 and earlier to push a - // history entry on hash-tag change. When replace is true, we don't - // want this. - if (!options.replace) { - iWindow.document.open(); - iWindow.document.close(); - } - - this._updateHash(iWindow.location, fragment, options.replace); - } - - // If you've told us that you explicitly don't want fallback hashchange- - // based history, then `navigate` becomes a page refresh. - } else { - return this.location.assign(url); - } - if (options.trigger) return this.loadUrl(fragment); - }, - - // Update the hash location, either replacing the current entry, or adding - // a new one to the browser history. - _updateHash: function(location, fragment, replace) { - if (replace) { - var href = location.href.replace(/(javascript:|#).*$/, ''); - location.replace(href + '#' + fragment); - } else { - // Some browsers require that `hash` contains a leading #. - location.hash = '#' + fragment; - } - } - - }); - - // Create the default Backbone.history. - Backbone.history = new History; - - // Helpers - // ------- - - // Helper function to correctly set up the prototype chain for subclasses. - // Similar to `goog.inherits`, but uses a hash of prototype properties and - // class properties to be extended. - var extend = function(protoProps, staticProps) { - var parent = this; - var child; - - // The constructor function for the new subclass is either defined by you - // (the "constructor" property in your `extend` definition), or defaulted - // by us to simply call the parent constructor. - if (protoProps && _.has(protoProps, 'constructor')) { - child = protoProps.constructor; - } else { - child = function(){ return parent.apply(this, arguments); }; - } - - // Add static properties to the constructor function, if supplied. - _.extend(child, parent, staticProps); - - // Set the prototype chain to inherit from `parent`, without calling - // `parent`'s constructor function and add the prototype properties. - child.prototype = _.create(parent.prototype, protoProps); - child.prototype.constructor = child; - - // Set a convenience property in case the parent's prototype is needed - // later. - child.__super__ = parent.prototype; - - return child; - }; - - // Set up inheritance for the model, collection, router, view and history. - Model.extend = Collection.extend = Router.extend = View.extend = History.extend = extend; - - // Throw an error when a URL is needed, and none is supplied. - var urlError = function() { - throw new Error('A "url" property or function must be specified'); - }; - - // Wrap an optional error callback with a fallback error event. - var wrapError = function(model, options) { - var error = options.error; - options.error = function(resp) { - if (error) error.call(options.context, model, resp, options); - model.trigger('error', model, resp, options); - }; - }; - - return Backbone; -}); diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/backbone.validations.js b/openid-connect-server-webapp/src/main/webapp/resources/js/lib/backbone.validations.js deleted file mode 100644 index 78499b06d1..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/backbone.validations.js +++ /dev/null @@ -1,303 +0,0 @@ -// Copyright (C) 2011 Neal Stewart -// -// Permission is hereby granted, free of charge, to any person obtaining a copy of -// this software and associated documentation files (the "Software"), to deal in -// the Software without restriction, including without limitation the rights to -// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -// of the Software, and to permit persons to whom the Software is furnished to do -// so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. - - -(function(Backbone) { - -// Require Underscore and Backbone if there's a `require` function. -// This makes `backbone.validations` work on the server or when using -// `browserify`. -if (typeof require !== 'undefined') { - _ = require('underscore'); - Backbone = require('backbone'); -} - -// Premade Validators -Backbone.Validations = {}; - -var validators = { - "custom" : function(methodName, attributeName, model, valueToSet) { - return model[methodName](attributeName, valueToSet); - }, - - "required" : function(isRequired, attributeName, model, valueToSet) { - if (isRequired && (_.isNull(valueToSet) || _.isUndefined(valueToSet) || valueToSet === "")) { - return "required"; - } else { - return false; - } - }, - - "in" : function(whitelist, attributeName, model, valueToSet) { - return _.include(whitelist, valueToSet) ? undefined : "in"; - }, - - "email" : function(type, attributeName, model, valueToSet) { - var emailRegex = new RegExp("[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?", "i"); - - if (_.isString(valueToSet) && !valueToSet.match(emailRegex)) { - return "email"; - } - }, - - "url" : function(type, attributeName, model, valueToSet) { - // taken from jQuery UI validation - var urlRegex = /^(https?|ftp):\/\/(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?(((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.?)(:\d*)?)(\/((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)+(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*)?)?(\?((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|[\uE000-\uF8FF]|\/|\?)*)?(\#((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|\/|\?)*)?$/i; - if (_.isString(valueToSet) && !valueToSet.match(urlRegex)) { - return "url"; - } - }, - - "number" : function(type, attributeName, model, valueToSet) { - return isNaN(valueToSet) ? 'number' : undefined; - }, - - "Array": function(type, attributeName, model, valueToSet) { - return _.isArray(valueToSet) ? undefined : 'Array'; - }, - - "Boolean": function(type, attributeName, model, valueToSet) { - return _.isBoolean(valueToSet) ? undefined : 'Boolean'; - }, - - "String": function(type, attributeName, model, valueToSet) { - return _.isString(valueToSet) ? undefined : 'String'; - }, - - "digits": function (type, attributeName, model, valueToSet) { - var isBeingSet = !_.isUndefined(valueToSet); - return (!/^\d+$/.test(valueToSet) && isBeingSet) ? 'digits' : undefined; - }, - - "pattern" : function(pattern, attributeName, model, valueToSet) { - if (_.isString(valueToSet)) { - if (pattern.test(valueToSet)) { - return false; - } else { - return "pattern"; - } - } - }, - - "min" : function(minimumValue, attributeName, model, valueToSet) { - if (valueToSet < minimumValue) { - return "min"; - } - }, - - "max" : function(maximumValue, attributeName, model, valueToSet) { - if (valueToSet > maximumValue) { - return "max"; - } - }, - - "minlength" : function(minlength, attributeName, model, valueToSet) { - if (_.isString(valueToSet)) { - if (valueToSet.length < minlength) { return "minlength"; } - } - }, - - "maxlength" : function(maxlength, attributeName, model, valueToSet) { - if (_.isString(valueToSet)) { - if (valueToSet.length > maxlength) { return "maxlength"; } - } - }, - - "arrayElem": function(validator, attributeName, model, valueToSet) { - if (_.isArray(valueToSet) && !_.all(valueToSet, validator)) { - return "validElem"; - } else return false; - } -}; - -var customValidators = {}; -var getCustomValidator = function(name) { - var cv = customValidators[name]; - if (!cv) { throw "custom validator '"+name+"' could not be found."; } - return cv; -}; - -Backbone.Validations.addValidator = function(name, validator) { - if (validators.hasOwnProperty(name) || customValidators.hasOwnProperty(name)) { - throw "existing validator"; - } - customValidators[name] = validator; -}; - - -/* - The newValidate method overrides validate in Backbone.Model. - It has the same interface as the validate function which you - would provide. - - The returned object looks like this: - - { - attributeName : ["required", "of", "errors"], - otherAttributeName: ["and", "so", "on"] - } - - */ -function newValidate(attributes) { - var errorsForAttribute, - errorHasOccured, - errors = {}; - - for (var attrName in this._attributeValidators) { - var valueToSet = attributes[attrName]; - var validateAttribute = this._attributeValidators[attrName]; - if (validateAttribute) { - errorsForAttribute = validateAttribute(this, valueToSet); - } - if (errorsForAttribute) { - errorHasOccured = true; - errors[attrName] = errorsForAttribute; - } - } - - return errorHasOccured ? errors : false; -} - -function createMinValidator(attributeName, minimumValue) { - return _.bind(validators.min, null, minimumValue); -} - -function createMaxValidator(attributeName, maximumValue) { - return _.bind(validators.max, null, maximumValue); -} - - -/* createValidator takes in: - - the model - - the name of the attribute - - the type of validation - - the description of the validation - - returns a function that takes in: - - the value being set for the attribute - - and either returns nothing (undefined), - or the error name (string). - */ -function createValidator(attributeName, type, description) { - var validator, - validatorMethod, - customValidator; - - if (type === "type") { - type = description; - } - validator = validators[type]; - - if (!validator) { validator = getCustomValidator(type); } - - if (!validator) { throw "Improper validation type '"+type+"'" ; } - - return _.bind(validator, null, description, attributeName); -} - -function createAttributeValidator(attributeName, attributeDescription) { - var validatorsForAttribute = [], - type, - desc; - - for (type in attributeDescription) { - desc = attributeDescription[type]; - validatorsForAttribute.push(createValidator(attributeName, type, desc)); - } - - return function(model, valueToSet, hasOverridenError, options) { - var validator, - result, - errors = []; - - for (var i = 0, length = validatorsForAttribute.length; i < length; i++) { - validator = validatorsForAttribute[i]; - result = validator(model, valueToSet); - if (result) { - if (_.isArray(result)) { - errors = errors.concat(result); - } else { - errors.push(result); - } - } - } - - if (errors.length) { - return errors; - } else { - return false; - } - }; -} - -function createValidators(modelValidations) { - var attributeValidations, - attributeValidators = {}; - - for (var attrName in modelValidations) { - attributeValidations = modelValidations[attrName]; - attributeValidators[attrName] = createAttributeValidator(attrName, attributeValidations); - } - - return attributeValidators; -} - -var oldValidate = Backbone.Model.prototype._validate; -function newPerformValidation(attrs, options) { - var result = oldValidate.apply(this, arguments); - - if(!result){ - _.each(this.validationError, function(error, name) { - this.trigger('invalid:' + name, this, this.validationError, options); - }, this); - } - return result; -} - -// save the old backbone -var oldModel = Backbone.Model; - -// Constructor for our new Validations Model -Backbone.Validations.Model = Backbone.Model.extend({ - constructor : function() { - // if they pass an object, construct the new validations - if (typeof this.validate === "object" && this.validate !== null) { - if (!this.constructor.prototype._attributeValidators) { - this.constructor.prototype._attributeValidators = createValidators(this.validate); - this.constructor.prototype.validate = newValidate; - this.constructor.prototype._validate = newPerformValidation; - } - } - - oldModel.apply(this, arguments); - } -}); - -// Override Backbone.Model with our new Model -Backbone.Model = Backbone.Validations.Model; - - -// Requisite noConflict -Backbone.Validations.Model.noConflict = function() { - Backbone.Model = oldModel; -}; - -}(typeof Backbone === 'undefined' ? null : Backbone)); diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/bootpag.js b/openid-connect-server-webapp/src/main/webapp/resources/js/lib/bootpag.js deleted file mode 100644 index d5d101f8ca..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/bootpag.js +++ /dev/null @@ -1,179 +0,0 @@ -/** - * @preserve - * bootpag - jQuery plugin for dynamic pagination - * - * Copyright (c) 2015 botmonster@7items.com - * - * Licensed under the MIT license: - * http://www.opensource.org/licenses/mit-license.php - * - * Project home: - * http://botmonster.com/jquery-bootpag/ - * - * Version: 1.0.7 - * - */ -(function($, window) { - - $.fn.bootpag = function(options){ - - var $owner = this, - settings = $.extend({ - total: 0, - page: 1, - maxVisible: null, - leaps: true, - href: 'javascript:void(0);', - hrefVariable: '{{number}}', - next: '»', - prev: '«', - firstLastUse: false, - first: '', - last: '', - wrapClass: 'pagination', - activeClass: 'active', - disabledClass: 'disabled', - nextClass: 'next', - prevClass: 'prev', - lastClass: 'last', - firstClass: 'first' - }, - $owner.data('settings') || {}, - options || {}); - - if(settings.total <= 0) - return this; - - if(!$.isNumeric(settings.maxVisible) && !settings.maxVisible){ - settings.maxVisible = parseInt(settings.total, 10); - } - - $owner.data('settings', settings); - - function renderPage($bootpag, page){ - - page = parseInt(page, 10); - var lp, - maxV = settings.maxVisible == 0 ? 1 : settings.maxVisible, - step = settings.maxVisible == 1 ? 0 : 1, - vis = Math.floor((page - 1) / maxV) * maxV, - $page = $bootpag.find('li'); - settings.page = page = page < 0 ? 0 : page > settings.total ? settings.total : page; - $page.removeClass(settings.activeClass); - lp = page - 1 < 1 ? 1 : - settings.leaps && page - 1 >= settings.maxVisible ? - Math.floor((page - 1) / maxV) * maxV : page - 1; - - if(settings.firstLastUse) { - $page - .first() - .toggleClass(settings.disabledClass, page === 1); - } - - var lfirst = $page.first(); - if(settings.firstLastUse) { - lfirst = lfirst.next(); - } - - lfirst - .toggleClass(settings.disabledClass, page === 1) - .attr('data-lp', lp) - .find('a').attr('href', href(lp)); - - var step = settings.maxVisible == 1 ? 0 : 1; - - lp = page + 1 > settings.total ? settings.total : - settings.leaps && page + 1 < settings.total - settings.maxVisible ? - vis + settings.maxVisible + step: page + 1; - - var llast = $page.last(); - if(settings.firstLastUse) { - llast = llast.prev(); - } - - llast - .toggleClass(settings.disabledClass, page === settings.total) - .attr('data-lp', lp) - .find('a').attr('href', href(lp)); - - $page - .last() - .toggleClass(settings.disabledClass, page === settings.total); - - - var $currPage = $page.filter('[data-lp='+page+']'); - - var clist = "." + [settings.nextClass, - settings.prevClass, - settings.firstClass, - settings.lastClass].join(",."); - if(!$currPage.not(clist).length){ - var d = page <= vis ? -settings.maxVisible : 0; - $page.not(clist).each(function(index){ - lp = index + 1 + vis + d; - $(this) - .attr('data-lp', lp) - .toggle(lp <= settings.total) - .find('a').html(lp).attr('href', href(lp)); - }); - $currPage = $page.filter('[data-lp='+page+']'); - } - $currPage.not(clist).addClass(settings.activeClass); - $owner.data('settings', settings); - } - - function href(c){ - - return settings.href.replace(settings.hrefVariable, c); - } - - return this.each(function(){ - - var $bootpag, lp, me = $(this), - p = ['
          ']; - - if(settings.firstLastUse){ - p = p.concat(['
        • ', settings.first, '
          • ']); - } - if(settings.prev){ - p = p.concat(['
        • ', settings.prev, '
          • ']); - } - for(var c = 1; c <= Math.min(settings.total, settings.maxVisible); c++){ - p = p.concat(['
        • ', c, '
          • ']); - } - if(settings.next){ - lp = settings.leaps && settings.total > settings.maxVisible - ? Math.min(settings.maxVisible + 1, settings.total) : 2; - p = p.concat(['
        • ', settings.next, '
          • ']); - } - if(settings.firstLastUse){ - p = p.concat(['
        • ', settings.last, '
          • ']); - } - p.push('
        '); - me.find('ul.bootpag').remove(); - me.append(p.join('')); - $bootpag = me.find('ul.bootpag'); - - me.find('li').click(function paginationClick(){ - - var me = $(this); - if(me.hasClass(settings.disabledClass) || me.hasClass(settings.activeClass)){ - return; - } - var page = parseInt(me.attr('data-lp'), 10); - $owner.find('ul.bootpag').each(function(){ - renderPage($(this), page); - }); - - $owner.trigger('page', page); - }); - renderPage($bootpag, settings.page); - }); - } - -})(jQuery, window); diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/bootstrap-sheet.js b/openid-connect-server-webapp/src/main/webapp/resources/js/lib/bootstrap-sheet.js deleted file mode 100644 index 349a46fee5..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/bootstrap-sheet.js +++ /dev/null @@ -1,205 +0,0 @@ -/** - * Bootstrap modal sheet - * - * Author: Michaël Perrin - * https://github.com/michaelperrin/bootstrap-modal-sheet - */ - -(function () { - "use strict"; - - /* - * Sheet class definition - */ - - var Sheet = function (element, options) { - this.options = options; - this.$element = $(element) - .delegate('[data-dismiss="sheet"]', 'click.dismiss.sheet', $.proxy(this.hide, this)); - this.options.remote && this.$element.find('.sheet-body').load(this.options.remote); - }; - - Sheet.prototype = { - constructor: Sheet, - - toggle: function () { - return this[!this.isShown ? 'show' : 'hide'](); - }, - - show: function () { - var e = $.Event('show'); - var that = this; - - this.$element.trigger(e); - - if (this.isShown || e.isDefaultPrevented()) { - return; - } - - this.isShown = true; - - this.escape(); - - var transition = this.$element.hasClass('fade'); - - if (!this.$element.parent().length) { - this.$element.appendTo(document.body); //don't move modals dom position - } - - this.placeBelowParent(); - - if (this.options.backdrop) { - this.$backdrop = $('
        ') - .appendTo(document.body) - ; - - this.$backdrop.click( - this.options.backdrop == 'static' ? - $.proxy(this.$element[0].focus, this.$element[0]) - : $.proxy(this.hide, this) - ); - - this.$backdrop.addClass('in'); - } - - transition ? - this.$element.slideDown('fast', function() { that.$element.focus().trigger('shown'); }) : - this.$element.show().focus().trigger('shown') - ; - - this.$element - .addClass('in') - .attr('aria-hidden', false) - .focus() - ; - }, - - placeBelowParent: function() { - if ( ! this.options.sheetParent) { - return; - } - - var $parent = $(this.options.sheetParent); - - if ( ! $parent) { - return; - } - - // Compute vertical position - var sheetPosition = $parent.offset().top + $parent.height(); - this.$element.css('top', sheetPosition + 'px'); - - // Compute horizontal position (make the sheet centered) - var margin = ($parent.width() - this.$element.width()) / 2; - var leftPosition = $parent.offset().left + margin; - - this.$element.css('left', leftPosition + 'px'); - }, - - hide: function (e) { - e && e.preventDefault(); - - var that = this; - - e = $.Event('hide'); - - this.$element.trigger(e); - - if (!this.isShown || e.isDefaultPrevented()) { - return; - } - - this.isShown = false; - - this.escape(); - - $(document).off('focusin.sheet'); - - this.$element - .removeClass('in') - .attr('aria-hidden', true) - ; - - this.hideSheet(); - }, - - hideSheet: function () { - var transition = this.$element.hasClass('fade'); - - transition ? this.$element.slideUp('fast') : this.$element.hide(); - this.removeBackdrop(); - this.$element.trigger('hidden'); - }, - - removeBackdrop: function () { - if ( ! this.options.backdrop) { - return; - } - - this.$backdrop.remove(); - this.$backdrop = null; - }, - - escape: function () { - var that = this; - - if (this.isShown && this.options.keyboard) { - this.$element.on('keyup.dismiss.sheet', function (e) { - e.which == 27 && that.hide(); - }); - } else if (!this.isShown) { - this.$element.off('keyup.dismiss.sheet'); - } - } - }; - - /* - * jQuery Sheet plugin definition - */ - - $.fn.sheet = function (option) { - return this.each(function () { - var $this = $(this); - - var data = $this.data('sheet'); - - var options = $.extend({}, $.fn.sheet.defaults, $this.data(), typeof option == 'object' && option); - - if (!data) { - $this.data('sheet', (data = new Sheet(this, options))); - } - - if (typeof option == 'string') { - data[option](); - } else if (options.show) { - data.show(); - } - }); - }; - - $.fn.sheet.defaults = { - keyboard: true, - show: true, - backdrop: true - }; - - $.fn.sheet.Constructor = Sheet; - - /* SHEET DATA-API - * ============== */ - - $(document).on('click.sheet.data-api', '[data-toggle="sheet"]', function (e) { - var $this = $(this); - var href = $this.attr('href'); - var $target = $($this.attr('data-target') || (href && href.replace(/.*(?=#[^\s]+$)/, ''))); //strip for ie7 - var option = $target.data('sheet') ? 'toggle' : $.extend({ remote:!/#/.test(href) && href }, $target.data(), $this.data()); - - e.preventDefault(); - - $target - .sheet(option) - .one('hide', function () { - $this.focus(); - }); - }); -}).call(this); diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/bootstrapx-clickover.js b/openid-connect-server-webapp/src/main/webapp/resources/js/lib/bootstrapx-clickover.js deleted file mode 100644 index c98ae01f21..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/bootstrapx-clickover.js +++ /dev/null @@ -1,208 +0,0 @@ -/* ========================================================== - * bootstrapx-clickover.js - * https://github.com/lecar-red/bootstrapx-clickover - * version: 1.0 - * ========================================================== - * - * Based on work from Twitter Bootstrap and - * from Popover library http://twitter.github.com/bootstrap/javascript.html#popover - * from the great guys at Twitter. - * - * Untested with 2.1.0 but should worked with 2.0.x - * - * ========================================================== */ -!function($) { - "use strict" - - /* class definition */ - var Clickover = function ( element, options ) { - // local init - this.cinit('clickover', element, options ); - } - - Clickover.prototype = $.extend({}, $.fn.popover.Constructor.prototype, { - - constructor: Clickover - - , cinit: function( type, element, options ) { - this.attr = {}; - - // choose random attrs instead of timestamp ones - this.attr.me = ((Math.random() * 10) + "").replace(/\D/g, ''); - this.attr.click_event_ns = "click." + this.attr.me + " touchstart." + this.attr.me; - - if (!options) options = {}; - - options.trigger = 'manual'; - - // call parent - this.init( type, element, options ); - - // setup our own handlers - this.$element.on( 'click', this.options.selector, $.proxy(this.clickery, this) ); - - // soon add click hanlder to body to close this element - // will need custom handler inside here - } - , clickery: function(e) { - // clickery isn't only run by event handlers can be called by timeout or manually - // only run our click handler and - // need to stop progration or body click handler would fire right away - if (e) { - e.preventDefault(); - e.stopPropagation(); - } - - // set popover's dim's - this.options.width && this.tip().width( this.options.width ); - this.options.height && this.tip().height( this.options.height ); - - // set popover's tip 'id' for greater control of rendering or css rules - this.options.tip_id && this.tip().attr('id', this.options.tip_id ); - - // add a custom class - this.options.class_name && this.tip().addClass(this.options.class_name); - - // we could override this to provide show and hide hooks - this[ this.isShown() ? 'hide' : 'show' ](); - - // if shown add global click closer - if ( this.isShown() ) { - var that = this; - - // close on global request, exclude clicks inside clickover - this.options.global_close && - $('body').on( this.attr.click_event_ns, function(e) { - if ( !that.tip().has(e.target).length ) { that.clickery(); } - }); - - this.options.esc_close && $(document).bind('keyup.clickery', function(e) { - if (e.keyCode == 27) { that.clickery(); } - return; - }); - - // first check for others that might be open - // wanted to use 'click' but might accidently trigger other custom click handlers - // on clickover elements - !this.options.allow_multiple && - $('[data-clickover-open=1]').each( function() { - $(this).data('clickover') && $(this).data('clickover').clickery(); }); - - // help us track elements w/ open clickovers using html5 - this.$element.attr('data-clickover-open', 1); - - // if element has close button then make that work, like to - // add option close_selector - this.tip().on('click', '[data-dismiss="clickover"]', $.proxy(this.clickery, this)); - - // trigger timeout hide - if ( this.options.auto_close && this.options.auto_close > 0 ) { - this.attr.tid = - setTimeout( $.proxy(this.clickery, this), this.options.auto_close ); - } - - // provide callback hooks for post shown event - typeof this.options.onShown == 'function' && this.options.onShown.call(this); - this.$element.trigger('shown'); - } - else { - this.$element.removeAttr('data-clickover-open'); - - this.options.esc_close && $(document).unbind('keyup.clickery'); - - $('body').off( this.attr.click_event_ns ); - - if ( typeof this.attr.tid == "number" ) { - clearTimeout(this.attr.tid); - delete this.attr.tid; - } - - // provide some callback hooks - typeof this.options.onHidden == 'function' && this.options.onHidden.call(this); - this.$element.trigger('hidden'); - } - } - , isShown: function() { - return this.tip().hasClass('in'); - } - , resetPosition: function() { - var $tip - , inside - , pos - , actualWidth - , actualHeight - , placement - , tp - - if (this.hasContent() && this.enabled) { - $tip = this.tip() - - placement = typeof this.options.placement == 'function' ? - this.options.placement.call(this, $tip[0], this.$element[0]) : - this.options.placement - - inside = /in/.test(placement) - - pos = this.getPosition(inside) - - actualWidth = $tip[0].offsetWidth - actualHeight = $tip[0].offsetHeight - - switch (inside ? placement.split(' ')[1] : placement) { - case 'bottom': - tp = {top: pos.top + pos.height, left: pos.left + pos.width / 2 - actualWidth / 2} - break - case 'top': - tp = {top: pos.top - actualHeight, left: pos.left + pos.width / 2 - actualWidth / 2} - break - case 'left': - tp = {top: pos.top + pos.height / 2 - actualHeight / 2, left: pos.left - actualWidth} - break - case 'right': - tp = {top: pos.top + pos.height / 2 - actualHeight / 2, left: pos.left + pos.width} - break - } - - $tip.css(tp) - } - } - , debughide: function() { - var dt = new Date().toString(); - - console.log(dt + ": clickover hide"); - this.hide(); - } - }) - - /* plugin definition */ - /* stolen from bootstrap tooltip.js */ - $.fn.clickover = function( option ) { - return this.each(function() { - var $this = $(this) - , data = $this.data('clickover') - , options = typeof option == 'object' && option - - if (!data) $this.data('clickover', (data = new Clickover(this, options))) - if (typeof option == 'string') data[option]() - }) - } - - $.fn.clickover.Constructor = Clickover - - // these defaults are passed directly to parent classes - $.fn.clickover.defaults = $.extend({}, $.fn.popover.defaults, { - trigger: 'manual', - auto_close: 0, /* ms to auto close clickover, 0 means none */ - global_close: 1, /* allow close when clicked away from clickover */ - esc_close: 1, /* allow clickover to close when esc key is pressed */ - onShown: null, /* function to be run once clickover has been shown */ - onHidden: null, /* function to be run once clickover has been hidden */ - width: null, /* number is px (don't add px), null or 0 - don't set anything */ - height: null, /* number is px (don't add px), null or 0 - don't set anything */ - tip_id: null, /* id of popover container */ - class_name: 'clickover', /* default class name in addition to other classes */ - allow_multiple: 0 /* enable to allow for multiple clickovers to be open at the same time */ - }) - -}( window.jQuery ); - diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/html5.js b/openid-connect-server-webapp/src/main/webapp/resources/js/lib/html5.js deleted file mode 100644 index 77dace4900..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/html5.js +++ /dev/null @@ -1,322 +0,0 @@ -/** -* @preserve HTML5 Shiv 3.7.2 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed -*/ -;(function(window, document) { -/*jshint evil:true */ - /** version */ - var version = '3.7.2'; - - /** Preset options */ - var options = window.html5 || {}; - - /** Used to skip problem elements */ - var reSkip = /^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i; - - /** Not all elements can be cloned in IE **/ - var saveClones = /^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|label|li|ol|p|q|span|strong|style|table|tbody|td|th|tr|ul)$/i; - - /** Detect whether the browser supports default html5 styles */ - var supportsHtml5Styles; - - /** Name of the expando, to work with multiple documents or to re-shiv one document */ - var expando = '_html5shiv'; - - /** The id for the the documents expando */ - var expanID = 0; - - /** Cached data for each document */ - var expandoData = {}; - - /** Detect whether the browser supports unknown elements */ - var supportsUnknownElements; - - (function() { - try { - var a = document.createElement('a'); - a.innerHTML = ''; - //if the hidden property is implemented we can assume, that the browser supports basic HTML5 Styles - supportsHtml5Styles = ('hidden' in a); - - supportsUnknownElements = a.childNodes.length == 1 || (function() { - // assign a false positive if unable to shiv - (document.createElement)('a'); - var frag = document.createDocumentFragment(); - return ( - typeof frag.cloneNode == 'undefined' || - typeof frag.createDocumentFragment == 'undefined' || - typeof frag.createElement == 'undefined' - ); - }()); - } catch(e) { - // assign a false positive if detection fails => unable to shiv - supportsHtml5Styles = true; - supportsUnknownElements = true; - } - - }()); - - /*--------------------------------------------------------------------------*/ - - /** - * Creates a style sheet with the given CSS text and adds it to the document. - * @private - * @param {Document} ownerDocument The document. - * @param {String} cssText The CSS text. - * @returns {StyleSheet} The style element. - */ - function addStyleSheet(ownerDocument, cssText) { - var p = ownerDocument.createElement('p'), - parent = ownerDocument.getElementsByTagName('head')[0] || ownerDocument.documentElement; - - p.innerHTML = 'x'; - return parent.insertBefore(p.lastChild, parent.firstChild); - } - - /** - * Returns the value of `html5.elements` as an array. - * @private - * @returns {Array} An array of shived element node names. - */ - function getElements() { - var elements = html5.elements; - return typeof elements == 'string' ? elements.split(' ') : elements; - } - - /** - * Extends the built-in list of html5 elements - * @memberOf html5 - * @param {String|Array} newElements whitespace separated list or array of new element names to shiv - * @param {Document} ownerDocument The context document. - */ - function addElements(newElements, ownerDocument) { - var elements = html5.elements; - if(typeof elements != 'string'){ - elements = elements.join(' '); - } - if(typeof newElements != 'string'){ - newElements = newElements.join(' '); - } - html5.elements = elements +' '+ newElements; - shivDocument(ownerDocument); - } - - /** - * Returns the data associated to the given document - * @private - * @param {Document} ownerDocument The document. - * @returns {Object} An object of data. - */ - function getExpandoData(ownerDocument) { - var data = expandoData[ownerDocument[expando]]; - if (!data) { - data = {}; - expanID++; - ownerDocument[expando] = expanID; - expandoData[expanID] = data; - } - return data; - } - - /** - * returns a shived element for the given nodeName and document - * @memberOf html5 - * @param {String} nodeName name of the element - * @param {Document} ownerDocument The context document. - * @returns {Object} The shived element. - */ - function createElement(nodeName, ownerDocument, data){ - if (!ownerDocument) { - ownerDocument = document; - } - if(supportsUnknownElements){ - return ownerDocument.createElement(nodeName); - } - if (!data) { - data = getExpandoData(ownerDocument); - } - var node; - - if (data.cache[nodeName]) { - node = data.cache[nodeName].cloneNode(); - } else if (saveClones.test(nodeName)) { - node = (data.cache[nodeName] = data.createElem(nodeName)).cloneNode(); - } else { - node = data.createElem(nodeName); - } - - // Avoid adding some elements to fragments in IE < 9 because - // * Attributes like `name` or `type` cannot be set/changed once an element - // is inserted into a document/fragment - // * Link elements with `src` attributes that are inaccessible, as with - // a 403 response, will cause the tab/window to crash - // * Script elements appended to fragments will execute when their `src` - // or `text` property is set - return node.canHaveChildren && !reSkip.test(nodeName) && !node.tagUrn ? data.frag.appendChild(node) : node; - } - - /** - * returns a shived DocumentFragment for the given document - * @memberOf html5 - * @param {Document} ownerDocument The context document. - * @returns {Object} The shived DocumentFragment. - */ - function createDocumentFragment(ownerDocument, data){ - if (!ownerDocument) { - ownerDocument = document; - } - if(supportsUnknownElements){ - return ownerDocument.createDocumentFragment(); - } - data = data || getExpandoData(ownerDocument); - var clone = data.frag.cloneNode(), - i = 0, - elems = getElements(), - l = elems.length; - for(;i>> 0; - if (len === 0) { - return -1; - } - var n = 0; - if (arguments.length > 0) { - n = Number(arguments[1]); - if (n != n) { // shortcut for verifying if it's NaN - n = 0; - } else if (n != 0 && n != Infinity && n != -Infinity) { - n = (n > 0 || -1) * Math.floor(Math.abs(n)); - } - } - if (n >= len) { - return -1; - } - var k = n >= 0 ? n : Math.max(len - Math.abs(n), 0); - for (; k < len; k++) { - if (k in t && t[k] === searchElement) { - return k; - } - } - return -1; - } - } - - // add lastIndexOf to non ECMA-262 standard compliant browsers - if (!Array.prototype.lastIndexOf) { - Array.prototype.lastIndexOf = function(searchElement /*, fromIndex*/) { - "use strict"; - if (this == null) { - throw new TypeError(); - } - var t = Object(this); - var len = t.length >>> 0; - if (len === 0) { - return -1; - } - var n = len; - if (arguments.length > 1) { - n = Number(arguments[1]); - if (n != n) { - n = 0; - } else if (n != 0 && n != (1 / 0) && n != -(1 / 0)) { - n = (n > 0 || -1) * Math.floor(Math.abs(n)); - } - } - var k = n >= 0 ? Math.min(n, len - 1) : len - Math.abs(n); - for (; k >= 0; k--) { - if (k in t && t[k] === searchElement) { - return k; - } - } - return -1; - }; - } - - // Add string trim for IE8. - if (typeof String.prototype.trim !== 'function') { - String.prototype.trim = function() { - return this.replace(/^\s+|\s+$/g, ''); - } - } - - var $ = root.jQuery || root.Zepto - , i18n = {} - , resStore = {} - , currentLng - , replacementCounter = 0 - , languages = [] - , initialized = false - , sync = {} - , conflictReference = null; - - - - // Export the i18next object for **CommonJS**. - // If we're not in CommonJS, add `i18n` to the - // global object or to jquery. - if (typeof module !== 'undefined' && module.exports) { - module.exports = i18n; - } else { - if ($) { - $.i18n = $.i18n || i18n; - } - - if (root.i18n) { - conflictReference = root.i18n; - } - root.i18n = i18n; - } - sync = { - - load: function(lngs, options, cb) { - if (options.useLocalStorage) { - sync._loadLocal(lngs, options, function(err, store) { - var missingLngs = []; - for (var i = 0, len = lngs.length; i < len; i++) { - if (!store[lngs[i]]) missingLngs.push(lngs[i]); - } - - if (missingLngs.length > 0) { - sync._fetch(missingLngs, options, function(err, fetched) { - f.extend(store, fetched); - sync._storeLocal(fetched); - - cb(err, store); - }); - } else { - cb(err, store); - } - }); - } else { - sync._fetch(lngs, options, function(err, store){ - cb(err, store); - }); - } - }, - - _loadLocal: function(lngs, options, cb) { - var store = {} - , nowMS = new Date().getTime(); - - if(window.localStorage) { - - var todo = lngs.length; - - f.each(lngs, function(key, lng) { - var local = f.localStorage.getItem('res_' + lng); - - if (local) { - local = JSON.parse(local); - - if (local.i18nStamp && local.i18nStamp + options.localStorageExpirationTime > nowMS) { - store[lng] = local; - } - } - - todo--; // wait for all done befor callback - if (todo === 0) cb(null, store); - }); - } - }, - - _storeLocal: function(store) { - if(window.localStorage) { - for (var m in store) { - store[m].i18nStamp = new Date().getTime(); - f.localStorage.setItem('res_' + m, JSON.stringify(store[m])); - } - } - return; - }, - - _fetch: function(lngs, options, cb) { - var ns = options.ns - , store = {}; - - if (!options.dynamicLoad) { - var todo = ns.namespaces.length * lngs.length - , errors; - - // load each file individual - f.each(ns.namespaces, function(nsIndex, nsValue) { - f.each(lngs, function(lngIndex, lngValue) { - - // Call this once our translation has returned. - var loadComplete = function(err, data) { - if (err) { - errors = errors || []; - errors.push(err); - } - store[lngValue] = store[lngValue] || {}; - store[lngValue][nsValue] = data; - - todo--; // wait for all done befor callback - if (todo === 0) cb(errors, store); - }; - - if(typeof options.customLoad == 'function'){ - // Use the specified custom callback. - options.customLoad(lngValue, nsValue, options, loadComplete); - } else { - //~ // Use our inbuilt sync. - sync._fetchOne(lngValue, nsValue, options, loadComplete); - } - }); - }); - } else { - // Call this once our translation has returned. - var loadComplete = function(err, data) { - cb(err, data); - }; - - if(typeof options.customLoad == 'function'){ - // Use the specified custom callback. - options.customLoad(lngs, ns.namespaces, options, loadComplete); - } else { - var url = applyReplacement(options.resGetPath, { lng: lngs.join('+'), ns: ns.namespaces.join('+') }); - // load all needed stuff once - f.ajax({ - url: url, - cache: options.cache, - success: function(data, status, xhr) { - f.log('loaded: ' + url); - loadComplete(null, data); - }, - error : function(xhr, status, error) { - f.log('failed loading: ' + url); - loadComplete('failed loading resource.json error: ' + error); - }, - dataType: "json", - async : options.getAsync, - timeout: options.ajaxTimeout - }); - } - } - }, - - _fetchOne: function(lng, ns, options, done) { - var url = applyReplacement(options.resGetPath, { lng: lng, ns: ns }); - f.ajax({ - url: url, - cache: options.cache, - success: function(data, status, xhr) { - f.log('loaded: ' + url); - done(null, data); - }, - error : function(xhr, status, error) { - if ((status && status == 200) || (xhr && xhr.status && xhr.status == 200)) { - // file loaded but invalid json, stop waste time ! - f.error('There is a typo in: ' + url); - } else if ((status && status == 404) || (xhr && xhr.status && xhr.status == 404)) { - f.log('Does not exist: ' + url); - } else { - var theStatus = status ? status : ((xhr && xhr.status) ? xhr.status : null); - f.log(theStatus + ' when loading ' + url); - } - - done(error, {}); - }, - dataType: "json", - async : options.getAsync, - timeout: options.ajaxTimeout - }); - }, - - postMissing: function(lng, ns, key, defaultValue, lngs) { - var payload = {}; - payload[key] = defaultValue; - - var urls = []; - - if (o.sendMissingTo === 'fallback' && o.fallbackLng[0] !== false) { - for (var i = 0; i < o.fallbackLng.length; i++) { - urls.push({lng: o.fallbackLng[i], url: applyReplacement(o.resPostPath, { lng: o.fallbackLng[i], ns: ns })}); - } - } else if (o.sendMissingTo === 'current' || (o.sendMissingTo === 'fallback' && o.fallbackLng[0] === false) ) { - urls.push({lng: lng, url: applyReplacement(o.resPostPath, { lng: lng, ns: ns })}); - } else if (o.sendMissingTo === 'all') { - for (var i = 0, l = lngs.length; i < l; i++) { - urls.push({lng: lngs[i], url: applyReplacement(o.resPostPath, { lng: lngs[i], ns: ns })}); - } - } - - for (var y = 0, len = urls.length; y < len; y++) { - var item = urls[y]; - f.ajax({ - url: item.url, - type: o.sendType, - data: payload, - success: function(data, status, xhr) { - f.log('posted missing key \'' + key + '\' to: ' + item.url); - - // add key to resStore - var keys = key.split('.'); - var x = 0; - var value = resStore[item.lng][ns]; - while (keys[x]) { - if (x === keys.length - 1) { - value = value[keys[x]] = defaultValue; - } else { - value = value[keys[x]] = value[keys[x]] || {}; - } - x++; - } - }, - error : function(xhr, status, error) { - f.log('failed posting missing key \'' + key + '\' to: ' + item.url); - }, - dataType: "json", - async : o.postAsync, - timeout: o.ajaxTimeout - }); - } - }, - - reload: reload - }; - // defaults - var o = { - lng: undefined, - load: 'all', - preload: [], - lowerCaseLng: false, - returnObjectTrees: false, - fallbackLng: ['dev'], - fallbackNS: [], - detectLngQS: 'setLng', - detectLngFromLocalStorage: false, - ns: { - namespaces: ['translation'], - defaultNs: 'translation' - }, - fallbackOnNull: true, - fallbackOnEmpty: false, - fallbackToDefaultNS: false, - showKeyIfEmpty: false, - nsseparator: ':', - keyseparator: '.', - selectorAttr: 'data-i18n', - debug: false, - - resGetPath: 'locales/__lng__/__ns__.json', - resPostPath: 'locales/add/__lng__/__ns__', - - getAsync: true, - postAsync: true, - - resStore: undefined, - useLocalStorage: false, - localStorageExpirationTime: 7*24*60*60*1000, - - dynamicLoad: false, - sendMissing: false, - sendMissingTo: 'fallback', // current | all - sendType: 'POST', - - interpolationPrefix: '__', - interpolationSuffix: '__', - defaultVariables: false, - reusePrefix: '$t(', - reuseSuffix: ')', - pluralSuffix: '_plural', - pluralNotFound: ['plural_not_found', Math.random()].join(''), - contextNotFound: ['context_not_found', Math.random()].join(''), - escapeInterpolation: false, - indefiniteSuffix: '_indefinite', - indefiniteNotFound: ['indefinite_not_found', Math.random()].join(''), - - setJqueryExt: true, - defaultValueFromContent: true, - useDataAttrOptions: false, - cookieExpirationTime: undefined, - useCookie: true, - cookieName: 'i18next', - cookieDomain: undefined, - - objectTreeKeyHandler: undefined, - postProcess: undefined, - parseMissingKey: undefined, - missingKeyHandler: sync.postMissing, - ajaxTimeout: 0, - - shortcutFunction: 'sprintf' // or: defaultValue - }; - function _extend(target, source) { - if (!source || typeof source === 'function') { - return target; - } - - for (var attr in source) { target[attr] = source[attr]; } - return target; - } - - function _deepExtend(target, source) { - for (var prop in source) - if (prop in target) - _deepExtend(target[prop], source[prop]); - else - target[prop] = source[prop]; - return target; - } - - function _each(object, callback, args) { - var name, i = 0, - length = object.length, - isObj = length === undefined || Object.prototype.toString.apply(object) !== '[object Array]' || typeof object === "function"; - - if (args) { - if (isObj) { - for (name in object) { - if (callback.apply(object[name], args) === false) { - break; - } - } - } else { - for ( ; i < length; ) { - if (callback.apply(object[i++], args) === false) { - break; - } - } - } - - // A special, fast, case for the most common use of each - } else { - if (isObj) { - for (name in object) { - if (callback.call(object[name], name, object[name]) === false) { - break; - } - } - } else { - for ( ; i < length; ) { - if (callback.call(object[i], i, object[i++]) === false) { - break; - } - } - } - } - - return object; - } - - var _entityMap = { - "&": "&", - "<": "<", - ">": ">", - '"': '"', - "'": ''', - "/": '/' - }; - - function _escape(data) { - if (typeof data === 'string') { - return data.replace(/[&<>"'\/]/g, function (s) { - return _entityMap[s]; - }); - }else{ - return data; - } - } - - function _ajax(options) { - - // v0.5.0 of https://github.com/goloroden/http.js - var getXhr = function (callback) { - // Use the native XHR object if the browser supports it. - if (window.XMLHttpRequest) { - return callback(null, new XMLHttpRequest()); - } else if (window.ActiveXObject) { - // In Internet Explorer check for ActiveX versions of the XHR object. - try { - return callback(null, new ActiveXObject("Msxml2.XMLHTTP")); - } catch (e) { - return callback(null, new ActiveXObject("Microsoft.XMLHTTP")); - } - } - - // If no XHR support was found, throw an error. - return callback(new Error()); - }; - - var encodeUsingUrlEncoding = function (data) { - if(typeof data === 'string') { - return data; - } - - var result = []; - for(var dataItem in data) { - if(data.hasOwnProperty(dataItem)) { - result.push(encodeURIComponent(dataItem) + '=' + encodeURIComponent(data[dataItem])); - } - } - - return result.join('&'); - }; - - var utf8 = function (text) { - text = text.replace(/\r\n/g, '\n'); - var result = ''; - - for(var i = 0; i < text.length; i++) { - var c = text.charCodeAt(i); - - if(c < 128) { - result += String.fromCharCode(c); - } else if((c > 127) && (c < 2048)) { - result += String.fromCharCode((c >> 6) | 192); - result += String.fromCharCode((c & 63) | 128); - } else { - result += String.fromCharCode((c >> 12) | 224); - result += String.fromCharCode(((c >> 6) & 63) | 128); - result += String.fromCharCode((c & 63) | 128); - } - } - - return result; - }; - - var base64 = function (text) { - var keyStr = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; - - text = utf8(text); - var result = '', - chr1, chr2, chr3, - enc1, enc2, enc3, enc4, - i = 0; - - do { - chr1 = text.charCodeAt(i++); - chr2 = text.charCodeAt(i++); - chr3 = text.charCodeAt(i++); - - enc1 = chr1 >> 2; - enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); - enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); - enc4 = chr3 & 63; - - if(isNaN(chr2)) { - enc3 = enc4 = 64; - } else if(isNaN(chr3)) { - enc4 = 64; - } - - result += - keyStr.charAt(enc1) + - keyStr.charAt(enc2) + - keyStr.charAt(enc3) + - keyStr.charAt(enc4); - chr1 = chr2 = chr3 = ''; - enc1 = enc2 = enc3 = enc4 = ''; - } while(i < text.length); - - return result; - }; - - var mergeHeaders = function () { - // Use the first header object as base. - var result = arguments[0]; - - // Iterate through the remaining header objects and add them. - for(var i = 1; i < arguments.length; i++) { - var currentHeaders = arguments[i]; - for(var header in currentHeaders) { - if(currentHeaders.hasOwnProperty(header)) { - result[header] = currentHeaders[header]; - } - } - } - - // Return the merged headers. - return result; - }; - - var ajax = function (method, url, options, callback) { - // Adjust parameters. - if(typeof options === 'function') { - callback = options; - options = {}; - } - - // Set default parameter values. - options.cache = options.cache || false; - options.data = options.data || {}; - options.headers = options.headers || {}; - options.jsonp = options.jsonp || false; - options.async = options.async === undefined ? true : options.async; - - // Merge the various header objects. - var headers = mergeHeaders({ - 'accept': '*/*', - 'content-type': 'application/x-www-form-urlencoded;charset=UTF-8' - }, ajax.headers, options.headers); - - // Encode the data according to the content-type. - var payload; - if (headers['content-type'] === 'application/json') { - payload = JSON.stringify(options.data); - } else { - payload = encodeUsingUrlEncoding(options.data); - } - - // Specially prepare GET requests: Setup the query string, handle caching and make a JSONP call - // if neccessary. - if(method === 'GET') { - // Setup the query string. - var queryString = []; - if(payload) { - queryString.push(payload); - payload = null; - } - - // Handle caching. - if(!options.cache) { - queryString.push('_=' + (new Date()).getTime()); - } - - // If neccessary prepare the query string for a JSONP call. - if(options.jsonp) { - queryString.push('callback=' + options.jsonp); - queryString.push('jsonp=' + options.jsonp); - } - - // Merge the query string and attach it to the url. - queryString = queryString.join('&'); - if (queryString.length > 1) { - if (url.indexOf('?') > -1) { - url += '&' + queryString; - } else { - url += '?' + queryString; - } - } - - // Make a JSONP call if neccessary. - if(options.jsonp) { - var head = document.getElementsByTagName('head')[0]; - var script = document.createElement('script'); - script.type = 'text/javascript'; - script.src = url; - head.appendChild(script); - return; - } - } - - // Since we got here, it is no JSONP request, so make a normal XHR request. - getXhr(function (err, xhr) { - if(err) return callback(err); - - // Open the request. - xhr.open(method, url, options.async); - - // Set the request headers. - for(var header in headers) { - if(headers.hasOwnProperty(header)) { - xhr.setRequestHeader(header, headers[header]); - } - } - - // Handle the request events. - xhr.onreadystatechange = function () { - if(xhr.readyState === 4) { - var data = xhr.responseText || ''; - - // If no callback is given, return. - if(!callback) { - return; - } - - // Return an object that provides access to the data as text and JSON. - callback(xhr.status, { - text: function () { - return data; - }, - - json: function () { - try { - return JSON.parse(data) - } catch (e) { - f.error('Can not parse JSON. URL: ' + url); - return {}; - } - } - }); - } - }; - - // Actually send the XHR request. - xhr.send(payload); - }); - }; - - // Define the external interface. - var http = { - authBasic: function (username, password) { - ajax.headers['Authorization'] = 'Basic ' + base64(username + ':' + password); - }, - - connect: function (url, options, callback) { - return ajax('CONNECT', url, options, callback); - }, - - del: function (url, options, callback) { - return ajax('DELETE', url, options, callback); - }, - - get: function (url, options, callback) { - return ajax('GET', url, options, callback); - }, - - head: function (url, options, callback) { - return ajax('HEAD', url, options, callback); - }, - - headers: function (headers) { - ajax.headers = headers || {}; - }, - - isAllowed: function (url, verb, callback) { - this.options(url, function (status, data) { - callback(data.text().indexOf(verb) !== -1); - }); - }, - - options: function (url, options, callback) { - return ajax('OPTIONS', url, options, callback); - }, - - patch: function (url, options, callback) { - return ajax('PATCH', url, options, callback); - }, - - post: function (url, options, callback) { - return ajax('POST', url, options, callback); - }, - - put: function (url, options, callback) { - return ajax('PUT', url, options, callback); - }, - - trace: function (url, options, callback) { - return ajax('TRACE', url, options, callback); - } - }; - - - var methode = options.type ? options.type.toLowerCase() : 'get'; - - http[methode](options.url, options, function (status, data) { - // file: protocol always gives status code 0, so check for data - if (status === 200 || (status === 0 && data.text())) { - options.success(data.json(), status, null); - } else { - options.error(data.text(), status, null); - } - }); - } - - var _cookie = { - create: function(name,value,minutes,domain) { - var expires; - if (minutes) { - var date = new Date(); - date.setTime(date.getTime()+(minutes*60*1000)); - expires = "; expires="+date.toGMTString(); - } - else expires = ""; - domain = (domain)? "domain="+domain+";" : ""; - document.cookie = name+"="+value+expires+";"+domain+"path=/"; - }, - - read: function(name) { - var nameEQ = name + "="; - var ca = document.cookie.split(';'); - for(var i=0;i < ca.length;i++) { - var c = ca[i]; - while (c.charAt(0)==' ') c = c.substring(1,c.length); - if (c.indexOf(nameEQ) === 0) return c.substring(nameEQ.length,c.length); - } - return null; - }, - - remove: function(name) { - this.create(name,"",-1); - } - }; - - var cookie_noop = { - create: function(name,value,minutes,domain) {}, - read: function(name) { return null; }, - remove: function(name) {} - }; - - - - // move dependent functions to a container so that - // they can be overriden easier in no jquery environment (node.js) - var f = { - extend: $ ? $.extend : _extend, - deepExtend: _deepExtend, - each: $ ? $.each : _each, - ajax: $ ? $.ajax : (typeof document !== 'undefined' ? _ajax : function() {}), - cookie: typeof document !== 'undefined' ? _cookie : cookie_noop, - detectLanguage: detectLanguage, - escape: _escape, - log: function(str) { - if (o.debug && typeof console !== "undefined") console.log(str); - }, - error: function(str) { - if (typeof console !== "undefined") console.error(str); - }, - getCountyIndexOfLng: function(lng) { - var lng_index = 0; - if (lng === 'nb-NO' || lng === 'nn-NO' || lng === 'nb-no' || lng === 'nn-no') lng_index = 1; - return lng_index; - }, - toLanguages: function(lng, fallbackLng) { - var log = this.log; - - fallbackLng = fallbackLng || o.fallbackLng; - if (typeof fallbackLng === 'string') - fallbackLng = [fallbackLng]; - - function applyCase(l) { - var ret = l; - - if (typeof l === 'string' && l.indexOf('-') > -1) { - var parts = l.split('-'); - - ret = o.lowerCaseLng ? - parts[0].toLowerCase() + '-' + parts[1].toLowerCase() : - parts[0].toLowerCase() + '-' + parts[1].toUpperCase(); - } else { - ret = o.lowerCaseLng ? l.toLowerCase() : l; - } - - return ret; - } - - var languages = []; - var whitelist = o.lngWhitelist || false; - var addLanguage = function(language){ - //reject langs not whitelisted - if(!whitelist || whitelist.indexOf(language) > -1){ - languages.push(language); - }else{ - log('rejecting non-whitelisted language: ' + language); - } - }; - if (typeof lng === 'string' && lng.indexOf('-') > -1) { - var parts = lng.split('-'); - - if (o.load !== 'unspecific') addLanguage(applyCase(lng)); - if (o.load !== 'current') addLanguage(applyCase(parts[this.getCountyIndexOfLng(lng)])); - } else { - addLanguage(applyCase(lng)); - } - - for (var i = 0; i < fallbackLng.length; i++) { - if (languages.indexOf(fallbackLng[i]) === -1 && fallbackLng[i]) languages.push(applyCase(fallbackLng[i])); - } - return languages; - }, - regexEscape: function(str) { - return str.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g, "\\$&"); - }, - regexReplacementEscape: function(strOrFn) { - if (typeof strOrFn === 'string') { - return strOrFn.replace(/\$/g, "$$$$"); - } else { - return strOrFn; - } - }, - localStorage: { - setItem: function(key, value) { - if (window.localStorage) { - try { - window.localStorage.setItem(key, value); - } catch (e) { - f.log('failed to set value for key "' + key + '" to localStorage.'); - } - } - }, - getItem: function(key, value) { - if (window.localStorage) { - try { - return window.localStorage.getItem(key, value); - } catch (e) { - f.log('failed to get value for key "' + key + '" from localStorage.'); - return undefined; - } - } - } - } - }; - function init(options, cb) { - - if (typeof options === 'function') { - cb = options; - options = {}; - } - options = options || {}; - - // override defaults with passed in options - f.extend(o, options); - delete o.fixLng; /* passed in each time */ - - // override functions: .log(), .detectLanguage(), etc - if (o.functions) { - delete o.functions; - f.extend(f, options.functions); - } - - // create namespace object if namespace is passed in as string - if (typeof o.ns == 'string') { - o.ns = { namespaces: [o.ns], defaultNs: o.ns}; - } - - // fallback namespaces - if (typeof o.fallbackNS == 'string') { - o.fallbackNS = [o.fallbackNS]; - } - - // fallback languages - if (typeof o.fallbackLng == 'string' || typeof o.fallbackLng == 'boolean') { - o.fallbackLng = [o.fallbackLng]; - } - - // escape prefix/suffix - o.interpolationPrefixEscaped = f.regexEscape(o.interpolationPrefix); - o.interpolationSuffixEscaped = f.regexEscape(o.interpolationSuffix); - - if (!o.lng) o.lng = f.detectLanguage(); - - languages = f.toLanguages(o.lng); - currentLng = languages[0]; - f.log('currentLng set to: ' + currentLng); - - if (o.useCookie && f.cookie.read(o.cookieName) !== currentLng){ //cookie is unset or invalid - f.cookie.create(o.cookieName, currentLng, o.cookieExpirationTime, o.cookieDomain); - } - if (o.detectLngFromLocalStorage && typeof document !== 'undefined' && window.localStorage) { - f.localStorage.setItem('i18next_lng', currentLng); - } - - var lngTranslate = translate; - if (options.fixLng) { - lngTranslate = function(key, options) { - options = options || {}; - options.lng = options.lng || lngTranslate.lng; - return translate(key, options); - }; - lngTranslate.lng = currentLng; - } - - pluralExtensions.setCurrentLng(currentLng); - - // add JQuery extensions - if ($ && o.setJqueryExt) { - addJqueryFunct && addJqueryFunct(); - } else { - addJqueryLikeFunctionality && addJqueryLikeFunctionality(); - } - - // jQuery deferred - var deferred; - if ($ && $.Deferred) { - deferred = $.Deferred(); - } - - // return immidiatly if res are passed in - if (o.resStore) { - resStore = o.resStore; - initialized = true; - if (cb) cb(lngTranslate); - if (deferred) deferred.resolve(lngTranslate); - if (deferred) return deferred.promise(); - return; - } - - // languages to load - var lngsToLoad = f.toLanguages(o.lng); - if (typeof o.preload === 'string') o.preload = [o.preload]; - for (var i = 0, l = o.preload.length; i < l; i++) { - var pres = f.toLanguages(o.preload[i]); - for (var y = 0, len = pres.length; y < len; y++) { - if (lngsToLoad.indexOf(pres[y]) < 0) { - lngsToLoad.push(pres[y]); - } - } - } - - // else load them - i18n.sync.load(lngsToLoad, o, function(err, store) { - resStore = store; - initialized = true; - - if (cb) cb(err, lngTranslate); - if (deferred) (!err ? deferred.resolve : deferred.reject)(err || lngTranslate); - }); - - if (deferred) return deferred.promise(); - } - - function isInitialized() { - return initialized; - } - function preload(lngs, cb) { - if (typeof lngs === 'string') lngs = [lngs]; - for (var i = 0, l = lngs.length; i < l; i++) { - if (o.preload.indexOf(lngs[i]) < 0) { - o.preload.push(lngs[i]); - } - } - return init(cb); - } - - function addResourceBundle(lng, ns, resources, deep) { - if (typeof ns !== 'string') { - resources = ns; - ns = o.ns.defaultNs; - } else if (o.ns.namespaces.indexOf(ns) < 0) { - o.ns.namespaces.push(ns); - } - - resStore[lng] = resStore[lng] || {}; - resStore[lng][ns] = resStore[lng][ns] || {}; - - if (deep) { - f.deepExtend(resStore[lng][ns], resources); - } else { - f.extend(resStore[lng][ns], resources); - } - if (o.useLocalStorage) { - sync._storeLocal(resStore); - } - } - - function hasResourceBundle(lng, ns) { - if (typeof ns !== 'string') { - ns = o.ns.defaultNs; - } - - resStore[lng] = resStore[lng] || {}; - var res = resStore[lng][ns] || {}; - - var hasValues = false; - for(var prop in res) { - if (res.hasOwnProperty(prop)) { - hasValues = true; - } - } - - return hasValues; - } - - function getResourceBundle(lng, ns) { - if (typeof ns !== 'string') { - ns = o.ns.defaultNs; - } - - resStore[lng] = resStore[lng] || {}; - return f.extend({}, resStore[lng][ns]); - } - - function removeResourceBundle(lng, ns) { - if (typeof ns !== 'string') { - ns = o.ns.defaultNs; - } - - resStore[lng] = resStore[lng] || {}; - resStore[lng][ns] = {}; - if (o.useLocalStorage) { - sync._storeLocal(resStore); - } - } - - function addResource(lng, ns, key, value) { - if (typeof ns !== 'string') { - resource = ns; - ns = o.ns.defaultNs; - } else if (o.ns.namespaces.indexOf(ns) < 0) { - o.ns.namespaces.push(ns); - } - - resStore[lng] = resStore[lng] || {}; - resStore[lng][ns] = resStore[lng][ns] || {}; - - var keys = key.split(o.keyseparator); - var x = 0; - var node = resStore[lng][ns]; - var origRef = node; - - while (keys[x]) { - if (x == keys.length - 1) - node[keys[x]] = value; - else { - if (node[keys[x]] == null) - node[keys[x]] = {}; - - node = node[keys[x]]; - } - x++; - } - if (o.useLocalStorage) { - sync._storeLocal(resStore); - } - } - - function addResources(lng, ns, resources) { - if (typeof ns !== 'string') { - resource = ns; - ns = o.ns.defaultNs; - } else if (o.ns.namespaces.indexOf(ns) < 0) { - o.ns.namespaces.push(ns); - } - - for (var m in resources) { - if (typeof resources[m] === 'string') addResource(lng, ns, m, resources[m]); - } - } - - function setDefaultNamespace(ns) { - o.ns.defaultNs = ns; - } - - function loadNamespace(namespace, cb) { - loadNamespaces([namespace], cb); - } - - function loadNamespaces(namespaces, cb) { - var opts = { - dynamicLoad: o.dynamicLoad, - resGetPath: o.resGetPath, - getAsync: o.getAsync, - customLoad: o.customLoad, - ns: { namespaces: namespaces, defaultNs: ''} /* new namespaces to load */ - }; - - // languages to load - var lngsToLoad = f.toLanguages(o.lng); - if (typeof o.preload === 'string') o.preload = [o.preload]; - for (var i = 0, l = o.preload.length; i < l; i++) { - var pres = f.toLanguages(o.preload[i]); - for (var y = 0, len = pres.length; y < len; y++) { - if (lngsToLoad.indexOf(pres[y]) < 0) { - lngsToLoad.push(pres[y]); - } - } - } - - // check if we have to load - var lngNeedLoad = []; - for (var a = 0, lenA = lngsToLoad.length; a < lenA; a++) { - var needLoad = false; - var resSet = resStore[lngsToLoad[a]]; - if (resSet) { - for (var b = 0, lenB = namespaces.length; b < lenB; b++) { - if (!resSet[namespaces[b]]) needLoad = true; - } - } else { - needLoad = true; - } - - if (needLoad) lngNeedLoad.push(lngsToLoad[a]); - } - - if (lngNeedLoad.length) { - i18n.sync._fetch(lngNeedLoad, opts, function(err, store) { - var todo = namespaces.length * lngNeedLoad.length; - - // load each file individual - f.each(namespaces, function(nsIndex, nsValue) { - - // append namespace to namespace array - if (o.ns.namespaces.indexOf(nsValue) < 0) { - o.ns.namespaces.push(nsValue); - } - - f.each(lngNeedLoad, function(lngIndex, lngValue) { - resStore[lngValue] = resStore[lngValue] || {}; - resStore[lngValue][nsValue] = store[lngValue][nsValue]; - - todo--; // wait for all done befor callback - if (todo === 0 && cb) { - if (o.useLocalStorage) i18n.sync._storeLocal(resStore); - cb(); - } - }); - }); - }); - } else { - if (cb) cb(); - } - } - - function setLng(lng, options, cb) { - if (typeof options === 'function') { - cb = options; - options = {}; - } else if (!options) { - options = {}; - } - - options.lng = lng; - return init(options, cb); - } - - function lng() { - return currentLng; - } - - function reload(cb) { - resStore = {}; - setLng(currentLng, cb); - } - - function noConflict() { - - window.i18next = window.i18n; - - if (conflictReference) { - window.i18n = conflictReference; - } else { - delete window.i18n; - } - } - function addJqueryFunct() { - // $.t shortcut - $.t = $.t || translate; - - function parse(ele, key, options) { - if (key.length === 0) return; - - var attr = 'text'; - - if (key.indexOf('[') === 0) { - var parts = key.split(']'); - key = parts[1]; - attr = parts[0].substr(1, parts[0].length-1); - } - - if (key.indexOf(';') === key.length-1) { - key = key.substr(0, key.length-2); - } - - var optionsToUse; - if (attr === 'html') { - optionsToUse = o.defaultValueFromContent ? $.extend({ defaultValue: ele.html() }, options) : options; - ele.html($.t(key, optionsToUse)); - } else if (attr === 'text') { - optionsToUse = o.defaultValueFromContent ? $.extend({ defaultValue: ele.text() }, options) : options; - ele.text($.t(key, optionsToUse)); - } else if (attr === 'prepend') { - optionsToUse = o.defaultValueFromContent ? $.extend({ defaultValue: ele.html() }, options) : options; - ele.prepend($.t(key, optionsToUse)); - } else if (attr === 'append') { - optionsToUse = o.defaultValueFromContent ? $.extend({ defaultValue: ele.html() }, options) : options; - ele.append($.t(key, optionsToUse)); - } else if (attr.indexOf("data-") === 0) { - var dataAttr = attr.substr(("data-").length); - optionsToUse = o.defaultValueFromContent ? $.extend({ defaultValue: ele.data(dataAttr) }, options) : options; - var translated = $.t(key, optionsToUse); - //we change into the data cache - ele.data(dataAttr, translated); - //we change into the dom - ele.attr(attr, translated); - } else { - optionsToUse = o.defaultValueFromContent ? $.extend({ defaultValue: ele.attr(attr) }, options) : options; - ele.attr(attr, $.t(key, optionsToUse)); - } - } - - function localize(ele, options) { - var key = ele.attr(o.selectorAttr); - if (!key && typeof key !== 'undefined' && key !== false) key = ele.text() || ele.val(); - if (!key) return; - - var target = ele - , targetSelector = ele.data("i18n-target"); - if (targetSelector) { - target = ele.find(targetSelector) || ele; - } - - if (!options && o.useDataAttrOptions === true) { - options = ele.data("i18n-options"); - } - options = options || {}; - - if (key.indexOf(';') >= 0) { - var keys = key.split(';'); - - $.each(keys, function(m, k) { - if (k !== '') parse(target, k, options); - }); - - } else { - parse(target, key, options); - } - - if (o.useDataAttrOptions === true) ele.data("i18n-options", options); - } - - // fn - $.fn.i18n = function (options) { - return this.each(function() { - // localize element itself - localize($(this), options); - - // localize childs - var elements = $(this).find('[' + o.selectorAttr + ']'); - elements.each(function() { - localize($(this), options); - }); - }); - }; - } - function addJqueryLikeFunctionality() { - - function parse(ele, key, options) { - if (key.length === 0) return; - - var attr = 'text'; - - if (key.indexOf('[') === 0) { - var parts = key.split(']'); - key = parts[1]; - attr = parts[0].substr(1, parts[0].length-1); - } - - if (key.indexOf(';') === key.length-1) { - key = key.substr(0, key.length-2); - } - - if (attr === 'html') { - ele.innerHTML = translate(key, options); - } else if (attr === 'text') { - ele.textContent = translate(key, options); - } else if (attr === 'prepend') { - ele.insertAdjacentHTML(translate(key, options), 'afterbegin'); - } else if (attr === 'append') { - ele.insertAdjacentHTML(translate(key, options), 'beforeend'); - } else { - ele.setAttribute(attr, translate(key, options)); - } - } - - function localize(ele, options) { - var key = ele.getAttribute(o.selectorAttr); - if (!key && typeof key !== 'undefined' && key !== false) key = ele.textContent || ele.value; - if (!key) return; - - var target = ele - , targetSelector = ele.getAttribute("i18n-target"); - if (targetSelector) { - target = ele.querySelector(targetSelector) || ele; - } - - if (key.indexOf(';') >= 0) { - var keys = key.split(';'), index = 0, length = keys.length; - - for ( ; index < length; index++) { - if (keys[index] !== '') parse(target, keys[index], options); - } - - } else { - parse(target, key, options); - } - } - - // fn - i18n.translateObject = function (object, options) { - // localize childs - var elements = object.querySelectorAll('[' + o.selectorAttr + ']'); - var index = 0, length = elements.length; - for ( ; index < length; index++) { - localize(elements[index], options); - } - }; - } - function applyReplacement(str, replacementHash, nestedKey, options) { - if (!str) return str; - - options = options || replacementHash; // first call uses replacement hash combined with options - if (str.indexOf(options.interpolationPrefix || o.interpolationPrefix) < 0) return str; - - var prefix = options.interpolationPrefix ? f.regexEscape(options.interpolationPrefix) : o.interpolationPrefixEscaped - , suffix = options.interpolationSuffix ? f.regexEscape(options.interpolationSuffix) : o.interpolationSuffixEscaped - , unEscapingSuffix = 'HTML'+suffix; - - var hash = replacementHash.replace && typeof replacementHash.replace === 'object' ? replacementHash.replace : replacementHash; - f.each(hash, function(key, value) { - var nextKey = nestedKey ? nestedKey + o.keyseparator + key : key; - if (typeof value === 'object' && value !== null) { - str = applyReplacement(str, value, nextKey, options); - } else { - if (options.escapeInterpolation || o.escapeInterpolation) { - str = str.replace(new RegExp([prefix, nextKey, unEscapingSuffix].join(''), 'g'), f.regexReplacementEscape(value)); - str = str.replace(new RegExp([prefix, nextKey, suffix].join(''), 'g'), f.regexReplacementEscape(f.escape(value))); - } else { - str = str.replace(new RegExp([prefix, nextKey, suffix].join(''), 'g'), f.regexReplacementEscape(value)); - } - // str = options.escapeInterpolation; - } - }); - return str; - } - - // append it to functions - f.applyReplacement = applyReplacement; - - function applyReuse(translated, options) { - var comma = ','; - var options_open = '{'; - var options_close = '}'; - - var opts = f.extend({}, options); - delete opts.postProcess; - - while (translated.indexOf(o.reusePrefix) != -1) { - replacementCounter++; - if (replacementCounter > o.maxRecursion) { break; } // safety net for too much recursion - var index_of_opening = translated.lastIndexOf(o.reusePrefix); - var index_of_end_of_closing = translated.indexOf(o.reuseSuffix, index_of_opening) + o.reuseSuffix.length; - var token = translated.substring(index_of_opening, index_of_end_of_closing); - var token_without_symbols = token.replace(o.reusePrefix, '').replace(o.reuseSuffix, ''); - - if (index_of_end_of_closing <= index_of_opening) { - f.error('there is an missing closing in following translation value', translated); - return ''; - } - - if (token_without_symbols.indexOf(comma) != -1) { - var index_of_token_end_of_closing = token_without_symbols.indexOf(comma); - if (token_without_symbols.indexOf(options_open, index_of_token_end_of_closing) != -1 && token_without_symbols.indexOf(options_close, index_of_token_end_of_closing) != -1) { - var index_of_opts_opening = token_without_symbols.indexOf(options_open, index_of_token_end_of_closing); - var index_of_opts_end_of_closing = token_without_symbols.indexOf(options_close, index_of_opts_opening) + options_close.length; - try { - opts = f.extend(opts, JSON.parse(token_without_symbols.substring(index_of_opts_opening, index_of_opts_end_of_closing))); - token_without_symbols = token_without_symbols.substring(0, index_of_token_end_of_closing); - } catch (e) { - } - } - } - - var translated_token = _translate(token_without_symbols, opts); - translated = translated.replace(token, f.regexReplacementEscape(translated_token)); - } - return translated; - } - - function hasContext(options) { - return (options.context && (typeof options.context == 'string' || typeof options.context == 'number')); - } - - function needsPlural(options, lng) { - return (options.count !== undefined && typeof options.count != 'string'/* && pluralExtensions.needsPlural(lng, options.count)*/); - } - - function needsIndefiniteArticle(options) { - return (options.indefinite_article !== undefined && typeof options.indefinite_article != 'string' && options.indefinite_article); - } - - function exists(key, options) { - options = options || {}; - - var notFound = _getDefaultValue(key, options) - , found = _find(key, options); - - return found !== undefined || found === notFound; - } - - function translate(key, options) { - options = options || {}; - - if (!initialized) { - f.log('i18next not finished initialization. you might have called t function before loading resources finished.') - return options.defaultValue || ''; - }; - replacementCounter = 0; - return _translate.apply(null, arguments); - } - - function _getDefaultValue(key, options) { - return (options.defaultValue !== undefined) ? options.defaultValue : key; - } - - function _injectSprintfProcessor() { - - var values = []; - - // mh: build array from second argument onwards - for (var i = 1; i < arguments.length; i++) { - values.push(arguments[i]); - } - - return { - postProcess: 'sprintf', - sprintf: values - }; - } - - function _translate(potentialKeys, options) { - if (options && typeof options !== 'object') { - if (o.shortcutFunction === 'sprintf') { - // mh: gettext like sprintf syntax found, automatically create sprintf processor - options = _injectSprintfProcessor.apply(null, arguments); - } else if (o.shortcutFunction === 'defaultValue') { - options = { - defaultValue: options - } - } - } else { - options = options || {}; - } - - if (typeof o.defaultVariables === 'object') { - options = f.extend({}, o.defaultVariables, options); - } - - if (potentialKeys === undefined || potentialKeys === null || potentialKeys === '') return ''; - - if (typeof potentialKeys === 'number') { - potentialKeys = String(potentialKeys); - } - - if (typeof potentialKeys === 'string') { - potentialKeys = [potentialKeys]; - } - - var key = potentialKeys[0]; - - if (potentialKeys.length > 1) { - for (var i = 0; i < potentialKeys.length; i++) { - key = potentialKeys[i]; - if (exists(key, options)) { - break; - } - } - } - - var notFound = _getDefaultValue(key, options) - , found = _find(key, options) - , lngs = options.lng ? f.toLanguages(options.lng, options.fallbackLng) : languages - , ns = options.ns || o.ns.defaultNs - , parts; - - // split ns and key - if (key.indexOf(o.nsseparator) > -1) { - parts = key.split(o.nsseparator); - ns = parts[0]; - key = parts[1]; - } - - if (found === undefined && o.sendMissing && typeof o.missingKeyHandler === 'function') { - if (options.lng) { - o.missingKeyHandler(lngs[0], ns, key, notFound, lngs); - } else { - o.missingKeyHandler(o.lng, ns, key, notFound, lngs); - } - } - - var postProcessorsToApply; - if (typeof o.postProcess === 'string' && o.postProcess !== '') { - postProcessorsToApply = [o.postProcess]; - } else if (typeof o.postProcess === 'array' || typeof o.postProcess === 'object') { - postProcessorsToApply = o.postProcess; - } else { - postProcessorsToApply = []; - } - - if (typeof options.postProcess === 'string' && options.postProcess !== '') { - postProcessorsToApply = postProcessorsToApply.concat([options.postProcess]); - } else if (typeof options.postProcess === 'array' || typeof options.postProcess === 'object') { - postProcessorsToApply = postProcessorsToApply.concat(options.postProcess); - } - - if (found !== undefined && postProcessorsToApply.length) { - postProcessorsToApply.forEach(function(postProcessor) { - if (postProcessors[postProcessor]) { - found = postProcessors[postProcessor](found, key, options); - } - }); - } - - // process notFound if function exists - var splitNotFound = notFound; - if (notFound.indexOf(o.nsseparator) > -1) { - parts = notFound.split(o.nsseparator); - splitNotFound = parts[1]; - } - if (splitNotFound === key && o.parseMissingKey) { - notFound = o.parseMissingKey(notFound); - } - - if (found === undefined) { - notFound = applyReplacement(notFound, options); - notFound = applyReuse(notFound, options); - - if (postProcessorsToApply.length) { - var val = _getDefaultValue(key, options); - postProcessorsToApply.forEach(function(postProcessor) { - if (postProcessors[postProcessor]) { - found = postProcessors[postProcessor](val, key, options); - } - }); - } - } - - return (found !== undefined) ? found : notFound; - } - - function _find(key, options) { - options = options || {}; - - var optionWithoutCount, translated - , notFound = _getDefaultValue(key, options) - , lngs = languages; - - if (!resStore) { return notFound; } // no resStore to translate from - - // CI mode - if (lngs[0].toLowerCase() === 'cimode') return notFound; - - // passed in lng - if (options.lngs) lngs = options.lngs; - if (options.lng) { - lngs = f.toLanguages(options.lng, options.fallbackLng); - - if (!resStore[lngs[0]]) { - var oldAsync = o.getAsync; - o.getAsync = false; - - i18n.sync.load(lngs, o, function(err, store) { - f.extend(resStore, store); - o.getAsync = oldAsync; - }); - } - } - - var ns = options.ns || o.ns.defaultNs; - if (key.indexOf(o.nsseparator) > -1) { - var parts = key.split(o.nsseparator); - ns = parts[0]; - key = parts[1]; - } - - if (hasContext(options)) { - optionWithoutCount = f.extend({}, options); - delete optionWithoutCount.context; - optionWithoutCount.defaultValue = o.contextNotFound; - - var contextKey = ns + o.nsseparator + key + '_' + options.context; - - translated = translate(contextKey, optionWithoutCount); - if (translated != o.contextNotFound) { - return applyReplacement(translated, { context: options.context }); // apply replacement for context only - } // else continue translation with original/nonContext key - } - - if (needsPlural(options, lngs[0])) { - optionWithoutCount = f.extend({ lngs: [lngs[0]]}, options); - delete optionWithoutCount.count; - optionWithoutCount._origLng = optionWithoutCount._origLng || optionWithoutCount.lng || lngs[0]; - delete optionWithoutCount.lng; - optionWithoutCount.defaultValue = o.pluralNotFound; - - var pluralKey; - if (!pluralExtensions.needsPlural(lngs[0], options.count)) { - pluralKey = ns + o.nsseparator + key; - } else { - pluralKey = ns + o.nsseparator + key + o.pluralSuffix; - var pluralExtension = pluralExtensions.get(lngs[0], options.count); - if (pluralExtension >= 0) { - pluralKey = pluralKey + '_' + pluralExtension; - } else if (pluralExtension === 1) { - pluralKey = ns + o.nsseparator + key; // singular - } - } - - translated = translate(pluralKey, optionWithoutCount); - - if (translated != o.pluralNotFound) { - return applyReplacement(translated, { - count: options.count, - interpolationPrefix: options.interpolationPrefix, - interpolationSuffix: options.interpolationSuffix - }); // apply replacement for count only - } else if (lngs.length > 1) { - // remove failed lng - var clone = lngs.slice(); - clone.shift(); - options = f.extend(options, { lngs: clone }); - options._origLng = optionWithoutCount._origLng; - delete options.lng; - // retry with fallbacks - translated = translate(ns + o.nsseparator + key, options); - if (translated != o.pluralNotFound) return translated; - } else { - optionWithoutCount.lng = optionWithoutCount._origLng; - delete optionWithoutCount._origLng; - translated = translate(ns + o.nsseparator + key, optionWithoutCount); - - return applyReplacement(translated, { - count: options.count, - interpolationPrefix: options.interpolationPrefix, - interpolationSuffix: options.interpolationSuffix - }); - } - } - - if (needsIndefiniteArticle(options)) { - var optionsWithoutIndef = f.extend({}, options); - delete optionsWithoutIndef.indefinite_article; - optionsWithoutIndef.defaultValue = o.indefiniteNotFound; - // If we don't have a count, we want the indefinite, if we do have a count, and needsPlural is false - var indefiniteKey = ns + o.nsseparator + key + (((options.count && !needsPlural(options, lngs[0])) || !options.count) ? o.indefiniteSuffix : ""); - translated = translate(indefiniteKey, optionsWithoutIndef); - if (translated != o.indefiniteNotFound) { - return translated; - } - } - - var found; - var keys = key.split(o.keyseparator); - for (var i = 0, len = lngs.length; i < len; i++ ) { - if (found !== undefined) break; - - var l = lngs[i]; - - var x = 0; - var value = resStore[l] && resStore[l][ns]; - while (keys[x]) { - value = value && value[keys[x]]; - x++; - } - if (value !== undefined && (!o.showKeyIfEmpty || value !== '')) { - var valueType = Object.prototype.toString.apply(value); - if (typeof value === 'string') { - value = applyReplacement(value, options); - value = applyReuse(value, options); - } else if (valueType === '[object Array]' && !o.returnObjectTrees && !options.returnObjectTrees) { - value = value.join('\n'); - value = applyReplacement(value, options); - value = applyReuse(value, options); - } else if (value === null && o.fallbackOnNull === true) { - value = undefined; - } else if (value !== null) { - if (!o.returnObjectTrees && !options.returnObjectTrees) { - if (o.objectTreeKeyHandler && typeof o.objectTreeKeyHandler == 'function') { - value = o.objectTreeKeyHandler(key, value, l, ns, options); - } else { - value = 'key \'' + ns + ':' + key + ' (' + l + ')\' ' + - 'returned an object instead of string.'; - f.log(value); - } - } else if (valueType !== '[object Number]' && valueType !== '[object Function]' && valueType !== '[object RegExp]') { - var copy = (valueType === '[object Array]') ? [] : {}; // apply child translation on a copy - f.each(value, function(m) { - copy[m] = _translate(ns + o.nsseparator + key + o.keyseparator + m, options); - }); - value = copy; - } - } - - if (typeof value === 'string' && value.trim() === '' && o.fallbackOnEmpty === true) - value = undefined; - - found = value; - } - } - - if (found === undefined && !options.isFallbackLookup && (o.fallbackToDefaultNS === true || (o.fallbackNS && o.fallbackNS.length > 0))) { - // set flag for fallback lookup - avoid recursion - options.isFallbackLookup = true; - - if (o.fallbackNS.length) { - - for (var y = 0, lenY = o.fallbackNS.length; y < lenY; y++) { - found = _find(o.fallbackNS[y] + o.nsseparator + key, options); - - if (found || (found==="" && o.fallbackOnEmpty === false)) { - /* compare value without namespace */ - var foundValue = found.indexOf(o.nsseparator) > -1 ? found.split(o.nsseparator)[1] : found - , notFoundValue = notFound.indexOf(o.nsseparator) > -1 ? notFound.split(o.nsseparator)[1] : notFound; - - if (foundValue !== notFoundValue) break; - } - } - } else { - options.ns = o.ns.defaultNs; - found = _find(key, options); // fallback to default NS - } - options.isFallbackLookup = false; - } - - return found; - } - function detectLanguage() { - var detectedLng; - var whitelist = o.lngWhitelist || []; - var userLngChoices = []; - - // get from qs - var qsParm = []; - if (typeof window !== 'undefined') { - (function() { - var query = window.location.search.substring(1); - var params = query.split('&'); - for (var i=0; i 0) { - var key = params[i].substring(0,pos); - if (key == o.detectLngQS) { - userLngChoices.push(params[i].substring(pos+1)); - } - } - } - })(); - } - - // get from cookie - if (o.useCookie && typeof document !== 'undefined') { - var c = f.cookie.read(o.cookieName); - if (c) userLngChoices.push(c); - } - - // get from localStorage - if (o.detectLngFromLocalStorage && typeof window !== 'undefined' && window.localStorage) { - var lang = f.localStorage.getItem('i18next_lng'); - if (lang) { - userLngChoices.push(lang); - } - } - - // get from navigator - if (typeof navigator !== 'undefined') { - if (navigator.languages) { // chrome only; not an array, so can't use .push.apply instead of iterating - for (var i=0;i -1) { - var parts = lng.split('-'); - lng = o.lowerCaseLng ? - parts[0].toLowerCase() + '-' + parts[1].toLowerCase() : - parts[0].toLowerCase() + '-' + parts[1].toUpperCase(); - } - - if (whitelist.length === 0 || whitelist.indexOf(lng) > -1) { - detectedLng = lng; - break; - } - } - })(); - - //fallback - if (!detectedLng){ - detectedLng = o.fallbackLng[0]; - } - - return detectedLng; - } - // definition http://translate.sourceforge.net/wiki/l10n/pluralforms - - /* [code, name, numbers, pluralsType] */ - var _rules = [ - ["ach", "Acholi", [1,2], 1], - ["af", "Afrikaans",[1,2], 2], - ["ak", "Akan", [1,2], 1], - ["am", "Amharic", [1,2], 1], - ["an", "Aragonese",[1,2], 2], - ["ar", "Arabic", [0,1,2,3,11,100],5], - ["arn", "Mapudungun",[1,2], 1], - ["ast", "Asturian", [1,2], 2], - ["ay", "Aymará", [1], 3], - ["az", "Azerbaijani",[1,2],2], - ["be", "Belarusian",[1,2,5],4], - ["bg", "Bulgarian",[1,2], 2], - ["bn", "Bengali", [1,2], 2], - ["bo", "Tibetan", [1], 3], - ["br", "Breton", [1,2], 1], - ["bs", "Bosnian", [1,2,5],4], - ["ca", "Catalan", [1,2], 2], - ["cgg", "Chiga", [1], 3], - ["cs", "Czech", [1,2,5],6], - ["csb", "Kashubian",[1,2,5],7], - ["cy", "Welsh", [1,2,3,8],8], - ["da", "Danish", [1,2], 2], - ["de", "German", [1,2], 2], - ["dev", "Development Fallback", [1,2], 2], - ["dz", "Dzongkha", [1], 3], - ["el", "Greek", [1,2], 2], - ["en", "English", [1,2], 2], - ["eo", "Esperanto",[1,2], 2], - ["es", "Spanish", [1,2], 2], - ["es_ar","Argentinean Spanish", [1,2], 2], - ["et", "Estonian", [1,2], 2], - ["eu", "Basque", [1,2], 2], - ["fa", "Persian", [1], 3], - ["fi", "Finnish", [1,2], 2], - ["fil", "Filipino", [1,2], 1], - ["fo", "Faroese", [1,2], 2], - ["fr", "French", [1,2], 9], - ["fur", "Friulian", [1,2], 2], - ["fy", "Frisian", [1,2], 2], - ["ga", "Irish", [1,2,3,7,11],10], - ["gd", "Scottish Gaelic",[1,2,3,20],11], - ["gl", "Galician", [1,2], 2], - ["gu", "Gujarati", [1,2], 2], - ["gun", "Gun", [1,2], 1], - ["ha", "Hausa", [1,2], 2], - ["he", "Hebrew", [1,2], 2], - ["hi", "Hindi", [1,2], 2], - ["hr", "Croatian", [1,2,5],4], - ["hu", "Hungarian",[1,2], 2], - ["hy", "Armenian", [1,2], 2], - ["ia", "Interlingua",[1,2],2], - ["id", "Indonesian",[1], 3], - ["is", "Icelandic",[1,2], 12], - ["it", "Italian", [1,2], 2], - ["ja", "Japanese", [1], 3], - ["jbo", "Lojban", [1], 3], - ["jv", "Javanese", [0,1], 13], - ["ka", "Georgian", [1], 3], - ["kk", "Kazakh", [1], 3], - ["km", "Khmer", [1], 3], - ["kn", "Kannada", [1,2], 2], - ["ko", "Korean", [1], 3], - ["ku", "Kurdish", [1,2], 2], - ["kw", "Cornish", [1,2,3,4],14], - ["ky", "Kyrgyz", [1], 3], - ["lb", "Letzeburgesch",[1,2],2], - ["ln", "Lingala", [1,2], 1], - ["lo", "Lao", [1], 3], - ["lt", "Lithuanian",[1,2,10],15], - ["lv", "Latvian", [1,2,0],16], - ["mai", "Maithili", [1,2], 2], - ["mfe", "Mauritian Creole",[1,2],1], - ["mg", "Malagasy", [1,2], 1], - ["mi", "Maori", [1,2], 1], - ["mk", "Macedonian",[1,2],17], - ["ml", "Malayalam",[1,2], 2], - ["mn", "Mongolian",[1,2], 2], - ["mnk", "Mandinka", [0,1,2],18], - ["mr", "Marathi", [1,2], 2], - ["ms", "Malay", [1], 3], - ["mt", "Maltese", [1,2,11,20],19], - ["nah", "Nahuatl", [1,2], 2], - ["nap", "Neapolitan",[1,2], 2], - ["nb", "Norwegian Bokmal",[1,2],2], - ["ne", "Nepali", [1,2], 2], - ["nl", "Dutch", [1,2], 2], - ["nn", "Norwegian Nynorsk",[1,2],2], - ["no", "Norwegian",[1,2], 2], - ["nso", "Northern Sotho",[1,2],2], - ["oc", "Occitan", [1,2], 1], - ["or", "Oriya", [2,1], 2], - ["pa", "Punjabi", [1,2], 2], - ["pap", "Papiamento",[1,2], 2], - ["pl", "Polish", [1,2,5],7], - ["pms", "Piemontese",[1,2], 2], - ["ps", "Pashto", [1,2], 2], - ["pt", "Portuguese",[1,2], 2], - ["pt_br","Brazilian Portuguese",[1,2], 2], - ["rm", "Romansh", [1,2], 2], - ["ro", "Romanian", [1,2,20],20], - ["ru", "Russian", [1,2,5],4], - ["sah", "Yakut", [1], 3], - ["sco", "Scots", [1,2], 2], - ["se", "Northern Sami",[1,2], 2], - ["si", "Sinhala", [1,2], 2], - ["sk", "Slovak", [1,2,5],6], - ["sl", "Slovenian",[5,1,2,3],21], - ["so", "Somali", [1,2], 2], - ["son", "Songhay", [1,2], 2], - ["sq", "Albanian", [1,2], 2], - ["sr", "Serbian", [1,2,5],4], - ["su", "Sundanese",[1], 3], - ["sv", "Swedish", [1,2], 2], - ["sw", "Swahili", [1,2], 2], - ["ta", "Tamil", [1,2], 2], - ["te", "Telugu", [1,2], 2], - ["tg", "Tajik", [1,2], 1], - ["th", "Thai", [1], 3], - ["ti", "Tigrinya", [1,2], 1], - ["tk", "Turkmen", [1,2], 2], - ["tr", "Turkish", [1,2], 1], - ["tt", "Tatar", [1], 3], - ["ug", "Uyghur", [1], 3], - ["uk", "Ukrainian",[1,2,5],4], - ["ur", "Urdu", [1,2], 2], - ["uz", "Uzbek", [1,2], 1], - ["vi", "Vietnamese",[1], 3], - ["wa", "Walloon", [1,2], 1], - ["wo", "Wolof", [1], 3], - ["yo", "Yoruba", [1,2], 2], - ["zh", "Chinese", [1], 3] - ]; - - var _rulesPluralsTypes = { - 1: function(n) {return Number(n > 1);}, - 2: function(n) {return Number(n != 1);}, - 3: function(n) {return 0;}, - 4: function(n) {return Number(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);}, - 5: function(n) {return Number(n===0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 ? 4 : 5);}, - 6: function(n) {return Number((n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2);}, - 7: function(n) {return Number(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);}, - 8: function(n) {return Number((n==1) ? 0 : (n==2) ? 1 : (n != 8 && n != 11) ? 2 : 3);}, - 9: function(n) {return Number(n >= 2);}, - 10: function(n) {return Number(n==1 ? 0 : n==2 ? 1 : n<7 ? 2 : n<11 ? 3 : 4) ;}, - 11: function(n) {return Number((n==1 || n==11) ? 0 : (n==2 || n==12) ? 1 : (n > 2 && n < 20) ? 2 : 3);}, - 12: function(n) {return Number(n%10!=1 || n%100==11);}, - 13: function(n) {return Number(n !== 0);}, - 14: function(n) {return Number((n==1) ? 0 : (n==2) ? 1 : (n == 3) ? 2 : 3);}, - 15: function(n) {return Number(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n%100<10 || n%100>=20) ? 1 : 2);}, - 16: function(n) {return Number(n%10==1 && n%100!=11 ? 0 : n !== 0 ? 1 : 2);}, - 17: function(n) {return Number(n==1 || n%10==1 ? 0 : 1);}, - 18: function(n) {return Number(0 ? 0 : n==1 ? 1 : 2);}, - 19: function(n) {return Number(n==1 ? 0 : n===0 || ( n%100>1 && n%100<11) ? 1 : (n%100>10 && n%100<20 ) ? 2 : 3);}, - 20: function(n) {return Number(n==1 ? 0 : (n===0 || (n%100 > 0 && n%100 < 20)) ? 1 : 2);}, - 21: function(n) {return Number(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n%100==4 ? 3 : 0); } - }; - - var pluralExtensions = { - - rules: (function () { - var l, rules = {}; - for (l=_rules.length; l-- ;) { - rules[_rules[l][0]] = { - name: _rules[l][1], - numbers: _rules[l][2], - plurals: _rulesPluralsTypes[_rules[l][3]] - } - } - return rules; - }()), - - // you can add your own pluralExtensions - addRule: function(lng, obj) { - pluralExtensions.rules[lng] = obj; - }, - - setCurrentLng: function(lng) { - if (!pluralExtensions.currentRule || pluralExtensions.currentRule.lng !== lng) { - var parts = lng.split('-'); - - pluralExtensions.currentRule = { - lng: lng, - rule: pluralExtensions.rules[parts[0]] - }; - } - }, - - needsPlural: function(lng, count) { - var parts = lng.split('-'); - - var ext; - if (pluralExtensions.currentRule && pluralExtensions.currentRule.lng === lng) { - ext = pluralExtensions.currentRule.rule; - } else { - ext = pluralExtensions.rules[parts[f.getCountyIndexOfLng(lng)]]; - } - - if (ext && ext.numbers.length <= 1) { - return false; - } else { - return this.get(lng, count) !== 1; - } - }, - - get: function(lng, count) { - var parts = lng.split('-'); - - function getResult(l, c) { - var ext; - if (pluralExtensions.currentRule && pluralExtensions.currentRule.lng === lng) { - ext = pluralExtensions.currentRule.rule; - } else { - ext = pluralExtensions.rules[l]; - } - if (ext) { - var i; - if (ext.noAbs) { - i = ext.plurals(c); - } else { - i = ext.plurals(Math.abs(c)); - } - - var number = ext.numbers[i]; - if (ext.numbers.length === 2 && ext.numbers[0] === 1) { - if (number === 2) { - number = -1; // regular plural - } else if (number === 1) { - number = 1; // singular - } - }//console.log(count + '-' + number); - return number; - } else { - return c === 1 ? '1' : '-1'; - } - } - - return getResult(parts[f.getCountyIndexOfLng(lng)], count); - } - - }; - var postProcessors = {}; - var addPostProcessor = function(name, fc) { - postProcessors[name] = fc; - }; - // sprintf support - var sprintf = (function() { - function get_type(variable) { - return Object.prototype.toString.call(variable).slice(8, -1).toLowerCase(); - } - function str_repeat(input, multiplier) { - for (var output = []; multiplier > 0; output[--multiplier] = input) {/* do nothing */} - return output.join(''); - } - - var str_format = function() { - if (!str_format.cache.hasOwnProperty(arguments[0])) { - str_format.cache[arguments[0]] = str_format.parse(arguments[0]); - } - return str_format.format.call(null, str_format.cache[arguments[0]], arguments); - }; - - str_format.format = function(parse_tree, argv) { - var cursor = 1, tree_length = parse_tree.length, node_type = '', arg, output = [], i, k, match, pad, pad_character, pad_length; - for (i = 0; i < tree_length; i++) { - node_type = get_type(parse_tree[i]); - if (node_type === 'string') { - output.push(parse_tree[i]); - } - else if (node_type === 'array') { - match = parse_tree[i]; // convenience purposes only - if (match[2]) { // keyword argument - arg = argv[cursor]; - for (k = 0; k < match[2].length; k++) { - if (!arg.hasOwnProperty(match[2][k])) { - throw(sprintf('[sprintf] property "%s" does not exist', match[2][k])); - } - arg = arg[match[2][k]]; - } - } - else if (match[1]) { // positional argument (explicit) - arg = argv[match[1]]; - } - else { // positional argument (implicit) - arg = argv[cursor++]; - } - - if (/[^s]/.test(match[8]) && (get_type(arg) != 'number')) { - throw(sprintf('[sprintf] expecting number but found %s', get_type(arg))); - } - switch (match[8]) { - case 'b': arg = arg.toString(2); break; - case 'c': arg = String.fromCharCode(arg); break; - case 'd': arg = parseInt(arg, 10); break; - case 'e': arg = match[7] ? arg.toExponential(match[7]) : arg.toExponential(); break; - case 'f': arg = match[7] ? parseFloat(arg).toFixed(match[7]) : parseFloat(arg); break; - case 'o': arg = arg.toString(8); break; - case 's': arg = ((arg = String(arg)) && match[7] ? arg.substring(0, match[7]) : arg); break; - case 'u': arg = Math.abs(arg); break; - case 'x': arg = arg.toString(16); break; - case 'X': arg = arg.toString(16).toUpperCase(); break; - } - arg = (/[def]/.test(match[8]) && match[3] && arg >= 0 ? '+'+ arg : arg); - pad_character = match[4] ? match[4] == '0' ? '0' : match[4].charAt(1) : ' '; - pad_length = match[6] - String(arg).length; - pad = match[6] ? str_repeat(pad_character, pad_length) : ''; - output.push(match[5] ? arg + pad : pad + arg); - } - } - return output.join(''); - }; - - str_format.cache = {}; - - str_format.parse = function(fmt) { - var _fmt = fmt, match = [], parse_tree = [], arg_names = 0; - while (_fmt) { - if ((match = /^[^\x25]+/.exec(_fmt)) !== null) { - parse_tree.push(match[0]); - } - else if ((match = /^\x25{2}/.exec(_fmt)) !== null) { - parse_tree.push('%'); - } - else if ((match = /^\x25(?:([1-9]\d*)\$|\(([^\)]+)\))?(\+)?(0|'[^$])?(-)?(\d+)?(?:\.(\d+))?([b-fosuxX])/.exec(_fmt)) !== null) { - if (match[2]) { - arg_names |= 1; - var field_list = [], replacement_field = match[2], field_match = []; - if ((field_match = /^([a-z_][a-z_\d]*)/i.exec(replacement_field)) !== null) { - field_list.push(field_match[1]); - while ((replacement_field = replacement_field.substring(field_match[0].length)) !== '') { - if ((field_match = /^\.([a-z_][a-z_\d]*)/i.exec(replacement_field)) !== null) { - field_list.push(field_match[1]); - } - else if ((field_match = /^\[(\d+)\]/.exec(replacement_field)) !== null) { - field_list.push(field_match[1]); - } - else { - throw('[sprintf] huh?'); - } - } - } - else { - throw('[sprintf] huh?'); - } - match[2] = field_list; - } - else { - arg_names |= 2; - } - if (arg_names === 3) { - throw('[sprintf] mixing positional and named placeholders is not (yet) supported'); - } - parse_tree.push(match); - } - else { - throw('[sprintf] huh?'); - } - _fmt = _fmt.substring(match[0].length); - } - return parse_tree; - }; - - return str_format; - })(); - - var vsprintf = function(fmt, argv) { - argv.unshift(fmt); - return sprintf.apply(null, argv); - }; - - addPostProcessor("sprintf", function(val, key, opts) { - if (!opts.sprintf) return val; - - if (Object.prototype.toString.apply(opts.sprintf) === '[object Array]') { - return vsprintf(val, opts.sprintf); - } else if (typeof opts.sprintf === 'object') { - return sprintf(val, opts.sprintf); - } - - return val; - }); - // public api interface - i18n.init = init; - i18n.isInitialized = isInitialized; - i18n.setLng = setLng; - i18n.preload = preload; - i18n.addResourceBundle = addResourceBundle; - i18n.hasResourceBundle = hasResourceBundle; - i18n.getResourceBundle = getResourceBundle; - i18n.addResource = addResource; - i18n.addResources = addResources; - i18n.removeResourceBundle = removeResourceBundle; - i18n.loadNamespace = loadNamespace; - i18n.loadNamespaces = loadNamespaces; - i18n.setDefaultNamespace = setDefaultNamespace; - i18n.t = translate; - i18n.translate = translate; - i18n.exists = exists; - i18n.detectLanguage = f.detectLanguage; - i18n.pluralExtensions = pluralExtensions; - i18n.sync = sync; - i18n.functions = f; - i18n.lng = lng; - i18n.addPostProcessor = addPostProcessor; - i18n.applyReplacement = f.applyReplacement; - i18n.options = o; - i18n.noConflict = noConflict; - -})(typeof exports === 'undefined' ? window : exports); \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/jquery.js b/openid-connect-server-webapp/src/main/webapp/resources/js/lib/jquery.js deleted file mode 100644 index b9f8937fdd..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/lib/jquery.js +++ /dev/null @@ -1,10881 +0,0 @@ -/*! - * jQuery JavaScript Library v3.6.0 - * https://jquery.com/ - * - * Includes Sizzle.js - * https://sizzlejs.com/ - * - * Copyright OpenJS Foundation and other contributors - * Released under the MIT license - * https://jquery.org/license - * - * Date: 2021-03-02T17:08Z - */ -( function( global, factory ) { - - "use strict"; - - if ( typeof module === "object" && typeof module.exports === "object" ) { - - // For CommonJS and CommonJS-like environments where a proper `window` - // is present, execute the factory and get jQuery. - // For environments that do not have a `window` with a `document` - // (such as Node.js), expose a factory as module.exports. - // This accentuates the need for the creation of a real `window`. - // e.g. var jQuery = require("jquery")(window); - // See ticket #14549 for more info. - module.exports = global.document ? - factory( global, true ) : - function( w ) { - if ( !w.document ) { - throw new Error( "jQuery requires a window with a document" ); - } - return factory( w ); - }; - } else { - factory( global ); - } - -// Pass this if window is not defined yet -} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { - -// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 -// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode -// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common -// enough that all such attempts are guarded in a try block. - "use strict"; - - var arr = []; - - var getProto = Object.getPrototypeOf; - - var slice = arr.slice; - - var flat = arr.flat ? function( array ) { - return arr.flat.call( array ); - } : function( array ) { - return arr.concat.apply( [], array ); - }; - - - var push = arr.push; - - var indexOf = arr.indexOf; - - var class2type = {}; - - var toString = class2type.toString; - - var hasOwn = class2type.hasOwnProperty; - - var fnToString = hasOwn.toString; - - var ObjectFunctionString = fnToString.call( Object ); - - var support = {}; - - var isFunction = function isFunction( obj ) { - - // Support: Chrome <=57, Firefox <=52 - // In some browsers, typeof returns "function" for HTML elements - // (i.e., `typeof document.createElement( "object" ) === "function"`). - // We don't want to classify *any* DOM node as a function. - // Support: QtWeb <=3.8.5, WebKit <=534.34, wkhtmltopdf tool <=0.12.5 - // Plus for old WebKit, typeof returns "function" for HTML collections - // (e.g., `typeof document.getElementsByTagName("div") === "function"`). (gh-4756) - return typeof obj === "function" && typeof obj.nodeType !== "number" && - typeof obj.item !== "function"; - }; - - - var isWindow = function isWindow( obj ) { - return obj != null && obj === obj.window; - }; - - - var document = window.document; - - - - var preservedScriptAttributes = { - type: true, - src: true, - nonce: true, - noModule: true - }; - - function DOMEval( code, node, doc ) { - doc = doc || document; - - var i, val, - script = doc.createElement( "script" ); - - script.text = code; - if ( node ) { - for ( i in preservedScriptAttributes ) { - - // Support: Firefox 64+, Edge 18+ - // Some browsers don't support the "nonce" property on scripts. - // On the other hand, just using `getAttribute` is not enough as - // the `nonce` attribute is reset to an empty string whenever it - // becomes browsing-context connected. - // See https://github.com/whatwg/html/issues/2369 - // See https://html.spec.whatwg.org/#nonce-attributes - // The `node.getAttribute` check was added for the sake of - // `jQuery.globalEval` so that it can fake a nonce-containing node - // via an object. - val = node[ i ] || node.getAttribute && node.getAttribute( i ); - if ( val ) { - script.setAttribute( i, val ); - } - } - } - doc.head.appendChild( script ).parentNode.removeChild( script ); - } - - - function toType( obj ) { - if ( obj == null ) { - return obj + ""; - } - - // Support: Android <=2.3 only (functionish RegExp) - return typeof obj === "object" || typeof obj === "function" ? - class2type[ toString.call( obj ) ] || "object" : - typeof obj; - } - /* global Symbol */ -// Defining this global in .eslintrc.json would create a danger of using the global -// unguarded in another place, it seems safer to define global only for this module - - - - var - version = "3.6.0", - - // Define a local copy of jQuery - jQuery = function( selector, context ) { - - // The jQuery object is actually just the init constructor 'enhanced' - // Need init if jQuery is called (just allow error to be thrown if not included) - return new jQuery.fn.init( selector, context ); - }; - - jQuery.fn = jQuery.prototype = { - - // The current version of jQuery being used - jquery: version, - - constructor: jQuery, - - // The default length of a jQuery object is 0 - length: 0, - - toArray: function() { - return slice.call( this ); - }, - - // Get the Nth element in the matched element set OR - // Get the whole matched element set as a clean array - get: function( num ) { - - // Return all the elements in a clean array - if ( num == null ) { - return slice.call( this ); - } - - // Return just the one element from the set - return num < 0 ? this[ num + this.length ] : this[ num ]; - }, - - // Take an array of elements and push it onto the stack - // (returning the new matched element set) - pushStack: function( elems ) { - - // Build a new jQuery matched element set - var ret = jQuery.merge( this.constructor(), elems ); - - // Add the old object onto the stack (as a reference) - ret.prevObject = this; - - // Return the newly-formed element set - return ret; - }, - - // Execute a callback for every element in the matched set. - each: function( callback ) { - return jQuery.each( this, callback ); - }, - - map: function( callback ) { - return this.pushStack( jQuery.map( this, function( elem, i ) { - return callback.call( elem, i, elem ); - } ) ); - }, - - slice: function() { - return this.pushStack( slice.apply( this, arguments ) ); - }, - - first: function() { - return this.eq( 0 ); - }, - - last: function() { - return this.eq( -1 ); - }, - - even: function() { - return this.pushStack( jQuery.grep( this, function( _elem, i ) { - return ( i + 1 ) % 2; - } ) ); - }, - - odd: function() { - return this.pushStack( jQuery.grep( this, function( _elem, i ) { - return i % 2; - } ) ); - }, - - eq: function( i ) { - var len = this.length, - j = +i + ( i < 0 ? len : 0 ); - return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] ); - }, - - end: function() { - return this.prevObject || this.constructor(); - }, - - // For internal use only. - // Behaves like an Array's method, not like a jQuery method. - push: push, - sort: arr.sort, - splice: arr.splice - }; - - jQuery.extend = jQuery.fn.extend = function() { - var options, name, src, copy, copyIsArray, clone, - target = arguments[ 0 ] || {}, - i = 1, - length = arguments.length, - deep = false; - - // Handle a deep copy situation - if ( typeof target === "boolean" ) { - deep = target; - - // Skip the boolean and the target - target = arguments[ i ] || {}; - i++; - } - - // Handle case when target is a string or something (possible in deep copy) - if ( typeof target !== "object" && !isFunction( target ) ) { - target = {}; - } - - // Extend jQuery itself if only one argument is passed - if ( i === length ) { - target = this; - i--; - } - - for ( ; i < length; i++ ) { - - // Only deal with non-null/undefined values - if ( ( options = arguments[ i ] ) != null ) { - - // Extend the base object - for ( name in options ) { - copy = options[ name ]; - - // Prevent Object.prototype pollution - // Prevent never-ending loop - if ( name === "__proto__" || target === copy ) { - continue; - } - - // Recurse if we're merging plain objects or arrays - if ( deep && copy && ( jQuery.isPlainObject( copy ) || - ( copyIsArray = Array.isArray( copy ) ) ) ) { - src = target[ name ]; - - // Ensure proper type for the source value - if ( copyIsArray && !Array.isArray( src ) ) { - clone = []; - } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) { - clone = {}; - } else { - clone = src; - } - copyIsArray = false; - - // Never move original objects, clone them - target[ name ] = jQuery.extend( deep, clone, copy ); - - // Don't bring in undefined values - } else if ( copy !== undefined ) { - target[ name ] = copy; - } - } - } - } - - // Return the modified object - return target; - }; - - jQuery.extend( { - - // Unique for each copy of jQuery on the page - expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ), - - // Assume jQuery is ready without the ready module - isReady: true, - - error: function( msg ) { - throw new Error( msg ); - }, - - noop: function() {}, - - isPlainObject: function( obj ) { - var proto, Ctor; - - // Detect obvious negatives - // Use toString instead of jQuery.type to catch host objects - if ( !obj || toString.call( obj ) !== "[object Object]" ) { - return false; - } - - proto = getProto( obj ); - - // Objects with no prototype (e.g., `Object.create( null )`) are plain - if ( !proto ) { - return true; - } - - // Objects with prototype are plain iff they were constructed by a global Object function - Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor; - return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString; - }, - - isEmptyObject: function( obj ) { - var name; - - for ( name in obj ) { - return false; - } - return true; - }, - - // Evaluates a script in a provided context; falls back to the global one - // if not specified. - globalEval: function( code, options, doc ) { - DOMEval( code, { nonce: options && options.nonce }, doc ); - }, - - each: function( obj, callback ) { - var length, i = 0; - - if ( isArrayLike( obj ) ) { - length = obj.length; - for ( ; i < length; i++ ) { - if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { - break; - } - } - } else { - for ( i in obj ) { - if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { - break; - } - } - } - - return obj; - }, - - // results is for internal usage only - makeArray: function( arr, results ) { - var ret = results || []; - - if ( arr != null ) { - if ( isArrayLike( Object( arr ) ) ) { - jQuery.merge( ret, - typeof arr === "string" ? - [ arr ] : arr - ); - } else { - push.call( ret, arr ); - } - } - - return ret; - }, - - inArray: function( elem, arr, i ) { - return arr == null ? -1 : indexOf.call( arr, elem, i ); - }, - - // Support: Android <=4.0 only, PhantomJS 1 only - // push.apply(_, arraylike) throws on ancient WebKit - merge: function( first, second ) { - var len = +second.length, - j = 0, - i = first.length; - - for ( ; j < len; j++ ) { - first[ i++ ] = second[ j ]; - } - - first.length = i; - - return first; - }, - - grep: function( elems, callback, invert ) { - var callbackInverse, - matches = [], - i = 0, - length = elems.length, - callbackExpect = !invert; - - // Go through the array, only saving the items - // that pass the validator function - for ( ; i < length; i++ ) { - callbackInverse = !callback( elems[ i ], i ); - if ( callbackInverse !== callbackExpect ) { - matches.push( elems[ i ] ); - } - } - - return matches; - }, - - // arg is for internal usage only - map: function( elems, callback, arg ) { - var length, value, - i = 0, - ret = []; - - // Go through the array, translating each of the items to their new values - if ( isArrayLike( elems ) ) { - length = elems.length; - for ( ; i < length; i++ ) { - value = callback( elems[ i ], i, arg ); - - if ( value != null ) { - ret.push( value ); - } - } - - // Go through every key on the object, - } else { - for ( i in elems ) { - value = callback( elems[ i ], i, arg ); - - if ( value != null ) { - ret.push( value ); - } - } - } - - // Flatten any nested arrays - return flat( ret ); - }, - - // A global GUID counter for objects - guid: 1, - - // jQuery.support is not used in Core but other projects attach their - // properties to it so it needs to exist. - support: support - } ); - - if ( typeof Symbol === "function" ) { - jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ]; - } - -// Populate the class2type map - jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ), - function( _i, name ) { - class2type[ "[object " + name + "]" ] = name.toLowerCase(); - } ); - - function isArrayLike( obj ) { - - // Support: real iOS 8.2 only (not reproducible in simulator) - // `in` check used to prevent JIT error (gh-2145) - // hasOwn isn't used here due to false negatives - // regarding Nodelist length in IE - var length = !!obj && "length" in obj && obj.length, - type = toType( obj ); - - if ( isFunction( obj ) || isWindow( obj ) ) { - return false; - } - - return type === "array" || length === 0 || - typeof length === "number" && length > 0 && ( length - 1 ) in obj; - } - var Sizzle = - /*! - * Sizzle CSS Selector Engine v2.3.6 - * https://sizzlejs.com/ - * - * Copyright JS Foundation and other contributors - * Released under the MIT license - * https://js.foundation/ - * - * Date: 2021-02-16 - */ - ( function( window ) { - var i, - support, - Expr, - getText, - isXML, - tokenize, - compile, - select, - outermostContext, - sortInput, - hasDuplicate, - - // Local document vars - setDocument, - document, - docElem, - documentIsHTML, - rbuggyQSA, - rbuggyMatches, - matches, - contains, - - // Instance-specific data - expando = "sizzle" + 1 * new Date(), - preferredDoc = window.document, - dirruns = 0, - done = 0, - classCache = createCache(), - tokenCache = createCache(), - compilerCache = createCache(), - nonnativeSelectorCache = createCache(), - sortOrder = function( a, b ) { - if ( a === b ) { - hasDuplicate = true; - } - return 0; - }, - - // Instance methods - hasOwn = ( {} ).hasOwnProperty, - arr = [], - pop = arr.pop, - pushNative = arr.push, - push = arr.push, - slice = arr.slice, - - // Use a stripped-down indexOf as it's faster than native - // https://jsperf.com/thor-indexof-vs-for/5 - indexOf = function( list, elem ) { - var i = 0, - len = list.length; - for ( ; i < len; i++ ) { - if ( list[ i ] === elem ) { - return i; - } - } - return -1; - }, - - booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|" + - "ismap|loop|multiple|open|readonly|required|scoped", - - // Regular expressions - - // http://www.w3.org/TR/css3-selectors/#whitespace - whitespace = "[\\x20\\t\\r\\n\\f]", - - // https://www.w3.org/TR/css-syntax-3/#ident-token-diagram - identifier = "(?:\\\\[\\da-fA-F]{1,6}" + whitespace + - "?|\\\\[^\\r\\n\\f]|[\\w-]|[^\0-\\x7f])+", - - // Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors - attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace + - - // Operator (capture 2) - "*([*^$|!~]?=)" + whitespace + - - // "Attribute values must be CSS identifiers [capture 5] - // or strings [capture 3 or capture 4]" - "*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + - whitespace + "*\\]", - - pseudos = ":(" + identifier + ")(?:\\((" + - - // To reduce the number of selectors needing tokenize in the preFilter, prefer arguments: - // 1. quoted (capture 3; capture 4 or capture 5) - "('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" + - - // 2. simple (capture 6) - "((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" + - - // 3. anything else (capture 2) - ".*" + - ")\\)|)", - - // Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter - rwhitespace = new RegExp( whitespace + "+", "g" ), - rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + - whitespace + "+$", "g" ), - - rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ), - rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + - "*" ), - rdescend = new RegExp( whitespace + "|>" ), - - rpseudo = new RegExp( pseudos ), - ridentifier = new RegExp( "^" + identifier + "$" ), - - matchExpr = { - "ID": new RegExp( "^#(" + identifier + ")" ), - "CLASS": new RegExp( "^\\.(" + identifier + ")" ), - "TAG": new RegExp( "^(" + identifier + "|[*])" ), - "ATTR": new RegExp( "^" + attributes ), - "PSEUDO": new RegExp( "^" + pseudos ), - "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + - whitespace + "*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + - whitespace + "*(\\d+)|))" + whitespace + "*\\)|)", "i" ), - "bool": new RegExp( "^(?:" + booleans + ")$", "i" ), - - // For use in libraries implementing .is() - // We use this for POS matching in `select` - "needsContext": new RegExp( "^" + whitespace + - "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" + whitespace + - "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" ) - }, - - rhtml = /HTML$/i, - rinputs = /^(?:input|select|textarea|button)$/i, - rheader = /^h\d$/i, - - rnative = /^[^{]+\{\s*\[native \w/, - - // Easily-parseable/retrievable ID or TAG or CLASS selectors - rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/, - - rsibling = /[+~]/, - - // CSS escapes - // http://www.w3.org/TR/CSS21/syndata.html#escaped-characters - runescape = new RegExp( "\\\\[\\da-fA-F]{1,6}" + whitespace + "?|\\\\([^\\r\\n\\f])", "g" ), - funescape = function( escape, nonHex ) { - var high = "0x" + escape.slice( 1 ) - 0x10000; - - return nonHex ? - - // Strip the backslash prefix from a non-hex escape sequence - nonHex : - - // Replace a hexadecimal escape sequence with the encoded Unicode code point - // Support: IE <=11+ - // For values outside the Basic Multilingual Plane (BMP), manually construct a - // surrogate pair - high < 0 ? - String.fromCharCode( high + 0x10000 ) : - String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 ); - }, - - // CSS string/identifier serialization - // https://drafts.csswg.org/cssom/#common-serializing-idioms - rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g, - fcssescape = function( ch, asCodePoint ) { - if ( asCodePoint ) { - - // U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER - if ( ch === "\0" ) { - return "\uFFFD"; - } - - // Control characters and (dependent upon position) numbers get escaped as code points - return ch.slice( 0, -1 ) + "\\" + - ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " "; - } - - // Other potentially-special ASCII characters get backslash-escaped - return "\\" + ch; - }, - - // Used for iframes - // See setDocument() - // Removing the function wrapper causes a "Permission Denied" - // error in IE - unloadHandler = function() { - setDocument(); - }, - - inDisabledFieldset = addCombinator( - function( elem ) { - return elem.disabled === true && elem.nodeName.toLowerCase() === "fieldset"; - }, - { dir: "parentNode", next: "legend" } - ); - -// Optimize for push.apply( _, NodeList ) - try { - push.apply( - ( arr = slice.call( preferredDoc.childNodes ) ), - preferredDoc.childNodes - ); - - // Support: Android<4.0 - // Detect silently failing push.apply - // eslint-disable-next-line no-unused-expressions - arr[ preferredDoc.childNodes.length ].nodeType; - } catch ( e ) { - push = { apply: arr.length ? - - // Leverage slice if possible - function( target, els ) { - pushNative.apply( target, slice.call( els ) ); - } : - - // Support: IE<9 - // Otherwise append directly - function( target, els ) { - var j = target.length, - i = 0; - - // Can't trust NodeList.length - while ( ( target[ j++ ] = els[ i++ ] ) ) {} - target.length = j - 1; - } - }; - } - - function Sizzle( selector, context, results, seed ) { - var m, i, elem, nid, match, groups, newSelector, - newContext = context && context.ownerDocument, - - // nodeType defaults to 9, since context defaults to document - nodeType = context ? context.nodeType : 9; - - results = results || []; - - // Return early from calls with invalid selector or context - if ( typeof selector !== "string" || !selector || - nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) { - - return results; - } - - // Try to shortcut find operations (as opposed to filters) in HTML documents - if ( !seed ) { - setDocument( context ); - context = context || document; - - if ( documentIsHTML ) { - - // If the selector is sufficiently simple, try using a "get*By*" DOM method - // (excepting DocumentFragment context, where the methods don't exist) - if ( nodeType !== 11 && ( match = rquickExpr.exec( selector ) ) ) { - - // ID selector - if ( ( m = match[ 1 ] ) ) { - - // Document context - if ( nodeType === 9 ) { - if ( ( elem = context.getElementById( m ) ) ) { - - // Support: IE, Opera, Webkit - // TODO: identify versions - // getElementById can match elements by name instead of ID - if ( elem.id === m ) { - results.push( elem ); - return results; - } - } else { - return results; - } - - // Element context - } else { - - // Support: IE, Opera, Webkit - // TODO: identify versions - // getElementById can match elements by name instead of ID - if ( newContext && ( elem = newContext.getElementById( m ) ) && - contains( context, elem ) && - elem.id === m ) { - - results.push( elem ); - return results; - } - } - - // Type selector - } else if ( match[ 2 ] ) { - push.apply( results, context.getElementsByTagName( selector ) ); - return results; - - // Class selector - } else if ( ( m = match[ 3 ] ) && support.getElementsByClassName && - context.getElementsByClassName ) { - - push.apply( results, context.getElementsByClassName( m ) ); - return results; - } - } - - // Take advantage of querySelectorAll - if ( support.qsa && - !nonnativeSelectorCache[ selector + " " ] && - ( !rbuggyQSA || !rbuggyQSA.test( selector ) ) && - - // Support: IE 8 only - // Exclude object elements - ( nodeType !== 1 || context.nodeName.toLowerCase() !== "object" ) ) { - - newSelector = selector; - newContext = context; - - // qSA considers elements outside a scoping root when evaluating child or - // descendant combinators, which is not what we want. - // In such cases, we work around the behavior by prefixing every selector in the - // list with an ID selector referencing the scope context. - // The technique has to be used as well when a leading combinator is used - // as such selectors are not recognized by querySelectorAll. - // Thanks to Andrew Dupont for this technique. - if ( nodeType === 1 && - ( rdescend.test( selector ) || rcombinators.test( selector ) ) ) { - - // Expand context for sibling selectors - newContext = rsibling.test( selector ) && testContext( context.parentNode ) || - context; - - // We can use :scope instead of the ID hack if the browser - // supports it & if we're not changing the context. - if ( newContext !== context || !support.scope ) { - - // Capture the context ID, setting it first if necessary - if ( ( nid = context.getAttribute( "id" ) ) ) { - nid = nid.replace( rcssescape, fcssescape ); - } else { - context.setAttribute( "id", ( nid = expando ) ); - } - } - - // Prefix every selector in the list - groups = tokenize( selector ); - i = groups.length; - while ( i-- ) { - groups[ i ] = ( nid ? "#" + nid : ":scope" ) + " " + - toSelector( groups[ i ] ); - } - newSelector = groups.join( "," ); - } - - try { - push.apply( results, - newContext.querySelectorAll( newSelector ) - ); - return results; - } catch ( qsaError ) { - nonnativeSelectorCache( selector, true ); - } finally { - if ( nid === expando ) { - context.removeAttribute( "id" ); - } - } - } - } - } - - // All others - return select( selector.replace( rtrim, "$1" ), context, results, seed ); - } - - /** - * Create key-value caches of limited size - * @returns {function(string, object)} Returns the Object data after storing it on itself with - * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) - * deleting the oldest entry - */ - function createCache() { - var keys = []; - - function cache( key, value ) { - - // Use (key + " ") to avoid collision with native prototype properties (see Issue #157) - if ( keys.push( key + " " ) > Expr.cacheLength ) { - - // Only keep the most recent entries - delete cache[ keys.shift() ]; - } - return ( cache[ key + " " ] = value ); - } - return cache; - } - - /** - * Mark a function for special use by Sizzle - * @param {Function} fn The function to mark - */ - function markFunction( fn ) { - fn[ expando ] = true; - return fn; - } - - /** - * Support testing using an element - * @param {Function} fn Passed the created element and returns a boolean result - */ - function assert( fn ) { - var el = document.createElement( "fieldset" ); - - try { - return !!fn( el ); - } catch ( e ) { - return false; - } finally { - - // Remove from its parent by default - if ( el.parentNode ) { - el.parentNode.removeChild( el ); - } - - // release memory in IE - el = null; - } - } - - /** - * Adds the same handler for all of the specified attrs - * @param {String} attrs Pipe-separated list of attributes - * @param {Function} handler The method that will be applied - */ - function addHandle( attrs, handler ) { - var arr = attrs.split( "|" ), - i = arr.length; - - while ( i-- ) { - Expr.attrHandle[ arr[ i ] ] = handler; - } - } - - /** - * Checks document order of two siblings - * @param {Element} a - * @param {Element} b - * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b - */ - function siblingCheck( a, b ) { - var cur = b && a, - diff = cur && a.nodeType === 1 && b.nodeType === 1 && - a.sourceIndex - b.sourceIndex; - - // Use IE sourceIndex if available on both nodes - if ( diff ) { - return diff; - } - - // Check if b follows a - if ( cur ) { - while ( ( cur = cur.nextSibling ) ) { - if ( cur === b ) { - return -1; - } - } - } - - return a ? 1 : -1; - } - - /** - * Returns a function to use in pseudos for input types - * @param {String} type - */ - function createInputPseudo( type ) { - return function( elem ) { - var name = elem.nodeName.toLowerCase(); - return name === "input" && elem.type === type; - }; - } - - /** - * Returns a function to use in pseudos for buttons - * @param {String} type - */ - function createButtonPseudo( type ) { - return function( elem ) { - var name = elem.nodeName.toLowerCase(); - return ( name === "input" || name === "button" ) && elem.type === type; - }; - } - - /** - * Returns a function to use in pseudos for :enabled/:disabled - * @param {Boolean} disabled true for :disabled; false for :enabled - */ - function createDisabledPseudo( disabled ) { - - // Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable - return function( elem ) { - - // Only certain elements can match :enabled or :disabled - // https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled - // https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled - if ( "form" in elem ) { - - // Check for inherited disabledness on relevant non-disabled elements: - // * listed form-associated elements in a disabled fieldset - // https://html.spec.whatwg.org/multipage/forms.html#category-listed - // https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled - // * option elements in a disabled optgroup - // https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled - // All such elements have a "form" property. - if ( elem.parentNode && elem.disabled === false ) { - - // Option elements defer to a parent optgroup if present - if ( "label" in elem ) { - if ( "label" in elem.parentNode ) { - return elem.parentNode.disabled === disabled; - } else { - return elem.disabled === disabled; - } - } - - // Support: IE 6 - 11 - // Use the isDisabled shortcut property to check for disabled fieldset ancestors - return elem.isDisabled === disabled || - - // Where there is no isDisabled, check manually - /* jshint -W018 */ - elem.isDisabled !== !disabled && - inDisabledFieldset( elem ) === disabled; - } - - return elem.disabled === disabled; - - // Try to winnow out elements that can't be disabled before trusting the disabled property. - // Some victims get caught in our net (label, legend, menu, track), but it shouldn't - // even exist on them, let alone have a boolean value. - } else if ( "label" in elem ) { - return elem.disabled === disabled; - } - - // Remaining elements are neither :enabled nor :disabled - return false; - }; - } - - /** - * Returns a function to use in pseudos for positionals - * @param {Function} fn - */ - function createPositionalPseudo( fn ) { - return markFunction( function( argument ) { - argument = +argument; - return markFunction( function( seed, matches ) { - var j, - matchIndexes = fn( [], seed.length, argument ), - i = matchIndexes.length; - - // Match elements found at the specified indexes - while ( i-- ) { - if ( seed[ ( j = matchIndexes[ i ] ) ] ) { - seed[ j ] = !( matches[ j ] = seed[ j ] ); - } - } - } ); - } ); - } - - /** - * Checks a node for validity as a Sizzle context - * @param {Element|Object=} context - * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value - */ - function testContext( context ) { - return context && typeof context.getElementsByTagName !== "undefined" && context; - } - -// Expose support vars for convenience - support = Sizzle.support = {}; - - /** - * Detects XML nodes - * @param {Element|Object} elem An element or a document - * @returns {Boolean} True iff elem is a non-HTML XML node - */ - isXML = Sizzle.isXML = function( elem ) { - var namespace = elem && elem.namespaceURI, - docElem = elem && ( elem.ownerDocument || elem ).documentElement; - - // Support: IE <=8 - // Assume HTML when documentElement doesn't yet exist, such as inside loading iframes - // https://bugs.jquery.com/ticket/4833 - return !rhtml.test( namespace || docElem && docElem.nodeName || "HTML" ); - }; - - /** - * Sets document-related variables once based on the current document - * @param {Element|Object} [doc] An element or document object to use to set the document - * @returns {Object} Returns the current document - */ - setDocument = Sizzle.setDocument = function( node ) { - var hasCompare, subWindow, - doc = node ? node.ownerDocument || node : preferredDoc; - - // Return early if doc is invalid or already selected - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( doc == document || doc.nodeType !== 9 || !doc.documentElement ) { - return document; - } - - // Update global variables - document = doc; - docElem = document.documentElement; - documentIsHTML = !isXML( document ); - - // Support: IE 9 - 11+, Edge 12 - 18+ - // Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936) - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( preferredDoc != document && - ( subWindow = document.defaultView ) && subWindow.top !== subWindow ) { - - // Support: IE 11, Edge - if ( subWindow.addEventListener ) { - subWindow.addEventListener( "unload", unloadHandler, false ); - - // Support: IE 9 - 10 only - } else if ( subWindow.attachEvent ) { - subWindow.attachEvent( "onunload", unloadHandler ); - } - } - - // Support: IE 8 - 11+, Edge 12 - 18+, Chrome <=16 - 25 only, Firefox <=3.6 - 31 only, - // Safari 4 - 5 only, Opera <=11.6 - 12.x only - // IE/Edge & older browsers don't support the :scope pseudo-class. - // Support: Safari 6.0 only - // Safari 6.0 supports :scope but it's an alias of :root there. - support.scope = assert( function( el ) { - docElem.appendChild( el ).appendChild( document.createElement( "div" ) ); - return typeof el.querySelectorAll !== "undefined" && - !el.querySelectorAll( ":scope fieldset div" ).length; - } ); - - /* Attributes - ---------------------------------------------------------------------- */ - - // Support: IE<8 - // Verify that getAttribute really returns attributes and not properties - // (excepting IE8 booleans) - support.attributes = assert( function( el ) { - el.className = "i"; - return !el.getAttribute( "className" ); - } ); - - /* getElement(s)By* - ---------------------------------------------------------------------- */ - - // Check if getElementsByTagName("*") returns only elements - support.getElementsByTagName = assert( function( el ) { - el.appendChild( document.createComment( "" ) ); - return !el.getElementsByTagName( "*" ).length; - } ); - - // Support: IE<9 - support.getElementsByClassName = rnative.test( document.getElementsByClassName ); - - // Support: IE<10 - // Check if getElementById returns elements by name - // The broken getElementById methods don't pick up programmatically-set names, - // so use a roundabout getElementsByName test - support.getById = assert( function( el ) { - docElem.appendChild( el ).id = expando; - return !document.getElementsByName || !document.getElementsByName( expando ).length; - } ); - - // ID filter and find - if ( support.getById ) { - Expr.filter[ "ID" ] = function( id ) { - var attrId = id.replace( runescape, funescape ); - return function( elem ) { - return elem.getAttribute( "id" ) === attrId; - }; - }; - Expr.find[ "ID" ] = function( id, context ) { - if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { - var elem = context.getElementById( id ); - return elem ? [ elem ] : []; - } - }; - } else { - Expr.filter[ "ID" ] = function( id ) { - var attrId = id.replace( runescape, funescape ); - return function( elem ) { - var node = typeof elem.getAttributeNode !== "undefined" && - elem.getAttributeNode( "id" ); - return node && node.value === attrId; - }; - }; - - // Support: IE 6 - 7 only - // getElementById is not reliable as a find shortcut - Expr.find[ "ID" ] = function( id, context ) { - if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { - var node, i, elems, - elem = context.getElementById( id ); - - if ( elem ) { - - // Verify the id attribute - node = elem.getAttributeNode( "id" ); - if ( node && node.value === id ) { - return [ elem ]; - } - - // Fall back on getElementsByName - elems = context.getElementsByName( id ); - i = 0; - while ( ( elem = elems[ i++ ] ) ) { - node = elem.getAttributeNode( "id" ); - if ( node && node.value === id ) { - return [ elem ]; - } - } - } - - return []; - } - }; - } - - // Tag - Expr.find[ "TAG" ] = support.getElementsByTagName ? - function( tag, context ) { - if ( typeof context.getElementsByTagName !== "undefined" ) { - return context.getElementsByTagName( tag ); - - // DocumentFragment nodes don't have gEBTN - } else if ( support.qsa ) { - return context.querySelectorAll( tag ); - } - } : - - function( tag, context ) { - var elem, - tmp = [], - i = 0, - - // By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too - results = context.getElementsByTagName( tag ); - - // Filter out possible comments - if ( tag === "*" ) { - while ( ( elem = results[ i++ ] ) ) { - if ( elem.nodeType === 1 ) { - tmp.push( elem ); - } - } - - return tmp; - } - return results; - }; - - // Class - Expr.find[ "CLASS" ] = support.getElementsByClassName && function( className, context ) { - if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) { - return context.getElementsByClassName( className ); - } - }; - - /* QSA/matchesSelector - ---------------------------------------------------------------------- */ - - // QSA and matchesSelector support - - // matchesSelector(:active) reports false when true (IE9/Opera 11.5) - rbuggyMatches = []; - - // qSa(:focus) reports false when true (Chrome 21) - // We allow this because of a bug in IE8/9 that throws an error - // whenever `document.activeElement` is accessed on an iframe - // So, we allow :focus to pass through QSA all the time to avoid the IE error - // See https://bugs.jquery.com/ticket/13378 - rbuggyQSA = []; - - if ( ( support.qsa = rnative.test( document.querySelectorAll ) ) ) { - - // Build QSA regex - // Regex strategy adopted from Diego Perini - assert( function( el ) { - - var input; - - // Select is set to empty string on purpose - // This is to test IE's treatment of not explicitly - // setting a boolean content attribute, - // since its presence should be enough - // https://bugs.jquery.com/ticket/12359 - docElem.appendChild( el ).innerHTML = "" + - ""; - - // Support: IE8, Opera 11-12.16 - // Nothing should be selected when empty strings follow ^= or $= or *= - // The test attribute must be unknown in Opera but "safe" for WinRT - // https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section - if ( el.querySelectorAll( "[msallowcapture^='']" ).length ) { - rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" ); - } - - // Support: IE8 - // Boolean attributes and "value" are not treated correctly - if ( !el.querySelectorAll( "[selected]" ).length ) { - rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" ); - } - - // Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+ - if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) { - rbuggyQSA.push( "~=" ); - } - - // Support: IE 11+, Edge 15 - 18+ - // IE 11/Edge don't find elements on a `[name='']` query in some cases. - // Adding a temporary attribute to the document before the selection works - // around the issue. - // Interestingly, IE 10 & older don't seem to have the issue. - input = document.createElement( "input" ); - input.setAttribute( "name", "" ); - el.appendChild( input ); - if ( !el.querySelectorAll( "[name='']" ).length ) { - rbuggyQSA.push( "\\[" + whitespace + "*name" + whitespace + "*=" + - whitespace + "*(?:''|\"\")" ); - } - - // Webkit/Opera - :checked should return selected option elements - // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked - // IE8 throws error here and will not see later tests - if ( !el.querySelectorAll( ":checked" ).length ) { - rbuggyQSA.push( ":checked" ); - } - - // Support: Safari 8+, iOS 8+ - // https://bugs.webkit.org/show_bug.cgi?id=136851 - // In-page `selector#id sibling-combinator selector` fails - if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) { - rbuggyQSA.push( ".#.+[+~]" ); - } - - // Support: Firefox <=3.6 - 5 only - // Old Firefox doesn't throw on a badly-escaped identifier. - el.querySelectorAll( "\\\f" ); - rbuggyQSA.push( "[\\r\\n\\f]" ); - } ); - - assert( function( el ) { - el.innerHTML = "" + - ""; - - // Support: Windows 8 Native Apps - // The type and name attributes are restricted during .innerHTML assignment - var input = document.createElement( "input" ); - input.setAttribute( "type", "hidden" ); - el.appendChild( input ).setAttribute( "name", "D" ); - - // Support: IE8 - // Enforce case-sensitivity of name attribute - if ( el.querySelectorAll( "[name=d]" ).length ) { - rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" ); - } - - // FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled) - // IE8 throws error here and will not see later tests - if ( el.querySelectorAll( ":enabled" ).length !== 2 ) { - rbuggyQSA.push( ":enabled", ":disabled" ); - } - - // Support: IE9-11+ - // IE's :disabled selector does not pick up the children of disabled fieldsets - docElem.appendChild( el ).disabled = true; - if ( el.querySelectorAll( ":disabled" ).length !== 2 ) { - rbuggyQSA.push( ":enabled", ":disabled" ); - } - - // Support: Opera 10 - 11 only - // Opera 10-11 does not throw on post-comma invalid pseudos - el.querySelectorAll( "*,:x" ); - rbuggyQSA.push( ",.*:" ); - } ); - } - - if ( ( support.matchesSelector = rnative.test( ( matches = docElem.matches || - docElem.webkitMatchesSelector || - docElem.mozMatchesSelector || - docElem.oMatchesSelector || - docElem.msMatchesSelector ) ) ) ) { - - assert( function( el ) { - - // Check to see if it's possible to do matchesSelector - // on a disconnected node (IE 9) - support.disconnectedMatch = matches.call( el, "*" ); - - // This should fail with an exception - // Gecko does not error, returns false instead - matches.call( el, "[s!='']:x" ); - rbuggyMatches.push( "!=", pseudos ); - } ); - } - - rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join( "|" ) ); - rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join( "|" ) ); - - /* Contains - ---------------------------------------------------------------------- */ - hasCompare = rnative.test( docElem.compareDocumentPosition ); - - // Element contains another - // Purposefully self-exclusive - // As in, an element does not contain itself - contains = hasCompare || rnative.test( docElem.contains ) ? - function( a, b ) { - var adown = a.nodeType === 9 ? a.documentElement : a, - bup = b && b.parentNode; - return a === bup || !!( bup && bup.nodeType === 1 && ( - adown.contains ? - adown.contains( bup ) : - a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16 - ) ); - } : - function( a, b ) { - if ( b ) { - while ( ( b = b.parentNode ) ) { - if ( b === a ) { - return true; - } - } - } - return false; - }; - - /* Sorting - ---------------------------------------------------------------------- */ - - // Document order sorting - sortOrder = hasCompare ? - function( a, b ) { - - // Flag for duplicate removal - if ( a === b ) { - hasDuplicate = true; - return 0; - } - - // Sort on method existence if only one input has compareDocumentPosition - var compare = !a.compareDocumentPosition - !b.compareDocumentPosition; - if ( compare ) { - return compare; - } - - // Calculate position if both inputs belong to the same document - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - compare = ( a.ownerDocument || a ) == ( b.ownerDocument || b ) ? - a.compareDocumentPosition( b ) : - - // Otherwise we know they are disconnected - 1; - - // Disconnected nodes - if ( compare & 1 || - ( !support.sortDetached && b.compareDocumentPosition( a ) === compare ) ) { - - // Choose the first element that is related to our preferred document - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( a == document || a.ownerDocument == preferredDoc && - contains( preferredDoc, a ) ) { - return -1; - } - - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( b == document || b.ownerDocument == preferredDoc && - contains( preferredDoc, b ) ) { - return 1; - } - - // Maintain original order - return sortInput ? - ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : - 0; - } - - return compare & 4 ? -1 : 1; - } : - function( a, b ) { - - // Exit early if the nodes are identical - if ( a === b ) { - hasDuplicate = true; - return 0; - } - - var cur, - i = 0, - aup = a.parentNode, - bup = b.parentNode, - ap = [ a ], - bp = [ b ]; - - // Parentless nodes are either documents or disconnected - if ( !aup || !bup ) { - - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - /* eslint-disable eqeqeq */ - return a == document ? -1 : - b == document ? 1 : - /* eslint-enable eqeqeq */ - aup ? -1 : - bup ? 1 : - sortInput ? - ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : - 0; - - // If the nodes are siblings, we can do a quick check - } else if ( aup === bup ) { - return siblingCheck( a, b ); - } - - // Otherwise we need full lists of their ancestors for comparison - cur = a; - while ( ( cur = cur.parentNode ) ) { - ap.unshift( cur ); - } - cur = b; - while ( ( cur = cur.parentNode ) ) { - bp.unshift( cur ); - } - - // Walk down the tree looking for a discrepancy - while ( ap[ i ] === bp[ i ] ) { - i++; - } - - return i ? - - // Do a sibling check if the nodes have a common ancestor - siblingCheck( ap[ i ], bp[ i ] ) : - - // Otherwise nodes in our document sort first - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - /* eslint-disable eqeqeq */ - ap[ i ] == preferredDoc ? -1 : - bp[ i ] == preferredDoc ? 1 : - /* eslint-enable eqeqeq */ - 0; - }; - - return document; - }; - - Sizzle.matches = function( expr, elements ) { - return Sizzle( expr, null, null, elements ); - }; - - Sizzle.matchesSelector = function( elem, expr ) { - setDocument( elem ); - - if ( support.matchesSelector && documentIsHTML && - !nonnativeSelectorCache[ expr + " " ] && - ( !rbuggyMatches || !rbuggyMatches.test( expr ) ) && - ( !rbuggyQSA || !rbuggyQSA.test( expr ) ) ) { - - try { - var ret = matches.call( elem, expr ); - - // IE 9's matchesSelector returns false on disconnected nodes - if ( ret || support.disconnectedMatch || - - // As well, disconnected nodes are said to be in a document - // fragment in IE 9 - elem.document && elem.document.nodeType !== 11 ) { - return ret; - } - } catch ( e ) { - nonnativeSelectorCache( expr, true ); - } - } - - return Sizzle( expr, document, null, [ elem ] ).length > 0; - }; - - Sizzle.contains = function( context, elem ) { - - // Set document vars if needed - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( ( context.ownerDocument || context ) != document ) { - setDocument( context ); - } - return contains( context, elem ); - }; - - Sizzle.attr = function( elem, name ) { - - // Set document vars if needed - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( ( elem.ownerDocument || elem ) != document ) { - setDocument( elem ); - } - - var fn = Expr.attrHandle[ name.toLowerCase() ], - - // Don't get fooled by Object.prototype properties (jQuery #13807) - val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ? - fn( elem, name, !documentIsHTML ) : - undefined; - - return val !== undefined ? - val : - support.attributes || !documentIsHTML ? - elem.getAttribute( name ) : - ( val = elem.getAttributeNode( name ) ) && val.specified ? - val.value : - null; - }; - - Sizzle.escape = function( sel ) { - return ( sel + "" ).replace( rcssescape, fcssescape ); - }; - - Sizzle.error = function( msg ) { - throw new Error( "Syntax error, unrecognized expression: " + msg ); - }; - - /** - * Document sorting and removing duplicates - * @param {ArrayLike} results - */ - Sizzle.uniqueSort = function( results ) { - var elem, - duplicates = [], - j = 0, - i = 0; - - // Unless we *know* we can detect duplicates, assume their presence - hasDuplicate = !support.detectDuplicates; - sortInput = !support.sortStable && results.slice( 0 ); - results.sort( sortOrder ); - - if ( hasDuplicate ) { - while ( ( elem = results[ i++ ] ) ) { - if ( elem === results[ i ] ) { - j = duplicates.push( i ); - } - } - while ( j-- ) { - results.splice( duplicates[ j ], 1 ); - } - } - - // Clear input after sorting to release objects - // See https://github.com/jquery/sizzle/pull/225 - sortInput = null; - - return results; - }; - - /** - * Utility function for retrieving the text value of an array of DOM nodes - * @param {Array|Element} elem - */ - getText = Sizzle.getText = function( elem ) { - var node, - ret = "", - i = 0, - nodeType = elem.nodeType; - - if ( !nodeType ) { - - // If no nodeType, this is expected to be an array - while ( ( node = elem[ i++ ] ) ) { - - // Do not traverse comment nodes - ret += getText( node ); - } - } else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { - - // Use textContent for elements - // innerText usage removed for consistency of new lines (jQuery #11153) - if ( typeof elem.textContent === "string" ) { - return elem.textContent; - } else { - - // Traverse its children - for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { - ret += getText( elem ); - } - } - } else if ( nodeType === 3 || nodeType === 4 ) { - return elem.nodeValue; - } - - // Do not include comment or processing instruction nodes - - return ret; - }; - - Expr = Sizzle.selectors = { - - // Can be adjusted by the user - cacheLength: 50, - - createPseudo: markFunction, - - match: matchExpr, - - attrHandle: {}, - - find: {}, - - relative: { - ">": { dir: "parentNode", first: true }, - " ": { dir: "parentNode" }, - "+": { dir: "previousSibling", first: true }, - "~": { dir: "previousSibling" } - }, - - preFilter: { - "ATTR": function( match ) { - match[ 1 ] = match[ 1 ].replace( runescape, funescape ); - - // Move the given value to match[3] whether quoted or unquoted - match[ 3 ] = ( match[ 3 ] || match[ 4 ] || - match[ 5 ] || "" ).replace( runescape, funescape ); - - if ( match[ 2 ] === "~=" ) { - match[ 3 ] = " " + match[ 3 ] + " "; - } - - return match.slice( 0, 4 ); - }, - - "CHILD": function( match ) { - - /* matches from matchExpr["CHILD"] - 1 type (only|nth|...) - 2 what (child|of-type) - 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) - 4 xn-component of xn+y argument ([+-]?\d*n|) - 5 sign of xn-component - 6 x of xn-component - 7 sign of y-component - 8 y of y-component - */ - match[ 1 ] = match[ 1 ].toLowerCase(); - - if ( match[ 1 ].slice( 0, 3 ) === "nth" ) { - - // nth-* requires argument - if ( !match[ 3 ] ) { - Sizzle.error( match[ 0 ] ); - } - - // numeric x and y parameters for Expr.filter.CHILD - // remember that false/true cast respectively to 0/1 - match[ 4 ] = +( match[ 4 ] ? - match[ 5 ] + ( match[ 6 ] || 1 ) : - 2 * ( match[ 3 ] === "even" || match[ 3 ] === "odd" ) ); - match[ 5 ] = +( ( match[ 7 ] + match[ 8 ] ) || match[ 3 ] === "odd" ); - - // other types prohibit arguments - } else if ( match[ 3 ] ) { - Sizzle.error( match[ 0 ] ); - } - - return match; - }, - - "PSEUDO": function( match ) { - var excess, - unquoted = !match[ 6 ] && match[ 2 ]; - - if ( matchExpr[ "CHILD" ].test( match[ 0 ] ) ) { - return null; - } - - // Accept quoted arguments as-is - if ( match[ 3 ] ) { - match[ 2 ] = match[ 4 ] || match[ 5 ] || ""; - - // Strip excess characters from unquoted arguments - } else if ( unquoted && rpseudo.test( unquoted ) && - - // Get excess from tokenize (recursively) - ( excess = tokenize( unquoted, true ) ) && - - // advance to the next closing parenthesis - ( excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length ) ) { - - // excess is a negative index - match[ 0 ] = match[ 0 ].slice( 0, excess ); - match[ 2 ] = unquoted.slice( 0, excess ); - } - - // Return only captures needed by the pseudo filter method (type and argument) - return match.slice( 0, 3 ); - } - }, - - filter: { - - "TAG": function( nodeNameSelector ) { - var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase(); - return nodeNameSelector === "*" ? - function() { - return true; - } : - function( elem ) { - return elem.nodeName && elem.nodeName.toLowerCase() === nodeName; - }; - }, - - "CLASS": function( className ) { - var pattern = classCache[ className + " " ]; - - return pattern || - ( pattern = new RegExp( "(^|" + whitespace + - ")" + className + "(" + whitespace + "|$)" ) ) && classCache( - className, function( elem ) { - return pattern.test( - typeof elem.className === "string" && elem.className || - typeof elem.getAttribute !== "undefined" && - elem.getAttribute( "class" ) || - "" - ); - } ); - }, - - "ATTR": function( name, operator, check ) { - return function( elem ) { - var result = Sizzle.attr( elem, name ); - - if ( result == null ) { - return operator === "!="; - } - if ( !operator ) { - return true; - } - - result += ""; - - /* eslint-disable max-len */ - - return operator === "=" ? result === check : - operator === "!=" ? result !== check : - operator === "^=" ? check && result.indexOf( check ) === 0 : - operator === "*=" ? check && result.indexOf( check ) > -1 : - operator === "$=" ? check && result.slice( -check.length ) === check : - operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 : - operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" : - false; - /* eslint-enable max-len */ - - }; - }, - - "CHILD": function( type, what, _argument, first, last ) { - var simple = type.slice( 0, 3 ) !== "nth", - forward = type.slice( -4 ) !== "last", - ofType = what === "of-type"; - - return first === 1 && last === 0 ? - - // Shortcut for :nth-*(n) - function( elem ) { - return !!elem.parentNode; - } : - - function( elem, _context, xml ) { - var cache, uniqueCache, outerCache, node, nodeIndex, start, - dir = simple !== forward ? "nextSibling" : "previousSibling", - parent = elem.parentNode, - name = ofType && elem.nodeName.toLowerCase(), - useCache = !xml && !ofType, - diff = false; - - if ( parent ) { - - // :(first|last|only)-(child|of-type) - if ( simple ) { - while ( dir ) { - node = elem; - while ( ( node = node[ dir ] ) ) { - if ( ofType ? - node.nodeName.toLowerCase() === name : - node.nodeType === 1 ) { - - return false; - } - } - - // Reverse direction for :only-* (if we haven't yet done so) - start = dir = type === "only" && !start && "nextSibling"; - } - return true; - } - - start = [ forward ? parent.firstChild : parent.lastChild ]; - - // non-xml :nth-child(...) stores cache data on `parent` - if ( forward && useCache ) { - - // Seek `elem` from a previously-cached index - - // ...in a gzip-friendly way - node = parent; - outerCache = node[ expando ] || ( node[ expando ] = {} ); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ node.uniqueID ] || - ( outerCache[ node.uniqueID ] = {} ); - - cache = uniqueCache[ type ] || []; - nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; - diff = nodeIndex && cache[ 2 ]; - node = nodeIndex && parent.childNodes[ nodeIndex ]; - - while ( ( node = ++nodeIndex && node && node[ dir ] || - - // Fallback to seeking `elem` from the start - ( diff = nodeIndex = 0 ) || start.pop() ) ) { - - // When found, cache indexes on `parent` and break - if ( node.nodeType === 1 && ++diff && node === elem ) { - uniqueCache[ type ] = [ dirruns, nodeIndex, diff ]; - break; - } - } - - } else { - - // Use previously-cached element index if available - if ( useCache ) { - - // ...in a gzip-friendly way - node = elem; - outerCache = node[ expando ] || ( node[ expando ] = {} ); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ node.uniqueID ] || - ( outerCache[ node.uniqueID ] = {} ); - - cache = uniqueCache[ type ] || []; - nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; - diff = nodeIndex; - } - - // xml :nth-child(...) - // or :nth-last-child(...) or :nth(-last)?-of-type(...) - if ( diff === false ) { - - // Use the same loop as above to seek `elem` from the start - while ( ( node = ++nodeIndex && node && node[ dir ] || - ( diff = nodeIndex = 0 ) || start.pop() ) ) { - - if ( ( ofType ? - node.nodeName.toLowerCase() === name : - node.nodeType === 1 ) && - ++diff ) { - - // Cache the index of each encountered element - if ( useCache ) { - outerCache = node[ expando ] || - ( node[ expando ] = {} ); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ node.uniqueID ] || - ( outerCache[ node.uniqueID ] = {} ); - - uniqueCache[ type ] = [ dirruns, diff ]; - } - - if ( node === elem ) { - break; - } - } - } - } - } - - // Incorporate the offset, then check against cycle size - diff -= last; - return diff === first || ( diff % first === 0 && diff / first >= 0 ); - } - }; - }, - - "PSEUDO": function( pseudo, argument ) { - - // pseudo-class names are case-insensitive - // http://www.w3.org/TR/selectors/#pseudo-classes - // Prioritize by case sensitivity in case custom pseudos are added with uppercase letters - // Remember that setFilters inherits from pseudos - var args, - fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] || - Sizzle.error( "unsupported pseudo: " + pseudo ); - - // The user may use createPseudo to indicate that - // arguments are needed to create the filter function - // just as Sizzle does - if ( fn[ expando ] ) { - return fn( argument ); - } - - // But maintain support for old signatures - if ( fn.length > 1 ) { - args = [ pseudo, pseudo, "", argument ]; - return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ? - markFunction( function( seed, matches ) { - var idx, - matched = fn( seed, argument ), - i = matched.length; - while ( i-- ) { - idx = indexOf( seed, matched[ i ] ); - seed[ idx ] = !( matches[ idx ] = matched[ i ] ); - } - } ) : - function( elem ) { - return fn( elem, 0, args ); - }; - } - - return fn; - } - }, - - pseudos: { - - // Potentially complex pseudos - "not": markFunction( function( selector ) { - - // Trim the selector passed to compile - // to avoid treating leading and trailing - // spaces as combinators - var input = [], - results = [], - matcher = compile( selector.replace( rtrim, "$1" ) ); - - return matcher[ expando ] ? - markFunction( function( seed, matches, _context, xml ) { - var elem, - unmatched = matcher( seed, null, xml, [] ), - i = seed.length; - - // Match elements unmatched by `matcher` - while ( i-- ) { - if ( ( elem = unmatched[ i ] ) ) { - seed[ i ] = !( matches[ i ] = elem ); - } - } - } ) : - function( elem, _context, xml ) { - input[ 0 ] = elem; - matcher( input, null, xml, results ); - - // Don't keep the element (issue #299) - input[ 0 ] = null; - return !results.pop(); - }; - } ), - - "has": markFunction( function( selector ) { - return function( elem ) { - return Sizzle( selector, elem ).length > 0; - }; - } ), - - "contains": markFunction( function( text ) { - text = text.replace( runescape, funescape ); - return function( elem ) { - return ( elem.textContent || getText( elem ) ).indexOf( text ) > -1; - }; - } ), - - // "Whether an element is represented by a :lang() selector - // is based solely on the element's language value - // being equal to the identifier C, - // or beginning with the identifier C immediately followed by "-". - // The matching of C against the element's language value is performed case-insensitively. - // The identifier C does not have to be a valid language name." - // http://www.w3.org/TR/selectors/#lang-pseudo - "lang": markFunction( function( lang ) { - - // lang value must be a valid identifier - if ( !ridentifier.test( lang || "" ) ) { - Sizzle.error( "unsupported lang: " + lang ); - } - lang = lang.replace( runescape, funescape ).toLowerCase(); - return function( elem ) { - var elemLang; - do { - if ( ( elemLang = documentIsHTML ? - elem.lang : - elem.getAttribute( "xml:lang" ) || elem.getAttribute( "lang" ) ) ) { - - elemLang = elemLang.toLowerCase(); - return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0; - } - } while ( ( elem = elem.parentNode ) && elem.nodeType === 1 ); - return false; - }; - } ), - - // Miscellaneous - "target": function( elem ) { - var hash = window.location && window.location.hash; - return hash && hash.slice( 1 ) === elem.id; - }, - - "root": function( elem ) { - return elem === docElem; - }, - - "focus": function( elem ) { - return elem === document.activeElement && - ( !document.hasFocus || document.hasFocus() ) && - !!( elem.type || elem.href || ~elem.tabIndex ); - }, - - // Boolean properties - "enabled": createDisabledPseudo( false ), - "disabled": createDisabledPseudo( true ), - - "checked": function( elem ) { - - // In CSS3, :checked should return both checked and selected elements - // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked - var nodeName = elem.nodeName.toLowerCase(); - return ( nodeName === "input" && !!elem.checked ) || - ( nodeName === "option" && !!elem.selected ); - }, - - "selected": function( elem ) { - - // Accessing this property makes selected-by-default - // options in Safari work properly - if ( elem.parentNode ) { - // eslint-disable-next-line no-unused-expressions - elem.parentNode.selectedIndex; - } - - return elem.selected === true; - }, - - // Contents - "empty": function( elem ) { - - // http://www.w3.org/TR/selectors/#empty-pseudo - // :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5), - // but not by others (comment: 8; processing instruction: 7; etc.) - // nodeType < 6 works because attributes (2) do not appear as children - for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { - if ( elem.nodeType < 6 ) { - return false; - } - } - return true; - }, - - "parent": function( elem ) { - return !Expr.pseudos[ "empty" ]( elem ); - }, - - // Element/input types - "header": function( elem ) { - return rheader.test( elem.nodeName ); - }, - - "input": function( elem ) { - return rinputs.test( elem.nodeName ); - }, - - "button": function( elem ) { - var name = elem.nodeName.toLowerCase(); - return name === "input" && elem.type === "button" || name === "button"; - }, - - "text": function( elem ) { - var attr; - return elem.nodeName.toLowerCase() === "input" && - elem.type === "text" && - - // Support: IE<8 - // New HTML5 attribute values (e.g., "search") appear with elem.type === "text" - ( ( attr = elem.getAttribute( "type" ) ) == null || - attr.toLowerCase() === "text" ); - }, - - // Position-in-collection - "first": createPositionalPseudo( function() { - return [ 0 ]; - } ), - - "last": createPositionalPseudo( function( _matchIndexes, length ) { - return [ length - 1 ]; - } ), - - "eq": createPositionalPseudo( function( _matchIndexes, length, argument ) { - return [ argument < 0 ? argument + length : argument ]; - } ), - - "even": createPositionalPseudo( function( matchIndexes, length ) { - var i = 0; - for ( ; i < length; i += 2 ) { - matchIndexes.push( i ); - } - return matchIndexes; - } ), - - "odd": createPositionalPseudo( function( matchIndexes, length ) { - var i = 1; - for ( ; i < length; i += 2 ) { - matchIndexes.push( i ); - } - return matchIndexes; - } ), - - "lt": createPositionalPseudo( function( matchIndexes, length, argument ) { - var i = argument < 0 ? - argument + length : - argument > length ? - length : - argument; - for ( ; --i >= 0; ) { - matchIndexes.push( i ); - } - return matchIndexes; - } ), - - "gt": createPositionalPseudo( function( matchIndexes, length, argument ) { - var i = argument < 0 ? argument + length : argument; - for ( ; ++i < length; ) { - matchIndexes.push( i ); - } - return matchIndexes; - } ) - } - }; - - Expr.pseudos[ "nth" ] = Expr.pseudos[ "eq" ]; - -// Add button/input type pseudos - for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) { - Expr.pseudos[ i ] = createInputPseudo( i ); - } - for ( i in { submit: true, reset: true } ) { - Expr.pseudos[ i ] = createButtonPseudo( i ); - } - -// Easy API for creating new setFilters - function setFilters() {} - setFilters.prototype = Expr.filters = Expr.pseudos; - Expr.setFilters = new setFilters(); - - tokenize = Sizzle.tokenize = function( selector, parseOnly ) { - var matched, match, tokens, type, - soFar, groups, preFilters, - cached = tokenCache[ selector + " " ]; - - if ( cached ) { - return parseOnly ? 0 : cached.slice( 0 ); - } - - soFar = selector; - groups = []; - preFilters = Expr.preFilter; - - while ( soFar ) { - - // Comma and first run - if ( !matched || ( match = rcomma.exec( soFar ) ) ) { - if ( match ) { - - // Don't consume trailing commas as valid - soFar = soFar.slice( match[ 0 ].length ) || soFar; - } - groups.push( ( tokens = [] ) ); - } - - matched = false; - - // Combinators - if ( ( match = rcombinators.exec( soFar ) ) ) { - matched = match.shift(); - tokens.push( { - value: matched, - - // Cast descendant combinators to space - type: match[ 0 ].replace( rtrim, " " ) - } ); - soFar = soFar.slice( matched.length ); - } - - // Filters - for ( type in Expr.filter ) { - if ( ( match = matchExpr[ type ].exec( soFar ) ) && ( !preFilters[ type ] || - ( match = preFilters[ type ]( match ) ) ) ) { - matched = match.shift(); - tokens.push( { - value: matched, - type: type, - matches: match - } ); - soFar = soFar.slice( matched.length ); - } - } - - if ( !matched ) { - break; - } - } - - // Return the length of the invalid excess - // if we're just parsing - // Otherwise, throw an error or return tokens - return parseOnly ? - soFar.length : - soFar ? - Sizzle.error( selector ) : - - // Cache the tokens - tokenCache( selector, groups ).slice( 0 ); - }; - - function toSelector( tokens ) { - var i = 0, - len = tokens.length, - selector = ""; - for ( ; i < len; i++ ) { - selector += tokens[ i ].value; - } - return selector; - } - - function addCombinator( matcher, combinator, base ) { - var dir = combinator.dir, - skip = combinator.next, - key = skip || dir, - checkNonElements = base && key === "parentNode", - doneName = done++; - - return combinator.first ? - - // Check against closest ancestor/preceding element - function( elem, context, xml ) { - while ( ( elem = elem[ dir ] ) ) { - if ( elem.nodeType === 1 || checkNonElements ) { - return matcher( elem, context, xml ); - } - } - return false; - } : - - // Check against all ancestor/preceding elements - function( elem, context, xml ) { - var oldCache, uniqueCache, outerCache, - newCache = [ dirruns, doneName ]; - - // We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching - if ( xml ) { - while ( ( elem = elem[ dir ] ) ) { - if ( elem.nodeType === 1 || checkNonElements ) { - if ( matcher( elem, context, xml ) ) { - return true; - } - } - } - } else { - while ( ( elem = elem[ dir ] ) ) { - if ( elem.nodeType === 1 || checkNonElements ) { - outerCache = elem[ expando ] || ( elem[ expando ] = {} ); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ elem.uniqueID ] || - ( outerCache[ elem.uniqueID ] = {} ); - - if ( skip && skip === elem.nodeName.toLowerCase() ) { - elem = elem[ dir ] || elem; - } else if ( ( oldCache = uniqueCache[ key ] ) && - oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) { - - // Assign to newCache so results back-propagate to previous elements - return ( newCache[ 2 ] = oldCache[ 2 ] ); - } else { - - // Reuse newcache so results back-propagate to previous elements - uniqueCache[ key ] = newCache; - - // A match means we're done; a fail means we have to keep checking - if ( ( newCache[ 2 ] = matcher( elem, context, xml ) ) ) { - return true; - } - } - } - } - } - return false; - }; - } - - function elementMatcher( matchers ) { - return matchers.length > 1 ? - function( elem, context, xml ) { - var i = matchers.length; - while ( i-- ) { - if ( !matchers[ i ]( elem, context, xml ) ) { - return false; - } - } - return true; - } : - matchers[ 0 ]; - } - - function multipleContexts( selector, contexts, results ) { - var i = 0, - len = contexts.length; - for ( ; i < len; i++ ) { - Sizzle( selector, contexts[ i ], results ); - } - return results; - } - - function condense( unmatched, map, filter, context, xml ) { - var elem, - newUnmatched = [], - i = 0, - len = unmatched.length, - mapped = map != null; - - for ( ; i < len; i++ ) { - if ( ( elem = unmatched[ i ] ) ) { - if ( !filter || filter( elem, context, xml ) ) { - newUnmatched.push( elem ); - if ( mapped ) { - map.push( i ); - } - } - } - } - - return newUnmatched; - } - - function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) { - if ( postFilter && !postFilter[ expando ] ) { - postFilter = setMatcher( postFilter ); - } - if ( postFinder && !postFinder[ expando ] ) { - postFinder = setMatcher( postFinder, postSelector ); - } - return markFunction( function( seed, results, context, xml ) { - var temp, i, elem, - preMap = [], - postMap = [], - preexisting = results.length, - - // Get initial elements from seed or context - elems = seed || multipleContexts( - selector || "*", - context.nodeType ? [ context ] : context, - [] - ), - - // Prefilter to get matcher input, preserving a map for seed-results synchronization - matcherIn = preFilter && ( seed || !selector ) ? - condense( elems, preMap, preFilter, context, xml ) : - elems, - - matcherOut = matcher ? - - // If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results, - postFinder || ( seed ? preFilter : preexisting || postFilter ) ? - - // ...intermediate processing is necessary - [] : - - // ...otherwise use results directly - results : - matcherIn; - - // Find primary matches - if ( matcher ) { - matcher( matcherIn, matcherOut, context, xml ); - } - - // Apply postFilter - if ( postFilter ) { - temp = condense( matcherOut, postMap ); - postFilter( temp, [], context, xml ); - - // Un-match failing elements by moving them back to matcherIn - i = temp.length; - while ( i-- ) { - if ( ( elem = temp[ i ] ) ) { - matcherOut[ postMap[ i ] ] = !( matcherIn[ postMap[ i ] ] = elem ); - } - } - } - - if ( seed ) { - if ( postFinder || preFilter ) { - if ( postFinder ) { - - // Get the final matcherOut by condensing this intermediate into postFinder contexts - temp = []; - i = matcherOut.length; - while ( i-- ) { - if ( ( elem = matcherOut[ i ] ) ) { - - // Restore matcherIn since elem is not yet a final match - temp.push( ( matcherIn[ i ] = elem ) ); - } - } - postFinder( null, ( matcherOut = [] ), temp, xml ); - } - - // Move matched elements from seed to results to keep them synchronized - i = matcherOut.length; - while ( i-- ) { - if ( ( elem = matcherOut[ i ] ) && - ( temp = postFinder ? indexOf( seed, elem ) : preMap[ i ] ) > -1 ) { - - seed[ temp ] = !( results[ temp ] = elem ); - } - } - } - - // Add elements to results, through postFinder if defined - } else { - matcherOut = condense( - matcherOut === results ? - matcherOut.splice( preexisting, matcherOut.length ) : - matcherOut - ); - if ( postFinder ) { - postFinder( null, results, matcherOut, xml ); - } else { - push.apply( results, matcherOut ); - } - } - } ); - } - - function matcherFromTokens( tokens ) { - var checkContext, matcher, j, - len = tokens.length, - leadingRelative = Expr.relative[ tokens[ 0 ].type ], - implicitRelative = leadingRelative || Expr.relative[ " " ], - i = leadingRelative ? 1 : 0, - - // The foundational matcher ensures that elements are reachable from top-level context(s) - matchContext = addCombinator( function( elem ) { - return elem === checkContext; - }, implicitRelative, true ), - matchAnyContext = addCombinator( function( elem ) { - return indexOf( checkContext, elem ) > -1; - }, implicitRelative, true ), - matchers = [ function( elem, context, xml ) { - var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( - ( checkContext = context ).nodeType ? - matchContext( elem, context, xml ) : - matchAnyContext( elem, context, xml ) ); - - // Avoid hanging onto element (issue #299) - checkContext = null; - return ret; - } ]; - - for ( ; i < len; i++ ) { - if ( ( matcher = Expr.relative[ tokens[ i ].type ] ) ) { - matchers = [ addCombinator( elementMatcher( matchers ), matcher ) ]; - } else { - matcher = Expr.filter[ tokens[ i ].type ].apply( null, tokens[ i ].matches ); - - // Return special upon seeing a positional matcher - if ( matcher[ expando ] ) { - - // Find the next relative operator (if any) for proper handling - j = ++i; - for ( ; j < len; j++ ) { - if ( Expr.relative[ tokens[ j ].type ] ) { - break; - } - } - return setMatcher( - i > 1 && elementMatcher( matchers ), - i > 1 && toSelector( - - // If the preceding token was a descendant combinator, insert an implicit any-element `*` - tokens - .slice( 0, i - 1 ) - .concat( { value: tokens[ i - 2 ].type === " " ? "*" : "" } ) - ).replace( rtrim, "$1" ), - matcher, - i < j && matcherFromTokens( tokens.slice( i, j ) ), - j < len && matcherFromTokens( ( tokens = tokens.slice( j ) ) ), - j < len && toSelector( tokens ) - ); - } - matchers.push( matcher ); - } - } - - return elementMatcher( matchers ); - } - - function matcherFromGroupMatchers( elementMatchers, setMatchers ) { - var bySet = setMatchers.length > 0, - byElement = elementMatchers.length > 0, - superMatcher = function( seed, context, xml, results, outermost ) { - var elem, j, matcher, - matchedCount = 0, - i = "0", - unmatched = seed && [], - setMatched = [], - contextBackup = outermostContext, - - // We must always have either seed elements or outermost context - elems = seed || byElement && Expr.find[ "TAG" ]( "*", outermost ), - - // Use integer dirruns iff this is the outermost matcher - dirrunsUnique = ( dirruns += contextBackup == null ? 1 : Math.random() || 0.1 ), - len = elems.length; - - if ( outermost ) { - - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - outermostContext = context == document || context || outermost; - } - - // Add elements passing elementMatchers directly to results - // Support: IE<9, Safari - // Tolerate NodeList properties (IE: "length"; Safari: ) matching elements by id - for ( ; i !== len && ( elem = elems[ i ] ) != null; i++ ) { - if ( byElement && elem ) { - j = 0; - - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( !context && elem.ownerDocument != document ) { - setDocument( elem ); - xml = !documentIsHTML; - } - while ( ( matcher = elementMatchers[ j++ ] ) ) { - if ( matcher( elem, context || document, xml ) ) { - results.push( elem ); - break; - } - } - if ( outermost ) { - dirruns = dirrunsUnique; - } - } - - // Track unmatched elements for set filters - if ( bySet ) { - - // They will have gone through all possible matchers - if ( ( elem = !matcher && elem ) ) { - matchedCount--; - } - - // Lengthen the array for every element, matched or not - if ( seed ) { - unmatched.push( elem ); - } - } - } - - // `i` is now the count of elements visited above, and adding it to `matchedCount` - // makes the latter nonnegative. - matchedCount += i; - - // Apply set filters to unmatched elements - // NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount` - // equals `i`), unless we didn't visit _any_ elements in the above loop because we have - // no element matchers and no seed. - // Incrementing an initially-string "0" `i` allows `i` to remain a string only in that - // case, which will result in a "00" `matchedCount` that differs from `i` but is also - // numerically zero. - if ( bySet && i !== matchedCount ) { - j = 0; - while ( ( matcher = setMatchers[ j++ ] ) ) { - matcher( unmatched, setMatched, context, xml ); - } - - if ( seed ) { - - // Reintegrate element matches to eliminate the need for sorting - if ( matchedCount > 0 ) { - while ( i-- ) { - if ( !( unmatched[ i ] || setMatched[ i ] ) ) { - setMatched[ i ] = pop.call( results ); - } - } - } - - // Discard index placeholder values to get only actual matches - setMatched = condense( setMatched ); - } - - // Add matches to results - push.apply( results, setMatched ); - - // Seedless set matches succeeding multiple successful matchers stipulate sorting - if ( outermost && !seed && setMatched.length > 0 && - ( matchedCount + setMatchers.length ) > 1 ) { - - Sizzle.uniqueSort( results ); - } - } - - // Override manipulation of globals by nested matchers - if ( outermost ) { - dirruns = dirrunsUnique; - outermostContext = contextBackup; - } - - return unmatched; - }; - - return bySet ? - markFunction( superMatcher ) : - superMatcher; - } - - compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) { - var i, - setMatchers = [], - elementMatchers = [], - cached = compilerCache[ selector + " " ]; - - if ( !cached ) { - - // Generate a function of recursive functions that can be used to check each element - if ( !match ) { - match = tokenize( selector ); - } - i = match.length; - while ( i-- ) { - cached = matcherFromTokens( match[ i ] ); - if ( cached[ expando ] ) { - setMatchers.push( cached ); - } else { - elementMatchers.push( cached ); - } - } - - // Cache the compiled function - cached = compilerCache( - selector, - matcherFromGroupMatchers( elementMatchers, setMatchers ) - ); - - // Save selector and tokenization - cached.selector = selector; - } - return cached; - }; - - /** - * A low-level selection function that works with Sizzle's compiled - * selector functions - * @param {String|Function} selector A selector or a pre-compiled - * selector function built with Sizzle.compile - * @param {Element} context - * @param {Array} [results] - * @param {Array} [seed] A set of elements to match against - */ - select = Sizzle.select = function( selector, context, results, seed ) { - var i, tokens, token, type, find, - compiled = typeof selector === "function" && selector, - match = !seed && tokenize( ( selector = compiled.selector || selector ) ); - - results = results || []; - - // Try to minimize operations if there is only one selector in the list and no seed - // (the latter of which guarantees us context) - if ( match.length === 1 ) { - - // Reduce context if the leading compound selector is an ID - tokens = match[ 0 ] = match[ 0 ].slice( 0 ); - if ( tokens.length > 2 && ( token = tokens[ 0 ] ).type === "ID" && - context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[ 1 ].type ] ) { - - context = ( Expr.find[ "ID" ]( token.matches[ 0 ] - .replace( runescape, funescape ), context ) || [] )[ 0 ]; - if ( !context ) { - return results; - - // Precompiled matchers will still verify ancestry, so step up a level - } else if ( compiled ) { - context = context.parentNode; - } - - selector = selector.slice( tokens.shift().value.length ); - } - - // Fetch a seed set for right-to-left matching - i = matchExpr[ "needsContext" ].test( selector ) ? 0 : tokens.length; - while ( i-- ) { - token = tokens[ i ]; - - // Abort if we hit a combinator - if ( Expr.relative[ ( type = token.type ) ] ) { - break; - } - if ( ( find = Expr.find[ type ] ) ) { - - // Search, expanding context for leading sibling combinators - if ( ( seed = find( - token.matches[ 0 ].replace( runescape, funescape ), - rsibling.test( tokens[ 0 ].type ) && testContext( context.parentNode ) || - context - ) ) ) { - - // If seed is empty or no tokens remain, we can return early - tokens.splice( i, 1 ); - selector = seed.length && toSelector( tokens ); - if ( !selector ) { - push.apply( results, seed ); - return results; - } - - break; - } - } - } - } - - // Compile and execute a filtering function if one is not provided - // Provide `match` to avoid retokenization if we modified the selector above - ( compiled || compile( selector, match ) )( - seed, - context, - !documentIsHTML, - results, - !context || rsibling.test( selector ) && testContext( context.parentNode ) || context - ); - return results; - }; - -// One-time assignments - -// Sort stability - support.sortStable = expando.split( "" ).sort( sortOrder ).join( "" ) === expando; - -// Support: Chrome 14-35+ -// Always assume duplicates if they aren't passed to the comparison function - support.detectDuplicates = !!hasDuplicate; - -// Initialize against the default document - setDocument(); - -// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27) -// Detached nodes confoundingly follow *each other* - support.sortDetached = assert( function( el ) { - - // Should return 1, but returns 4 (following) - return el.compareDocumentPosition( document.createElement( "fieldset" ) ) & 1; - } ); - -// Support: IE<8 -// Prevent attribute/property "interpolation" -// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx - if ( !assert( function( el ) { - el.innerHTML = ""; - return el.firstChild.getAttribute( "href" ) === "#"; - } ) ) { - addHandle( "type|href|height|width", function( elem, name, isXML ) { - if ( !isXML ) { - return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 ); - } - } ); - } - -// Support: IE<9 -// Use defaultValue in place of getAttribute("value") - if ( !support.attributes || !assert( function( el ) { - el.innerHTML = ""; - el.firstChild.setAttribute( "value", "" ); - return el.firstChild.getAttribute( "value" ) === ""; - } ) ) { - addHandle( "value", function( elem, _name, isXML ) { - if ( !isXML && elem.nodeName.toLowerCase() === "input" ) { - return elem.defaultValue; - } - } ); - } - -// Support: IE<9 -// Use getAttributeNode to fetch booleans when getAttribute lies - if ( !assert( function( el ) { - return el.getAttribute( "disabled" ) == null; - } ) ) { - addHandle( booleans, function( elem, name, isXML ) { - var val; - if ( !isXML ) { - return elem[ name ] === true ? name.toLowerCase() : - ( val = elem.getAttributeNode( name ) ) && val.specified ? - val.value : - null; - } - } ); - } - - return Sizzle; - - } )( window ); - - - - jQuery.find = Sizzle; - jQuery.expr = Sizzle.selectors; - -// Deprecated - jQuery.expr[ ":" ] = jQuery.expr.pseudos; - jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort; - jQuery.text = Sizzle.getText; - jQuery.isXMLDoc = Sizzle.isXML; - jQuery.contains = Sizzle.contains; - jQuery.escapeSelector = Sizzle.escape; - - - - - var dir = function( elem, dir, until ) { - var matched = [], - truncate = until !== undefined; - - while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) { - if ( elem.nodeType === 1 ) { - if ( truncate && jQuery( elem ).is( until ) ) { - break; - } - matched.push( elem ); - } - } - return matched; - }; - - - var siblings = function( n, elem ) { - var matched = []; - - for ( ; n; n = n.nextSibling ) { - if ( n.nodeType === 1 && n !== elem ) { - matched.push( n ); - } - } - - return matched; - }; - - - var rneedsContext = jQuery.expr.match.needsContext; - - - - function nodeName( elem, name ) { - - return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase(); - - } - var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i ); - - - -// Implement the identical functionality for filter and not - function winnow( elements, qualifier, not ) { - if ( isFunction( qualifier ) ) { - return jQuery.grep( elements, function( elem, i ) { - return !!qualifier.call( elem, i, elem ) !== not; - } ); - } - - // Single element - if ( qualifier.nodeType ) { - return jQuery.grep( elements, function( elem ) { - return ( elem === qualifier ) !== not; - } ); - } - - // Arraylike of elements (jQuery, arguments, Array) - if ( typeof qualifier !== "string" ) { - return jQuery.grep( elements, function( elem ) { - return ( indexOf.call( qualifier, elem ) > -1 ) !== not; - } ); - } - - // Filtered directly for both simple and complex selectors - return jQuery.filter( qualifier, elements, not ); - } - - jQuery.filter = function( expr, elems, not ) { - var elem = elems[ 0 ]; - - if ( not ) { - expr = ":not(" + expr + ")"; - } - - if ( elems.length === 1 && elem.nodeType === 1 ) { - return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : []; - } - - return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) { - return elem.nodeType === 1; - } ) ); - }; - - jQuery.fn.extend( { - find: function( selector ) { - var i, ret, - len = this.length, - self = this; - - if ( typeof selector !== "string" ) { - return this.pushStack( jQuery( selector ).filter( function() { - for ( i = 0; i < len; i++ ) { - if ( jQuery.contains( self[ i ], this ) ) { - return true; - } - } - } ) ); - } - - ret = this.pushStack( [] ); - - for ( i = 0; i < len; i++ ) { - jQuery.find( selector, self[ i ], ret ); - } - - return len > 1 ? jQuery.uniqueSort( ret ) : ret; - }, - filter: function( selector ) { - return this.pushStack( winnow( this, selector || [], false ) ); - }, - not: function( selector ) { - return this.pushStack( winnow( this, selector || [], true ) ); - }, - is: function( selector ) { - return !!winnow( - this, - - // If this is a positional/relative selector, check membership in the returned set - // so $("p:first").is("p:last") won't return true for a doc with two "p". - typeof selector === "string" && rneedsContext.test( selector ) ? - jQuery( selector ) : - selector || [], - false - ).length; - } - } ); - - -// Initialize a jQuery object - - -// A central reference to the root jQuery(document) - var rootjQuery, - - // A simple way to check for HTML strings - // Prioritize #id over to avoid XSS via location.hash (#9521) - // Strict HTML recognition (#11290: must start with <) - // Shortcut simple #id case for speed - rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/, - - init = jQuery.fn.init = function( selector, context, root ) { - var match, elem; - - // HANDLE: $(""), $(null), $(undefined), $(false) - if ( !selector ) { - return this; - } - - // Method init() accepts an alternate rootjQuery - // so migrate can support jQuery.sub (gh-2101) - root = root || rootjQuery; - - // Handle HTML strings - if ( typeof selector === "string" ) { - if ( selector[ 0 ] === "<" && - selector[ selector.length - 1 ] === ">" && - selector.length >= 3 ) { - - // Assume that strings that start and end with <> are HTML and skip the regex check - match = [ null, selector, null ]; - - } else { - match = rquickExpr.exec( selector ); - } - - // Match html or make sure no context is specified for #id - if ( match && ( match[ 1 ] || !context ) ) { - - // HANDLE: $(html) -> $(array) - if ( match[ 1 ] ) { - context = context instanceof jQuery ? context[ 0 ] : context; - - // Option to run scripts is true for back-compat - // Intentionally let the error be thrown if parseHTML is not present - jQuery.merge( this, jQuery.parseHTML( - match[ 1 ], - context && context.nodeType ? context.ownerDocument || context : document, - true - ) ); - - // HANDLE: $(html, props) - if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) { - for ( match in context ) { - - // Properties of context are called as methods if possible - if ( isFunction( this[ match ] ) ) { - this[ match ]( context[ match ] ); - - // ...and otherwise set as attributes - } else { - this.attr( match, context[ match ] ); - } - } - } - - return this; - - // HANDLE: $(#id) - } else { - elem = document.getElementById( match[ 2 ] ); - - if ( elem ) { - - // Inject the element directly into the jQuery object - this[ 0 ] = elem; - this.length = 1; - } - return this; - } - - // HANDLE: $(expr, $(...)) - } else if ( !context || context.jquery ) { - return ( context || root ).find( selector ); - - // HANDLE: $(expr, context) - // (which is just equivalent to: $(context).find(expr) - } else { - return this.constructor( context ).find( selector ); - } - - // HANDLE: $(DOMElement) - } else if ( selector.nodeType ) { - this[ 0 ] = selector; - this.length = 1; - return this; - - // HANDLE: $(function) - // Shortcut for document ready - } else if ( isFunction( selector ) ) { - return root.ready !== undefined ? - root.ready( selector ) : - - // Execute immediately if ready is not present - selector( jQuery ); - } - - return jQuery.makeArray( selector, this ); - }; - -// Give the init function the jQuery prototype for later instantiation - init.prototype = jQuery.fn; - -// Initialize central reference - rootjQuery = jQuery( document ); - - - var rparentsprev = /^(?:parents|prev(?:Until|All))/, - - // Methods guaranteed to produce a unique set when starting from a unique set - guaranteedUnique = { - children: true, - contents: true, - next: true, - prev: true - }; - - jQuery.fn.extend( { - has: function( target ) { - var targets = jQuery( target, this ), - l = targets.length; - - return this.filter( function() { - var i = 0; - for ( ; i < l; i++ ) { - if ( jQuery.contains( this, targets[ i ] ) ) { - return true; - } - } - } ); - }, - - closest: function( selectors, context ) { - var cur, - i = 0, - l = this.length, - matched = [], - targets = typeof selectors !== "string" && jQuery( selectors ); - - // Positional selectors never match, since there's no _selection_ context - if ( !rneedsContext.test( selectors ) ) { - for ( ; i < l; i++ ) { - for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) { - - // Always skip document fragments - if ( cur.nodeType < 11 && ( targets ? - targets.index( cur ) > -1 : - - // Don't pass non-elements to Sizzle - cur.nodeType === 1 && - jQuery.find.matchesSelector( cur, selectors ) ) ) { - - matched.push( cur ); - break; - } - } - } - } - - return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched ); - }, - - // Determine the position of an element within the set - index: function( elem ) { - - // No argument, return index in parent - if ( !elem ) { - return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1; - } - - // Index in selector - if ( typeof elem === "string" ) { - return indexOf.call( jQuery( elem ), this[ 0 ] ); - } - - // Locate the position of the desired element - return indexOf.call( this, - - // If it receives a jQuery object, the first element is used - elem.jquery ? elem[ 0 ] : elem - ); - }, - - add: function( selector, context ) { - return this.pushStack( - jQuery.uniqueSort( - jQuery.merge( this.get(), jQuery( selector, context ) ) - ) - ); - }, - - addBack: function( selector ) { - return this.add( selector == null ? - this.prevObject : this.prevObject.filter( selector ) - ); - } - } ); - - function sibling( cur, dir ) { - while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {} - return cur; - } - - jQuery.each( { - parent: function( elem ) { - var parent = elem.parentNode; - return parent && parent.nodeType !== 11 ? parent : null; - }, - parents: function( elem ) { - return dir( elem, "parentNode" ); - }, - parentsUntil: function( elem, _i, until ) { - return dir( elem, "parentNode", until ); - }, - next: function( elem ) { - return sibling( elem, "nextSibling" ); - }, - prev: function( elem ) { - return sibling( elem, "previousSibling" ); - }, - nextAll: function( elem ) { - return dir( elem, "nextSibling" ); - }, - prevAll: function( elem ) { - return dir( elem, "previousSibling" ); - }, - nextUntil: function( elem, _i, until ) { - return dir( elem, "nextSibling", until ); - }, - prevUntil: function( elem, _i, until ) { - return dir( elem, "previousSibling", until ); - }, - siblings: function( elem ) { - return siblings( ( elem.parentNode || {} ).firstChild, elem ); - }, - children: function( elem ) { - return siblings( elem.firstChild ); - }, - contents: function( elem ) { - if ( elem.contentDocument != null && - - // Support: IE 11+ - // elements with no `data` attribute has an object - // `contentDocument` with a `null` prototype. - getProto( elem.contentDocument ) ) { - - return elem.contentDocument; - } - - // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only - // Treat the template element as a regular one in browsers that - // don't support it. - if ( nodeName( elem, "template" ) ) { - elem = elem.content || elem; - } - - return jQuery.merge( [], elem.childNodes ); - } - }, function( name, fn ) { - jQuery.fn[ name ] = function( until, selector ) { - var matched = jQuery.map( this, fn, until ); - - if ( name.slice( -5 ) !== "Until" ) { - selector = until; - } - - if ( selector && typeof selector === "string" ) { - matched = jQuery.filter( selector, matched ); - } - - if ( this.length > 1 ) { - - // Remove duplicates - if ( !guaranteedUnique[ name ] ) { - jQuery.uniqueSort( matched ); - } - - // Reverse order for parents* and prev-derivatives - if ( rparentsprev.test( name ) ) { - matched.reverse(); - } - } - - return this.pushStack( matched ); - }; - } ); - var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g ); - - - -// Convert String-formatted options into Object-formatted ones - function createOptions( options ) { - var object = {}; - jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) { - object[ flag ] = true; - } ); - return object; - } - - /* - * Create a callback list using the following parameters: - * - * options: an optional list of space-separated options that will change how - * the callback list behaves or a more traditional option object - * - * By default a callback list will act like an event callback list and can be - * "fired" multiple times. - * - * Possible options: - * - * once: will ensure the callback list can only be fired once (like a Deferred) - * - * memory: will keep track of previous values and will call any callback added - * after the list has been fired right away with the latest "memorized" - * values (like a Deferred) - * - * unique: will ensure a callback can only be added once (no duplicate in the list) - * - * stopOnFalse: interrupt callings when a callback returns false - * - */ - jQuery.Callbacks = function( options ) { - - // Convert options from String-formatted to Object-formatted if needed - // (we check in cache first) - options = typeof options === "string" ? - createOptions( options ) : - jQuery.extend( {}, options ); - - var // Flag to know if list is currently firing - firing, - - // Last fire value for non-forgettable lists - memory, - - // Flag to know if list was already fired - fired, - - // Flag to prevent firing - locked, - - // Actual callback list - list = [], - - // Queue of execution data for repeatable lists - queue = [], - - // Index of currently firing callback (modified by add/remove as needed) - firingIndex = -1, - - // Fire callbacks - fire = function() { - - // Enforce single-firing - locked = locked || options.once; - - // Execute callbacks for all pending executions, - // respecting firingIndex overrides and runtime changes - fired = firing = true; - for ( ; queue.length; firingIndex = -1 ) { - memory = queue.shift(); - while ( ++firingIndex < list.length ) { - - // Run callback and check for early termination - if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false && - options.stopOnFalse ) { - - // Jump to end and forget the data so .add doesn't re-fire - firingIndex = list.length; - memory = false; - } - } - } - - // Forget the data if we're done with it - if ( !options.memory ) { - memory = false; - } - - firing = false; - - // Clean up if we're done firing for good - if ( locked ) { - - // Keep an empty list if we have data for future add calls - if ( memory ) { - list = []; - - // Otherwise, this object is spent - } else { - list = ""; - } - } - }, - - // Actual Callbacks object - self = { - - // Add a callback or a collection of callbacks to the list - add: function() { - if ( list ) { - - // If we have memory from a past run, we should fire after adding - if ( memory && !firing ) { - firingIndex = list.length - 1; - queue.push( memory ); - } - - ( function add( args ) { - jQuery.each( args, function( _, arg ) { - if ( isFunction( arg ) ) { - if ( !options.unique || !self.has( arg ) ) { - list.push( arg ); - } - } else if ( arg && arg.length && toType( arg ) !== "string" ) { - - // Inspect recursively - add( arg ); - } - } ); - } )( arguments ); - - if ( memory && !firing ) { - fire(); - } - } - return this; - }, - - // Remove a callback from the list - remove: function() { - jQuery.each( arguments, function( _, arg ) { - var index; - while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) { - list.splice( index, 1 ); - - // Handle firing indexes - if ( index <= firingIndex ) { - firingIndex--; - } - } - } ); - return this; - }, - - // Check if a given callback is in the list. - // If no argument is given, return whether or not list has callbacks attached. - has: function( fn ) { - return fn ? - jQuery.inArray( fn, list ) > -1 : - list.length > 0; - }, - - // Remove all callbacks from the list - empty: function() { - if ( list ) { - list = []; - } - return this; - }, - - // Disable .fire and .add - // Abort any current/pending executions - // Clear all callbacks and values - disable: function() { - locked = queue = []; - list = memory = ""; - return this; - }, - disabled: function() { - return !list; - }, - - // Disable .fire - // Also disable .add unless we have memory (since it would have no effect) - // Abort any pending executions - lock: function() { - locked = queue = []; - if ( !memory && !firing ) { - list = memory = ""; - } - return this; - }, - locked: function() { - return !!locked; - }, - - // Call all callbacks with the given context and arguments - fireWith: function( context, args ) { - if ( !locked ) { - args = args || []; - args = [ context, args.slice ? args.slice() : args ]; - queue.push( args ); - if ( !firing ) { - fire(); - } - } - return this; - }, - - // Call all the callbacks with the given arguments - fire: function() { - self.fireWith( this, arguments ); - return this; - }, - - // To know if the callbacks have already been called at least once - fired: function() { - return !!fired; - } - }; - - return self; - }; - - - function Identity( v ) { - return v; - } - function Thrower( ex ) { - throw ex; - } - - function adoptValue( value, resolve, reject, noValue ) { - var method; - - try { - - // Check for promise aspect first to privilege synchronous behavior - if ( value && isFunction( ( method = value.promise ) ) ) { - method.call( value ).done( resolve ).fail( reject ); - - // Other thenables - } else if ( value && isFunction( ( method = value.then ) ) ) { - method.call( value, resolve, reject ); - - // Other non-thenables - } else { - - // Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer: - // * false: [ value ].slice( 0 ) => resolve( value ) - // * true: [ value ].slice( 1 ) => resolve() - resolve.apply( undefined, [ value ].slice( noValue ) ); - } - - // For Promises/A+, convert exceptions into rejections - // Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in - // Deferred#then to conditionally suppress rejection. - } catch ( value ) { - - // Support: Android 4.0 only - // Strict mode functions invoked without .call/.apply get global-object context - reject.apply( undefined, [ value ] ); - } - } - - jQuery.extend( { - - Deferred: function( func ) { - var tuples = [ - - // action, add listener, callbacks, - // ... .then handlers, argument index, [final state] - [ "notify", "progress", jQuery.Callbacks( "memory" ), - jQuery.Callbacks( "memory" ), 2 ], - [ "resolve", "done", jQuery.Callbacks( "once memory" ), - jQuery.Callbacks( "once memory" ), 0, "resolved" ], - [ "reject", "fail", jQuery.Callbacks( "once memory" ), - jQuery.Callbacks( "once memory" ), 1, "rejected" ] - ], - state = "pending", - promise = { - state: function() { - return state; - }, - always: function() { - deferred.done( arguments ).fail( arguments ); - return this; - }, - "catch": function( fn ) { - return promise.then( null, fn ); - }, - - // Keep pipe for back-compat - pipe: function( /* fnDone, fnFail, fnProgress */ ) { - var fns = arguments; - - return jQuery.Deferred( function( newDefer ) { - jQuery.each( tuples, function( _i, tuple ) { - - // Map tuples (progress, done, fail) to arguments (done, fail, progress) - var fn = isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ]; - - // deferred.progress(function() { bind to newDefer or newDefer.notify }) - // deferred.done(function() { bind to newDefer or newDefer.resolve }) - // deferred.fail(function() { bind to newDefer or newDefer.reject }) - deferred[ tuple[ 1 ] ]( function() { - var returned = fn && fn.apply( this, arguments ); - if ( returned && isFunction( returned.promise ) ) { - returned.promise() - .progress( newDefer.notify ) - .done( newDefer.resolve ) - .fail( newDefer.reject ); - } else { - newDefer[ tuple[ 0 ] + "With" ]( - this, - fn ? [ returned ] : arguments - ); - } - } ); - } ); - fns = null; - } ).promise(); - }, - then: function( onFulfilled, onRejected, onProgress ) { - var maxDepth = 0; - function resolve( depth, deferred, handler, special ) { - return function() { - var that = this, - args = arguments, - mightThrow = function() { - var returned, then; - - // Support: Promises/A+ section 2.3.3.3.3 - // https://promisesaplus.com/#point-59 - // Ignore double-resolution attempts - if ( depth < maxDepth ) { - return; - } - - returned = handler.apply( that, args ); - - // Support: Promises/A+ section 2.3.1 - // https://promisesaplus.com/#point-48 - if ( returned === deferred.promise() ) { - throw new TypeError( "Thenable self-resolution" ); - } - - // Support: Promises/A+ sections 2.3.3.1, 3.5 - // https://promisesaplus.com/#point-54 - // https://promisesaplus.com/#point-75 - // Retrieve `then` only once - then = returned && - - // Support: Promises/A+ section 2.3.4 - // https://promisesaplus.com/#point-64 - // Only check objects and functions for thenability - ( typeof returned === "object" || - typeof returned === "function" ) && - returned.then; - - // Handle a returned thenable - if ( isFunction( then ) ) { - - // Special processors (notify) just wait for resolution - if ( special ) { - then.call( - returned, - resolve( maxDepth, deferred, Identity, special ), - resolve( maxDepth, deferred, Thrower, special ) - ); - - // Normal processors (resolve) also hook into progress - } else { - - // ...and disregard older resolution values - maxDepth++; - - then.call( - returned, - resolve( maxDepth, deferred, Identity, special ), - resolve( maxDepth, deferred, Thrower, special ), - resolve( maxDepth, deferred, Identity, - deferred.notifyWith ) - ); - } - - // Handle all other returned values - } else { - - // Only substitute handlers pass on context - // and multiple values (non-spec behavior) - if ( handler !== Identity ) { - that = undefined; - args = [ returned ]; - } - - // Process the value(s) - // Default process is resolve - ( special || deferred.resolveWith )( that, args ); - } - }, - - // Only normal processors (resolve) catch and reject exceptions - process = special ? - mightThrow : - function() { - try { - mightThrow(); - } catch ( e ) { - - if ( jQuery.Deferred.exceptionHook ) { - jQuery.Deferred.exceptionHook( e, - process.stackTrace ); - } - - // Support: Promises/A+ section 2.3.3.3.4.1 - // https://promisesaplus.com/#point-61 - // Ignore post-resolution exceptions - if ( depth + 1 >= maxDepth ) { - - // Only substitute handlers pass on context - // and multiple values (non-spec behavior) - if ( handler !== Thrower ) { - that = undefined; - args = [ e ]; - } - - deferred.rejectWith( that, args ); - } - } - }; - - // Support: Promises/A+ section 2.3.3.3.1 - // https://promisesaplus.com/#point-57 - // Re-resolve promises immediately to dodge false rejection from - // subsequent errors - if ( depth ) { - process(); - } else { - - // Call an optional hook to record the stack, in case of exception - // since it's otherwise lost when execution goes async - if ( jQuery.Deferred.getStackHook ) { - process.stackTrace = jQuery.Deferred.getStackHook(); - } - window.setTimeout( process ); - } - }; - } - - return jQuery.Deferred( function( newDefer ) { - - // progress_handlers.add( ... ) - tuples[ 0 ][ 3 ].add( - resolve( - 0, - newDefer, - isFunction( onProgress ) ? - onProgress : - Identity, - newDefer.notifyWith - ) - ); - - // fulfilled_handlers.add( ... ) - tuples[ 1 ][ 3 ].add( - resolve( - 0, - newDefer, - isFunction( onFulfilled ) ? - onFulfilled : - Identity - ) - ); - - // rejected_handlers.add( ... ) - tuples[ 2 ][ 3 ].add( - resolve( - 0, - newDefer, - isFunction( onRejected ) ? - onRejected : - Thrower - ) - ); - } ).promise(); - }, - - // Get a promise for this deferred - // If obj is provided, the promise aspect is added to the object - promise: function( obj ) { - return obj != null ? jQuery.extend( obj, promise ) : promise; - } - }, - deferred = {}; - - // Add list-specific methods - jQuery.each( tuples, function( i, tuple ) { - var list = tuple[ 2 ], - stateString = tuple[ 5 ]; - - // promise.progress = list.add - // promise.done = list.add - // promise.fail = list.add - promise[ tuple[ 1 ] ] = list.add; - - // Handle state - if ( stateString ) { - list.add( - function() { - - // state = "resolved" (i.e., fulfilled) - // state = "rejected" - state = stateString; - }, - - // rejected_callbacks.disable - // fulfilled_callbacks.disable - tuples[ 3 - i ][ 2 ].disable, - - // rejected_handlers.disable - // fulfilled_handlers.disable - tuples[ 3 - i ][ 3 ].disable, - - // progress_callbacks.lock - tuples[ 0 ][ 2 ].lock, - - // progress_handlers.lock - tuples[ 0 ][ 3 ].lock - ); - } - - // progress_handlers.fire - // fulfilled_handlers.fire - // rejected_handlers.fire - list.add( tuple[ 3 ].fire ); - - // deferred.notify = function() { deferred.notifyWith(...) } - // deferred.resolve = function() { deferred.resolveWith(...) } - // deferred.reject = function() { deferred.rejectWith(...) } - deferred[ tuple[ 0 ] ] = function() { - deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments ); - return this; - }; - - // deferred.notifyWith = list.fireWith - // deferred.resolveWith = list.fireWith - // deferred.rejectWith = list.fireWith - deferred[ tuple[ 0 ] + "With" ] = list.fireWith; - } ); - - // Make the deferred a promise - promise.promise( deferred ); - - // Call given func if any - if ( func ) { - func.call( deferred, deferred ); - } - - // All done! - return deferred; - }, - - // Deferred helper - when: function( singleValue ) { - var - - // count of uncompleted subordinates - remaining = arguments.length, - - // count of unprocessed arguments - i = remaining, - - // subordinate fulfillment data - resolveContexts = Array( i ), - resolveValues = slice.call( arguments ), - - // the primary Deferred - primary = jQuery.Deferred(), - - // subordinate callback factory - updateFunc = function( i ) { - return function( value ) { - resolveContexts[ i ] = this; - resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value; - if ( !( --remaining ) ) { - primary.resolveWith( resolveContexts, resolveValues ); - } - }; - }; - - // Single- and empty arguments are adopted like Promise.resolve - if ( remaining <= 1 ) { - adoptValue( singleValue, primary.done( updateFunc( i ) ).resolve, primary.reject, - !remaining ); - - // Use .then() to unwrap secondary thenables (cf. gh-3000) - if ( primary.state() === "pending" || - isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) { - - return primary.then(); - } - } - - // Multiple arguments are aggregated like Promise.all array elements - while ( i-- ) { - adoptValue( resolveValues[ i ], updateFunc( i ), primary.reject ); - } - - return primary.promise(); - } - } ); - - -// These usually indicate a programmer mistake during development, -// warn about them ASAP rather than swallowing them by default. - var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/; - - jQuery.Deferred.exceptionHook = function( error, stack ) { - - // Support: IE 8 - 9 only - // Console exists when dev tools are open, which can happen at any time - if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) { - window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack ); - } - }; - - - - - jQuery.readyException = function( error ) { - window.setTimeout( function() { - throw error; - } ); - }; - - - - -// The deferred used on DOM ready - var readyList = jQuery.Deferred(); - - jQuery.fn.ready = function( fn ) { - - readyList - .then( fn ) - - // Wrap jQuery.readyException in a function so that the lookup - // happens at the time of error handling instead of callback - // registration. - .catch( function( error ) { - jQuery.readyException( error ); - } ); - - return this; - }; - - jQuery.extend( { - - // Is the DOM ready to be used? Set to true once it occurs. - isReady: false, - - // A counter to track how many items to wait for before - // the ready event fires. See #6781 - readyWait: 1, - - // Handle when the DOM is ready - ready: function( wait ) { - - // Abort if there are pending holds or we're already ready - if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) { - return; - } - - // Remember that the DOM is ready - jQuery.isReady = true; - - // If a normal DOM Ready event fired, decrement, and wait if need be - if ( wait !== true && --jQuery.readyWait > 0 ) { - return; - } - - // If there are functions bound, to execute - readyList.resolveWith( document, [ jQuery ] ); - } - } ); - - jQuery.ready.then = readyList.then; - -// The ready event handler and self cleanup method - function completed() { - document.removeEventListener( "DOMContentLoaded", completed ); - window.removeEventListener( "load", completed ); - jQuery.ready(); - } - -// Catch cases where $(document).ready() is called -// after the browser event has already occurred. -// Support: IE <=9 - 10 only -// Older IE sometimes signals "interactive" too soon - if ( document.readyState === "complete" || - ( document.readyState !== "loading" && !document.documentElement.doScroll ) ) { - - // Handle it asynchronously to allow scripts the opportunity to delay ready - window.setTimeout( jQuery.ready ); - - } else { - - // Use the handy event callback - document.addEventListener( "DOMContentLoaded", completed ); - - // A fallback to window.onload, that will always work - window.addEventListener( "load", completed ); - } - - - - -// Multifunctional method to get and set values of a collection -// The value/s can optionally be executed if it's a function - var access = function( elems, fn, key, value, chainable, emptyGet, raw ) { - var i = 0, - len = elems.length, - bulk = key == null; - - // Sets many values - if ( toType( key ) === "object" ) { - chainable = true; - for ( i in key ) { - access( elems, fn, i, key[ i ], true, emptyGet, raw ); - } - - // Sets one value - } else if ( value !== undefined ) { - chainable = true; - - if ( !isFunction( value ) ) { - raw = true; - } - - if ( bulk ) { - - // Bulk operations run against the entire set - if ( raw ) { - fn.call( elems, value ); - fn = null; - - // ...except when executing function values - } else { - bulk = fn; - fn = function( elem, _key, value ) { - return bulk.call( jQuery( elem ), value ); - }; - } - } - - if ( fn ) { - for ( ; i < len; i++ ) { - fn( - elems[ i ], key, raw ? - value : - value.call( elems[ i ], i, fn( elems[ i ], key ) ) - ); - } - } - } - - if ( chainable ) { - return elems; - } - - // Gets - if ( bulk ) { - return fn.call( elems ); - } - - return len ? fn( elems[ 0 ], key ) : emptyGet; - }; - - -// Matches dashed string for camelizing - var rmsPrefix = /^-ms-/, - rdashAlpha = /-([a-z])/g; - -// Used by camelCase as callback to replace() - function fcamelCase( _all, letter ) { - return letter.toUpperCase(); - } - -// Convert dashed to camelCase; used by the css and data modules -// Support: IE <=9 - 11, Edge 12 - 15 -// Microsoft forgot to hump their vendor prefix (#9572) - function camelCase( string ) { - return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); - } - var acceptData = function( owner ) { - - // Accepts only: - // - Node - // - Node.ELEMENT_NODE - // - Node.DOCUMENT_NODE - // - Object - // - Any - return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType ); - }; - - - - - function Data() { - this.expando = jQuery.expando + Data.uid++; - } - - Data.uid = 1; - - Data.prototype = { - - cache: function( owner ) { - - // Check if the owner object already has a cache - var value = owner[ this.expando ]; - - // If not, create one - if ( !value ) { - value = {}; - - // We can accept data for non-element nodes in modern browsers, - // but we should not, see #8335. - // Always return an empty object. - if ( acceptData( owner ) ) { - - // If it is a node unlikely to be stringify-ed or looped over - // use plain assignment - if ( owner.nodeType ) { - owner[ this.expando ] = value; - - // Otherwise secure it in a non-enumerable property - // configurable must be true to allow the property to be - // deleted when data is removed - } else { - Object.defineProperty( owner, this.expando, { - value: value, - configurable: true - } ); - } - } - } - - return value; - }, - set: function( owner, data, value ) { - var prop, - cache = this.cache( owner ); - - // Handle: [ owner, key, value ] args - // Always use camelCase key (gh-2257) - if ( typeof data === "string" ) { - cache[ camelCase( data ) ] = value; - - // Handle: [ owner, { properties } ] args - } else { - - // Copy the properties one-by-one to the cache object - for ( prop in data ) { - cache[ camelCase( prop ) ] = data[ prop ]; - } - } - return cache; - }, - get: function( owner, key ) { - return key === undefined ? - this.cache( owner ) : - - // Always use camelCase key (gh-2257) - owner[ this.expando ] && owner[ this.expando ][ camelCase( key ) ]; - }, - access: function( owner, key, value ) { - - // In cases where either: - // - // 1. No key was specified - // 2. A string key was specified, but no value provided - // - // Take the "read" path and allow the get method to determine - // which value to return, respectively either: - // - // 1. The entire cache object - // 2. The data stored at the key - // - if ( key === undefined || - ( ( key && typeof key === "string" ) && value === undefined ) ) { - - return this.get( owner, key ); - } - - // When the key is not a string, or both a key and value - // are specified, set or extend (existing objects) with either: - // - // 1. An object of properties - // 2. A key and value - // - this.set( owner, key, value ); - - // Since the "set" path can have two possible entry points - // return the expected data based on which path was taken[*] - return value !== undefined ? value : key; - }, - remove: function( owner, key ) { - var i, - cache = owner[ this.expando ]; - - if ( cache === undefined ) { - return; - } - - if ( key !== undefined ) { - - // Support array or space separated string of keys - if ( Array.isArray( key ) ) { - - // If key is an array of keys... - // We always set camelCase keys, so remove that. - key = key.map( camelCase ); - } else { - key = camelCase( key ); - - // If a key with the spaces exists, use it. - // Otherwise, create an array by matching non-whitespace - key = key in cache ? - [ key ] : - ( key.match( rnothtmlwhite ) || [] ); - } - - i = key.length; - - while ( i-- ) { - delete cache[ key[ i ] ]; - } - } - - // Remove the expando if there's no more data - if ( key === undefined || jQuery.isEmptyObject( cache ) ) { - - // Support: Chrome <=35 - 45 - // Webkit & Blink performance suffers when deleting properties - // from DOM nodes, so set to undefined instead - // https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted) - if ( owner.nodeType ) { - owner[ this.expando ] = undefined; - } else { - delete owner[ this.expando ]; - } - } - }, - hasData: function( owner ) { - var cache = owner[ this.expando ]; - return cache !== undefined && !jQuery.isEmptyObject( cache ); - } - }; - var dataPriv = new Data(); - - var dataUser = new Data(); - - - -// Implementation Summary -// -// 1. Enforce API surface and semantic compatibility with 1.9.x branch -// 2. Improve the module's maintainability by reducing the storage -// paths to a single mechanism. -// 3. Use the same single mechanism to support "private" and "user" data. -// 4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData) -// 5. Avoid exposing implementation details on user objects (eg. expando properties) -// 6. Provide a clear path for implementation upgrade to WeakMap in 2014 - - var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/, - rmultiDash = /[A-Z]/g; - - function getData( data ) { - if ( data === "true" ) { - return true; - } - - if ( data === "false" ) { - return false; - } - - if ( data === "null" ) { - return null; - } - - // Only convert to a number if it doesn't change the string - if ( data === +data + "" ) { - return +data; - } - - if ( rbrace.test( data ) ) { - return JSON.parse( data ); - } - - return data; - } - - function dataAttr( elem, key, data ) { - var name; - - // If nothing was found internally, try to fetch any - // data from the HTML5 data-* attribute - if ( data === undefined && elem.nodeType === 1 ) { - name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase(); - data = elem.getAttribute( name ); - - if ( typeof data === "string" ) { - try { - data = getData( data ); - } catch ( e ) {} - - // Make sure we set the data so it isn't changed later - dataUser.set( elem, key, data ); - } else { - data = undefined; - } - } - return data; - } - - jQuery.extend( { - hasData: function( elem ) { - return dataUser.hasData( elem ) || dataPriv.hasData( elem ); - }, - - data: function( elem, name, data ) { - return dataUser.access( elem, name, data ); - }, - - removeData: function( elem, name ) { - dataUser.remove( elem, name ); - }, - - // TODO: Now that all calls to _data and _removeData have been replaced - // with direct calls to dataPriv methods, these can be deprecated. - _data: function( elem, name, data ) { - return dataPriv.access( elem, name, data ); - }, - - _removeData: function( elem, name ) { - dataPriv.remove( elem, name ); - } - } ); - - jQuery.fn.extend( { - data: function( key, value ) { - var i, name, data, - elem = this[ 0 ], - attrs = elem && elem.attributes; - - // Gets all values - if ( key === undefined ) { - if ( this.length ) { - data = dataUser.get( elem ); - - if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) { - i = attrs.length; - while ( i-- ) { - - // Support: IE 11 only - // The attrs elements can be null (#14894) - if ( attrs[ i ] ) { - name = attrs[ i ].name; - if ( name.indexOf( "data-" ) === 0 ) { - name = camelCase( name.slice( 5 ) ); - dataAttr( elem, name, data[ name ] ); - } - } - } - dataPriv.set( elem, "hasDataAttrs", true ); - } - } - - return data; - } - - // Sets multiple values - if ( typeof key === "object" ) { - return this.each( function() { - dataUser.set( this, key ); - } ); - } - - return access( this, function( value ) { - var data; - - // The calling jQuery object (element matches) is not empty - // (and therefore has an element appears at this[ 0 ]) and the - // `value` parameter was not undefined. An empty jQuery object - // will result in `undefined` for elem = this[ 0 ] which will - // throw an exception if an attempt to read a data cache is made. - if ( elem && value === undefined ) { - - // Attempt to get data from the cache - // The key will always be camelCased in Data - data = dataUser.get( elem, key ); - if ( data !== undefined ) { - return data; - } - - // Attempt to "discover" the data in - // HTML5 custom data-* attrs - data = dataAttr( elem, key ); - if ( data !== undefined ) { - return data; - } - - // We tried really hard, but the data doesn't exist. - return; - } - - // Set the data... - this.each( function() { - - // We always store the camelCased key - dataUser.set( this, key, value ); - } ); - }, null, value, arguments.length > 1, null, true ); - }, - - removeData: function( key ) { - return this.each( function() { - dataUser.remove( this, key ); - } ); - } - } ); - - - jQuery.extend( { - queue: function( elem, type, data ) { - var queue; - - if ( elem ) { - type = ( type || "fx" ) + "queue"; - queue = dataPriv.get( elem, type ); - - // Speed up dequeue by getting out quickly if this is just a lookup - if ( data ) { - if ( !queue || Array.isArray( data ) ) { - queue = dataPriv.access( elem, type, jQuery.makeArray( data ) ); - } else { - queue.push( data ); - } - } - return queue || []; - } - }, - - dequeue: function( elem, type ) { - type = type || "fx"; - - var queue = jQuery.queue( elem, type ), - startLength = queue.length, - fn = queue.shift(), - hooks = jQuery._queueHooks( elem, type ), - next = function() { - jQuery.dequeue( elem, type ); - }; - - // If the fx queue is dequeued, always remove the progress sentinel - if ( fn === "inprogress" ) { - fn = queue.shift(); - startLength--; - } - - if ( fn ) { - - // Add a progress sentinel to prevent the fx queue from being - // automatically dequeued - if ( type === "fx" ) { - queue.unshift( "inprogress" ); - } - - // Clear up the last queue stop function - delete hooks.stop; - fn.call( elem, next, hooks ); - } - - if ( !startLength && hooks ) { - hooks.empty.fire(); - } - }, - - // Not public - generate a queueHooks object, or return the current one - _queueHooks: function( elem, type ) { - var key = type + "queueHooks"; - return dataPriv.get( elem, key ) || dataPriv.access( elem, key, { - empty: jQuery.Callbacks( "once memory" ).add( function() { - dataPriv.remove( elem, [ type + "queue", key ] ); - } ) - } ); - } - } ); - - jQuery.fn.extend( { - queue: function( type, data ) { - var setter = 2; - - if ( typeof type !== "string" ) { - data = type; - type = "fx"; - setter--; - } - - if ( arguments.length < setter ) { - return jQuery.queue( this[ 0 ], type ); - } - - return data === undefined ? - this : - this.each( function() { - var queue = jQuery.queue( this, type, data ); - - // Ensure a hooks for this queue - jQuery._queueHooks( this, type ); - - if ( type === "fx" && queue[ 0 ] !== "inprogress" ) { - jQuery.dequeue( this, type ); - } - } ); - }, - dequeue: function( type ) { - return this.each( function() { - jQuery.dequeue( this, type ); - } ); - }, - clearQueue: function( type ) { - return this.queue( type || "fx", [] ); - }, - - // Get a promise resolved when queues of a certain type - // are emptied (fx is the type by default) - promise: function( type, obj ) { - var tmp, - count = 1, - defer = jQuery.Deferred(), - elements = this, - i = this.length, - resolve = function() { - if ( !( --count ) ) { - defer.resolveWith( elements, [ elements ] ); - } - }; - - if ( typeof type !== "string" ) { - obj = type; - type = undefined; - } - type = type || "fx"; - - while ( i-- ) { - tmp = dataPriv.get( elements[ i ], type + "queueHooks" ); - if ( tmp && tmp.empty ) { - count++; - tmp.empty.add( resolve ); - } - } - resolve(); - return defer.promise( obj ); - } - } ); - var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source; - - var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ); - - - var cssExpand = [ "Top", "Right", "Bottom", "Left" ]; - - var documentElement = document.documentElement; - - - - var isAttached = function( elem ) { - return jQuery.contains( elem.ownerDocument, elem ); - }, - composed = { composed: true }; - - // Support: IE 9 - 11+, Edge 12 - 18+, iOS 10.0 - 10.2 only - // Check attachment across shadow DOM boundaries when possible (gh-3504) - // Support: iOS 10.0-10.2 only - // Early iOS 10 versions support `attachShadow` but not `getRootNode`, - // leading to errors. We need to check for `getRootNode`. - if ( documentElement.getRootNode ) { - isAttached = function( elem ) { - return jQuery.contains( elem.ownerDocument, elem ) || - elem.getRootNode( composed ) === elem.ownerDocument; - }; - } - var isHiddenWithinTree = function( elem, el ) { - - // isHiddenWithinTree might be called from jQuery#filter function; - // in that case, element will be second argument - elem = el || elem; - - // Inline style trumps all - return elem.style.display === "none" || - elem.style.display === "" && - - // Otherwise, check computed style - // Support: Firefox <=43 - 45 - // Disconnected elements can have computed display: none, so first confirm that elem is - // in the document. - isAttached( elem ) && - - jQuery.css( elem, "display" ) === "none"; - }; - - - - function adjustCSS( elem, prop, valueParts, tween ) { - var adjusted, scale, - maxIterations = 20, - currentValue = tween ? - function() { - return tween.cur(); - } : - function() { - return jQuery.css( elem, prop, "" ); - }, - initial = currentValue(), - unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ), - - // Starting value computation is required for potential unit mismatches - initialInUnit = elem.nodeType && - ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) && - rcssNum.exec( jQuery.css( elem, prop ) ); - - if ( initialInUnit && initialInUnit[ 3 ] !== unit ) { - - // Support: Firefox <=54 - // Halve the iteration target value to prevent interference from CSS upper bounds (gh-2144) - initial = initial / 2; - - // Trust units reported by jQuery.css - unit = unit || initialInUnit[ 3 ]; - - // Iteratively approximate from a nonzero starting point - initialInUnit = +initial || 1; - - while ( maxIterations-- ) { - - // Evaluate and update our best guess (doubling guesses that zero out). - // Finish if the scale equals or crosses 1 (making the old*new product non-positive). - jQuery.style( elem, prop, initialInUnit + unit ); - if ( ( 1 - scale ) * ( 1 - ( scale = currentValue() / initial || 0.5 ) ) <= 0 ) { - maxIterations = 0; - } - initialInUnit = initialInUnit / scale; - - } - - initialInUnit = initialInUnit * 2; - jQuery.style( elem, prop, initialInUnit + unit ); - - // Make sure we update the tween properties later on - valueParts = valueParts || []; - } - - if ( valueParts ) { - initialInUnit = +initialInUnit || +initial || 0; - - // Apply relative offset (+=/-=) if specified - adjusted = valueParts[ 1 ] ? - initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] : - +valueParts[ 2 ]; - if ( tween ) { - tween.unit = unit; - tween.start = initialInUnit; - tween.end = adjusted; - } - } - return adjusted; - } - - - var defaultDisplayMap = {}; - - function getDefaultDisplay( elem ) { - var temp, - doc = elem.ownerDocument, - nodeName = elem.nodeName, - display = defaultDisplayMap[ nodeName ]; - - if ( display ) { - return display; - } - - temp = doc.body.appendChild( doc.createElement( nodeName ) ); - display = jQuery.css( temp, "display" ); - - temp.parentNode.removeChild( temp ); - - if ( display === "none" ) { - display = "block"; - } - defaultDisplayMap[ nodeName ] = display; - - return display; - } - - function showHide( elements, show ) { - var display, elem, - values = [], - index = 0, - length = elements.length; - - // Determine new display value for elements that need to change - for ( ; index < length; index++ ) { - elem = elements[ index ]; - if ( !elem.style ) { - continue; - } - - display = elem.style.display; - if ( show ) { - - // Since we force visibility upon cascade-hidden elements, an immediate (and slow) - // check is required in this first loop unless we have a nonempty display value (either - // inline or about-to-be-restored) - if ( display === "none" ) { - values[ index ] = dataPriv.get( elem, "display" ) || null; - if ( !values[ index ] ) { - elem.style.display = ""; - } - } - if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) { - values[ index ] = getDefaultDisplay( elem ); - } - } else { - if ( display !== "none" ) { - values[ index ] = "none"; - - // Remember what we're overwriting - dataPriv.set( elem, "display", display ); - } - } - } - - // Set the display of the elements in a second loop to avoid constant reflow - for ( index = 0; index < length; index++ ) { - if ( values[ index ] != null ) { - elements[ index ].style.display = values[ index ]; - } - } - - return elements; - } - - jQuery.fn.extend( { - show: function() { - return showHide( this, true ); - }, - hide: function() { - return showHide( this ); - }, - toggle: function( state ) { - if ( typeof state === "boolean" ) { - return state ? this.show() : this.hide(); - } - - return this.each( function() { - if ( isHiddenWithinTree( this ) ) { - jQuery( this ).show(); - } else { - jQuery( this ).hide(); - } - } ); - } - } ); - var rcheckableType = ( /^(?:checkbox|radio)$/i ); - - var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]*)/i ); - - var rscriptType = ( /^$|^module$|\/(?:java|ecma)script/i ); - - - - ( function() { - var fragment = document.createDocumentFragment(), - div = fragment.appendChild( document.createElement( "div" ) ), - input = document.createElement( "input" ); - - // Support: Android 4.0 - 4.3 only - // Check state lost if the name is set (#11217) - // Support: Windows Web Apps (WWA) - // `name` and `type` must use .setAttribute for WWA (#14901) - input.setAttribute( "type", "radio" ); - input.setAttribute( "checked", "checked" ); - input.setAttribute( "name", "t" ); - - div.appendChild( input ); - - // Support: Android <=4.1 only - // Older WebKit doesn't clone checked state correctly in fragments - support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked; - - // Support: IE <=11 only - // Make sure textarea (and checkbox) defaultValue is properly cloned - div.innerHTML = ""; - support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue; - - // Support: IE <=9 only - // IE <=9 replaces "; - support.option = !!div.lastChild; - } )(); - - -// We have to close these tags to support XHTML (#13200) - var wrapMap = { - - // XHTML parsers do not magically insert elements in the - // same way that tag soup parsers do. So we cannot shorten - // this by omitting or other required elements. - thead: [ 1, "", "
        " ], - col: [ 2, "", "
        " ], - tr: [ 2, "", "
        " ], - td: [ 3, "", "
        " ], - - _default: [ 0, "", "" ] - }; - - wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; - wrapMap.th = wrapMap.td; - -// Support: IE <=9 only - if ( !support.option ) { - wrapMap.optgroup = wrapMap.option = [ 1, "" ]; - } - - - function getAll( context, tag ) { - - // Support: IE <=9 - 11 only - // Use typeof to avoid zero-argument method invocation on host objects (#15151) - var ret; - - if ( typeof context.getElementsByTagName !== "undefined" ) { - ret = context.getElementsByTagName( tag || "*" ); - - } else if ( typeof context.querySelectorAll !== "undefined" ) { - ret = context.querySelectorAll( tag || "*" ); - - } else { - ret = []; - } - - if ( tag === undefined || tag && nodeName( context, tag ) ) { - return jQuery.merge( [ context ], ret ); - } - - return ret; - } - - -// Mark scripts as having already been evaluated - function setGlobalEval( elems, refElements ) { - var i = 0, - l = elems.length; - - for ( ; i < l; i++ ) { - dataPriv.set( - elems[ i ], - "globalEval", - !refElements || dataPriv.get( refElements[ i ], "globalEval" ) - ); - } - } - - - var rhtml = /<|&#?\w+;/; - - function buildFragment( elems, context, scripts, selection, ignored ) { - var elem, tmp, tag, wrap, attached, j, - fragment = context.createDocumentFragment(), - nodes = [], - i = 0, - l = elems.length; - - for ( ; i < l; i++ ) { - elem = elems[ i ]; - - if ( elem || elem === 0 ) { - - // Add nodes directly - if ( toType( elem ) === "object" ) { - - // Support: Android <=4.0 only, PhantomJS 1 only - // push.apply(_, arraylike) throws on ancient WebKit - jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem ); - - // Convert non-html into a text node - } else if ( !rhtml.test( elem ) ) { - nodes.push( context.createTextNode( elem ) ); - - // Convert html into DOM nodes - } else { - tmp = tmp || fragment.appendChild( context.createElement( "div" ) ); - - // Deserialize a standard representation - tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase(); - wrap = wrapMap[ tag ] || wrapMap._default; - tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ]; - - // Descend through wrappers to the right content - j = wrap[ 0 ]; - while ( j-- ) { - tmp = tmp.lastChild; - } - - // Support: Android <=4.0 only, PhantomJS 1 only - // push.apply(_, arraylike) throws on ancient WebKit - jQuery.merge( nodes, tmp.childNodes ); - - // Remember the top-level container - tmp = fragment.firstChild; - - // Ensure the created nodes are orphaned (#12392) - tmp.textContent = ""; - } - } - } - - // Remove wrapper from fragment - fragment.textContent = ""; - - i = 0; - while ( ( elem = nodes[ i++ ] ) ) { - - // Skip elements already in the context collection (trac-4087) - if ( selection && jQuery.inArray( elem, selection ) > -1 ) { - if ( ignored ) { - ignored.push( elem ); - } - continue; - } - - attached = isAttached( elem ); - - // Append to fragment - tmp = getAll( fragment.appendChild( elem ), "script" ); - - // Preserve script evaluation history - if ( attached ) { - setGlobalEval( tmp ); - } - - // Capture executables - if ( scripts ) { - j = 0; - while ( ( elem = tmp[ j++ ] ) ) { - if ( rscriptType.test( elem.type || "" ) ) { - scripts.push( elem ); - } - } - } - } - - return fragment; - } - - - var rtypenamespace = /^([^.]*)(?:\.(.+)|)/; - - function returnTrue() { - return true; - } - - function returnFalse() { - return false; - } - -// Support: IE <=9 - 11+ -// focus() and blur() are asynchronous, except when they are no-op. -// So expect focus to be synchronous when the element is already active, -// and blur to be synchronous when the element is not already active. -// (focus and blur are always synchronous in other supported browsers, -// this just defines when we can count on it). - function expectSync( elem, type ) { - return ( elem === safeActiveElement() ) === ( type === "focus" ); - } - -// Support: IE <=9 only -// Accessing document.activeElement can throw unexpectedly -// https://bugs.jquery.com/ticket/13393 - function safeActiveElement() { - try { - return document.activeElement; - } catch ( err ) { } - } - - function on( elem, types, selector, data, fn, one ) { - var origFn, type; - - // Types can be a map of types/handlers - if ( typeof types === "object" ) { - - // ( types-Object, selector, data ) - if ( typeof selector !== "string" ) { - - // ( types-Object, data ) - data = data || selector; - selector = undefined; - } - for ( type in types ) { - on( elem, type, selector, data, types[ type ], one ); - } - return elem; - } - - if ( data == null && fn == null ) { - - // ( types, fn ) - fn = selector; - data = selector = undefined; - } else if ( fn == null ) { - if ( typeof selector === "string" ) { - - // ( types, selector, fn ) - fn = data; - data = undefined; - } else { - - // ( types, data, fn ) - fn = data; - data = selector; - selector = undefined; - } - } - if ( fn === false ) { - fn = returnFalse; - } else if ( !fn ) { - return elem; - } - - if ( one === 1 ) { - origFn = fn; - fn = function( event ) { - - // Can use an empty set, since event contains the info - jQuery().off( event ); - return origFn.apply( this, arguments ); - }; - - // Use same guid so caller can remove using origFn - fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); - } - return elem.each( function() { - jQuery.event.add( this, types, fn, data, selector ); - } ); - } - - /* - * Helper functions for managing events -- not part of the public interface. - * Props to Dean Edwards' addEvent library for many of the ideas. - */ - jQuery.event = { - - global: {}, - - add: function( elem, types, handler, data, selector ) { - - var handleObjIn, eventHandle, tmp, - events, t, handleObj, - special, handlers, type, namespaces, origType, - elemData = dataPriv.get( elem ); - - // Only attach events to objects that accept data - if ( !acceptData( elem ) ) { - return; - } - - // Caller can pass in an object of custom data in lieu of the handler - if ( handler.handler ) { - handleObjIn = handler; - handler = handleObjIn.handler; - selector = handleObjIn.selector; - } - - // Ensure that invalid selectors throw exceptions at attach time - // Evaluate against documentElement in case elem is a non-element node (e.g., document) - if ( selector ) { - jQuery.find.matchesSelector( documentElement, selector ); - } - - // Make sure that the handler has a unique ID, used to find/remove it later - if ( !handler.guid ) { - handler.guid = jQuery.guid++; - } - - // Init the element's event structure and main handler, if this is the first - if ( !( events = elemData.events ) ) { - events = elemData.events = Object.create( null ); - } - if ( !( eventHandle = elemData.handle ) ) { - eventHandle = elemData.handle = function( e ) { - - // Discard the second event of a jQuery.event.trigger() and - // when an event is called after a page has unloaded - return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ? - jQuery.event.dispatch.apply( elem, arguments ) : undefined; - }; - } - - // Handle multiple events separated by a space - types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; - t = types.length; - while ( t-- ) { - tmp = rtypenamespace.exec( types[ t ] ) || []; - type = origType = tmp[ 1 ]; - namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); - - // There *must* be a type, no attaching namespace-only handlers - if ( !type ) { - continue; - } - - // If event changes its type, use the special event handlers for the changed type - special = jQuery.event.special[ type ] || {}; - - // If selector defined, determine special event api type, otherwise given type - type = ( selector ? special.delegateType : special.bindType ) || type; - - // Update special based on newly reset type - special = jQuery.event.special[ type ] || {}; - - // handleObj is passed to all event handlers - handleObj = jQuery.extend( { - type: type, - origType: origType, - data: data, - handler: handler, - guid: handler.guid, - selector: selector, - needsContext: selector && jQuery.expr.match.needsContext.test( selector ), - namespace: namespaces.join( "." ) - }, handleObjIn ); - - // Init the event handler queue if we're the first - if ( !( handlers = events[ type ] ) ) { - handlers = events[ type ] = []; - handlers.delegateCount = 0; - - // Only use addEventListener if the special events handler returns false - if ( !special.setup || - special.setup.call( elem, data, namespaces, eventHandle ) === false ) { - - if ( elem.addEventListener ) { - elem.addEventListener( type, eventHandle ); - } - } - } - - if ( special.add ) { - special.add.call( elem, handleObj ); - - if ( !handleObj.handler.guid ) { - handleObj.handler.guid = handler.guid; - } - } - - // Add to the element's handler list, delegates in front - if ( selector ) { - handlers.splice( handlers.delegateCount++, 0, handleObj ); - } else { - handlers.push( handleObj ); - } - - // Keep track of which events have ever been used, for event optimization - jQuery.event.global[ type ] = true; - } - - }, - - // Detach an event or set of events from an element - remove: function( elem, types, handler, selector, mappedTypes ) { - - var j, origCount, tmp, - events, t, handleObj, - special, handlers, type, namespaces, origType, - elemData = dataPriv.hasData( elem ) && dataPriv.get( elem ); - - if ( !elemData || !( events = elemData.events ) ) { - return; - } - - // Once for each type.namespace in types; type may be omitted - types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; - t = types.length; - while ( t-- ) { - tmp = rtypenamespace.exec( types[ t ] ) || []; - type = origType = tmp[ 1 ]; - namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); - - // Unbind all events (on this namespace, if provided) for the element - if ( !type ) { - for ( type in events ) { - jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); - } - continue; - } - - special = jQuery.event.special[ type ] || {}; - type = ( selector ? special.delegateType : special.bindType ) || type; - handlers = events[ type ] || []; - tmp = tmp[ 2 ] && - new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ); - - // Remove matching events - origCount = j = handlers.length; - while ( j-- ) { - handleObj = handlers[ j ]; - - if ( ( mappedTypes || origType === handleObj.origType ) && - ( !handler || handler.guid === handleObj.guid ) && - ( !tmp || tmp.test( handleObj.namespace ) ) && - ( !selector || selector === handleObj.selector || - selector === "**" && handleObj.selector ) ) { - handlers.splice( j, 1 ); - - if ( handleObj.selector ) { - handlers.delegateCount--; - } - if ( special.remove ) { - special.remove.call( elem, handleObj ); - } - } - } - - // Remove generic event handler if we removed something and no more handlers exist - // (avoids potential for endless recursion during removal of special event handlers) - if ( origCount && !handlers.length ) { - if ( !special.teardown || - special.teardown.call( elem, namespaces, elemData.handle ) === false ) { - - jQuery.removeEvent( elem, type, elemData.handle ); - } - - delete events[ type ]; - } - } - - // Remove data and the expando if it's no longer used - if ( jQuery.isEmptyObject( events ) ) { - dataPriv.remove( elem, "handle events" ); - } - }, - - dispatch: function( nativeEvent ) { - - var i, j, ret, matched, handleObj, handlerQueue, - args = new Array( arguments.length ), - - // Make a writable jQuery.Event from the native event object - event = jQuery.event.fix( nativeEvent ), - - handlers = ( - dataPriv.get( this, "events" ) || Object.create( null ) - )[ event.type ] || [], - special = jQuery.event.special[ event.type ] || {}; - - // Use the fix-ed jQuery.Event rather than the (read-only) native event - args[ 0 ] = event; - - for ( i = 1; i < arguments.length; i++ ) { - args[ i ] = arguments[ i ]; - } - - event.delegateTarget = this; - - // Call the preDispatch hook for the mapped type, and let it bail if desired - if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { - return; - } - - // Determine handlers - handlerQueue = jQuery.event.handlers.call( this, event, handlers ); - - // Run delegates first; they may want to stop propagation beneath us - i = 0; - while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) { - event.currentTarget = matched.elem; - - j = 0; - while ( ( handleObj = matched.handlers[ j++ ] ) && - !event.isImmediatePropagationStopped() ) { - - // If the event is namespaced, then each handler is only invoked if it is - // specially universal or its namespaces are a superset of the event's. - if ( !event.rnamespace || handleObj.namespace === false || - event.rnamespace.test( handleObj.namespace ) ) { - - event.handleObj = handleObj; - event.data = handleObj.data; - - ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle || - handleObj.handler ).apply( matched.elem, args ); - - if ( ret !== undefined ) { - if ( ( event.result = ret ) === false ) { - event.preventDefault(); - event.stopPropagation(); - } - } - } - } - } - - // Call the postDispatch hook for the mapped type - if ( special.postDispatch ) { - special.postDispatch.call( this, event ); - } - - return event.result; - }, - - handlers: function( event, handlers ) { - var i, handleObj, sel, matchedHandlers, matchedSelectors, - handlerQueue = [], - delegateCount = handlers.delegateCount, - cur = event.target; - - // Find delegate handlers - if ( delegateCount && - - // Support: IE <=9 - // Black-hole SVG instance trees (trac-13180) - cur.nodeType && - - // Support: Firefox <=42 - // Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861) - // https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click - // Support: IE 11 only - // ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343) - !( event.type === "click" && event.button >= 1 ) ) { - - for ( ; cur !== this; cur = cur.parentNode || this ) { - - // Don't check non-elements (#13208) - // Don't process clicks on disabled elements (#6911, #8165, #11382, #11764) - if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) { - matchedHandlers = []; - matchedSelectors = {}; - for ( i = 0; i < delegateCount; i++ ) { - handleObj = handlers[ i ]; - - // Don't conflict with Object.prototype properties (#13203) - sel = handleObj.selector + " "; - - if ( matchedSelectors[ sel ] === undefined ) { - matchedSelectors[ sel ] = handleObj.needsContext ? - jQuery( sel, this ).index( cur ) > -1 : - jQuery.find( sel, this, null, [ cur ] ).length; - } - if ( matchedSelectors[ sel ] ) { - matchedHandlers.push( handleObj ); - } - } - if ( matchedHandlers.length ) { - handlerQueue.push( { elem: cur, handlers: matchedHandlers } ); - } - } - } - } - - // Add the remaining (directly-bound) handlers - cur = this; - if ( delegateCount < handlers.length ) { - handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } ); - } - - return handlerQueue; - }, - - addProp: function( name, hook ) { - Object.defineProperty( jQuery.Event.prototype, name, { - enumerable: true, - configurable: true, - - get: isFunction( hook ) ? - function() { - if ( this.originalEvent ) { - return hook( this.originalEvent ); - } - } : - function() { - if ( this.originalEvent ) { - return this.originalEvent[ name ]; - } - }, - - set: function( value ) { - Object.defineProperty( this, name, { - enumerable: true, - configurable: true, - writable: true, - value: value - } ); - } - } ); - }, - - fix: function( originalEvent ) { - return originalEvent[ jQuery.expando ] ? - originalEvent : - new jQuery.Event( originalEvent ); - }, - - special: { - load: { - - // Prevent triggered image.load events from bubbling to window.load - noBubble: true - }, - click: { - - // Utilize native event to ensure correct state for checkable inputs - setup: function( data ) { - - // For mutual compressibility with _default, replace `this` access with a local var. - // `|| data` is dead code meant only to preserve the variable through minification. - var el = this || data; - - // Claim the first handler - if ( rcheckableType.test( el.type ) && - el.click && nodeName( el, "input" ) ) { - - // dataPriv.set( el, "click", ... ) - leverageNative( el, "click", returnTrue ); - } - - // Return false to allow normal processing in the caller - return false; - }, - trigger: function( data ) { - - // For mutual compressibility with _default, replace `this` access with a local var. - // `|| data` is dead code meant only to preserve the variable through minification. - var el = this || data; - - // Force setup before triggering a click - if ( rcheckableType.test( el.type ) && - el.click && nodeName( el, "input" ) ) { - - leverageNative( el, "click" ); - } - - // Return non-false to allow normal event-path propagation - return true; - }, - - // For cross-browser consistency, suppress native .click() on links - // Also prevent it if we're currently inside a leveraged native-event stack - _default: function( event ) { - var target = event.target; - return rcheckableType.test( target.type ) && - target.click && nodeName( target, "input" ) && - dataPriv.get( target, "click" ) || - nodeName( target, "a" ); - } - }, - - beforeunload: { - postDispatch: function( event ) { - - // Support: Firefox 20+ - // Firefox doesn't alert if the returnValue field is not set. - if ( event.result !== undefined && event.originalEvent ) { - event.originalEvent.returnValue = event.result; - } - } - } - } - }; - -// Ensure the presence of an event listener that handles manually-triggered -// synthetic events by interrupting progress until reinvoked in response to -// *native* events that it fires directly, ensuring that state changes have -// already occurred before other listeners are invoked. - function leverageNative( el, type, expectSync ) { - - // Missing expectSync indicates a trigger call, which must force setup through jQuery.event.add - if ( !expectSync ) { - if ( dataPriv.get( el, type ) === undefined ) { - jQuery.event.add( el, type, returnTrue ); - } - return; - } - - // Register the controller as a special universal handler for all event namespaces - dataPriv.set( el, type, false ); - jQuery.event.add( el, type, { - namespace: false, - handler: function( event ) { - var notAsync, result, - saved = dataPriv.get( this, type ); - - if ( ( event.isTrigger & 1 ) && this[ type ] ) { - - // Interrupt processing of the outer synthetic .trigger()ed event - // Saved data should be false in such cases, but might be a leftover capture object - // from an async native handler (gh-4350) - if ( !saved.length ) { - - // Store arguments for use when handling the inner native event - // There will always be at least one argument (an event object), so this array - // will not be confused with a leftover capture object. - saved = slice.call( arguments ); - dataPriv.set( this, type, saved ); - - // Trigger the native event and capture its result - // Support: IE <=9 - 11+ - // focus() and blur() are asynchronous - notAsync = expectSync( this, type ); - this[ type ](); - result = dataPriv.get( this, type ); - if ( saved !== result || notAsync ) { - dataPriv.set( this, type, false ); - } else { - result = {}; - } - if ( saved !== result ) { - - // Cancel the outer synthetic event - event.stopImmediatePropagation(); - event.preventDefault(); - - // Support: Chrome 86+ - // In Chrome, if an element having a focusout handler is blurred by - // clicking outside of it, it invokes the handler synchronously. If - // that handler calls `.remove()` on the element, the data is cleared, - // leaving `result` undefined. We need to guard against this. - return result && result.value; - } - - // If this is an inner synthetic event for an event with a bubbling surrogate - // (focus or blur), assume that the surrogate already propagated from triggering the - // native event and prevent that from happening again here. - // This technically gets the ordering wrong w.r.t. to `.trigger()` (in which the - // bubbling surrogate propagates *after* the non-bubbling base), but that seems - // less bad than duplication. - } else if ( ( jQuery.event.special[ type ] || {} ).delegateType ) { - event.stopPropagation(); - } - - // If this is a native event triggered above, everything is now in order - // Fire an inner synthetic event with the original arguments - } else if ( saved.length ) { - - // ...and capture the result - dataPriv.set( this, type, { - value: jQuery.event.trigger( - - // Support: IE <=9 - 11+ - // Extend with the prototype to reset the above stopImmediatePropagation() - jQuery.extend( saved[ 0 ], jQuery.Event.prototype ), - saved.slice( 1 ), - this - ) - } ); - - // Abort handling of the native event - event.stopImmediatePropagation(); - } - } - } ); - } - - jQuery.removeEvent = function( elem, type, handle ) { - - // This "if" is needed for plain objects - if ( elem.removeEventListener ) { - elem.removeEventListener( type, handle ); - } - }; - - jQuery.Event = function( src, props ) { - - // Allow instantiation without the 'new' keyword - if ( !( this instanceof jQuery.Event ) ) { - return new jQuery.Event( src, props ); - } - - // Event object - if ( src && src.type ) { - this.originalEvent = src; - this.type = src.type; - - // Events bubbling up the document may have been marked as prevented - // by a handler lower down the tree; reflect the correct value. - this.isDefaultPrevented = src.defaultPrevented || - src.defaultPrevented === undefined && - - // Support: Android <=2.3 only - src.returnValue === false ? - returnTrue : - returnFalse; - - // Create target properties - // Support: Safari <=6 - 7 only - // Target should not be a text node (#504, #13143) - this.target = ( src.target && src.target.nodeType === 3 ) ? - src.target.parentNode : - src.target; - - this.currentTarget = src.currentTarget; - this.relatedTarget = src.relatedTarget; - - // Event type - } else { - this.type = src; - } - - // Put explicitly provided properties onto the event object - if ( props ) { - jQuery.extend( this, props ); - } - - // Create a timestamp if incoming event doesn't have one - this.timeStamp = src && src.timeStamp || Date.now(); - - // Mark it as fixed - this[ jQuery.expando ] = true; - }; - -// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding -// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html - jQuery.Event.prototype = { - constructor: jQuery.Event, - isDefaultPrevented: returnFalse, - isPropagationStopped: returnFalse, - isImmediatePropagationStopped: returnFalse, - isSimulated: false, - - preventDefault: function() { - var e = this.originalEvent; - - this.isDefaultPrevented = returnTrue; - - if ( e && !this.isSimulated ) { - e.preventDefault(); - } - }, - stopPropagation: function() { - var e = this.originalEvent; - - this.isPropagationStopped = returnTrue; - - if ( e && !this.isSimulated ) { - e.stopPropagation(); - } - }, - stopImmediatePropagation: function() { - var e = this.originalEvent; - - this.isImmediatePropagationStopped = returnTrue; - - if ( e && !this.isSimulated ) { - e.stopImmediatePropagation(); - } - - this.stopPropagation(); - } - }; - -// Includes all common event props including KeyEvent and MouseEvent specific props - jQuery.each( { - altKey: true, - bubbles: true, - cancelable: true, - changedTouches: true, - ctrlKey: true, - detail: true, - eventPhase: true, - metaKey: true, - pageX: true, - pageY: true, - shiftKey: true, - view: true, - "char": true, - code: true, - charCode: true, - key: true, - keyCode: true, - button: true, - buttons: true, - clientX: true, - clientY: true, - offsetX: true, - offsetY: true, - pointerId: true, - pointerType: true, - screenX: true, - screenY: true, - targetTouches: true, - toElement: true, - touches: true, - which: true - }, jQuery.event.addProp ); - - jQuery.each( { focus: "focusin", blur: "focusout" }, function( type, delegateType ) { - jQuery.event.special[ type ] = { - - // Utilize native event if possible so blur/focus sequence is correct - setup: function() { - - // Claim the first handler - // dataPriv.set( this, "focus", ... ) - // dataPriv.set( this, "blur", ... ) - leverageNative( this, type, expectSync ); - - // Return false to allow normal processing in the caller - return false; - }, - trigger: function() { - - // Force setup before trigger - leverageNative( this, type ); - - // Return non-false to allow normal event-path propagation - return true; - }, - - // Suppress native focus or blur as it's already being fired - // in leverageNative. - _default: function() { - return true; - }, - - delegateType: delegateType - }; - } ); - -// Create mouseenter/leave events using mouseover/out and event-time checks -// so that event delegation works in jQuery. -// Do the same for pointerenter/pointerleave and pointerover/pointerout -// -// Support: Safari 7 only -// Safari sends mouseenter too often; see: -// https://bugs.chromium.org/p/chromium/issues/detail?id=470258 -// for the description of the bug (it existed in older Chrome versions as well). - jQuery.each( { - mouseenter: "mouseover", - mouseleave: "mouseout", - pointerenter: "pointerover", - pointerleave: "pointerout" - }, function( orig, fix ) { - jQuery.event.special[ orig ] = { - delegateType: fix, - bindType: fix, - - handle: function( event ) { - var ret, - target = this, - related = event.relatedTarget, - handleObj = event.handleObj; - - // For mouseenter/leave call the handler if related is outside the target. - // NB: No relatedTarget if the mouse left/entered the browser window - if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) { - event.type = handleObj.origType; - ret = handleObj.handler.apply( this, arguments ); - event.type = fix; - } - return ret; - } - }; - } ); - - jQuery.fn.extend( { - - on: function( types, selector, data, fn ) { - return on( this, types, selector, data, fn ); - }, - one: function( types, selector, data, fn ) { - return on( this, types, selector, data, fn, 1 ); - }, - off: function( types, selector, fn ) { - var handleObj, type; - if ( types && types.preventDefault && types.handleObj ) { - - // ( event ) dispatched jQuery.Event - handleObj = types.handleObj; - jQuery( types.delegateTarget ).off( - handleObj.namespace ? - handleObj.origType + "." + handleObj.namespace : - handleObj.origType, - handleObj.selector, - handleObj.handler - ); - return this; - } - if ( typeof types === "object" ) { - - // ( types-object [, selector] ) - for ( type in types ) { - this.off( type, selector, types[ type ] ); - } - return this; - } - if ( selector === false || typeof selector === "function" ) { - - // ( types [, fn] ) - fn = selector; - selector = undefined; - } - if ( fn === false ) { - fn = returnFalse; - } - return this.each( function() { - jQuery.event.remove( this, types, fn, selector ); - } ); - } - } ); - - - var - - // Support: IE <=10 - 11, Edge 12 - 13 only - // In IE/Edge using regex groups here causes severe slowdowns. - // See https://connect.microsoft.com/IE/feedback/details/1736512/ - rnoInnerhtml = /\s*$/g; - -// Prefer a tbody over its parent table for containing new rows - function manipulationTarget( elem, content ) { - if ( nodeName( elem, "table" ) && - nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) { - - return jQuery( elem ).children( "tbody" )[ 0 ] || elem; - } - - return elem; - } - -// Replace/restore the type attribute of script elements for safe DOM manipulation - function disableScript( elem ) { - elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type; - return elem; - } - function restoreScript( elem ) { - if ( ( elem.type || "" ).slice( 0, 5 ) === "true/" ) { - elem.type = elem.type.slice( 5 ); - } else { - elem.removeAttribute( "type" ); - } - - return elem; - } - - function cloneCopyEvent( src, dest ) { - var i, l, type, pdataOld, udataOld, udataCur, events; - - if ( dest.nodeType !== 1 ) { - return; - } - - // 1. Copy private data: events, handlers, etc. - if ( dataPriv.hasData( src ) ) { - pdataOld = dataPriv.get( src ); - events = pdataOld.events; - - if ( events ) { - dataPriv.remove( dest, "handle events" ); - - for ( type in events ) { - for ( i = 0, l = events[ type ].length; i < l; i++ ) { - jQuery.event.add( dest, type, events[ type ][ i ] ); - } - } - } - } - - // 2. Copy user data - if ( dataUser.hasData( src ) ) { - udataOld = dataUser.access( src ); - udataCur = jQuery.extend( {}, udataOld ); - - dataUser.set( dest, udataCur ); - } - } - -// Fix IE bugs, see support tests - function fixInput( src, dest ) { - var nodeName = dest.nodeName.toLowerCase(); - - // Fails to persist the checked state of a cloned checkbox or radio button. - if ( nodeName === "input" && rcheckableType.test( src.type ) ) { - dest.checked = src.checked; - - // Fails to return the selected option to the default selected state when cloning options - } else if ( nodeName === "input" || nodeName === "textarea" ) { - dest.defaultValue = src.defaultValue; - } - } - - function domManip( collection, args, callback, ignored ) { - - // Flatten any nested arrays - args = flat( args ); - - var fragment, first, scripts, hasScripts, node, doc, - i = 0, - l = collection.length, - iNoClone = l - 1, - value = args[ 0 ], - valueIsFunction = isFunction( value ); - - // We can't cloneNode fragments that contain checked, in WebKit - if ( valueIsFunction || - ( l > 1 && typeof value === "string" && - !support.checkClone && rchecked.test( value ) ) ) { - return collection.each( function( index ) { - var self = collection.eq( index ); - if ( valueIsFunction ) { - args[ 0 ] = value.call( this, index, self.html() ); - } - domManip( self, args, callback, ignored ); - } ); - } - - if ( l ) { - fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored ); - first = fragment.firstChild; - - if ( fragment.childNodes.length === 1 ) { - fragment = first; - } - - // Require either new content or an interest in ignored elements to invoke the callback - if ( first || ignored ) { - scripts = jQuery.map( getAll( fragment, "script" ), disableScript ); - hasScripts = scripts.length; - - // Use the original fragment for the last item - // instead of the first because it can end up - // being emptied incorrectly in certain situations (#8070). - for ( ; i < l; i++ ) { - node = fragment; - - if ( i !== iNoClone ) { - node = jQuery.clone( node, true, true ); - - // Keep references to cloned scripts for later restoration - if ( hasScripts ) { - - // Support: Android <=4.0 only, PhantomJS 1 only - // push.apply(_, arraylike) throws on ancient WebKit - jQuery.merge( scripts, getAll( node, "script" ) ); - } - } - - callback.call( collection[ i ], node, i ); - } - - if ( hasScripts ) { - doc = scripts[ scripts.length - 1 ].ownerDocument; - - // Reenable scripts - jQuery.map( scripts, restoreScript ); - - // Evaluate executable scripts on first document insertion - for ( i = 0; i < hasScripts; i++ ) { - node = scripts[ i ]; - if ( rscriptType.test( node.type || "" ) && - !dataPriv.access( node, "globalEval" ) && - jQuery.contains( doc, node ) ) { - - if ( node.src && ( node.type || "" ).toLowerCase() !== "module" ) { - - // Optional AJAX dependency, but won't run scripts if not present - if ( jQuery._evalUrl && !node.noModule ) { - jQuery._evalUrl( node.src, { - nonce: node.nonce || node.getAttribute( "nonce" ) - }, doc ); - } - } else { - DOMEval( node.textContent.replace( rcleanScript, "" ), node, doc ); - } - } - } - } - } - } - - return collection; - } - - function remove( elem, selector, keepData ) { - var node, - nodes = selector ? jQuery.filter( selector, elem ) : elem, - i = 0; - - for ( ; ( node = nodes[ i ] ) != null; i++ ) { - if ( !keepData && node.nodeType === 1 ) { - jQuery.cleanData( getAll( node ) ); - } - - if ( node.parentNode ) { - if ( keepData && isAttached( node ) ) { - setGlobalEval( getAll( node, "script" ) ); - } - node.parentNode.removeChild( node ); - } - } - - return elem; - } - - jQuery.extend( { - htmlPrefilter: function( html ) { - return html; - }, - - clone: function( elem, dataAndEvents, deepDataAndEvents ) { - var i, l, srcElements, destElements, - clone = elem.cloneNode( true ), - inPage = isAttached( elem ); - - // Fix IE cloning issues - if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) && - !jQuery.isXMLDoc( elem ) ) { - - // We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2 - destElements = getAll( clone ); - srcElements = getAll( elem ); - - for ( i = 0, l = srcElements.length; i < l; i++ ) { - fixInput( srcElements[ i ], destElements[ i ] ); - } - } - - // Copy the events from the original to the clone - if ( dataAndEvents ) { - if ( deepDataAndEvents ) { - srcElements = srcElements || getAll( elem ); - destElements = destElements || getAll( clone ); - - for ( i = 0, l = srcElements.length; i < l; i++ ) { - cloneCopyEvent( srcElements[ i ], destElements[ i ] ); - } - } else { - cloneCopyEvent( elem, clone ); - } - } - - // Preserve script evaluation history - destElements = getAll( clone, "script" ); - if ( destElements.length > 0 ) { - setGlobalEval( destElements, !inPage && getAll( elem, "script" ) ); - } - - // Return the cloned set - return clone; - }, - - cleanData: function( elems ) { - var data, elem, type, - special = jQuery.event.special, - i = 0; - - for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) { - if ( acceptData( elem ) ) { - if ( ( data = elem[ dataPriv.expando ] ) ) { - if ( data.events ) { - for ( type in data.events ) { - if ( special[ type ] ) { - jQuery.event.remove( elem, type ); - - // This is a shortcut to avoid jQuery.event.remove's overhead - } else { - jQuery.removeEvent( elem, type, data.handle ); - } - } - } - - // Support: Chrome <=35 - 45+ - // Assign undefined instead of using delete, see Data#remove - elem[ dataPriv.expando ] = undefined; - } - if ( elem[ dataUser.expando ] ) { - - // Support: Chrome <=35 - 45+ - // Assign undefined instead of using delete, see Data#remove - elem[ dataUser.expando ] = undefined; - } - } - } - } - } ); - - jQuery.fn.extend( { - detach: function( selector ) { - return remove( this, selector, true ); - }, - - remove: function( selector ) { - return remove( this, selector ); - }, - - text: function( value ) { - return access( this, function( value ) { - return value === undefined ? - jQuery.text( this ) : - this.empty().each( function() { - if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { - this.textContent = value; - } - } ); - }, null, value, arguments.length ); - }, - - append: function() { - return domManip( this, arguments, function( elem ) { - if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { - var target = manipulationTarget( this, elem ); - target.appendChild( elem ); - } - } ); - }, - - prepend: function() { - return domManip( this, arguments, function( elem ) { - if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { - var target = manipulationTarget( this, elem ); - target.insertBefore( elem, target.firstChild ); - } - } ); - }, - - before: function() { - return domManip( this, arguments, function( elem ) { - if ( this.parentNode ) { - this.parentNode.insertBefore( elem, this ); - } - } ); - }, - - after: function() { - return domManip( this, arguments, function( elem ) { - if ( this.parentNode ) { - this.parentNode.insertBefore( elem, this.nextSibling ); - } - } ); - }, - - empty: function() { - var elem, - i = 0; - - for ( ; ( elem = this[ i ] ) != null; i++ ) { - if ( elem.nodeType === 1 ) { - - // Prevent memory leaks - jQuery.cleanData( getAll( elem, false ) ); - - // Remove any remaining nodes - elem.textContent = ""; - } - } - - return this; - }, - - clone: function( dataAndEvents, deepDataAndEvents ) { - dataAndEvents = dataAndEvents == null ? false : dataAndEvents; - deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents; - - return this.map( function() { - return jQuery.clone( this, dataAndEvents, deepDataAndEvents ); - } ); - }, - - html: function( value ) { - return access( this, function( value ) { - var elem = this[ 0 ] || {}, - i = 0, - l = this.length; - - if ( value === undefined && elem.nodeType === 1 ) { - return elem.innerHTML; - } - - // See if we can take a shortcut and just use innerHTML - if ( typeof value === "string" && !rnoInnerhtml.test( value ) && - !wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) { - - value = jQuery.htmlPrefilter( value ); - - try { - for ( ; i < l; i++ ) { - elem = this[ i ] || {}; - - // Remove element nodes and prevent memory leaks - if ( elem.nodeType === 1 ) { - jQuery.cleanData( getAll( elem, false ) ); - elem.innerHTML = value; - } - } - - elem = 0; - - // If using innerHTML throws an exception, use the fallback method - } catch ( e ) {} - } - - if ( elem ) { - this.empty().append( value ); - } - }, null, value, arguments.length ); - }, - - replaceWith: function() { - var ignored = []; - - // Make the changes, replacing each non-ignored context element with the new content - return domManip( this, arguments, function( elem ) { - var parent = this.parentNode; - - if ( jQuery.inArray( this, ignored ) < 0 ) { - jQuery.cleanData( getAll( this ) ); - if ( parent ) { - parent.replaceChild( elem, this ); - } - } - - // Force callback invocation - }, ignored ); - } - } ); - - jQuery.each( { - appendTo: "append", - prependTo: "prepend", - insertBefore: "before", - insertAfter: "after", - replaceAll: "replaceWith" - }, function( name, original ) { - jQuery.fn[ name ] = function( selector ) { - var elems, - ret = [], - insert = jQuery( selector ), - last = insert.length - 1, - i = 0; - - for ( ; i <= last; i++ ) { - elems = i === last ? this : this.clone( true ); - jQuery( insert[ i ] )[ original ]( elems ); - - // Support: Android <=4.0 only, PhantomJS 1 only - // .get() because push.apply(_, arraylike) throws on ancient WebKit - push.apply( ret, elems.get() ); - } - - return this.pushStack( ret ); - }; - } ); - var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" ); - - var getStyles = function( elem ) { - - // Support: IE <=11 only, Firefox <=30 (#15098, #14150) - // IE throws on elements created in popups - // FF meanwhile throws on frame elements through "defaultView.getComputedStyle" - var view = elem.ownerDocument.defaultView; - - if ( !view || !view.opener ) { - view = window; - } - - return view.getComputedStyle( elem ); - }; - - var swap = function( elem, options, callback ) { - var ret, name, - old = {}; - - // Remember the old values, and insert the new ones - for ( name in options ) { - old[ name ] = elem.style[ name ]; - elem.style[ name ] = options[ name ]; - } - - ret = callback.call( elem ); - - // Revert the old values - for ( name in options ) { - elem.style[ name ] = old[ name ]; - } - - return ret; - }; - - - var rboxStyle = new RegExp( cssExpand.join( "|" ), "i" ); - - - - ( function() { - - // Executing both pixelPosition & boxSizingReliable tests require only one layout - // so they're executed at the same time to save the second computation. - function computeStyleTests() { - - // This is a singleton, we need to execute it only once - if ( !div ) { - return; - } - - container.style.cssText = "position:absolute;left:-11111px;width:60px;" + - "margin-top:1px;padding:0;border:0"; - div.style.cssText = - "position:relative;display:block;box-sizing:border-box;overflow:scroll;" + - "margin:auto;border:1px;padding:1px;" + - "width:60%;top:1%"; - documentElement.appendChild( container ).appendChild( div ); - - var divStyle = window.getComputedStyle( div ); - pixelPositionVal = divStyle.top !== "1%"; - - // Support: Android 4.0 - 4.3 only, Firefox <=3 - 44 - reliableMarginLeftVal = roundPixelMeasures( divStyle.marginLeft ) === 12; - - // Support: Android 4.0 - 4.3 only, Safari <=9.1 - 10.1, iOS <=7.0 - 9.3 - // Some styles come back with percentage values, even though they shouldn't - div.style.right = "60%"; - pixelBoxStylesVal = roundPixelMeasures( divStyle.right ) === 36; - - // Support: IE 9 - 11 only - // Detect misreporting of content dimensions for box-sizing:border-box elements - boxSizingReliableVal = roundPixelMeasures( divStyle.width ) === 36; - - // Support: IE 9 only - // Detect overflow:scroll screwiness (gh-3699) - // Support: Chrome <=64 - // Don't get tricked when zoom affects offsetWidth (gh-4029) - div.style.position = "absolute"; - scrollboxSizeVal = roundPixelMeasures( div.offsetWidth / 3 ) === 12; - - documentElement.removeChild( container ); - - // Nullify the div so it wouldn't be stored in the memory and - // it will also be a sign that checks already performed - div = null; - } - - function roundPixelMeasures( measure ) { - return Math.round( parseFloat( measure ) ); - } - - var pixelPositionVal, boxSizingReliableVal, scrollboxSizeVal, pixelBoxStylesVal, - reliableTrDimensionsVal, reliableMarginLeftVal, - container = document.createElement( "div" ), - div = document.createElement( "div" ); - - // Finish early in limited (non-browser) environments - if ( !div.style ) { - return; - } - - // Support: IE <=9 - 11 only - // Style of cloned element affects source element cloned (#8908) - div.style.backgroundClip = "content-box"; - div.cloneNode( true ).style.backgroundClip = ""; - support.clearCloneStyle = div.style.backgroundClip === "content-box"; - - jQuery.extend( support, { - boxSizingReliable: function() { - computeStyleTests(); - return boxSizingReliableVal; - }, - pixelBoxStyles: function() { - computeStyleTests(); - return pixelBoxStylesVal; - }, - pixelPosition: function() { - computeStyleTests(); - return pixelPositionVal; - }, - reliableMarginLeft: function() { - computeStyleTests(); - return reliableMarginLeftVal; - }, - scrollboxSize: function() { - computeStyleTests(); - return scrollboxSizeVal; - }, - - // Support: IE 9 - 11+, Edge 15 - 18+ - // IE/Edge misreport `getComputedStyle` of table rows with width/height - // set in CSS while `offset*` properties report correct values. - // Behavior in IE 9 is more subtle than in newer versions & it passes - // some versions of this test; make sure not to make it pass there! - // - // Support: Firefox 70+ - // Only Firefox includes border widths - // in computed dimensions. (gh-4529) - reliableTrDimensions: function() { - var table, tr, trChild, trStyle; - if ( reliableTrDimensionsVal == null ) { - table = document.createElement( "table" ); - tr = document.createElement( "tr" ); - trChild = document.createElement( "div" ); - - table.style.cssText = "position:absolute;left:-11111px;border-collapse:separate"; - tr.style.cssText = "border:1px solid"; - - // Support: Chrome 86+ - // Height set through cssText does not get applied. - // Computed height then comes back as 0. - tr.style.height = "1px"; - trChild.style.height = "9px"; - - // Support: Android 8 Chrome 86+ - // In our bodyBackground.html iframe, - // display for all div elements is set to "inline", - // which causes a problem only in Android 8 Chrome 86. - // Ensuring the div is display: block - // gets around this issue. - trChild.style.display = "block"; - - documentElement - .appendChild( table ) - .appendChild( tr ) - .appendChild( trChild ); - - trStyle = window.getComputedStyle( tr ); - reliableTrDimensionsVal = ( parseInt( trStyle.height, 10 ) + - parseInt( trStyle.borderTopWidth, 10 ) + - parseInt( trStyle.borderBottomWidth, 10 ) ) === tr.offsetHeight; - - documentElement.removeChild( table ); - } - return reliableTrDimensionsVal; - } - } ); - } )(); - - - function curCSS( elem, name, computed ) { - var width, minWidth, maxWidth, ret, - - // Support: Firefox 51+ - // Retrieving style before computed somehow - // fixes an issue with getting wrong values - // on detached elements - style = elem.style; - - computed = computed || getStyles( elem ); - - // getPropertyValue is needed for: - // .css('filter') (IE 9 only, #12537) - // .css('--customProperty) (#3144) - if ( computed ) { - ret = computed.getPropertyValue( name ) || computed[ name ]; - - if ( ret === "" && !isAttached( elem ) ) { - ret = jQuery.style( elem, name ); - } - - // A tribute to the "awesome hack by Dean Edwards" - // Android Browser returns percentage for some values, - // but width seems to be reliably pixels. - // This is against the CSSOM draft spec: - // https://drafts.csswg.org/cssom/#resolved-values - if ( !support.pixelBoxStyles() && rnumnonpx.test( ret ) && rboxStyle.test( name ) ) { - - // Remember the original values - width = style.width; - minWidth = style.minWidth; - maxWidth = style.maxWidth; - - // Put in the new values to get a computed value out - style.minWidth = style.maxWidth = style.width = ret; - ret = computed.width; - - // Revert the changed values - style.width = width; - style.minWidth = minWidth; - style.maxWidth = maxWidth; - } - } - - return ret !== undefined ? - - // Support: IE <=9 - 11 only - // IE returns zIndex value as an integer. - ret + "" : - ret; - } - - - function addGetHookIf( conditionFn, hookFn ) { - - // Define the hook, we'll check on the first run if it's really needed. - return { - get: function() { - if ( conditionFn() ) { - - // Hook not needed (or it's not possible to use it due - // to missing dependency), remove it. - delete this.get; - return; - } - - // Hook needed; redefine it so that the support test is not executed again. - return ( this.get = hookFn ).apply( this, arguments ); - } - }; - } - - - var cssPrefixes = [ "Webkit", "Moz", "ms" ], - emptyStyle = document.createElement( "div" ).style, - vendorProps = {}; - -// Return a vendor-prefixed property or undefined - function vendorPropName( name ) { - - // Check for vendor prefixed names - var capName = name[ 0 ].toUpperCase() + name.slice( 1 ), - i = cssPrefixes.length; - - while ( i-- ) { - name = cssPrefixes[ i ] + capName; - if ( name in emptyStyle ) { - return name; - } - } - } - -// Return a potentially-mapped jQuery.cssProps or vendor prefixed property - function finalPropName( name ) { - var final = jQuery.cssProps[ name ] || vendorProps[ name ]; - - if ( final ) { - return final; - } - if ( name in emptyStyle ) { - return name; - } - return vendorProps[ name ] = vendorPropName( name ) || name; - } - - - var - - // Swappable if display is none or starts with table - // except "table", "table-cell", or "table-caption" - // See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display - rdisplayswap = /^(none|table(?!-c[ea]).+)/, - rcustomProp = /^--/, - cssShow = { position: "absolute", visibility: "hidden", display: "block" }, - cssNormalTransform = { - letterSpacing: "0", - fontWeight: "400" - }; - - function setPositiveNumber( _elem, value, subtract ) { - - // Any relative (+/-) values have already been - // normalized at this point - var matches = rcssNum.exec( value ); - return matches ? - - // Guard against undefined "subtract", e.g., when used as in cssHooks - Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) : - value; - } - - function boxModelAdjustment( elem, dimension, box, isBorderBox, styles, computedVal ) { - var i = dimension === "width" ? 1 : 0, - extra = 0, - delta = 0; - - // Adjustment may not be necessary - if ( box === ( isBorderBox ? "border" : "content" ) ) { - return 0; - } - - for ( ; i < 4; i += 2 ) { - - // Both box models exclude margin - if ( box === "margin" ) { - delta += jQuery.css( elem, box + cssExpand[ i ], true, styles ); - } - - // If we get here with a content-box, we're seeking "padding" or "border" or "margin" - if ( !isBorderBox ) { - - // Add padding - delta += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); - - // For "border" or "margin", add border - if ( box !== "padding" ) { - delta += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); - - // But still keep track of it otherwise - } else { - extra += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); - } - - // If we get here with a border-box (content + padding + border), we're seeking "content" or - // "padding" or "margin" - } else { - - // For "content", subtract padding - if ( box === "content" ) { - delta -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); - } - - // For "content" or "padding", subtract border - if ( box !== "margin" ) { - delta -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); - } - } - } - - // Account for positive content-box scroll gutter when requested by providing computedVal - if ( !isBorderBox && computedVal >= 0 ) { - - // offsetWidth/offsetHeight is a rounded sum of content, padding, scroll gutter, and border - // Assuming integer scroll gutter, subtract the rest and round down - delta += Math.max( 0, Math.ceil( - elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - - computedVal - - delta - - extra - - 0.5 - - // If offsetWidth/offsetHeight is unknown, then we can't determine content-box scroll gutter - // Use an explicit zero to avoid NaN (gh-3964) - ) ) || 0; - } - - return delta; - } - - function getWidthOrHeight( elem, dimension, extra ) { - - // Start with computed style - var styles = getStyles( elem ), - - // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-4322). - // Fake content-box until we know it's needed to know the true value. - boxSizingNeeded = !support.boxSizingReliable() || extra, - isBorderBox = boxSizingNeeded && - jQuery.css( elem, "boxSizing", false, styles ) === "border-box", - valueIsBorderBox = isBorderBox, - - val = curCSS( elem, dimension, styles ), - offsetProp = "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ); - - // Support: Firefox <=54 - // Return a confounding non-pixel value or feign ignorance, as appropriate. - if ( rnumnonpx.test( val ) ) { - if ( !extra ) { - return val; - } - val = "auto"; - } - - - // Support: IE 9 - 11 only - // Use offsetWidth/offsetHeight for when box sizing is unreliable. - // In those cases, the computed value can be trusted to be border-box. - if ( ( !support.boxSizingReliable() && isBorderBox || - - // Support: IE 10 - 11+, Edge 15 - 18+ - // IE/Edge misreport `getComputedStyle` of table rows with width/height - // set in CSS while `offset*` properties report correct values. - // Interestingly, in some cases IE 9 doesn't suffer from this issue. - !support.reliableTrDimensions() && nodeName( elem, "tr" ) || - - // Fall back to offsetWidth/offsetHeight when value is "auto" - // This happens for inline elements with no explicit setting (gh-3571) - val === "auto" || - - // Support: Android <=4.1 - 4.3 only - // Also use offsetWidth/offsetHeight for misreported inline dimensions (gh-3602) - !parseFloat( val ) && jQuery.css( elem, "display", false, styles ) === "inline" ) && - - // Make sure the element is visible & connected - elem.getClientRects().length ) { - - isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box"; - - // Where available, offsetWidth/offsetHeight approximate border box dimensions. - // Where not available (e.g., SVG), assume unreliable box-sizing and interpret the - // retrieved value as a content box dimension. - valueIsBorderBox = offsetProp in elem; - if ( valueIsBorderBox ) { - val = elem[ offsetProp ]; - } - } - - // Normalize "" and auto - val = parseFloat( val ) || 0; - - // Adjust for the element's box model - return ( val + - boxModelAdjustment( - elem, - dimension, - extra || ( isBorderBox ? "border" : "content" ), - valueIsBorderBox, - styles, - - // Provide the current computed size to request scroll gutter calculation (gh-3589) - val - ) - ) + "px"; - } - - jQuery.extend( { - - // Add in style property hooks for overriding the default - // behavior of getting and setting a style property - cssHooks: { - opacity: { - get: function( elem, computed ) { - if ( computed ) { - - // We should always get a number back from opacity - var ret = curCSS( elem, "opacity" ); - return ret === "" ? "1" : ret; - } - } - } - }, - - // Don't automatically add "px" to these possibly-unitless properties - cssNumber: { - "animationIterationCount": true, - "columnCount": true, - "fillOpacity": true, - "flexGrow": true, - "flexShrink": true, - "fontWeight": true, - "gridArea": true, - "gridColumn": true, - "gridColumnEnd": true, - "gridColumnStart": true, - "gridRow": true, - "gridRowEnd": true, - "gridRowStart": true, - "lineHeight": true, - "opacity": true, - "order": true, - "orphans": true, - "widows": true, - "zIndex": true, - "zoom": true - }, - - // Add in properties whose names you wish to fix before - // setting or getting the value - cssProps: {}, - - // Get and set the style property on a DOM Node - style: function( elem, name, value, extra ) { - - // Don't set styles on text and comment nodes - if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) { - return; - } - - // Make sure that we're working with the right name - var ret, type, hooks, - origName = camelCase( name ), - isCustomProp = rcustomProp.test( name ), - style = elem.style; - - // Make sure that we're working with the right name. We don't - // want to query the value if it is a CSS custom property - // since they are user-defined. - if ( !isCustomProp ) { - name = finalPropName( origName ); - } - - // Gets hook for the prefixed version, then unprefixed version - hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; - - // Check if we're setting a value - if ( value !== undefined ) { - type = typeof value; - - // Convert "+=" or "-=" to relative numbers (#7345) - if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) { - value = adjustCSS( elem, name, ret ); - - // Fixes bug #9237 - type = "number"; - } - - // Make sure that null and NaN values aren't set (#7116) - if ( value == null || value !== value ) { - return; - } - - // If a number was passed in, add the unit (except for certain CSS properties) - // The isCustomProp check can be removed in jQuery 4.0 when we only auto-append - // "px" to a few hardcoded values. - if ( type === "number" && !isCustomProp ) { - value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" ); - } - - // background-* props affect original clone's values - if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) { - style[ name ] = "inherit"; - } - - // If a hook was provided, use that value, otherwise just set the specified value - if ( !hooks || !( "set" in hooks ) || - ( value = hooks.set( elem, value, extra ) ) !== undefined ) { - - if ( isCustomProp ) { - style.setProperty( name, value ); - } else { - style[ name ] = value; - } - } - - } else { - - // If a hook was provided get the non-computed value from there - if ( hooks && "get" in hooks && - ( ret = hooks.get( elem, false, extra ) ) !== undefined ) { - - return ret; - } - - // Otherwise just get the value from the style object - return style[ name ]; - } - }, - - css: function( elem, name, extra, styles ) { - var val, num, hooks, - origName = camelCase( name ), - isCustomProp = rcustomProp.test( name ); - - // Make sure that we're working with the right name. We don't - // want to modify the value if it is a CSS custom property - // since they are user-defined. - if ( !isCustomProp ) { - name = finalPropName( origName ); - } - - // Try prefixed name followed by the unprefixed name - hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; - - // If a hook was provided get the computed value from there - if ( hooks && "get" in hooks ) { - val = hooks.get( elem, true, extra ); - } - - // Otherwise, if a way to get the computed value exists, use that - if ( val === undefined ) { - val = curCSS( elem, name, styles ); - } - - // Convert "normal" to computed value - if ( val === "normal" && name in cssNormalTransform ) { - val = cssNormalTransform[ name ]; - } - - // Make numeric if forced or a qualifier was provided and val looks numeric - if ( extra === "" || extra ) { - num = parseFloat( val ); - return extra === true || isFinite( num ) ? num || 0 : val; - } - - return val; - } - } ); - - jQuery.each( [ "height", "width" ], function( _i, dimension ) { - jQuery.cssHooks[ dimension ] = { - get: function( elem, computed, extra ) { - if ( computed ) { - - // Certain elements can have dimension info if we invisibly show them - // but it must have a current display style that would benefit - return rdisplayswap.test( jQuery.css( elem, "display" ) ) && - - // Support: Safari 8+ - // Table columns in Safari have non-zero offsetWidth & zero - // getBoundingClientRect().width unless display is changed. - // Support: IE <=11 only - // Running getBoundingClientRect on a disconnected node - // in IE throws an error. - ( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ? - swap( elem, cssShow, function() { - return getWidthOrHeight( elem, dimension, extra ); - } ) : - getWidthOrHeight( elem, dimension, extra ); - } - }, - - set: function( elem, value, extra ) { - var matches, - styles = getStyles( elem ), - - // Only read styles.position if the test has a chance to fail - // to avoid forcing a reflow. - scrollboxSizeBuggy = !support.scrollboxSize() && - styles.position === "absolute", - - // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-3991) - boxSizingNeeded = scrollboxSizeBuggy || extra, - isBorderBox = boxSizingNeeded && - jQuery.css( elem, "boxSizing", false, styles ) === "border-box", - subtract = extra ? - boxModelAdjustment( - elem, - dimension, - extra, - isBorderBox, - styles - ) : - 0; - - // Account for unreliable border-box dimensions by comparing offset* to computed and - // faking a content-box to get border and padding (gh-3699) - if ( isBorderBox && scrollboxSizeBuggy ) { - subtract -= Math.ceil( - elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - - parseFloat( styles[ dimension ] ) - - boxModelAdjustment( elem, dimension, "border", false, styles ) - - 0.5 - ); - } - - // Convert to pixels if value adjustment is needed - if ( subtract && ( matches = rcssNum.exec( value ) ) && - ( matches[ 3 ] || "px" ) !== "px" ) { - - elem.style[ dimension ] = value; - value = jQuery.css( elem, dimension ); - } - - return setPositiveNumber( elem, value, subtract ); - } - }; - } ); - - jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft, - function( elem, computed ) { - if ( computed ) { - return ( parseFloat( curCSS( elem, "marginLeft" ) ) || - elem.getBoundingClientRect().left - - swap( elem, { marginLeft: 0 }, function() { - return elem.getBoundingClientRect().left; - } ) - ) + "px"; - } - } - ); - -// These hooks are used by animate to expand properties - jQuery.each( { - margin: "", - padding: "", - border: "Width" - }, function( prefix, suffix ) { - jQuery.cssHooks[ prefix + suffix ] = { - expand: function( value ) { - var i = 0, - expanded = {}, - - // Assumes a single number if not a string - parts = typeof value === "string" ? value.split( " " ) : [ value ]; - - for ( ; i < 4; i++ ) { - expanded[ prefix + cssExpand[ i ] + suffix ] = - parts[ i ] || parts[ i - 2 ] || parts[ 0 ]; - } - - return expanded; - } - }; - - if ( prefix !== "margin" ) { - jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber; - } - } ); - - jQuery.fn.extend( { - css: function( name, value ) { - return access( this, function( elem, name, value ) { - var styles, len, - map = {}, - i = 0; - - if ( Array.isArray( name ) ) { - styles = getStyles( elem ); - len = name.length; - - for ( ; i < len; i++ ) { - map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles ); - } - - return map; - } - - return value !== undefined ? - jQuery.style( elem, name, value ) : - jQuery.css( elem, name ); - }, name, value, arguments.length > 1 ); - } - } ); - - - function Tween( elem, options, prop, end, easing ) { - return new Tween.prototype.init( elem, options, prop, end, easing ); - } - jQuery.Tween = Tween; - - Tween.prototype = { - constructor: Tween, - init: function( elem, options, prop, end, easing, unit ) { - this.elem = elem; - this.prop = prop; - this.easing = easing || jQuery.easing._default; - this.options = options; - this.start = this.now = this.cur(); - this.end = end; - this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" ); - }, - cur: function() { - var hooks = Tween.propHooks[ this.prop ]; - - return hooks && hooks.get ? - hooks.get( this ) : - Tween.propHooks._default.get( this ); - }, - run: function( percent ) { - var eased, - hooks = Tween.propHooks[ this.prop ]; - - if ( this.options.duration ) { - this.pos = eased = jQuery.easing[ this.easing ]( - percent, this.options.duration * percent, 0, 1, this.options.duration - ); - } else { - this.pos = eased = percent; - } - this.now = ( this.end - this.start ) * eased + this.start; - - if ( this.options.step ) { - this.options.step.call( this.elem, this.now, this ); - } - - if ( hooks && hooks.set ) { - hooks.set( this ); - } else { - Tween.propHooks._default.set( this ); - } - return this; - } - }; - - Tween.prototype.init.prototype = Tween.prototype; - - Tween.propHooks = { - _default: { - get: function( tween ) { - var result; - - // Use a property on the element directly when it is not a DOM element, - // or when there is no matching style property that exists. - if ( tween.elem.nodeType !== 1 || - tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) { - return tween.elem[ tween.prop ]; - } - - // Passing an empty string as a 3rd parameter to .css will automatically - // attempt a parseFloat and fallback to a string if the parse fails. - // Simple values such as "10px" are parsed to Float; - // complex values such as "rotate(1rad)" are returned as-is. - result = jQuery.css( tween.elem, tween.prop, "" ); - - // Empty strings, null, undefined and "auto" are converted to 0. - return !result || result === "auto" ? 0 : result; - }, - set: function( tween ) { - - // Use step hook for back compat. - // Use cssHook if its there. - // Use .style if available and use plain properties where available. - if ( jQuery.fx.step[ tween.prop ] ) { - jQuery.fx.step[ tween.prop ]( tween ); - } else if ( tween.elem.nodeType === 1 && ( - jQuery.cssHooks[ tween.prop ] || - tween.elem.style[ finalPropName( tween.prop ) ] != null ) ) { - jQuery.style( tween.elem, tween.prop, tween.now + tween.unit ); - } else { - tween.elem[ tween.prop ] = tween.now; - } - } - } - }; - -// Support: IE <=9 only -// Panic based approach to setting things on disconnected nodes - Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = { - set: function( tween ) { - if ( tween.elem.nodeType && tween.elem.parentNode ) { - tween.elem[ tween.prop ] = tween.now; - } - } - }; - - jQuery.easing = { - linear: function( p ) { - return p; - }, - swing: function( p ) { - return 0.5 - Math.cos( p * Math.PI ) / 2; - }, - _default: "swing" - }; - - jQuery.fx = Tween.prototype.init; - -// Back compat <1.8 extension point - jQuery.fx.step = {}; - - - - - var - fxNow, inProgress, - rfxtypes = /^(?:toggle|show|hide)$/, - rrun = /queueHooks$/; - - function schedule() { - if ( inProgress ) { - if ( document.hidden === false && window.requestAnimationFrame ) { - window.requestAnimationFrame( schedule ); - } else { - window.setTimeout( schedule, jQuery.fx.interval ); - } - - jQuery.fx.tick(); - } - } - -// Animations created synchronously will run synchronously - function createFxNow() { - window.setTimeout( function() { - fxNow = undefined; - } ); - return ( fxNow = Date.now() ); - } - -// Generate parameters to create a standard animation - function genFx( type, includeWidth ) { - var which, - i = 0, - attrs = { height: type }; - - // If we include width, step value is 1 to do all cssExpand values, - // otherwise step value is 2 to skip over Left and Right - includeWidth = includeWidth ? 1 : 0; - for ( ; i < 4; i += 2 - includeWidth ) { - which = cssExpand[ i ]; - attrs[ "margin" + which ] = attrs[ "padding" + which ] = type; - } - - if ( includeWidth ) { - attrs.opacity = attrs.width = type; - } - - return attrs; - } - - function createTween( value, prop, animation ) { - var tween, - collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ), - index = 0, - length = collection.length; - for ( ; index < length; index++ ) { - if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) { - - // We're done with this property - return tween; - } - } - } - - function defaultPrefilter( elem, props, opts ) { - var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display, - isBox = "width" in props || "height" in props, - anim = this, - orig = {}, - style = elem.style, - hidden = elem.nodeType && isHiddenWithinTree( elem ), - dataShow = dataPriv.get( elem, "fxshow" ); - - // Queue-skipping animations hijack the fx hooks - if ( !opts.queue ) { - hooks = jQuery._queueHooks( elem, "fx" ); - if ( hooks.unqueued == null ) { - hooks.unqueued = 0; - oldfire = hooks.empty.fire; - hooks.empty.fire = function() { - if ( !hooks.unqueued ) { - oldfire(); - } - }; - } - hooks.unqueued++; - - anim.always( function() { - - // Ensure the complete handler is called before this completes - anim.always( function() { - hooks.unqueued--; - if ( !jQuery.queue( elem, "fx" ).length ) { - hooks.empty.fire(); - } - } ); - } ); - } - - // Detect show/hide animations - for ( prop in props ) { - value = props[ prop ]; - if ( rfxtypes.test( value ) ) { - delete props[ prop ]; - toggle = toggle || value === "toggle"; - if ( value === ( hidden ? "hide" : "show" ) ) { - - // Pretend to be hidden if this is a "show" and - // there is still data from a stopped show/hide - if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) { - hidden = true; - - // Ignore all other no-op show/hide data - } else { - continue; - } - } - orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop ); - } - } - - // Bail out if this is a no-op like .hide().hide() - propTween = !jQuery.isEmptyObject( props ); - if ( !propTween && jQuery.isEmptyObject( orig ) ) { - return; - } - - // Restrict "overflow" and "display" styles during box animations - if ( isBox && elem.nodeType === 1 ) { - - // Support: IE <=9 - 11, Edge 12 - 15 - // Record all 3 overflow attributes because IE does not infer the shorthand - // from identically-valued overflowX and overflowY and Edge just mirrors - // the overflowX value there. - opts.overflow = [ style.overflow, style.overflowX, style.overflowY ]; - - // Identify a display type, preferring old show/hide data over the CSS cascade - restoreDisplay = dataShow && dataShow.display; - if ( restoreDisplay == null ) { - restoreDisplay = dataPriv.get( elem, "display" ); - } - display = jQuery.css( elem, "display" ); - if ( display === "none" ) { - if ( restoreDisplay ) { - display = restoreDisplay; - } else { - - // Get nonempty value(s) by temporarily forcing visibility - showHide( [ elem ], true ); - restoreDisplay = elem.style.display || restoreDisplay; - display = jQuery.css( elem, "display" ); - showHide( [ elem ] ); - } - } - - // Animate inline elements as inline-block - if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) { - if ( jQuery.css( elem, "float" ) === "none" ) { - - // Restore the original display value at the end of pure show/hide animations - if ( !propTween ) { - anim.done( function() { - style.display = restoreDisplay; - } ); - if ( restoreDisplay == null ) { - display = style.display; - restoreDisplay = display === "none" ? "" : display; - } - } - style.display = "inline-block"; - } - } - } - - if ( opts.overflow ) { - style.overflow = "hidden"; - anim.always( function() { - style.overflow = opts.overflow[ 0 ]; - style.overflowX = opts.overflow[ 1 ]; - style.overflowY = opts.overflow[ 2 ]; - } ); - } - - // Implement show/hide animations - propTween = false; - for ( prop in orig ) { - - // General show/hide setup for this element animation - if ( !propTween ) { - if ( dataShow ) { - if ( "hidden" in dataShow ) { - hidden = dataShow.hidden; - } - } else { - dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } ); - } - - // Store hidden/visible for toggle so `.stop().toggle()` "reverses" - if ( toggle ) { - dataShow.hidden = !hidden; - } - - // Show elements before animating them - if ( hidden ) { - showHide( [ elem ], true ); - } - - /* eslint-disable no-loop-func */ - - anim.done( function() { - - /* eslint-enable no-loop-func */ - - // The final step of a "hide" animation is actually hiding the element - if ( !hidden ) { - showHide( [ elem ] ); - } - dataPriv.remove( elem, "fxshow" ); - for ( prop in orig ) { - jQuery.style( elem, prop, orig[ prop ] ); - } - } ); - } - - // Per-property setup - propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim ); - if ( !( prop in dataShow ) ) { - dataShow[ prop ] = propTween.start; - if ( hidden ) { - propTween.end = propTween.start; - propTween.start = 0; - } - } - } - } - - function propFilter( props, specialEasing ) { - var index, name, easing, value, hooks; - - // camelCase, specialEasing and expand cssHook pass - for ( index in props ) { - name = camelCase( index ); - easing = specialEasing[ name ]; - value = props[ index ]; - if ( Array.isArray( value ) ) { - easing = value[ 1 ]; - value = props[ index ] = value[ 0 ]; - } - - if ( index !== name ) { - props[ name ] = value; - delete props[ index ]; - } - - hooks = jQuery.cssHooks[ name ]; - if ( hooks && "expand" in hooks ) { - value = hooks.expand( value ); - delete props[ name ]; - - // Not quite $.extend, this won't overwrite existing keys. - // Reusing 'index' because we have the correct "name" - for ( index in value ) { - if ( !( index in props ) ) { - props[ index ] = value[ index ]; - specialEasing[ index ] = easing; - } - } - } else { - specialEasing[ name ] = easing; - } - } - } - - function Animation( elem, properties, options ) { - var result, - stopped, - index = 0, - length = Animation.prefilters.length, - deferred = jQuery.Deferred().always( function() { - - // Don't match elem in the :animated selector - delete tick.elem; - } ), - tick = function() { - if ( stopped ) { - return false; - } - var currentTime = fxNow || createFxNow(), - remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ), - - // Support: Android 2.3 only - // Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497) - temp = remaining / animation.duration || 0, - percent = 1 - temp, - index = 0, - length = animation.tweens.length; - - for ( ; index < length; index++ ) { - animation.tweens[ index ].run( percent ); - } - - deferred.notifyWith( elem, [ animation, percent, remaining ] ); - - // If there's more to do, yield - if ( percent < 1 && length ) { - return remaining; - } - - // If this was an empty animation, synthesize a final progress notification - if ( !length ) { - deferred.notifyWith( elem, [ animation, 1, 0 ] ); - } - - // Resolve the animation and report its conclusion - deferred.resolveWith( elem, [ animation ] ); - return false; - }, - animation = deferred.promise( { - elem: elem, - props: jQuery.extend( {}, properties ), - opts: jQuery.extend( true, { - specialEasing: {}, - easing: jQuery.easing._default - }, options ), - originalProperties: properties, - originalOptions: options, - startTime: fxNow || createFxNow(), - duration: options.duration, - tweens: [], - createTween: function( prop, end ) { - var tween = jQuery.Tween( elem, animation.opts, prop, end, - animation.opts.specialEasing[ prop ] || animation.opts.easing ); - animation.tweens.push( tween ); - return tween; - }, - stop: function( gotoEnd ) { - var index = 0, - - // If we are going to the end, we want to run all the tweens - // otherwise we skip this part - length = gotoEnd ? animation.tweens.length : 0; - if ( stopped ) { - return this; - } - stopped = true; - for ( ; index < length; index++ ) { - animation.tweens[ index ].run( 1 ); - } - - // Resolve when we played the last frame; otherwise, reject - if ( gotoEnd ) { - deferred.notifyWith( elem, [ animation, 1, 0 ] ); - deferred.resolveWith( elem, [ animation, gotoEnd ] ); - } else { - deferred.rejectWith( elem, [ animation, gotoEnd ] ); - } - return this; - } - } ), - props = animation.props; - - propFilter( props, animation.opts.specialEasing ); - - for ( ; index < length; index++ ) { - result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts ); - if ( result ) { - if ( isFunction( result.stop ) ) { - jQuery._queueHooks( animation.elem, animation.opts.queue ).stop = - result.stop.bind( result ); - } - return result; - } - } - - jQuery.map( props, createTween, animation ); - - if ( isFunction( animation.opts.start ) ) { - animation.opts.start.call( elem, animation ); - } - - // Attach callbacks from options - animation - .progress( animation.opts.progress ) - .done( animation.opts.done, animation.opts.complete ) - .fail( animation.opts.fail ) - .always( animation.opts.always ); - - jQuery.fx.timer( - jQuery.extend( tick, { - elem: elem, - anim: animation, - queue: animation.opts.queue - } ) - ); - - return animation; - } - - jQuery.Animation = jQuery.extend( Animation, { - - tweeners: { - "*": [ function( prop, value ) { - var tween = this.createTween( prop, value ); - adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween ); - return tween; - } ] - }, - - tweener: function( props, callback ) { - if ( isFunction( props ) ) { - callback = props; - props = [ "*" ]; - } else { - props = props.match( rnothtmlwhite ); - } - - var prop, - index = 0, - length = props.length; - - for ( ; index < length; index++ ) { - prop = props[ index ]; - Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || []; - Animation.tweeners[ prop ].unshift( callback ); - } - }, - - prefilters: [ defaultPrefilter ], - - prefilter: function( callback, prepend ) { - if ( prepend ) { - Animation.prefilters.unshift( callback ); - } else { - Animation.prefilters.push( callback ); - } - } - } ); - - jQuery.speed = function( speed, easing, fn ) { - var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : { - complete: fn || !fn && easing || - isFunction( speed ) && speed, - duration: speed, - easing: fn && easing || easing && !isFunction( easing ) && easing - }; - - // Go to the end state if fx are off - if ( jQuery.fx.off ) { - opt.duration = 0; - - } else { - if ( typeof opt.duration !== "number" ) { - if ( opt.duration in jQuery.fx.speeds ) { - opt.duration = jQuery.fx.speeds[ opt.duration ]; - - } else { - opt.duration = jQuery.fx.speeds._default; - } - } - } - - // Normalize opt.queue - true/undefined/null -> "fx" - if ( opt.queue == null || opt.queue === true ) { - opt.queue = "fx"; - } - - // Queueing - opt.old = opt.complete; - - opt.complete = function() { - if ( isFunction( opt.old ) ) { - opt.old.call( this ); - } - - if ( opt.queue ) { - jQuery.dequeue( this, opt.queue ); - } - }; - - return opt; - }; - - jQuery.fn.extend( { - fadeTo: function( speed, to, easing, callback ) { - - // Show any hidden elements after setting opacity to 0 - return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show() - - // Animate to the value specified - .end().animate( { opacity: to }, speed, easing, callback ); - }, - animate: function( prop, speed, easing, callback ) { - var empty = jQuery.isEmptyObject( prop ), - optall = jQuery.speed( speed, easing, callback ), - doAnimation = function() { - - // Operate on a copy of prop so per-property easing won't be lost - var anim = Animation( this, jQuery.extend( {}, prop ), optall ); - - // Empty animations, or finishing resolves immediately - if ( empty || dataPriv.get( this, "finish" ) ) { - anim.stop( true ); - } - }; - - doAnimation.finish = doAnimation; - - return empty || optall.queue === false ? - this.each( doAnimation ) : - this.queue( optall.queue, doAnimation ); - }, - stop: function( type, clearQueue, gotoEnd ) { - var stopQueue = function( hooks ) { - var stop = hooks.stop; - delete hooks.stop; - stop( gotoEnd ); - }; - - if ( typeof type !== "string" ) { - gotoEnd = clearQueue; - clearQueue = type; - type = undefined; - } - if ( clearQueue ) { - this.queue( type || "fx", [] ); - } - - return this.each( function() { - var dequeue = true, - index = type != null && type + "queueHooks", - timers = jQuery.timers, - data = dataPriv.get( this ); - - if ( index ) { - if ( data[ index ] && data[ index ].stop ) { - stopQueue( data[ index ] ); - } - } else { - for ( index in data ) { - if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) { - stopQueue( data[ index ] ); - } - } - } - - for ( index = timers.length; index--; ) { - if ( timers[ index ].elem === this && - ( type == null || timers[ index ].queue === type ) ) { - - timers[ index ].anim.stop( gotoEnd ); - dequeue = false; - timers.splice( index, 1 ); - } - } - - // Start the next in the queue if the last step wasn't forced. - // Timers currently will call their complete callbacks, which - // will dequeue but only if they were gotoEnd. - if ( dequeue || !gotoEnd ) { - jQuery.dequeue( this, type ); - } - } ); - }, - finish: function( type ) { - if ( type !== false ) { - type = type || "fx"; - } - return this.each( function() { - var index, - data = dataPriv.get( this ), - queue = data[ type + "queue" ], - hooks = data[ type + "queueHooks" ], - timers = jQuery.timers, - length = queue ? queue.length : 0; - - // Enable finishing flag on private data - data.finish = true; - - // Empty the queue first - jQuery.queue( this, type, [] ); - - if ( hooks && hooks.stop ) { - hooks.stop.call( this, true ); - } - - // Look for any active animations, and finish them - for ( index = timers.length; index--; ) { - if ( timers[ index ].elem === this && timers[ index ].queue === type ) { - timers[ index ].anim.stop( true ); - timers.splice( index, 1 ); - } - } - - // Look for any animations in the old queue and finish them - for ( index = 0; index < length; index++ ) { - if ( queue[ index ] && queue[ index ].finish ) { - queue[ index ].finish.call( this ); - } - } - - // Turn off finishing flag - delete data.finish; - } ); - } - } ); - - jQuery.each( [ "toggle", "show", "hide" ], function( _i, name ) { - var cssFn = jQuery.fn[ name ]; - jQuery.fn[ name ] = function( speed, easing, callback ) { - return speed == null || typeof speed === "boolean" ? - cssFn.apply( this, arguments ) : - this.animate( genFx( name, true ), speed, easing, callback ); - }; - } ); - -// Generate shortcuts for custom animations - jQuery.each( { - slideDown: genFx( "show" ), - slideUp: genFx( "hide" ), - slideToggle: genFx( "toggle" ), - fadeIn: { opacity: "show" }, - fadeOut: { opacity: "hide" }, - fadeToggle: { opacity: "toggle" } - }, function( name, props ) { - jQuery.fn[ name ] = function( speed, easing, callback ) { - return this.animate( props, speed, easing, callback ); - }; - } ); - - jQuery.timers = []; - jQuery.fx.tick = function() { - var timer, - i = 0, - timers = jQuery.timers; - - fxNow = Date.now(); - - for ( ; i < timers.length; i++ ) { - timer = timers[ i ]; - - // Run the timer and safely remove it when done (allowing for external removal) - if ( !timer() && timers[ i ] === timer ) { - timers.splice( i--, 1 ); - } - } - - if ( !timers.length ) { - jQuery.fx.stop(); - } - fxNow = undefined; - }; - - jQuery.fx.timer = function( timer ) { - jQuery.timers.push( timer ); - jQuery.fx.start(); - }; - - jQuery.fx.interval = 13; - jQuery.fx.start = function() { - if ( inProgress ) { - return; - } - - inProgress = true; - schedule(); - }; - - jQuery.fx.stop = function() { - inProgress = null; - }; - - jQuery.fx.speeds = { - slow: 600, - fast: 200, - - // Default speed - _default: 400 - }; - - -// Based off of the plugin by Clint Helfers, with permission. -// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/ - jQuery.fn.delay = function( time, type ) { - time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; - type = type || "fx"; - - return this.queue( type, function( next, hooks ) { - var timeout = window.setTimeout( next, time ); - hooks.stop = function() { - window.clearTimeout( timeout ); - }; - } ); - }; - - - ( function() { - var input = document.createElement( "input" ), - select = document.createElement( "select" ), - opt = select.appendChild( document.createElement( "option" ) ); - - input.type = "checkbox"; - - // Support: Android <=4.3 only - // Default value for a checkbox should be "on" - support.checkOn = input.value !== ""; - - // Support: IE <=11 only - // Must access selectedIndex to make default options select - support.optSelected = opt.selected; - - // Support: IE <=11 only - // An input loses its value after becoming a radio - input = document.createElement( "input" ); - input.value = "t"; - input.type = "radio"; - support.radioValue = input.value === "t"; - } )(); - - - var boolHook, - attrHandle = jQuery.expr.attrHandle; - - jQuery.fn.extend( { - attr: function( name, value ) { - return access( this, jQuery.attr, name, value, arguments.length > 1 ); - }, - - removeAttr: function( name ) { - return this.each( function() { - jQuery.removeAttr( this, name ); - } ); - } - } ); - - jQuery.extend( { - attr: function( elem, name, value ) { - var ret, hooks, - nType = elem.nodeType; - - // Don't get/set attributes on text, comment and attribute nodes - if ( nType === 3 || nType === 8 || nType === 2 ) { - return; - } - - // Fallback to prop when attributes are not supported - if ( typeof elem.getAttribute === "undefined" ) { - return jQuery.prop( elem, name, value ); - } - - // Attribute hooks are determined by the lowercase version - // Grab necessary hook if one is defined - if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { - hooks = jQuery.attrHooks[ name.toLowerCase() ] || - ( jQuery.expr.match.bool.test( name ) ? boolHook : undefined ); - } - - if ( value !== undefined ) { - if ( value === null ) { - jQuery.removeAttr( elem, name ); - return; - } - - if ( hooks && "set" in hooks && - ( ret = hooks.set( elem, value, name ) ) !== undefined ) { - return ret; - } - - elem.setAttribute( name, value + "" ); - return value; - } - - if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { - return ret; - } - - ret = jQuery.find.attr( elem, name ); - - // Non-existent attributes return null, we normalize to undefined - return ret == null ? undefined : ret; - }, - - attrHooks: { - type: { - set: function( elem, value ) { - if ( !support.radioValue && value === "radio" && - nodeName( elem, "input" ) ) { - var val = elem.value; - elem.setAttribute( "type", value ); - if ( val ) { - elem.value = val; - } - return value; - } - } - } - }, - - removeAttr: function( elem, value ) { - var name, - i = 0, - - // Attribute names can contain non-HTML whitespace characters - // https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 - attrNames = value && value.match( rnothtmlwhite ); - - if ( attrNames && elem.nodeType === 1 ) { - while ( ( name = attrNames[ i++ ] ) ) { - elem.removeAttribute( name ); - } - } - } - } ); - -// Hooks for boolean attributes - boolHook = { - set: function( elem, value, name ) { - if ( value === false ) { - - // Remove boolean attributes when set to false - jQuery.removeAttr( elem, name ); - } else { - elem.setAttribute( name, name ); - } - return name; - } - }; - - jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( _i, name ) { - var getter = attrHandle[ name ] || jQuery.find.attr; - - attrHandle[ name ] = function( elem, name, isXML ) { - var ret, handle, - lowercaseName = name.toLowerCase(); - - if ( !isXML ) { - - // Avoid an infinite loop by temporarily removing this function from the getter - handle = attrHandle[ lowercaseName ]; - attrHandle[ lowercaseName ] = ret; - ret = getter( elem, name, isXML ) != null ? - lowercaseName : - null; - attrHandle[ lowercaseName ] = handle; - } - return ret; - }; - } ); - - - - - var rfocusable = /^(?:input|select|textarea|button)$/i, - rclickable = /^(?:a|area)$/i; - - jQuery.fn.extend( { - prop: function( name, value ) { - return access( this, jQuery.prop, name, value, arguments.length > 1 ); - }, - - removeProp: function( name ) { - return this.each( function() { - delete this[ jQuery.propFix[ name ] || name ]; - } ); - } - } ); - - jQuery.extend( { - prop: function( elem, name, value ) { - var ret, hooks, - nType = elem.nodeType; - - // Don't get/set properties on text, comment and attribute nodes - if ( nType === 3 || nType === 8 || nType === 2 ) { - return; - } - - if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { - - // Fix name and attach hooks - name = jQuery.propFix[ name ] || name; - hooks = jQuery.propHooks[ name ]; - } - - if ( value !== undefined ) { - if ( hooks && "set" in hooks && - ( ret = hooks.set( elem, value, name ) ) !== undefined ) { - return ret; - } - - return ( elem[ name ] = value ); - } - - if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { - return ret; - } - - return elem[ name ]; - }, - - propHooks: { - tabIndex: { - get: function( elem ) { - - // Support: IE <=9 - 11 only - // elem.tabIndex doesn't always return the - // correct value when it hasn't been explicitly set - // https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ - // Use proper attribute retrieval(#12072) - var tabindex = jQuery.find.attr( elem, "tabindex" ); - - if ( tabindex ) { - return parseInt( tabindex, 10 ); - } - - if ( - rfocusable.test( elem.nodeName ) || - rclickable.test( elem.nodeName ) && - elem.href - ) { - return 0; - } - - return -1; - } - } - }, - - propFix: { - "for": "htmlFor", - "class": "className" - } - } ); - -// Support: IE <=11 only -// Accessing the selectedIndex property -// forces the browser to respect setting selected -// on the option -// The getter ensures a default option is selected -// when in an optgroup -// eslint rule "no-unused-expressions" is disabled for this code -// since it considers such accessions noop - if ( !support.optSelected ) { - jQuery.propHooks.selected = { - get: function( elem ) { - - /* eslint no-unused-expressions: "off" */ - - var parent = elem.parentNode; - if ( parent && parent.parentNode ) { - parent.parentNode.selectedIndex; - } - return null; - }, - set: function( elem ) { - - /* eslint no-unused-expressions: "off" */ - - var parent = elem.parentNode; - if ( parent ) { - parent.selectedIndex; - - if ( parent.parentNode ) { - parent.parentNode.selectedIndex; - } - } - } - }; - } - - jQuery.each( [ - "tabIndex", - "readOnly", - "maxLength", - "cellSpacing", - "cellPadding", - "rowSpan", - "colSpan", - "useMap", - "frameBorder", - "contentEditable" - ], function() { - jQuery.propFix[ this.toLowerCase() ] = this; - } ); - - - - - // Strip and collapse whitespace according to HTML spec - // https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace - function stripAndCollapse( value ) { - var tokens = value.match( rnothtmlwhite ) || []; - return tokens.join( " " ); - } - - - function getClass( elem ) { - return elem.getAttribute && elem.getAttribute( "class" ) || ""; - } - - function classesToArray( value ) { - if ( Array.isArray( value ) ) { - return value; - } - if ( typeof value === "string" ) { - return value.match( rnothtmlwhite ) || []; - } - return []; - } - - jQuery.fn.extend( { - addClass: function( value ) { - var classes, elem, cur, curValue, clazz, j, finalValue, - i = 0; - - if ( isFunction( value ) ) { - return this.each( function( j ) { - jQuery( this ).addClass( value.call( this, j, getClass( this ) ) ); - } ); - } - - classes = classesToArray( value ); - - if ( classes.length ) { - while ( ( elem = this[ i++ ] ) ) { - curValue = getClass( elem ); - cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); - - if ( cur ) { - j = 0; - while ( ( clazz = classes[ j++ ] ) ) { - if ( cur.indexOf( " " + clazz + " " ) < 0 ) { - cur += clazz + " "; - } - } - - // Only assign if different to avoid unneeded rendering. - finalValue = stripAndCollapse( cur ); - if ( curValue !== finalValue ) { - elem.setAttribute( "class", finalValue ); - } - } - } - } - - return this; - }, - - removeClass: function( value ) { - var classes, elem, cur, curValue, clazz, j, finalValue, - i = 0; - - if ( isFunction( value ) ) { - return this.each( function( j ) { - jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) ); - } ); - } - - if ( !arguments.length ) { - return this.attr( "class", "" ); - } - - classes = classesToArray( value ); - - if ( classes.length ) { - while ( ( elem = this[ i++ ] ) ) { - curValue = getClass( elem ); - - // This expression is here for better compressibility (see addClass) - cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); - - if ( cur ) { - j = 0; - while ( ( clazz = classes[ j++ ] ) ) { - - // Remove *all* instances - while ( cur.indexOf( " " + clazz + " " ) > -1 ) { - cur = cur.replace( " " + clazz + " ", " " ); - } - } - - // Only assign if different to avoid unneeded rendering. - finalValue = stripAndCollapse( cur ); - if ( curValue !== finalValue ) { - elem.setAttribute( "class", finalValue ); - } - } - } - } - - return this; - }, - - toggleClass: function( value, stateVal ) { - var type = typeof value, - isValidValue = type === "string" || Array.isArray( value ); - - if ( typeof stateVal === "boolean" && isValidValue ) { - return stateVal ? this.addClass( value ) : this.removeClass( value ); - } - - if ( isFunction( value ) ) { - return this.each( function( i ) { - jQuery( this ).toggleClass( - value.call( this, i, getClass( this ), stateVal ), - stateVal - ); - } ); - } - - return this.each( function() { - var className, i, self, classNames; - - if ( isValidValue ) { - - // Toggle individual class names - i = 0; - self = jQuery( this ); - classNames = classesToArray( value ); - - while ( ( className = classNames[ i++ ] ) ) { - - // Check each className given, space separated list - if ( self.hasClass( className ) ) { - self.removeClass( className ); - } else { - self.addClass( className ); - } - } - - // Toggle whole class name - } else if ( value === undefined || type === "boolean" ) { - className = getClass( this ); - if ( className ) { - - // Store className if set - dataPriv.set( this, "__className__", className ); - } - - // If the element has a class name or if we're passed `false`, - // then remove the whole classname (if there was one, the above saved it). - // Otherwise bring back whatever was previously saved (if anything), - // falling back to the empty string if nothing was stored. - if ( this.setAttribute ) { - this.setAttribute( "class", - className || value === false ? - "" : - dataPriv.get( this, "__className__" ) || "" - ); - } - } - } ); - }, - - hasClass: function( selector ) { - var className, elem, - i = 0; - - className = " " + selector + " "; - while ( ( elem = this[ i++ ] ) ) { - if ( elem.nodeType === 1 && - ( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) { - return true; - } - } - - return false; - } - } ); - - - - - var rreturn = /\r/g; - - jQuery.fn.extend( { - val: function( value ) { - var hooks, ret, valueIsFunction, - elem = this[ 0 ]; - - if ( !arguments.length ) { - if ( elem ) { - hooks = jQuery.valHooks[ elem.type ] || - jQuery.valHooks[ elem.nodeName.toLowerCase() ]; - - if ( hooks && - "get" in hooks && - ( ret = hooks.get( elem, "value" ) ) !== undefined - ) { - return ret; - } - - ret = elem.value; - - // Handle most common string cases - if ( typeof ret === "string" ) { - return ret.replace( rreturn, "" ); - } - - // Handle cases where value is null/undef or number - return ret == null ? "" : ret; - } - - return; - } - - valueIsFunction = isFunction( value ); - - return this.each( function( i ) { - var val; - - if ( this.nodeType !== 1 ) { - return; - } - - if ( valueIsFunction ) { - val = value.call( this, i, jQuery( this ).val() ); - } else { - val = value; - } - - // Treat null/undefined as ""; convert numbers to string - if ( val == null ) { - val = ""; - - } else if ( typeof val === "number" ) { - val += ""; - - } else if ( Array.isArray( val ) ) { - val = jQuery.map( val, function( value ) { - return value == null ? "" : value + ""; - } ); - } - - hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ]; - - // If set returns undefined, fall back to normal setting - if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) { - this.value = val; - } - } ); - } - } ); - - jQuery.extend( { - valHooks: { - option: { - get: function( elem ) { - - var val = jQuery.find.attr( elem, "value" ); - return val != null ? - val : - - // Support: IE <=10 - 11 only - // option.text throws exceptions (#14686, #14858) - // Strip and collapse whitespace - // https://html.spec.whatwg.org/#strip-and-collapse-whitespace - stripAndCollapse( jQuery.text( elem ) ); - } - }, - select: { - get: function( elem ) { - var value, option, i, - options = elem.options, - index = elem.selectedIndex, - one = elem.type === "select-one", - values = one ? null : [], - max = one ? index + 1 : options.length; - - if ( index < 0 ) { - i = max; - - } else { - i = one ? index : 0; - } - - // Loop through all the selected options - for ( ; i < max; i++ ) { - option = options[ i ]; - - // Support: IE <=9 only - // IE8-9 doesn't update selected after form reset (#2551) - if ( ( option.selected || i === index ) && - - // Don't return options that are disabled or in a disabled optgroup - !option.disabled && - ( !option.parentNode.disabled || - !nodeName( option.parentNode, "optgroup" ) ) ) { - - // Get the specific value for the option - value = jQuery( option ).val(); - - // We don't need an array for one selects - if ( one ) { - return value; - } - - // Multi-Selects return an array - values.push( value ); - } - } - - return values; - }, - - set: function( elem, value ) { - var optionSet, option, - options = elem.options, - values = jQuery.makeArray( value ), - i = options.length; - - while ( i-- ) { - option = options[ i ]; - - /* eslint-disable no-cond-assign */ - - if ( option.selected = - jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1 - ) { - optionSet = true; - } - - /* eslint-enable no-cond-assign */ - } - - // Force browsers to behave consistently when non-matching value is set - if ( !optionSet ) { - elem.selectedIndex = -1; - } - return values; - } - } - } - } ); - -// Radios and checkboxes getter/setter - jQuery.each( [ "radio", "checkbox" ], function() { - jQuery.valHooks[ this ] = { - set: function( elem, value ) { - if ( Array.isArray( value ) ) { - return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 ); - } - } - }; - if ( !support.checkOn ) { - jQuery.valHooks[ this ].get = function( elem ) { - return elem.getAttribute( "value" ) === null ? "on" : elem.value; - }; - } - } ); - - - - -// Return jQuery for attributes-only inclusion - - - support.focusin = "onfocusin" in window; - - - var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/, - stopPropagationCallback = function( e ) { - e.stopPropagation(); - }; - - jQuery.extend( jQuery.event, { - - trigger: function( event, data, elem, onlyHandlers ) { - - var i, cur, tmp, bubbleType, ontype, handle, special, lastElement, - eventPath = [ elem || document ], - type = hasOwn.call( event, "type" ) ? event.type : event, - namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : []; - - cur = lastElement = tmp = elem = elem || document; - - // Don't do events on text and comment nodes - if ( elem.nodeType === 3 || elem.nodeType === 8 ) { - return; - } - - // focus/blur morphs to focusin/out; ensure we're not firing them right now - if ( rfocusMorph.test( type + jQuery.event.triggered ) ) { - return; - } - - if ( type.indexOf( "." ) > -1 ) { - - // Namespaced trigger; create a regexp to match event type in handle() - namespaces = type.split( "." ); - type = namespaces.shift(); - namespaces.sort(); - } - ontype = type.indexOf( ":" ) < 0 && "on" + type; - - // Caller can pass in a jQuery.Event object, Object, or just an event type string - event = event[ jQuery.expando ] ? - event : - new jQuery.Event( type, typeof event === "object" && event ); - - // Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true) - event.isTrigger = onlyHandlers ? 2 : 3; - event.namespace = namespaces.join( "." ); - event.rnamespace = event.namespace ? - new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) : - null; - - // Clean up the event in case it is being reused - event.result = undefined; - if ( !event.target ) { - event.target = elem; - } - - // Clone any incoming data and prepend the event, creating the handler arg list - data = data == null ? - [ event ] : - jQuery.makeArray( data, [ event ] ); - - // Allow special events to draw outside the lines - special = jQuery.event.special[ type ] || {}; - if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) { - return; - } - - // Determine event propagation path in advance, per W3C events spec (#9951) - // Bubble up to document, then to window; watch for a global ownerDocument var (#9724) - if ( !onlyHandlers && !special.noBubble && !isWindow( elem ) ) { - - bubbleType = special.delegateType || type; - if ( !rfocusMorph.test( bubbleType + type ) ) { - cur = cur.parentNode; - } - for ( ; cur; cur = cur.parentNode ) { - eventPath.push( cur ); - tmp = cur; - } - - // Only add window if we got to document (e.g., not plain obj or detached DOM) - if ( tmp === ( elem.ownerDocument || document ) ) { - eventPath.push( tmp.defaultView || tmp.parentWindow || window ); - } - } - - // Fire handlers on the event path - i = 0; - while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) { - lastElement = cur; - event.type = i > 1 ? - bubbleType : - special.bindType || type; - - // jQuery handler - handle = ( dataPriv.get( cur, "events" ) || Object.create( null ) )[ event.type ] && - dataPriv.get( cur, "handle" ); - if ( handle ) { - handle.apply( cur, data ); - } - - // Native handler - handle = ontype && cur[ ontype ]; - if ( handle && handle.apply && acceptData( cur ) ) { - event.result = handle.apply( cur, data ); - if ( event.result === false ) { - event.preventDefault(); - } - } - } - event.type = type; - - // If nobody prevented the default action, do it now - if ( !onlyHandlers && !event.isDefaultPrevented() ) { - - if ( ( !special._default || - special._default.apply( eventPath.pop(), data ) === false ) && - acceptData( elem ) ) { - - // Call a native DOM method on the target with the same name as the event. - // Don't do default actions on window, that's where global variables be (#6170) - if ( ontype && isFunction( elem[ type ] ) && !isWindow( elem ) ) { - - // Don't re-trigger an onFOO event when we call its FOO() method - tmp = elem[ ontype ]; - - if ( tmp ) { - elem[ ontype ] = null; - } - - // Prevent re-triggering of the same event, since we already bubbled it above - jQuery.event.triggered = type; - - if ( event.isPropagationStopped() ) { - lastElement.addEventListener( type, stopPropagationCallback ); - } - - elem[ type ](); - - if ( event.isPropagationStopped() ) { - lastElement.removeEventListener( type, stopPropagationCallback ); - } - - jQuery.event.triggered = undefined; - - if ( tmp ) { - elem[ ontype ] = tmp; - } - } - } - } - - return event.result; - }, - - // Piggyback on a donor event to simulate a different one - // Used only for `focus(in | out)` events - simulate: function( type, elem, event ) { - var e = jQuery.extend( - new jQuery.Event(), - event, - { - type: type, - isSimulated: true - } - ); - - jQuery.event.trigger( e, null, elem ); - } - - } ); - - jQuery.fn.extend( { - - trigger: function( type, data ) { - return this.each( function() { - jQuery.event.trigger( type, data, this ); - } ); - }, - triggerHandler: function( type, data ) { - var elem = this[ 0 ]; - if ( elem ) { - return jQuery.event.trigger( type, data, elem, true ); - } - } - } ); - - -// Support: Firefox <=44 -// Firefox doesn't have focus(in | out) events -// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787 -// -// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1 -// focus(in | out) events fire after focus & blur events, -// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order -// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857 - if ( !support.focusin ) { - jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) { - - // Attach a single capturing handler on the document while someone wants focusin/focusout - var handler = function( event ) { - jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) ); - }; - - jQuery.event.special[ fix ] = { - setup: function() { - - // Handle: regular nodes (via `this.ownerDocument`), window - // (via `this.document`) & document (via `this`). - var doc = this.ownerDocument || this.document || this, - attaches = dataPriv.access( doc, fix ); - - if ( !attaches ) { - doc.addEventListener( orig, handler, true ); - } - dataPriv.access( doc, fix, ( attaches || 0 ) + 1 ); - }, - teardown: function() { - var doc = this.ownerDocument || this.document || this, - attaches = dataPriv.access( doc, fix ) - 1; - - if ( !attaches ) { - doc.removeEventListener( orig, handler, true ); - dataPriv.remove( doc, fix ); - - } else { - dataPriv.access( doc, fix, attaches ); - } - } - }; - } ); - } - var location = window.location; - - var nonce = { guid: Date.now() }; - - var rquery = ( /\?/ ); - - - -// Cross-browser xml parsing - jQuery.parseXML = function( data ) { - var xml, parserErrorElem; - if ( !data || typeof data !== "string" ) { - return null; - } - - // Support: IE 9 - 11 only - // IE throws on parseFromString with invalid input. - try { - xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" ); - } catch ( e ) {} - - parserErrorElem = xml && xml.getElementsByTagName( "parsererror" )[ 0 ]; - if ( !xml || parserErrorElem ) { - jQuery.error( "Invalid XML: " + ( - parserErrorElem ? - jQuery.map( parserErrorElem.childNodes, function( el ) { - return el.textContent; - } ).join( "\n" ) : - data - ) ); - } - return xml; - }; - - - var - rbracket = /\[\]$/, - rCRLF = /\r?\n/g, - rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i, - rsubmittable = /^(?:input|select|textarea|keygen)/i; - - function buildParams( prefix, obj, traditional, add ) { - var name; - - if ( Array.isArray( obj ) ) { - - // Serialize array item. - jQuery.each( obj, function( i, v ) { - if ( traditional || rbracket.test( prefix ) ) { - - // Treat each array item as a scalar. - add( prefix, v ); - - } else { - - // Item is non-scalar (array or object), encode its numeric index. - buildParams( - prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]", - v, - traditional, - add - ); - } - } ); - - } else if ( !traditional && toType( obj ) === "object" ) { - - // Serialize object item. - for ( name in obj ) { - buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add ); - } - - } else { - - // Serialize scalar item. - add( prefix, obj ); - } - } - -// Serialize an array of form elements or a set of -// key/values into a query string - jQuery.param = function( a, traditional ) { - var prefix, - s = [], - add = function( key, valueOrFunction ) { - - // If value is a function, invoke it and use its return value - var value = isFunction( valueOrFunction ) ? - valueOrFunction() : - valueOrFunction; - - s[ s.length ] = encodeURIComponent( key ) + "=" + - encodeURIComponent( value == null ? "" : value ); - }; - - if ( a == null ) { - return ""; - } - - // If an array was passed in, assume that it is an array of form elements. - if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) { - - // Serialize the form elements - jQuery.each( a, function() { - add( this.name, this.value ); - } ); - - } else { - - // If traditional, encode the "old" way (the way 1.3.2 or older - // did it), otherwise encode params recursively. - for ( prefix in a ) { - buildParams( prefix, a[ prefix ], traditional, add ); - } - } - - // Return the resulting serialization - return s.join( "&" ); - }; - - jQuery.fn.extend( { - serialize: function() { - return jQuery.param( this.serializeArray() ); - }, - serializeArray: function() { - return this.map( function() { - - // Can add propHook for "elements" to filter or add form elements - var elements = jQuery.prop( this, "elements" ); - return elements ? jQuery.makeArray( elements ) : this; - } ).filter( function() { - var type = this.type; - - // Use .is( ":disabled" ) so that fieldset[disabled] works - return this.name && !jQuery( this ).is( ":disabled" ) && - rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) && - ( this.checked || !rcheckableType.test( type ) ); - } ).map( function( _i, elem ) { - var val = jQuery( this ).val(); - - if ( val == null ) { - return null; - } - - if ( Array.isArray( val ) ) { - return jQuery.map( val, function( val ) { - return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; - } ); - } - - return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; - } ).get(); - } - } ); - - - var - r20 = /%20/g, - rhash = /#.*$/, - rantiCache = /([?&])_=[^&]*/, - rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg, - - // #7653, #8125, #8152: local protocol detection - rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/, - rnoContent = /^(?:GET|HEAD)$/, - rprotocol = /^\/\//, - - /* Prefilters - * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) - * 2) These are called: - * - BEFORE asking for a transport - * - AFTER param serialization (s.data is a string if s.processData is true) - * 3) key is the dataType - * 4) the catchall symbol "*" can be used - * 5) execution will start with transport dataType and THEN continue down to "*" if needed - */ - prefilters = {}, - - /* Transports bindings - * 1) key is the dataType - * 2) the catchall symbol "*" can be used - * 3) selection will start with transport dataType and THEN go to "*" if needed - */ - transports = {}, - - // Avoid comment-prolog char sequence (#10098); must appease lint and evade compression - allTypes = "*/".concat( "*" ), - - // Anchor tag for parsing the document origin - originAnchor = document.createElement( "a" ); - - originAnchor.href = location.href; - -// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport - function addToPrefiltersOrTransports( structure ) { - - // dataTypeExpression is optional and defaults to "*" - return function( dataTypeExpression, func ) { - - if ( typeof dataTypeExpression !== "string" ) { - func = dataTypeExpression; - dataTypeExpression = "*"; - } - - var dataType, - i = 0, - dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || []; - - if ( isFunction( func ) ) { - - // For each dataType in the dataTypeExpression - while ( ( dataType = dataTypes[ i++ ] ) ) { - - // Prepend if requested - if ( dataType[ 0 ] === "+" ) { - dataType = dataType.slice( 1 ) || "*"; - ( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func ); - - // Otherwise append - } else { - ( structure[ dataType ] = structure[ dataType ] || [] ).push( func ); - } - } - } - }; - } - -// Base inspection function for prefilters and transports - function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) { - - var inspected = {}, - seekingTransport = ( structure === transports ); - - function inspect( dataType ) { - var selected; - inspected[ dataType ] = true; - jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) { - var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR ); - if ( typeof dataTypeOrTransport === "string" && - !seekingTransport && !inspected[ dataTypeOrTransport ] ) { - - options.dataTypes.unshift( dataTypeOrTransport ); - inspect( dataTypeOrTransport ); - return false; - } else if ( seekingTransport ) { - return !( selected = dataTypeOrTransport ); - } - } ); - return selected; - } - - return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" ); - } - -// A special extend for ajax options -// that takes "flat" options (not to be deep extended) -// Fixes #9887 - function ajaxExtend( target, src ) { - var key, deep, - flatOptions = jQuery.ajaxSettings.flatOptions || {}; - - for ( key in src ) { - if ( src[ key ] !== undefined ) { - ( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ]; - } - } - if ( deep ) { - jQuery.extend( true, target, deep ); - } - - return target; - } - - /* Handles responses to an ajax request: - * - finds the right dataType (mediates between content-type and expected dataType) - * - returns the corresponding response - */ - function ajaxHandleResponses( s, jqXHR, responses ) { - - var ct, type, finalDataType, firstDataType, - contents = s.contents, - dataTypes = s.dataTypes; - - // Remove auto dataType and get content-type in the process - while ( dataTypes[ 0 ] === "*" ) { - dataTypes.shift(); - if ( ct === undefined ) { - ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" ); - } - } - - // Check if we're dealing with a known content-type - if ( ct ) { - for ( type in contents ) { - if ( contents[ type ] && contents[ type ].test( ct ) ) { - dataTypes.unshift( type ); - break; - } - } - } - - // Check to see if we have a response for the expected dataType - if ( dataTypes[ 0 ] in responses ) { - finalDataType = dataTypes[ 0 ]; - } else { - - // Try convertible dataTypes - for ( type in responses ) { - if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) { - finalDataType = type; - break; - } - if ( !firstDataType ) { - firstDataType = type; - } - } - - // Or just use first one - finalDataType = finalDataType || firstDataType; - } - - // If we found a dataType - // We add the dataType to the list if needed - // and return the corresponding response - if ( finalDataType ) { - if ( finalDataType !== dataTypes[ 0 ] ) { - dataTypes.unshift( finalDataType ); - } - return responses[ finalDataType ]; - } - } - - /* Chain conversions given the request and the original response - * Also sets the responseXXX fields on the jqXHR instance - */ - function ajaxConvert( s, response, jqXHR, isSuccess ) { - var conv2, current, conv, tmp, prev, - converters = {}, - - // Work with a copy of dataTypes in case we need to modify it for conversion - dataTypes = s.dataTypes.slice(); - - // Create converters map with lowercased keys - if ( dataTypes[ 1 ] ) { - for ( conv in s.converters ) { - converters[ conv.toLowerCase() ] = s.converters[ conv ]; - } - } - - current = dataTypes.shift(); - - // Convert to each sequential dataType - while ( current ) { - - if ( s.responseFields[ current ] ) { - jqXHR[ s.responseFields[ current ] ] = response; - } - - // Apply the dataFilter if provided - if ( !prev && isSuccess && s.dataFilter ) { - response = s.dataFilter( response, s.dataType ); - } - - prev = current; - current = dataTypes.shift(); - - if ( current ) { - - // There's only work to do if current dataType is non-auto - if ( current === "*" ) { - - current = prev; - - // Convert response if prev dataType is non-auto and differs from current - } else if ( prev !== "*" && prev !== current ) { - - // Seek a direct converter - conv = converters[ prev + " " + current ] || converters[ "* " + current ]; - - // If none found, seek a pair - if ( !conv ) { - for ( conv2 in converters ) { - - // If conv2 outputs current - tmp = conv2.split( " " ); - if ( tmp[ 1 ] === current ) { - - // If prev can be converted to accepted input - conv = converters[ prev + " " + tmp[ 0 ] ] || - converters[ "* " + tmp[ 0 ] ]; - if ( conv ) { - - // Condense equivalence converters - if ( conv === true ) { - conv = converters[ conv2 ]; - - // Otherwise, insert the intermediate dataType - } else if ( converters[ conv2 ] !== true ) { - current = tmp[ 0 ]; - dataTypes.unshift( tmp[ 1 ] ); - } - break; - } - } - } - } - - // Apply converter (if not an equivalence) - if ( conv !== true ) { - - // Unless errors are allowed to bubble, catch and return them - if ( conv && s.throws ) { - response = conv( response ); - } else { - try { - response = conv( response ); - } catch ( e ) { - return { - state: "parsererror", - error: conv ? e : "No conversion from " + prev + " to " + current - }; - } - } - } - } - } - } - - return { state: "success", data: response }; - } - - jQuery.extend( { - - // Counter for holding the number of active queries - active: 0, - - // Last-Modified header cache for next request - lastModified: {}, - etag: {}, - - ajaxSettings: { - url: location.href, - type: "GET", - isLocal: rlocalProtocol.test( location.protocol ), - global: true, - processData: true, - async: true, - contentType: "application/x-www-form-urlencoded; charset=UTF-8", - - /* - timeout: 0, - data: null, - dataType: null, - username: null, - password: null, - cache: null, - throws: false, - traditional: false, - headers: {}, - */ - - accepts: { - "*": allTypes, - text: "text/plain", - html: "text/html", - xml: "application/xml, text/xml", - json: "application/json, text/javascript" - }, - - contents: { - xml: /\bxml\b/, - html: /\bhtml/, - json: /\bjson\b/ - }, - - responseFields: { - xml: "responseXML", - text: "responseText", - json: "responseJSON" - }, - - // Data converters - // Keys separate source (or catchall "*") and destination types with a single space - converters: { - - // Convert anything to text - "* text": String, - - // Text to html (true = no transformation) - "text html": true, - - // Evaluate text as a json expression - "text json": JSON.parse, - - // Parse text as xml - "text xml": jQuery.parseXML - }, - - // For options that shouldn't be deep extended: - // you can add your own custom options here if - // and when you create one that shouldn't be - // deep extended (see ajaxExtend) - flatOptions: { - url: true, - context: true - } - }, - - // Creates a full fledged settings object into target - // with both ajaxSettings and settings fields. - // If target is omitted, writes into ajaxSettings. - ajaxSetup: function( target, settings ) { - return settings ? - - // Building a settings object - ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) : - - // Extending ajaxSettings - ajaxExtend( jQuery.ajaxSettings, target ); - }, - - ajaxPrefilter: addToPrefiltersOrTransports( prefilters ), - ajaxTransport: addToPrefiltersOrTransports( transports ), - - // Main method - ajax: function( url, options ) { - - // If url is an object, simulate pre-1.5 signature - if ( typeof url === "object" ) { - options = url; - url = undefined; - } - - // Force options to be an object - options = options || {}; - - var transport, - - // URL without anti-cache param - cacheURL, - - // Response headers - responseHeadersString, - responseHeaders, - - // timeout handle - timeoutTimer, - - // Url cleanup var - urlAnchor, - - // Request state (becomes false upon send and true upon completion) - completed, - - // To know if global events are to be dispatched - fireGlobals, - - // Loop variable - i, - - // uncached part of the url - uncached, - - // Create the final options object - s = jQuery.ajaxSetup( {}, options ), - - // Callbacks context - callbackContext = s.context || s, - - // Context for global events is callbackContext if it is a DOM node or jQuery collection - globalEventContext = s.context && - ( callbackContext.nodeType || callbackContext.jquery ) ? - jQuery( callbackContext ) : - jQuery.event, - - // Deferreds - deferred = jQuery.Deferred(), - completeDeferred = jQuery.Callbacks( "once memory" ), - - // Status-dependent callbacks - statusCode = s.statusCode || {}, - - // Headers (they are sent all at once) - requestHeaders = {}, - requestHeadersNames = {}, - - // Default abort message - strAbort = "canceled", - - // Fake xhr - jqXHR = { - readyState: 0, - - // Builds headers hashtable if needed - getResponseHeader: function( key ) { - var match; - if ( completed ) { - if ( !responseHeaders ) { - responseHeaders = {}; - while ( ( match = rheaders.exec( responseHeadersString ) ) ) { - responseHeaders[ match[ 1 ].toLowerCase() + " " ] = - ( responseHeaders[ match[ 1 ].toLowerCase() + " " ] || [] ) - .concat( match[ 2 ] ); - } - } - match = responseHeaders[ key.toLowerCase() + " " ]; - } - return match == null ? null : match.join( ", " ); - }, - - // Raw string - getAllResponseHeaders: function() { - return completed ? responseHeadersString : null; - }, - - // Caches the header - setRequestHeader: function( name, value ) { - if ( completed == null ) { - name = requestHeadersNames[ name.toLowerCase() ] = - requestHeadersNames[ name.toLowerCase() ] || name; - requestHeaders[ name ] = value; - } - return this; - }, - - // Overrides response content-type header - overrideMimeType: function( type ) { - if ( completed == null ) { - s.mimeType = type; - } - return this; - }, - - // Status-dependent callbacks - statusCode: function( map ) { - var code; - if ( map ) { - if ( completed ) { - - // Execute the appropriate callbacks - jqXHR.always( map[ jqXHR.status ] ); - } else { - - // Lazy-add the new callbacks in a way that preserves old ones - for ( code in map ) { - statusCode[ code ] = [ statusCode[ code ], map[ code ] ]; - } - } - } - return this; - }, - - // Cancel the request - abort: function( statusText ) { - var finalText = statusText || strAbort; - if ( transport ) { - transport.abort( finalText ); - } - done( 0, finalText ); - return this; - } - }; - - // Attach deferreds - deferred.promise( jqXHR ); - - // Add protocol if not provided (prefilters might expect it) - // Handle falsy url in the settings object (#10093: consistency with old signature) - // We also use the url parameter if available - s.url = ( ( url || s.url || location.href ) + "" ) - .replace( rprotocol, location.protocol + "//" ); - - // Alias method option to type as per ticket #12004 - s.type = options.method || options.type || s.method || s.type; - - // Extract dataTypes list - s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ]; - - // A cross-domain request is in order when the origin doesn't match the current origin. - if ( s.crossDomain == null ) { - urlAnchor = document.createElement( "a" ); - - // Support: IE <=8 - 11, Edge 12 - 15 - // IE throws exception on accessing the href property if url is malformed, - // e.g. http://example.com:80x/ - try { - urlAnchor.href = s.url; - - // Support: IE <=8 - 11 only - // Anchor's host property isn't correctly set when s.url is relative - urlAnchor.href = urlAnchor.href; - s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !== - urlAnchor.protocol + "//" + urlAnchor.host; - } catch ( e ) { - - // If there is an error parsing the URL, assume it is crossDomain, - // it can be rejected by the transport if it is invalid - s.crossDomain = true; - } - } - - // Convert data if not already a string - if ( s.data && s.processData && typeof s.data !== "string" ) { - s.data = jQuery.param( s.data, s.traditional ); - } - - // Apply prefilters - inspectPrefiltersOrTransports( prefilters, s, options, jqXHR ); - - // If request was aborted inside a prefilter, stop there - if ( completed ) { - return jqXHR; - } - - // We can fire global events as of now if asked to - // Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118) - fireGlobals = jQuery.event && s.global; - - // Watch for a new set of requests - if ( fireGlobals && jQuery.active++ === 0 ) { - jQuery.event.trigger( "ajaxStart" ); - } - - // Uppercase the type - s.type = s.type.toUpperCase(); - - // Determine if request has content - s.hasContent = !rnoContent.test( s.type ); - - // Save the URL in case we're toying with the If-Modified-Since - // and/or If-None-Match header later on - // Remove hash to simplify url manipulation - cacheURL = s.url.replace( rhash, "" ); - - // More options handling for requests with no content - if ( !s.hasContent ) { - - // Remember the hash so we can put it back - uncached = s.url.slice( cacheURL.length ); - - // If data is available and should be processed, append data to url - if ( s.data && ( s.processData || typeof s.data === "string" ) ) { - cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data; - - // #9682: remove data so that it's not used in an eventual retry - delete s.data; - } - - // Add or update anti-cache param if needed - if ( s.cache === false ) { - cacheURL = cacheURL.replace( rantiCache, "$1" ); - uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce.guid++ ) + - uncached; - } - - // Put hash and anti-cache on the URL that will be requested (gh-1732) - s.url = cacheURL + uncached; - - // Change '%20' to '+' if this is encoded form body content (gh-2658) - } else if ( s.data && s.processData && - ( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) { - s.data = s.data.replace( r20, "+" ); - } - - // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. - if ( s.ifModified ) { - if ( jQuery.lastModified[ cacheURL ] ) { - jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] ); - } - if ( jQuery.etag[ cacheURL ] ) { - jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] ); - } - } - - // Set the correct header, if data is being sent - if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) { - jqXHR.setRequestHeader( "Content-Type", s.contentType ); - } - - // Set the Accepts header for the server, depending on the dataType - jqXHR.setRequestHeader( - "Accept", - s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ? - s.accepts[ s.dataTypes[ 0 ] ] + - ( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) : - s.accepts[ "*" ] - ); - - // Check for headers option - for ( i in s.headers ) { - jqXHR.setRequestHeader( i, s.headers[ i ] ); - } - - // Allow custom headers/mimetypes and early abort - if ( s.beforeSend && - ( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) { - - // Abort if not done already and return - return jqXHR.abort(); - } - - // Aborting is no longer a cancellation - strAbort = "abort"; - - // Install callbacks on deferreds - completeDeferred.add( s.complete ); - jqXHR.done( s.success ); - jqXHR.fail( s.error ); - - // Get transport - transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR ); - - // If no transport, we auto-abort - if ( !transport ) { - done( -1, "No Transport" ); - } else { - jqXHR.readyState = 1; - - // Send global event - if ( fireGlobals ) { - globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] ); - } - - // If request was aborted inside ajaxSend, stop there - if ( completed ) { - return jqXHR; - } - - // Timeout - if ( s.async && s.timeout > 0 ) { - timeoutTimer = window.setTimeout( function() { - jqXHR.abort( "timeout" ); - }, s.timeout ); - } - - try { - completed = false; - transport.send( requestHeaders, done ); - } catch ( e ) { - - // Rethrow post-completion exceptions - if ( completed ) { - throw e; - } - - // Propagate others as results - done( -1, e ); - } - } - - // Callback for when everything is done - function done( status, nativeStatusText, responses, headers ) { - var isSuccess, success, error, response, modified, - statusText = nativeStatusText; - - // Ignore repeat invocations - if ( completed ) { - return; - } - - completed = true; - - // Clear timeout if it exists - if ( timeoutTimer ) { - window.clearTimeout( timeoutTimer ); - } - - // Dereference transport for early garbage collection - // (no matter how long the jqXHR object will be used) - transport = undefined; - - // Cache response headers - responseHeadersString = headers || ""; - - // Set readyState - jqXHR.readyState = status > 0 ? 4 : 0; - - // Determine if successful - isSuccess = status >= 200 && status < 300 || status === 304; - - // Get response data - if ( responses ) { - response = ajaxHandleResponses( s, jqXHR, responses ); - } - - // Use a noop converter for missing script but not if jsonp - if ( !isSuccess && - jQuery.inArray( "script", s.dataTypes ) > -1 && - jQuery.inArray( "json", s.dataTypes ) < 0 ) { - s.converters[ "text script" ] = function() {}; - } - - // Convert no matter what (that way responseXXX fields are always set) - response = ajaxConvert( s, response, jqXHR, isSuccess ); - - // If successful, handle type chaining - if ( isSuccess ) { - - // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. - if ( s.ifModified ) { - modified = jqXHR.getResponseHeader( "Last-Modified" ); - if ( modified ) { - jQuery.lastModified[ cacheURL ] = modified; - } - modified = jqXHR.getResponseHeader( "etag" ); - if ( modified ) { - jQuery.etag[ cacheURL ] = modified; - } - } - - // if no content - if ( status === 204 || s.type === "HEAD" ) { - statusText = "nocontent"; - - // if not modified - } else if ( status === 304 ) { - statusText = "notmodified"; - - // If we have data, let's convert it - } else { - statusText = response.state; - success = response.data; - error = response.error; - isSuccess = !error; - } - } else { - - // Extract error from statusText and normalize for non-aborts - error = statusText; - if ( status || !statusText ) { - statusText = "error"; - if ( status < 0 ) { - status = 0; - } - } - } - - // Set data for the fake xhr object - jqXHR.status = status; - jqXHR.statusText = ( nativeStatusText || statusText ) + ""; - - // Success/Error - if ( isSuccess ) { - deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] ); - } else { - deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] ); - } - - // Status-dependent callbacks - jqXHR.statusCode( statusCode ); - statusCode = undefined; - - if ( fireGlobals ) { - globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError", - [ jqXHR, s, isSuccess ? success : error ] ); - } - - // Complete - completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] ); - - if ( fireGlobals ) { - globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] ); - - // Handle the global AJAX counter - if ( !( --jQuery.active ) ) { - jQuery.event.trigger( "ajaxStop" ); - } - } - } - - return jqXHR; - }, - - getJSON: function( url, data, callback ) { - return jQuery.get( url, data, callback, "json" ); - }, - - getScript: function( url, callback ) { - return jQuery.get( url, undefined, callback, "script" ); - } - } ); - - jQuery.each( [ "get", "post" ], function( _i, method ) { - jQuery[ method ] = function( url, data, callback, type ) { - - // Shift arguments if data argument was omitted - if ( isFunction( data ) ) { - type = type || callback; - callback = data; - data = undefined; - } - - // The url can be an options object (which then must have .url) - return jQuery.ajax( jQuery.extend( { - url: url, - type: method, - dataType: type, - data: data, - success: callback - }, jQuery.isPlainObject( url ) && url ) ); - }; - } ); - - jQuery.ajaxPrefilter( function( s ) { - var i; - for ( i in s.headers ) { - if ( i.toLowerCase() === "content-type" ) { - s.contentType = s.headers[ i ] || ""; - } - } - } ); - - - jQuery._evalUrl = function( url, options, doc ) { - return jQuery.ajax( { - url: url, - - // Make this explicit, since user can override this through ajaxSetup (#11264) - type: "GET", - dataType: "script", - cache: true, - async: false, - global: false, - - // Only evaluate the response if it is successful (gh-4126) - // dataFilter is not invoked for failure responses, so using it instead - // of the default converter is kludgy but it works. - converters: { - "text script": function() {} - }, - dataFilter: function( response ) { - jQuery.globalEval( response, options, doc ); - } - } ); - }; - - - jQuery.fn.extend( { - wrapAll: function( html ) { - var wrap; - - if ( this[ 0 ] ) { - if ( isFunction( html ) ) { - html = html.call( this[ 0 ] ); - } - - // The elements to wrap the target around - wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true ); - - if ( this[ 0 ].parentNode ) { - wrap.insertBefore( this[ 0 ] ); - } - - wrap.map( function() { - var elem = this; - - while ( elem.firstElementChild ) { - elem = elem.firstElementChild; - } - - return elem; - } ).append( this ); - } - - return this; - }, - - wrapInner: function( html ) { - if ( isFunction( html ) ) { - return this.each( function( i ) { - jQuery( this ).wrapInner( html.call( this, i ) ); - } ); - } - - return this.each( function() { - var self = jQuery( this ), - contents = self.contents(); - - if ( contents.length ) { - contents.wrapAll( html ); - - } else { - self.append( html ); - } - } ); - }, - - wrap: function( html ) { - var htmlIsFunction = isFunction( html ); - - return this.each( function( i ) { - jQuery( this ).wrapAll( htmlIsFunction ? html.call( this, i ) : html ); - } ); - }, - - unwrap: function( selector ) { - this.parent( selector ).not( "body" ).each( function() { - jQuery( this ).replaceWith( this.childNodes ); - } ); - return this; - } - } ); - - - jQuery.expr.pseudos.hidden = function( elem ) { - return !jQuery.expr.pseudos.visible( elem ); - }; - jQuery.expr.pseudos.visible = function( elem ) { - return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length ); - }; - - - - - jQuery.ajaxSettings.xhr = function() { - try { - return new window.XMLHttpRequest(); - } catch ( e ) {} - }; - - var xhrSuccessStatus = { - - // File protocol always yields status code 0, assume 200 - 0: 200, - - // Support: IE <=9 only - // #1450: sometimes IE returns 1223 when it should be 204 - 1223: 204 - }, - xhrSupported = jQuery.ajaxSettings.xhr(); - - support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported ); - support.ajax = xhrSupported = !!xhrSupported; - - jQuery.ajaxTransport( function( options ) { - var callback, errorCallback; - - // Cross domain only allowed if supported through XMLHttpRequest - if ( support.cors || xhrSupported && !options.crossDomain ) { - return { - send: function( headers, complete ) { - var i, - xhr = options.xhr(); - - xhr.open( - options.type, - options.url, - options.async, - options.username, - options.password - ); - - // Apply custom fields if provided - if ( options.xhrFields ) { - for ( i in options.xhrFields ) { - xhr[ i ] = options.xhrFields[ i ]; - } - } - - // Override mime type if needed - if ( options.mimeType && xhr.overrideMimeType ) { - xhr.overrideMimeType( options.mimeType ); - } - - // X-Requested-With header - // For cross-domain requests, seeing as conditions for a preflight are - // akin to a jigsaw puzzle, we simply never set it to be sure. - // (it can always be set on a per-request basis or even using ajaxSetup) - // For same-domain requests, won't change header if already provided. - if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) { - headers[ "X-Requested-With" ] = "XMLHttpRequest"; - } - - // Set headers - for ( i in headers ) { - xhr.setRequestHeader( i, headers[ i ] ); - } - - // Callback - callback = function( type ) { - return function() { - if ( callback ) { - callback = errorCallback = xhr.onload = - xhr.onerror = xhr.onabort = xhr.ontimeout = - xhr.onreadystatechange = null; - - if ( type === "abort" ) { - xhr.abort(); - } else if ( type === "error" ) { - - // Support: IE <=9 only - // On a manual native abort, IE9 throws - // errors on any property access that is not readyState - if ( typeof xhr.status !== "number" ) { - complete( 0, "error" ); - } else { - complete( - - // File: protocol always yields status 0; see #8605, #14207 - xhr.status, - xhr.statusText - ); - } - } else { - complete( - xhrSuccessStatus[ xhr.status ] || xhr.status, - xhr.statusText, - - // Support: IE <=9 only - // IE9 has no XHR2 but throws on binary (trac-11426) - // For XHR2 non-text, let the caller handle it (gh-2498) - ( xhr.responseType || "text" ) !== "text" || - typeof xhr.responseText !== "string" ? - { binary: xhr.response } : - { text: xhr.responseText }, - xhr.getAllResponseHeaders() - ); - } - } - }; - }; - - // Listen to events - xhr.onload = callback(); - errorCallback = xhr.onerror = xhr.ontimeout = callback( "error" ); - - // Support: IE 9 only - // Use onreadystatechange to replace onabort - // to handle uncaught aborts - if ( xhr.onabort !== undefined ) { - xhr.onabort = errorCallback; - } else { - xhr.onreadystatechange = function() { - - // Check readyState before timeout as it changes - if ( xhr.readyState === 4 ) { - - // Allow onerror to be called first, - // but that will not handle a native abort - // Also, save errorCallback to a variable - // as xhr.onerror cannot be accessed - window.setTimeout( function() { - if ( callback ) { - errorCallback(); - } - } ); - } - }; - } - - // Create the abort callback - callback = callback( "abort" ); - - try { - - // Do send the request (this may raise an exception) - xhr.send( options.hasContent && options.data || null ); - } catch ( e ) { - - // #14683: Only rethrow if this hasn't been notified as an error yet - if ( callback ) { - throw e; - } - } - }, - - abort: function() { - if ( callback ) { - callback(); - } - } - }; - } - } ); - - - - -// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432) - jQuery.ajaxPrefilter( function( s ) { - if ( s.crossDomain ) { - s.contents.script = false; - } - } ); - -// Install script dataType - jQuery.ajaxSetup( { - accepts: { - script: "text/javascript, application/javascript, " + - "application/ecmascript, application/x-ecmascript" - }, - contents: { - script: /\b(?:java|ecma)script\b/ - }, - converters: { - "text script": function( text ) { - jQuery.globalEval( text ); - return text; - } - } - } ); - -// Handle cache's special case and crossDomain - jQuery.ajaxPrefilter( "script", function( s ) { - if ( s.cache === undefined ) { - s.cache = false; - } - if ( s.crossDomain ) { - s.type = "GET"; - } - } ); - -// Bind script tag hack transport - jQuery.ajaxTransport( "script", function( s ) { - - // This transport only deals with cross domain or forced-by-attrs requests - if ( s.crossDomain || s.scriptAttrs ) { - var script, callback; - return { - send: function( _, complete ) { - script = jQuery( " - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/blacklist.html b/openid-connect-server-webapp/src/main/webapp/resources/template/blacklist.html deleted file mode 100644 index 074fd0a0df..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/blacklist.html +++ /dev/null @@ -1,68 +0,0 @@ - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html deleted file mode 100644 index 2a748fefbe..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html +++ /dev/null @@ -1,907 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html b/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html deleted file mode 100644 index eda228006d..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html +++ /dev/null @@ -1,621 +0,0 @@ - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/grant.html b/openid-connect-server-webapp/src/main/webapp/resources/template/grant.html deleted file mode 100644 index 0ce60e8e90..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/grant.html +++ /dev/null @@ -1,90 +0,0 @@ - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/rsreg.html b/openid-connect-server-webapp/src/main/webapp/resources/template/rsreg.html deleted file mode 100644 index e8c1a50a29..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/rsreg.html +++ /dev/null @@ -1,305 +0,0 @@ - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/scope.html b/openid-connect-server-webapp/src/main/webapp/resources/template/scope.html deleted file mode 100644 index 618ea16401..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/scope.html +++ /dev/null @@ -1,228 +0,0 @@ - - - - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/token.html b/openid-connect-server-webapp/src/main/webapp/resources/template/token.html deleted file mode 100644 index fac3532061..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/token.html +++ /dev/null @@ -1,144 +0,0 @@ - - - - - - - - diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/whitelist.html b/openid-connect-server-webapp/src/main/webapp/resources/template/whitelist.html deleted file mode 100644 index 220897ee57..0000000000 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/whitelist.html +++ /dev/null @@ -1,109 +0,0 @@ - - - - - - - - diff --git a/openid-connect-server/.gitignore b/openid-connect-server/.gitignore deleted file mode 100644 index 016a3b8f82..0000000000 --- a/openid-connect-server/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -local-values.conf -target -*~ -bin -*.idea -*.iml -*.eml -.project -.settings -.classpath -/target -.springBeans diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml deleted file mode 100644 index eff1246112..0000000000 --- a/openid-connect-server/pom.xml +++ /dev/null @@ -1,83 +0,0 @@ - - - - 4.0.0 - openid-connect-server - OpenID Connect Server Library - - org.mitre - openid-connect-parent - 1.3.5-SNAPSHOT - .. - - - - - org.apache.maven.plugins - maven-compiler-plugin - - ${java-version} - ${java-version} - - - - - - - org.mitre - openid-connect-common - - - org.springframework - spring-tx - - - org.springframework - spring-orm - test - - - commons-logging - commons-logging - - - - - org.eclipse.persistence - org.eclipse.persistence.core - - - org.hsqldb - hsqldb - test - - - org.eclipse.persistence - org.eclipse.persistence.jpa - test - - - - org.apache.commons - commons-io - - - OpenID Connect server libraries for Spring and Spring Security. - - diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java b/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java deleted file mode 100644 index 493f769d3a..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java +++ /dev/null @@ -1,119 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.discovery.view; - -import java.io.IOException; -import java.io.Writer; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.openid.connect.view.HttpCodeView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonArray; -import com.google.gson.JsonObject; - -/** - * @author jricher - * - */ -@Component("webfingerView") -public class WebfingerView extends AbstractView { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(WebfingerView.class); - - private Gson gson = new GsonBuilder() - .setExclusionStrategies(new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - - return false; - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }) - .serializeNulls() - .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") - .create(); - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - response.setContentType("application/jrd+json"); - - - HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); - if (code == null) { - code = HttpStatus.OK; // default to 200 - } - - response.setStatus(code.value()); - - try { - - String resource = (String)model.get("resource"); - String issuer = (String)model.get("issuer"); - - JsonObject obj = new JsonObject(); - obj.addProperty("subject", resource); - - JsonArray links = new JsonArray(); - JsonObject link = new JsonObject(); - link.addProperty("rel", "http://openid.net/specs/connect/1.0/issuer"); - link.addProperty("href", issuer); - links.add(link); - - obj.add("links", links); - - Writer out = response.getWriter(); - gson.toJson(obj, out); - - } catch (IOException e) { - - logger.error("IOException in JsonEntityView.java: ", e); - - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java deleted file mode 100644 index 270a7649eb..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java +++ /dev/null @@ -1,380 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.discovery.web; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.Map; - -import org.mitre.discovery.util.WebfingerURLNormalizer; -import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService; -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.oauth2.model.PKCEAlgorithm; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.oauth2.web.DeviceEndpoint; -import org.mitre.oauth2.web.IntrospectionEndpoint; -import org.mitre.oauth2.web.RevocationEndpoint; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.UserInfoService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint; -import org.mitre.openid.connect.web.EndSessionEndpoint; -import org.mitre.openid.connect.web.JWKSetPublishingEndpoint; -import org.mitre.openid.connect.web.UserInfoEndpoint; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.util.UriComponents; -import org.springframework.web.util.UriComponentsBuilder; - -import com.google.common.base.Function; -import com.google.common.base.Strings; -import com.google.common.collect.Collections2; -import com.google.common.collect.Lists; -import com.nimbusds.jose.Algorithm; -import com.nimbusds.jose.JWSAlgorithm; - -/** - * - * Handle OpenID Connect Discovery. - * - * @author jricher - * - */ -@Controller -public class DiscoveryEndpoint { - - public static final String WELL_KNOWN_URL = ".well-known"; - public static final String OPENID_CONFIGURATION_URL = WELL_KNOWN_URL + "/openid-configuration"; - public static final String WEBFINGER_URL = WELL_KNOWN_URL + "/webfinger"; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(DiscoveryEndpoint.class); - - @Autowired - private ConfigurationPropertiesBean config; - - @Autowired - private SystemScopeService scopeService; - - @Autowired - private JWTSigningAndValidationService signService; - - @Autowired - private JWTEncryptionAndDecryptionService encService; - - @Autowired - private UserInfoService userService; - - - // used to map JWA algorithms objects to strings - private Function toAlgorithmName = new Function() { - @Override - public String apply(Algorithm alg) { - if (alg == null) { - return null; - } else { - return alg.getName(); - } - } - }; - - @RequestMapping(value={"/" + WEBFINGER_URL}, produces = MediaType.APPLICATION_JSON_VALUE) - public String webfinger(@RequestParam("resource") String resource, @RequestParam(value = "rel", required = false) String rel, Model model) { - - if (!Strings.isNullOrEmpty(rel) && !rel.equals("http://openid.net/specs/connect/1.0/issuer")) { - logger.warn("Responding to webfinger request for non-OIDC relation: " + rel); - } - - if (!resource.equals(config.getIssuer())) { - // it's not the issuer directly, need to check other methods - - UriComponents resourceUri = WebfingerURLNormalizer.normalizeResource(resource); - if (resourceUri != null - && resourceUri.getScheme() != null - && resourceUri.getScheme().equals("acct")) { - // acct: URI (email address format) - - // check on email addresses first - UserInfo user = userService.getByEmailAddress(resourceUri.getUserInfo() + "@" + resourceUri.getHost()); - - if (user == null) { - // user wasn't found, see if the local part of the username matches, plus our issuer host - - user = userService.getByUsername(resourceUri.getUserInfo()); // first part is the username - - if (user != null) { - // username matched, check the host component - UriComponents issuerComponents = UriComponentsBuilder.fromHttpUrl(config.getIssuer()).build(); - if (!Strings.nullToEmpty(issuerComponents.getHost()) - .equals(Strings.nullToEmpty(resourceUri.getHost()))) { - logger.info("Host mismatch, expected " + issuerComponents.getHost() + " got " + resourceUri.getHost()); - model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - } else { - - // if the user's still null, punt and say we didn't find them - - logger.info("User not found: " + resource); - model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - } - - } else { - logger.info("Unknown URI format: " + resource); - model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - } - - // if we got here, then we're good, return ourselves - model.addAttribute("resource", resource); - model.addAttribute("issuer", config.getIssuer()); - - return "webfingerView"; - } - - @RequestMapping("/" + OPENID_CONFIGURATION_URL) - public String providerConfiguration(Model model) { - - /* - issuer - REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. - authorization_endpoint - OPTIONAL. URL of the OP's Authentication and Authorization Endpoint [OpenID.Messages]. - token_endpoint - OPTIONAL. URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Messages]. - userinfo_endpoint - RECOMMENDED. URL of the OP's UserInfo Endpoint [OpenID.Messages]. This URL MUST use the https scheme - and MAY contain port, path, and query parameter components. - check_session_iframe - OPTIONAL. URL of an OP endpoint that provides a page to support cross-origin communications for session state information with - the RP Client, using the HTML5 postMessage API. The page is loaded from an invisible iframe embedded in an RP page so that - it can run in the OP's security context. See [OpenID.Session]. - end_session_endpoint - OPTIONAL. URL of the OP's endpoint that initiates logging out the End-User. See [OpenID.Session]. - jwks_uri - REQUIRED. URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the Client uses to - validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), - which are used by Clients to encrypt requests to the Server. When both signing and encryption keys are made available, - a use (Key Use) parameter value is REQUIRED for all keys in the document to indicate each key's intended usage. - registration_endpoint - RECOMMENDED. URL of the OP's Dynamic Client Registration Endpoint [OpenID.Registration]. - scopes_supported - RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. - The server MUST support the openid scope value. - response_types_supported - REQUIRED. JSON array containing a list of the OAuth 2.0 response_type values that this server supports. - The server MUST support the code, id_token, and the token id_token response type values. - grant_types_supported - OPTIONAL. JSON array containing a list of the OAuth 2.0 grant type values that this server supports. - The server MUST support the authorization_code and implicit grant type values - and MAY support the urn:ietf:params:oauth:grant-type:jwt-bearer grant type defined in OAuth JWT Bearer Token Profiles [OAuth.JWT]. - If omitted, the default value is ["authorization_code", "implicit"]. - acr_values_supported - OPTIONAL. JSON array containing a list of the Authentication Context Class References that this server supports. - subject_types_supported - REQUIRED. JSON array containing a list of the subject identifier types that this server supports. Valid types include pairwise and public. - userinfo_signing_alg_values_supported - OPTIONAL. JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to - encode the Claims in a JWT [JWT]. - userinfo_encryption_alg_values_supported - OPTIONAL. JSON array containing a list of the JWE [JWE] encryption algorithms (alg values) [JWA] supported by the UserInfo Endpoint to - encode the Claims in a JWT [JWT]. - userinfo_encryption_enc_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to - encode the Claims in a JWT [JWT]. - id_token_signing_alg_values_supported - REQUIRED. JSON array containing a list of the JWS signing algorithms (alg values) supported by the Authorization Server for the - ID Token to encode the Claims in a JWT [JWT]. - id_token_encryption_alg_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the Authorization Server for the - ID Token to encode the Claims in a JWT [JWT]. - id_token_encryption_enc_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the Authorization Server for the - ID Token to encode the Claims in a JWT [JWT]. - request_object_signing_alg_values_supported - OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the Authorization Server for - the Request Object described in Section 2.9 of OpenID Connect Messages 1.0 [OpenID.Messages]. These algorithms are used both when - the Request Object is passed by value (using the request parameter) and when it is passed by reference (using the request_uri parameter). - Servers SHOULD support none and RS256. - request_object_encryption_alg_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the Authorization Server for - the Request Object described in Section 2.9 of OpenID Connect Messages 1.0 [OpenID.Messages]. These algorithms are used both when - the Request Object is passed by value and when it is passed by reference. - request_object_encryption_enc_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the Authorization Server for - the Request Object described in Section 2.9 of OpenID Connect Messages 1.0 [OpenID.Messages]. These algorithms are used both when - the Request Object is passed by value and when it is passed by reference. - token_endpoint_auth_methods_supported - OPTIONAL. JSON array containing a list of authentication methods supported by this Token Endpoint. - The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, - as described in Section 2.2.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. - Other authentication methods MAY be defined by extensions. - If omitted, the default is client_secret_basic -- the HTTP Basic Authentication Scheme as specified in - Section 2.3.1 of OAuth 2.0 [RFC6749]. - token_endpoint_auth_signing_alg_values_supported - OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the Token Endpoint for - the private_key_jwt and client_secret_jwt methods to encode the JWT [JWT]. Servers SHOULD support RS256. - display_values_supported - OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. - These values are described in Section 2.1.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. - claim_types_supported - OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. - These Claim Types are described in Section 2.6 of OpenID Connect Messages 1.0 [OpenID.Messages]. - Values defined by this specification are normal, aggregated, and distributed. - If not specified, the implementation supports only normal Claims. - claims_supported - RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. - Note that for privacy or other reasons, this might not be an exhaustive list. - service_documentation - OPTIONAL. URL of a page containing human-readable information that developers might want or need to know when using the OpenID Provider. - In particular, if the OpenID Provider does not support Dynamic Client Registration, then information on how to register Clients needs - to be provided in this documentation. - claims_locales_supported - OPTIONAL. Languages and scripts supported for values in Claims being returned, represented as a JSON array of - BCP47 [RFC5646] language tag values. Not all languages and scripts are necessarily supported for all Claim values. - ui_locales_supported - OPTIONAL. Languages and scripts supported for the user interface, represented as a JSON array of BCP47 [RFC5646] language tag values. - claims_parameter_supported - OPTIONAL. Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. - If omitted, the default value is false. - request_parameter_supported - OPTIONAL. Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. - If omitted, the default value is false. - request_uri_parameter_supported - OPTIONAL. Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support. - If omitted, the default value is true. - require_request_uri_registration - OPTIONAL. Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using - the request_uris registration parameter. Pre-registration is REQUIRED when the value is true. If omitted, the default value is false. - op_policy_uri - OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read about the OP's requirements on - how the Relying Party can use the data provided by the OP. The registration process SHOULD display this URL to the person registering - the Client if it is given. - op_tos_uri - OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read about OpenID Provider's terms of service. - The registration process SHOULD display this URL to the person registering the Client if it is given. - */ - String baseUrl = config.getIssuer(); - - if (!baseUrl.endsWith("/")) { - logger.debug("Configured issuer doesn't end in /, adding for discovery: {}", baseUrl); - baseUrl = baseUrl.concat("/"); - } - - signService.getAllSigningAlgsSupported(); - Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512); - Collection clientSymmetricAndAsymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512, - JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512, - JWSAlgorithm.ES256, JWSAlgorithm.ES384, JWSAlgorithm.ES512, - JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512); - Collection clientSymmetricAndAsymmetricSigningAlgsWithNone = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512, - JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512, - JWSAlgorithm.ES256, JWSAlgorithm.ES384, JWSAlgorithm.ES512, - JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512, - Algorithm.NONE); - ArrayList grantTypes = Lists.newArrayList("authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer", "client_credentials", "urn:ietf:params:oauth:grant_type:redelegate", "urn:ietf:params:oauth:grant-type:device_code","refresh_token"); - - Map m = new HashMap<>(); - m.put("issuer", config.getIssuer()); - m.put("authorization_endpoint", baseUrl + "authorize"); - m.put("token_endpoint", baseUrl + "token"); - m.put("userinfo_endpoint", baseUrl + UserInfoEndpoint.URL); - //check_session_iframe - m.put("end_session_endpoint", baseUrl + EndSessionEndpoint.URL); - m.put("jwks_uri", baseUrl + JWKSetPublishingEndpoint.URL); - m.put("registration_endpoint", baseUrl + DynamicClientRegistrationEndpoint.URL); - m.put("scopes_supported", scopeService.toStrings(scopeService.getUnrestricted())); // these are the scopes that you can dynamically register for, which is what matters for discovery - m.put("response_types_supported", Lists.newArrayList("code", "token")); // we don't support these yet: , "id_token", "id_token token")); - m.put("grant_types_supported", grantTypes); - //acr_values_supported - m.put("subject_types_supported", Lists.newArrayList("public", "pairwise")); - m.put("userinfo_signing_alg_values_supported", Collections2.transform(clientSymmetricAndAsymmetricSigningAlgs, toAlgorithmName)); - m.put("userinfo_encryption_alg_values_supported", Collections2.transform(encService.getAllEncryptionAlgsSupported(), toAlgorithmName)); - m.put("userinfo_encryption_enc_values_supported", Collections2.transform(encService.getAllEncryptionEncsSupported(), toAlgorithmName)); - m.put("id_token_signing_alg_values_supported", Collections2.transform(clientSymmetricAndAsymmetricSigningAlgsWithNone, toAlgorithmName)); - m.put("id_token_encryption_alg_values_supported", Collections2.transform(encService.getAllEncryptionAlgsSupported(), toAlgorithmName)); - m.put("id_token_encryption_enc_values_supported", Collections2.transform(encService.getAllEncryptionEncsSupported(), toAlgorithmName)); - m.put("request_object_signing_alg_values_supported", Collections2.transform(clientSymmetricAndAsymmetricSigningAlgs, toAlgorithmName)); - m.put("request_object_encryption_alg_values_supported", Collections2.transform(encService.getAllEncryptionAlgsSupported(), toAlgorithmName)); - m.put("request_object_encryption_enc_values_supported", Collections2.transform(encService.getAllEncryptionEncsSupported(), toAlgorithmName)); - m.put("token_endpoint_auth_methods_supported", Lists.newArrayList("client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt", "none")); - m.put("token_endpoint_auth_signing_alg_values_supported", Collections2.transform(clientSymmetricAndAsymmetricSigningAlgs, toAlgorithmName)); - //display_types_supported - m.put("claim_types_supported", Lists.newArrayList("normal" /*, "aggregated", "distributed"*/)); - m.put("claims_supported", Lists.newArrayList( - "sub", - "name", - "preferred_username", - "given_name", - "family_name", - "middle_name", - "nickname", - "profile", - "picture", - "website", - "gender", - "zoneinfo", - "locale", - "updated_at", - "birthdate", - "email", - "email_verified", - "phone_number", - "phone_number_verified", - "address" - )); - m.put("service_documentation", baseUrl + "about"); - //claims_locales_supported - //ui_locales_supported - m.put("claims_parameter_supported", false); - m.put("request_parameter_supported", true); - m.put("request_uri_parameter_supported", false); - m.put("require_request_uri_registration", false); - m.put("op_policy_uri", baseUrl + "about"); - m.put("op_tos_uri", baseUrl + "about"); - - m.put("introspection_endpoint", baseUrl + IntrospectionEndpoint.URL); // token introspection endpoint for verifying tokens - m.put("revocation_endpoint", baseUrl + RevocationEndpoint.URL); // token revocation endpoint - - m.put("code_challenge_methods_supported", Lists.newArrayList(PKCEAlgorithm.plain.getName(), PKCEAlgorithm.S256.getName())); - - m.put("device_authorization_endpoint", baseUrl + DeviceEndpoint.URL); - - model.addAttribute(JsonEntityView.ENTITY, m); - - return JsonEntityView.VIEWNAME; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/assertion/AssertionOAuth2RequestFactory.java b/openid-connect-server/src/main/java/org/mitre/oauth2/assertion/AssertionOAuth2RequestFactory.java deleted file mode 100644 index e8c9465ff3..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/assertion/AssertionOAuth2RequestFactory.java +++ /dev/null @@ -1,41 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.assertion; - -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.TokenRequest; - -import com.nimbusds.jwt.JWT; - -/** - * Take in an assertion and token request and generate an OAuth2Request from it, including scopes and other important components - * - * @author jricher - * - */ -public interface AssertionOAuth2RequestFactory { - - /** - * @param client - * @param tokenRequest - * @param assertion - * @return - */ - OAuth2Request createOAuth2Request(ClientDetails client, TokenRequest tokenRequest, JWT assertion); - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/assertion/impl/DirectCopyRequestFactory.java b/openid-connect-server/src/main/java/org/mitre/oauth2/assertion/impl/DirectCopyRequestFactory.java deleted file mode 100644 index 1b508dac4b..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/assertion/impl/DirectCopyRequestFactory.java +++ /dev/null @@ -1,62 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.assertion.impl; - -import java.text.ParseException; -import java.util.Set; - -import org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory; -import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.TokenRequest; - -import com.google.common.collect.Sets; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; - -/** - * Takes an assertion from a trusted source, looks for the fields: - * - * - scope, space-separated list of strings - * - aud, array of audience IDs - * - * @author jricher - * - */ -public class DirectCopyRequestFactory implements AssertionOAuth2RequestFactory { - - /* (non-Javadoc) - * @see org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory#createOAuth2Request(org.springframework.security.oauth2.provider.ClientDetails, org.springframework.security.oauth2.provider.TokenRequest, com.nimbusds.jwt.JWT) - */ - @Override - public OAuth2Request createOAuth2Request(ClientDetails client, TokenRequest tokenRequest, JWT assertion) { - - try { - JWTClaimsSet claims = assertion.getJWTClaimsSet(); - Set scope = OAuth2Utils.parseParameterList(claims.getStringClaim("scope")); - - Set resources = Sets.newHashSet(claims.getAudience()); - - return new OAuth2Request(tokenRequest.getRequestParameters(), client.getClientId(), client.getAuthorities(), true, scope, resources, null, null, null); - } catch (ParseException e) { - return null; - } - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/exception/AuthorizationPendingException.java b/openid-connect-server/src/main/java/org/mitre/oauth2/exception/AuthorizationPendingException.java deleted file mode 100644 index c98f95cfc0..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/exception/AuthorizationPendingException.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.exception; - -import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; - -/** - * @author jricher - * - */ -public class AuthorizationPendingException extends OAuth2Exception { - - /** - * @param msg - */ - public AuthorizationPendingException(String msg) { - super(msg); - } - - /** - * - */ - private static final long serialVersionUID = -7078098692596870940L; - - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.exceptions.OAuth2Exception#getOAuth2ErrorCode() - */ - @Override - public String getOAuth2ErrorCode() { - return "authorization_pending"; - } - - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DeviceCodeExpiredException.java b/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DeviceCodeExpiredException.java deleted file mode 100644 index 3194531f82..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DeviceCodeExpiredException.java +++ /dev/null @@ -1,47 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.exception; - -import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; - -/** - * @author jricher - * - */ -public class DeviceCodeExpiredException extends OAuth2Exception { - - /** - * @param msg - */ - public DeviceCodeExpiredException(String msg) { - super(msg); - } - - /** - * - */ - private static final long serialVersionUID = -7078098692596870940L; - - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.exceptions.OAuth2Exception#getOAuth2ErrorCode() - */ - @Override - public String getOAuth2ErrorCode() { - return "expired_token"; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DuplicateClientIdException.java b/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DuplicateClientIdException.java deleted file mode 100644 index 52e90477e1..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DuplicateClientIdException.java +++ /dev/null @@ -1,32 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.exception; - -public class DuplicateClientIdException extends RuntimeException { - - public DuplicateClientIdException(String clientId) { - super("Duplicate client id: " + clientId); - } - - /** - * - */ - private static final long serialVersionUID = 1L; - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java deleted file mode 100644 index 269db62171..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java +++ /dev/null @@ -1,85 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.repository.impl; - -import java.util.List; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.data.DefaultPageCriteria; -import org.mitre.data.PageCriteria; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.util.jpa.JpaUtil; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -@Repository -@Transactional(value="defaultTransactionManager") -public class JpaAuthenticationHolderRepository implements AuthenticationHolderRepository { - - private static final int MAXEXPIREDRESULTS = 1000; - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; - - @Override - public List getAll() { - TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_ALL, AuthenticationHolderEntity.class); - return query.getResultList(); - } - - @Override - public AuthenticationHolderEntity getById(Long id) { - return manager.find(AuthenticationHolderEntity.class, id); - } - - @Override - @Transactional(value="defaultTransactionManager") - public void remove(AuthenticationHolderEntity a) { - AuthenticationHolderEntity found = getById(a.getId()); - if (found != null) { - manager.remove(found); - } else { - throw new IllegalArgumentException("AuthenticationHolderEntity not found: " + a); - } - } - - @Override - @Transactional(value="defaultTransactionManager") - public AuthenticationHolderEntity save(AuthenticationHolderEntity a) { - return JpaUtil.saveOrUpdate(a.getId(), manager, a); - } - - @Override - @Transactional(value="defaultTransactionManager") - public List getOrphanedAuthenticationHolders() { - DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0,MAXEXPIREDRESULTS); - return getOrphanedAuthenticationHolders(pageCriteria); - } - - @Override - @Transactional(value="defaultTransactionManager") - public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria) { - TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class); - return JpaUtil.getResultPage(query, pageCriteria); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java deleted file mode 100644 index ad7788b6c0..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java +++ /dev/null @@ -1,105 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.repository.impl; - -import java.util.Collection; -import java.util.Date; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.data.PageCriteria; -import org.mitre.oauth2.model.AuthorizationCodeEntity; -import org.mitre.oauth2.repository.AuthorizationCodeRepository; -import org.mitre.util.jpa.JpaUtil; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * JPA AuthorizationCodeRepository implementation. - * - * @author aanganes - * - */ -@Repository -@Transactional(value="defaultTransactionManager") -public class JpaAuthorizationCodeRepository implements AuthorizationCodeRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - EntityManager manager; - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#save(org.mitre.oauth2.model.AuthorizationCodeEntity) - */ - @Override - @Transactional(value="defaultTransactionManager") - public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode) { - - return JpaUtil.saveOrUpdate(authorizationCode.getId(), manager, authorizationCode); - - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getByCode(java.lang.String) - */ - @Override - @Transactional(value="defaultTransactionManager") - public AuthorizationCodeEntity getByCode(String code) { - TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_BY_VALUE, AuthorizationCodeEntity.class); - query.setParameter("code", code); - - AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList()); - return result; - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#remove(org.mitre.oauth2.model.AuthorizationCodeEntity) - */ - @Override - public void remove(AuthorizationCodeEntity authorizationCodeEntity) { - AuthorizationCodeEntity found = manager.find(AuthorizationCodeEntity.class, authorizationCodeEntity.getId()); - if (found != null) { - manager.remove(found); - } - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getExpiredCodes() - */ - @Override - public Collection getExpiredCodes() { - TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class); - query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired - return query.getResultList(); - } - - - @Override - public Collection getExpiredCodes(PageCriteria pageCriteria) { - TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class); - query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired - return JpaUtil.getResultPage(query, pageCriteria); - } - - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaDeviceCodeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaDeviceCodeRepository.java deleted file mode 100644 index 65b1f03b2f..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaDeviceCodeRepository.java +++ /dev/null @@ -1,106 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.repository.impl; - -import static org.mitre.util.jpa.JpaUtil.getSingleResult; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - -import java.util.Collection; -import java.util.Date; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.oauth2.model.DeviceCode; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * @author jricher - * - */ -@Repository("jpaDeviceCodeRepository") -public class JpaDeviceCodeRepository implements DeviceCodeRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager em; - - /* (non-Javadoc) - */ - @Override - @Transactional(value="defaultTransactionManager") - public DeviceCode getById(Long id) { - return em.find(DeviceCode.class, id); - } - - /* (non-Javadoc) - */ - @Override - @Transactional(value="defaultTransactionManager") - public DeviceCode getByUserCode(String value) { - TypedQuery query = em.createNamedQuery(DeviceCode.QUERY_BY_USER_CODE, DeviceCode.class); - query.setParameter(DeviceCode.PARAM_USER_CODE, value); - return getSingleResult(query.getResultList()); - } - - /* (non-Javadoc) - */ - @Override - @Transactional(value="defaultTransactionManager") - public DeviceCode getByDeviceCode(String value) { - TypedQuery query = em.createNamedQuery(DeviceCode.QUERY_BY_DEVICE_CODE, DeviceCode.class); - query.setParameter(DeviceCode.PARAM_DEVICE_CODE, value); - return getSingleResult(query.getResultList()); - } - - /* (non-Javadoc) - */ - @Override - @Transactional(value="defaultTransactionManager") - public void remove(DeviceCode scope) { - DeviceCode found = getById(scope.getId()); - - if (found != null) { - em.remove(found); - } - - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.SystemScopeRepository#save(org.mitre.oauth2.model.SystemScope) - */ - @Override - @Transactional(value="defaultTransactionManager") - public DeviceCode save(DeviceCode scope) { - return saveOrUpdate(scope.getId(), em, scope); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.impl.DeviceCodeRepository#getExpiredCodes() - */ - @Override - @Transactional(value="defaultTransactionManager") - public Collection getExpiredCodes() { - TypedQuery query = em.createNamedQuery(DeviceCode.QUERY_EXPIRED_BY_DATE, DeviceCode.class); - query.setParameter(DeviceCode.PARAM_DATE, new Date()); - return query.getResultList(); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java deleted file mode 100644 index 58c0bf196f..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java +++ /dev/null @@ -1,101 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.repository.impl; - -import java.util.Collection; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.util.jpa.JpaUtil; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * @author jricher - * - */ -@Repository -@Transactional(value="defaultTransactionManager") -public class JpaOAuth2ClientRepository implements OAuth2ClientRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; - - public JpaOAuth2ClientRepository() { - - } - - public JpaOAuth2ClientRepository(EntityManager manager) { - this.manager = manager; - } - - @Override - public ClientDetailsEntity getById(Long id) { - return manager.find(ClientDetailsEntity.class, id); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.OAuth2ClientRepository#getClientById(java.lang.String) - */ - @Override - public ClientDetailsEntity getClientByClientId(String clientId) { - TypedQuery query = manager.createNamedQuery(ClientDetailsEntity.QUERY_BY_CLIENT_ID, ClientDetailsEntity.class); - query.setParameter(ClientDetailsEntity.PARAM_CLIENT_ID, clientId); - return JpaUtil.getSingleResult(query.getResultList()); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.OAuth2ClientRepository#saveClient(org.mitre.oauth2.model.ClientDetailsEntity) - */ - @Override - public ClientDetailsEntity saveClient(ClientDetailsEntity client) { - return JpaUtil.saveOrUpdate(client.getClientId(), manager, client); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.OAuth2ClientRepository#deleteClient(org.mitre.oauth2.model.ClientDetailsEntity) - */ - @Override - public void deleteClient(ClientDetailsEntity client) { - ClientDetailsEntity found = getById(client.getId()); - if (found != null) { - manager.remove(found); - } else { - throw new IllegalArgumentException("Client not found: " + client); - } - } - - @Override - public ClientDetailsEntity updateClient(Long id, ClientDetailsEntity client) { - // sanity check - client.setId(id); - - return JpaUtil.saveOrUpdate(id, manager, client); - } - - @Override - public Collection getAllClients() { - TypedQuery query = manager.createNamedQuery(ClientDetailsEntity.QUERY_ALL, ClientDetailsEntity.class); - return query.getResultList(); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java deleted file mode 100644 index 718a233572..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java +++ /dev/null @@ -1,288 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.repository.impl; - -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Date; -import java.util.HashSet; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Set; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.Query; -import javax.persistence.TypedQuery; -import javax.persistence.criteria.CriteriaBuilder; -import javax.persistence.criteria.CriteriaDelete; -import javax.persistence.criteria.Root; - -import org.mitre.data.DefaultPageCriteria; -import org.mitre.data.PageCriteria; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.uma.model.ResourceSet; -import org.mitre.util.jpa.JpaUtil; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTParser; - -@Repository -public class JpaOAuth2TokenRepository implements OAuth2TokenRepository { - - private static final int MAXEXPIREDRESULTS = 1000; - - private static final Logger logger = LoggerFactory.getLogger(JpaOAuth2TokenRepository.class); - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; - - @Override - public Set getAllAccessTokens() { - TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_ALL, OAuth2AccessTokenEntity.class); - return new LinkedHashSet<>(query.getResultList()); - } - - @Override - public Set getAllRefreshTokens() { - TypedQuery query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_ALL, OAuth2RefreshTokenEntity.class); - return new LinkedHashSet<>(query.getResultList()); - } - - - @Override - public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) { - try { - JWT jwt = JWTParser.parse(accessTokenValue); - TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, OAuth2AccessTokenEntity.class); - query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE, jwt); - return JpaUtil.getSingleResult(query.getResultList()); - } catch (ParseException e) { - return null; - } - } - - @Override - public OAuth2AccessTokenEntity getAccessTokenById(Long id) { - return manager.find(OAuth2AccessTokenEntity.class, id); - } - - @Override - @Transactional(value="defaultTransactionManager") - public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity token) { - return JpaUtil.saveOrUpdate(token.getId(), manager, token); - } - - @Override - @Transactional(value="defaultTransactionManager") - public void removeAccessToken(OAuth2AccessTokenEntity accessToken) { - OAuth2AccessTokenEntity found = getAccessTokenById(accessToken.getId()); - if (found != null) { - manager.remove(found); - } else { - throw new IllegalArgumentException("Access token not found: " + accessToken); - } - } - - @Override - @Transactional(value="defaultTransactionManager") - public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken) { - TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, OAuth2AccessTokenEntity.class); - query.setParameter(OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN, refreshToken); - List accessTokens = query.getResultList(); - for (OAuth2AccessTokenEntity accessToken : accessTokens) { - removeAccessToken(accessToken); - } - } - - @Override - public OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue) { - try { - JWT jwt = JWTParser.parse(refreshTokenValue); - TypedQuery query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, OAuth2RefreshTokenEntity.class); - query.setParameter(OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE, jwt); - return JpaUtil.getSingleResult(query.getResultList()); - } catch (ParseException e) { - return null; - } - } - - @Override - public OAuth2RefreshTokenEntity getRefreshTokenById(Long id) { - return manager.find(OAuth2RefreshTokenEntity.class, id); - } - - @Override - @Transactional(value="defaultTransactionManager") - public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken) { - return JpaUtil.saveOrUpdate(refreshToken.getId(), manager, refreshToken); - } - - @Override - @Transactional(value="defaultTransactionManager") - public void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken) { - OAuth2RefreshTokenEntity found = getRefreshTokenById(refreshToken.getId()); - if (found != null) { - manager.remove(found); - } else { - throw new IllegalArgumentException("Refresh token not found: " + refreshToken); - } - } - - @Override - @Transactional(value="defaultTransactionManager") - public void clearTokensForClient(ClientDetailsEntity client) { - TypedQuery queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_CLIENT, OAuth2AccessTokenEntity.class); - queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client); - List accessTokens = queryA.getResultList(); - for (OAuth2AccessTokenEntity accessToken : accessTokens) { - removeAccessToken(accessToken); - } - TypedQuery queryR = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, OAuth2RefreshTokenEntity.class); - queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client); - List refreshTokens = queryR.getResultList(); - for (OAuth2RefreshTokenEntity refreshToken : refreshTokens) { - removeRefreshToken(refreshToken); - } - } - - @Override - public List getAccessTokensForClient(ClientDetailsEntity client) { - TypedQuery queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_CLIENT, OAuth2AccessTokenEntity.class); - queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client); - List accessTokens = queryA.getResultList(); - return accessTokens; - } - - @Override - public List getRefreshTokensForClient(ClientDetailsEntity client) { - TypedQuery queryR = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, OAuth2RefreshTokenEntity.class); - queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client); - List refreshTokens = queryR.getResultList(); - return refreshTokens; - } - - @Override - public Set getAccessTokensByUserName(String name) { - TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_NAME, OAuth2AccessTokenEntity.class); - query.setParameter(OAuth2AccessTokenEntity.PARAM_NAME, name); - List results = query.getResultList(); - return results != null ? new HashSet<>(results) : new HashSet<>(); - } - - @Override - public Set getRefreshTokensByUserName(String name) { - TypedQuery query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_NAME, OAuth2RefreshTokenEntity.class); - query.setParameter(OAuth2RefreshTokenEntity.PARAM_NAME, name); - List results = query.getResultList(); - return results != null ? new HashSet<>(results) : new HashSet<>(); - } - - @Override - public Set getAllExpiredAccessTokens() { - DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS); - return getAllExpiredAccessTokens(pageCriteria); - } - - @Override - public Set getAllExpiredAccessTokens(PageCriteria pageCriteria) { - TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2AccessTokenEntity.class); - query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date()); - return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria)); - } - - @Override - public Set getAllExpiredRefreshTokens() { - DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS); - return getAllExpiredRefreshTokens(pageCriteria); - } - - @Override - public Set getAllExpiredRefreshTokens(PageCriteria pageCriteria) { - TypedQuery query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2RefreshTokenEntity.class); - query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date()); - return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria)); - } - - @Override - public Set getAccessTokensForResourceSet(ResourceSet rs) { - TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, OAuth2AccessTokenEntity.class); - query.setParameter(OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID, rs.getId()); - return new LinkedHashSet<>(query.getResultList()); - } - - @Override - @Transactional(value="defaultTransactionManager") - public void clearDuplicateAccessTokens() { - Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2AccessTokenEntity a GROUP BY a.jwt HAVING count(1) > 1"); - @SuppressWarnings("unchecked") - List resultList = query.getResultList(); - List values = new ArrayList<>(); - for (Object[] r : resultList) { - logger.warn("Found duplicate access tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]); - values.add((JWT) r[0]); - } - if (values.size() > 0) { - CriteriaBuilder cb = manager.getCriteriaBuilder(); - CriteriaDelete criteriaDelete = cb.createCriteriaDelete(OAuth2AccessTokenEntity.class); - Root root = criteriaDelete.from(OAuth2AccessTokenEntity.class); - criteriaDelete.where(root.get("jwt").in(values)); - int result = manager.createQuery(criteriaDelete).executeUpdate(); - logger.warn("Deleted {} duplicate access tokens", result); - } - } - - @Override - @Transactional(value="defaultTransactionManager") - public void clearDuplicateRefreshTokens() { - Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2RefreshTokenEntity a GROUP BY a.jwt HAVING count(1) > 1"); - @SuppressWarnings("unchecked") - List resultList = query.getResultList(); - List values = new ArrayList<>(); - for (Object[] r : resultList) { - logger.warn("Found duplicate refresh tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]); - values.add((JWT) r[0]); - } - if (values.size() > 0) { - CriteriaBuilder cb = manager.getCriteriaBuilder(); - CriteriaDelete criteriaDelete = cb.createCriteriaDelete(OAuth2RefreshTokenEntity.class); - Root root = criteriaDelete.from(OAuth2RefreshTokenEntity.class); - criteriaDelete.where(root.get("jwt").in(values)); - int result = manager.createQuery(criteriaDelete).executeUpdate(); - logger.warn("Deleted {} duplicate refresh tokens", result); - } - - } - - @Override - public List getAccessTokensForApprovedSite(ApprovedSite approvedSite) { - TypedQuery queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, OAuth2AccessTokenEntity.class); - queryA.setParameter(OAuth2AccessTokenEntity.PARAM_APPROVED_SITE, approvedSite); - List accessTokens = queryA.getResultList(); - return accessTokens; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java deleted file mode 100644 index f646b57243..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java +++ /dev/null @@ -1,102 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.repository.impl; - -import static org.mitre.util.jpa.JpaUtil.getSingleResult; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - -import java.util.LinkedHashSet; -import java.util.Set; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * @author jricher - * - */ -@Repository("jpaSystemScopeRepository") -public class JpaSystemScopeRepository implements SystemScopeRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager em; - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.SystemScopeRepository#getAll() - */ - @Override - @Transactional(value="defaultTransactionManager") - public Set getAll() { - TypedQuery query = em.createNamedQuery(SystemScope.QUERY_ALL, SystemScope.class); - - return new LinkedHashSet<>(query.getResultList()); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.SystemScopeRepository#getById(java.lang.Long) - */ - @Override - @Transactional(value="defaultTransactionManager") - public SystemScope getById(Long id) { - return em.find(SystemScope.class, id); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.SystemScopeRepository#getByValue(java.lang.String) - */ - @Override - @Transactional(value="defaultTransactionManager") - public SystemScope getByValue(String value) { - TypedQuery query = em.createNamedQuery(SystemScope.QUERY_BY_VALUE, SystemScope.class); - query.setParameter(SystemScope.PARAM_VALUE, value); - return getSingleResult(query.getResultList()); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.SystemScopeRepository#remove(org.mitre.oauth2.model.SystemScope) - */ - @Override - @Transactional(value="defaultTransactionManager") - public void remove(SystemScope scope) { - SystemScope found = getById(scope.getId()); - - if (found != null) { - em.remove(found); - } - - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.SystemScopeRepository#save(org.mitre.oauth2.model.SystemScope) - */ - @Override - @Transactional(value="defaultTransactionManager") - public SystemScope save(SystemScope scope) { - return saveOrUpdate(scope.getId(), em, scope); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java deleted file mode 100644 index fc45ed20b9..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java +++ /dev/null @@ -1,105 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.service.impl; - -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.service.BlacklistedSiteService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; -import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver; -import org.springframework.stereotype.Component; - -import com.google.common.base.Strings; - -/** - * - * A redirect resolver that knows how to check against the blacklisted URIs - * for forbidden values. Can be configured to do strict string matching also. - * - * @author jricher - * - */ -@Component("blacklistAwareRedirectResolver") -public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver { - - @Autowired - private BlacklistedSiteService blacklistService; - - @Autowired - private ConfigurationPropertiesBean config; - - private boolean strictMatch = true; - - /* (non-Javadoc) - * @see org.springframework.security.oauth2.provider.endpoint.RedirectResolver#resolveRedirect(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails) - */ - @Override - public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception { - String redirect = super.resolveRedirect(requestedRedirect, client); - if (blacklistService.isBlacklisted(redirect)) { - // don't let it go through - throw new InvalidRequestException("The supplied redirect_uri is not allowed on this server."); - } else { - // not blacklisted, passed the parent test, we're fine - return redirect; - } - } - - /* (non-Javadoc) - * @see org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver#redirectMatches(java.lang.String, java.lang.String) - */ - @Override - protected boolean redirectMatches(String requestedRedirect, String redirectUri) { - - if (isStrictMatch()) { - // we're doing a strict string match for all clients - return Strings.nullToEmpty(requestedRedirect).equals(redirectUri); - } else { - // otherwise do the prefix-match from the library - return super.redirectMatches(requestedRedirect, redirectUri); - } - - } - - /** - * @return the strictMatch - */ - public boolean isStrictMatch() { - if (config.isHeartMode()) { - // HEART mode enforces strict matching - return true; - } else { - return strictMatch; - } - } - - /** - * Set this to true to require exact string matches for all redirect URIs. (Default is false) - * - * @param strictMatch the strictMatch to set - */ - public void setStrictMatch(boolean strictMatch) { - this.strictMatch = strictMatch; - } - - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java deleted file mode 100644 index 29f4ec8d22..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java +++ /dev/null @@ -1,157 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.service.impl; - -import java.util.Collection; -import java.util.Date; -import java.util.Map; -import java.util.Set; -import java.util.UUID; - -import org.mitre.data.AbstractPageOperationTemplate; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.DeviceCode; -import org.mitre.oauth2.repository.impl.DeviceCodeRepository; -import org.mitre.oauth2.service.DeviceCodeService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -/** - * @author jricher - * - */ -@Service("defaultDeviceCodeService") -public class DefaultDeviceCodeService implements DeviceCodeService { - - @Autowired - private DeviceCodeRepository repository; - - private RandomValueStringGenerator randomGenerator = new RandomValueStringGenerator(); - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.DeviceCodeService#save(org.mitre.oauth2.model.DeviceCode) - */ - @Override - public DeviceCode createNewDeviceCode(Set requestedScopes, ClientDetailsEntity client, Map parameters) { - - // create a device code, should be big and random - String deviceCode = UUID.randomUUID().toString(); - - // create a user code, should be random but small and typable, and always uppercase (lookup is case insensitive) - String userCode = randomGenerator.generate().toUpperCase(); - - DeviceCode dc = new DeviceCode(deviceCode, userCode, requestedScopes, client.getClientId(), parameters); - - if (client.getDeviceCodeValiditySeconds() != null) { - dc.setExpiration(new Date(System.currentTimeMillis() + client.getDeviceCodeValiditySeconds() * 1000L)); - } - - dc.setApproved(false); - - return repository.save(dc); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.DeviceCodeService#lookUpByUserCode(java.lang.String) - */ - @Override - public DeviceCode lookUpByUserCode(String userCode) { - // always up-case the code for lookup - return repository.getByUserCode(userCode.toUpperCase()); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.DeviceCodeService#approveDeviceCode(org.mitre.oauth2.model.DeviceCode) - */ - @Override - public DeviceCode approveDeviceCode(DeviceCode dc, OAuth2Authentication auth) { - DeviceCode found = repository.getById(dc.getId()); - - found.setApproved(true); - - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setAuthentication(auth); - - found.setAuthenticationHolder(authHolder); - - return repository.save(found); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.DeviceCodeService#consumeDeviceCode(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails) - */ - @Override - public DeviceCode findDeviceCode(String deviceCode, ClientDetails client) { - DeviceCode found = repository.getByDeviceCode(deviceCode); - - if (found != null) { - if (found.getClientId().equals(client.getClientId())) { - // make sure the client matches, if so, we're good - return found; - } else { - // if the clients don't match, pretend the code wasn't found - return null; - } - } else { - // didn't find the code, return null - return null; - } - - } - - - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.DeviceCodeService#clearExpiredDeviceCodes() - */ - @Override - @Transactional(value="defaultTransactionManager") - public void clearExpiredDeviceCodes() { - - new AbstractPageOperationTemplate("clearExpiredDeviceCodes"){ - @Override - public Collection fetchPage() { - return repository.getExpiredCodes(); - } - - @Override - protected void doOperation(DeviceCode item) { - repository.remove(item); - } - }.execute(); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.DeviceCodeService#clearDeviceCode(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails) - */ - @Override - public void clearDeviceCode(String deviceCode, ClientDetails client) { - DeviceCode found = findDeviceCode(deviceCode, client); - - if (found != null) { - // make sure it's not used twice - repository.remove(found); - } - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java deleted file mode 100644 index ea36949fb6..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java +++ /dev/null @@ -1,143 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service.impl; - -import static com.google.common.collect.Maps.newLinkedHashMap; - -import java.text.ParseException; -import java.util.Map; -import java.util.Set; - -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.service.IntrospectionResultAssembler; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.uma.model.Permission; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.stereotype.Service; - -import com.google.common.base.Joiner; -import com.google.common.collect.Sets; - -/** - * Default implementation of the {@link IntrospectionResultAssembler} interface. - */ -@Service -public class DefaultIntrospectionResultAssembler implements IntrospectionResultAssembler { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(DefaultIntrospectionResultAssembler.class); - - @Override - public Map assembleFrom(OAuth2AccessTokenEntity accessToken, UserInfo userInfo, Set authScopes) { - - Map result = newLinkedHashMap(); - OAuth2Authentication authentication = accessToken.getAuthenticationHolder().getAuthentication(); - - result.put(ACTIVE, true); - - if (accessToken.getPermissions() != null && !accessToken.getPermissions().isEmpty()) { - - Set permissions = Sets.newHashSet(); - - for (Permission perm : accessToken.getPermissions()) { - Map o = newLinkedHashMap(); - o.put("resource_set_id", perm.getResourceSet().getId().toString()); - Set scopes = Sets.newHashSet(perm.getScopes()); - o.put("scopes", scopes); - permissions.add(o); - } - - result.put("permissions", permissions); - - } else { - Set scopes = Sets.intersection(authScopes, accessToken.getScope()); - - result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes)); - - } - - if (accessToken.getExpiration() != null) { - try { - result.put(EXPIRES_AT, dateFormat.valueToString(accessToken.getExpiration())); - result.put(EXP, accessToken.getExpiration().getTime() / 1000L); - } catch (ParseException e) { - logger.error("Parse exception in token introspection", e); - } - } - - if (userInfo != null) { - // if we have a UserInfo, use that for the subject - result.put(SUB, userInfo.getSub()); - } else { - // otherwise, use the authentication's username - result.put(SUB, authentication.getName()); - } - - if(authentication.getUserAuthentication() != null) { - result.put(USER_ID, authentication.getUserAuthentication().getName()); - } - - result.put(CLIENT_ID, authentication.getOAuth2Request().getClientId()); - - result.put(TOKEN_TYPE, accessToken.getTokenType()); - - return result; - } - - @Override - public Map assembleFrom(OAuth2RefreshTokenEntity refreshToken, UserInfo userInfo, Set authScopes) { - - Map result = newLinkedHashMap(); - OAuth2Authentication authentication = refreshToken.getAuthenticationHolder().getAuthentication(); - - result.put(ACTIVE, true); - - Set scopes = Sets.intersection(authScopes, authentication.getOAuth2Request().getScope()); - - result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes)); - - if (refreshToken.getExpiration() != null) { - try { - result.put(EXPIRES_AT, dateFormat.valueToString(refreshToken.getExpiration())); - result.put(EXP, refreshToken.getExpiration().getTime() / 1000L); - } catch (ParseException e) { - logger.error("Parse exception in token introspection", e); - } - } - - - if (userInfo != null) { - // if we have a UserInfo, use that for the subject - result.put(SUB, userInfo.getSub()); - } else { - // otherwise, use the authentication's username - result.put(SUB, authentication.getName()); - } - - if(authentication.getUserAuthentication() != null) { - result.put(USER_ID, authentication.getUserAuthentication().getName()); - } - - result.put(CLIENT_ID, authentication.getOAuth2Request().getClientId()); - - return result; - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java deleted file mode 100644 index b062a1a4ae..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java +++ /dev/null @@ -1,162 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.service.impl; - -import java.util.Collection; -import java.util.Date; - -import org.mitre.data.AbstractPageOperationTemplate; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.AuthorizationCodeEntity; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.AuthorizationCodeRepository; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; -import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -/** - * Database-backed, random-value authorization code service implementation. - * - * @author aanganes - * - */ -@Service("defaultOAuth2AuthorizationCodeService") -public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeServices { - // Logger for this class - private static final Logger logger = LoggerFactory.getLogger(DefaultOAuth2AuthorizationCodeService.class); - - @Autowired - private AuthorizationCodeRepository repository; - - @Autowired - private AuthenticationHolderRepository authenticationHolderRepository; - - private int authCodeExpirationSeconds = 60 * 5; // expire in 5 minutes by default - - private RandomValueStringGenerator generator = new RandomValueStringGenerator(22); - - /** - * Generate a random authorization code and create an AuthorizationCodeEntity, - * which will be stored in the repository. - * - * @param authentication the authentication of the current user, to be retrieved when the - * code is consumed - * @return the authorization code - */ - @Override - @Transactional(value="defaultTransactionManager") - public String createAuthorizationCode(OAuth2Authentication authentication) { - String code = generator.generate(); - - // attach the authorization so that we can look it up later - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setAuthentication(authentication); - authHolder = authenticationHolderRepository.save(authHolder); - - // set the auth code to expire - Date expiration = new Date(System.currentTimeMillis() + (getAuthCodeExpirationSeconds() * 1000L)); - - AuthorizationCodeEntity entity = new AuthorizationCodeEntity(code, authHolder, expiration); - repository.save(entity); - - return code; - } - - /** - * Consume a given authorization code. - * Match the provided string to an AuthorizationCodeEntity. If one is found, return - * the authentication associated with the code. If one is not found, throw an - * InvalidGrantException. - * - * @param code the authorization code - * @return the authentication that made the original request - * @throws InvalidGrantException, if an AuthorizationCodeEntity is not found with the given value - */ - @Override - public OAuth2Authentication consumeAuthorizationCode(String code) throws InvalidGrantException { - - AuthorizationCodeEntity result = repository.getByCode(code); - - if (result == null) { - throw new InvalidGrantException("JpaAuthorizationCodeRepository: no authorization code found for value " + code); - } - - OAuth2Authentication auth = result.getAuthenticationHolder().getAuthentication(); - - repository.remove(result); - - return auth; - } - - /** - * Find and remove all expired auth codes. - */ - @Transactional(value="defaultTransactionManager") - public void clearExpiredAuthorizationCodes() { - - new AbstractPageOperationTemplate("clearExpiredAuthorizationCodes"){ - @Override - public Collection fetchPage() { - return repository.getExpiredCodes(); - } - - @Override - protected void doOperation(AuthorizationCodeEntity item) { - repository.remove(item); - } - }.execute(); - } - - /** - * @return the repository - */ - public AuthorizationCodeRepository getRepository() { - return repository; - } - - /** - * @param repository the repository to set - */ - public void setRepository(AuthorizationCodeRepository repository) { - this.repository = repository; - } - - /** - * @return the authCodeExpirationSeconds - */ - public int getAuthCodeExpirationSeconds() { - return authCodeExpirationSeconds; - } - - /** - * @param authCodeExpirationSeconds the authCodeExpirationSeconds to set - */ - public void setAuthCodeExpirationSeconds(int authCodeExpirationSeconds) { - this.authCodeExpirationSeconds = authCodeExpirationSeconds; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java deleted file mode 100644 index 3416b84ea1..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java +++ /dev/null @@ -1,509 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service.impl; - -import java.math.BigInteger; -import java.security.SecureRandom; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.List; -import java.util.Set; -import java.util.UUID; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.TimeUnit; - -import org.apache.commons.codec.binary.Base64; -import org.apache.http.client.HttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.service.ApprovedSiteService; -import org.mitre.openid.connect.service.BlacklistedSiteService; -import org.mitre.openid.connect.service.StatsService; -import org.mitre.openid.connect.service.WhitelistedSiteService; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.service.ResourceSetService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; -import org.springframework.stereotype.Service; -import org.springframework.web.client.RestTemplate; -import org.springframework.web.util.UriComponents; -import org.springframework.web.util.UriComponentsBuilder; - -import com.google.common.base.Strings; -import com.google.common.cache.CacheBuilder; -import com.google.common.cache.CacheLoader; -import com.google.common.cache.LoadingCache; -import com.google.common.util.concurrent.UncheckedExecutionException; -import com.google.gson.JsonElement; -import com.google.gson.JsonParser; - -@Service -public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEntityService { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(DefaultOAuth2ClientDetailsEntityService.class); - - @Autowired - private OAuth2ClientRepository clientRepository; - - @Autowired - private OAuth2TokenRepository tokenRepository; - - @Autowired - private ApprovedSiteService approvedSiteService; - - @Autowired - private WhitelistedSiteService whitelistedSiteService; - - @Autowired - private BlacklistedSiteService blacklistedSiteService; - - @Autowired - private SystemScopeService scopeService; - - @Autowired - private StatsService statsService; - - @Autowired - private ResourceSetService resourceSetService; - - @Autowired - private ConfigurationPropertiesBean config; - - // map of sector URI -> list of redirect URIs - private LoadingCache> sectorRedirects = CacheBuilder.newBuilder() - .expireAfterAccess(1, TimeUnit.HOURS) - .maximumSize(100) - .build(new SectorIdentifierLoader(HttpClientBuilder.create().useSystemProperties().build())); - - @Override - public ClientDetailsEntity saveNewClient(ClientDetailsEntity client) { - if (client.getId() != null) { // if it's not null, it's already been saved, this is an error - throw new IllegalArgumentException("Tried to save a new client with an existing ID: " + client.getId()); - } - - if (client.getRegisteredRedirectUri() != null) { - for (String uri : client.getRegisteredRedirectUri()) { - if (blacklistedSiteService.isBlacklisted(uri)) { - throw new IllegalArgumentException("Client URI is blacklisted: " + uri); - } - } - } - - // assign a random clientid if it's empty - // NOTE: don't assign a random client secret without asking, since public clients have no secret - if (Strings.isNullOrEmpty(client.getClientId())) { - client = generateClientId(client); - } - - // make sure that clients with the "refresh_token" grant type have the "offline_access" scope, and vice versa - ensureRefreshTokenConsistency(client); - - // make sure we don't have both a JWKS and a JWKS URI - ensureKeyConsistency(client); - - // check consistency when using HEART mode - checkHeartMode(client); - - // timestamp this to right now - client.setCreatedAt(new Date()); - - - // check the sector URI - checkSectorIdentifierUri(client); - - - ensureNoReservedScopes(client); - - ClientDetailsEntity c = clientRepository.saveClient(client); - - statsService.resetCache(); - - return c; - } - - /** - * Make sure the client has only one type of key registered - * @param client - */ - private void ensureKeyConsistency(ClientDetailsEntity client) { - if (client.getJwksUri() != null && client.getJwks() != null) { - // a client can only have one key type or the other, not both - throw new IllegalArgumentException("A client cannot have both JWKS URI and JWKS value"); - } - } - - /** - * Make sure the client doesn't request any system reserved scopes - */ - private void ensureNoReservedScopes(ClientDetailsEntity client) { - // make sure a client doesn't get any special system scopes - Set requestedScope = scopeService.fromStrings(client.getScope()); - - requestedScope = scopeService.removeReservedScopes(requestedScope); - - client.setScope(scopeService.toStrings(requestedScope)); - } - - /** - * Load the sector identifier URI if it exists and check the redirect URIs against it - * @param client - */ - private void checkSectorIdentifierUri(ClientDetailsEntity client) { - if (!Strings.isNullOrEmpty(client.getSectorIdentifierUri())) { - try { - List redirects = sectorRedirects.get(client.getSectorIdentifierUri()); - - if (client.getRegisteredRedirectUri() != null) { - for (String uri : client.getRegisteredRedirectUri()) { - if (!redirects.contains(uri)) { - throw new IllegalArgumentException("Requested Redirect URI " + uri + " is not listed at sector identifier " + redirects); - } - } - } - - } catch (UncheckedExecutionException | ExecutionException e) { - throw new IllegalArgumentException("Unable to load sector identifier URI " + client.getSectorIdentifierUri() + ": " + e.getMessage()); - } - } - } - - /** - * Make sure the client has the appropriate scope and grant type. - * @param client - */ - private void ensureRefreshTokenConsistency(ClientDetailsEntity client) { - if (client.getAuthorizedGrantTypes().contains("refresh_token") - || client.getScope().contains(SystemScopeService.OFFLINE_ACCESS)) { - client.getScope().add(SystemScopeService.OFFLINE_ACCESS); - client.getAuthorizedGrantTypes().add("refresh_token"); - } - } - - /** - * If HEART mode is enabled, make sure the client meets the requirements: - * - Only one of authorization_code, implicit, or client_credentials can be used at a time - * - A redirect_uri must be registered with either authorization_code or implicit - * - A key must be registered - * - A client secret must not be generated - * - authorization_code and client_credentials must use the private_key authorization method - * @param client - */ - private void checkHeartMode(ClientDetailsEntity client) { - if (config.isHeartMode()) { - if (client.getGrantTypes().contains("authorization_code")) { - // make sure we don't have incompatible grant types - if (client.getGrantTypes().contains("implicit") || client.getGrantTypes().contains("client_credentials")) { - throw new IllegalArgumentException("[HEART mode] Incompatible grant types"); - } - - // make sure we've got the right authentication method - if (client.getTokenEndpointAuthMethod() == null || !client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) { - throw new IllegalArgumentException("[HEART mode] Authorization code clients must use the private_key authentication method"); - } - - // make sure we've got a redirect URI - if (client.getRedirectUris().isEmpty()) { - throw new IllegalArgumentException("[HEART mode] Authorization code clients must register at least one redirect URI"); - } - } - - if (client.getGrantTypes().contains("implicit")) { - // make sure we don't have incompatible grant types - if (client.getGrantTypes().contains("authorization_code") || client.getGrantTypes().contains("client_credentials") || client.getGrantTypes().contains("refresh_token")) { - throw new IllegalArgumentException("[HEART mode] Incompatible grant types"); - } - - // make sure we've got the right authentication method - if (client.getTokenEndpointAuthMethod() == null || !client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) { - throw new IllegalArgumentException("[HEART mode] Implicit clients must use the none authentication method"); - } - - // make sure we've got a redirect URI - if (client.getRedirectUris().isEmpty()) { - throw new IllegalArgumentException("[HEART mode] Implicit clients must register at least one redirect URI"); - } - } - - if (client.getGrantTypes().contains("client_credentials")) { - // make sure we don't have incompatible grant types - if (client.getGrantTypes().contains("authorization_code") || client.getGrantTypes().contains("implicit") || client.getGrantTypes().contains("refresh_token")) { - throw new IllegalArgumentException("[HEART mode] Incompatible grant types"); - } - - // make sure we've got the right authentication method - if (client.getTokenEndpointAuthMethod() == null || !client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) { - throw new IllegalArgumentException("[HEART mode] Client credentials clients must use the private_key authentication method"); - } - - // make sure we've got a redirect URI - if (!client.getRedirectUris().isEmpty()) { - throw new IllegalArgumentException("[HEART mode] Client credentials clients must not register a redirect URI"); - } - - } - - if (client.getGrantTypes().contains("password")) { - throw new IllegalArgumentException("[HEART mode] Password grant type is forbidden"); - } - - // make sure we don't have a client secret - if (!Strings.isNullOrEmpty(client.getClientSecret())) { - throw new IllegalArgumentException("[HEART mode] Client secrets are not allowed"); - } - - // make sure we've got a key registered - if (client.getJwks() == null && Strings.isNullOrEmpty(client.getJwksUri())) { - throw new IllegalArgumentException("[HEART mode] All clients must have a key registered"); - } - - // make sure our redirect URIs each fit one of the allowed categories - if (client.getRedirectUris() != null && !client.getRedirectUris().isEmpty()) { - boolean localhost = false; - boolean remoteHttps = false; - boolean customScheme = false; - for (String uri : client.getRedirectUris()) { - UriComponents components = UriComponentsBuilder.fromUriString(uri).build(); - if (components.getScheme() == null) { - // this is a very unknown redirect URI - customScheme = true; - } else if (components.getScheme().equals("http")) { - // http scheme, check for localhost - if (components.getHost().equals("localhost") || components.getHost().equals("127.0.0.1")) { - localhost = true; - } else { - throw new IllegalArgumentException("[HEART mode] Can't have an http redirect URI on non-local host"); - } - } else if (components.getScheme().equals("https")) { - remoteHttps = true; - } else { - customScheme = true; - } - } - - // now we make sure the client has a URI in only one of each of the three categories - if (!((localhost ^ remoteHttps ^ customScheme) - && !(localhost && remoteHttps && customScheme))) { - throw new IllegalArgumentException("[HEART mode] Can't have more than one class of redirect URI"); - } - } - - } - } - - /** - * Get the client by its internal ID - */ - @Override - public ClientDetailsEntity getClientById(Long id) { - ClientDetailsEntity client = clientRepository.getById(id); - - return client; - } - - /** - * Get the client for the given ClientID - */ - @Override - public ClientDetailsEntity loadClientByClientId(String clientId) throws OAuth2Exception, InvalidClientException, IllegalArgumentException { - if (!Strings.isNullOrEmpty(clientId)) { - ClientDetailsEntity client = clientRepository.getClientByClientId(clientId); - if (client == null) { - throw new InvalidClientException("Client with id " + clientId + " was not found"); - } - else { - return client; - } - } - - throw new IllegalArgumentException("Client id must not be empty!"); - } - - /** - * Delete a client and all its associated tokens - */ - @Override - public void deleteClient(ClientDetailsEntity client) throws InvalidClientException { - - if (clientRepository.getById(client.getId()) == null) { - throw new InvalidClientException("Client with id " + client.getClientId() + " was not found"); - } - - // clean out any tokens that this client had issued - tokenRepository.clearTokensForClient(client); - - // clean out any approved sites for this client - approvedSiteService.clearApprovedSitesForClient(client); - - // clear out any whitelisted sites for this client - WhitelistedSite whitelistedSite = whitelistedSiteService.getByClientId(client.getClientId()); - if (whitelistedSite != null) { - whitelistedSiteService.remove(whitelistedSite); - } - - // clear out resource sets registered for this client - Collection resourceSets = resourceSetService.getAllForClient(client); - for (ResourceSet rs : resourceSets) { - resourceSetService.remove(rs); - } - - // take care of the client itself - clientRepository.deleteClient(client); - - statsService.resetCache(); - - } - - /** - * Update the oldClient with information from the newClient. The - * id from oldClient is retained. - * - * Checks to make sure the refresh grant type and - * the scopes are set appropriately. - * - * Checks to make sure the redirect URIs aren't blacklisted. - * - * Attempts to load the redirect URI (possibly cached) to check the - * sector identifier against the contents there. - * - * - */ - @Override - public ClientDetailsEntity updateClient(ClientDetailsEntity oldClient, ClientDetailsEntity newClient) throws IllegalArgumentException { - if (oldClient != null && newClient != null) { - - for (String uri : newClient.getRegisteredRedirectUri()) { - if (blacklistedSiteService.isBlacklisted(uri)) { - throw new IllegalArgumentException("Client URI is blacklisted: " + uri); - } - } - - // if the client is flagged to allow for refresh tokens, make sure it's got the right scope - ensureRefreshTokenConsistency(newClient); - - // make sure we don't have both a JWKS and a JWKS URI - ensureKeyConsistency(newClient); - - // check consistency when using HEART mode - checkHeartMode(newClient); - - // check the sector URI - checkSectorIdentifierUri(newClient); - - // make sure a client doesn't get any special system scopes - ensureNoReservedScopes(newClient); - - return clientRepository.updateClient(oldClient.getId(), newClient); - } - throw new IllegalArgumentException("Neither old client or new client can be null!"); - } - - /** - * Get all clients in the system - */ - @Override - public Collection getAllClients() { - return clientRepository.getAllClients(); - } - - /** - * Generates a clientId for the given client and sets it to the client's clientId field. Returns the client that was passed in, now with id set. - */ - @Override - public ClientDetailsEntity generateClientId(ClientDetailsEntity client) { - client.setClientId(UUID.randomUUID().toString()); - return client; - } - - /** - * Generates a new clientSecret for the given client and sets it to the client's clientSecret field. Returns the client that was passed in, now with secret set. - */ - @Override - public ClientDetailsEntity generateClientSecret(ClientDetailsEntity client) { - if (config.isHeartMode()) { - logger.error("[HEART mode] Can't generate a client secret, skipping step; client won't be saved due to invalid configuration"); - client.setClientSecret(null); - } else { - client.setClientSecret(Base64.encodeBase64URLSafeString(new BigInteger(512, new SecureRandom()).toByteArray()).replace("=", "")); - } - return client; - } - - /** - * Utility class to load a sector identifier's set of authorized redirect URIs. - * - * @author jricher - * - */ - private class SectorIdentifierLoader extends CacheLoader> { - private HttpComponentsClientHttpRequestFactory httpFactory; - private RestTemplate restTemplate; - private JsonParser parser = new JsonParser(); - - SectorIdentifierLoader(HttpClient httpClient) { - this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient); - this.restTemplate = new RestTemplate(httpFactory); - } - - @Override - public List load(String key) throws Exception { - - if (!key.startsWith("https")) { - if (config.isForceHttps()) { - throw new IllegalArgumentException("Sector identifier must start with https: " + key); - } - logger.error("Sector identifier doesn't start with https, loading anyway..."); - } - - // key is the sector URI - String jsonString = restTemplate.getForObject(key, String.class); - JsonElement json = parser.parse(jsonString); - - if (json.isJsonArray()) { - List redirectUris = new ArrayList<>(); - for (JsonElement el : json.getAsJsonArray()) { - redirectUris.add(el.getAsString()); - } - - logger.info("Found " + redirectUris + " for sector " + key); - - return redirectUris; - } else { - throw new IllegalArgumentException("JSON Format Error"); - } - - } - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java deleted file mode 100644 index 641bf96faa..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ /dev/null @@ -1,563 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.service.impl; - -import static org.mitre.openid.connect.request.ConnectRequestParameters.CODE_CHALLENGE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.CODE_CHALLENGE_METHOD; -import static org.mitre.openid.connect.request.ConnectRequestParameters.CODE_VERIFIER; - -import java.nio.charset.StandardCharsets; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Collection; -import java.util.Date; -import java.util.HashSet; -import java.util.List; -import java.util.Set; -import java.util.UUID; - -import org.mitre.data.AbstractPageOperationTemplate; -import org.mitre.data.DefaultPageCriteria; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.PKCEAlgorithm; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.service.ApprovedSiteService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; -import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; -import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.token.TokenEnhancer; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -import com.google.common.base.Strings; -import com.nimbusds.jose.util.Base64URL; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.PlainJWT; - - -/** - * @author jricher - * - */ -@Service("defaultOAuth2ProviderTokenService") -public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityService { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(DefaultOAuth2ProviderTokenService.class); - - @Autowired - private OAuth2TokenRepository tokenRepository; - - @Autowired - private AuthenticationHolderRepository authenticationHolderRepository; - - @Autowired - private ClientDetailsEntityService clientDetailsService; - - @Autowired - private TokenEnhancer tokenEnhancer; - - @Autowired - private SystemScopeService scopeService; - - @Autowired - private ApprovedSiteService approvedSiteService; - - @Override - public Set getAllAccessTokensForUser(String userName) { - return tokenRepository.getAccessTokensByUserName(userName); - } - - @Override - public Set getAllRefreshTokensForUser(String userName) { - return tokenRepository.getRefreshTokensByUserName(userName); - } - - @Override - public OAuth2AccessTokenEntity getAccessTokenById(Long id) { - return clearExpiredAccessToken(tokenRepository.getAccessTokenById(id)); - } - - @Override - public OAuth2RefreshTokenEntity getRefreshTokenById(Long id) { - return clearExpiredRefreshToken(tokenRepository.getRefreshTokenById(id)); - } - - /** - * Utility function to delete an access token that's expired before returning it. - * @param token the token to check - * @return null if the token is null or expired, the input token (unchanged) if it hasn't - */ - private OAuth2AccessTokenEntity clearExpiredAccessToken(OAuth2AccessTokenEntity token) { - if (token == null) { - return null; - } else if (token.isExpired()) { - // immediately revoke expired token - logger.debug("Clearing expired access token: " + token.getValue()); - revokeAccessToken(token); - return null; - } else { - return token; - } - } - - /** - * Utility function to delete a refresh token that's expired before returning it. - * @param token the token to check - * @return null if the token is null or expired, the input token (unchanged) if it hasn't - */ - private OAuth2RefreshTokenEntity clearExpiredRefreshToken(OAuth2RefreshTokenEntity token) { - if (token == null) { - return null; - } else if (token.isExpired()) { - // immediately revoke expired token - logger.debug("Clearing expired refresh token: " + token.getValue()); - revokeRefreshToken(token); - return null; - } else { - return token; - } - } - - @Override - @Transactional(value="defaultTransactionManager") - public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentication) throws AuthenticationException, InvalidClientException { - if (authentication != null && authentication.getOAuth2Request() != null) { - // look up our client - OAuth2Request request = authentication.getOAuth2Request(); - - ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); - - if (client == null) { - throw new InvalidClientException("Client not found: " + request.getClientId()); - } - - // handle the PKCE code challenge if present - if (request.getExtensions().containsKey(CODE_CHALLENGE)) { - String challenge = (String) request.getExtensions().get(CODE_CHALLENGE); - PKCEAlgorithm alg = PKCEAlgorithm.parse((String) request.getExtensions().get(CODE_CHALLENGE_METHOD)); - - String verifier = request.getRequestParameters().get(CODE_VERIFIER); - - if (alg.equals(PKCEAlgorithm.plain)) { - // do a direct string comparison - if (!challenge.equals(verifier)) { - throw new InvalidRequestException("Code challenge and verifier do not match"); - } - } else if (alg.equals(PKCEAlgorithm.S256)) { - // hash the verifier - try { - MessageDigest digest = MessageDigest.getInstance("SHA-256"); - String hash = Base64URL.encode(digest.digest(verifier.getBytes(StandardCharsets.US_ASCII))).toString(); - if (!challenge.equals(hash)) { - throw new InvalidRequestException("Code challenge and verifier do not match"); - } - } catch (NoSuchAlgorithmException e) { - logger.error("Unknown algorithm for PKCE digest", e); - } - } - - } - - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken(); - - // attach the client - token.setClient(client); - - // inherit the scope from the auth, but make a new set so it is - //not unmodifiable. Unmodifiables don't play nicely with Eclipselink, which - //wants to use the clone operation. - Set scopes = scopeService.fromStrings(request.getScope()); - - // remove any of the special system scopes - scopes = scopeService.removeReservedScopes(scopes); - - token.setScope(scopeService.toStrings(scopes)); - - // make it expire if necessary - if (client.getAccessTokenValiditySeconds() != null && client.getAccessTokenValiditySeconds() > 0) { - Date expiration = new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L)); - token.setExpiration(expiration); - } - - // attach the authorization so that we can look it up later - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setAuthentication(authentication); - authHolder = authenticationHolderRepository.save(authHolder); - - token.setAuthenticationHolder(authHolder); - - // attach a refresh token, if this client is allowed to request them and the user gets the offline scope - if (client.isAllowRefresh() && token.getScope().contains(SystemScopeService.OFFLINE_ACCESS)) { - OAuth2RefreshTokenEntity savedRefreshToken = createRefreshToken(client, authHolder); - - token.setRefreshToken(savedRefreshToken); - } - - //Add approved site reference, if any - OAuth2Request originalAuthRequest = authHolder.getAuthentication().getOAuth2Request(); - - if (originalAuthRequest.getExtensions() != null && originalAuthRequest.getExtensions().containsKey("approved_site")) { - - Long apId = Long.parseLong((String) originalAuthRequest.getExtensions().get("approved_site")); - ApprovedSite ap = approvedSiteService.getById(apId); - - token.setApprovedSite(ap); - } - - OAuth2AccessTokenEntity enhancedToken = (OAuth2AccessTokenEntity) tokenEnhancer.enhance(token, authentication); - - OAuth2AccessTokenEntity savedToken = saveAccessToken(enhancedToken); - - if (savedToken.getRefreshToken() != null) { - tokenRepository.saveRefreshToken(savedToken.getRefreshToken()); // make sure we save any changes that might have been enhanced - } - - return savedToken; - } - - throw new AuthenticationCredentialsNotFoundException("No authentication credentials found"); - } - - - private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client, AuthenticationHolderEntity authHolder) { - OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken(); - JWTClaimsSet.Builder refreshClaims = new JWTClaimsSet.Builder(); - - - // make it expire if necessary - if (client.getRefreshTokenValiditySeconds() != null) { - Date expiration = new Date(System.currentTimeMillis() + (client.getRefreshTokenValiditySeconds() * 1000L)); - refreshToken.setExpiration(expiration); - refreshClaims.expirationTime(expiration); - } - - // set a random identifier - refreshClaims.jwtID(UUID.randomUUID().toString()); - - // TODO: add issuer fields, signature to JWT - - PlainJWT refreshJwt = new PlainJWT(refreshClaims.build()); - refreshToken.setJwt(refreshJwt); - - //Add the authentication - refreshToken.setAuthenticationHolder(authHolder); - refreshToken.setClient(client); - - // save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?) - OAuth2RefreshTokenEntity savedRefreshToken = tokenRepository.saveRefreshToken(refreshToken); - return savedRefreshToken; - } - - @Override - @Transactional(value="defaultTransactionManager") - public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, TokenRequest authRequest) throws AuthenticationException { - - if (Strings.isNullOrEmpty(refreshTokenValue)) { - // throw an invalid token exception if there's no refresh token value at all - throw new InvalidTokenException("Invalid refresh token: " + refreshTokenValue); - } - - OAuth2RefreshTokenEntity refreshToken = clearExpiredRefreshToken(tokenRepository.getRefreshTokenByValue(refreshTokenValue)); - - if (refreshToken == null) { - // throw an invalid token exception if we couldn't find the token - throw new InvalidTokenException("Invalid refresh token: " + refreshTokenValue); - } - - ClientDetailsEntity client = refreshToken.getClient(); - - AuthenticationHolderEntity authHolder = refreshToken.getAuthenticationHolder(); - - // make sure that the client requesting the token is the one who owns the refresh token - ClientDetailsEntity requestingClient = clientDetailsService.loadClientByClientId(authRequest.getClientId()); - if (!client.getClientId().equals(requestingClient.getClientId())) { - tokenRepository.removeRefreshToken(refreshToken); - throw new InvalidClientException("Client does not own the presented refresh token"); - } - - //Make sure this client allows access token refreshing - if (!client.isAllowRefresh()) { - throw new InvalidClientException("Client does not allow refreshing access token!"); - } - - // clear out any access tokens - if (client.isClearAccessTokensOnRefresh()) { - tokenRepository.clearAccessTokensForRefreshToken(refreshToken); - } - - if (refreshToken.isExpired()) { - tokenRepository.removeRefreshToken(refreshToken); - throw new InvalidTokenException("Expired refresh token: " + refreshTokenValue); - } - - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - - // get the stored scopes from the authentication holder's authorization request; these are the scopes associated with the refresh token - Set refreshScopesRequested = new HashSet<>(refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope()); - Set refreshScopes = scopeService.fromStrings(refreshScopesRequested); - // remove any of the special system scopes - refreshScopes = scopeService.removeReservedScopes(refreshScopes); - - Set scopeRequested = authRequest.getScope() == null ? new HashSet() : new HashSet<>(authRequest.getScope()); - Set scope = scopeService.fromStrings(scopeRequested); - - // remove any of the special system scopes - scope = scopeService.removeReservedScopes(scope); - - if (scope != null && !scope.isEmpty()) { - // ensure a proper subset of scopes - if (refreshScopes != null && refreshScopes.containsAll(scope)) { - // set the scope of the new access token if requested - token.setScope(scopeService.toStrings(scope)); - } else { - String errorMsg = "Up-scoping is not allowed."; - logger.error(errorMsg); - throw new InvalidScopeException(errorMsg); - } - } else { - // otherwise inherit the scope of the refresh token (if it's there -- this can return a null scope set) - token.setScope(scopeService.toStrings(refreshScopes)); - } - - token.setClient(client); - - if (client.getAccessTokenValiditySeconds() != null) { - Date expiration = new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L)); - token.setExpiration(expiration); - } - - if (client.isReuseRefreshToken()) { - // if the client re-uses refresh tokens, do that - token.setRefreshToken(refreshToken); - } else { - // otherwise, make a new refresh token - OAuth2RefreshTokenEntity newRefresh = createRefreshToken(client, authHolder); - token.setRefreshToken(newRefresh); - - // clean up the old refresh token - tokenRepository.removeRefreshToken(refreshToken); - } - - token.setAuthenticationHolder(authHolder); - - tokenEnhancer.enhance(token, authHolder.getAuthentication()); - - tokenRepository.saveAccessToken(token); - - return token; - } - - @Override - public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException { - OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue)); - - if (accessToken == null) { - throw new InvalidTokenException("Invalid access token: " + accessTokenValue); - } else { - return accessToken.getAuthenticationHolder().getAuthentication(); - } - } - - - /** - * Get an access token from its token value. - */ - @Override - public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue) throws AuthenticationException { - OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue)); - if (accessToken == null) { - throw new InvalidTokenException("Access token for value " + accessTokenValue + " was not found"); - } else { - return accessToken; - } - } - - /** - * Get an access token by its authentication object. - */ - @Override - public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication) { - // TODO: implement this against the new service (#825) - throw new UnsupportedOperationException("Unable to look up access token from authentication object."); - } - - /** - * Get a refresh token by its token value. - */ - @Override - public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue) throws AuthenticationException { - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue); - if (refreshToken == null) { - throw new InvalidTokenException("Refresh token for value " + refreshTokenValue + " was not found"); - } - else { - return refreshToken; - } - } - - /** - * Revoke a refresh token and all access tokens issued to it. - */ - @Override - @Transactional(value="defaultTransactionManager") - public void revokeRefreshToken(OAuth2RefreshTokenEntity refreshToken) { - tokenRepository.clearAccessTokensForRefreshToken(refreshToken); - tokenRepository.removeRefreshToken(refreshToken); - } - - /** - * Revoke an access token. - */ - @Override - @Transactional(value="defaultTransactionManager") - public void revokeAccessToken(OAuth2AccessTokenEntity accessToken) { - tokenRepository.removeAccessToken(accessToken); - } - - @Override - public List getAccessTokensForClient(ClientDetailsEntity client) { - return tokenRepository.getAccessTokensForClient(client); - } - - @Override - public List getRefreshTokensForClient(ClientDetailsEntity client) { - return tokenRepository.getRefreshTokensForClient(client); - } - - /** - * Clears out expired tokens and any abandoned authentication objects - */ - @Override - public void clearExpiredTokens() { - logger.debug("Cleaning out all expired tokens"); - - new AbstractPageOperationTemplate("clearExpiredAccessTokens") { - @Override - public Collection fetchPage() { - return tokenRepository.getAllExpiredAccessTokens(new DefaultPageCriteria()); - } - - @Override - public void doOperation(OAuth2AccessTokenEntity item) { - revokeAccessToken(item); - } - }.execute(); - - new AbstractPageOperationTemplate("clearExpiredRefreshTokens") { - @Override - public Collection fetchPage() { - return tokenRepository.getAllExpiredRefreshTokens(new DefaultPageCriteria()); - } - - @Override - public void doOperation(OAuth2RefreshTokenEntity item) { - revokeRefreshToken(item); - } - }.execute(); - - new AbstractPageOperationTemplate("clearExpiredAuthenticationHolders") { - @Override - public Collection fetchPage() { - return authenticationHolderRepository.getOrphanedAuthenticationHolders(new DefaultPageCriteria()); - } - - @Override - public void doOperation(AuthenticationHolderEntity item) { - authenticationHolderRepository.remove(item); - } - }.execute(); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.OAuth2TokenEntityService#saveAccessToken(org.mitre.oauth2.model.OAuth2AccessTokenEntity) - */ - @Override - @Transactional(value="defaultTransactionManager") - public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity accessToken) { - OAuth2AccessTokenEntity newToken = tokenRepository.saveAccessToken(accessToken); - - // if the old token has any additional information for the return from the token endpoint, carry it through here after save - if (accessToken.getAdditionalInformation() != null && !accessToken.getAdditionalInformation().isEmpty()) { - newToken.getAdditionalInformation().putAll(accessToken.getAdditionalInformation()); - } - - return newToken; - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.OAuth2TokenEntityService#saveRefreshToken(org.mitre.oauth2.model.OAuth2RefreshTokenEntity) - */ - @Override - @Transactional(value="defaultTransactionManager") - public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken) { - return tokenRepository.saveRefreshToken(refreshToken); - } - - /** - * @return the tokenEnhancer - */ - public TokenEnhancer getTokenEnhancer() { - return tokenEnhancer; - } - - /** - * @param tokenEnhancer the tokenEnhancer to set - */ - public void setTokenEnhancer(TokenEnhancer tokenEnhancer) { - this.tokenEnhancer = tokenEnhancer; - } - - @Override - public OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetailsEntity client) { - List allTokens = getAccessTokensForClient(client); - - for (OAuth2AccessTokenEntity token : allTokens) { - if ((token.getScope().contains(SystemScopeService.REGISTRATION_TOKEN_SCOPE) || token.getScope().contains(SystemScopeService.RESOURCE_TOKEN_SCOPE)) - && token.getScope().size() == 1) { - // if it only has the registration scope, then it's a registration token - return token; - } - } - - return null; - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java deleted file mode 100644 index 21474fe6e0..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java +++ /dev/null @@ -1,222 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.service.impl; - -import java.util.LinkedHashSet; -import java.util.Set; - -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mitre.oauth2.service.SystemScopeService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import com.google.common.base.Function; -import com.google.common.base.Predicate; -import com.google.common.base.Predicates; -import com.google.common.base.Strings; -import com.google.common.collect.Collections2; -import com.google.common.collect.Sets; - -/** - * @author jricher - * - */ -@Service("defaultSystemScopeService") -public class DefaultSystemScopeService implements SystemScopeService { - - @Autowired - private SystemScopeRepository repository; - - private Predicate isDefault = new Predicate() { - @Override - public boolean apply(SystemScope input) { - return (input != null && input.isDefaultScope()); - } - }; - - private Predicate isRestricted = new Predicate() { - @Override - public boolean apply(SystemScope input) { - return (input != null && input.isRestricted()); - } - }; - - private Predicate isReserved = new Predicate() { - @Override - public boolean apply(SystemScope input) { - return (input != null && getReserved().contains(input)); - } - }; - - private Function stringToSystemScope = new Function() { - @Override - public SystemScope apply(String input) { - if (Strings.isNullOrEmpty(input)) { - return null; - } else { - // get the real scope if it's available - SystemScope s = getByValue(input); - if (s == null) { - // make a fake one otherwise - s = new SystemScope(input); - } - - return s; - } - } - }; - - private Function systemScopeToString = new Function() { - @Override - public String apply(SystemScope input) { - if (input == null) { - return null; - } else { - return input.getValue(); - } - } - }; - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.SystemScopeService#getAll() - */ - @Override - public Set getAll() { - return repository.getAll(); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.SystemScopeService#getById(java.lang.Long) - */ - @Override - public SystemScope getById(Long id) { - return repository.getById(id); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.SystemScopeService#getByValue(java.lang.String) - */ - @Override - public SystemScope getByValue(String value) { - return repository.getByValue(value); - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.SystemScopeService#remove(org.mitre.oauth2.model.SystemScope) - */ - @Override - public void remove(SystemScope scope) { - repository.remove(scope); - - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.SystemScopeService#save(org.mitre.oauth2.model.SystemScope) - */ - @Override - public SystemScope save(SystemScope scope) { - if (!isReserved.apply(scope)) { // don't allow saving of reserved scopes - return repository.save(scope); - } else { - return null; - } - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.SystemScopeService#fromStrings(java.util.Set) - */ - @Override - public Set fromStrings(Set scope) { - if (scope == null) { - return null; - } else { - return new LinkedHashSet<>(Collections2.filter(Collections2.transform(scope, stringToSystemScope), Predicates.notNull())); - } - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.SystemScopeService#toStrings(java.util.Set) - */ - @Override - public Set toStrings(Set scope) { - if (scope == null) { - return null; - } else { - return new LinkedHashSet<>(Collections2.filter(Collections2.transform(scope, systemScopeToString), Predicates.notNull())); - } - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.service.SystemScopeService#scopesMatch(java.util.Set, java.util.Set) - */ - @Override - public boolean scopesMatch(Set expected, Set actual) { - - Set ex = fromStrings(expected); - Set act = fromStrings(actual); - - for (SystemScope actScope : act) { - // first check to see if there's an exact match - if (!ex.contains(actScope)) { - return false; - } else { - // if we did find an exact match, we need to check the rest - } - } - - // if we got all the way down here, the setup passed - return true; - - } - - @Override - public Set getDefaults() { - return Sets.filter(getAll(), isDefault); - } - - - @Override - public Set getReserved() { - return reservedScopes; - } - - @Override - public Set getRestricted() { - return Sets.filter(getAll(), isRestricted); - } - - @Override - public Set getUnrestricted() { - return Sets.filter(getAll(), Predicates.not(isRestricted)); - } - - @Override - public Set removeRestrictedAndReservedScopes(Set scopes) { - return Sets.filter(scopes, Predicates.not(Predicates.or(isRestricted, isReserved))); - } - - @Override - public Set removeReservedScopes(Set scopes) { - return Sets.filter(scopes, Predicates.not(isReserved)); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java deleted file mode 100644 index c53596f26b..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java +++ /dev/null @@ -1,112 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.token; - -import java.util.HashSet; -import java.util.Set; - -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; -import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2RequestFactory; -import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; -import org.springframework.stereotype.Component; - -import com.google.common.collect.Sets; - -/** - * @author jricher - * - */ -@Component("chainedTokenGranter") -public class ChainedTokenGranter extends AbstractTokenGranter { - - public static final String GRANT_TYPE = "urn:ietf:params:oauth:grant_type:redelegate"; - - // keep down-cast versions so we can get to the right queries - private OAuth2TokenEntityService tokenServices; - - /** - * @param tokenServices - * @param clientDetailsService - * @param GRANT_TYPE - */ - @Autowired - public ChainedTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService, OAuth2RequestFactory requestFactory) { - super(tokenServices, clientDetailsService, requestFactory, GRANT_TYPE); - this.tokenServices = tokenServices; - } - - /* (non-Javadoc) - * @see org.springframework.security.oauth2.provider.token.AbstractTokenGranter#getOAuth2Authentication(org.springframework.security.oauth2.provider.AuthorizationRequest) - */ - @Override - protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) throws AuthenticationException, InvalidTokenException { - // read and load up the existing token - String incomingTokenValue = tokenRequest.getRequestParameters().get("token"); - OAuth2AccessTokenEntity incomingToken = tokenServices.readAccessToken(incomingTokenValue); - - // check for scoping in the request, can't up-scope with a chained request - Set approvedScopes = incomingToken.getScope(); - Set requestedScopes = tokenRequest.getScope(); - - if (requestedScopes == null) { - requestedScopes = new HashSet<>(); - } - - // do a check on the requested scopes -- if they exactly match the client scopes, they were probably shadowed by the token granter - if (client.getScope().equals(requestedScopes)) { - requestedScopes = new HashSet<>(); - } - - // if our scopes are a valid subset of what's allowed, we can continue - if (approvedScopes.containsAll(requestedScopes)) { - - if (requestedScopes.isEmpty()) { - // if there are no scopes, inherit the original scopes from the token - tokenRequest.setScope(approvedScopes); - } else { - // if scopes were asked for, give only the subset of scopes requested - // this allows safe downscoping - tokenRequest.setScope(Sets.intersection(requestedScopes, approvedScopes)); - } - - // NOTE: don't revoke the existing access token - - // create a new access token - OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication()); - - return authentication; - - } else { - throw new InvalidScopeException("Invalid scope requested in chained request", approvedScopes); - } - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/DeviceTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/DeviceTokenGranter.java deleted file mode 100644 index f7e185e530..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/DeviceTokenGranter.java +++ /dev/null @@ -1,107 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.token; - -import java.util.Date; - -import org.mitre.oauth2.exception.AuthorizationPendingException; -import org.mitre.oauth2.exception.DeviceCodeExpiredException; -import org.mitre.oauth2.model.DeviceCode; -import org.mitre.oauth2.service.DeviceCodeService; -import org.mitre.oauth2.web.DeviceEndpoint; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.ClientDetailsService; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2RequestFactory; -import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; -import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; -import org.springframework.stereotype.Component; - -/** - * Implements https://tools.ietf.org/html/draft-ietf-oauth-device-flow - * - * @see DeviceEndpoint - * - * @author jricher - * - */ -@Component("deviceTokenGranter") -public class DeviceTokenGranter extends AbstractTokenGranter { - - public static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code"; - - @Autowired - private DeviceCodeService deviceCodeService; - - /** - * @param tokenServices - * @param clientDetailsService - * @param requestFactory - * @param grantType - */ - protected DeviceTokenGranter(AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory) { - super(tokenServices, clientDetailsService, requestFactory, GRANT_TYPE); - } - - /* (non-Javadoc) - * @see org.springframework.security.oauth2.provider.token.AbstractTokenGranter#getOAuth2Authentication(org.springframework.security.oauth2.provider.ClientDetails, org.springframework.security.oauth2.provider.TokenRequest) - */ - @Override - protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { - - String deviceCode = tokenRequest.getRequestParameters().get("device_code"); - - // look up the device code and consume it - DeviceCode dc = deviceCodeService.findDeviceCode(deviceCode, client); - - if (dc != null) { - - // make sure the code hasn't expired yet - if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) { - - deviceCodeService.clearDeviceCode(deviceCode, client); - - throw new DeviceCodeExpiredException("Device code has expired " + deviceCode); - - } else if (!dc.isApproved()) { - - // still waiting for approval - throw new AuthorizationPendingException("Authorization pending for code " + deviceCode); - - } else { - // inherit the (approved) scopes from the original request - tokenRequest.setScope(dc.getScope()); - - OAuth2Authentication auth = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), dc.getAuthenticationHolder().getUserAuth()); - - deviceCodeService.clearDeviceCode(deviceCode, client); - - return auth; - } - } else { - throw new InvalidGrantException("Invalid device code: " + deviceCode); - } - - } - - - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JWTAssertionTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JWTAssertionTokenGranter.java deleted file mode 100644 index 02217fc48e..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JWTAssertionTokenGranter.java +++ /dev/null @@ -1,98 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.token; - -import java.text.ParseException; - -import org.mitre.jwt.assertion.AssertionValidator; -import org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.openid.connect.assertion.JWTBearerAssertionAuthenticationToken; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2RequestFactory; -import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; -import org.springframework.stereotype.Component; - -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTParser; - -/** - * @author jricher - * - */ -@Component("jwtAssertionTokenGranter") -public class JWTAssertionTokenGranter extends AbstractTokenGranter { - - private static final String grantType = "urn:ietf:params:oauth:grant-type:jwt-bearer"; - - @Autowired - @Qualifier("jwtAssertionValidator") - private AssertionValidator validator; - - @Autowired - private AssertionOAuth2RequestFactory assertionFactory; - - @Autowired - public JWTAssertionTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService, OAuth2RequestFactory requestFactory) { - super(tokenServices, clientDetailsService, requestFactory, grantType); - } - - /* (non-Javadoc) - * @see org.springframework.security.oauth2.provider.token.AbstractTokenGranter#getOAuth2Authentication(org.springframework.security.oauth2.provider.AuthorizationRequest) - */ - @Override - protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) throws AuthenticationException, InvalidTokenException { - // read and load up the existing token - try { - String incomingAssertionValue = tokenRequest.getRequestParameters().get("assertion"); - JWT assertion = JWTParser.parse(incomingAssertionValue); - - if (validator.isValid(assertion)) { - - // our validator says it's OK, time to make a token from it - // the real work happens in the assertion factory and the token services - return new OAuth2Authentication(assertionFactory.createOAuth2Request(client, tokenRequest, assertion), - new JWTBearerAssertionAuthenticationToken(assertion, client.getAuthorities())); - - } else { - logger.warn("Incoming assertion did not pass validator, rejecting"); - return null; - } - - } catch (ParseException e) { - logger.warn("Unable to parse incoming assertion"); - } - - // if we had made a token, we'd have returned it by now, so return null here to close out with no created token - return null; - - } - - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ScopeServiceAwareOAuth2RequestValidator.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ScopeServiceAwareOAuth2RequestValidator.java deleted file mode 100644 index 3896dfd3a5..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ScopeServiceAwareOAuth2RequestValidator.java +++ /dev/null @@ -1,69 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.token; - -import java.util.Set; - -import org.mitre.oauth2.service.SystemScopeService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; -import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.OAuth2RequestValidator; -import org.springframework.security.oauth2.provider.TokenRequest; - -/** - * - * Validates the scopes on a request by comparing them against a client's - * allowed scopes, but allow custom scopes to function through the system scopes - * - * @author jricher - * - */ -public class ScopeServiceAwareOAuth2RequestValidator implements OAuth2RequestValidator { - - @Autowired - private SystemScopeService scopeService; - - /* (non-Javadoc) - * @see org.springframework.security.oauth2.provider.OAuth2RequestValidator#validateScope(java.util.Map, java.util.Set) - */ - private void validateScope(Set requestedScopes, Set clientScopes) throws InvalidScopeException { - if (requestedScopes != null && !requestedScopes.isEmpty()) { - if (clientScopes != null && !clientScopes.isEmpty()) { - if (!scopeService.scopesMatch(clientScopes, requestedScopes)) { - throw new InvalidScopeException("Invalid scope; requested:" + requestedScopes, clientScopes); - } - } - } - } - - @Override - public void validateScope(AuthorizationRequest authorizationRequest, ClientDetails client) throws InvalidScopeException { - validateScope(authorizationRequest.getScope(), client.getScope()); - } - - @Override - public void validateScope(TokenRequest tokenRequest, ClientDetails client) throws InvalidScopeException { - validateScope(tokenRequest.getScope(), client.getScope()); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java deleted file mode 100644 index cd6eed06cc..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java +++ /dev/null @@ -1,150 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.view; - -import java.io.IOException; -import java.io.Writer; -import java.lang.reflect.Type; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonSerializationContext; -import com.google.gson.JsonSerializer; - -@Component(TokenApiView.VIEWNAME) -public class TokenApiView extends AbstractView { - - public static final String VIEWNAME = "tokenApiView"; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(TokenApiView.class); - - private Gson gson = new GsonBuilder() - .setExclusionStrategies(new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - return false; - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }) - .registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer() { - - @Override - public JsonElement serialize(OAuth2AccessTokenEntity src, - Type typeOfSrc, JsonSerializationContext context) { - - - JsonObject o = new JsonObject(); - - o.addProperty("value", src.getValue()); - o.addProperty("id", src.getId()); - o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null); - - o.add("scopes", context.serialize(src.getScope())); - - o.addProperty("clientId", src.getClient().getClientId()); - o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName()); - - o.add("expiration", context.serialize(src.getExpiration())); - - return o; - } - - }) - .registerTypeAdapter(OAuth2RefreshTokenEntity.class, new JsonSerializer() { - - @Override - public JsonElement serialize(OAuth2RefreshTokenEntity src, - Type typeOfSrc, JsonSerializationContext context) { - JsonObject o = new JsonObject(); - - o.addProperty("value", src.getValue()); - o.addProperty("id", src.getId()); - - o.add("scopes", context.serialize(src.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope())); - - o.addProperty("clientId", src.getClient().getClientId()); - o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName()); - - o.add("expiration", context.serialize(src.getExpiration())); - - return o; - } - - }) - .serializeNulls() - .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") - .create(); - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - response.setContentType(MediaType.APPLICATION_JSON_VALUE); - - - HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); - if (code == null) { - code = HttpStatus.OK; // default to 200 - } - - response.setStatus(code.value()); - - try { - - Writer out = response.getWriter(); - Object obj = model.get(JsonEntityView.ENTITY); - gson.toJson(obj, out); - - } catch (IOException e) { - - logger.error("IOException in JsonEntityView.java: ", e); - - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/AuthenticationUtilities.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/AuthenticationUtilities.java deleted file mode 100644 index ee56889cc0..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/AuthenticationUtilities.java +++ /dev/null @@ -1,77 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.web; - -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException; -import org.springframework.security.oauth2.provider.OAuth2Authentication; - -import com.google.common.collect.ImmutableSet; - -/** - * - * Utility class to enforce OAuth scopes in authenticated requests. - * - * @author jricher - * - */ -public abstract class AuthenticationUtilities { - - /** - * Makes sure the authentication contains the given scope, throws an exception otherwise - * @param auth the authentication object to check - * @param scope the scope to look for - * @throws InsufficientScopeException if the authentication does not contain that scope - */ - public static void ensureOAuthScope(Authentication auth, String scope) { - // if auth is OAuth, make sure we've got the right scope - if (auth instanceof OAuth2Authentication) { - OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth; - if (oAuth2Authentication.getOAuth2Request().getScope() == null - || !oAuth2Authentication.getOAuth2Request().getScope().contains(scope)) { - throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(scope)); - } - } - } - - /** - * Check to see if the given auth object has ROLE_ADMIN assigned to it or not - * @param auth - * @return - */ - public static boolean isAdmin(Authentication auth) { - for (GrantedAuthority grantedAuthority : auth.getAuthorities()) { - if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) { - return true; - } - } - return false; - } - - - public static boolean hasRole(Authentication auth, String role) { - for (GrantedAuthority grantedAuthority : auth.getAuthorities()) { - if (grantedAuthority.getAuthority().equals(role)) { - return true; - } - } - return false; - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java deleted file mode 100644 index da2aa69d12..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java +++ /dev/null @@ -1,60 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.web; - -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.stereotype.Component; -import org.springframework.web.filter.OncePerRequestFilter; - -/** - * - * Implements Cross-Origin Resource Sharing (CORS) headers. This filter adds the CORS - * headers to all requests that pass through it, and as such it should be used only - * on endpoints that require CORS support. - * - * @author jricher - * - */ -@Component("corsFilter") -public class CorsFilter extends OncePerRequestFilter { - - /* (non-Javadoc) - * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) - */ - @Override - public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { - - response.addHeader("Access-Control-Allow-Origin", "*"); - if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) { - // CORS "pre-flight" request - response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); - response.addHeader("Access-Control-Allow-Headers", "X-Requested-With,Origin,Content-Type, Accept, Authorization"); - } - filterChain.doFilter(request, response); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java deleted file mode 100644 index 9c54c9f073..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java +++ /dev/null @@ -1,307 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.web; - -import java.net.URI; -import java.net.URISyntaxException; -import java.util.Collection; -import java.util.Date; -import java.util.HashMap; -import java.util.LinkedHashSet; -import java.util.Map; -import java.util.Set; -import java.util.UUID; - -import javax.servlet.http.HttpSession; - -import org.apache.http.client.utils.URIBuilder; -import org.mitre.oauth2.exception.DeviceCodeCreationException; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.DeviceCode; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.DeviceCodeService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.oauth2.token.DeviceTokenGranter; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.OAuth2RequestFactory; -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; - -import com.google.common.collect.Sets; - -/** - * Implements https://tools.ietf.org/html/draft-ietf-oauth-device-flow - * - * @see DeviceTokenGranter - * - * @author jricher - * - */ -@Controller -public class DeviceEndpoint { - - public static final String URL = "devicecode"; - public static final String USER_URL = "device"; - - public static final Logger logger = LoggerFactory.getLogger(DeviceEndpoint.class); - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private SystemScopeService scopeService; - - @Autowired - private ConfigurationPropertiesBean config; - - @Autowired - private DeviceCodeService deviceCodeService; - - @Autowired - private OAuth2RequestFactory oAuth2RequestFactory; - - @RequestMapping(value = "/" + URL, method = RequestMethod.POST, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public String requestDeviceCode(@RequestParam("client_id") String clientId, @RequestParam(name="scope", required=false) String scope, Map parameters, ModelMap model) { - - ClientDetailsEntity client; - try { - client = clientService.loadClientByClientId(clientId); - - // make sure this client can do the device flow - - Collection authorizedGrantTypes = client.getAuthorizedGrantTypes(); - if (authorizedGrantTypes != null && !authorizedGrantTypes.isEmpty() - && !authorizedGrantTypes.contains(DeviceTokenGranter.GRANT_TYPE)) { - throw new InvalidClientException("Unauthorized grant type: " + DeviceTokenGranter.GRANT_TYPE); - } - - } catch (IllegalArgumentException e) { - logger.error("IllegalArgumentException was thrown when attempting to load client", e); - model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - return HttpCodeView.VIEWNAME; - } - - if (client == null) { - logger.error("could not find client " + clientId); - model.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - // make sure the client is allowed to ask for those scopes - Set requestedScopes = OAuth2Utils.parseParameterList(scope); - Set allowedScopes = client.getScope(); - - if (!scopeService.scopesMatch(allowedScopes, requestedScopes)) { - // client asked for scopes it can't have - logger.error("Client asked for " + requestedScopes + " but is allowed " + allowedScopes); - model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - model.put(JsonErrorView.ERROR, "invalid_scope"); - return JsonErrorView.VIEWNAME; - } - - // if we got here the request is legit - - try { - DeviceCode dc = deviceCodeService.createNewDeviceCode(requestedScopes, client, parameters); - - Map response = new HashMap<>(); - response.put("device_code", dc.getDeviceCode()); - response.put("user_code", dc.getUserCode()); - response.put("verification_uri", config.getIssuer() + USER_URL); - if (client.getDeviceCodeValiditySeconds() != null) { - response.put("expires_in", client.getDeviceCodeValiditySeconds()); - } - - if (config.isAllowCompleteDeviceCodeUri()) { - URI verificationUriComplete = new URIBuilder(config.getIssuer() + USER_URL) - .addParameter("user_code", dc.getUserCode()) - .build(); - - response.put("verification_uri_complete", verificationUriComplete.toString()); - } - - model.put(JsonEntityView.ENTITY, response); - - - return JsonEntityView.VIEWNAME; - } catch (DeviceCodeCreationException dcce) { - - model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - model.put(JsonErrorView.ERROR, dcce.getError()); - model.put(JsonErrorView.ERROR_MESSAGE, dcce.getMessage()); - - return JsonErrorView.VIEWNAME; - } catch (URISyntaxException use) { - logger.error("unable to build verification_uri_complete due to wrong syntax of uri components"); - model.put(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR); - - return HttpCodeView.VIEWNAME; - } - - } - - @PreAuthorize("hasRole('ROLE_USER')") - @RequestMapping(value = "/" + USER_URL, method = RequestMethod.GET) - public String requestUserCode(@RequestParam(value = "user_code", required = false) String userCode, ModelMap model, HttpSession session) { - - if (!config.isAllowCompleteDeviceCodeUri() || userCode == null) { - // if we don't allow the complete URI or we didn't get a user code on the way in, - // print out a page that asks the user to enter their user code - // user must be logged in - return "requestUserCode"; - } else { - - // complete verification uri was used, we received user code directly - // skip requesting code page - // user must be logged in - return readUserCode(userCode, model, session); - } - } - - @PreAuthorize("hasRole('ROLE_USER')") - @RequestMapping(value = "/" + USER_URL + "/verify", method = RequestMethod.POST) - public String readUserCode(@RequestParam("user_code") String userCode, ModelMap model, HttpSession session) { - - // look up the request based on the user code - DeviceCode dc = deviceCodeService.lookUpByUserCode(userCode); - - // we couldn't find the device code - if (dc == null) { - model.addAttribute("error", "noUserCode"); - return "requestUserCode"; - } - - // make sure the code hasn't expired yet - if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) { - model.addAttribute("error", "expiredUserCode"); - return "requestUserCode"; - } - - // make sure the device code hasn't already been approved - if (dc.isApproved()) { - model.addAttribute("error", "userCodeAlreadyApproved"); - return "requestUserCode"; - } - - ClientDetailsEntity client = clientService.loadClientByClientId(dc.getClientId()); - - model.put("client", client); - model.put("dc", dc); - - // pre-process the scopes - Set scopes = scopeService.fromStrings(dc.getScope()); - - Set sortedScopes = new LinkedHashSet<>(scopes.size()); - Set systemScopes = scopeService.getAll(); - - // sort scopes for display based on the inherent order of system scopes - for (SystemScope s : systemScopes) { - if (scopes.contains(s)) { - sortedScopes.add(s); - } - } - - // add in any scopes that aren't system scopes to the end of the list - sortedScopes.addAll(Sets.difference(scopes, systemScopes)); - - model.put("scopes", sortedScopes); - - AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(dc.getRequestParameters()); - - session.setAttribute("authorizationRequest", authorizationRequest); - session.setAttribute("deviceCode", dc); - - return "approveDevice"; - } - - @PreAuthorize("hasRole('ROLE_USER')") - @RequestMapping(value = "/" + USER_URL + "/approve", method = RequestMethod.POST) - public String approveDevice(@RequestParam("user_code") String userCode, @RequestParam(value = "user_oauth_approval") Boolean approve, ModelMap model, Authentication auth, HttpSession session) { - - AuthorizationRequest authorizationRequest = (AuthorizationRequest) session.getAttribute("authorizationRequest"); - DeviceCode dc = (DeviceCode) session.getAttribute("deviceCode"); - - // make sure the form that was submitted is the one that we were expecting - if (!dc.getUserCode().equals(userCode)) { - model.addAttribute("error", "userCodeMismatch"); - return "requestUserCode"; - } - - // make sure the code hasn't expired yet - if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) { - model.addAttribute("error", "expiredUserCode"); - return "requestUserCode"; - } - - ClientDetailsEntity client = clientService.loadClientByClientId(dc.getClientId()); - - model.put("client", client); - - // user did not approve - if (!approve) { - model.addAttribute("approved", false); - return "deviceApproved"; - } - - // create an OAuth request for storage - OAuth2Request o2req = oAuth2RequestFactory.createOAuth2Request(authorizationRequest); - OAuth2Authentication o2Auth = new OAuth2Authentication(o2req, auth); - - DeviceCode approvedCode = deviceCodeService.approveDeviceCode(dc, o2Auth); - - // pre-process the scopes - Set scopes = scopeService.fromStrings(dc.getScope()); - - Set sortedScopes = new LinkedHashSet<>(scopes.size()); - Set systemScopes = scopeService.getAll(); - - // sort scopes for display based on the inherent order of system scopes - for (SystemScope s : systemScopes) { - if (scopes.contains(s)) { - sortedScopes.add(s); - } - } - - // add in any scopes that aren't system scopes to the end of the list - sortedScopes.addAll(Sets.difference(scopes, systemScopes)); - - model.put("scopes", sortedScopes); - model.put("approved", true); - - return "deviceApproved"; - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java deleted file mode 100644 index 7725a54030..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java +++ /dev/null @@ -1,211 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.web; - -import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope; - -import java.util.Collection; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.IntrospectionResultAssembler; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.UserInfoService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.service.ResourceSetService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; - -import com.google.common.base.Strings; -import com.google.common.collect.ImmutableMap; - -@Controller -public class IntrospectionEndpoint { - - /** - * - */ - public static final String URL = "introspect"; - - @Autowired - private OAuth2TokenEntityService tokenServices; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private IntrospectionResultAssembler introspectionResultAssembler; - - @Autowired - private UserInfoService userInfoService; - - @Autowired - private ResourceSetService resourceSetService; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(IntrospectionEndpoint.class); - - public IntrospectionEndpoint() { - - } - - public IntrospectionEndpoint(OAuth2TokenEntityService tokenServices) { - this.tokenServices = tokenServices; - } - - @RequestMapping("/" + URL) - public String verify(@RequestParam("token") String tokenValue, - @RequestParam(value = "token_type_hint", required = false) String tokenType, - Authentication auth, Model model) { - - ClientDetailsEntity authClient = null; - Set authScopes = new HashSet<>(); - - if (auth instanceof OAuth2Authentication) { - // the client authenticated with OAuth, do our UMA checks - ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); - - // get out the client that was issued the access token (not the token being introspected) - OAuth2Authentication o2a = (OAuth2Authentication) auth; - - String authClientId = o2a.getOAuth2Request().getClientId(); - authClient = clientService.loadClientByClientId(authClientId); - - // the owner is the user who authorized the token in the first place - String ownerId = o2a.getUserAuthentication().getName(); - - authScopes.addAll(authClient.getScope()); - - // UMA style clients also get a subset of scopes of all the resource sets they've registered - Collection resourceSets = resourceSetService.getAllForOwnerAndClient(ownerId, authClientId); - - // collect all the scopes - for (ResourceSet rs : resourceSets) { - authScopes.addAll(rs.getScopes()); - } - - } else { - // the client authenticated directly, make sure it's got the right access - - String authClientId = auth.getName(); // direct authentication puts the client_id into the authentication's name field - authClient = clientService.loadClientByClientId(authClientId); - - // directly authenticated clients get a subset of any scopes that they've registered for - authScopes.addAll(authClient.getScope()); - - if (!AuthenticationUtilities.hasRole(auth, "ROLE_CLIENT") - || !authClient.isAllowIntrospection()) { - - // this client isn't allowed to do direct introspection - - logger.error("Client " + authClient.getClientId() + " is not allowed to call introspection endpoint"); - model.addAttribute("code", HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - - } - - } - - // by here we're allowed to introspect, now we need to look up the token in our token stores - - // first make sure the token is there - if (Strings.isNullOrEmpty(tokenValue)) { - logger.error("Verify failed; token value is null"); - Map entity = ImmutableMap.of("active", Boolean.FALSE); - model.addAttribute(JsonEntityView.ENTITY, entity); - return JsonEntityView.VIEWNAME; - } - - OAuth2AccessTokenEntity accessToken = null; - OAuth2RefreshTokenEntity refreshToken = null; - ClientDetailsEntity tokenClient; - UserInfo user; - - try { - - // check access tokens first (includes ID tokens) - accessToken = tokenServices.readAccessToken(tokenValue); - - tokenClient = accessToken.getClient(); - - // get the user information of the user that authorized this token in the first place - String userName = accessToken.getAuthenticationHolder().getAuthentication().getName(); - user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId()); - - } catch (InvalidTokenException e) { - logger.info("Invalid access token. Checking refresh token."); - try { - - // check refresh tokens next - refreshToken = tokenServices.getRefreshToken(tokenValue); - - tokenClient = refreshToken.getClient(); - - // get the user information of the user that authorized this token in the first place - String userName = refreshToken.getAuthenticationHolder().getAuthentication().getName(); - user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId()); - - } catch (InvalidTokenException e2) { - logger.error("Invalid refresh token"); - Map entity = ImmutableMap.of(IntrospectionResultAssembler.ACTIVE, Boolean.FALSE); - model.addAttribute(JsonEntityView.ENTITY, entity); - return JsonEntityView.VIEWNAME; - } - } - - // if it's a valid token, we'll print out information on it - - if (accessToken != null) { - Map entity = introspectionResultAssembler.assembleFrom(accessToken, user, authScopes); - model.addAttribute(JsonEntityView.ENTITY, entity); - } else if (refreshToken != null) { - Map entity = introspectionResultAssembler.assembleFrom(refreshToken, user, authScopes); - model.addAttribute(JsonEntityView.ENTITY, entity); - } else { - // no tokens were found (we shouldn't get here) - logger.error("Verify failed; Invalid access/refresh token"); - Map entity = ImmutableMap.of(IntrospectionResultAssembler.ACTIVE, Boolean.FALSE); - model.addAttribute(JsonEntityView.ENTITY, entity); - return JsonEntityView.VIEWNAME; - } - - return JsonEntityView.VIEWNAME; - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuth2ExceptionHandler.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuth2ExceptionHandler.java deleted file mode 100644 index 2a361cffde..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuth2ExceptionHandler.java +++ /dev/null @@ -1,47 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.web; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.ResponseEntity; -import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; -import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; -import org.springframework.web.bind.annotation.ControllerAdvice; -import org.springframework.web.bind.annotation.ExceptionHandler; - -/** - * Controller helper that handles OAuth2 exceptions and propagates them as JSON errors. - * - * @author jricher - * - */ -@ControllerAdvice -public class OAuth2ExceptionHandler { - private static final Logger logger = LoggerFactory.getLogger(OAuth2ExceptionHandler.class); - - @Autowired - private WebResponseExceptionTranslator providerExceptionHandler; - - @ExceptionHandler(OAuth2Exception.class) - public ResponseEntity handleException(Exception e) throws Exception { - logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); - return providerExceptionHandler.translate(e); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java deleted file mode 100644 index 29c9a1419e..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java +++ /dev/null @@ -1,242 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.web; - -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT; -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR; - -import java.net.URISyntaxException; -import java.security.Principal; -import java.util.Date; -import java.util.HashMap; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.apache.http.client.utils.URIBuilder; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.ScopeClaimTranslationService; -import org.mitre.openid.connect.service.StatsService; -import org.mitre.openid.connect.service.UserInfoService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; -import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.endpoint.RedirectResolver; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.ModelAttribute; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.SessionAttributes; - -import com.google.common.base.Joiner; -import com.google.common.base.Splitter; -import com.google.common.base.Strings; -import com.google.common.collect.Sets; -import com.google.gson.JsonObject; - -/** - * @author jricher - * - */ -@Controller -@SessionAttributes("authorizationRequest") -public class OAuthConfirmationController { - - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private SystemScopeService scopeService; - - @Autowired - private ScopeClaimTranslationService scopeClaimTranslationService; - - @Autowired - private UserInfoService userInfoService; - - @Autowired - private StatsService statsService; - - @Autowired - private RedirectResolver redirectResolver; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(OAuthConfirmationController.class); - - public OAuthConfirmationController() { - - } - - public OAuthConfirmationController(ClientDetailsEntityService clientService) { - this.clientService = clientService; - } - - @PreAuthorize("hasRole('ROLE_USER')") - @RequestMapping("/oauth/confirm_access") - public String confirmAccess(Map model, Principal p) { - - AuthorizationRequest authRequest = (AuthorizationRequest) model.get("authorizationRequest"); - // Check the "prompt" parameter to see if we need to do special processing - - String prompt = (String)authRequest.getExtensions().get(PROMPT); - List prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt)); - ClientDetailsEntity client = null; - - try { - client = clientService.loadClientByClientId(authRequest.getClientId()); - } catch (OAuth2Exception e) { - logger.error("confirmAccess: OAuth2Exception was thrown when attempting to load client", e); - model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - return HttpCodeView.VIEWNAME; - } catch (IllegalArgumentException e) { - logger.error("confirmAccess: IllegalArgumentException was thrown when attempting to load client", e); - model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - return HttpCodeView.VIEWNAME; - } - - if (client == null) { - logger.error("confirmAccess: could not find client " + authRequest.getClientId()); - model.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - if (prompts.contains("none")) { - // if we've got a redirect URI then we'll send it - - String url = redirectResolver.resolveRedirect(authRequest.getRedirectUri(), client); - - try { - URIBuilder uriBuilder = new URIBuilder(url); - - uriBuilder.addParameter("error", "interaction_required"); - if (!Strings.isNullOrEmpty(authRequest.getState())) { - uriBuilder.addParameter("state", authRequest.getState()); // copy the state parameter if one was given - } - - return "redirect:" + uriBuilder.toString(); - - } catch (URISyntaxException e) { - logger.error("Can't build redirect URI for prompt=none, sending error instead", e); - model.put("code", HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - } - - model.put("auth_request", authRequest); - model.put("client", client); - - String redirect_uri = authRequest.getRedirectUri(); - - model.put("redirect_uri", redirect_uri); - - - // pre-process the scopes - Set scopes = scopeService.fromStrings(authRequest.getScope()); - - Set sortedScopes = new LinkedHashSet<>(scopes.size()); - Set systemScopes = scopeService.getAll(); - - // sort scopes for display based on the inherent order of system scopes - for (SystemScope s : systemScopes) { - if (scopes.contains(s)) { - sortedScopes.add(s); - } - } - - // add in any scopes that aren't system scopes to the end of the list - sortedScopes.addAll(Sets.difference(scopes, systemScopes)); - - model.put("scopes", sortedScopes); - - // get the userinfo claims for each scope - UserInfo user = userInfoService.getByUsername(p.getName()); - Map> claimsForScopes = new HashMap<>(); - if (user != null) { - JsonObject userJson = user.toJson(); - - for (SystemScope systemScope : sortedScopes) { - Map claimValues = new HashMap<>(); - - Set claims = scopeClaimTranslationService.getClaimsForScope(systemScope.getValue()); - for (String claim : claims) { - if (userJson.has(claim) && userJson.get(claim).isJsonPrimitive()) { - // TODO: this skips the address claim - claimValues.put(claim, userJson.get(claim).getAsString()); - } - } - - claimsForScopes.put(systemScope.getValue(), claimValues); - } - } - - model.put("claims", claimsForScopes); - - // client stats - Integer count = statsService.getCountForClientId(client.getClientId()).getApprovedSiteCount(); - model.put("count", count); - - - // contacts - if (client.getContacts() != null) { - String contacts = Joiner.on(", ").join(client.getContacts()); - model.put("contacts", contacts); - } - - // if the client is over a week old and has more than one registration, don't give such a big warning - // instead, tag as "Generally Recognized As Safe" (gras) - Date lastWeek = new Date(System.currentTimeMillis() - (60 * 60 * 24 * 7 * 1000)); - if (count > 1 && client.getCreatedAt() != null && client.getCreatedAt().before(lastWeek)) { - model.put("gras", true); - } else { - model.put("gras", false); - } - - return "approve"; - } - - /** - * @return the clientService - */ - public ClientDetailsEntityService getClientService() { - return clientService; - } - - /** - * @param clientService the clientService to set - */ - public void setClientService(ClientDetailsEntityService clientService) { - this.clientService = clientService; - } - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java deleted file mode 100644 index dd202fe9f7..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java +++ /dev/null @@ -1,145 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.web; - -import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; - -@Controller -public class RevocationEndpoint { - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private OAuth2TokenEntityService tokenServices; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(RevocationEndpoint.class); - - public static final String URL = "revoke"; - - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_CLIENT')") - @RequestMapping("/" + URL) - public String revoke(@RequestParam("token") String tokenValue, @RequestParam(value = "token_type_hint", required = false) String tokenType, Authentication auth, Model model) { - - // This is the token as passed in from OAuth (in case we need it some day) - //OAuth2AccessTokenEntity tok = tokenServices.getAccessToken((OAuth2Authentication) principal); - - ClientDetailsEntity authClient = null; - - if (auth instanceof OAuth2Authentication) { - // the client authenticated with OAuth, do our UMA checks - ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); - // get out the client that was issued the access token (not the token being revoked) - OAuth2Authentication o2a = (OAuth2Authentication) auth; - - String authClientId = o2a.getOAuth2Request().getClientId(); - authClient = clientService.loadClientByClientId(authClientId); - - // the owner is the user who authorized the token in the first place - String ownerId = o2a.getUserAuthentication().getName(); - - } else { - // the client authenticated directly, make sure it's got the right access - - String authClientId = auth.getName(); // direct authentication puts the client_id into the authentication's name field - authClient = clientService.loadClientByClientId(authClientId); - - } - - try { - // check and handle access tokens first - - OAuth2AccessTokenEntity accessToken = tokenServices.readAccessToken(tokenValue); - - // client acting on its own, make sure it owns the token - if (!accessToken.getClient().getClientId().equals(authClient.getClientId())) { - // trying to revoke a token we don't own, throw a 403 - - logger.info("Client " + authClient.getClientId() + " tried to revoke a token owned by " + accessToken.getClient().getClientId()); - - model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - - // if we got this far, we're allowed to do this - tokenServices.revokeAccessToken(accessToken); - - logger.debug("Client " + authClient.getClientId() + " revoked access token " + tokenValue); - - model.addAttribute(HttpCodeView.CODE, HttpStatus.OK); - return HttpCodeView.VIEWNAME; - - } catch (InvalidTokenException e) { - - // access token wasn't found, check the refresh token - - try { - OAuth2RefreshTokenEntity refreshToken = tokenServices.getRefreshToken(tokenValue); - // client acting on its own, make sure it owns the token - if (!refreshToken.getClient().getClientId().equals(authClient.getClientId())) { - // trying to revoke a token we don't own, throw a 403 - - logger.info("Client " + authClient.getClientId() + " tried to revoke a token owned by " + refreshToken.getClient().getClientId()); - - model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - - // if we got this far, we're allowed to do this - tokenServices.revokeRefreshToken(refreshToken); - - logger.debug("Client " + authClient.getClientId() + " revoked access token " + tokenValue); - - model.addAttribute(HttpCodeView.CODE, HttpStatus.OK); - return HttpCodeView.VIEWNAME; - - } catch (InvalidTokenException e1) { - - // neither token type was found, simply say "OK" and be on our way. - - logger.debug("Failed to revoke token " + tokenValue); - - model.addAttribute(HttpCodeView.CODE, HttpStatus.OK); - return HttpCodeView.VIEWNAME; - } - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java deleted file mode 100644 index 5aa6d2a3b1..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java +++ /dev/null @@ -1,184 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.web; - -import java.util.Set; - -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.mitre.openid.connect.web.RootController; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.gson.Gson; - -/** - * @author jricher - * - */ -@Controller -@RequestMapping("/" + ScopeAPI.URL) -@PreAuthorize("hasRole('ROLE_USER')") -public class ScopeAPI { - - public static final String URL = RootController.API_URL + "/scopes"; - - @Autowired - private SystemScopeService scopeService; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(ScopeAPI.class); - - private Gson gson = new Gson(); - - @RequestMapping(value = "", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getAll(ModelMap m) { - - Set allScopes = scopeService.getAll(); - - m.put(JsonEntityView.ENTITY, allScopes); - - return JsonEntityView.VIEWNAME; - } - - @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getScope(@PathVariable("id") Long id, ModelMap m) { - - SystemScope scope = scopeService.getById(id); - - if (scope != null) { - - m.put(JsonEntityView.ENTITY, scope); - - return JsonEntityView.VIEWNAME; - } else { - - logger.error("getScope failed; scope not found: " + id); - - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested scope with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) - public String updateScope(@PathVariable("id") Long id, @RequestBody String json, ModelMap m) { - - SystemScope existing = scopeService.getById(id); - - SystemScope scope = gson.fromJson(json, SystemScope.class); - - if (existing != null && scope != null) { - - if (existing.getId().equals(scope.getId())) { - // sanity check - - scope = scopeService.save(scope); - - m.put(JsonEntityView.ENTITY, scope); - - return JsonEntityView.VIEWNAME; - } else { - - logger.error("updateScope failed; scope ids to not match: got " - + existing.getId() + " and " + scope.getId()); - - m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not update scope. Scope ids to not match: got " - + existing.getId() + " and " + scope.getId()); - return JsonErrorView.VIEWNAME; - } - - } else { - - logger.error("updateScope failed; scope with id " + id + " not found."); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not update scope. The scope with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) - public String createScope(@RequestBody String json, ModelMap m) { - SystemScope scope = gson.fromJson(json, SystemScope.class); - - SystemScope alreadyExists = scopeService.getByValue(scope.getValue()); - if (alreadyExists != null) { - //Error, cannot save a scope with the same value as an existing one - logger.error("Error: attempting to save a scope with a value that already exists: " + scope.getValue()); - m.put(HttpCodeView.CODE, HttpStatus.CONFLICT); - m.put(JsonErrorView.ERROR_MESSAGE, "A scope with value " + scope.getValue() + " already exists, please choose a different value."); - return JsonErrorView.VIEWNAME; - } - - scope = scopeService.save(scope); - - if (scope != null && scope.getId() != null) { - - m.put(JsonEntityView.ENTITY, scope); - - return JsonEntityView.VIEWNAME; - } else { - - logger.error("createScope failed; JSON was invalid: " + json); - m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new scope " + scope + ". The scope service failed to return a saved entity."); - return JsonErrorView.VIEWNAME; - - } - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "/{id}", method = RequestMethod.DELETE) - public String deleteScope(@PathVariable("id") Long id, ModelMap m) { - SystemScope existing = scopeService.getById(id); - - if (existing != null) { - - scopeService.remove(existing); - - return HttpCodeView.VIEWNAME; - } else { - - logger.error("deleteScope failed; scope with id " + id + " not found."); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete scope. The requested scope with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java deleted file mode 100644 index 73fa472b47..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java +++ /dev/null @@ -1,246 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.web; - -import java.security.Principal; -import java.util.List; -import java.util.Set; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.oauth2.view.TokenApiView; -import org.mitre.openid.connect.service.OIDCTokenService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.mitre.openid.connect.web.RootController; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -/** - * REST-ish API for managing access tokens (GET/DELETE only) - * @author Amanda Anganes - * - */ -@Controller -@RequestMapping("/" + TokenAPI.URL) -@PreAuthorize("hasRole('ROLE_USER')") -public class TokenAPI { - - public static final String URL = RootController.API_URL + "/tokens"; - - @Autowired - private OAuth2TokenEntityService tokenService; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private OIDCTokenService oidcTokenService; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(TokenAPI.class); - - @RequestMapping(value = "/access", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getAllAccessTokens(ModelMap m, Principal p) { - - Set allTokens = tokenService.getAllAccessTokensForUser(p.getName()); - m.put(JsonEntityView.ENTITY, allTokens); - return TokenApiView.VIEWNAME; - } - - @RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { - - OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); - - if (token == null) { - logger.error("getToken failed; token not found: " + id); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { - logger.error("getToken failed; token does not belong to principal " + p.getName()); - m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); - return JsonErrorView.VIEWNAME; - } else { - m.put(JsonEntityView.ENTITY, token); - return TokenApiView.VIEWNAME; - } - } - - @RequestMapping(value = "/access/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) - public String deleteAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { - - OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); - - if (token == null) { - logger.error("getToken failed; token not found: " + id); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { - logger.error("getToken failed; token does not belong to principal " + p.getName()); - m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); - return JsonErrorView.VIEWNAME; - } else { - tokenService.revokeAccessToken(token); - - return HttpCodeView.VIEWNAME; - } - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "/client/{clientId}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getAccessTokensByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client != null) { - List tokens = tokenService.getAccessTokensForClient(client); - m.put(JsonEntityView.ENTITY, tokens); - return TokenApiView.VIEWNAME; - } else { - // client not found - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + clientId + " could not be found."); - return JsonErrorView.VIEWNAME; - } - - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "/registration/{clientId}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getRegistrationTokenByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client != null) { - OAuth2AccessTokenEntity token = tokenService.getRegistrationAccessTokenForClient(client); - if (token != null) { - m.put(JsonEntityView.ENTITY, token); - return TokenApiView.VIEWNAME; - } else { - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "No registration token could be found."); - return JsonErrorView.VIEWNAME; - } - } else { - // client not found - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + clientId + " could not be found."); - return JsonErrorView.VIEWNAME; - } - - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "/registration/{clientId}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE) - public String rotateRegistrationTokenByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) { - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client != null) { - OAuth2AccessTokenEntity token = oidcTokenService.rotateRegistrationAccessTokenForClient(client); - token = tokenService.saveAccessToken(token); - - if (token != null) { - m.put(JsonEntityView.ENTITY, token); - return TokenApiView.VIEWNAME; - } else { - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "No registration token could be found."); - return JsonErrorView.VIEWNAME; - } - } else { - // client not found - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + clientId + " could not be found."); - return JsonErrorView.VIEWNAME; - } - - } - - @RequestMapping(value = "/refresh", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getAllRefreshTokens(ModelMap m, Principal p) { - - Set allTokens = tokenService.getAllRefreshTokensForUser(p.getName()); - m.put(JsonEntityView.ENTITY, allTokens); - return TokenApiView.VIEWNAME; - - - } - - @RequestMapping(value = "/refresh/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { - - OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id); - - if (token == null) { - logger.error("refresh token not found: " + id); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { - logger.error("refresh token " + id + " does not belong to principal " + p.getName()); - m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); - return JsonErrorView.VIEWNAME; - } else { - m.put(JsonEntityView.ENTITY, token); - return TokenApiView.VIEWNAME; - } - } - - @RequestMapping(value = "/refresh/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) - public String deleteRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { - - OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id); - - if (token == null) { - logger.error("refresh token not found: " + id); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { - logger.error("refresh token " + id + " does not belong to principal " + p.getName()); - m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); - return JsonErrorView.VIEWNAME; - } else { - tokenService.revokeRefreshToken(token); - - return HttpCodeView.VIEWNAME; - } - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAssertionAuthenticationToken.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAssertionAuthenticationToken.java deleted file mode 100644 index bc4f9abcde..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAssertionAuthenticationToken.java +++ /dev/null @@ -1,122 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.assertion; - -import java.text.ParseException; -import java.util.Collection; - -import org.springframework.security.authentication.AbstractAuthenticationToken; -import org.springframework.security.core.GrantedAuthority; - -import com.nimbusds.jwt.JWT; - -/** - * @author jricher - * - */ -public class JWTBearerAssertionAuthenticationToken extends AbstractAuthenticationToken { - - /** - * - */ - private static final long serialVersionUID = -3138213539914074617L; - private String subject; - private JWT jwt; - - /** - * Create an unauthenticated token with the given subject and jwt - * @param subject - * @param jwt - */ - public JWTBearerAssertionAuthenticationToken(JWT jwt) { - super(null); - try { - // save the subject of the JWT in case the credentials get erased later - this.subject = jwt.getJWTClaimsSet().getSubject(); - } catch (ParseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - this.jwt = jwt; - setAuthenticated(false); - } - - /** - * Create an authenticated token with the given clientID, jwt, and authorities set - * @param subject - * @param jwt - * @param authorities - */ - public JWTBearerAssertionAuthenticationToken(JWT jwt, Collection authorities) { - super(authorities); - try { - // save the subject of the JWT in case the credentials get erased later - this.subject = jwt.getJWTClaimsSet().getSubject(); - } catch (ParseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - this.jwt = jwt; - setAuthenticated(true); - } - - /* (non-Javadoc) - * @see org.springframework.security.core.Authentication#getCredentials() - */ - @Override - public Object getCredentials() { - return jwt; - } - - /* (non-Javadoc) - * @see org.springframework.security.core.Authentication#getPrincipal() - */ - @Override - public Object getPrincipal() { - return subject; - } - - /** - * @return the jwt - */ - public JWT getJwt() { - return jwt; - } - - /** - * @param jwt the jwt to set - */ - public void setJwt(JWT jwt) { - this.jwt = jwt; - } - - /** - * Clear out the JWT that this token holds. - */ - @Override - public void eraseCredentials() { - super.eraseCredentials(); - setJwt(null); - } - - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAuthenticationProvider.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAuthenticationProvider.java deleted file mode 100644 index 749a8edddc..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAuthenticationProvider.java +++ /dev/null @@ -1,218 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.assertion; - -import java.text.ParseException; -import java.util.Date; -import java.util.HashSet; -import java.util.Set; - -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.jwt.signer.service.impl.ClientKeyCacheService; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.authentication.AuthenticationServiceException; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; - -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.SignedJWT; - -/** - * @author jricher - * - */ -public class JWTBearerAuthenticationProvider implements AuthenticationProvider { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(JWTBearerAuthenticationProvider.class); - - private static final GrantedAuthority ROLE_CLIENT = new SimpleGrantedAuthority("ROLE_CLIENT"); - - // map of verifiers, load keys for clients - @Autowired - private ClientKeyCacheService validators; - - // Allow for time sync issues by having a window of X seconds. - private int timeSkewAllowance = 300; - - // to load clients - @Autowired - private ClientDetailsEntityService clientService; - - // to get our server's issuer url - @Autowired - private ConfigurationPropertiesBean config; - - /** - * Try to validate the client credentials by parsing and validating the JWT. - */ - @Override - public Authentication authenticate(Authentication authentication) throws AuthenticationException { - - JWTBearerAssertionAuthenticationToken jwtAuth = (JWTBearerAssertionAuthenticationToken)authentication; - - - try { - ClientDetailsEntity client = clientService.loadClientByClientId(jwtAuth.getName()); - - JWT jwt = jwtAuth.getJwt(); - JWTClaimsSet jwtClaims = jwt.getJWTClaimsSet(); - - if (!(jwt instanceof SignedJWT)) { - throw new AuthenticationServiceException("Unsupported JWT type: " + jwt.getClass().getName()); - } - - // check the signature with nimbus - SignedJWT jws = (SignedJWT) jwt; - - JWSAlgorithm alg = jws.getHeader().getAlgorithm(); - - if (client.getTokenEndpointAuthSigningAlg() != null && - !client.getTokenEndpointAuthSigningAlg().equals(alg)) { - throw new AuthenticationServiceException("Client's registered token endpoint signing algorithm (" + client.getTokenEndpointAuthSigningAlg() - + ") does not match token's actual algorithm (" + alg.getName() + ")"); - } - - if (client.getTokenEndpointAuthMethod() == null || - client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE) || - client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) || - client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)) { - - // this client doesn't support this type of authentication - throw new AuthenticationServiceException("Client does not support this authentication method."); - - } else if ((client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) && - (alg.equals(JWSAlgorithm.RS256) - || alg.equals(JWSAlgorithm.RS384) - || alg.equals(JWSAlgorithm.RS512) - || alg.equals(JWSAlgorithm.ES256) - || alg.equals(JWSAlgorithm.ES384) - || alg.equals(JWSAlgorithm.ES512) - || alg.equals(JWSAlgorithm.PS256) - || alg.equals(JWSAlgorithm.PS384) - || alg.equals(JWSAlgorithm.PS512))) - || (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT) && - (alg.equals(JWSAlgorithm.HS256) - || alg.equals(JWSAlgorithm.HS384) - || alg.equals(JWSAlgorithm.HS512)))) { - - // double-check the method is asymmetrical if we're in HEART mode - if (config.isHeartMode() && !client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) { - throw new AuthenticationServiceException("[HEART mode] Invalid authentication method"); - } - - JWTSigningAndValidationService validator = validators.getValidator(client, alg); - - if (validator == null) { - throw new AuthenticationServiceException("Unable to create signature validator for client " + client + " and algorithm " + alg); - } - - if (!validator.validateSignature(jws)) { - throw new AuthenticationServiceException("Signature did not validate for presented JWT authentication."); - } - } else { - throw new AuthenticationServiceException("Unable to create signature validator for method " + client.getTokenEndpointAuthMethod() + " and algorithm " + alg); - } - - // check the issuer - if (jwtClaims.getIssuer() == null) { - throw new AuthenticationServiceException("Assertion Token Issuer is null"); - } else if (!jwtClaims.getIssuer().equals(client.getClientId())){ - throw new AuthenticationServiceException("Issuers do not match, expected " + client.getClientId() + " got " + jwtClaims.getIssuer()); - } - - // check expiration - if (jwtClaims.getExpirationTime() == null) { - throw new AuthenticationServiceException("Assertion Token does not have required expiration claim"); - } else { - // it's not null, see if it's expired - Date now = new Date(System.currentTimeMillis() - (timeSkewAllowance * 1000)); - if (now.after(jwtClaims.getExpirationTime())) { - throw new AuthenticationServiceException("Assertion Token is expired: " + jwtClaims.getExpirationTime()); - } - } - - // check not before - if (jwtClaims.getNotBeforeTime() != null) { - Date now = new Date(System.currentTimeMillis() + (timeSkewAllowance * 1000)); - if (now.before(jwtClaims.getNotBeforeTime())){ - throw new AuthenticationServiceException("Assertion Token not valid untill: " + jwtClaims.getNotBeforeTime()); - } - } - - // check issued at - if (jwtClaims.getIssueTime() != null) { - // since it's not null, see if it was issued in the future - Date now = new Date(System.currentTimeMillis() + (timeSkewAllowance * 1000)); - if (now.before(jwtClaims.getIssueTime())) { - throw new AuthenticationServiceException("Assertion Token was issued in the future: " + jwtClaims.getIssueTime()); - } - } - - // check audience - if (jwtClaims.getAudience() == null) { - throw new AuthenticationServiceException("Assertion token audience is null"); - } else if (!(jwtClaims.getAudience().contains(config.getIssuer()) || jwtClaims.getAudience().contains(config.getIssuer() + "token"))) { - throw new AuthenticationServiceException("Audience does not match, expected " + config.getIssuer() + " or " + (config.getIssuer() + "token") + " got " + jwtClaims.getAudience()); - } - - // IFF we managed to get all the way down here, the token is valid - - // add in the ROLE_CLIENT authority - Set authorities = new HashSet<>(client.getAuthorities()); - authorities.add(ROLE_CLIENT); - - return new JWTBearerAssertionAuthenticationToken(jwt, authorities); - - } catch (InvalidClientException e) { - throw new UsernameNotFoundException("Could not find client: " + jwtAuth.getName()); - } catch (ParseException e) { - - logger.error("Failure during authentication, error was: ", e); - - throw new AuthenticationServiceException("Invalid JWT format"); - } - } - - /** - * We support {@link JWTBearerAssertionAuthenticationToken}s only. - */ - @Override - public boolean supports(Class authentication) { - return (JWTBearerAssertionAuthenticationToken.class.isAssignableFrom(authentication)); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerClientAssertionTokenEndpointFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerClientAssertionTokenEndpointFilter.java deleted file mode 100644 index e1e5ca9060..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerClientAssertionTokenEndpointFilter.java +++ /dev/null @@ -1,141 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.assertion; - -import java.io.IOException; -import java.text.ParseException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.security.authentication.BadCredentialsException; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.oauth2.common.exceptions.BadClientCredentialsException; -import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint; -import org.springframework.security.web.AuthenticationEntryPoint; -import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; -import org.springframework.security.web.authentication.AuthenticationFailureHandler; -import org.springframework.security.web.authentication.AuthenticationSuccessHandler; -import org.springframework.security.web.util.matcher.RequestMatcher; - -import com.google.common.base.Strings; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTParser; - -/** - * Filter to check client authentication via JWT Bearer assertions. - * - * @author jricher - * - */ -public class JWTBearerClientAssertionTokenEndpointFilter extends AbstractAuthenticationProcessingFilter { - - private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint(); - - public JWTBearerClientAssertionTokenEndpointFilter(RequestMatcher additionalMatcher) { - super(new ClientAssertionRequestMatcher(additionalMatcher)); - // If authentication fails the type is "Form" - ((OAuth2AuthenticationEntryPoint) authenticationEntryPoint).setTypeName("Form"); - } - - @Override - public void afterPropertiesSet() { - super.afterPropertiesSet(); - setAuthenticationFailureHandler(new AuthenticationFailureHandler() { - @Override - public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, - AuthenticationException exception) throws IOException, ServletException { - if (exception instanceof BadCredentialsException) { - exception = new BadCredentialsException(exception.getMessage(), new BadClientCredentialsException()); - } - authenticationEntryPoint.commence(request, response, exception); - } - }); - setAuthenticationSuccessHandler(new AuthenticationSuccessHandler() { - @Override - public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, - Authentication authentication) throws IOException, ServletException { - // no-op - just allow filter chain to continue to token endpoint - } - }); - } - - /** - * Pull the assertion out of the request and send it up to the auth manager for processing. - */ - @Override - public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { - - // check for appropriate parameters - String assertionType = request.getParameter("client_assertion_type"); - String assertion = request.getParameter("client_assertion"); - - try { - JWT jwt = JWTParser.parse(assertion); - - String clientId = jwt.getJWTClaimsSet().getSubject(); - - Authentication authRequest = new JWTBearerAssertionAuthenticationToken(jwt); - - return this.getAuthenticationManager().authenticate(authRequest); - } catch (ParseException e) { - throw new BadCredentialsException("Invalid JWT credential: " + assertion); - } - } - - @Override - protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, - FilterChain chain, Authentication authResult) throws IOException, ServletException { - super.successfulAuthentication(request, response, chain, authResult); - chain.doFilter(request, response); - } - - private static class ClientAssertionRequestMatcher implements RequestMatcher { - - private RequestMatcher additionalMatcher; - - public ClientAssertionRequestMatcher(RequestMatcher additionalMatcher) { - this.additionalMatcher = additionalMatcher; - } - - @Override - public boolean matches(HttpServletRequest request) { - // check for appropriate parameters - String assertionType = request.getParameter("client_assertion_type"); - String assertion = request.getParameter("client_assertion"); - - if (Strings.isNullOrEmpty(assertionType) || Strings.isNullOrEmpty(assertion)) { - return false; - } else if (!assertionType.equals("urn:ietf:params:oauth:client-assertion-type:jwt-bearer")) { - return false; - } - - return additionalMatcher.matches(request); - } - - } - - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java deleted file mode 100644 index 10746d3dd2..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java +++ /dev/null @@ -1,207 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.openid.connect.config; - -import java.io.File; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStreamReader; -import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Locale; -import java.util.Map; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.support.AbstractMessageSource; -import org.springframework.core.io.Resource; - -import com.google.common.base.Splitter; -import com.google.gson.JsonElement; -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -/** - * @author jricher - */ -public class JsonMessageSource extends AbstractMessageSource { - - private static final Logger logger = LoggerFactory.getLogger(JsonMessageSource.class); - - private Resource baseDirectory; - - private Locale fallbackLocale = new Locale("en"); // US English is the fallback language - - private Map> languageMaps = new HashMap<>(); - - @Autowired - private ConfigurationPropertiesBean config; - - @Override - protected MessageFormat resolveCode(String code, Locale locale) { - - List langs = getLanguageMap(locale); - - String value = getValue(code, langs); - - if (value == null) { - // if we haven't found anything, try the default locale - langs = getLanguageMap(fallbackLocale); - value = getValue(code, langs); - } - - if (value == null) { - // if it's still null, return null - return null; - } else { - // otherwise format the message - return new MessageFormat(value, locale); - } - - } - - /** - * Get a value from the set of maps, taking the first match in order - * @param code - * @param langs - * @return - */ - private String getValue(String code, List langs) { - if (langs == null || langs.isEmpty()) { - // no language maps, nothing to look up - return null; - } - - for (JsonObject lang : langs) { - String value = getValue(code, lang); - if (value != null) { - // short circuit out of here if we find a match, otherwise keep going through the list - return value; - } - } - - // if we didn't find anything return null - return null; - } - - /** - * Get a value from a single map - * @param code - * @param lang - * @return - */ - private String getValue(String code, JsonObject lang) { - - // if there's no language map, nothing to look up - if (lang == null) { - return null; - } - - JsonElement e = lang; - - Iterable parts = Splitter.on('.').split(code); - Iterator it = parts.iterator(); - - String value = null; - - while (it.hasNext()) { - String p = it.next(); - if (e.isJsonObject()) { - JsonObject o = e.getAsJsonObject(); - if (o.has(p)) { - e = o.get(p); // found the next level - if (!it.hasNext()) { - // we've reached a leaf, grab it - if (e.isJsonPrimitive()) { - value = e.getAsString(); - } - } - } else { - // didn't find it, stop processing - break; - } - } else { - // didn't find it, stop processing - break; - } - } - - return value; - } - - /** - * @param locale - * @return - */ - private List getLanguageMap(Locale locale) { - - if (!languageMaps.containsKey(locale)) { - try { - List set = new ArrayList<>(); - for (String namespace : config.getLanguageNamespaces()) { - // full locale string, e.g. "en_US" - String filename = locale.getLanguage() + "_" + locale.getCountry() + File.separator + namespace + ".json"; - - Resource r = getBaseDirectory().createRelative(filename); - - if (!r.exists()) { - // fallback to language only - logger.debug("Fallback locale to language only."); - filename = locale.getLanguage() + File.separator + namespace + ".json"; - r = getBaseDirectory().createRelative(filename); - } - - logger.info("No locale loaded, trying to load from {}", r); - - JsonParser parser = new JsonParser(); - JsonObject obj = (JsonObject) parser.parse(new InputStreamReader(r.getInputStream(), "UTF-8")); - - set.add(obj); - } - languageMaps.put(locale, set); - } catch (FileNotFoundException e) { - logger.info("Unable to load locale because no messages file was found for locale {}", locale.getDisplayName()); - languageMaps.put(locale, null); - } catch (JsonIOException | JsonSyntaxException | IOException e) { - logger.error("Unable to load locale", e); - } - } - - return languageMaps.get(locale); - } - - /** - * @return the baseDirectory - */ - public Resource getBaseDirectory() { - return baseDirectory; - } - - /** - * @param baseDirectory the baseDirectory to set - */ - public void setBaseDirectory(Resource baseDirectory) { - this.baseDirectory = baseDirectory; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/exception/ValidationException.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/exception/ValidationException.java deleted file mode 100644 index 85efe2c87e..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/exception/ValidationException.java +++ /dev/null @@ -1,62 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.exception; - -import org.springframework.http.HttpStatus; - -/** - * Thrown by utility methods when a client fails to validate. Contains information - * to be returned. - * @author jricher - * - */ -public class ValidationException extends Exception { - private static final long serialVersionUID = 1820497072989294627L; - - private String error; - private String errorDescription; - private HttpStatus status; - public ValidationException(String error, String errorDescription, - HttpStatus status) { - this.error = error; - this.errorDescription = errorDescription; - this.status = status; - } - public String getError() { - return error; - } - public void setError(String error) { - this.error = error; - } - public String getErrorDescription() { - return errorDescription; - } - public void setErrorDescription(String errorDescription) { - this.errorDescription = errorDescription; - } - public HttpStatus getStatus() { - return status; - } - public void setStatus(HttpStatus status) { - this.status = status; - } - - @Override - public String toString() { - return "ValidationException [error=" + error + ", errorDescription=" - + errorDescription + ", status=" + status + "]"; - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java deleted file mode 100644 index 63e2390537..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java +++ /dev/null @@ -1,275 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.filter; - -import static org.mitre.openid.connect.request.ConnectRequestParameters.ERROR; -import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT; -import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_REQUIRED; -import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT; -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_LOGIN; -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_NONE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR; -import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE; - -import java.io.IOException; -import java.net.URISyntaxException; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.http.client.utils.URIBuilder; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.service.LoginHintExtracter; -import org.mitre.openid.connect.service.impl.RemoveLoginHintsWithHTTP; -import org.mitre.openid.connect.web.AuthenticationTimeStamper; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.OAuth2RequestFactory; -import org.springframework.security.oauth2.provider.endpoint.RedirectResolver; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; -import org.springframework.security.web.util.matcher.RequestMatcher; -import org.springframework.stereotype.Component; -import org.springframework.web.filter.GenericFilterBean; - -import com.google.common.base.Splitter; -import com.google.common.base.Strings; - -/** - * @author jricher - * - */ -@Component("authRequestFilter") -public class AuthorizationRequestFilter extends GenericFilterBean { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(AuthorizationRequestFilter.class); - - public final static String PROMPTED = "PROMPT_FILTER_PROMPTED"; - public final static String PROMPT_REQUESTED = "PROMPT_FILTER_REQUESTED"; - - @Autowired - private OAuth2RequestFactory authRequestFactory; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private RedirectResolver redirectResolver; - - @Autowired(required = false) - private LoginHintExtracter loginHintExtracter = new RemoveLoginHintsWithHTTP(); - - private RequestMatcher requestMatcher = new AntPathRequestMatcher("/authorize"); - - /** - * - */ - @Override - public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { - - HttpServletRequest request = (HttpServletRequest) req; - HttpServletResponse response = (HttpServletResponse) res; - HttpSession session = request.getSession(); - - // skip everything that's not an authorize URL - if (!requestMatcher.matches(request)) { - chain.doFilter(req, res); - return; - } - - try { - // we have to create our own auth request in order to get at all the parmeters appropriately - AuthorizationRequest authRequest = null; - - ClientDetailsEntity client = null; - - authRequest = authRequestFactory.createAuthorizationRequest(createRequestMap(request.getParameterMap())); - if (!Strings.isNullOrEmpty(authRequest.getClientId())) { - client = clientService.loadClientByClientId(authRequest.getClientId()); - } - - // save the login hint to the session - // but first check to see if the login hint makes any sense - String loginHint = loginHintExtracter.extractHint((String) authRequest.getExtensions().get(LOGIN_HINT)); - if (!Strings.isNullOrEmpty(loginHint)) { - session.setAttribute(LOGIN_HINT, loginHint); - } else { - session.removeAttribute(LOGIN_HINT); - } - - if (authRequest.getExtensions().get(PROMPT) != null) { - // we have a "prompt" parameter - String prompt = (String)authRequest.getExtensions().get(PROMPT); - List prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt)); - - if (prompts.contains(PROMPT_NONE)) { - // see if the user's logged in - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - - if (auth != null) { - // user's been logged in already (by session management) - // we're OK, continue without prompting - chain.doFilter(req, res); - } else { - logger.info("Client requested no prompt"); - // user hasn't been logged in, we need to "return an error" - if (client != null && authRequest.getRedirectUri() != null) { - - // if we've got a redirect URI then we'll send it - - String url = redirectResolver.resolveRedirect(authRequest.getRedirectUri(), client); - - try { - URIBuilder uriBuilder = new URIBuilder(url); - - uriBuilder.addParameter(ERROR, LOGIN_REQUIRED); - if (!Strings.isNullOrEmpty(authRequest.getState())) { - uriBuilder.addParameter(STATE, authRequest.getState()); // copy the state parameter if one was given - } - - response.sendRedirect(uriBuilder.toString()); - return; - - } catch (URISyntaxException e) { - logger.error("Can't build redirect URI for prompt=none, sending error instead", e); - response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"); - return; - } - } - - response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"); - return; - } - } else if (prompts.contains(PROMPT_LOGIN)) { - - // first see if the user's already been prompted in this session - if (session.getAttribute(PROMPTED) == null) { - // user hasn't been PROMPTED yet, we need to check - - session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE); - - // see if the user's logged in - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - if (auth != null) { - // user's been logged in already (by session management) - // log them out and continue - SecurityContextHolder.getContext().setAuthentication(null); - chain.doFilter(req, res); - } else { - // user hasn't been logged in yet, we can keep going since we'll get there - chain.doFilter(req, res); - } - } else { - // user has been PROMPTED, we're fine - - // but first, undo the prompt tag - session.removeAttribute(PROMPTED); - chain.doFilter(req, res); - } - } else { - // prompt parameter is a value we don't care about, not our business - chain.doFilter(req, res); - } - - } else if (authRequest.getExtensions().get(MAX_AGE) != null || - (client != null && client.getDefaultMaxAge() != null)) { - - // default to the client's stored value, check the string parameter - Integer max = (client != null ? client.getDefaultMaxAge() : null); - String maxAge = (String) authRequest.getExtensions().get(MAX_AGE); - if (maxAge != null) { - max = Integer.parseInt(maxAge); - } - - if (max != null) { - - Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP); - - Date now = new Date(); - if (authTime != null) { - long seconds = (now.getTime() - authTime.getTime()) / 1000; - if (seconds > max) { - // session is too old, log the user out and continue - SecurityContextHolder.getContext().setAuthentication(null); - } - } - } - chain.doFilter(req, res); - } else { - // no prompt parameter, not our business - chain.doFilter(req, res); - } - - } catch (InvalidClientException e) { - // we couldn't find the client, move on and let the rest of the system catch the error - chain.doFilter(req, res); - } - } - - /** - * @param parameterMap - * @return - */ - private Map createRequestMap(Map parameterMap) { - Map requestMap = new HashMap<>(); - for (String key : parameterMap.keySet()) { - String[] val = parameterMap.get(key); - if (val != null && val.length > 0) { - requestMap.put(key, val[0]); // add the first value only (which is what Spring seems to do) - } - } - - return requestMap; - } - - /** - * @return the requestMatcher - */ - public RequestMatcher getRequestMatcher() { - return requestMatcher; - } - - /** - * @param requestMatcher the requestMatcher to set - */ - public void setRequestMatcher(RequestMatcher requestMatcher) { - this.requestMatcher = requestMatcher; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/MultiUrlRequestMatcher.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/MultiUrlRequestMatcher.java deleted file mode 100644 index c2c140b560..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/MultiUrlRequestMatcher.java +++ /dev/null @@ -1,57 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.openid.connect.filter; - -import java.util.HashSet; -import java.util.Set; - -import javax.servlet.http.HttpServletRequest; - -import org.springframework.security.web.util.UrlUtils; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; -import org.springframework.security.web.util.matcher.RequestMatcher; -import org.springframework.util.Assert; - -/** - * @author jricher - * - */ -public class MultiUrlRequestMatcher implements RequestMatcher { - private final Set matchers; - - public MultiUrlRequestMatcher(Set filterProcessesUrls) { - this.matchers = new HashSet<>(filterProcessesUrls.size()); - for (String filterProcessesUrl : filterProcessesUrls) { - Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified"); - Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid URL"); - matchers.add(new AntPathRequestMatcher(filterProcessesUrl)); - } - - } - - @Override - public boolean matches(HttpServletRequest request) { - for (RequestMatcher matcher : matchers) { - if (matcher.matches(request)) { - return true; - } - } - - return false; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java deleted file mode 100644 index c2556d62f1..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java +++ /dev/null @@ -1,46 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.repository.impl; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; - -import org.mitre.openid.connect.model.Address; -import org.mitre.openid.connect.repository.AddressRepository; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * JPA Address repository implementation - * - * @author Michael Joseph Walsh - * - */ -@Repository -public class JpaAddressRepository implements AddressRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; - - @Override - @Transactional(value="defaultTransactionManager") - public Address getById(Long id) { - return manager.find(Address.class, id); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java deleted file mode 100644 index de30df5130..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java +++ /dev/null @@ -1,104 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.repository.impl; - -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - -import java.util.Collection; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * JPA ApprovedSite repository implementation - * - * @author Michael Joseph Walsh, aanganes - * - */ -@Repository -public class JpaApprovedSiteRepository implements ApprovedSiteRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; - - @Override - @Transactional(value="defaultTransactionManager") - public Collection getAll() { - TypedQuery query = manager.createNamedQuery(ApprovedSite.QUERY_ALL, ApprovedSite.class); - return query.getResultList(); - } - - @Override - @Transactional(value="defaultTransactionManager") - public ApprovedSite getById(Long id) { - return manager.find(ApprovedSite.class, id); - } - - @Override - @Transactional(value="defaultTransactionManager") - public void remove(ApprovedSite approvedSite) { - ApprovedSite found = manager.find(ApprovedSite.class, approvedSite.getId()); - - if (found != null) { - manager.remove(found); - } else { - throw new IllegalArgumentException(); - } - } - - @Override - @Transactional(value="defaultTransactionManager") - public ApprovedSite save(ApprovedSite approvedSite) { - return saveOrUpdate(approvedSite.getId(), manager, approvedSite); - } - - @Override - public Collection getByClientIdAndUserId(String clientId, String userId) { - - TypedQuery query = manager.createNamedQuery(ApprovedSite.QUERY_BY_CLIENT_ID_AND_USER_ID, ApprovedSite.class); - query.setParameter(ApprovedSite.PARAM_USER_ID, userId); - query.setParameter(ApprovedSite.PARAM_CLIENT_ID, clientId); - - return query.getResultList(); - } - - @Override - @Transactional(value="defaultTransactionManager") - public Collection getByUserId(String userId) { - TypedQuery query = manager.createNamedQuery(ApprovedSite.QUERY_BY_USER_ID, ApprovedSite.class); - query.setParameter(ApprovedSite.PARAM_USER_ID, userId); - - return query.getResultList(); - - } - - @Override - @Transactional(value="defaultTransactionManager") - public Collection getByClientId(String clientId) { - TypedQuery query = manager.createNamedQuery(ApprovedSite.QUERY_BY_CLIENT_ID, ApprovedSite.class); - query.setParameter(ApprovedSite.PARAM_CLIENT_ID, clientId); - - return query.getResultList(); - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java deleted file mode 100644 index b56a137c42..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java +++ /dev/null @@ -1,102 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.repository.impl; - -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - -import java.util.Collection; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * @author jricher - * - */ -@Repository -public class JpaBlacklistedSiteRepository implements BlacklistedSiteRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; - - /* (non-Javadoc) - * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#getAll() - */ - @Override - @Transactional(value="defaultTransactionManager") - public Collection getAll() { - TypedQuery query = manager.createNamedQuery(BlacklistedSite.QUERY_ALL, BlacklistedSite.class); - return query.getResultList(); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#getById(java.lang.Long) - */ - @Override - @Transactional(value="defaultTransactionManager") - public BlacklistedSite getById(Long id) { - return manager.find(BlacklistedSite.class, id); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#remove(org.mitre.openid.connect.model.BlacklistedSite) - */ - @Override - @Transactional(value="defaultTransactionManager") - public void remove(BlacklistedSite blacklistedSite) { - BlacklistedSite found = manager.find(BlacklistedSite.class, blacklistedSite.getId()); - - if (found != null) { - manager.remove(found); - } else { - throw new IllegalArgumentException(); - } - - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#save(org.mitre.openid.connect.model.BlacklistedSite) - */ - @Override - @Transactional(value="defaultTransactionManager") - public BlacklistedSite save(BlacklistedSite blacklistedSite) { - return saveOrUpdate(blacklistedSite.getId(), manager, blacklistedSite); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#update(org.mitre.openid.connect.model.BlacklistedSite, org.mitre.openid.connect.model.BlacklistedSite) - */ - @Override - @Transactional(value="defaultTransactionManager") - public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite) { - - blacklistedSite.setId(oldBlacklistedSite.getId()); - return saveOrUpdate(oldBlacklistedSite.getId(), manager, blacklistedSite); - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java deleted file mode 100644 index a92acf3bd6..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java +++ /dev/null @@ -1,66 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.repository.impl; - -import static org.mitre.util.jpa.JpaUtil.getSingleResult; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.openid.connect.model.PairwiseIdentifier; -import org.mitre.openid.connect.repository.PairwiseIdentifierRepository; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * @author jricher - * - */ -@Repository -public class JpaPairwiseIdentifierRepository implements PairwiseIdentifierRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; - - /* (non-Javadoc) - * @see org.mitre.openid.connect.repository.PairwiseIdentifierRepository#getBySectorIdentifier(java.lang.String, java.lang.String) - */ - @Override - public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri) { - TypedQuery query = manager.createNamedQuery(PairwiseIdentifier.QUERY_BY_SECTOR_IDENTIFIER, PairwiseIdentifier.class); - query.setParameter(PairwiseIdentifier.PARAM_SUB, sub); - query.setParameter(PairwiseIdentifier.PARAM_SECTOR_IDENTIFIER, sectorIdentifierUri); - - return getSingleResult(query.getResultList()); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.repository.PairwiseIdentifierRepository#save(org.mitre.openid.connect.model.PairwiseIdentifier) - */ - @Override - @Transactional(value="defaultTransactionManager") - public void save(PairwiseIdentifier pairwise) { - saveOrUpdate(pairwise.getId(), manager, pairwise); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java deleted file mode 100644 index 7627246da3..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java +++ /dev/null @@ -1,66 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.repository.impl; - -import static org.mitre.util.jpa.JpaUtil.getSingleResult; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.openid.connect.model.DefaultUserInfo; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.repository.UserInfoRepository; -import org.springframework.stereotype.Repository; - -/** - * JPA UserInfo repository implementation - * - * @author Michael Joseph Walsh - * - */ -@Repository("jpaUserInfoRepository") -public class JpaUserInfoRepository implements UserInfoRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; - - /** - * Get a single UserInfo object by its username - */ - @Override - public UserInfo getByUsername(String username) { - TypedQuery query = manager.createNamedQuery(DefaultUserInfo.QUERY_BY_USERNAME, DefaultUserInfo.class); - query.setParameter(DefaultUserInfo.PARAM_USERNAME, username); - - return getSingleResult(query.getResultList()); - - } - - /** - * Get a single UserInfo object by its email address - */ - @Override - public UserInfo getByEmailAddress(String email) { - TypedQuery query = manager.createNamedQuery(DefaultUserInfo.QUERY_BY_EMAIL, DefaultUserInfo.class); - query.setParameter(DefaultUserInfo.PARAM_EMAIL, email); - - return getSingleResult(query.getResultList()); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java deleted file mode 100644 index 98173588b7..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java +++ /dev/null @@ -1,102 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.repository.impl; - -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - -import java.util.Collection; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.util.jpa.JpaUtil; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * JPA WhitelistedSite repository implementation - * - * @author Michael Joseph Walsh, aanganes - * - */ -@Repository -public class JpaWhitelistedSiteRepository implements WhitelistedSiteRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; - - @Override - @Transactional(value="defaultTransactionManager") - public Collection getAll() { - TypedQuery query = manager.createNamedQuery(WhitelistedSite.QUERY_ALL, WhitelistedSite.class); - return query.getResultList(); - } - - @Override - @Transactional(value="defaultTransactionManager") - public WhitelistedSite getById(Long id) { - return manager.find(WhitelistedSite.class, id); - } - - @Override - @Transactional(value="defaultTransactionManager") - public void remove(WhitelistedSite whitelistedSite) { - WhitelistedSite found = manager.find(WhitelistedSite.class, whitelistedSite.getId()); - - if (found != null) { - manager.remove(found); - } else { - throw new IllegalArgumentException(); - } - } - - @Override - @Transactional(value="defaultTransactionManager") - public WhitelistedSite save(WhitelistedSite whiteListedSite) { - return saveOrUpdate(whiteListedSite.getId(), manager, whiteListedSite); - } - - @Override - @Transactional(value="defaultTransactionManager") - public WhitelistedSite update(WhitelistedSite oldWhitelistedSite, WhitelistedSite whitelistedSite) { - // sanity check - whitelistedSite.setId(oldWhitelistedSite.getId()); - - return saveOrUpdate(oldWhitelistedSite.getId(), manager, whitelistedSite); - } - - @Override - @Transactional(value="defaultTransactionManager") - public WhitelistedSite getByClientId(String clientId) { - TypedQuery query = manager.createNamedQuery(WhitelistedSite.QUERY_BY_CLIENT_ID, WhitelistedSite.class); - query.setParameter(WhitelistedSite.PARAM_CLIENT_ID, clientId); - return JpaUtil.getSingleResult(query.getResultList()); - } - - @Override - @Transactional(value="defaultTransactionManager") - public Collection getByCreator(String creatorId) { - TypedQuery query = manager.createNamedQuery(WhitelistedSite.QUERY_BY_CREATOR, WhitelistedSite.class); - query.setParameter(WhitelistedSite.PARAM_USER_ID, creatorId); - - return query.getResultList(); - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java deleted file mode 100644 index d957f31a4f..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java +++ /dev/null @@ -1,377 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.request; - - -import static org.mitre.openid.connect.request.ConnectRequestParameters.AUD; -import static org.mitre.openid.connect.request.ConnectRequestParameters.CLAIMS; -import static org.mitre.openid.connect.request.ConnectRequestParameters.CLIENT_ID; -import static org.mitre.openid.connect.request.ConnectRequestParameters.CODE_CHALLENGE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.CODE_CHALLENGE_METHOD; -import static org.mitre.openid.connect.request.ConnectRequestParameters.DISPLAY; -import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT; -import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.NONCE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT; -import static org.mitre.openid.connect.request.ConnectRequestParameters.REDIRECT_URI; -import static org.mitre.openid.connect.request.ConnectRequestParameters.REQUEST; -import static org.mitre.openid.connect.request.ConnectRequestParameters.RESPONSE_TYPE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.SCOPE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE; - -import java.io.Serializable; -import java.text.ParseException; -import java.util.Collections; -import java.util.Map; -import java.util.Set; - -import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService; -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.jwt.signer.service.impl.ClientKeyCacheService; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.PKCEAlgorithm; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; -import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory; -import org.springframework.stereotype.Component; - -import com.google.common.base.Strings; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.nimbusds.jose.Algorithm; -import com.nimbusds.jose.JWEObject.State; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jwt.EncryptedJWT; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.JWTParser; -import com.nimbusds.jwt.PlainJWT; -import com.nimbusds.jwt.SignedJWT; - -@Component("connectOAuth2RequestFactory") -public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(ConnectOAuth2RequestFactory.class); - - private ClientDetailsEntityService clientDetailsService; - - @Autowired - private ClientKeyCacheService validators; - - @Autowired - private JWTEncryptionAndDecryptionService encryptionService; - - private JsonParser parser = new JsonParser(); - - /** - * Constructor with arguments - * - * @param clientDetailsService - */ - @Autowired - public ConnectOAuth2RequestFactory(ClientDetailsEntityService clientDetailsService) { - super(clientDetailsService); - this.clientDetailsService = clientDetailsService; - } - - @Override - public AuthorizationRequest createAuthorizationRequest(Map inputParams) { - - - AuthorizationRequest request = new AuthorizationRequest(inputParams, Collections. emptyMap(), - inputParams.get(OAuth2Utils.CLIENT_ID), - OAuth2Utils.parseParameterList(inputParams.get(OAuth2Utils.SCOPE)), null, - null, false, inputParams.get(OAuth2Utils.STATE), - inputParams.get(OAuth2Utils.REDIRECT_URI), - OAuth2Utils.parseParameterList(inputParams.get(OAuth2Utils.RESPONSE_TYPE))); - - //Add extension parameters to the 'extensions' map - - if (inputParams.containsKey(PROMPT)) { - request.getExtensions().put(PROMPT, inputParams.get(PROMPT)); - } - if (inputParams.containsKey(NONCE)) { - request.getExtensions().put(NONCE, inputParams.get(NONCE)); - } - - if (inputParams.containsKey(CLAIMS)) { - JsonObject claimsRequest = parseClaimRequest(inputParams.get(CLAIMS)); - if (claimsRequest != null) { - request.getExtensions().put(CLAIMS, claimsRequest.toString()); - } - } - - if (inputParams.containsKey(MAX_AGE)) { - request.getExtensions().put(MAX_AGE, inputParams.get(MAX_AGE)); - } - - if (inputParams.containsKey(LOGIN_HINT)) { - request.getExtensions().put(LOGIN_HINT, inputParams.get(LOGIN_HINT)); - } - - if (inputParams.containsKey(AUD)) { - request.getExtensions().put(AUD, inputParams.get(AUD)); - } - - if (inputParams.containsKey(CODE_CHALLENGE)) { - request.getExtensions().put(CODE_CHALLENGE, inputParams.get(CODE_CHALLENGE)); - if (inputParams.containsKey(CODE_CHALLENGE_METHOD)) { - request.getExtensions().put(CODE_CHALLENGE_METHOD, inputParams.get(CODE_CHALLENGE_METHOD)); - } else { - // if the client doesn't specify a code challenge transformation method, it's "plain" - request.getExtensions().put(CODE_CHALLENGE_METHOD, PKCEAlgorithm.plain.getName()); - } - - } - - if (inputParams.containsKey(REQUEST)) { - request.getExtensions().put(REQUEST, inputParams.get(REQUEST)); - processRequestObject(inputParams.get(REQUEST), request); - } - - if (request.getClientId() != null) { - try { - ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); - - if ((request.getScope() == null || request.getScope().isEmpty())) { - Set clientScopes = client.getScope(); - request.setScope(clientScopes); - } - - if (request.getExtensions().get(MAX_AGE) == null && client.getDefaultMaxAge() != null) { - request.getExtensions().put(MAX_AGE, client.getDefaultMaxAge().toString()); - } - } catch (OAuth2Exception e) { - logger.error("Caught OAuth2 exception trying to test client scopes and max age:", e); - } - } - - return request; - } - - /** - * - * @param jwtString - * @param request - */ - private void processRequestObject(String jwtString, AuthorizationRequest request) { - - // parse the request object - try { - JWT jwt = JWTParser.parse(jwtString); - - if (jwt instanceof SignedJWT) { - // it's a signed JWT, check the signature - - SignedJWT signedJwt = (SignedJWT)jwt; - - // need to check clientId first so that we can load the client to check other fields - if (request.getClientId() == null) { - request.setClientId(signedJwt.getJWTClaimsSet().getStringClaim(CLIENT_ID)); - } - - ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); - - if (client == null) { - throw new InvalidClientException("Client not found: " + request.getClientId()); - } - - - JWSAlgorithm alg = signedJwt.getHeader().getAlgorithm(); - - if (client.getRequestObjectSigningAlg() == null || - !client.getRequestObjectSigningAlg().equals(alg)) { - throw new InvalidClientException("Client's registered request object signing algorithm (" + client.getRequestObjectSigningAlg() + ") does not match request object's actual algorithm (" + alg.getName() + ")"); - } - - JWTSigningAndValidationService validator = validators.getValidator(client, alg); - - if (validator == null) { - throw new InvalidClientException("Unable to create signature validator for client " + client + " and algorithm " + alg); - } - - if (!validator.validateSignature(signedJwt)) { - throw new InvalidClientException("Signature did not validate for presented JWT request object."); - } - - } else if (jwt instanceof PlainJWT) { - PlainJWT plainJwt = (PlainJWT)jwt; - - // need to check clientId first so that we can load the client to check other fields - if (request.getClientId() == null) { - request.setClientId(plainJwt.getJWTClaimsSet().getStringClaim(CLIENT_ID)); - } - - ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); - - if (client == null) { - throw new InvalidClientException("Client not found: " + request.getClientId()); - } - - if (client.getRequestObjectSigningAlg() == null) { - throw new InvalidClientException("Client is not registered for unsigned request objects (no request_object_signing_alg registered)"); - } else if (!client.getRequestObjectSigningAlg().equals(Algorithm.NONE)) { - throw new InvalidClientException("Client is not registered for unsigned request objects (request_object_signing_alg is " + client.getRequestObjectSigningAlg() +")"); - } - - // if we got here, we're OK, keep processing - - } else if (jwt instanceof EncryptedJWT) { - - EncryptedJWT encryptedJWT = (EncryptedJWT)jwt; - - // decrypt the jwt if we can - - encryptionService.decryptJwt(encryptedJWT); - - // TODO: what if the content is a signed JWT? (#525) - - if (!encryptedJWT.getState().equals(State.DECRYPTED)) { - throw new InvalidClientException("Unable to decrypt the request object"); - } - - // need to check clientId first so that we can load the client to check other fields - if (request.getClientId() == null) { - request.setClientId(encryptedJWT.getJWTClaimsSet().getStringClaim(CLIENT_ID)); - } - - ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); - - if (client == null) { - throw new InvalidClientException("Client not found: " + request.getClientId()); - } - - - } - - - /* - * NOTE: Claims inside the request object always take precedence over those in the parameter map. - */ - - // now that we've got the JWT, and it's been parsed, validated, and/or decrypted, we can process the claims - - JWTClaimsSet claims = jwt.getJWTClaimsSet(); - - Set responseTypes = OAuth2Utils.parseParameterList(claims.getStringClaim(RESPONSE_TYPE)); - if (!responseTypes.isEmpty()) { - if (!responseTypes.equals(request.getResponseTypes())) { - logger.info("Mismatch between request object and regular parameter for response_type, using request object"); - } - request.setResponseTypes(responseTypes); - } - - String redirectUri = claims.getStringClaim(REDIRECT_URI); - if (redirectUri != null) { - if (!redirectUri.equals(request.getRedirectUri())) { - logger.info("Mismatch between request object and regular parameter for redirect_uri, using request object"); - } - request.setRedirectUri(redirectUri); - } - - String state = claims.getStringClaim(STATE); - if(state != null) { - if (!state.equals(request.getState())) { - logger.info("Mismatch between request object and regular parameter for state, using request object"); - } - request.setState(state); - } - - String nonce = claims.getStringClaim(NONCE); - if(nonce != null) { - if (!nonce.equals(request.getExtensions().get(NONCE))) { - logger.info("Mismatch between request object and regular parameter for nonce, using request object"); - } - request.getExtensions().put(NONCE, nonce); - } - - String display = claims.getStringClaim(DISPLAY); - if (display != null) { - if (!display.equals(request.getExtensions().get(DISPLAY))) { - logger.info("Mismatch between request object and regular parameter for display, using request object"); - } - request.getExtensions().put(DISPLAY, display); - } - - String prompt = claims.getStringClaim(PROMPT); - if (prompt != null) { - if (!prompt.equals(request.getExtensions().get(PROMPT))) { - logger.info("Mismatch between request object and regular parameter for prompt, using request object"); - } - request.getExtensions().put(PROMPT, prompt); - } - - Set scope = OAuth2Utils.parseParameterList(claims.getStringClaim(SCOPE)); - if (!scope.isEmpty()) { - if (!scope.equals(request.getScope())) { - logger.info("Mismatch between request object and regular parameter for scope, using request object"); - } - request.setScope(scope); - } - - JsonObject claimRequest = parseClaimRequest(claims.getStringClaim(CLAIMS)); - if (claimRequest != null) { - Serializable claimExtension = request.getExtensions().get(CLAIMS); - if (claimExtension == null || !claimRequest.equals(parseClaimRequest(claimExtension.toString()))) { - logger.info("Mismatch between request object and regular parameter for claims, using request object"); - } - // we save the string because the object might not be a Java Serializable, and we can parse it easily enough anyway - request.getExtensions().put(CLAIMS, claimRequest.toString()); - } - - String loginHint = claims.getStringClaim(LOGIN_HINT); - if (loginHint != null) { - if (!loginHint.equals(request.getExtensions().get(LOGIN_HINT))) { - logger.info("Mistmatch between request object and regular parameter for login_hint, using requst object"); - } - request.getExtensions().put(LOGIN_HINT, loginHint); - } - - } catch (ParseException e) { - logger.error("ParseException while parsing RequestObject:", e); - } - } - - /** - * @param claimRequestString - * @return - */ - private JsonObject parseClaimRequest(String claimRequestString) { - if (Strings.isNullOrEmpty(claimRequestString)) { - return null; - } else { - JsonElement el = parser.parse(claimRequestString); - if (el != null && el.isJsonObject()) { - return el.getAsJsonObject(); - } else { - return null; - } - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java deleted file mode 100644 index cebcdd169f..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java +++ /dev/null @@ -1,54 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.request; - -public interface ConnectRequestParameters { - - public String CLIENT_ID = "client_id"; - public String RESPONSE_TYPE = "response_type"; - public String REDIRECT_URI = "redirect_uri"; - public String STATE = "state"; - public String DISPLAY = "display"; - public String REQUEST = "request"; - public String LOGIN_HINT = "login_hint"; - public String MAX_AGE = "max_age"; - public String CLAIMS = "claims"; - public String SCOPE = "scope"; - public String NONCE = "nonce"; - public String PROMPT = "prompt"; - - // prompt values - public String PROMPT_LOGIN = "login"; - public String PROMPT_NONE = "none"; - public String PROMPT_CONSENT = "consent"; - public String PROMPT_SEPARATOR = " "; - - // extensions - public String APPROVED_SITE = "approved_site"; - - // responses - public String ERROR = "error"; - public String LOGIN_REQUIRED = "login_required"; - - // audience - public String AUD = "aud"; - - // PKCE - public String CODE_CHALLENGE = "code_challenge"; - public String CODE_CHALLENGE_METHOD = "code_challenge_method"; - public String CODE_VERIFIER = "code_verifier"; - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java deleted file mode 100644 index 05ddd5c0c3..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java +++ /dev/null @@ -1,192 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import java.util.Collection; -import java.util.Date; -import java.util.List; -import java.util.Set; - -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.service.ApprovedSiteService; -import org.mitre.openid.connect.service.StatsService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -import com.google.common.base.Predicate; -import com.google.common.collect.Collections2; - -/** - * Implementation of the ApprovedSiteService - * - * @author Michael Joseph Walsh, aanganes - * - */ -@Service("defaultApprovedSiteService") -public class DefaultApprovedSiteService implements ApprovedSiteService { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(DefaultApprovedSiteService.class); - - @Autowired - private ApprovedSiteRepository approvedSiteRepository; - - @Autowired - private OAuth2TokenRepository tokenRepository; - - @Autowired - private StatsService statsService; - - @Override - public Collection getAll() { - return approvedSiteRepository.getAll(); - } - - @Override - @Transactional(value="defaultTransactionManager") - public ApprovedSite save(ApprovedSite approvedSite) { - ApprovedSite a = approvedSiteRepository.save(approvedSite); - statsService.resetCache(); - return a; - } - - @Override - public ApprovedSite getById(Long id) { - return approvedSiteRepository.getById(id); - } - - @Override - @Transactional(value="defaultTransactionManager") - public void remove(ApprovedSite approvedSite) { - - //Remove any associated access and refresh tokens - List accessTokens = getApprovedAccessTokens(approvedSite); - - for (OAuth2AccessTokenEntity token : accessTokens) { - if (token.getRefreshToken() != null) { - tokenRepository.removeRefreshToken(token.getRefreshToken()); - } - tokenRepository.removeAccessToken(token); - } - - approvedSiteRepository.remove(approvedSite); - - statsService.resetCache(); - } - - @Override - @Transactional(value="defaultTransactionManager") - public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set allowedScopes) { - - ApprovedSite as = approvedSiteRepository.save(new ApprovedSite()); - - Date now = new Date(); - as.setCreationDate(now); - as.setAccessDate(now); - as.setClientId(clientId); - as.setUserId(userId); - as.setTimeoutDate(timeoutDate); - as.setAllowedScopes(allowedScopes); - - return save(as); - - } - - @Override - public Collection getByClientIdAndUserId(String clientId, String userId) { - - return approvedSiteRepository.getByClientIdAndUserId(clientId, userId); - - } - - /** - * @param userId - * @return - * @see org.mitre.openid.connect.repository.ApprovedSiteRepository#getByUserId(java.lang.String) - */ - @Override - public Collection getByUserId(String userId) { - return approvedSiteRepository.getByUserId(userId); - } - - /** - * @param clientId - * @return - * @see org.mitre.openid.connect.repository.ApprovedSiteRepository#getByClientId(java.lang.String) - */ - @Override - public Collection getByClientId(String clientId) { - return approvedSiteRepository.getByClientId(clientId); - } - - - @Override - public void clearApprovedSitesForClient(ClientDetails client) { - Collection approvedSites = approvedSiteRepository.getByClientId(client.getClientId()); - if (approvedSites != null) { - for (ApprovedSite approvedSite : approvedSites) { - remove(approvedSite); - } - } - } - - @Override - public void clearExpiredSites() { - - logger.debug("Clearing expired approved sites"); - - Collection expiredSites = getExpired(); - if (expiredSites.size() > 0) { - logger.info("Found " + expiredSites.size() + " expired approved sites."); - } - if (expiredSites != null) { - for (ApprovedSite expired : expiredSites) { - remove(expired); - } - } - - } - - private Predicate isExpired = new Predicate() { - @Override - public boolean apply(ApprovedSite input) { - return (input != null && input.isExpired()); - } - }; - - private Collection getExpired() { - return Collections2.filter(approvedSiteRepository.getAll(), isExpired); - } - - @Override - public List getApprovedAccessTokens( - ApprovedSite approvedSite) { - return tokenRepository.getAccessTokensForApprovedSite(approvedSite); - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultBlacklistedSiteService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultBlacklistedSiteService.java deleted file mode 100644 index 65652b6dc7..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultBlacklistedSiteService.java +++ /dev/null @@ -1,108 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.service.impl; - -import java.util.Collection; - -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mitre.openid.connect.service.BlacklistedSiteService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -import com.google.common.base.Strings; - -/** - * @author jricher - * - */ -@Service -@Transactional(value="defaultTransactionManager") -public class DefaultBlacklistedSiteService implements BlacklistedSiteService { - - @Autowired - private BlacklistedSiteRepository repository; - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.BlacklistedSiteService#getAll() - */ - @Override - public Collection getAll() { - return repository.getAll(); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.BlacklistedSiteService#getById(java.lang.Long) - */ - @Override - public BlacklistedSite getById(Long id) { - return repository.getById(id); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.BlacklistedSiteService#remove(org.mitre.openid.connect.model.BlacklistedSite) - */ - @Override - public void remove(BlacklistedSite blacklistedSite) { - repository.remove(blacklistedSite); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.BlacklistedSiteService#saveNew(org.mitre.openid.connect.model.BlacklistedSite) - */ - @Override - public BlacklistedSite saveNew(BlacklistedSite blacklistedSite) { - return repository.save(blacklistedSite); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.BlacklistedSiteService#update(org.mitre.openid.connect.model.BlacklistedSite, org.mitre.openid.connect.model.BlacklistedSite) - */ - @Override - public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite) { - return repository.update(oldBlacklistedSite, blacklistedSite); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.BlacklistedSiteService#isBlacklisted(java.lang.String) - */ - @Override - public boolean isBlacklisted(String uri) { - - if (Strings.isNullOrEmpty(uri)) { - return false; // can't be blacklisted if you don't exist - } - - Collection sites = getAll(); - - // TODO: rewrite this to do regex matching and use the Guava predicates collection - - for (BlacklistedSite blacklistedSite : sites) { - if (Strings.nullToEmpty(blacklistedSite.getUri()).equals(uri)) { - return true; - } - } - - return false; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java deleted file mode 100644 index 00863745a3..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java +++ /dev/null @@ -1,354 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.NONCE; - -import java.util.Date; -import java.util.Map; -import java.util.Set; -import java.util.UUID; - -import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService; -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.jwt.signer.service.impl.ClientKeyCacheService; -import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.service.OIDCTokenService; -import org.mitre.openid.connect.util.IdTokenHashUtils; -import org.mitre.openid.connect.web.AuthenticationTimeStamper; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.stereotype.Service; - -import com.google.common.base.Strings; -import com.google.common.collect.Lists; -import com.google.common.collect.Maps; -import com.google.common.collect.Sets; -import com.nimbusds.jose.Algorithm; -import com.nimbusds.jose.JWEHeader; -import com.nimbusds.jose.JWEObject; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jose.util.Base64URL; -import com.nimbusds.jwt.EncryptedJWT; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.PlainJWT; -import com.nimbusds.jwt.SignedJWT; -/** - * Default implementation of service to create specialty OpenID Connect tokens. - * - * @author Amanda Anganes - * - */ -@Service -public class DefaultOIDCTokenService implements OIDCTokenService { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(DefaultOIDCTokenService.class); - - @Autowired - private JWTSigningAndValidationService jwtService; - - @Autowired - private AuthenticationHolderRepository authenticationHolderRepository; - - @Autowired - private ConfigurationPropertiesBean configBean; - - @Autowired - private ClientKeyCacheService encrypters; - - @Autowired - private SymmetricKeyJWTValidatorCacheService symmetricCacheService; - - @Autowired - private OAuth2TokenEntityService tokenService; - - @Override - public JWT createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken) { - - JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); - - if (client.getIdTokenSignedResponseAlg() != null) { - signingAlg = client.getIdTokenSignedResponseAlg(); - } - - - JWT idToken = null; - - JWTClaimsSet.Builder idClaims = new JWTClaimsSet.Builder(); - - // if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in - if (request.getExtensions().containsKey(MAX_AGE) - || (request.getExtensions().containsKey("idtoken")) // TODO: parse the ID Token claims (#473) -- for now assume it could be in there - || (client.getRequireAuthTime() != null && client.getRequireAuthTime())) { - - if (request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP) != null) { - - Long authTimestamp = Long.parseLong((String) request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP)); - if (authTimestamp != null) { - idClaims.claim("auth_time", authTimestamp / 1000L); - } - } else { - // we couldn't find the timestamp! - logger.warn("Unable to find authentication timestamp! There is likely something wrong with the configuration."); - } - } - - idClaims.issueTime(issueTime); - - if (client.getIdTokenValiditySeconds() != null) { - Date expiration = new Date(System.currentTimeMillis() + (client.getIdTokenValiditySeconds() * 1000L)); - idClaims.expirationTime(expiration); - } - - idClaims.issuer(configBean.getIssuer()); - idClaims.subject(sub); - idClaims.audience(Lists.newArrayList(client.getClientId())); - idClaims.jwtID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it - - String nonce = (String)request.getExtensions().get(NONCE); - if (!Strings.isNullOrEmpty(nonce)) { - idClaims.claim("nonce", nonce); - } - - Set responseTypes = request.getResponseTypes(); - - if (responseTypes.contains("token")) { - // calculate the token hash - Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, accessToken); - idClaims.claim("at_hash", at_hash); - } - - addCustomIdTokenClaims(idClaims, client, request, sub, accessToken); - - if (client.getIdTokenEncryptedResponseAlg() != null && !client.getIdTokenEncryptedResponseAlg().equals(Algorithm.NONE) - && client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE) - && (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) { - - JWTEncryptionAndDecryptionService encrypter = encrypters.getEncrypter(client); - - if (encrypter != null) { - - idToken = new EncryptedJWT(new JWEHeader(client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc()), idClaims.build()); - - encrypter.encryptJwt((JWEObject) idToken); - - } else { - logger.error("Couldn't find encrypter for client: " + client.getClientId()); - } - - } else { - - if (signingAlg.equals(Algorithm.NONE)) { - // unsigned ID token - idToken = new PlainJWT(idClaims.build()); - - } else { - - // signed ID token - - if (signingAlg.equals(JWSAlgorithm.HS256) - || signingAlg.equals(JWSAlgorithm.HS384) - || signingAlg.equals(JWSAlgorithm.HS512)) { - - JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null, - jwtService.getDefaultSignerKeyId(), - null, null); - idToken = new SignedJWT(header, idClaims.build()); - - JWTSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client); - - // sign it with the client's secret - signer.signJwt((SignedJWT) idToken); - } else { - idClaims.claim("kid", jwtService.getDefaultSignerKeyId()); - - JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null, - jwtService.getDefaultSignerKeyId(), - null, null); - - idToken = new SignedJWT(header, idClaims.build()); - - // sign it with the server's key - jwtService.signJwt((SignedJWT) idToken); - } - } - - } - - return idToken; - } - - /** - * @param client - * @return - * @throws AuthenticationException - */ - @Override - public OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) { - - return createAssociatedToken(client, Sets.newHashSet(SystemScopeService.REGISTRATION_TOKEN_SCOPE)); - - } - - /** - * @param client - * @return - */ - @Override - public OAuth2AccessTokenEntity createResourceAccessToken(ClientDetailsEntity client) { - - return createAssociatedToken(client, Sets.newHashSet(SystemScopeService.RESOURCE_TOKEN_SCOPE)); - - } - - @Override - public OAuth2AccessTokenEntity rotateRegistrationAccessTokenForClient(ClientDetailsEntity client) { - // revoke any previous tokens - OAuth2AccessTokenEntity oldToken = tokenService.getRegistrationAccessTokenForClient(client); - if (oldToken != null) { - Set scope = oldToken.getScope(); - tokenService.revokeAccessToken(oldToken); - return createAssociatedToken(client, scope); - } else { - return null; - } - - } - - private OAuth2AccessTokenEntity createAssociatedToken(ClientDetailsEntity client, Set scope) { - - // revoke any previous tokens that might exist, just to be sure - OAuth2AccessTokenEntity oldToken = tokenService.getRegistrationAccessTokenForClient(client); - if (oldToken != null) { - tokenService.revokeAccessToken(oldToken); - } - - // create a new token - - Map authorizationParameters = Maps.newHashMap(); - OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(), - Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true, - scope, null, null, null, null); - OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null); - - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - token.setClient(client); - token.setScope(scope); - - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setAuthentication(authentication); - authHolder = authenticationHolderRepository.save(authHolder); - token.setAuthenticationHolder(authHolder); - - JWTClaimsSet claims = new JWTClaimsSet.Builder() - .audience(Lists.newArrayList(client.getClientId())) - .issuer(configBean.getIssuer()) - .issueTime(new Date()) - .expirationTime(token.getExpiration()) - .jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it - .build(); - - JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); - JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null, - jwtService.getDefaultSignerKeyId(), - null, null); - SignedJWT signed = new SignedJWT(header, claims); - - jwtService.signJwt(signed); - - token.setJwt(signed); - - return token; - } - - /** - * @return the configBean - */ - public ConfigurationPropertiesBean getConfigBean() { - return configBean; - } - - /** - * @param configBean the configBean to set - */ - public void setConfigBean(ConfigurationPropertiesBean configBean) { - this.configBean = configBean; - } - - /** - * @return the jwtService - */ - public JWTSigningAndValidationService getJwtService() { - return jwtService; - } - - /** - * @param jwtService the jwtService to set - */ - public void setJwtService(JWTSigningAndValidationService jwtService) { - this.jwtService = jwtService; - } - - /** - * @return the authenticationHolderRepository - */ - public AuthenticationHolderRepository getAuthenticationHolderRepository() { - return authenticationHolderRepository; - } - - /** - * @param authenticationHolderRepository the authenticationHolderRepository to set - */ - public void setAuthenticationHolderRepository( - AuthenticationHolderRepository authenticationHolderRepository) { - this.authenticationHolderRepository = authenticationHolderRepository; - } - - /** - * Hook for subclasses that allows adding custom claims to the JWT - * that will be used as id token. - * @param idClaims the builder holding the current claims - * @param client information about the requesting client - * @param request request that caused the id token to be created - * @param sub subject auf the id token - * @param accessToken the access token - * @param authentication current authentication - */ - protected void addCustomIdTokenClaims(JWTClaimsSet.Builder idClaims, ClientDetailsEntity client, OAuth2Request request, - String sub, OAuth2AccessTokenEntity accessToken) { - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultScopeClaimTranslationService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultScopeClaimTranslationService.java deleted file mode 100644 index 5c0637a5e2..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultScopeClaimTranslationService.java +++ /dev/null @@ -1,94 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import java.util.HashSet; -import java.util.Set; - -import org.mitre.openid.connect.service.ScopeClaimTranslationService; -import org.springframework.stereotype.Service; - -import com.google.common.collect.HashMultimap; -import com.google.common.collect.SetMultimap; - -/** - * Service to map scopes to claims, and claims to Java field names - * - * @author Amanda Anganes - * - */ -@Service("scopeClaimTranslator") -public class DefaultScopeClaimTranslationService implements ScopeClaimTranslationService { - - private SetMultimap scopesToClaims = HashMultimap.create(); - - /** - * Default constructor; initializes scopesToClaims map - */ - public DefaultScopeClaimTranslationService() { - scopesToClaims.put("openid", "sub"); - - scopesToClaims.put("profile", "name"); - scopesToClaims.put("profile", "preferred_username"); - scopesToClaims.put("profile", "given_name"); - scopesToClaims.put("profile", "family_name"); - scopesToClaims.put("profile", "middle_name"); - scopesToClaims.put("profile", "nickname"); - scopesToClaims.put("profile", "profile"); - scopesToClaims.put("profile", "picture"); - scopesToClaims.put("profile", "website"); - scopesToClaims.put("profile", "gender"); - scopesToClaims.put("profile", "zoneinfo"); - scopesToClaims.put("profile", "locale"); - scopesToClaims.put("profile", "updated_at"); - scopesToClaims.put("profile", "birthdate"); - - scopesToClaims.put("email", "email"); - scopesToClaims.put("email", "email_verified"); - - scopesToClaims.put("phone", "phone_number"); - scopesToClaims.put("phone", "phone_number_verified"); - - scopesToClaims.put("address", "address"); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.ScopeClaimTranslationService#getClaimsForScope(java.lang.String) - */ - @Override - public Set getClaimsForScope(String scope) { - if (scopesToClaims.containsKey(scope)) { - return scopesToClaims.get(scope); - } else { - return new HashSet<>(); - } - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.ScopeClaimTranslationService#getClaimsForScopeSet(java.util.Set) - */ - @Override - public Set getClaimsForScopeSet(Set scopes) { - Set result = new HashSet<>(); - for (String scope : scopes) { - result.addAll(getClaimsForScope(scope)); - } - return result; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java deleted file mode 100644 index 2305fc16ea..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java +++ /dev/null @@ -1,111 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.service.impl; - -import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.TimeUnit; - -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.ClientStat; -import org.mitre.openid.connect.service.ApprovedSiteService; -import org.mitre.openid.connect.service.StatsService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import com.google.common.base.Supplier; -import com.google.common.base.Suppliers; - -/** - * @author jricher - * - */ -@Service -public class DefaultStatsService implements StatsService { - - @Autowired - private ApprovedSiteService approvedSiteService; - - // stats cache - private Supplier> summaryCache = createSummaryCache(); - - private Supplier> createSummaryCache() { - return Suppliers.memoizeWithExpiration(new Supplier>() { - @Override - public Map get() { - return computeSummaryStats(); - } - - }, 10, TimeUnit.MINUTES); - } - - @Override - public Map getSummaryStats() { - return summaryCache.get(); - } - - // do the actual computation - private Map computeSummaryStats() { - // get all approved sites - Collection allSites = approvedSiteService.getAll(); - - // process to find number of unique users and sites - Set userIds = new HashSet<>(); - Set clientIds = new HashSet<>(); - for (ApprovedSite approvedSite : allSites) { - userIds.add(approvedSite.getUserId()); - clientIds.add(approvedSite.getClientId()); - } - - Map e = new HashMap<>(); - - e.put("approvalCount", allSites.size()); - e.put("userCount", userIds.size()); - e.put("clientCount", clientIds.size()); - return e; - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.StatsService#countForClientId(java.lang.String) - */ - @Override - public ClientStat getCountForClientId(String clientId) { - - Collection approvedSites = approvedSiteService.getByClientId(clientId); - - ClientStat stat = new ClientStat(); - stat.setApprovedSiteCount(approvedSites.size()); - - return stat; - } - - /** - * Reset both stats caches on a trigger (before the timer runs out). Resets the timers. - */ - @Override - public void resetCache() { - summaryCache = createSummaryCache(); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java deleted file mode 100644 index ce830d6492..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java +++ /dev/null @@ -1,78 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.repository.UserInfoRepository; -import org.mitre.openid.connect.service.PairwiseIdentiferService; -import org.mitre.openid.connect.service.UserInfoService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -/** - * Implementation of the UserInfoService - * - * @author Michael Joseph Walsh, jricher - * - */ -@Service -public class DefaultUserInfoService implements UserInfoService { - - @Autowired - private UserInfoRepository userInfoRepository; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private PairwiseIdentiferService pairwiseIdentifierService; - - @Override - public UserInfo getByUsername(String username) { - return userInfoRepository.getByUsername(username); - } - - @Override - public UserInfo getByUsernameAndClientId(String username, String clientId) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - UserInfo userInfo = getByUsername(username); - - if (client == null || userInfo == null) { - return null; - } - - if (SubjectType.PAIRWISE.equals(client.getSubjectType())) { - String pairwiseSub = pairwiseIdentifierService.getIdentifier(userInfo, client); - userInfo.setSub(pairwiseSub); - } - - return userInfo; - - } - - @Override - public UserInfo getByEmailAddress(String email) { - return userInfoRepository.getByEmailAddress(email); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java deleted file mode 100644 index 3c530b5135..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java +++ /dev/null @@ -1,78 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import java.util.Collection; - -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.openid.connect.service.WhitelistedSiteService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -/** - * Implementation of the WhitelistedSiteService - * - * @author Michael Joseph Walsh, aanganes - * - */ -@Service -@Transactional(value="defaultTransactionManager") -public class DefaultWhitelistedSiteService implements WhitelistedSiteService { - - @Autowired - private WhitelistedSiteRepository repository; - - @Override - public WhitelistedSite getById(Long id) { - return repository.getById(id); - } - - @Override - public void remove(WhitelistedSite whitelistedSite) { - repository.remove(whitelistedSite); - } - - @Override - public WhitelistedSite saveNew(WhitelistedSite whitelistedSite) { - if (whitelistedSite.getId() != null) { - throw new IllegalArgumentException("A new whitelisted site cannot be created with an id value already set: " + whitelistedSite.getId()); - } - return repository.save(whitelistedSite); - } - - @Override - public Collection getAll() { - return repository.getAll(); - } - - @Override - public WhitelistedSite getByClientId(String clientId) { - return repository.getByClientId(clientId); - } - - @Override - public WhitelistedSite update(WhitelistedSite oldWhitelistedSite, WhitelistedSite whitelistedSite) { - if (oldWhitelistedSite == null || whitelistedSite == null) { - throw new IllegalArgumentException("Neither the old or new sites may be null"); - } - return repository.update(oldWhitelistedSite, whitelistedSite); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DummyResourceSetService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DummyResourceSetService.java deleted file mode 100644 index ad60243c10..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DummyResourceSetService.java +++ /dev/null @@ -1,72 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.openid.connect.service.impl; - -import java.util.Collection; -import java.util.Collections; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.service.ResourceSetService; -import org.springframework.stereotype.Service; - -/** - * Dummy resource set service that doesn't do anything; acts as a stub for the - * introspection service when the UMA functionality is disabled. - * - * @author jricher - * - */ -@Service -public class DummyResourceSetService implements ResourceSetService { - - @Override - public ResourceSet saveNew(ResourceSet rs) { - throw new UnsupportedOperationException(); - } - - @Override - public ResourceSet getById(Long id) { - throw new UnsupportedOperationException(); - } - - @Override - public ResourceSet update(ResourceSet oldRs, ResourceSet newRs) { - throw new UnsupportedOperationException(); - } - - @Override - public void remove(ResourceSet rs) { - throw new UnsupportedOperationException(); - } - - @Override - public Collection getAllForOwner(String owner) { - throw new UnsupportedOperationException(); - } - - @Override - public Collection getAllForOwnerAndClient(String owner, String authClientId) { - return Collections.emptySet(); - } - - @Override - public Collection getAllForClient(ClientDetailsEntity client) { - return Collections.emptySet(); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/InMemoryClientLogoLoadingService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/InMemoryClientLogoLoadingService.java deleted file mode 100644 index e16d0692a4..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/InMemoryClientLogoLoadingService.java +++ /dev/null @@ -1,122 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.openid.connect.service.impl; - -import java.io.IOException; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.TimeUnit; - -import org.apache.commons.io.IOUtils; -import org.apache.http.HttpEntity; -import org.apache.http.HttpResponse; -import org.apache.http.client.HttpClient; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.impl.client.HttpClientBuilder; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.openid.connect.model.CachedImage; -import org.mitre.openid.connect.service.ClientLogoLoadingService; -import org.springframework.stereotype.Service; - -import com.google.common.base.Strings; -import com.google.common.cache.CacheBuilder; -import com.google.common.cache.CacheLoader; -import com.google.common.cache.LoadingCache; -import com.google.common.util.concurrent.UncheckedExecutionException; - -/** - * @author jricher - * - */ -@Service("inMemoryClientLogoLoadingService") -public class InMemoryClientLogoLoadingService implements ClientLogoLoadingService { - - private LoadingCache cache; - - public InMemoryClientLogoLoadingService() { - this(HttpClientBuilder.create().useSystemProperties().build()); - } - - /** - * - */ - public InMemoryClientLogoLoadingService(HttpClient httpClient) { - - cache = CacheBuilder.newBuilder() - .maximumSize(100) - .expireAfterAccess(14, TimeUnit.DAYS) - .build(new ClientLogoFetcher(httpClient)); - - } - - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.ClientLogoLoadingService#getLogo(org.mitre.oauth2.model.ClientDetailsEntity) - */ - @Override - public CachedImage getLogo(ClientDetailsEntity client) { - try { - if (client != null && !Strings.isNullOrEmpty(client.getLogoUri())) { - return cache.get(client); - } else { - return null; - } - } catch (UncheckedExecutionException | ExecutionException e) { - return null; - } - } - - /** - * @author jricher - * - */ - public class ClientLogoFetcher extends CacheLoader { - private HttpClient httpClient; - - public ClientLogoFetcher() { - this(HttpClientBuilder.create().useSystemProperties().build()); - } - - public ClientLogoFetcher(HttpClient httpClient) { - this.httpClient = httpClient; - } - - /* (non-Javadoc) - * @see com.google.common.cache.CacheLoader#load(java.lang.Object) - */ - @Override - public CachedImage load(ClientDetailsEntity key) throws Exception { - try { - HttpResponse response = httpClient.execute(new HttpGet(key.getLogoUri())); - - HttpEntity entity = response.getEntity(); - - CachedImage image = new CachedImage(); - - image.setContentType(entity.getContentType().getValue()); - image.setLength(entity.getContentLength()); - image.setData(IOUtils.toByteArray(entity.getContent())); - - return image; - } catch (IOException e) { - throw new IllegalArgumentException("Unable to load client image."); - } - } - - } - - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java deleted file mode 100644 index c4e787c9eb..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java +++ /dev/null @@ -1,58 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import java.text.ParseException; -import java.util.Date; -import java.util.Locale; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.format.annotation.DateTimeFormat.ISO; -import org.springframework.format.datetime.DateFormatter; - -public abstract class MITREidDataServiceSupport { - private final DateFormatter dateFormatter; - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(MITREidDataServiceSupport.class); - - public MITREidDataServiceSupport() { - dateFormatter = new DateFormatter(); - dateFormatter.setIso(ISO.DATE_TIME); - } - - protected Date utcToDate(String value) { - if (value == null) { - return null; - } - try { - return dateFormatter.parse(value, Locale.ENGLISH); - } catch (ParseException ex) { - logger.error("Unable to parse datetime {}", value, ex); - } - return null; - } - - protected String toUTCString(Date value) { - if (value == null) { - return null; - } - return dateFormatter.print(value, Locale.ENGLISH); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java deleted file mode 100644 index 57c3257726..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java +++ /dev/null @@ -1,906 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mitre.util.JsonUtils.readMap; -import static org.mitre.util.JsonUtils.readSet; - -import java.io.IOException; -import java.text.ParseException; -import java.util.Collection; -import java.util.Collections; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AppType; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.SavedUserAuthentication; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mitre.openid.connect.service.MITREidDataServiceExtension; -import org.mitre.openid.connect.service.MITREidDataServiceMaps; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.stereotype.Service; - -import com.google.common.collect.Sets; -import com.google.gson.stream.JsonReader; -import com.google.gson.stream.JsonToken; -import com.google.gson.stream.JsonWriter; -import com.nimbusds.jose.EncryptionMethod; -import com.nimbusds.jose.JWEAlgorithm; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jwt.JWTParser; -/** - * - * Data service to import MITREid 1.0 configuration. - * - * @author jricher - * @author arielak - */ -@Service -@SuppressWarnings(value = {"unchecked"}) -public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements MITREidDataService { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(MITREidDataService_1_0.class); - @Autowired - private OAuth2ClientRepository clientRepository; - @Autowired - private ApprovedSiteRepository approvedSiteRepository; - @Autowired - private WhitelistedSiteRepository wlSiteRepository; - @Autowired - private BlacklistedSiteRepository blSiteRepository; - @Autowired - private AuthenticationHolderRepository authHolderRepository; - @Autowired - private OAuth2TokenRepository tokenRepository; - @Autowired - private SystemScopeRepository sysScopeRepository; - @Autowired(required = false) - private List extensions = Collections.emptyList(); - - private MITREidDataServiceMaps maps = new MITREidDataServiceMaps(); - - private static final String THIS_VERSION = MITREID_CONNECT_1_0; - - @Override - public boolean supportsVersion(String version) { - return THIS_VERSION.equals(version); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter) - */ - - @Override - public void exportData(JsonWriter writer) throws IOException { - throw new UnsupportedOperationException("Can not export 1.0 format from this version."); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataService#importData(com.google.gson.stream.JsonReader) - */ - @Override - public void importData(JsonReader reader) throws IOException { - - logger.info("Reading configuration for 1.0"); - - // this *HAS* to start as an object - reader.beginObject(); - - while (reader.hasNext()) { - JsonToken tok = reader.peek(); - switch (tok) { - case NAME: - String name = reader.nextName(); - // find out which member it is - if (name.equals(CLIENTS)) { - readClients(reader); - } else if (name.equals(GRANTS)) { - readGrants(reader); - } else if (name.equals(WHITELISTEDSITES)) { - readWhitelistedSites(reader); - } else if (name.equals(BLACKLISTEDSITES)) { - readBlacklistedSites(reader); - } else if (name.equals(AUTHENTICATIONHOLDERS)) { - readAuthenticationHolders(reader); - } else if (name.equals(ACCESSTOKENS)) { - readAccessTokens(reader); - } else if (name.equals(REFRESHTOKENS)) { - readRefreshTokens(reader); - } else if (name.equals(SYSTEMSCOPES)) { - readSystemScopes(reader); - } else { - for (MITREidDataServiceExtension extension : extensions) { - if (extension.supportsVersion(THIS_VERSION)) { - if (extension.supportsVersion(THIS_VERSION)) { - extension.importExtensionData(name, reader); - break; - } - } - } - // unknown token, skip it - reader.skipValue(); - } - break; - case END_OBJECT: - // the object ended, we're done here - reader.endObject(); - continue; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; } - } - fixObjectReferences(); - for (MITREidDataServiceExtension extension : extensions) { - if (extension.supportsVersion(THIS_VERSION)) { - extension.fixExtensionObjectReferences(maps); - break; - } - } - maps.clearAll(); - } - /** - * @param reader - * @throws IOException - */ - /** - * @param reader - * @throws IOException - */ - private void readRefreshTokens(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - OAuth2RefreshTokenEntity token = new OAuth2RefreshTokenEntity(); - reader.beginObject(); - Long currentId = null; - String clientId = null; - Long authHolderId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("expiration")) { - Date date = utcToDate(reader.nextString()); - token.setExpiration(date); - } else if (name.equals("value")) { - String value = reader.nextString(); - try { - token.setJwt(JWTParser.parse(value)); - } catch (ParseException ex) { - logger.error("Unable to set refresh token value to {}", value, ex); - } - } else if (name.equals("clientId")) { - clientId = reader.nextString(); - } else if (name.equals("authenticationHolderId")) { - authHolderId = reader.nextLong(); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = tokenRepository.saveRefreshToken(token).getId(); - maps.getRefreshTokenToClientRefs().put(currentId, clientId); - maps.getRefreshTokenToAuthHolderRefs().put(currentId, authHolderId); - maps.getRefreshTokenOldToNewIdMap().put(currentId, newId); - logger.debug("Read refresh token {}", currentId); - } - reader.endArray(); - logger.info("Done reading refresh tokens"); - } - /** - * @param reader - * @throws IOException - */ - /** - * @param reader - * @throws IOException - */ - private void readAccessTokens(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - reader.beginObject(); - Long currentId = null; - String clientId = null; - Long authHolderId = null; - Long refreshTokenId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("expiration")) { - Date date = utcToDate(reader.nextString()); - token.setExpiration(date); - } else if (name.equals("value")) { - String value = reader.nextString(); - try { - // all tokens are JWTs - token.setJwt(JWTParser.parse(value)); - } catch (ParseException ex) { - logger.error("Unable to set refresh token value to {}", value, ex); - } - } else if (name.equals("clientId")) { - clientId = reader.nextString(); - } else if (name.equals("authenticationHolderId")) { - authHolderId = reader.nextLong(); - } else if (name.equals("refreshTokenId")) { - refreshTokenId = reader.nextLong(); - } else if (name.equals("scope")) { - Set scope = readSet(reader); - token.setScope(scope); - } else if (name.equals("type")) { - token.setTokenType(reader.nextString()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = tokenRepository.saveAccessToken(token).getId(); - maps.getAccessTokenToClientRefs().put(currentId, clientId); - maps.getAccessTokenToAuthHolderRefs().put(currentId, authHolderId); - if (refreshTokenId != null) { - maps.getAccessTokenToRefreshTokenRefs().put(currentId, refreshTokenId); - } - maps.getAccessTokenOldToNewIdMap().put(currentId, newId); - logger.debug("Read access token {}", currentId); - } - reader.endArray(); - logger.info("Done reading access tokens"); - } - /** - * @param reader - * @throws IOException - */ - private void readAuthenticationHolders(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - AuthenticationHolderEntity ahe = new AuthenticationHolderEntity(); - reader.beginObject(); - Long currentId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("ownerId")) { - //not needed - reader.skipValue(); - } else if (name.equals("authentication")) { - OAuth2Request clientAuthorization = null; - Authentication userAuthentication = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String subName = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (subName.equals("clientAuthorization")) { - clientAuthorization = readAuthorizationRequest(reader); - } else if (subName.equals("userAuthentication")) { - // skip binary encoded version - reader.skipValue(); - - } else if (subName.equals("savedUserAuthentication")) { - userAuthentication = readSavedUserAuthentication(reader); - - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication); - ahe.setAuthentication(auth); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = authHolderRepository.save(ahe).getId(); - maps.getAuthHolderOldToNewIdMap().put(currentId, newId); - logger.debug("Read authentication holder {}", currentId); - } - reader.endArray(); - logger.info("Done reading authentication holders"); - } - - //used by readAuthenticationHolders - private OAuth2Request readAuthorizationRequest(JsonReader reader) throws IOException { - Set scope = new LinkedHashSet<>(); - Set resourceIds = new HashSet<>(); - boolean approved = false; - Collection authorities = new HashSet<>(); - Map authorizationParameters = new HashMap<>(); - Set responseTypes = new HashSet<>(); - String redirectUri = null; - String clientId = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("authorizationParameters")) { - authorizationParameters = readMap(reader); - } else if (name.equals("approvalParameters")) { - reader.skipValue(); - } else if (name.equals("clientId")) { - clientId = reader.nextString(); - } else if (name.equals("scope")) { - scope = readSet(reader); - } else if (name.equals("resourceIds")) { - resourceIds = readSet(reader); - } else if (name.equals("authorities")) { - Set authorityStrs = readSet(reader); - authorities = new HashSet<>(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - } else if (name.equals("approved")) { - approved = reader.nextBoolean(); - } else if (name.equals("denied")) { - if (approved == false) { - approved = !reader.nextBoolean(); - } - } else if (name.equals("redirectUri")) { - redirectUri = reader.nextString(); - } else if (name.equals("responseTypes")) { - responseTypes = readSet(reader); - } else { - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - return new OAuth2Request(authorizationParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, null); - } - - /** - * @param reader - * @return - * @throws IOException - */ - private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException { - SavedUserAuthentication savedUserAuth = new SavedUserAuthentication(); - reader.beginObject(); - - while (reader.hasNext()) { - switch(reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("name")) { - savedUserAuth.setName(reader.nextString()); - } else if (name.equals("sourceClass")) { - savedUserAuth.setSourceClass(reader.nextString()); - } else if (name.equals("authenticated")) { - savedUserAuth.setAuthenticated(reader.nextBoolean()); - } else if (name.equals("authorities")) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - savedUserAuth.setAuthorities(authorities); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - - reader.endObject(); - return savedUserAuth; - } - - /** - * @param reader - * @throws IOException - */ - private void readGrants(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - ApprovedSite site = new ApprovedSite(); - Long currentId = null; - Long whitelistedSiteId = null; - Set tokenIds = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("accessDate")) { - Date date = utcToDate(reader.nextString()); - site.setAccessDate(date); - } else if (name.equals("clientId")) { - site.setClientId(reader.nextString()); - } else if (name.equals("creationDate")) { - Date date = utcToDate(reader.nextString()); - site.setCreationDate(date); - } else if (name.equals("timeoutDate")) { - Date date = utcToDate(reader.nextString()); - site.setTimeoutDate(date); - } else if (name.equals("userId")) { - site.setUserId(reader.nextString()); - } else if (name.equals("allowedScopes")) { - Set allowedScopes = readSet(reader); - site.setAllowedScopes(allowedScopes); - } else if (name.equals("whitelistedSiteId")) { - whitelistedSiteId = reader.nextLong(); - } else if (name.equals("approvedAccessTokens")) { - tokenIds = readSet(reader); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = approvedSiteRepository.save(site).getId(); - maps.getGrantOldToNewIdMap().put(currentId, newId); - if (whitelistedSiteId != null) { - logger.debug("Ignoring whitelisted site marker on approved site."); - } - if (tokenIds != null) { - maps.getGrantToAccessTokensRefs().put(currentId, tokenIds); - } - logger.debug("Read grant {}", currentId); - } - reader.endArray(); - logger.info("Done reading grants"); - } - /** - * @param reader - * @throws IOException - */ - private void readWhitelistedSites(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - WhitelistedSite wlSite = new WhitelistedSite(); - Long currentId = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("clientId")) { - wlSite.setClientId(reader.nextString()); - } else if (name.equals("creatorUserId")) { - wlSite.setCreatorUserId(reader.nextString()); - } else if (name.equals("allowedScopes")) { - Set allowedScopes = readSet(reader); - wlSite.setAllowedScopes(allowedScopes); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = wlSiteRepository.save(wlSite).getId(); - maps.getWhitelistedSiteOldToNewIdMap().put(currentId, newId); - } - reader.endArray(); - logger.info("Done reading whitelisted sites"); - } - - /** - * @param reader - * @throws IOException - */ - private void readBlacklistedSites(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - BlacklistedSite blSite = new BlacklistedSite(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (name.equals("id")) { - reader.skipValue(); - } else if (name.equals("uri")) { - blSite.setUri(reader.nextString()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - blSiteRepository.save(blSite); - } - reader.endArray(); - logger.info("Done reading blacklisted sites"); - } - - /** - * @param reader - * @throws IOException - */ - private void readClients(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - ClientDetailsEntity client = new ClientDetailsEntity(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("clientId")) { - client.setClientId(reader.nextString()); - } else if (name.equals("resourceIds")) { - Set resourceIds = readSet(reader); - client.setResourceIds(resourceIds); - } else if (name.equals("secret")) { - client.setClientSecret(reader.nextString()); - } else if (name.equals("scope")) { - Set scope = readSet(reader); - client.setScope(scope); - } else if (name.equals("authorities")) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet<>(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - client.setAuthorities(authorities); - } else if (name.equals("accessTokenValiditySeconds")) { - client.setAccessTokenValiditySeconds(reader.nextInt()); - } else if (name.equals("refreshTokenValiditySeconds")) { - client.setRefreshTokenValiditySeconds(reader.nextInt()); - } else if (name.equals("redirectUris")) { - Set redirectUris = readSet(reader); - client.setRedirectUris(redirectUris); - } else if (name.equals("name")) { - client.setClientName(reader.nextString()); - } else if (name.equals("uri")) { - client.setClientUri(reader.nextString()); - } else if (name.equals("logoUri")) { - client.setLogoUri(reader.nextString()); - } else if (name.equals("contacts")) { - Set contacts = readSet(reader); - client.setContacts(contacts); - } else if (name.equals("tosUri")) { - client.setTosUri(reader.nextString()); - } else if (name.equals("tokenEndpointAuthMethod")) { - AuthMethod am = AuthMethod.getByValue(reader.nextString()); - client.setTokenEndpointAuthMethod(am); - } else if (name.equals("grantTypes")) { - Set grantTypes = readSet(reader); - client.setGrantTypes(grantTypes); - } else if (name.equals("responseTypes")) { - Set responseTypes = readSet(reader); - client.setResponseTypes(responseTypes); - } else if (name.equals("policyUri")) { - client.setPolicyUri(reader.nextString()); - } else if (name.equals("applicationType")) { - AppType appType = AppType.getByValue(reader.nextString()); - client.setApplicationType(appType); - } else if (name.equals("sectorIdentifierUri")) { - client.setSectorIdentifierUri(reader.nextString()); - } else if (name.equals("subjectType")) { - SubjectType st = SubjectType.getByValue(reader.nextString()); - client.setSubjectType(st); - } else if (name.equals("jwks_uri")) { - client.setJwksUri(reader.nextString()); - } else if (name.equals("requestObjectSigningAlg")) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setRequestObjectSigningAlg(alg); - } else if (name.equals("userInfoEncryptedResponseAlg")) { - JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); - client.setUserInfoEncryptedResponseAlg(alg); - } else if (name.equals("userInfoEncryptedResponseEnc")) { - EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); - client.setUserInfoEncryptedResponseEnc(alg); - } else if (name.equals("userInfoSignedResponseAlg")) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setUserInfoSignedResponseAlg(alg); - } else if (name.equals("idTokenSignedResonseAlg")) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setIdTokenSignedResponseAlg(alg); - } else if (name.equals("idTokenEncryptedResponseAlg")) { - JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); - client.setIdTokenEncryptedResponseAlg(alg); - } else if (name.equals("idTokenEncryptedResponseEnc")) { - EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); - client.setIdTokenEncryptedResponseEnc(alg); - } else if (name.equals("tokenEndpointAuthSigningAlg")) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setTokenEndpointAuthSigningAlg(alg); - } else if (name.equals("defaultMaxAge")) { - client.setDefaultMaxAge(reader.nextInt()); - } else if (name.equals("requireAuthTime")) { - client.setRequireAuthTime(reader.nextBoolean()); - } else if (name.equals("defaultACRValues")) { - Set defaultACRvalues = readSet(reader); - client.setDefaultACRvalues(defaultACRvalues); - } else if (name.equals("initiateLoginUri")) { - client.setInitiateLoginUri(reader.nextString()); - } else if (name.equals("postLogoutRedirectUri")) { - HashSet postLogoutUris = Sets.newHashSet(reader.nextString()); - client.setPostLogoutRedirectUris(postLogoutUris); - } else if (name.equals("requestUris")) { - Set requestUris = readSet(reader); - client.setRequestUris(requestUris); - } else if (name.equals("description")) { - client.setClientDescription(reader.nextString()); - } else if (name.equals("allowIntrospection")) { - client.setAllowIntrospection(reader.nextBoolean()); - } else if (name.equals("reuseRefreshToken")) { - client.setReuseRefreshToken(reader.nextBoolean()); - } else if (name.equals("dynamicallyRegistered")) { - client.setDynamicallyRegistered(reader.nextBoolean()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - clientRepository.saveClient(client); - } - reader.endArray(); - logger.info("Done reading clients"); - } - - /** - * Read the list of system scopes from the reader and insert them into the - * scope repository. - * - * @param reader - * @throws IOException - */ - private void readSystemScopes(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - SystemScope scope = new SystemScope(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("value")) { - scope.setValue(reader.nextString()); - } else if (name.equals("description")) { - scope.setDescription(reader.nextString()); - } else if (name.equals("allowDynReg")) { - // previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa - scope.setRestricted(!reader.nextBoolean()); - } else if (name.equals("defaultScope")) { - scope.setDefaultScope(reader.nextBoolean()); - } else if (name.equals("icon")) { - scope.setIcon(reader.nextString()); - } else { - logger.debug("found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - sysScopeRepository.save(scope); - } - reader.endArray(); - logger.info("Done reading system scopes"); - } - - private void fixObjectReferences() { - for (Long oldRefreshTokenId : maps.getRefreshTokenToClientRefs().keySet()) { - String clientRef = maps.getRefreshTokenToClientRefs().get(oldRefreshTokenId); - ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - refreshToken.setClient(client); - tokenRepository.saveRefreshToken(refreshToken); - } - for (Long oldRefreshTokenId : maps.getRefreshTokenToAuthHolderRefs().keySet()) { - Long oldAuthHolderId = maps.getRefreshTokenToAuthHolderRefs().get(oldRefreshTokenId); - Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId); - AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - refreshToken.setAuthenticationHolder(authHolder); - tokenRepository.saveRefreshToken(refreshToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToClientRefs().keySet()) { - String clientRef = maps.getAccessTokenToClientRefs().get(oldAccessTokenId); - ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setClient(client); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToAuthHolderRefs().keySet()) { - Long oldAuthHolderId = maps.getAccessTokenToAuthHolderRefs().get(oldAccessTokenId); - Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId); - AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setAuthenticationHolder(authHolder); - tokenRepository.saveAccessToken(accessToken); - } - maps.getAccessTokenToAuthHolderRefs().clear(); - for (Long oldAccessTokenId : maps.getAccessTokenToRefreshTokenRefs().keySet()) { - Long oldRefreshTokenId = maps.getAccessTokenToRefreshTokenRefs().get(oldAccessTokenId); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setRefreshToken(refreshToken); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldGrantId : maps.getGrantToAccessTokensRefs().keySet()) { - Set oldAccessTokenIds = maps.getGrantToAccessTokensRefs().get(oldGrantId); - - Long newGrantId = maps.getGrantOldToNewIdMap().get(oldGrantId); - ApprovedSite site = approvedSiteRepository.getById(newGrantId); - - for(Long oldTokenId : oldAccessTokenIds) { - Long newTokenId = maps.getAccessTokenOldToNewIdMap().get(oldTokenId); - OAuth2AccessTokenEntity token = tokenRepository.getAccessTokenById(newTokenId); - token.setApprovedSite(site); - tokenRepository.saveAccessToken(token); - } - - approvedSiteRepository.save(site); - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java deleted file mode 100644 index 38287ee633..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java +++ /dev/null @@ -1,920 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mitre.util.JsonUtils.readMap; -import static org.mitre.util.JsonUtils.readSet; - -import java.io.IOException; -import java.io.Serializable; -import java.text.ParseException; -import java.util.Collection; -import java.util.Collections; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; - -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AppType; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.SavedUserAuthentication; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mitre.openid.connect.service.MITREidDataServiceExtension; -import org.mitre.openid.connect.service.MITREidDataServiceMaps; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.stereotype.Service; - -import com.google.common.collect.Sets; -import com.google.gson.stream.JsonReader; -import com.google.gson.stream.JsonToken; -import com.google.gson.stream.JsonWriter; -import com.nimbusds.jose.EncryptionMethod; -import com.nimbusds.jose.JWEAlgorithm; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jwt.JWTParser; - -/** - * - * Data service to import MITREid 1.1 configuration. - * - * @author jricher - * @author arielak - */ -@Service -@SuppressWarnings(value = {"unchecked"}) -public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements MITREidDataService { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(MITREidDataService_1_1.class); - @Autowired - private OAuth2ClientRepository clientRepository; - @Autowired - private ApprovedSiteRepository approvedSiteRepository; - @Autowired - private WhitelistedSiteRepository wlSiteRepository; - @Autowired - private BlacklistedSiteRepository blSiteRepository; - @Autowired - private AuthenticationHolderRepository authHolderRepository; - @Autowired - private OAuth2TokenRepository tokenRepository; - @Autowired - private SystemScopeRepository sysScopeRepository; - @Autowired(required = false) - private List extensions = Collections.emptyList(); - - private static final String THIS_VERSION = MITREID_CONNECT_1_1; - - private MITREidDataServiceMaps maps = new MITREidDataServiceMaps(); - - @Override - public boolean supportsVersion(String version) { - return THIS_VERSION.equals(version); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter) - */ - @Override - public void exportData(JsonWriter writer) throws IOException { - throw new UnsupportedOperationException("Can not export 1.1 format from this version."); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataService#importData(com.google.gson.stream.JsonReader) - */ - @Override - public void importData(JsonReader reader) throws IOException { - - logger.info("Reading configuration for 1.1"); - - // this *HAS* to start as an object - reader.beginObject(); - - while (reader.hasNext()) { - JsonToken tok = reader.peek(); - switch (tok) { - case NAME: - String name = reader.nextName(); - // find out which member it is - if (name.equals(CLIENTS)) { - readClients(reader); - } else if (name.equals(GRANTS)) { - readGrants(reader); - } else if (name.equals(WHITELISTEDSITES)) { - readWhitelistedSites(reader); - } else if (name.equals(BLACKLISTEDSITES)) { - readBlacklistedSites(reader); - } else if (name.equals(AUTHENTICATIONHOLDERS)) { - readAuthenticationHolders(reader); - } else if (name.equals(ACCESSTOKENS)) { - readAccessTokens(reader); - } else if (name.equals(REFRESHTOKENS)) { - readRefreshTokens(reader); - } else if (name.equals(SYSTEMSCOPES)) { - readSystemScopes(reader); - } else { - for (MITREidDataServiceExtension extension : extensions) { - if (extension.supportsVersion(THIS_VERSION)) { - if (extension.supportsVersion(THIS_VERSION)) { - extension.importExtensionData(name, reader); - break; - } - } - } - // unknown token, skip it - reader.skipValue(); - } - break; - case END_OBJECT: - // the object ended, we're done here - reader.endObject(); - continue; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - fixObjectReferences(); - for (MITREidDataServiceExtension extension : extensions) { - if (extension.supportsVersion(THIS_VERSION)) { - extension.fixExtensionObjectReferences(maps); - break; - } - } - maps.clearAll(); - } - /** - * @param reader - * @throws IOException - */ - /** - * @param reader - * @throws IOException - */ - private void readRefreshTokens(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - OAuth2RefreshTokenEntity token = new OAuth2RefreshTokenEntity(); - reader.beginObject(); - Long currentId = null; - String clientId = null; - Long authHolderId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("expiration")) { - Date date = utcToDate(reader.nextString()); - token.setExpiration(date); - } else if (name.equals("value")) { - String value = reader.nextString(); - try { - token.setJwt(JWTParser.parse(value)); - } catch (ParseException ex) { - logger.error("Unable to set refresh token value to {}", value, ex); - } - } else if (name.equals("clientId")) { - clientId = reader.nextString(); - } else if (name.equals("authenticationHolderId")) { - authHolderId = reader.nextLong(); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = tokenRepository.saveRefreshToken(token).getId(); - maps.getRefreshTokenToClientRefs().put(currentId, clientId); - maps.getRefreshTokenToAuthHolderRefs().put(currentId, authHolderId); - maps.getRefreshTokenOldToNewIdMap().put(currentId, newId); - logger.debug("Read refresh token {}", currentId); - } - reader.endArray(); - logger.info("Done reading refresh tokens"); - } - /** - * @param reader - * @throws IOException - */ - /** - * @param reader - * @throws IOException - */ - private void readAccessTokens(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - reader.beginObject(); - Long currentId = null; - String clientId = null; - Long authHolderId = null; - Long refreshTokenId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("expiration")) { - Date date = utcToDate(reader.nextString()); - token.setExpiration(date); - } else if (name.equals("value")) { - String value = reader.nextString(); - try { - // all tokens are JWTs - token.setJwt(JWTParser.parse(value)); - } catch (ParseException ex) { - logger.error("Unable to set refresh token value to {}", value, ex); - } - } else if (name.equals("clientId")) { - clientId = reader.nextString(); - } else if (name.equals("authenticationHolderId")) { - authHolderId = reader.nextLong(); - } else if (name.equals("refreshTokenId")) { - refreshTokenId = reader.nextLong(); - } else if (name.equals("scope")) { - Set scope = readSet(reader); - token.setScope(scope); - } else if (name.equals("type")) { - token.setTokenType(reader.nextString()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = tokenRepository.saveAccessToken(token).getId(); - maps.getAccessTokenToClientRefs().put(currentId, clientId); - maps.getAccessTokenToAuthHolderRefs().put(currentId, authHolderId); - if (refreshTokenId != null) { - maps.getAccessTokenToRefreshTokenRefs().put(currentId, refreshTokenId); - } - maps.getAccessTokenOldToNewIdMap().put(currentId, newId); - logger.debug("Read access token {}", currentId); - } - reader.endArray(); - logger.info("Done reading access tokens"); - } - /** - * @param reader - * @throws IOException - */ - private void readAuthenticationHolders(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - AuthenticationHolderEntity ahe = new AuthenticationHolderEntity(); - reader.beginObject(); - Long currentId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("ownerId")) { - //not needed - reader.skipValue(); - } else if (name.equals("authentication")) { - OAuth2Request clientAuthorization = null; - Authentication userAuthentication = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String subName = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); // skip null values - } else if (subName.equals("clientAuthorization")) { - clientAuthorization = readAuthorizationRequest(reader); - } else if (subName.equals("userAuthentication")) { - // skip binary encoded version - reader.skipValue(); - - } else if (subName.equals("savedUserAuthentication")) { - userAuthentication = readSavedUserAuthentication(reader); - - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication); - ahe.setAuthentication(auth); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = authHolderRepository.save(ahe).getId(); - maps.getAuthHolderOldToNewIdMap().put(currentId, newId); - logger.debug("Read authentication holder {}", currentId); - } - reader.endArray(); - logger.info("Done reading authentication holders"); - } - - //used by readAuthenticationHolders - private OAuth2Request readAuthorizationRequest(JsonReader reader) throws IOException { - Set scope = new LinkedHashSet<>(); - Set resourceIds = new HashSet<>(); - boolean approved = false; - Collection authorities = new HashSet<>(); - Map requestParameters = new HashMap<>(); - Set responseTypes = new HashSet<>(); - Map extensions = new HashMap<>(); - String redirectUri = null; - String clientId = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("requestParameters")) { - requestParameters = readMap(reader); - } else if (name.equals("clientId")) { - clientId = reader.nextString(); - } else if (name.equals("scope")) { - scope = readSet(reader); - } else if (name.equals("resourceIds")) { - resourceIds = readSet(reader); - } else if (name.equals("authorities")) { - Set authorityStrs = readSet(reader); - authorities = new HashSet<>(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - } else if (name.equals("approved")) { - approved = reader.nextBoolean(); - } else if (name.equals("denied")) { - if (approved == false) { - approved = !reader.nextBoolean(); - } - } else if (name.equals("redirectUri")) { - redirectUri = reader.nextString(); - } else if (name.equals("responseTypes")) { - responseTypes = readSet(reader); - } else if (name.equals("extensions")) { - // skip the binary encoded version - reader.skipValue(); - } else if (name.equals("extensionStrings")) { - Map extEnc = readMap(reader); - for (Entry entry : extEnc.entrySet()) { - extensions.put(entry.getKey(), entry.getValue()); - } - } else { - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions); - } - - /** - * @param reader - * @return - * @throws IOException - */ - private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException { - SavedUserAuthentication savedUserAuth = new SavedUserAuthentication(); - reader.beginObject(); - - while (reader.hasNext()) { - switch(reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("name")) { - savedUserAuth.setName(reader.nextString()); - } else if (name.equals("sourceClass")) { - savedUserAuth.setSourceClass(reader.nextString()); - } else if (name.equals("authenticated")) { - savedUserAuth.setAuthenticated(reader.nextBoolean()); - } else if (name.equals("authorities")) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - savedUserAuth.setAuthorities(authorities); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - - reader.endObject(); - return savedUserAuth; - } - - /** - * @param reader - * @throws IOException - */ - private void readGrants(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - ApprovedSite site = new ApprovedSite(); - Long currentId = null; - Long whitelistedSiteId = null; - Set tokenIds = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("accessDate")) { - Date date = utcToDate(reader.nextString()); - site.setAccessDate(date); - } else if (name.equals("clientId")) { - site.setClientId(reader.nextString()); - } else if (name.equals("creationDate")) { - Date date = utcToDate(reader.nextString()); - site.setCreationDate(date); - } else if (name.equals("timeoutDate")) { - Date date = utcToDate(reader.nextString()); - site.setTimeoutDate(date); - } else if (name.equals("userId")) { - site.setUserId(reader.nextString()); - } else if (name.equals("allowedScopes")) { - Set allowedScopes = readSet(reader); - site.setAllowedScopes(allowedScopes); - } else if (name.equals("whitelistedSiteId")) { - whitelistedSiteId = reader.nextLong(); - } else if (name.equals("approvedAccessTokens")) { - tokenIds = readSet(reader); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = approvedSiteRepository.save(site).getId(); - maps.getGrantOldToNewIdMap().put(currentId, newId); - if (whitelistedSiteId != null) { - logger.debug("Ignoring whitelisted site marker on approved site."); - } - if (tokenIds != null) { - maps.getGrantToAccessTokensRefs().put(currentId, tokenIds); - } - logger.debug("Read grant {}", currentId); - } - reader.endArray(); - logger.info("Done reading grants"); - } - /** - * @param reader - * @throws IOException - */ - private void readWhitelistedSites(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - WhitelistedSite wlSite = new WhitelistedSite(); - Long currentId = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (name.equals("id")) { - currentId = reader.nextLong(); - } else if (name.equals("clientId")) { - wlSite.setClientId(reader.nextString()); - } else if (name.equals("creatorUserId")) { - wlSite.setCreatorUserId(reader.nextString()); - } else if (name.equals("allowedScopes")) { - Set allowedScopes = readSet(reader); - wlSite.setAllowedScopes(allowedScopes); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = wlSiteRepository.save(wlSite).getId(); - maps.getWhitelistedSiteOldToNewIdMap().put(currentId, newId); - } - reader.endArray(); - logger.info("Done reading whitelisted sites"); - } - - /** - * @param reader - * @throws IOException - */ - private void readBlacklistedSites(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - BlacklistedSite blSite = new BlacklistedSite(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (name.equals("id")) { - reader.skipValue(); - } else if (name.equals("uri")) { - blSite.setUri(reader.nextString()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - blSiteRepository.save(blSite); - } - reader.endArray(); - logger.info("Done reading blacklisted sites"); - } - - /** - * @param reader - * @throws IOException - */ - private void readClients(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - ClientDetailsEntity client = new ClientDetailsEntity(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("clientId")) { - client.setClientId(reader.nextString()); - } else if (name.equals("resourceIds")) { - Set resourceIds = readSet(reader); - client.setResourceIds(resourceIds); - } else if (name.equals("secret")) { - client.setClientSecret(reader.nextString()); - } else if (name.equals("scope")) { - Set scope = readSet(reader); - client.setScope(scope); - } else if (name.equals("authorities")) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet<>(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - client.setAuthorities(authorities); - } else if (name.equals("accessTokenValiditySeconds")) { - client.setAccessTokenValiditySeconds(reader.nextInt()); - } else if (name.equals("refreshTokenValiditySeconds")) { - client.setRefreshTokenValiditySeconds(reader.nextInt()); - } else if (name.equals("redirectUris")) { - Set redirectUris = readSet(reader); - client.setRedirectUris(redirectUris); - } else if (name.equals("name")) { - client.setClientName(reader.nextString()); - } else if (name.equals("uri")) { - client.setClientUri(reader.nextString()); - } else if (name.equals("logoUri")) { - client.setLogoUri(reader.nextString()); - } else if (name.equals("contacts")) { - Set contacts = readSet(reader); - client.setContacts(contacts); - } else if (name.equals("tosUri")) { - client.setTosUri(reader.nextString()); - } else if (name.equals("tokenEndpointAuthMethod")) { - AuthMethod am = AuthMethod.getByValue(reader.nextString()); - client.setTokenEndpointAuthMethod(am); - } else if (name.equals("grantTypes")) { - Set grantTypes = readSet(reader); - client.setGrantTypes(grantTypes); - } else if (name.equals("responseTypes")) { - Set responseTypes = readSet(reader); - client.setResponseTypes(responseTypes); - } else if (name.equals("policyUri")) { - client.setPolicyUri(reader.nextString()); - } else if (name.equals("applicationType")) { - AppType appType = AppType.getByValue(reader.nextString()); - client.setApplicationType(appType); - } else if (name.equals("sectorIdentifierUri")) { - client.setSectorIdentifierUri(reader.nextString()); - } else if (name.equals("subjectType")) { - SubjectType st = SubjectType.getByValue(reader.nextString()); - client.setSubjectType(st); - } else if (name.equals("jwks_uri")) { - client.setJwksUri(reader.nextString()); - } else if (name.equals("requestObjectSigningAlg")) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setRequestObjectSigningAlg(alg); - } else if (name.equals("userInfoEncryptedResponseAlg")) { - JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); - client.setUserInfoEncryptedResponseAlg(alg); - } else if (name.equals("userInfoEncryptedResponseEnc")) { - EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); - client.setUserInfoEncryptedResponseEnc(alg); - } else if (name.equals("userInfoSignedResponseAlg")) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setUserInfoSignedResponseAlg(alg); - } else if (name.equals("idTokenSignedResonseAlg")) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setIdTokenSignedResponseAlg(alg); - } else if (name.equals("idTokenEncryptedResponseAlg")) { - JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); - client.setIdTokenEncryptedResponseAlg(alg); - } else if (name.equals("idTokenEncryptedResponseEnc")) { - EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); - client.setIdTokenEncryptedResponseEnc(alg); - } else if (name.equals("tokenEndpointAuthSigningAlg")) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setTokenEndpointAuthSigningAlg(alg); - } else if (name.equals("defaultMaxAge")) { - client.setDefaultMaxAge(reader.nextInt()); - } else if (name.equals("requireAuthTime")) { - client.setRequireAuthTime(reader.nextBoolean()); - } else if (name.equals("defaultACRValues")) { - Set defaultACRvalues = readSet(reader); - client.setDefaultACRvalues(defaultACRvalues); - } else if (name.equals("initiateLoginUri")) { - client.setInitiateLoginUri(reader.nextString()); - } else if (name.equals("postLogoutRedirectUri")) { - HashSet postLogoutUris = Sets.newHashSet(reader.nextString()); - client.setPostLogoutRedirectUris(postLogoutUris); - } else if (name.equals("requestUris")) { - Set requestUris = readSet(reader); - client.setRequestUris(requestUris); - } else if (name.equals("description")) { - client.setClientDescription(reader.nextString()); - } else if (name.equals("allowIntrospection")) { - client.setAllowIntrospection(reader.nextBoolean()); - } else if (name.equals("reuseRefreshToken")) { - client.setReuseRefreshToken(reader.nextBoolean()); - } else if (name.equals("dynamicallyRegistered")) { - client.setDynamicallyRegistered(reader.nextBoolean()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - clientRepository.saveClient(client); - } - reader.endArray(); - logger.info("Done reading clients"); - } - - /** - * Read the list of system scopes from the reader and insert them into the - * scope repository. - * - * @param reader - * @throws IOException - */ - private void readSystemScopes(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - SystemScope scope = new SystemScope(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals("value")) { - scope.setValue(reader.nextString()); - } else if (name.equals("description")) { - scope.setDescription(reader.nextString()); - } else if (name.equals("allowDynReg")) { - // previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa - scope.setRestricted(!reader.nextBoolean()); - } else if (name.equals("defaultScope")) { - scope.setDefaultScope(reader.nextBoolean()); - } else if (name.equals("structured")) { - logger.warn("Found a structured scope, ignoring structure"); - } else if (name.equals("structuredParameter")) { - logger.warn("Found a structured scope, ignoring structure"); - } else if (name.equals("icon")) { - scope.setIcon(reader.nextString()); - } else { - logger.debug("found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - sysScopeRepository.save(scope); - } - reader.endArray(); - logger.info("Done reading system scopes"); - } - - private void fixObjectReferences() { - for (Long oldRefreshTokenId : maps.getRefreshTokenToClientRefs().keySet()) { - String clientRef = maps.getRefreshTokenToClientRefs().get(oldRefreshTokenId); - ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - refreshToken.setClient(client); - tokenRepository.saveRefreshToken(refreshToken); - } - for (Long oldRefreshTokenId : maps.getRefreshTokenToAuthHolderRefs().keySet()) { - Long oldAuthHolderId = maps.getRefreshTokenToAuthHolderRefs().get(oldRefreshTokenId); - Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId); - AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - refreshToken.setAuthenticationHolder(authHolder); - tokenRepository.saveRefreshToken(refreshToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToClientRefs().keySet()) { - String clientRef = maps.getAccessTokenToClientRefs().get(oldAccessTokenId); - ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setClient(client); - tokenRepository.saveAccessToken(accessToken); - } - maps.getAccessTokenToClientRefs().clear(); - for (Long oldAccessTokenId : maps.getAccessTokenToAuthHolderRefs().keySet()) { - Long oldAuthHolderId = maps.getAccessTokenToAuthHolderRefs().get(oldAccessTokenId); - Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId); - AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setAuthenticationHolder(authHolder); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToRefreshTokenRefs().keySet()) { - Long oldRefreshTokenId = maps.getAccessTokenToRefreshTokenRefs().get(oldAccessTokenId); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setRefreshToken(refreshToken); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldGrantId : maps.getGrantToAccessTokensRefs().keySet()) { - Set oldAccessTokenIds = maps.getGrantToAccessTokensRefs().get(oldGrantId); - - Long newGrantId = maps.getGrantOldToNewIdMap().get(oldGrantId); - ApprovedSite site = approvedSiteRepository.getById(newGrantId); - - for(Long oldTokenId : oldAccessTokenIds) { - Long newTokenId = maps.getAccessTokenOldToNewIdMap().get(oldTokenId); - OAuth2AccessTokenEntity token = tokenRepository.getAccessTokenById(newTokenId); - token.setApprovedSite(site); - tokenRepository.saveAccessToken(token); - } - - approvedSiteRepository.save(site); - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java deleted file mode 100644 index 8cbe31232d..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java +++ /dev/null @@ -1,901 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mitre.util.JsonUtils.readMap; -import static org.mitre.util.JsonUtils.readSet; - -import java.io.IOException; -import java.text.ParseException; -import java.util.Collections; -import java.util.Date; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AppType; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.SavedUserAuthentication; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mitre.openid.connect.service.MITREidDataServiceExtension; -import org.mitre.openid.connect.service.MITREidDataServiceMaps; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.stereotype.Service; - -import com.google.gson.stream.JsonReader; -import com.google.gson.stream.JsonToken; -import com.google.gson.stream.JsonWriter; -import com.nimbusds.jose.EncryptionMethod; -import com.nimbusds.jose.JWEAlgorithm; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.jwk.JWKSet; -import com.nimbusds.jwt.JWTParser; - -/** - * - * Data service to import and export MITREid 1.2 configuration. - * - * @author jricher - * @author arielak - */ -@Service -@SuppressWarnings(value = {"unchecked"}) -public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements MITREidDataService { - - private static final String DEFAULT_SCOPE = "defaultScope"; - private static final String STRUCTURED_PARAMETER = "structuredParameter"; - private static final String STRUCTURED = "structured"; - private static final String RESTRICTED = "restricted"; - private static final String ICON = "icon"; - private static final String DYNAMICALLY_REGISTERED = "dynamicallyRegistered"; - private static final String CLEAR_ACCESS_TOKENS_ON_REFRESH = "clearAccessTokensOnRefresh"; - private static final String REUSE_REFRESH_TOKEN = "reuseRefreshToken"; - private static final String ALLOW_INTROSPECTION = "allowIntrospection"; - private static final String DESCRIPTION = "description"; - private static final String REQUEST_URIS = "requestUris"; - private static final String POST_LOGOUT_REDIRECT_URI = "postLogoutRedirectUri"; - private static final String INTITATE_LOGIN_URI = "intitateLoginUri"; - private static final String DEFAULT_ACR_VALUES = "defaultACRValues"; - private static final String REQUIRE_AUTH_TIME = "requireAuthTime"; - private static final String DEFAULT_MAX_AGE = "defaultMaxAge"; - private static final String TOKEN_ENDPOINT_AUTH_SIGNING_ALG = "tokenEndpointAuthSigningAlg"; - private static final String USER_INFO_ENCRYPTED_RESPONSE_ENC = "userInfoEncryptedResponseEnc"; - private static final String USER_INFO_ENCRYPTED_RESPONSE_ALG = "userInfoEncryptedResponseAlg"; - private static final String USER_INFO_SIGNED_RESPONSE_ALG = "userInfoSignedResponseAlg"; - private static final String ID_TOKEN_ENCRYPTED_RESPONSE_ENC = "idTokenEncryptedResponseEnc"; - private static final String ID_TOKEN_ENCRYPTED_RESPONSE_ALG = "idTokenEncryptedResponseAlg"; - private static final String ID_TOKEN_SIGNED_RESPONSE_ALG = "idTokenSignedResponseAlg"; - private static final String REQUEST_OBJECT_SIGNING_ALG = "requestObjectSigningAlg"; - private static final String SUBJECT_TYPE = "subjectType"; - private static final String SECTOR_IDENTIFIER_URI = "sectorIdentifierUri"; - private static final String APPLICATION_TYPE = "applicationType"; - private static final String JWKS = "jwks"; - private static final String JWKS_URI = "jwksUri"; - private static final String POLICY_URI = "policyUri"; - private static final String GRANT_TYPES = "grantTypes"; - private static final String TOKEN_ENDPOINT_AUTH_METHOD = "tokenEndpointAuthMethod"; - private static final String TOS_URI = "tosUri"; - private static final String CONTACTS = "contacts"; - private static final String LOGO_URI = "logoUri"; - private static final String REDIRECT_URIS = "redirectUris"; - private static final String REFRESH_TOKEN_VALIDITY_SECONDS = "refreshTokenValiditySeconds"; - private static final String ACCESS_TOKEN_VALIDITY_SECONDS = "accessTokenValiditySeconds"; - private static final String SECRET = "secret"; - private static final String URI = "uri"; - private static final String CREATOR_USER_ID = "creatorUserId"; - private static final String APPROVED_ACCESS_TOKENS = "approvedAccessTokens"; - private static final String ALLOWED_SCOPES = "allowedScopes"; - private static final String USER_ID = "userId"; - private static final String TIMEOUT_DATE = "timeoutDate"; - private static final String CREATION_DATE = "creationDate"; - private static final String ACCESS_DATE = "accessDate"; - private static final String AUTHENTICATED = "authenticated"; - private static final String SOURCE_CLASS = "sourceClass"; - private static final String NAME = "name"; - private static final String SAVED_USER_AUTHENTICATION = "savedUserAuthentication"; - private static final String EXTENSIONS = "extensions"; - private static final String RESPONSE_TYPES = "responseTypes"; - private static final String REDIRECT_URI = "redirectUri"; - private static final String APPROVED = "approved"; - private static final String AUTHORITIES = "authorities"; - private static final String RESOURCE_IDS = "resourceIds"; - private static final String REQUEST_PARAMETERS = "requestParameters"; - private static final String TYPE = "type"; - private static final String SCOPE = "scope"; - private static final String REFRESH_TOKEN_ID = "refreshTokenId"; - private static final String VALUE = "value"; - private static final String AUTHENTICATION_HOLDER_ID = "authenticationHolderId"; - private static final String CLIENT_ID = "clientId"; - private static final String EXPIRATION = "expiration"; - private static final String CLAIMS_REDIRECT_URIS = "claimsRedirectUris"; - private static final String ID = "id"; - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(MITREidDataService_1_2.class); - @Autowired - private OAuth2ClientRepository clientRepository; - @Autowired - private ApprovedSiteRepository approvedSiteRepository; - @Autowired - private WhitelistedSiteRepository wlSiteRepository; - @Autowired - private BlacklistedSiteRepository blSiteRepository; - @Autowired - private AuthenticationHolderRepository authHolderRepository; - @Autowired - private OAuth2TokenRepository tokenRepository; - @Autowired - private SystemScopeRepository sysScopeRepository; - @Autowired(required = false) - private List extensions = Collections.emptyList(); - - private MITREidDataServiceMaps maps = new MITREidDataServiceMaps(); - - private static final String THIS_VERSION = MITREID_CONNECT_1_2; - - @Override - public boolean supportsVersion(String version) { - return THIS_VERSION.equals(version); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter) - */ - @Override - public void exportData(JsonWriter writer) throws IOException { - - throw new UnsupportedOperationException("Can not export 1.2 format from this version."); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataService#importData(com.google.gson.stream.JsonReader) - */ - @Override - public void importData(JsonReader reader) throws IOException { - - logger.info("Reading configuration for 1.2"); - - // this *HAS* to start as an object - reader.beginObject(); - - while (reader.hasNext()) { - JsonToken tok = reader.peek(); - switch (tok) { - case NAME: - String name = reader.nextName(); - // find out which member it is - if (name.equals(CLIENTS)) { - readClients(reader); - } else if (name.equals(GRANTS)) { - readGrants(reader); - } else if (name.equals(WHITELISTEDSITES)) { - readWhitelistedSites(reader); - } else if (name.equals(BLACKLISTEDSITES)) { - readBlacklistedSites(reader); - } else if (name.equals(AUTHENTICATIONHOLDERS)) { - readAuthenticationHolders(reader); - } else if (name.equals(ACCESSTOKENS)) { - readAccessTokens(reader); - } else if (name.equals(REFRESHTOKENS)) { - readRefreshTokens(reader); - } else if (name.equals(SYSTEMSCOPES)) { - readSystemScopes(reader); - } else { - for (MITREidDataServiceExtension extension : extensions) { - if (extension.supportsVersion(THIS_VERSION)) { - extension.importExtensionData(name, reader); - break; - } - } - // unknown token, skip it - reader.skipValue(); - } - break; - case END_OBJECT: - // the object ended, we're done here - reader.endObject(); - continue; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - fixObjectReferences(); - for (MITREidDataServiceExtension extension : extensions) { - if (extension.supportsVersion(THIS_VERSION)) { - extension.fixExtensionObjectReferences(maps); - break; - } - } - maps.clearAll(); - } - /** - * @param reader - * @throws IOException - */ - /** - * @param reader - * @throws IOException - */ - private void readRefreshTokens(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - OAuth2RefreshTokenEntity token = new OAuth2RefreshTokenEntity(); - reader.beginObject(); - Long currentId = null; - String clientId = null; - Long authHolderId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(EXPIRATION)) { - Date date = utcToDate(reader.nextString()); - token.setExpiration(date); - } else if (name.equals(VALUE)) { - String value = reader.nextString(); - try { - token.setJwt(JWTParser.parse(value)); - } catch (ParseException ex) { - logger.error("Unable to set refresh token value to {}", value, ex); - } - } else if (name.equals(CLIENT_ID)) { - clientId = reader.nextString(); - } else if (name.equals(AUTHENTICATION_HOLDER_ID)) { - authHolderId = reader.nextLong(); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = tokenRepository.saveRefreshToken(token).getId(); - maps.getRefreshTokenToClientRefs().put(currentId, clientId); - maps.getRefreshTokenToAuthHolderRefs().put(currentId, authHolderId); - maps.getRefreshTokenOldToNewIdMap().put(currentId, newId); - logger.debug("Read refresh token {}", currentId); - } - reader.endArray(); - logger.info("Done reading refresh tokens"); - } - /** - * @param reader - * @throws IOException - */ - /** - * @param reader - * @throws IOException - */ - private void readAccessTokens(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - reader.beginObject(); - Long currentId = null; - String clientId = null; - Long authHolderId = null; - Long refreshTokenId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(EXPIRATION)) { - Date date = utcToDate(reader.nextString()); - token.setExpiration(date); - } else if (name.equals(VALUE)) { - String value = reader.nextString(); - try { - // all tokens are JWTs - token.setJwt(JWTParser.parse(value)); - } catch (ParseException ex) { - logger.error("Unable to set refresh token value to {}", value, ex); - } - } else if (name.equals(CLIENT_ID)) { - clientId = reader.nextString(); - } else if (name.equals(AUTHENTICATION_HOLDER_ID)) { - authHolderId = reader.nextLong(); - } else if (name.equals(REFRESH_TOKEN_ID)) { - refreshTokenId = reader.nextLong(); - } else if (name.equals(SCOPE)) { - Set scope = readSet(reader); - token.setScope(scope); - } else if (name.equals(TYPE)) { - token.setTokenType(reader.nextString()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = tokenRepository.saveAccessToken(token).getId(); - maps.getAccessTokenToClientRefs().put(currentId, clientId); - maps.getAccessTokenToAuthHolderRefs().put(currentId, authHolderId); - if (refreshTokenId != null) { - maps.getAccessTokenToRefreshTokenRefs().put(currentId, refreshTokenId); - } - maps.getAccessTokenOldToNewIdMap().put(currentId, newId); - logger.debug("Read access token {}", currentId); - } - reader.endArray(); - logger.info("Done reading access tokens"); - } - /** - * @param reader - * @throws IOException - */ - private void readAuthenticationHolders(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - AuthenticationHolderEntity ahe = new AuthenticationHolderEntity(); - reader.beginObject(); - Long currentId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(REQUEST_PARAMETERS)) { - ahe.setRequestParameters(readMap(reader)); - } else if (name.equals(CLIENT_ID)) { - ahe.setClientId(reader.nextString()); - } else if (name.equals(SCOPE)) { - ahe.setScope(readSet(reader)); - } else if (name.equals(RESOURCE_IDS)) { - ahe.setResourceIds(readSet(reader)); - } else if (name.equals(AUTHORITIES)) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - ahe.setAuthorities(authorities); - } else if (name.equals(APPROVED)) { - ahe.setApproved(reader.nextBoolean()); - } else if (name.equals(REDIRECT_URI)) { - ahe.setRedirectUri(reader.nextString()); - } else if (name.equals(RESPONSE_TYPES)) { - ahe.setResponseTypes(readSet(reader)); - } else if (name.equals(EXTENSIONS)) { - ahe.setExtensions(readMap(reader)); - } else if (name.equals(SAVED_USER_AUTHENTICATION)) { - ahe.setUserAuth(readSavedUserAuthentication(reader)); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = authHolderRepository.save(ahe).getId(); - maps.getAuthHolderOldToNewIdMap().put(currentId, newId); - logger.debug("Read authentication holder {}", currentId); - } - reader.endArray(); - logger.info("Done reading authentication holders"); - } - - /** - * @param reader - * @return - * @throws IOException - */ - private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException { - SavedUserAuthentication savedUserAuth = new SavedUserAuthentication(); - reader.beginObject(); - - while (reader.hasNext()) { - switch(reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(NAME)) { - savedUserAuth.setName(reader.nextString()); - } else if (name.equals(SOURCE_CLASS)) { - savedUserAuth.setSourceClass(reader.nextString()); - } else if (name.equals(AUTHENTICATED)) { - savedUserAuth.setAuthenticated(reader.nextBoolean()); - } else if (name.equals(AUTHORITIES)) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - savedUserAuth.setAuthorities(authorities); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - - reader.endObject(); - return savedUserAuth; - } - - /** - * @param reader - * @throws IOException - */ - private void readGrants(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - ApprovedSite site = new ApprovedSite(); - Long currentId = null; - Set tokenIds = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(ACCESS_DATE)) { - Date date = utcToDate(reader.nextString()); - site.setAccessDate(date); - } else if (name.equals(CLIENT_ID)) { - site.setClientId(reader.nextString()); - } else if (name.equals(CREATION_DATE)) { - Date date = utcToDate(reader.nextString()); - site.setCreationDate(date); - } else if (name.equals(TIMEOUT_DATE)) { - Date date = utcToDate(reader.nextString()); - site.setTimeoutDate(date); - } else if (name.equals(USER_ID)) { - site.setUserId(reader.nextString()); - } else if (name.equals(ALLOWED_SCOPES)) { - Set allowedScopes = readSet(reader); - site.setAllowedScopes(allowedScopes); - } else if (name.equals(APPROVED_ACCESS_TOKENS)) { - tokenIds = readSet(reader); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = approvedSiteRepository.save(site).getId(); - maps.getGrantOldToNewIdMap().put(currentId, newId); - if (tokenIds != null) { - maps.getGrantToAccessTokensRefs().put(currentId, tokenIds); - } - logger.debug("Read grant {}", currentId); - } - reader.endArray(); - logger.info("Done reading grants"); - } - /** - * @param reader - * @throws IOException - */ - private void readWhitelistedSites(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - WhitelistedSite wlSite = new WhitelistedSite(); - Long currentId = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(CLIENT_ID)) { - wlSite.setClientId(reader.nextString()); - } else if (name.equals(CREATOR_USER_ID)) { - wlSite.setCreatorUserId(reader.nextString()); - } else if (name.equals(ALLOWED_SCOPES)) { - Set allowedScopes = readSet(reader); - wlSite.setAllowedScopes(allowedScopes); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = wlSiteRepository.save(wlSite).getId(); - maps.getWhitelistedSiteOldToNewIdMap().put(currentId, newId); - } - reader.endArray(); - logger.info("Done reading whitelisted sites"); - } - - /** - * @param reader - * @throws IOException - */ - private void readBlacklistedSites(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - BlacklistedSite blSite = new BlacklistedSite(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (name.equals(ID)) { - reader.skipValue(); - } else if (name.equals(URI)) { - blSite.setUri(reader.nextString()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - blSiteRepository.save(blSite); - } - reader.endArray(); - logger.info("Done reading blacklisted sites"); - } - - /** - * @param reader - * @throws IOException - */ - private void readClients(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - ClientDetailsEntity client = new ClientDetailsEntity(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(CLIENT_ID)) { - client.setClientId(reader.nextString()); - } else if (name.equals(RESOURCE_IDS)) { - Set resourceIds = readSet(reader); - client.setResourceIds(resourceIds); - } else if (name.equals(SECRET)) { - client.setClientSecret(reader.nextString()); - } else if (name.equals(SCOPE)) { - Set scope = readSet(reader); - client.setScope(scope); - } else if (name.equals(AUTHORITIES)) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - client.setAuthorities(authorities); - } else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) { - client.setAccessTokenValiditySeconds(reader.nextInt()); - } else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) { - client.setRefreshTokenValiditySeconds(reader.nextInt()); - } else if (name.equals(REDIRECT_URIS)) { - Set redirectUris = readSet(reader); - client.setRedirectUris(redirectUris); - } else if (name.equals(CLAIMS_REDIRECT_URIS)) { - Set claimsRedirectUris = readSet(reader); - client.setClaimsRedirectUris(claimsRedirectUris); - } else if (name.equals(NAME)) { - client.setClientName(reader.nextString()); - } else if (name.equals(URI)) { - client.setClientUri(reader.nextString()); - } else if (name.equals(LOGO_URI)) { - client.setLogoUri(reader.nextString()); - } else if (name.equals(CONTACTS)) { - Set contacts = readSet(reader); - client.setContacts(contacts); - } else if (name.equals(TOS_URI)) { - client.setTosUri(reader.nextString()); - } else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) { - AuthMethod am = AuthMethod.getByValue(reader.nextString()); - client.setTokenEndpointAuthMethod(am); - } else if (name.equals(GRANT_TYPES)) { - Set grantTypes = readSet(reader); - client.setGrantTypes(grantTypes); - } else if (name.equals(RESPONSE_TYPES)) { - Set responseTypes = readSet(reader); - client.setResponseTypes(responseTypes); - } else if (name.equals(POLICY_URI)) { - client.setPolicyUri(reader.nextString()); - } else if (name.equals(APPLICATION_TYPE)) { - AppType appType = AppType.getByValue(reader.nextString()); - client.setApplicationType(appType); - } else if (name.equals(SECTOR_IDENTIFIER_URI)) { - client.setSectorIdentifierUri(reader.nextString()); - } else if (name.equals(SUBJECT_TYPE)) { - SubjectType st = SubjectType.getByValue(reader.nextString()); - client.setSubjectType(st); - } else if (name.equals(JWKS_URI)) { - client.setJwksUri(reader.nextString()); - } else if (name.equals(JWKS)) { - try { - client.setJwks(JWKSet.parse(reader.nextString())); - } catch (ParseException e) { - logger.error("Couldn't parse JWK Set", e); - } - } else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setRequestObjectSigningAlg(alg); - } else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) { - JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); - client.setUserInfoEncryptedResponseAlg(alg); - } else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) { - EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); - client.setUserInfoEncryptedResponseEnc(alg); - } else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setUserInfoSignedResponseAlg(alg); - } else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setIdTokenSignedResponseAlg(alg); - } else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) { - JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); - client.setIdTokenEncryptedResponseAlg(alg); - } else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) { - EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); - client.setIdTokenEncryptedResponseEnc(alg); - } else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setTokenEndpointAuthSigningAlg(alg); - } else if (name.equals(DEFAULT_MAX_AGE)) { - client.setDefaultMaxAge(reader.nextInt()); - } else if (name.equals(REQUIRE_AUTH_TIME)) { - client.setRequireAuthTime(reader.nextBoolean()); - } else if (name.equals(DEFAULT_ACR_VALUES)) { - Set defaultACRvalues = readSet(reader); - client.setDefaultACRvalues(defaultACRvalues); - } else if (name.equals("initiateLoginUri")) { - client.setInitiateLoginUri(reader.nextString()); - } else if (name.equals(POST_LOGOUT_REDIRECT_URI)) { - Set postLogoutUris = readSet(reader); - client.setPostLogoutRedirectUris(postLogoutUris); - } else if (name.equals(REQUEST_URIS)) { - Set requestUris = readSet(reader); - client.setRequestUris(requestUris); - } else if (name.equals(DESCRIPTION)) { - client.setClientDescription(reader.nextString()); - } else if (name.equals(ALLOW_INTROSPECTION)) { - client.setAllowIntrospection(reader.nextBoolean()); - } else if (name.equals(REUSE_REFRESH_TOKEN)) { - client.setReuseRefreshToken(reader.nextBoolean()); - } else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) { - client.setClearAccessTokensOnRefresh(reader.nextBoolean()); - } else if (name.equals(DYNAMICALLY_REGISTERED)) { - client.setDynamicallyRegistered(reader.nextBoolean()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - clientRepository.saveClient(client); - } - reader.endArray(); - logger.info("Done reading clients"); - } - - /** - * Read the list of system scopes from the reader and insert them into the - * scope repository. - * - * @param reader - * @throws IOException - */ - private void readSystemScopes(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - SystemScope scope = new SystemScope(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(VALUE)) { - scope.setValue(reader.nextString()); - } else if (name.equals(DESCRIPTION)) { - scope.setDescription(reader.nextString()); - } else if (name.equals(RESTRICTED)) { - scope.setRestricted(reader.nextBoolean()); - } else if (name.equals(DEFAULT_SCOPE)) { - scope.setDefaultScope(reader.nextBoolean()); - } else if (name.equals(ICON)) { - scope.setIcon(reader.nextString()); - } else if (name.equals(STRUCTURED)) { - logger.warn("Found a structured scope, ignoring structure"); - } else if (name.equals(STRUCTURED_PARAMETER)) { - logger.warn("Found a structured scope, ignoring structure"); - } else { - logger.debug("found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - sysScopeRepository.save(scope); - } - reader.endArray(); - logger.info("Done reading system scopes"); - } - - private void fixObjectReferences() { - logger.info("Fixing object references..."); - for (Long oldRefreshTokenId : maps.getRefreshTokenToClientRefs().keySet()) { - String clientRef = maps.getRefreshTokenToClientRefs().get(oldRefreshTokenId); - ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - refreshToken.setClient(client); - tokenRepository.saveRefreshToken(refreshToken); - } - for (Long oldRefreshTokenId : maps.getRefreshTokenToAuthHolderRefs().keySet()) { - Long oldAuthHolderId = maps.getRefreshTokenToAuthHolderRefs().get(oldRefreshTokenId); - Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId); - AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - refreshToken.setAuthenticationHolder(authHolder); - tokenRepository.saveRefreshToken(refreshToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToClientRefs().keySet()) { - String clientRef = maps.getAccessTokenToClientRefs().get(oldAccessTokenId); - ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setClient(client); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToAuthHolderRefs().keySet()) { - Long oldAuthHolderId = maps.getAccessTokenToAuthHolderRefs().get(oldAccessTokenId); - Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId); - AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setAuthenticationHolder(authHolder); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToRefreshTokenRefs().keySet()) { - Long oldRefreshTokenId = maps.getAccessTokenToRefreshTokenRefs().get(oldAccessTokenId); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setRefreshToken(refreshToken); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldGrantId : maps.getGrantToAccessTokensRefs().keySet()) { - Set oldAccessTokenIds = maps.getGrantToAccessTokensRefs().get(oldGrantId); - - Long newGrantId = maps.getGrantOldToNewIdMap().get(oldGrantId); - ApprovedSite site = approvedSiteRepository.getById(newGrantId); - - for(Long oldTokenId : oldAccessTokenIds) { - Long newTokenId = maps.getAccessTokenOldToNewIdMap().get(oldTokenId); - OAuth2AccessTokenEntity token = tokenRepository.getAccessTokenById(newTokenId); - token.setApprovedSite(site); - tokenRepository.saveAccessToken(token); - } - - approvedSiteRepository.save(site); - } - logger.info("Done fixing object references."); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_3.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_3.java deleted file mode 100644 index 2377306e57..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_3.java +++ /dev/null @@ -1,1314 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mitre.util.JsonUtils.readMap; -import static org.mitre.util.JsonUtils.readSet; -import static org.mitre.util.JsonUtils.writeNullSafeArray; - -import java.io.IOException; -import java.io.Serializable; -import java.text.ParseException; -import java.util.Collections; -import java.util.Date; -import java.util.HashSet; -import java.util.List; -import java.util.Map.Entry; -import java.util.Set; - -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AppType; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.PKCEAlgorithm; -import org.mitre.oauth2.model.SavedUserAuthentication; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mitre.openid.connect.service.MITREidDataServiceExtension; -import org.mitre.openid.connect.service.MITREidDataServiceMaps; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.stereotype.Service; - -import com.google.gson.stream.JsonReader; -import com.google.gson.stream.JsonToken; -import com.google.gson.stream.JsonWriter; -import com.nimbusds.jose.EncryptionMethod; -import com.nimbusds.jose.JWEAlgorithm; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.jwk.JWKSet; -import com.nimbusds.jwt.JWTParser; - -/** - * - * Data service to import and export MITREid 1.3 configuration. - * - * @author jricher - * @author arielak - */ -@Service -@SuppressWarnings(value = {"unchecked"}) -public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements MITREidDataService { - - private static final String DEFAULT_SCOPE = "defaultScope"; - private static final String RESTRICTED = "restricted"; - private static final String ICON = "icon"; - private static final String DYNAMICALLY_REGISTERED = "dynamicallyRegistered"; - private static final String CLEAR_ACCESS_TOKENS_ON_REFRESH = "clearAccessTokensOnRefresh"; - private static final String REUSE_REFRESH_TOKEN = "reuseRefreshToken"; - private static final String ALLOW_INTROSPECTION = "allowIntrospection"; - private static final String DESCRIPTION = "description"; - private static final String REQUEST_URIS = "requestUris"; - private static final String POST_LOGOUT_REDIRECT_URI = "postLogoutRedirectUri"; - private static final String INTITATE_LOGIN_URI = "intitateLoginUri"; - private static final String DEFAULT_ACR_VALUES = "defaultACRValues"; - private static final String REQUIRE_AUTH_TIME = "requireAuthTime"; - private static final String DEFAULT_MAX_AGE = "defaultMaxAge"; - private static final String TOKEN_ENDPOINT_AUTH_SIGNING_ALG = "tokenEndpointAuthSigningAlg"; - private static final String USER_INFO_ENCRYPTED_RESPONSE_ENC = "userInfoEncryptedResponseEnc"; - private static final String USER_INFO_ENCRYPTED_RESPONSE_ALG = "userInfoEncryptedResponseAlg"; - private static final String USER_INFO_SIGNED_RESPONSE_ALG = "userInfoSignedResponseAlg"; - private static final String ID_TOKEN_ENCRYPTED_RESPONSE_ENC = "idTokenEncryptedResponseEnc"; - private static final String ID_TOKEN_ENCRYPTED_RESPONSE_ALG = "idTokenEncryptedResponseAlg"; - private static final String ID_TOKEN_SIGNED_RESPONSE_ALG = "idTokenSignedResponseAlg"; - private static final String REQUEST_OBJECT_SIGNING_ALG = "requestObjectSigningAlg"; - private static final String SUBJECT_TYPE = "subjectType"; - private static final String SECTOR_IDENTIFIER_URI = "sectorIdentifierUri"; - private static final String APPLICATION_TYPE = "applicationType"; - private static final String JWKS = "jwks"; - private static final String JWKS_URI = "jwksUri"; - private static final String POLICY_URI = "policyUri"; - private static final String GRANT_TYPES = "grantTypes"; - private static final String TOKEN_ENDPOINT_AUTH_METHOD = "tokenEndpointAuthMethod"; - private static final String TOS_URI = "tosUri"; - private static final String CONTACTS = "contacts"; - private static final String LOGO_URI = "logoUri"; - private static final String REDIRECT_URIS = "redirectUris"; - private static final String REFRESH_TOKEN_VALIDITY_SECONDS = "refreshTokenValiditySeconds"; - private static final String ACCESS_TOKEN_VALIDITY_SECONDS = "accessTokenValiditySeconds"; - private static final String ID_TOKEN_VALIDITY_SECONDS = "idTokenValiditySeconds"; - private static final String DEVICE_CODE_VALIDITY_SECONDS = "deviceCodeValiditySeconds"; - private static final String SECRET = "secret"; - private static final String URI = "uri"; - private static final String CREATOR_USER_ID = "creatorUserId"; - private static final String APPROVED_ACCESS_TOKENS = "approvedAccessTokens"; - private static final String ALLOWED_SCOPES = "allowedScopes"; - private static final String USER_ID = "userId"; - private static final String TIMEOUT_DATE = "timeoutDate"; - private static final String CREATION_DATE = "creationDate"; - private static final String ACCESS_DATE = "accessDate"; - private static final String AUTHENTICATED = "authenticated"; - private static final String SOURCE_CLASS = "sourceClass"; - private static final String NAME = "name"; - private static final String SAVED_USER_AUTHENTICATION = "savedUserAuthentication"; - private static final String EXTENSIONS = "extensions"; - private static final String RESPONSE_TYPES = "responseTypes"; - private static final String REDIRECT_URI = "redirectUri"; - private static final String APPROVED = "approved"; - private static final String AUTHORITIES = "authorities"; - private static final String RESOURCE_IDS = "resourceIds"; - private static final String REQUEST_PARAMETERS = "requestParameters"; - private static final String TYPE = "type"; - private static final String SCOPE = "scope"; - private static final String REFRESH_TOKEN_ID = "refreshTokenId"; - private static final String VALUE = "value"; - private static final String AUTHENTICATION_HOLDER_ID = "authenticationHolderId"; - private static final String CLIENT_ID = "clientId"; - private static final String EXPIRATION = "expiration"; - private static final String CLAIMS_REDIRECT_URIS = "claimsRedirectUris"; - private static final String ID = "id"; - private static final String CODE_CHALLENGE_METHOD = "codeChallengeMethod"; - private static final String SOFTWARE_STATEMENT = "softwareStatement"; - private static final String SOFTWARE_VERSION = "softwareVersion"; - private static final String SOFTWARE_ID = "softwareId"; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(MITREidDataService_1_3.class); - @Autowired - private OAuth2ClientRepository clientRepository; - @Autowired - private ApprovedSiteRepository approvedSiteRepository; - @Autowired - private WhitelistedSiteRepository wlSiteRepository; - @Autowired - private BlacklistedSiteRepository blSiteRepository; - @Autowired - private AuthenticationHolderRepository authHolderRepository; - @Autowired - private OAuth2TokenRepository tokenRepository; - @Autowired - private SystemScopeRepository sysScopeRepository; - @Autowired(required = false) - private List extensions = Collections.emptyList(); - - private static final String THIS_VERSION = MITREID_CONNECT_1_3; - - private MITREidDataServiceMaps maps = new MITREidDataServiceMaps(); - - @Override - public boolean supportsVersion(String version) { - return THIS_VERSION.equals(version); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter) - */ - @Override - public void exportData(JsonWriter writer) throws IOException { - - // version tag at the root - writer.name(THIS_VERSION); - - writer.beginObject(); - - // clients list - writer.name(CLIENTS); - writer.beginArray(); - writeClients(writer); - writer.endArray(); - - writer.name(GRANTS); - writer.beginArray(); - writeGrants(writer); - writer.endArray(); - - writer.name(WHITELISTEDSITES); - writer.beginArray(); - writeWhitelistedSites(writer); - writer.endArray(); - - writer.name(BLACKLISTEDSITES); - writer.beginArray(); - writeBlacklistedSites(writer); - writer.endArray(); - - writer.name(AUTHENTICATIONHOLDERS); - writer.beginArray(); - writeAuthenticationHolders(writer); - writer.endArray(); - - writer.name(ACCESSTOKENS); - writer.beginArray(); - writeAccessTokens(writer); - writer.endArray(); - - writer.name(REFRESHTOKENS); - writer.beginArray(); - writeRefreshTokens(writer); - writer.endArray(); - - writer.name(SYSTEMSCOPES); - writer.beginArray(); - writeSystemScopes(writer); - writer.endArray(); - - for (MITREidDataServiceExtension extension : extensions) { - if (extension.supportsVersion(THIS_VERSION)) { - extension.exportExtensionData(writer); - break; - } - } - - writer.endObject(); // end mitreid-connect-1.3 - } - - /** - * @param writer - */ - private void writeRefreshTokens(JsonWriter writer) throws IOException { - for (OAuth2RefreshTokenEntity token : tokenRepository.getAllRefreshTokens()) { - writer.beginObject(); - writer.name(ID).value(token.getId()); - writer.name(EXPIRATION).value(toUTCString(token.getExpiration())); - writer.name(CLIENT_ID) - .value((token.getClient() != null) ? token.getClient().getClientId() : null); - writer.name(AUTHENTICATION_HOLDER_ID) - .value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null); - writer.name(VALUE).value(token.getValue()); - writer.endObject(); - logger.debug("Wrote refresh token {}", token.getId()); - } - logger.info("Done writing refresh tokens"); - } - - /** - * @param writer - */ - private void writeAccessTokens(JsonWriter writer) throws IOException { - for (OAuth2AccessTokenEntity token : tokenRepository.getAllAccessTokens()) { - writer.beginObject(); - writer.name(ID).value(token.getId()); - writer.name(EXPIRATION).value(toUTCString(token.getExpiration())); - writer.name(CLIENT_ID) - .value((token.getClient() != null) ? token.getClient().getClientId() : null); - writer.name(AUTHENTICATION_HOLDER_ID) - .value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null); - writer.name(REFRESH_TOKEN_ID) - .value((token.getRefreshToken() != null) ? token.getRefreshToken().getId() : null); - writer.name(SCOPE); - writer.beginArray(); - for (String s : token.getScope()) { - writer.value(s); - } - writer.endArray(); - writer.name(TYPE).value(token.getTokenType()); - writer.name(VALUE).value(token.getValue()); - writer.endObject(); - logger.debug("Wrote access token {}", token.getId()); - } - logger.info("Done writing access tokens"); - } - - /** - * @param writer - */ - private void writeAuthenticationHolders(JsonWriter writer) throws IOException { - for (AuthenticationHolderEntity holder : authHolderRepository.getAll()) { - writer.beginObject(); - writer.name(ID).value(holder.getId()); - - writer.name(REQUEST_PARAMETERS); - writer.beginObject(); - for (Entry entry : holder.getRequestParameters().entrySet()) { - writer.name(entry.getKey()).value(entry.getValue()); - } - writer.endObject(); - writer.name(CLIENT_ID).value(holder.getClientId()); - Set scope = holder.getScope(); - writer.name(SCOPE); - writer.beginArray(); - for (String s : scope) { - writer.value(s); - } - writer.endArray(); - writer.name(RESOURCE_IDS); - writer.beginArray(); - if (holder.getResourceIds() != null) { - for (String s : holder.getResourceIds()) { - writer.value(s); - } - } - writer.endArray(); - writer.name(AUTHORITIES); - writer.beginArray(); - for (GrantedAuthority authority : holder.getAuthorities()) { - writer.value(authority.getAuthority()); - } - writer.endArray(); - writer.name(APPROVED).value(holder.isApproved()); - writer.name(REDIRECT_URI).value(holder.getRedirectUri()); - writer.name(RESPONSE_TYPES); - writer.beginArray(); - for (String s : holder.getResponseTypes()) { - writer.value(s); - } - writer.endArray(); - writer.name(EXTENSIONS); - writer.beginObject(); - for (Entry entry : holder.getExtensions().entrySet()) { - // while the extension map itself is Serializable, we enforce storage of Strings - if (entry.getValue() instanceof String) { - writer.name(entry.getKey()).value((String) entry.getValue()); - } else { - logger.warn("Skipping non-string extension: " + entry); - } - } - writer.endObject(); - - writer.name(SAVED_USER_AUTHENTICATION); - if (holder.getUserAuth() != null) { - writer.beginObject(); - writer.name(NAME).value(holder.getUserAuth().getName()); - writer.name(SOURCE_CLASS).value(holder.getUserAuth().getSourceClass()); - writer.name(AUTHENTICATED).value(holder.getUserAuth().isAuthenticated()); - writer.name(AUTHORITIES); - writer.beginArray(); - for (GrantedAuthority authority : holder.getUserAuth().getAuthorities()) { - writer.value(authority.getAuthority()); - } - writer.endArray(); - - writer.endObject(); - } else { - writer.nullValue(); - } - - - writer.endObject(); - logger.debug("Wrote authentication holder {}", holder.getId()); - } - logger.info("Done writing authentication holders"); - } - - /** - * @param writer - */ - private void writeGrants(JsonWriter writer) throws IOException { - for (ApprovedSite site : approvedSiteRepository.getAll()) { - writer.beginObject(); - writer.name(ID).value(site.getId()); - writer.name(ACCESS_DATE).value(toUTCString(site.getAccessDate())); - writer.name(CLIENT_ID).value(site.getClientId()); - writer.name(CREATION_DATE).value(toUTCString(site.getCreationDate())); - writer.name(TIMEOUT_DATE).value(toUTCString(site.getTimeoutDate())); - writer.name(USER_ID).value(site.getUserId()); - writer.name(ALLOWED_SCOPES); - writeNullSafeArray(writer, site.getAllowedScopes()); - List tokens = tokenRepository.getAccessTokensForApprovedSite(site); - writer.name(APPROVED_ACCESS_TOKENS); - writer.beginArray(); - for (OAuth2AccessTokenEntity token : tokens) { - writer.value(token.getId()); - } - writer.endArray(); - writer.endObject(); - logger.debug("Wrote grant {}", site.getId()); - } - logger.info("Done writing grants"); - } - - /** - * @param writer - */ - private void writeWhitelistedSites(JsonWriter writer) throws IOException { - for (WhitelistedSite wlSite : wlSiteRepository.getAll()) { - writer.beginObject(); - writer.name(ID).value(wlSite.getId()); - writer.name(CLIENT_ID).value(wlSite.getClientId()); - writer.name(CREATOR_USER_ID).value(wlSite.getCreatorUserId()); - writer.name(ALLOWED_SCOPES); - writeNullSafeArray(writer, wlSite.getAllowedScopes()); - writer.endObject(); - logger.debug("Wrote whitelisted site {}", wlSite.getId()); - } - logger.info("Done writing whitelisted sites"); - } - - /** - * @param writer - */ - private void writeBlacklistedSites(JsonWriter writer) throws IOException { - for (BlacklistedSite blSite : blSiteRepository.getAll()) { - writer.beginObject(); - writer.name(ID).value(blSite.getId()); - writer.name(URI).value(blSite.getUri()); - writer.endObject(); - logger.debug("Wrote blacklisted site {}", blSite.getId()); - } - logger.info("Done writing blacklisted sites"); - } - - /** - * @param writer - */ - private void writeClients(JsonWriter writer) { - for (ClientDetailsEntity client : clientRepository.getAllClients()) { - try { - writer.beginObject(); - writer.name(CLIENT_ID).value(client.getClientId()); - writer.name(RESOURCE_IDS); - writeNullSafeArray(writer, client.getResourceIds()); - - writer.name(SECRET).value(client.getClientSecret()); - - writer.name(SCOPE); - writeNullSafeArray(writer, client.getScope()); - - writer.name(AUTHORITIES); - writer.beginArray(); - for (GrantedAuthority authority : client.getAuthorities()) { - writer.value(authority.getAuthority()); - } - writer.endArray(); - writer.name(ACCESS_TOKEN_VALIDITY_SECONDS).value(client.getAccessTokenValiditySeconds()); - writer.name(REFRESH_TOKEN_VALIDITY_SECONDS).value(client.getRefreshTokenValiditySeconds()); - writer.name(ID_TOKEN_VALIDITY_SECONDS).value(client.getIdTokenValiditySeconds()); - writer.name(DEVICE_CODE_VALIDITY_SECONDS).value(client.getDeviceCodeValiditySeconds()); - writer.name(REDIRECT_URIS); - writeNullSafeArray(writer, client.getRedirectUris()); - writer.name(CLAIMS_REDIRECT_URIS); - writeNullSafeArray(writer, client.getClaimsRedirectUris()); - writer.name(NAME).value(client.getClientName()); - writer.name(URI).value(client.getClientUri()); - writer.name(LOGO_URI).value(client.getLogoUri()); - writer.name(CONTACTS); - writeNullSafeArray(writer, client.getContacts()); - writer.name(TOS_URI).value(client.getTosUri()); - writer.name(TOKEN_ENDPOINT_AUTH_METHOD) - .value((client.getTokenEndpointAuthMethod() != null) ? client.getTokenEndpointAuthMethod().getValue() : null); - writer.name(GRANT_TYPES); - writer.beginArray(); - for (String s : client.getGrantTypes()) { - writer.value(s); - } - writer.endArray(); - writer.name(RESPONSE_TYPES); - writer.beginArray(); - for (String s : client.getResponseTypes()) { - writer.value(s); - } - writer.endArray(); - writer.name(POLICY_URI).value(client.getPolicyUri()); - writer.name(JWKS_URI).value(client.getJwksUri()); - writer.name(JWKS).value((client.getJwks() != null) ? client.getJwks().toString() : null); - writer.name(APPLICATION_TYPE) - .value((client.getApplicationType() != null) ? client.getApplicationType().getValue() : null); - writer.name(SECTOR_IDENTIFIER_URI).value(client.getSectorIdentifierUri()); - writer.name(SUBJECT_TYPE) - .value((client.getSubjectType() != null) ? client.getSubjectType().getValue() : null); - writer.name(REQUEST_OBJECT_SIGNING_ALG) - .value((client.getRequestObjectSigningAlg() != null) ? client.getRequestObjectSigningAlg().getName() : null); - writer.name(ID_TOKEN_SIGNED_RESPONSE_ALG) - .value((client.getIdTokenSignedResponseAlg() != null) ? client.getIdTokenSignedResponseAlg().getName() : null); - writer.name(ID_TOKEN_ENCRYPTED_RESPONSE_ALG) - .value((client.getIdTokenEncryptedResponseAlg() != null) ? client.getIdTokenEncryptedResponseAlg().getName() : null); - writer.name(ID_TOKEN_ENCRYPTED_RESPONSE_ENC) - .value((client.getIdTokenEncryptedResponseEnc() != null) ? client.getIdTokenEncryptedResponseEnc().getName() : null); - writer.name(USER_INFO_SIGNED_RESPONSE_ALG) - .value((client.getUserInfoSignedResponseAlg() != null) ? client.getUserInfoSignedResponseAlg().getName() : null); - writer.name(USER_INFO_ENCRYPTED_RESPONSE_ALG) - .value((client.getUserInfoEncryptedResponseAlg() != null) ? client.getUserInfoEncryptedResponseAlg().getName() : null); - writer.name(USER_INFO_ENCRYPTED_RESPONSE_ENC) - .value((client.getUserInfoEncryptedResponseEnc() != null) ? client.getUserInfoEncryptedResponseEnc().getName() : null); - writer.name(TOKEN_ENDPOINT_AUTH_SIGNING_ALG) - .value((client.getTokenEndpointAuthSigningAlg() != null) ? client.getTokenEndpointAuthSigningAlg().getName() : null); - writer.name(DEFAULT_MAX_AGE).value(client.getDefaultMaxAge()); - Boolean requireAuthTime = null; - try { - requireAuthTime = client.getRequireAuthTime(); - } catch (NullPointerException e) { - } - if (requireAuthTime != null) { - writer.name(REQUIRE_AUTH_TIME).value(requireAuthTime); - } - writer.name(DEFAULT_ACR_VALUES); - writeNullSafeArray(writer, client.getDefaultACRvalues()); - writer.name(INTITATE_LOGIN_URI).value(client.getInitiateLoginUri()); - writer.name(POST_LOGOUT_REDIRECT_URI); - writeNullSafeArray(writer, client.getPostLogoutRedirectUris()); - writer.name(REQUEST_URIS); - writeNullSafeArray(writer, client.getRequestUris()); - writer.name(DESCRIPTION).value(client.getClientDescription()); - writer.name(ALLOW_INTROSPECTION).value(client.isAllowIntrospection()); - writer.name(REUSE_REFRESH_TOKEN).value(client.isReuseRefreshToken()); - writer.name(CLEAR_ACCESS_TOKENS_ON_REFRESH).value(client.isClearAccessTokensOnRefresh()); - writer.name(DYNAMICALLY_REGISTERED).value(client.isDynamicallyRegistered()); - writer.name(CODE_CHALLENGE_METHOD).value(client.getCodeChallengeMethod() != null ? client.getCodeChallengeMethod().getName() : null); - writer.name(SOFTWARE_ID).value(client.getSoftwareId()); - writer.name(SOFTWARE_VERSION).value(client.getSoftwareVersion()); - writer.name(SOFTWARE_STATEMENT).value(client.getSoftwareStatement() != null ? client.getSoftwareStatement().serialize() : null); - writer.name(CREATION_DATE).value(toUTCString(client.getCreatedAt())); - writer.endObject(); - logger.debug("Wrote client {}", client.getId()); - } catch (IOException ex) { - logger.error("Unable to write client {}", client.getId(), ex); - } - } - logger.info("Done writing clients"); - } - - /** - * @param writer - */ - private void writeSystemScopes(JsonWriter writer) { - for (SystemScope sysScope : sysScopeRepository.getAll()) { - try { - writer.beginObject(); - writer.name(ID).value(sysScope.getId()); - writer.name(DESCRIPTION).value(sysScope.getDescription()); - writer.name(ICON).value(sysScope.getIcon()); - writer.name(VALUE).value(sysScope.getValue()); - writer.name(RESTRICTED).value(sysScope.isRestricted()); - writer.name(DEFAULT_SCOPE).value(sysScope.isDefaultScope()); - writer.endObject(); - logger.debug("Wrote system scope {}", sysScope.getId()); - } catch (IOException ex) { - logger.error("Unable to write system scope {}", sysScope.getId(), ex); - } - } - logger.info("Done writing system scopes"); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataService#importData(com.google.gson.stream.JsonReader) - */ - @Override - public void importData(JsonReader reader) throws IOException { - - logger.info("Reading configuration for 1.3"); - - // this *HAS* to start as an object - reader.beginObject(); - - while (reader.hasNext()) { - JsonToken tok = reader.peek(); - switch (tok) { - case NAME: - String name = reader.nextName(); - // find out which member it is - if (name.equals(CLIENTS)) { - readClients(reader); - } else if (name.equals(GRANTS)) { - readGrants(reader); - } else if (name.equals(WHITELISTEDSITES)) { - readWhitelistedSites(reader); - } else if (name.equals(BLACKLISTEDSITES)) { - readBlacklistedSites(reader); - } else if (name.equals(AUTHENTICATIONHOLDERS)) { - readAuthenticationHolders(reader); - } else if (name.equals(ACCESSTOKENS)) { - readAccessTokens(reader); - } else if (name.equals(REFRESHTOKENS)) { - readRefreshTokens(reader); - } else if (name.equals(SYSTEMSCOPES)) { - readSystemScopes(reader); - } else { - boolean processed = false; - for (MITREidDataServiceExtension extension : extensions) { - if (extension.supportsVersion(THIS_VERSION)) { - processed = extension.importExtensionData(name, reader); - if (processed) { - // if the extension processed data, break out of this inner loop - // (only the first extension to claim an extension point gets it) - break; - } - } - } - if (!processed) { - // unknown token, skip it - reader.skipValue(); - } - } - break; - case END_OBJECT: - // the object ended, we're done here - reader.endObject(); - continue; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - fixObjectReferences(); - for (MITREidDataServiceExtension extension : extensions) { - if (extension.supportsVersion(THIS_VERSION)) { - extension.fixExtensionObjectReferences(maps); - break; - } - } - maps.clearAll(); - } - - /** - * @param reader - * @throws IOException - */ - /** - * @param reader - * @throws IOException - */ - private void readRefreshTokens(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - OAuth2RefreshTokenEntity token = new OAuth2RefreshTokenEntity(); - reader.beginObject(); - Long currentId = null; - String clientId = null; - Long authHolderId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(EXPIRATION)) { - Date date = utcToDate(reader.nextString()); - token.setExpiration(date); - } else if (name.equals(VALUE)) { - String value = reader.nextString(); - try { - token.setJwt(JWTParser.parse(value)); - } catch (ParseException ex) { - logger.error("Unable to set refresh token value to {}", value, ex); - } - } else if (name.equals(CLIENT_ID)) { - clientId = reader.nextString(); - } else if (name.equals(AUTHENTICATION_HOLDER_ID)) { - authHolderId = reader.nextLong(); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = tokenRepository.saveRefreshToken(token).getId(); - maps.getRefreshTokenToClientRefs().put(currentId, clientId); - maps.getRefreshTokenToAuthHolderRefs().put(currentId, authHolderId); - maps.getRefreshTokenOldToNewIdMap().put(currentId, newId); - logger.debug("Read refresh token {}", currentId); - } - reader.endArray(); - logger.info("Done reading refresh tokens"); - } - /** - * @param reader - * @throws IOException - */ - /** - * @param reader - * @throws IOException - */ - private void readAccessTokens(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - reader.beginObject(); - Long currentId = null; - String clientId = null; - Long authHolderId = null; - Long refreshTokenId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(EXPIRATION)) { - Date date = utcToDate(reader.nextString()); - token.setExpiration(date); - } else if (name.equals(VALUE)) { - String value = reader.nextString(); - try { - // all tokens are JWTs - token.setJwt(JWTParser.parse(value)); - } catch (ParseException ex) { - logger.error("Unable to set refresh token value to {}", value, ex); - } - } else if (name.equals(CLIENT_ID)) { - clientId = reader.nextString(); - } else if (name.equals(AUTHENTICATION_HOLDER_ID)) { - authHolderId = reader.nextLong(); - } else if (name.equals(REFRESH_TOKEN_ID)) { - refreshTokenId = reader.nextLong(); - } else if (name.equals(SCOPE)) { - Set scope = readSet(reader); - token.setScope(scope); - } else if (name.equals(TYPE)) { - token.setTokenType(reader.nextString()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = tokenRepository.saveAccessToken(token).getId(); - maps.getAccessTokenToClientRefs().put(currentId, clientId); - maps.getAccessTokenToAuthHolderRefs().put(currentId, authHolderId); - if (refreshTokenId != null) { - maps.getAccessTokenToRefreshTokenRefs().put(currentId, refreshTokenId); - } - maps.getAccessTokenOldToNewIdMap().put(currentId, newId); - logger.debug("Read access token {}", currentId); - } - reader.endArray(); - logger.info("Done reading access tokens"); - } - /** - * @param reader - * @throws IOException - */ - private void readAuthenticationHolders(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - AuthenticationHolderEntity ahe = new AuthenticationHolderEntity(); - reader.beginObject(); - Long currentId = null; - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(REQUEST_PARAMETERS)) { - ahe.setRequestParameters(readMap(reader)); - } else if (name.equals(CLIENT_ID)) { - ahe.setClientId(reader.nextString()); - } else if (name.equals(SCOPE)) { - ahe.setScope(readSet(reader)); - } else if (name.equals(RESOURCE_IDS)) { - ahe.setResourceIds(readSet(reader)); - } else if (name.equals(AUTHORITIES)) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - ahe.setAuthorities(authorities); - } else if (name.equals(APPROVED)) { - ahe.setApproved(reader.nextBoolean()); - } else if (name.equals(REDIRECT_URI)) { - ahe.setRedirectUri(reader.nextString()); - } else if (name.equals(RESPONSE_TYPES)) { - ahe.setResponseTypes(readSet(reader)); - } else if (name.equals(EXTENSIONS)) { - ahe.setExtensions(readMap(reader)); - } else if (name.equals(SAVED_USER_AUTHENTICATION)) { - ahe.setUserAuth(readSavedUserAuthentication(reader)); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = authHolderRepository.save(ahe).getId(); - maps.getAuthHolderOldToNewIdMap().put(currentId, newId); - logger.debug("Read authentication holder {}", currentId); - } - reader.endArray(); - logger.info("Done reading authentication holders"); - } - - /** - * @param reader - * @return - * @throws IOException - */ - private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException { - SavedUserAuthentication savedUserAuth = new SavedUserAuthentication(); - reader.beginObject(); - - while (reader.hasNext()) { - switch(reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(NAME)) { - savedUserAuth.setName(reader.nextString()); - } else if (name.equals(SOURCE_CLASS)) { - savedUserAuth.setSourceClass(reader.nextString()); - } else if (name.equals(AUTHENTICATED)) { - savedUserAuth.setAuthenticated(reader.nextBoolean()); - } else if (name.equals(AUTHORITIES)) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - savedUserAuth.setAuthorities(authorities); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - - reader.endObject(); - return savedUserAuth; - } - - /** - * @param reader - * @throws IOException - */ - private void readGrants(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - ApprovedSite site = new ApprovedSite(); - Long currentId = null; - Set tokenIds = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(ACCESS_DATE)) { - Date date = utcToDate(reader.nextString()); - site.setAccessDate(date); - } else if (name.equals(CLIENT_ID)) { - site.setClientId(reader.nextString()); - } else if (name.equals(CREATION_DATE)) { - Date date = utcToDate(reader.nextString()); - site.setCreationDate(date); - } else if (name.equals(TIMEOUT_DATE)) { - Date date = utcToDate(reader.nextString()); - site.setTimeoutDate(date); - } else if (name.equals(USER_ID)) { - site.setUserId(reader.nextString()); - } else if (name.equals(ALLOWED_SCOPES)) { - Set allowedScopes = readSet(reader); - site.setAllowedScopes(allowedScopes); - } else if (name.equals(APPROVED_ACCESS_TOKENS)) { - tokenIds = readSet(reader); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = approvedSiteRepository.save(site).getId(); - maps.getGrantOldToNewIdMap().put(currentId, newId); - if (tokenIds != null) { - maps.getGrantToAccessTokensRefs().put(currentId, tokenIds); - } - logger.debug("Read grant {}", currentId); - } - reader.endArray(); - logger.info("Done reading grants"); - } - - /** - * @param reader - * @throws IOException - */ - private void readWhitelistedSites(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - WhitelistedSite wlSite = new WhitelistedSite(); - Long currentId = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (name.equals(ID)) { - currentId = reader.nextLong(); - } else if (name.equals(CLIENT_ID)) { - wlSite.setClientId(reader.nextString()); - } else if (name.equals(CREATOR_USER_ID)) { - wlSite.setCreatorUserId(reader.nextString()); - } else if (name.equals(ALLOWED_SCOPES)) { - Set allowedScopes = readSet(reader); - wlSite.setAllowedScopes(allowedScopes); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = wlSiteRepository.save(wlSite).getId(); - maps.getWhitelistedSiteOldToNewIdMap().put(currentId, newId); - } - reader.endArray(); - logger.info("Done reading whitelisted sites"); - } - - /** - * @param reader - * @throws IOException - */ - private void readBlacklistedSites(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - BlacklistedSite blSite = new BlacklistedSite(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (name.equals(ID)) { - reader.skipValue(); - } else if (name.equals(URI)) { - blSite.setUri(reader.nextString()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - blSiteRepository.save(blSite); - } - reader.endArray(); - logger.info("Done reading blacklisted sites"); - } - - /** - * @param reader - * @throws IOException - */ - private void readClients(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - ClientDetailsEntity client = new ClientDetailsEntity(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(CLIENT_ID)) { - client.setClientId(reader.nextString()); - } else if (name.equals(RESOURCE_IDS)) { - Set resourceIds = readSet(reader); - client.setResourceIds(resourceIds); - } else if (name.equals(SECRET)) { - client.setClientSecret(reader.nextString()); - } else if (name.equals(SCOPE)) { - Set scope = readSet(reader); - client.setScope(scope); - } else if (name.equals(AUTHORITIES)) { - Set authorityStrs = readSet(reader); - Set authorities = new HashSet(); - for (String s : authorityStrs) { - GrantedAuthority ga = new SimpleGrantedAuthority(s); - authorities.add(ga); - } - client.setAuthorities(authorities); - } else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) { - client.setAccessTokenValiditySeconds(reader.nextInt()); - } else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) { - client.setRefreshTokenValiditySeconds(reader.nextInt()); - } else if (name.equals(ID_TOKEN_VALIDITY_SECONDS)) { - client.setIdTokenValiditySeconds(reader.nextInt()); - } else if (name.equals(DEVICE_CODE_VALIDITY_SECONDS)) { - client.setDeviceCodeValiditySeconds(reader.nextInt()); - } else if (name.equals(REDIRECT_URIS)) { - Set redirectUris = readSet(reader); - client.setRedirectUris(redirectUris); - } else if (name.equals(CLAIMS_REDIRECT_URIS)) { - Set claimsRedirectUris = readSet(reader); - client.setClaimsRedirectUris(claimsRedirectUris); - } else if (name.equals(NAME)) { - client.setClientName(reader.nextString()); - } else if (name.equals(URI)) { - client.setClientUri(reader.nextString()); - } else if (name.equals(LOGO_URI)) { - client.setLogoUri(reader.nextString()); - } else if (name.equals(CONTACTS)) { - Set contacts = readSet(reader); - client.setContacts(contacts); - } else if (name.equals(TOS_URI)) { - client.setTosUri(reader.nextString()); - } else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) { - AuthMethod am = AuthMethod.getByValue(reader.nextString()); - client.setTokenEndpointAuthMethod(am); - } else if (name.equals(GRANT_TYPES)) { - Set grantTypes = readSet(reader); - client.setGrantTypes(grantTypes); - } else if (name.equals(RESPONSE_TYPES)) { - Set responseTypes = readSet(reader); - client.setResponseTypes(responseTypes); - } else if (name.equals(POLICY_URI)) { - client.setPolicyUri(reader.nextString()); - } else if (name.equals(APPLICATION_TYPE)) { - AppType appType = AppType.getByValue(reader.nextString()); - client.setApplicationType(appType); - } else if (name.equals(SECTOR_IDENTIFIER_URI)) { - client.setSectorIdentifierUri(reader.nextString()); - } else if (name.equals(SUBJECT_TYPE)) { - SubjectType st = SubjectType.getByValue(reader.nextString()); - client.setSubjectType(st); - } else if (name.equals(JWKS_URI)) { - client.setJwksUri(reader.nextString()); - } else if (name.equals(JWKS)) { - try { - client.setJwks(JWKSet.parse(reader.nextString())); - } catch (ParseException e) { - logger.error("Couldn't parse JWK Set", e); - } - } else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setRequestObjectSigningAlg(alg); - } else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) { - JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); - client.setUserInfoEncryptedResponseAlg(alg); - } else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) { - EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); - client.setUserInfoEncryptedResponseEnc(alg); - } else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setUserInfoSignedResponseAlg(alg); - } else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setIdTokenSignedResponseAlg(alg); - } else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) { - JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); - client.setIdTokenEncryptedResponseAlg(alg); - } else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) { - EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); - client.setIdTokenEncryptedResponseEnc(alg); - } else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) { - JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); - client.setTokenEndpointAuthSigningAlg(alg); - } else if (name.equals(DEFAULT_MAX_AGE)) { - client.setDefaultMaxAge(reader.nextInt()); - } else if (name.equals(REQUIRE_AUTH_TIME)) { - client.setRequireAuthTime(reader.nextBoolean()); - } else if (name.equals(DEFAULT_ACR_VALUES)) { - Set defaultACRvalues = readSet(reader); - client.setDefaultACRvalues(defaultACRvalues); - } else if (name.equals("initiateLoginUri")) { - client.setInitiateLoginUri(reader.nextString()); - } else if (name.equals(POST_LOGOUT_REDIRECT_URI)) { - Set postLogoutUris = readSet(reader); - client.setPostLogoutRedirectUris(postLogoutUris); - } else if (name.equals(REQUEST_URIS)) { - Set requestUris = readSet(reader); - client.setRequestUris(requestUris); - } else if (name.equals(DESCRIPTION)) { - client.setClientDescription(reader.nextString()); - } else if (name.equals(ALLOW_INTROSPECTION)) { - client.setAllowIntrospection(reader.nextBoolean()); - } else if (name.equals(REUSE_REFRESH_TOKEN)) { - client.setReuseRefreshToken(reader.nextBoolean()); - } else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) { - client.setClearAccessTokensOnRefresh(reader.nextBoolean()); - } else if (name.equals(DYNAMICALLY_REGISTERED)) { - client.setDynamicallyRegistered(reader.nextBoolean()); - } else if (name.equals(CODE_CHALLENGE_METHOD)) { - client.setCodeChallengeMethod(PKCEAlgorithm.parse(reader.nextString())); - } else if (name.equals(SOFTWARE_ID)) { - client.setSoftwareId(reader.nextString()); - } else if (name.equals(SOFTWARE_VERSION)) { - client.setSoftwareVersion(reader.nextString()); - } else if (name.equals(SOFTWARE_STATEMENT)) { - try { - client.setSoftwareStatement(JWTParser.parse(reader.nextString())); - } catch (ParseException e) { - logger.error("Couldn't parse software statement", e); - } - } else if (name.equals(CREATION_DATE)) { - Date date = utcToDate(reader.nextString()); - client.setCreatedAt(date); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - clientRepository.saveClient(client); - } - reader.endArray(); - logger.info("Done reading clients"); - } - - /** - * Read the list of system scopes from the reader and insert them into the - * scope repository. - * - * @param reader - * @throws IOException - */ - private void readSystemScopes(JsonReader reader) throws IOException { - reader.beginArray(); - while (reader.hasNext()) { - SystemScope scope = new SystemScope(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(VALUE)) { - scope.setValue(reader.nextString()); - } else if (name.equals(DESCRIPTION)) { - scope.setDescription(reader.nextString()); - } else if (name.equals(RESTRICTED)) { - scope.setRestricted(reader.nextBoolean()); - } else if (name.equals(DEFAULT_SCOPE)) { - scope.setDefaultScope(reader.nextBoolean()); - } else if (name.equals(ICON)) { - scope.setIcon(reader.nextString()); - } else { - logger.debug("found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - sysScopeRepository.save(scope); - } - reader.endArray(); - logger.info("Done reading system scopes"); - } - - private void fixObjectReferences() { - logger.info("Fixing object references..."); - for (Long oldRefreshTokenId : maps.getRefreshTokenToClientRefs().keySet()) { - String clientRef = maps.getRefreshTokenToClientRefs().get(oldRefreshTokenId); - ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - refreshToken.setClient(client); - tokenRepository.saveRefreshToken(refreshToken); - } - for (Long oldRefreshTokenId : maps.getRefreshTokenToAuthHolderRefs().keySet()) { - Long oldAuthHolderId = maps.getRefreshTokenToAuthHolderRefs().get(oldRefreshTokenId); - Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId); - AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - refreshToken.setAuthenticationHolder(authHolder); - tokenRepository.saveRefreshToken(refreshToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToClientRefs().keySet()) { - String clientRef = maps.getAccessTokenToClientRefs().get(oldAccessTokenId); - ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setClient(client); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToAuthHolderRefs().keySet()) { - Long oldAuthHolderId = maps.getAccessTokenToAuthHolderRefs().get(oldAccessTokenId); - Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId); - AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setAuthenticationHolder(authHolder); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldAccessTokenId : maps.getAccessTokenToRefreshTokenRefs().keySet()) { - Long oldRefreshTokenId = maps.getAccessTokenToRefreshTokenRefs().get(oldAccessTokenId); - Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); - OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); - Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); - OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); - accessToken.setRefreshToken(refreshToken); - tokenRepository.saveAccessToken(accessToken); - } - for (Long oldGrantId : maps.getGrantToAccessTokensRefs().keySet()) { - Set oldAccessTokenIds = maps.getGrantToAccessTokensRefs().get(oldGrantId); - - Long newGrantId = maps.getGrantOldToNewIdMap().get(oldGrantId); - ApprovedSite site = approvedSiteRepository.getById(newGrantId); - - for(Long oldTokenId : oldAccessTokenIds) { - Long newTokenId = maps.getAccessTokenOldToNewIdMap().get(oldTokenId); - OAuth2AccessTokenEntity token = tokenRepository.getAccessTokenById(newTokenId); - token.setApprovedSite(site); - tokenRepository.saveAccessToken(token); - } - - approvedSiteRepository.save(site); - } - /* - refreshTokenToClientRefs.clear(); - refreshTokenToAuthHolderRefs.clear(); - accessTokenToClientRefs.clear(); - accessTokenToAuthHolderRefs.clear(); - accessTokenToRefreshTokenRefs.clear(); - refreshTokenOldToNewIdMap.clear(); - accessTokenOldToNewIdMap.clear(); - grantOldToNewIdMap.clear(); - */ - logger.info("Done fixing object references."); - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MatchLoginHintsAgainstUsers.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MatchLoginHintsAgainstUsers.java deleted file mode 100644 index 74d98ea31b..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MatchLoginHintsAgainstUsers.java +++ /dev/null @@ -1,58 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.openid.connect.service.impl; - -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.LoginHintExtracter; -import org.mitre.openid.connect.service.UserInfoService; -import org.springframework.beans.factory.annotation.Autowired; - -import com.google.common.base.Strings; - -/** - * Checks the login hint against the User Info collection, only populates it if a user is found. - * @author jricher - * - */ -public class MatchLoginHintsAgainstUsers implements LoginHintExtracter { - - @Autowired - private UserInfoService userInfoService; - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String) - */ - @Override - public String extractHint(String loginHint) { - if (Strings.isNullOrEmpty(loginHint)) { - return null; - } else { - UserInfo user = userInfoService.getByEmailAddress(loginHint); - if (user == null) { - user = userInfoService.getByUsername(loginHint); - if (user == null) { - return null; - } else { - return user.getPreferredUsername(); - } - } else { - return user.getPreferredUsername(); - } - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/PassAllLoginHints.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/PassAllLoginHints.java deleted file mode 100644 index b1894466b6..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/PassAllLoginHints.java +++ /dev/null @@ -1,37 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.openid.connect.service.impl; - -import org.mitre.openid.connect.service.LoginHintExtracter; - -/** - * Sends all login hints through to the login page regardless of setup. - * - * @author jricher - * - */ -public class PassAllLoginHints implements LoginHintExtracter { - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String) - */ - @Override - public String extractHint(String loginHint) { - return loginHint; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/RemoveLoginHintsWithHTTP.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/RemoveLoginHintsWithHTTP.java deleted file mode 100644 index eab1585c20..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/RemoveLoginHintsWithHTTP.java +++ /dev/null @@ -1,47 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.openid.connect.service.impl; - -import org.mitre.openid.connect.service.LoginHintExtracter; - -import com.google.common.base.Strings; - -/** - * Passes login hints that don't start with "http" - * - * @author jricher - * - */ -public class RemoveLoginHintsWithHTTP implements LoginHintExtracter { - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String) - */ - @Override - public String extractHint(String loginHint) { - if (Strings.isNullOrEmpty(loginHint)) { - return null; - } else { - if (loginHint.startsWith("http")) { - return null; - } else { - return loginHint; - } - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UUIDPairwiseIdentiferService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UUIDPairwiseIdentiferService.java deleted file mode 100644 index 14b46fcc36..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UUIDPairwiseIdentiferService.java +++ /dev/null @@ -1,92 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.service.impl; - -import java.util.Set; -import java.util.UUID; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.openid.connect.model.PairwiseIdentifier; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.repository.PairwiseIdentifierRepository; -import org.mitre.openid.connect.service.PairwiseIdentiferService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; -import org.springframework.web.util.UriComponents; -import org.springframework.web.util.UriComponentsBuilder; - -import com.google.common.base.Strings; -import com.google.common.collect.Iterables; - -/** - * @author jricher - * - */ -@Service("uuidPairwiseIdentiferService") -public class UUIDPairwiseIdentiferService implements PairwiseIdentiferService { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(UUIDPairwiseIdentiferService.class); - - @Autowired - private PairwiseIdentifierRepository pairwiseIdentifierRepository; - - @Override - public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client) { - - String sectorIdentifier = null; - - if (!Strings.isNullOrEmpty(client.getSectorIdentifierUri())) { - UriComponents uri = UriComponentsBuilder.fromUriString(client.getSectorIdentifierUri()).build(); - sectorIdentifier = uri.getHost(); // calculate based on the host component only - } else { - Set redirectUris = client.getRedirectUris(); - UriComponents uri = UriComponentsBuilder.fromUriString(Iterables.getOnlyElement(redirectUris)).build(); - sectorIdentifier = uri.getHost(); // calculate based on the host of the only redirect URI - } - - if (sectorIdentifier != null) { - // if there's a sector identifier, use that for the lookup - PairwiseIdentifier pairwise = pairwiseIdentifierRepository.getBySectorIdentifier(userInfo.getSub(), sectorIdentifier); - - if (pairwise == null) { - // we don't have an identifier, need to make and save one - - pairwise = new PairwiseIdentifier(); - pairwise.setIdentifier(UUID.randomUUID().toString()); - pairwise.setUserSub(userInfo.getSub()); - pairwise.setSectorIdentifier(sectorIdentifier); - - pairwiseIdentifierRepository.save(pairwise); - } - - return pairwise.getIdentifier(); - } else { - - return null; - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java deleted file mode 100644 index d5b6a9cdc0..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java +++ /dev/null @@ -1,176 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.token; - -import java.util.Date; -import java.util.UUID; - -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.OIDCTokenService; -import org.mitre.openid.connect.service.UserInfoService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.token.TokenEnhancer; -import org.springframework.stereotype.Service; - -import com.google.common.base.Strings; -import com.google.common.collect.Lists; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.JWTClaimsSet.Builder; -import com.nimbusds.jwt.SignedJWT; - -@Service -public class ConnectTokenEnhancer implements TokenEnhancer { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(ConnectTokenEnhancer.class); - - @Autowired - private ConfigurationPropertiesBean configBean; - - @Autowired - private JWTSigningAndValidationService jwtService; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private UserInfoService userInfoService; - - @Autowired - private OIDCTokenService connectTokenService; - - @Override - public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { - - OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) accessToken; - OAuth2Request originalAuthRequest = authentication.getOAuth2Request(); - - String clientId = originalAuthRequest.getClientId(); - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - Builder builder = new JWTClaimsSet.Builder() - .claim("azp", clientId) - .issuer(configBean.getIssuer()) - .issueTime(new Date()) - .expirationTime(token.getExpiration()) - .subject(authentication.getName()) - .jwtID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it - - String audience = (String) authentication.getOAuth2Request().getExtensions().get("aud"); - if (!Strings.isNullOrEmpty(audience)) { - builder.audience(Lists.newArrayList(audience)); - } - - addCustomAccessTokenClaims(builder, token, authentication); - - JWTClaimsSet claims = builder.build(); - - JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); - JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null, - jwtService.getDefaultSignerKeyId(), - null, null); - SignedJWT signed = new SignedJWT(header, claims); - - jwtService.signJwt(signed); - - token.setJwt(signed); - - /** - * Authorization request scope MUST include "openid" in OIDC, but access token request - * may or may not include the scope parameter. As long as the AuthorizationRequest - * has the proper scope, we can consider this a valid OpenID Connect request. Otherwise, - * we consider it to be a vanilla OAuth2 request. - * - * Also, there must be a user authentication involved in the request for it to be considered - * OIDC and not OAuth, so we check for that as well. - */ - if (originalAuthRequest.getScope().contains(SystemScopeService.OPENID_SCOPE) - && !authentication.isClientOnly()) { - - String username = authentication.getName(); - UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId); - - if (userInfo != null) { - - JWT idToken = connectTokenService.createIdToken(client, - originalAuthRequest, claims.getIssueTime(), - userInfo.getSub(), token); - - // attach the id token to the parent access token - token.setIdToken(idToken); - } else { - // can't create an id token if we can't find the user - logger.warn("Request for ID token when no user is present."); - } - } - - return token; - } - - public ConfigurationPropertiesBean getConfigBean() { - return configBean; - } - - public void setConfigBean(ConfigurationPropertiesBean configBean) { - this.configBean = configBean; - } - - public JWTSigningAndValidationService getJwtService() { - return jwtService; - } - - public void setJwtService(JWTSigningAndValidationService jwtService) { - this.jwtService = jwtService; - } - - public ClientDetailsEntityService getClientService() { - return clientService; - } - - public void setClientService(ClientDetailsEntityService clientService) { - this.clientService = clientService; - } - - - /** - * Hook for subclasses that allows adding custom claims to the JWT that will be used as access token. - * @param builder the builder holding the current claims - * @param token the un-enhanced token - * @param authentication current authentication - */ - protected void addCustomAccessTokenClaims(JWTClaimsSet.Builder builder, OAuth2AccessTokenEntity token, - OAuth2Authentication authentication) { - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java deleted file mode 100644 index 821b1fafb6..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java +++ /dev/null @@ -1,271 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.token; - -import static org.mitre.openid.connect.request.ConnectRequestParameters.APPROVED_SITE; -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT; -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_CONSENT; -import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR; - -import java.util.Calendar; -import java.util.Collection; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import javax.servlet.http.HttpSession; - -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.service.ApprovedSiteService; -import org.mitre.openid.connect.service.WhitelistedSiteService; -import org.mitre.openid.connect.web.AuthenticationTimeStamper; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.ClientDetailsService; -import org.springframework.security.oauth2.provider.approval.UserApprovalHandler; -import org.springframework.stereotype.Component; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import com.google.common.base.Splitter; -import com.google.common.base.Strings; -import com.google.common.collect.Sets; - -/** - * Custom User Approval Handler implementation which uses a concept of a whitelist, - * blacklist, and greylist. - * - * Blacklisted sites will be caught and handled before this - * point. - * - * Whitelisted sites will be automatically approved, and an ApprovedSite entry will - * be created for the site the first time a given user access it. - * - * All other sites fall into the greylist - the user will be presented with the user - * approval page upon their first visit - * @author aanganes - * - */ -@Component("tofuUserApprovalHandler") -public class TofuUserApprovalHandler implements UserApprovalHandler { - - @Autowired - private ApprovedSiteService approvedSiteService; - - @Autowired - private WhitelistedSiteService whitelistedSiteService; - - @Autowired - private ClientDetailsService clientDetailsService; - - @Autowired - private SystemScopeService systemScopes; - - /** - * Check if the user has already stored a positive approval decision for this site; or if the - * site is whitelisted, approve it automatically. - * - * Otherwise, return false so that the user will see the approval page and can make their own decision. - * - * @param authorizationRequest the incoming authorization request - * @param userAuthentication the Principal representing the currently-logged-in user - * - * @return true if the site is approved, false otherwise - */ - @Override - public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { - - // if this request is already approved, pass that info through - // (this flag may be set by updateBeforeApproval, which can also do funny things with scopes, etc) - if (authorizationRequest.isApproved()) { - return true; - } else { - // if not, check to see if the user has approved it - // TODO: make parameter name configurable? - return Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval")); - } - - } - - /** - * Check if the user has already stored a positive approval decision for this site; or if the - * site is whitelisted, approve it automatically. - * - * Otherwise the user will be directed to the approval page and can make their own decision. - * - * @param authorizationRequest the incoming authorization request - * @param userAuthentication the Principal representing the currently-logged-in user - * - * @return the updated AuthorizationRequest - */ - @Override - public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { - - //First, check database to see if the user identified by the userAuthentication has stored an approval decision - - String userId = userAuthentication.getName(); - String clientId = authorizationRequest.getClientId(); - - //lookup ApprovedSites by userId and clientId - boolean alreadyApproved = false; - - // find out if we're supposed to force a prompt on the user or not - String prompt = (String) authorizationRequest.getExtensions().get(PROMPT); - List prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt)); - if (!prompts.contains(PROMPT_CONSENT)) { - // if the prompt parameter is set to "consent" then we can't use approved sites or whitelisted sites - // otherwise, we need to check them below - - Collection aps = approvedSiteService.getByClientIdAndUserId(clientId, userId); - for (ApprovedSite ap : aps) { - - if (!ap.isExpired()) { - - // if we find one that fits... - if (systemScopes.scopesMatch(ap.getAllowedScopes(), authorizationRequest.getScope())) { - - //We have a match; update the access date on the AP entry and return true. - ap.setAccessDate(new Date()); - approvedSiteService.save(ap); - - String apId = ap.getId().toString(); - authorizationRequest.getExtensions().put(APPROVED_SITE, apId); - authorizationRequest.setApproved(true); - alreadyApproved = true; - - setAuthTime(authorizationRequest); - } - } - } - - if (!alreadyApproved) { - WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId); - if (ws != null && systemScopes.scopesMatch(ws.getAllowedScopes(), authorizationRequest.getScope())) { - authorizationRequest.setApproved(true); - - setAuthTime(authorizationRequest); - } - } - } - - return authorizationRequest; - - } - - - @Override - public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { - - String userId = userAuthentication.getName(); - String clientId = authorizationRequest.getClientId(); - ClientDetails client = clientDetailsService.loadClientByClientId(clientId); - - // This must be re-parsed here because SECOAUTH forces us to call things in a strange order - if (Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval"))) { - - authorizationRequest.setApproved(true); - - // process scopes from user input - Set allowedScopes = Sets.newHashSet(); - Map approvalParams = authorizationRequest.getApprovalParameters(); - - Set keys = approvalParams.keySet(); - - for (String key : keys) { - if (key.startsWith("scope_")) { - //This is a scope parameter from the approval page. The value sent back should - //be the scope string. Check to make sure it is contained in the client's - //registered allowed scopes. - - String scope = approvalParams.get(key); - Set approveSet = Sets.newHashSet(scope); - - //Make sure this scope is allowed for the given client - if (systemScopes.scopesMatch(client.getScope(), approveSet)) { - - allowedScopes.add(scope); - } - - } - } - - // inject the user-allowed scopes into the auth request - authorizationRequest.setScope(allowedScopes); - - //Only store an ApprovedSite if the user has checked "remember this decision": - String remember = authorizationRequest.getApprovalParameters().get("remember"); - if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) { - - Date timeout = null; - if (remember.equals("one-hour")) { - // set the timeout to one hour from now - Calendar cal = Calendar.getInstance(); - cal.add(Calendar.HOUR, 1); - timeout = cal.getTime(); - } - - ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes); - String newSiteId = newSite.getId().toString(); - authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId); - } - - setAuthTime(authorizationRequest); - - - } - - return authorizationRequest; - } - - /** - * Get the auth time out of the current session and add it to the - * auth request in the extensions map. - * - * @param authorizationRequest - */ - private void setAuthTime(AuthorizationRequest authorizationRequest) { - // Get the session auth time, if we have it, and store it in the request - ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes(); - if (attr != null) { - HttpSession session = attr.getRequest().getSession(); - if (session != null) { - Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP); - if (authTime != null) { - String authTimeString = Long.toString(authTime.getTime()); - authorizationRequest.getExtensions().put(AuthenticationTimeStamper.AUTH_TIMESTAMP, authTimeString); - } - } - } - } - - @Override - public Map getUserApprovalRequest(AuthorizationRequest authorizationRequest, - Authentication userAuthentication) { - Map model = new HashMap<>(); - // In case of a redirect we might want the request parameters to be included - model.putAll(authorizationRequest.getRequestParameters()); - return model; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java deleted file mode 100644 index 789f3ce184..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java +++ /dev/null @@ -1,114 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.openid.connect.util; - -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Arrays; - -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.util.Base64URL; - -/** - * Utility class for generating hashes for access tokens and authorization codes - * to be included in an ID Token. - * - * @author Amanda Anganes - * - */ -public class IdTokenHashUtils { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(IdTokenHashUtils.class); - - /** - * Compute the SHA hash of an authorization code - * - * @param signingAlg - * @param code - * @return - */ - public static Base64URL getCodeHash(JWSAlgorithm signingAlg, String code) { - return getHash(signingAlg, code.getBytes()); - } - - /** - * Compute the SHA hash of a token - * - * @param signingAlg - * @param token - * @return - */ - public static Base64URL getAccessTokenHash(JWSAlgorithm signingAlg, OAuth2AccessTokenEntity token) { - - byte[] tokenBytes = token.getJwt().serialize().getBytes(); - - return getHash(signingAlg, tokenBytes); - - } - - public static Base64URL getHash(JWSAlgorithm signingAlg, byte[] bytes) { - - //Switch based on the given signing algorithm - use SHA-xxx with the same 'xxx' bitnumber - //as the JWSAlgorithm to hash the token. - String hashAlg = null; - - if (signingAlg.equals(JWSAlgorithm.HS256) || signingAlg.equals(JWSAlgorithm.ES256) || signingAlg.equals(JWSAlgorithm.RS256) || signingAlg.equals(JWSAlgorithm.PS256)) { - hashAlg = "SHA-256"; - } - - else if (signingAlg.equals(JWSAlgorithm.ES384) || signingAlg.equals(JWSAlgorithm.HS384) || signingAlg.equals(JWSAlgorithm.RS384) || signingAlg.equals(JWSAlgorithm.PS384)) { - hashAlg = "SHA-384"; - } - - else if (signingAlg.equals(JWSAlgorithm.ES512) || signingAlg.equals(JWSAlgorithm.HS512) || signingAlg.equals(JWSAlgorithm.RS512) || signingAlg.equals(JWSAlgorithm.PS512)) { - hashAlg = "SHA-512"; - } - - if (hashAlg != null) { - - try { - MessageDigest hasher = MessageDigest.getInstance(hashAlg); - hasher.reset(); - hasher.update(bytes); - - byte[] hashBytes = hasher.digest(); - byte[] hashBytesLeftHalf = Arrays.copyOf(hashBytes, hashBytes.length / 2); - Base64URL encodedHash = Base64URL.encode(hashBytesLeftHalf); - - return encodedHash; - - } catch (NoSuchAlgorithmException e) { - - logger.error("No such algorithm error: ", e); - - } - - } - - return null; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java deleted file mode 100644 index 719bfc8d0e..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java +++ /dev/null @@ -1,170 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.view; - -import java.io.IOException; -import java.io.Writer; -import java.lang.reflect.Type; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.oauth2.model.PKCEAlgorithm; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.gson.ExclusionStrategy; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonElement; -import com.google.gson.JsonParser; -import com.google.gson.JsonPrimitive; -import com.google.gson.JsonSerializationContext; -import com.google.gson.JsonSerializer; -import com.nimbusds.jose.EncryptionMethod; -import com.nimbusds.jose.JWEAlgorithm; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.jwk.JWKSet; -import com.nimbusds.jwt.JWT; - -/** - * - * Abstract superclass for client entity view, used with the ClientApi. - * - * @see ClientEntityViewForUsers - * @see ClientEntityViewForAdmins - * - * @author jricher - * - */ -public abstract class AbstractClientEntityView extends AbstractView { - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(AbstractClientEntityView.class); - - private JsonParser parser = new JsonParser(); - - private Gson gson = new GsonBuilder() - .setExclusionStrategies(getExclusionStrategy()) - .registerTypeAdapter(JWSAlgorithm.class, new JsonSerializer() { - @Override - public JsonElement serialize(JWSAlgorithm src, Type typeOfSrc, JsonSerializationContext context) { - if (src != null) { - return new JsonPrimitive(src.getName()); - } else { - return null; - } - } - }) - .registerTypeAdapter(JWEAlgorithm.class, new JsonSerializer() { - @Override - public JsonElement serialize(JWEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) { - if (src != null) { - return new JsonPrimitive(src.getName()); - } else { - return null; - } - } - }) - .registerTypeAdapter(EncryptionMethod.class, new JsonSerializer() { - @Override - public JsonElement serialize(EncryptionMethod src, Type typeOfSrc, JsonSerializationContext context) { - if (src != null) { - return new JsonPrimitive(src.getName()); - } else { - return null; - } - } - }) - .registerTypeAdapter(JWKSet.class, new JsonSerializer() { - @Override - public JsonElement serialize(JWKSet src, Type typeOfSrc, JsonSerializationContext context) { - if (src != null) { - return parser.parse(src.toString()); - } else { - return null; - } - } - }) - .registerTypeAdapter(JWT.class, new JsonSerializer() { - @Override - public JsonElement serialize(JWT src, Type typeOfSrc, JsonSerializationContext context) { - if (src != null) { - return new JsonPrimitive(src.serialize()); - } else { - return null; - } - } - - }) - .registerTypeAdapter(PKCEAlgorithm.class, new JsonSerializer() { - @Override - public JsonPrimitive serialize(PKCEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) { - if (src != null) { - return new JsonPrimitive(src.getName()); - } else { - return null; - } - } - }) - .serializeNulls() - .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") - .create(); - - - /** - * @return - */ - protected abstract ExclusionStrategy getExclusionStrategy(); - - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - response.setContentType(MediaType.APPLICATION_JSON_VALUE); - - - HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); - if (code == null) { - code = HttpStatus.OK; // default to 200 - } - - response.setStatus(code.value()); - - try { - - Writer out = response.getWriter(); - Object obj = model.get(JsonEntityView.ENTITY); - gson.toJson(obj, out); - - } catch (IOException e) { - - logger.error("IOException in JsonEntityView.java: ", e); - - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java deleted file mode 100644 index 7fe86f7f77..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java +++ /dev/null @@ -1,73 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.view; - -import java.util.Set; - -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; - -import com.google.common.collect.ImmutableSet; -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; - -/** - * - * View bean for full view of client entity, for admins. - * - * @see ClientEntityViewForUsers - * @author jricher - * - */ -@Component(ClientEntityViewForAdmins.VIEWNAME) -public class ClientEntityViewForAdmins extends AbstractClientEntityView { - - public static final String VIEWNAME = "clientEntityViewAdmins"; - private Set blacklistedFields = ImmutableSet.of("additionalInformation"); - - /** - * @return - */ - @Override - protected ExclusionStrategy getExclusionStrategy() { - return new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - if (blacklistedFields.contains(f.getName())) { - return true; - } else { - return false; - } - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }; - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java deleted file mode 100644 index 11f1e51dc4..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java +++ /dev/null @@ -1,77 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.view; - -import java.util.Set; - -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; - -import com.google.common.collect.ImmutableSet; -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; - -/** - * - * View bean for field-limited view of client entity, for regular users. - * - * @see AbstractClientEntityView - * @see ClientEntityViewForAdmins - * @author jricher - * - */ -@Component(ClientEntityViewForUsers.VIEWNAME) -public class ClientEntityViewForUsers extends AbstractClientEntityView { - - private Set whitelistedFields = ImmutableSet.of("clientName", "clientId", "id", "clientDescription", "scope", "logoUri"); - - public static final String VIEWNAME = "clientEntityViewUsers"; - - /* (non-Javadoc) - * @see org.mitre.openid.connect.view.AbstractClientEntityView#getExclusionStrategy() - */ - @Override - protected ExclusionStrategy getExclusionStrategy() { - return new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - // whitelist the handful of fields that are good - if (whitelistedFields.contains(f.getName())) { - return false; - } else { - return true; - } - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java deleted file mode 100644 index a4b245179e..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java +++ /dev/null @@ -1,99 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.view; - -import java.io.IOException; -import java.io.Writer; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.oauth2.model.RegisteredClient; -import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Component; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.gson.Gson; -import com.google.gson.JsonIOException; -import com.google.gson.JsonObject; - -/** - * - * Provides representation of a client's registration metadata, to be shown from the dynamic registration endpoint - * on the client_register and rotate_secret operations. - * - * @author jricher - * - */ -@Component(ClientInformationResponseView.VIEWNAME) -public class ClientInformationResponseView extends AbstractView { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(ClientInformationResponseView.class); - - public static final String VIEWNAME = "clientInformationResponseView"; - - // note that this won't serialize nulls by default - private Gson gson = new Gson(); - - /* (non-Javadoc) - * @see org.springframework.web.servlet.view.AbstractView#renderMergedOutputModel(java.util.Map, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - response.setContentType(MediaType.APPLICATION_JSON_VALUE); - - RegisteredClient c = (RegisteredClient) model.get("client"); - //OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) model.get("token"); - //String uri = (String)model.get("uri"); //request.getRequestURL() + "/" + c.getClientId(); - - HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); - if (code == null) { - code = HttpStatus.OK; - } - response.setStatus(code.value()); - - JsonObject o = ClientDetailsEntityJsonProcessor.serialize(c); - - try { - Writer out = response.getWriter(); - gson.toJson(o, out); - } catch (JsonIOException e) { - - logger.error("JsonIOException in ClientInformationResponseView.java: ", e); - - } catch (IOException e) { - - logger.error("IOException in ClientInformationResponseView.java: ", e); - - } - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java deleted file mode 100644 index bea53cd173..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java +++ /dev/null @@ -1,55 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.view; - -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.http.HttpStatus; -import org.springframework.stereotype.Component; -import org.springframework.web.servlet.view.AbstractView; - -/** - * An empty view that simply returns an HTTP code set in the model - * @author jricher - * - */ -@Component(HttpCodeView.VIEWNAME) -public class HttpCodeView extends AbstractView { - - public static final String VIEWNAME = "httpCodeView"; - - public static final String CODE = "code"; - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - HttpStatus code = (HttpStatus) model.get(CODE); - if (code == null) { - code = HttpStatus.OK; // default to 200 - } - - response.setStatus(code.value()); - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java deleted file mode 100644 index 4b84f1a8cf..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java +++ /dev/null @@ -1,126 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.view; - -import java.io.IOException; -import java.io.Writer; -import java.lang.reflect.Type; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonElement; -import com.google.gson.JsonPrimitive; -import com.google.gson.JsonSerializationContext; -import com.google.gson.JsonSerializer; - -/** - * @author jricher - * - */ -@Component(JsonApprovedSiteView.VIEWNAME) -public class JsonApprovedSiteView extends AbstractView { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(JsonApprovedSiteView.class); - - public static final String VIEWNAME = "jsonApprovedSiteView"; - - private Gson gson = new GsonBuilder() - .setExclusionStrategies(new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - - return false; - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }) - .registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer() { - @Override - public JsonElement serialize(OAuth2AccessTokenEntity src, - Type typeOfSrc, JsonSerializationContext context) { - return new JsonPrimitive(src.getId()); - } - }) - .registerTypeAdapter(WhitelistedSite.class, new JsonSerializer() { - @Override - public JsonElement serialize(WhitelistedSite src, Type typeOfSrc, JsonSerializationContext context) { - return new JsonPrimitive(src.getId()); - } - }) - .serializeNulls() - .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") - .create(); - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - response.setContentType(MediaType.APPLICATION_JSON_VALUE); - - - HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); - if (code == null) { - code = HttpStatus.OK; // default to 200 - } - - response.setStatus(code.value()); - - try { - - Writer out = response.getWriter(); - Object obj = model.get(JsonEntityView.ENTITY); - gson.toJson(obj, out); - - } catch (IOException e) { - - logger.error("IOException in JsonEntityView.java: ", e); - - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java deleted file mode 100644 index a9e9401c67..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java +++ /dev/null @@ -1,109 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.view; - -import java.io.IOException; -import java.io.Writer; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; - -/** - * @author jricher - * - */ -@Component(JsonEntityView.VIEWNAME) -public class JsonEntityView extends AbstractView { - - public static final String ENTITY = "entity"; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(JsonEntityView.class); - - public static final String VIEWNAME = "jsonEntityView"; - - private Gson gson = new GsonBuilder() - .setExclusionStrategies(new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - - return false; - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }) - .serializeNulls() - .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") - .create(); - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - response.setContentType(MediaType.APPLICATION_JSON_VALUE); - response.setCharacterEncoding("UTF-8"); - - - HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); - if (code == null) { - code = HttpStatus.OK; // default to 200 - } - - response.setStatus(code.value()); - - try { - - Writer out = response.getWriter(); - Object obj = model.get(ENTITY); - gson.toJson(obj, out); - - } catch (IOException e) { - - logger.error("IOException in JsonEntityView.java: ", e); - - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java deleted file mode 100644 index db21fffb26..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java +++ /dev/null @@ -1,123 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.view; - -import java.io.IOException; -import java.io.Writer; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.common.base.Strings; -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonObject; - -/** - * @author aanganes, jricher - * - */ -@Component(JsonErrorView.VIEWNAME) -public class JsonErrorView extends AbstractView { - - /** - * - */ - public static final String ERROR_MESSAGE = "errorMessage"; - - /** - * - */ - public static final String ERROR = "error"; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(JsonErrorView.class); - - public static final String VIEWNAME = "jsonErrorView"; - - private Gson gson = new GsonBuilder() - .setExclusionStrategies(new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - - return false; - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }) - .serializeNulls() - .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") - .create(); - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - response.setContentType(MediaType.APPLICATION_JSON_VALUE); - - - HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); - if (code == null) { - code = HttpStatus.INTERNAL_SERVER_ERROR; // default to 500 - } - - response.setStatus(code.value()); - - try { - - Writer out = response.getWriter(); - - String errorTitle = (String) model.get(ERROR); - if (Strings.isNullOrEmpty(errorTitle)) { - errorTitle = "mitreid_error"; - } - String errorMessage = (String) model.get(ERROR_MESSAGE); - JsonObject obj = new JsonObject(); - obj.addProperty("error", errorTitle); - obj.addProperty("error_description", errorMessage); - gson.toJson(obj, out); - - } catch (IOException e) { - - logger.error("IOException in JsonErrorView.java: ", e); - - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java deleted file mode 100644 index e452b352b5..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java +++ /dev/null @@ -1,164 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.view; - -import java.io.IOException; -import java.io.StringWriter; -import java.io.Writer; -import java.text.ParseException; -import java.util.Date; -import java.util.Map; -import java.util.UUID; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService; -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.jwt.signer.service.impl.ClientKeyCacheService; -import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Component; - -import com.google.common.base.Strings; -import com.google.common.collect.Lists; -import com.google.gson.JsonObject; -import com.nimbusds.jose.Algorithm; -import com.nimbusds.jose.JWEHeader; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.EncryptedJWT; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.SignedJWT; - -/** - * @author jricher - * - */ -@Component(UserInfoJWTView.VIEWNAME) -public class UserInfoJWTView extends UserInfoView { - - public static final String CLIENT = "client"; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(UserInfoJWTView.class); - - public static final String VIEWNAME = "userInfoJwtView"; - - public static final String JOSE_MEDIA_TYPE_VALUE = "application/jwt"; - public static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt"); - - - @Autowired - private JWTSigningAndValidationService jwtService; - - @Autowired - private ConfigurationPropertiesBean config; - - @Autowired - private ClientKeyCacheService encrypters; - - @Autowired - private SymmetricKeyJWTValidatorCacheService symmetricCacheService; - - @Override - protected void writeOut(JsonObject json, Map model, - HttpServletRequest request, HttpServletResponse response) { - - try { - ClientDetailsEntity client = (ClientDetailsEntity)model.get(CLIENT); - - // use the parser to import the user claims into the object - StringWriter writer = new StringWriter(); - gson.toJson(json, writer); - - response.setContentType(JOSE_MEDIA_TYPE_VALUE); - - JWTClaimsSet claims = new JWTClaimsSet.Builder(JWTClaimsSet.parse(writer.toString())) - .audience(Lists.newArrayList(client.getClientId())) - .issuer(config.getIssuer()) - .issueTime(new Date()) - .jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it - .build(); - - - if (client.getUserInfoEncryptedResponseAlg() != null && !client.getUserInfoEncryptedResponseAlg().equals(Algorithm.NONE) - && client.getUserInfoEncryptedResponseEnc() != null && !client.getUserInfoEncryptedResponseEnc().equals(Algorithm.NONE) - && (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) { - - // encrypt it to the client's key - - JWTEncryptionAndDecryptionService encrypter = encrypters.getEncrypter(client); - - if (encrypter != null) { - - EncryptedJWT encrypted = new EncryptedJWT(new JWEHeader(client.getUserInfoEncryptedResponseAlg(), client.getUserInfoEncryptedResponseEnc()), claims); - - encrypter.encryptJwt(encrypted); - - - Writer out = response.getWriter(); - out.write(encrypted.serialize()); - - } else { - logger.error("Couldn't find encrypter for client: " + client.getClientId()); - } - } else { - - JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); // default to the server's preference - if (client.getUserInfoSignedResponseAlg() != null) { - signingAlg = client.getUserInfoSignedResponseAlg(); // override with the client's preference if available - } - JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null, - jwtService.getDefaultSignerKeyId(), - null, null); - SignedJWT signed = new SignedJWT(header, claims); - - if (signingAlg.equals(JWSAlgorithm.HS256) - || signingAlg.equals(JWSAlgorithm.HS384) - || signingAlg.equals(JWSAlgorithm.HS512)) { - - // sign it with the client's secret - JWTSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client); - signer.signJwt(signed); - - } else { - // sign it with the server's key - jwtService.signJwt(signed); - } - - Writer out = response.getWriter(); - out.write(signed.serialize()); - } - } catch (IOException e) { - logger.error("IO Exception in UserInfoJwtView", e); - } catch (ParseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java deleted file mode 100644 index 73ca617f98..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java +++ /dev/null @@ -1,189 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.view; - -import java.io.IOException; -import java.io.Writer; -import java.util.HashSet; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.ScopeClaimTranslationService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; - -@Component(UserInfoView.VIEWNAME) -public class UserInfoView extends AbstractView { - - public static final String REQUESTED_CLAIMS = "requestedClaims"; - public static final String AUTHORIZED_CLAIMS = "authorizedClaims"; - public static final String SCOPE = "scope"; - public static final String USER_INFO = "userInfo"; - - public static final String VIEWNAME = "userInfoView"; - - private static JsonParser jsonParser = new JsonParser(); - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(UserInfoView.class); - - @Autowired - private ScopeClaimTranslationService translator; - - protected Gson gson = new GsonBuilder().setExclusionStrategies(new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - - return false; - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }).create(); - - /* - * (non-Javadoc) - * - * @see - * org.springframework.web.servlet.view.AbstractView#renderMergedOutputModel - * (java.util.Map, javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - UserInfo userInfo = (UserInfo) model.get(USER_INFO); - - Set scope = (Set) model.get(SCOPE); - - response.setContentType(MediaType.APPLICATION_JSON_VALUE); - response.setCharacterEncoding("UTF-8"); - - - JsonObject authorizedClaims = null; - JsonObject requestedClaims = null; - if (model.get(AUTHORIZED_CLAIMS) != null) { - authorizedClaims = jsonParser.parse((String) model.get(AUTHORIZED_CLAIMS)).getAsJsonObject(); - } - if (model.get(REQUESTED_CLAIMS) != null) { - requestedClaims = jsonParser.parse((String) model.get(REQUESTED_CLAIMS)).getAsJsonObject(); - } - JsonObject json = toJsonFromRequestObj(userInfo, scope, authorizedClaims, requestedClaims); - - writeOut(json, model, request, response); - } - - protected void writeOut(JsonObject json, Map model, HttpServletRequest request, HttpServletResponse response) { - try { - Writer out = response.getWriter(); - gson.toJson(json, out); - } catch (IOException e) { - - logger.error("IOException in UserInfoView.java: ", e); - - } - - } - - /** - * Build a JSON response according to the request object received. - * - * Claims requested in requestObj.userinfo.claims are added to any - * claims corresponding to requested scopes, if any. - * - * @param ui the UserInfo to filter - * @param scope the allowed scopes to filter by - * @param authorizedClaims the claims authorized by the client or user - * @param requestedClaims the claims requested in the RequestObject - * @return the filtered JsonObject result - */ - private JsonObject toJsonFromRequestObj(UserInfo ui, Set scope, JsonObject authorizedClaims, JsonObject requestedClaims) { - - // get the base object - JsonObject obj = ui.toJson(); - - Set allowedByScope = translator.getClaimsForScopeSet(scope); - Set authorizedByClaims = extractUserInfoClaimsIntoSet(authorizedClaims); - Set requestedByClaims = extractUserInfoClaimsIntoSet(requestedClaims); - - // Filter claims by performing a manual intersection of claims that are allowed by the given scope, requested, and authorized. - // We cannot use Sets.intersection() or similar because Entry<> objects will evaluate to being unequal if their values are - // different, whereas we are only interested in matching the Entry<>'s key values. - JsonObject result = new JsonObject(); - for (Entry entry : obj.entrySet()) { - - if (allowedByScope.contains(entry.getKey()) - || authorizedByClaims.contains(entry.getKey())) { - // it's allowed either by scope or by the authorized claims (either way is fine with us) - - if (requestedByClaims.isEmpty() || requestedByClaims.contains(entry.getKey())) { - // the requested claims are empty (so we allow all), or they're not empty and this claim was specifically asked for - result.add(entry.getKey(), entry.getValue()); - } // otherwise there were specific claims requested and this wasn't one of them - } - } - - return result; - } - - /** - * Pull the claims that have been targeted into a set for processing. - * Returns an empty set if the input is null. - * @param claims the claims request to process - */ - private Set extractUserInfoClaimsIntoSet(JsonObject claims) { - Set target = new HashSet<>(); - if (claims != null) { - JsonObject userinfoAuthorized = claims.getAsJsonObject("userinfo"); - if (userinfoAuthorized != null) { - for (Entry entry : userinfoAuthorized.entrySet()) { - target.add(entry.getKey()); - } - } - } - return target; - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java deleted file mode 100644 index 1f05baab56..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ /dev/null @@ -1,129 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.web; - -import java.security.Principal; -import java.util.Collection; - -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.service.ApprovedSiteService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonApprovedSiteView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -/** - * @author jricher - * - */ -@Controller -@RequestMapping("/" + ApprovedSiteAPI.URL) -@PreAuthorize("hasRole('ROLE_USER')") -public class ApprovedSiteAPI { - - public static final String URL = RootController.API_URL + "/approved"; - - @Autowired - private ApprovedSiteService approvedSiteService; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(ApprovedSiteAPI.class); - - /** - * Get a list of all of this user's approved sites - * @param m - * @return - */ - @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getAllApprovedSites(ModelMap m, Principal p) { - - Collection all = approvedSiteService.getByUserId(p.getName()); - - m.put(JsonEntityView.ENTITY, all); - - return JsonApprovedSiteView.VIEWNAME; - } - - /** - * Delete an approved site - * - */ - @RequestMapping(value="/{id}", method = RequestMethod.DELETE) - public String deleteApprovedSite(@PathVariable("id") Long id, ModelMap m, Principal p) { - ApprovedSite approvedSite = approvedSiteService.getById(id); - - if (approvedSite == null) { - logger.error("deleteApprovedSite failed; no approved site found for id: " + id); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete approved site. The requested approved site with id: " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } else if (!approvedSite.getUserId().equals(p.getName())) { - logger.error("deleteApprovedSite failed; principal " - + p.getName() + " does not own approved site" + id); - m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to delete this approved site. The approved site decision will not be deleted."); - return JsonErrorView.VIEWNAME; - } else { - m.put(HttpCodeView.CODE, HttpStatus.OK); - approvedSiteService.remove(approvedSite); - } - - return HttpCodeView.VIEWNAME; - } - - /** - * Get a single approved site - */ - @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getApprovedSite(@PathVariable("id") Long id, ModelMap m, Principal p) { - ApprovedSite approvedSite = approvedSiteService.getById(id); - if (approvedSite == null) { - logger.error("getApprovedSite failed; no approved site found for id: " + id); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested approved site with id: " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } else if (!approvedSite.getUserId().equals(p.getName())) { - logger.error("getApprovedSite failed; principal " - + p.getName() + " does not own approved site" + id); - m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this approved site."); - return JsonErrorView.VIEWNAME; - } else { - m.put(JsonEntityView.ENTITY, approvedSite); - return JsonApprovedSiteView.VIEWNAME; - } - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthenticationTimeStamper.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthenticationTimeStamper.java deleted file mode 100644 index 4b5bd4c2e0..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthenticationTimeStamper.java +++ /dev/null @@ -1,80 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.web; - -import java.io.IOException; -import java.util.Date; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.mitre.openid.connect.filter.AuthorizationRequestFilter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; -import org.springframework.stereotype.Component; - -/** - * This class sets a timestamp on the current HttpSession - * when someone successfully authenticates. - * - * @author jricher - * - */ -@Component("authenticationTimeStamper") -public class AuthenticationTimeStamper extends SavedRequestAwareAuthenticationSuccessHandler { - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(AuthenticationTimeStamper.class); - - public static final String AUTH_TIMESTAMP = "AUTH_TIMESTAMP"; - - /** - * Set the timestamp on the session to mark when the authentication happened, - * useful for calculating authentication age. This gets stored in the sesion - * and can get pulled out by other components. - */ - @Override - public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { - - Date authTimestamp = new Date(); - - HttpSession session = request.getSession(); - - session.setAttribute(AUTH_TIMESTAMP, authTimestamp); - - if (session.getAttribute(AuthorizationRequestFilter.PROMPT_REQUESTED) != null) { - session.setAttribute(AuthorizationRequestFilter.PROMPTED, Boolean.TRUE); - session.removeAttribute(AuthorizationRequestFilter.PROMPT_REQUESTED); - } - - logger.info("Successful Authentication of " + authentication.getName() + " at " + authTimestamp.toString()); - - super.onAuthenticationSuccess(request, response, authentication); - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java deleted file mode 100644 index 6757df8080..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java +++ /dev/null @@ -1,210 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.web; - -import java.security.Principal; -import java.util.Collection; - -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.service.BlacklistedSiteService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.gson.Gson; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; - -/** - * @author jricher - * - */ -@Controller -@RequestMapping("/" + BlacklistAPI.URL) -@PreAuthorize("hasRole('ROLE_ADMIN')") -public class BlacklistAPI { - - public static final String URL = RootController.API_URL + "/blacklist"; - - @Autowired - private BlacklistedSiteService blacklistService; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(BlacklistAPI.class); - - private Gson gson = new Gson(); - private JsonParser parser = new JsonParser(); - - /** - * Get a list of all blacklisted sites - * @param m - * @return - */ - @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getAllBlacklistedSites(ModelMap m) { - - Collection all = blacklistService.getAll(); - - m.put(JsonEntityView.ENTITY, all); - - return JsonEntityView.VIEWNAME; - } - - /** - * Create a new blacklisted site - * @param jsonString - * @param m - * @param p - * @return - */ - @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public String addNewBlacklistedSite(@RequestBody String jsonString, ModelMap m, Principal p) { - - JsonObject json; - - BlacklistedSite blacklist = null; - - try { - - json = parser.parse(jsonString).getAsJsonObject(); - blacklist = gson.fromJson(json, BlacklistedSite.class); - BlacklistedSite newBlacklist = blacklistService.saveNew(blacklist); - m.put(JsonEntityView.ENTITY, newBlacklist); - - } - catch (JsonSyntaxException e) { - logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e); - m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } catch (IllegalStateException e) { - logger.error("addNewBlacklistedSite failed due to IllegalStateException", e); - m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } - - return JsonEntityView.VIEWNAME; - - } - - /** - * Update an existing blacklisted site - */ - @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public String updateBlacklistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) { - - JsonObject json; - - BlacklistedSite blacklist = null; - - try { - - json = parser.parse(jsonString).getAsJsonObject(); - blacklist = gson.fromJson(json, BlacklistedSite.class); - - } - catch (JsonSyntaxException e) { - logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e); - m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } catch (IllegalStateException e) { - logger.error("updateBlacklistedSite failed due to IllegalStateException", e); - m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } - - - BlacklistedSite oldBlacklist = blacklistService.getById(id); - - if (oldBlacklist == null) { - logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found"); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found."); - return JsonErrorView.VIEWNAME; - } else { - - BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist); - - m.put(JsonEntityView.ENTITY, newBlacklist); - - return JsonEntityView.VIEWNAME; - } - } - - /** - * Delete a blacklisted site - * - */ - @RequestMapping(value="/{id}", method = RequestMethod.DELETE) - public String deleteBlacklistedSite(@PathVariable("id") Long id, ModelMap m) { - BlacklistedSite blacklist = blacklistService.getById(id); - - if (blacklist == null) { - logger.error("deleteBlacklistedSite failed; blacklist with id " + id + " could not be found"); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } else { - m.put(HttpCodeView.CODE, HttpStatus.OK); - blacklistService.remove(blacklist); - } - - return HttpCodeView.VIEWNAME; - } - - /** - * Get a single blacklisted site - */ - @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) { - BlacklistedSite blacklist = blacklistService.getById(id); - if (blacklist == null) { - logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found"); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } else { - - m.put(JsonEntityView.ENTITY, blacklist); - - return JsonEntityView.VIEWNAME; - } - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java deleted file mode 100644 index 45ba59901c..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ /dev/null @@ -1,672 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.web; - -import java.lang.reflect.Type; -import java.sql.SQLIntegrityConstraintViolationException; -import java.text.ParseException; -import java.util.Collection; - -import javax.persistence.PersistenceException; - -import org.eclipse.persistence.exceptions.DatabaseException; -import org.mitre.jwt.assertion.AssertionValidator; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AppType; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.oauth2.model.PKCEAlgorithm; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.web.AuthenticationUtilities; -import org.mitre.openid.connect.exception.ValidationException; -import org.mitre.openid.connect.model.CachedImage; -import org.mitre.openid.connect.service.ClientLogoLoadingService; -import org.mitre.openid.connect.view.ClientEntityViewForAdmins; -import org.mitre.openid.connect.view.ClientEntityViewForUsers; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.servlet.ModelAndView; - -import com.google.common.base.Strings; -import com.google.common.collect.Sets; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonDeserializationContext; -import com.google.gson.JsonDeserializer; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParseException; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; -import com.nimbusds.jose.Algorithm; -import com.nimbusds.jose.EncryptionMethod; -import com.nimbusds.jose.JWEAlgorithm; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.jwk.JWKSet; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.JWTParser; - -import static org.mitre.oauth2.model.RegisteredClientFields.APPLICATION_TYPE; -import static org.mitre.oauth2.model.RegisteredClientFields.CLAIMS_REDIRECT_URIS; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID_ISSUED_AT; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_NAME; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET_EXPIRES_AT; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.CONTACTS; -import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_ACR_VALUES; -import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_MAX_AGE; -import static org.mitre.oauth2.model.RegisteredClientFields.GRANT_TYPES; -import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_ENCRYPTED_RESPONSE_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_ENCRYPTED_RESPONSE_ENC; -import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_SIGNED_RESPONSE_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.INITIATE_LOGIN_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.JWKS; -import static org.mitre.oauth2.model.RegisteredClientFields.JWKS_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.LOGO_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.POLICY_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.POST_LOGOUT_REDIRECT_URIS; -import static org.mitre.oauth2.model.RegisteredClientFields.REDIRECT_URIS; -import static org.mitre.oauth2.model.RegisteredClientFields.REGISTRATION_ACCESS_TOKEN; -import static org.mitre.oauth2.model.RegisteredClientFields.REGISTRATION_CLIENT_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.REQUEST_OBJECT_SIGNING_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.REQUEST_URIS; -import static org.mitre.oauth2.model.RegisteredClientFields.REQUIRE_AUTH_TIME; -import static org.mitre.oauth2.model.RegisteredClientFields.RESPONSE_TYPES; -import static org.mitre.oauth2.model.RegisteredClientFields.SCOPE; -import static org.mitre.oauth2.model.RegisteredClientFields.SECTOR_IDENTIFIER_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.SOFTWARE_STATEMENT; -import static org.mitre.oauth2.model.RegisteredClientFields.SUBJECT_TYPE; -import static org.mitre.oauth2.model.RegisteredClientFields.TOKEN_ENDPOINT_AUTH_METHOD; -import static org.mitre.oauth2.model.RegisteredClientFields.TOKEN_ENDPOINT_AUTH_SIGNING_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.TOS_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ENC; -import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_SIGNED_RESPONSE_ALG; - -/** - * @author Michael Jett - */ - -@Controller -@RequestMapping("/" + ClientAPI.URL) -@PreAuthorize("hasRole('ROLE_USER')") -public class ClientAPI { - - public static final String URL = RootController.API_URL + "/clients"; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private ClientLogoLoadingService clientLogoLoadingService; - - @Autowired - @Qualifier("clientAssertionValidator") - private AssertionValidator assertionValidator; - - private JsonParser parser = new JsonParser(); - - private Gson gson = new GsonBuilder() - .serializeNulls() - .registerTypeAdapter(JWSAlgorithm.class, new JsonDeserializer() { - @Override - public JWSAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { - if (json.isJsonPrimitive()) { - return JWSAlgorithm.parse(json.getAsString()); - } else { - return null; - } - } - }) - .registerTypeAdapter(JWEAlgorithm.class, new JsonDeserializer() { - @Override - public JWEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { - if (json.isJsonPrimitive()) { - return JWEAlgorithm.parse(json.getAsString()); - } else { - return null; - } - } - }) - .registerTypeAdapter(EncryptionMethod.class, new JsonDeserializer() { - @Override - public EncryptionMethod deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { - if (json.isJsonPrimitive()) { - return EncryptionMethod.parse(json.getAsString()); - } else { - return null; - } - } - }) - .registerTypeAdapter(JWKSet.class, new JsonDeserializer() { - @Override - public JWKSet deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { - if (json.isJsonObject()) { - try { - return JWKSet.parse(json.toString()); - } catch (ParseException e) { - return null; - } - } else { - return null; - } - } - }) - .registerTypeAdapter(JWT.class, new JsonDeserializer() { - @Override - public JWT deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { - if (json.isJsonPrimitive()) { - try { - return JWTParser.parse(json.getAsString()); - } catch (ParseException e) { - return null; - } - } else { - return null; - } - } - }) - .registerTypeAdapter(PKCEAlgorithm.class, new JsonDeserializer() { - @Override - public PKCEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { - if (json.isJsonPrimitive()) { - return PKCEAlgorithm.parse(json.getAsString()); - } else { - return null; - } - } - }) - .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") - .create(); - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(ClientAPI.class); - - /** - * Get a list of all clients - * @param modelAndView - * @return - */ - @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String apiGetAllClients(Model model, Authentication auth) { - - Collection clients = clientService.getAllClients(); - model.addAttribute(JsonEntityView.ENTITY, clients); - - if (AuthenticationUtilities.isAdmin(auth)) { - return ClientEntityViewForAdmins.VIEWNAME; - } else { - return ClientEntityViewForUsers.VIEWNAME; - } - } - - /** - * Create a new client - * @param json - * @param m - * @param principal - * @return - */ - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public String apiAddClient(@RequestBody String jsonString, Model m, Authentication auth) { - - JsonObject json = null; - ClientDetailsEntity client = null; - - try { - json = parser.parse(jsonString).getAsJsonObject(); - client = gson.fromJson(json, ClientDetailsEntity.class); - client = validateSoftwareStatement(client); - } catch (JsonSyntaxException e) { - logger.error("apiAddClient failed due to JsonSyntaxException", e); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } catch (IllegalStateException e) { - logger.error("apiAddClient failed due to IllegalStateException", e); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } catch (ValidationException e) { - logger.error("apiUpdateClient failed due to ValidationException", e); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The server encountered a ValidationException."); - return JsonErrorView.VIEWNAME; - } - - // if they leave the client identifier empty, force it to be generated - if (Strings.isNullOrEmpty(client.getClientId())) { - client = clientService.generateClientId(client); - } - - if (client.getTokenEndpointAuthMethod() == null || - client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) { - // we shouldn't have a secret for this client - - client.setClientSecret(null); - - } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) - || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) - || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) { - - // if they've asked for us to generate a client secret (or they left it blank but require one), do so here - if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean() - || Strings.isNullOrEmpty(client.getClientSecret())) { - client = clientService.generateClientSecret(client); - } - - } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) { - - if (Strings.isNullOrEmpty(client.getJwksUri()) && client.getJwks() == null) { - logger.error("tried to create client with private key auth but no private key"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Can not create a client with private key authentication without registering a key via the JWK Set URI or JWK Set Value."); - return JsonErrorView.VIEWNAME; - } - - // otherwise we shouldn't have a secret for this client - client.setClientSecret(null); - - } else { - - logger.error("unknown auth method"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unknown auth method requested"); - return JsonErrorView.VIEWNAME; - - - } - - client.setDynamicallyRegistered(false); - - try { - ClientDetailsEntity newClient = clientService.saveNewClient(client); - m.addAttribute(JsonEntityView.ENTITY, newClient); - - if (AuthenticationUtilities.isAdmin(auth)) { - return ClientEntityViewForAdmins.VIEWNAME; - } else { - return ClientEntityViewForUsers.VIEWNAME; - } - } catch (IllegalArgumentException e) { - logger.error("Unable to save client: {}", e.getMessage()); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client: " + e.getMessage()); - return JsonErrorView.VIEWNAME; - } catch (PersistenceException e) { - Throwable cause = e.getCause(); - if (cause instanceof DatabaseException) { - Throwable databaseExceptionCause = cause.getCause(); - if(databaseExceptionCause instanceof SQLIntegrityConstraintViolationException) { - logger.error("apiAddClient failed; duplicate client id entry found: {}", client.getClientId()); - m.addAttribute(HttpCodeView.CODE, HttpStatus.CONFLICT); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client. Duplicate client id entry found: " + client.getClientId()); - return JsonErrorView.VIEWNAME; - } - } - throw e; - } - } - - /** - * Update an existing client - * @param id - * @param jsonString - * @param m - * @param principal - * @return - */ - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public String apiUpdateClient(@PathVariable("id") Long id, @RequestBody String jsonString, Model m, Authentication auth) { - - JsonObject json = null; - ClientDetailsEntity client = null; - - try { - // parse the client passed in (from JSON) and fetch the old client from the store - json = parser.parse(jsonString).getAsJsonObject(); - client = gson.fromJson(json, ClientDetailsEntity.class); - client = validateSoftwareStatement(client); - } catch (JsonSyntaxException e) { - logger.error("apiUpdateClient failed due to JsonSyntaxException", e); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } catch (IllegalStateException e) { - logger.error("apiUpdateClient failed due to IllegalStateException", e); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } catch (ValidationException e) { - logger.error("apiUpdateClient failed due to ValidationException", e); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The server encountered a ValidationException."); - return JsonErrorView.VIEWNAME; - } - - ClientDetailsEntity oldClient = clientService.getClientById(id); - - if (oldClient == null) { - logger.error("apiUpdateClient failed; client with id " + id + " could not be found."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The requested client with id " + id + "could not be found."); - return JsonErrorView.VIEWNAME; - } - - // if they leave the client identifier empty, force it to be generated - if (Strings.isNullOrEmpty(client.getClientId())) { - client = clientService.generateClientId(client); - } - - if (client.getTokenEndpointAuthMethod() == null || - client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) { - // we shouldn't have a secret for this client - - client.setClientSecret(null); - - } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) - || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) - || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) { - - // if they've asked for us to generate a client secret (or they left it blank but require one), do so here - if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean() - || Strings.isNullOrEmpty(client.getClientSecret())) { - client = clientService.generateClientSecret(client); - } - - } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) { - - if (Strings.isNullOrEmpty(client.getJwksUri()) && client.getJwks() == null) { - logger.error("tried to create client with private key auth but no private key"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Can not create a client with private key authentication without registering a key via the JWK Set URI or JWK Set Value."); - return JsonErrorView.VIEWNAME; - } - - // otherwise we shouldn't have a secret for this client - client.setClientSecret(null); - - } else { - - logger.error("unknown auth method"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unknown auth method requested"); - return JsonErrorView.VIEWNAME; - - - } - - try { - ClientDetailsEntity newClient = clientService.updateClient(oldClient, client); - m.addAttribute(JsonEntityView.ENTITY, newClient); - - if (AuthenticationUtilities.isAdmin(auth)) { - return ClientEntityViewForAdmins.VIEWNAME; - } else { - return ClientEntityViewForUsers.VIEWNAME; - } - } catch (IllegalArgumentException e) { - logger.error("Unable to save client: {}", e.getMessage()); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client: " + e.getMessage()); - return JsonErrorView.VIEWNAME; - } - } - - /** - * Delete a client - * @param id - * @param modelAndView - * @return - */ - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value="/{id}", method=RequestMethod.DELETE) - public String apiDeleteClient(@PathVariable("id") Long id, ModelAndView modelAndView) { - - ClientDetailsEntity client = clientService.getClientById(id); - - if (client == null) { - logger.error("apiDeleteClient failed; client with id " + id + " could not be found."); - modelAndView.getModelMap().put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - modelAndView.getModelMap().put(JsonErrorView.ERROR_MESSAGE, "Could not delete client. The requested client with id " + id + "could not be found."); - return JsonErrorView.VIEWNAME; - } else { - modelAndView.getModelMap().put(HttpCodeView.CODE, HttpStatus.OK); - clientService.deleteClient(client); - } - - return HttpCodeView.VIEWNAME; - } - - - /** - * Get an individual client - * @param id - * @param modelAndView - * @return - */ - @RequestMapping(value="/{id}", method=RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String apiShowClient(@PathVariable("id") Long id, Model model, Authentication auth) { - - ClientDetailsEntity client = clientService.getClientById(id); - - if (client == null) { - logger.error("apiShowClient failed; client with id " + id + " could not be found."); - model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - model.addAttribute(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + id + " could not be found."); - return JsonErrorView.VIEWNAME; - } - - model.addAttribute(JsonEntityView.ENTITY, client); - - if (AuthenticationUtilities.isAdmin(auth)) { - return ClientEntityViewForAdmins.VIEWNAME; - } else { - return ClientEntityViewForUsers.VIEWNAME; - } - } - - /** - * Get the logo image for a client - * @param id - */ - @RequestMapping(value = "/{id}/logo", method=RequestMethod.GET, produces = { MediaType.IMAGE_GIF_VALUE, MediaType.IMAGE_JPEG_VALUE, MediaType.IMAGE_PNG_VALUE }) - public ResponseEntity getClientLogo(@PathVariable("id") Long id, Model model) { - - ClientDetailsEntity client = clientService.getClientById(id); - - if (client == null) { - return new ResponseEntity<>(HttpStatus.NOT_FOUND); - } else if (Strings.isNullOrEmpty(client.getLogoUri())) { - return new ResponseEntity<>(HttpStatus.NOT_FOUND); - } else { - // get the image from cache - CachedImage image = clientLogoLoadingService.getLogo(client); - - HttpHeaders headers = new HttpHeaders(); - headers.setContentType(MediaType.parseMediaType(image.getContentType())); - headers.setContentLength(image.getLength()); - - return new ResponseEntity<>(image.getData(), headers, HttpStatus.OK); - } - } - - private ClientDetailsEntity validateSoftwareStatement(ClientDetailsEntity newClient) throws ValidationException { - if (newClient.getSoftwareStatement() != null) { - if (assertionValidator.isValid(newClient.getSoftwareStatement())) { - // we have a software statement and its envelope passed all the checks from our validator - - // swap out all of the client's fields for the associated parts of the software statement - try { - JWTClaimsSet claimSet = newClient.getSoftwareStatement().getJWTClaimsSet(); - for (String claim : claimSet.getClaims().keySet()) { - switch (claim) { - case SOFTWARE_STATEMENT: - throw new ValidationException("invalid_client_metadata", "Software statement can't include another software statement", HttpStatus.BAD_REQUEST); - case CLAIMS_REDIRECT_URIS: - newClient.setClaimsRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case CLIENT_SECRET_EXPIRES_AT: - throw new ValidationException("invalid_client_metadata", "Software statement can't include a client secret expiration time", HttpStatus.BAD_REQUEST); - case CLIENT_ID_ISSUED_AT: - throw new ValidationException("invalid_client_metadata", "Software statement can't include a client ID issuance time", HttpStatus.BAD_REQUEST); - case REGISTRATION_CLIENT_URI: - throw new ValidationException("invalid_client_metadata", "Software statement can't include a client configuration endpoint", HttpStatus.BAD_REQUEST); - case REGISTRATION_ACCESS_TOKEN: - throw new ValidationException("invalid_client_metadata", "Software statement can't include a client registration access token", HttpStatus.BAD_REQUEST); - case REQUEST_URIS: - newClient.setRequestUris(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case POST_LOGOUT_REDIRECT_URIS: - newClient.setPostLogoutRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case INITIATE_LOGIN_URI: - newClient.setInitiateLoginUri(claimSet.getStringClaim(claim)); - break; - case DEFAULT_ACR_VALUES: - newClient.setDefaultACRvalues(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case REQUIRE_AUTH_TIME: - newClient.setRequireAuthTime(claimSet.getBooleanClaim(claim)); - break; - case DEFAULT_MAX_AGE: - newClient.setDefaultMaxAge(claimSet.getIntegerClaim(claim)); - break; - case TOKEN_ENDPOINT_AUTH_SIGNING_ALG: - newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case ID_TOKEN_ENCRYPTED_RESPONSE_ENC: - newClient.setIdTokenEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim))); - break; - case ID_TOKEN_ENCRYPTED_RESPONSE_ALG: - newClient.setIdTokenEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case ID_TOKEN_SIGNED_RESPONSE_ALG: - newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case USERINFO_ENCRYPTED_RESPONSE_ENC: - newClient.setUserInfoEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim))); - break; - case USERINFO_ENCRYPTED_RESPONSE_ALG: - newClient.setUserInfoEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case USERINFO_SIGNED_RESPONSE_ALG: - newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case REQUEST_OBJECT_SIGNING_ALG: - newClient.setRequestObjectSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case SUBJECT_TYPE: - newClient.setSubjectType(SubjectType.getByValue(claimSet.getStringClaim(claim))); - break; - case SECTOR_IDENTIFIER_URI: - newClient.setSectorIdentifierUri(claimSet.getStringClaim(claim)); - break; - case APPLICATION_TYPE: - newClient.setApplicationType(AppType.getByValue(claimSet.getStringClaim(claim))); - break; - case JWKS_URI: - newClient.setJwksUri(claimSet.getStringClaim(claim)); - break; - case JWKS: - newClient.setJwks(JWKSet.parse(claimSet.getJSONObjectClaim(claim).toJSONString())); - break; - case POLICY_URI: - newClient.setPolicyUri(claimSet.getStringClaim(claim)); - break; - case RESPONSE_TYPES: - newClient.setResponseTypes(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case GRANT_TYPES: - newClient.setGrantTypes(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case SCOPE: - newClient.setScope(OAuth2Utils.parseParameterList(claimSet.getStringClaim(claim))); - break; - case TOKEN_ENDPOINT_AUTH_METHOD: - newClient.setTokenEndpointAuthMethod(AuthMethod.getByValue(claimSet.getStringClaim(claim))); - break; - case TOS_URI: - newClient.setTosUri(claimSet.getStringClaim(claim)); - break; - case CONTACTS: - newClient.setContacts(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case LOGO_URI: - newClient.setLogoUri(claimSet.getStringClaim(claim)); - break; - case CLIENT_URI: - newClient.setClientUri(claimSet.getStringClaim(claim)); - break; - case CLIENT_NAME: - newClient.setClientName(claimSet.getStringClaim(claim)); - break; - case REDIRECT_URIS: - newClient.setRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case CLIENT_SECRET: - throw new ValidationException("invalid_client_metadata", "Software statement can't contain client secret", HttpStatus.BAD_REQUEST); - case CLIENT_ID: - throw new ValidationException("invalid_client_metadata", "Software statement can't contain client ID", HttpStatus.BAD_REQUEST); - - default: - logger.warn("Software statement contained unknown field: " + claim + " with value " + claimSet.getClaim(claim)); - break; - } - } - - return newClient; - } catch (ParseException e) { - throw new ValidationException("invalid_client_metadata", "Software statement claims didn't parse", HttpStatus.BAD_REQUEST); - } - } else { - throw new ValidationException("invalid_client_metadata", "Software statement rejected by validator", HttpStatus.BAD_REQUEST); - } - } else { - // nothing to see here, carry on - return newClient; - } - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java deleted file mode 100644 index 84b0de503b..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java +++ /dev/null @@ -1,156 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.web; - -import java.io.IOException; -import java.io.Reader; -import java.security.Principal; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.List; - -import javax.servlet.http.HttpServletResponse; - -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mitre.openid.connect.service.impl.MITREidDataService_1_3; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.common.collect.ImmutableList; -import com.google.gson.stream.JsonReader; -import com.google.gson.stream.JsonToken; -import com.google.gson.stream.JsonWriter; - -/** - * API endpoint for importing and exporting the current state of a server. - * Includes all tokens, grants, whitelists, blacklists, and clients. - * - * @author jricher - * - */ -@Controller -@RequestMapping("/" + DataAPI.URL) -@PreAuthorize("hasRole('ROLE_ADMIN')") // you need to be an admin to even think about this -- this is a potentially dangerous API!! -public class DataAPI { - - public static final String URL = RootController.API_URL + "/data"; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(DataAPI.class); - - private SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"); - - @Autowired - private ConfigurationPropertiesBean config; - - @Autowired - private List importers; - - private List supportedVersions = ImmutableList.of( - MITREidDataService.MITREID_CONNECT_1_0, - MITREidDataService.MITREID_CONNECT_1_1, - MITREidDataService.MITREID_CONNECT_1_2, - MITREidDataService.MITREID_CONNECT_1_3); - - @Autowired - private MITREidDataService_1_3 exporter; - - @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) - public String importData(Reader in, Model m) throws IOException { - - JsonReader reader = new JsonReader(in); - - reader.beginObject(); - - while (reader.hasNext()) { - JsonToken tok = reader.peek(); - switch (tok) { - case NAME: - String name = reader.nextName(); - - if (supportedVersions.contains(name)) { - // we're working with a known data version tag - for (MITREidDataService dataService : importers) { - // dispatch to the correct service - if (dataService.supportsVersion(name)) { - dataService.importData(reader); - break; - } - } - } else { - // consume the next bit silently for now - logger.debug("Skipping value for " + name); // TODO: write these out? - reader.skipValue(); - } - break; - case END_OBJECT: - break; - case END_DOCUMENT: - break; - } - } - - reader.endObject(); - - return "httpCodeView"; - } - - @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public void exportData(HttpServletResponse resp, Principal prin) throws IOException { - - resp.setContentType(MediaType.APPLICATION_JSON_VALUE); - - // this writer puts things out onto the wire - JsonWriter writer = new JsonWriter(resp.getWriter()); - writer.setIndent(" "); - - try { - - writer.beginObject(); - - writer.name("exported-at"); - writer.value(dateFormat.format(new Date())); - - writer.name("exported-from"); - writer.value(config.getIssuer()); - - writer.name("exported-by"); - writer.value(prin.getName()); - - // delegate to the service to do the actual export - exporter.exportData(writer); - - writer.endObject(); // end root - writer.close(); - - } catch (IOException e) { - logger.error("Unable to export data", e); - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java deleted file mode 100644 index 79ea68116c..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java +++ /dev/null @@ -1,772 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.web; - -import java.io.UnsupportedEncodingException; -import java.text.ParseException; -import java.util.Date; -import java.util.HashSet; -import java.util.Set; -import java.util.concurrent.TimeUnit; - -import org.mitre.jwt.assertion.AssertionValidator; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AppType; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.RegisteredClient; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.exception.ValidationException; -import org.mitre.openid.connect.service.BlacklistedSiteService; -import org.mitre.openid.connect.service.OIDCTokenService; -import org.mitre.openid.connect.view.ClientInformationResponseView; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.util.UriUtils; - -import com.google.common.base.Strings; -import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Sets; -import com.google.gson.JsonSyntaxException; -import com.nimbusds.jose.EncryptionMethod; -import com.nimbusds.jose.JWEAlgorithm; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.jwk.JWKSet; -import com.nimbusds.jwt.JWTClaimsSet; - -import static org.mitre.oauth2.model.RegisteredClientFields.APPLICATION_TYPE; -import static org.mitre.oauth2.model.RegisteredClientFields.CLAIMS_REDIRECT_URIS; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID_ISSUED_AT; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_NAME; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET_EXPIRES_AT; -import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.CONTACTS; -import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_ACR_VALUES; -import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_MAX_AGE; -import static org.mitre.oauth2.model.RegisteredClientFields.GRANT_TYPES; -import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_ENCRYPTED_RESPONSE_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_ENCRYPTED_RESPONSE_ENC; -import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_SIGNED_RESPONSE_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.INITIATE_LOGIN_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.JWKS; -import static org.mitre.oauth2.model.RegisteredClientFields.JWKS_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.LOGO_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.POLICY_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.POST_LOGOUT_REDIRECT_URIS; -import static org.mitre.oauth2.model.RegisteredClientFields.REDIRECT_URIS; -import static org.mitre.oauth2.model.RegisteredClientFields.REGISTRATION_ACCESS_TOKEN; -import static org.mitre.oauth2.model.RegisteredClientFields.REGISTRATION_CLIENT_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.REQUEST_OBJECT_SIGNING_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.REQUEST_URIS; -import static org.mitre.oauth2.model.RegisteredClientFields.REQUIRE_AUTH_TIME; -import static org.mitre.oauth2.model.RegisteredClientFields.RESPONSE_TYPES; -import static org.mitre.oauth2.model.RegisteredClientFields.SCOPE; -import static org.mitre.oauth2.model.RegisteredClientFields.SECTOR_IDENTIFIER_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.SOFTWARE_STATEMENT; -import static org.mitre.oauth2.model.RegisteredClientFields.SUBJECT_TYPE; -import static org.mitre.oauth2.model.RegisteredClientFields.TOKEN_ENDPOINT_AUTH_METHOD; -import static org.mitre.oauth2.model.RegisteredClientFields.TOKEN_ENDPOINT_AUTH_SIGNING_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.TOS_URI; -import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ALG; -import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ENC; -import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_SIGNED_RESPONSE_ALG; - -@Controller -@RequestMapping(value = DynamicClientRegistrationEndpoint.URL) -public class DynamicClientRegistrationEndpoint { - - public static final String URL = "register"; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private OAuth2TokenEntityService tokenService; - - @Autowired - private SystemScopeService scopeService; - - @Autowired - private BlacklistedSiteService blacklistService; - - @Autowired - private ConfigurationPropertiesBean config; - - @Autowired - private OIDCTokenService connectTokenService; - - @Autowired - @Qualifier("clientAssertionValidator") - private AssertionValidator assertionValidator; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(DynamicClientRegistrationEndpoint.class); - - /** - * Create a new Client, issue a client ID, and create a registration access token. - * @param jsonString - * @param m - * @param p - * @return - */ - @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public String registerNewClient(@RequestBody String jsonString, Model m) { - - ClientDetailsEntity newClient = null; - try { - newClient = ClientDetailsEntityJsonProcessor.parse(jsonString); - } catch (JsonSyntaxException e) { - // bad parse - // didn't parse, this is a bad request - logger.error("registerNewClient failed; submitted JSON is malformed"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - return HttpCodeView.VIEWNAME; - } - - if (newClient != null) { - // it parsed! - - // - // Now do some post-processing consistency checks on it - // - - // clear out any spurious id/secret (clients don't get to pick) - newClient.setClientId(null); - newClient.setClientSecret(null); - - // do validation on the fields - try { - newClient = validateSoftwareStatement(newClient); // need to handle the software statement first because it might override requested values - newClient = validateScopes(newClient); - newClient = validateResponseTypes(newClient); - newClient = validateGrantTypes(newClient); - newClient = validateRedirectUris(newClient); - newClient = validateAuth(newClient); - } catch (ValidationException ve) { - // validation failed, return an error - m.addAttribute(JsonErrorView.ERROR, ve.getError()); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, ve.getErrorDescription()); - m.addAttribute(HttpCodeView.CODE, ve.getStatus()); - return JsonErrorView.VIEWNAME; - } - - if (newClient.getTokenEndpointAuthMethod() == null) { - newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); - } - - if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || - newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || - newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { - - // we need to generate a secret - newClient = clientService.generateClientSecret(newClient); - } - - // set some defaults for token timeouts - if (config.isHeartMode()) { - // heart mode has different defaults depending on primary grant type - if (newClient.getGrantTypes().contains("authorization_code")) { - newClient.setAccessTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(1)); // access tokens good for 1hr - newClient.setIdTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(5)); // id tokens good for 5min - newClient.setRefreshTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(24)); // refresh tokens good for 24hr - } else if (newClient.getGrantTypes().contains("implicit")) { - newClient.setAccessTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(15)); // access tokens good for 15min - newClient.setIdTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(5)); // id tokens good for 5min - newClient.setRefreshTokenValiditySeconds(0); // no refresh tokens - } else if (newClient.getGrantTypes().contains("client_credentials")) { - newClient.setAccessTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(6)); // access tokens good for 6hr - newClient.setIdTokenValiditySeconds(0); // no id tokens - newClient.setRefreshTokenValiditySeconds(0); // no refresh tokens - } - } else { - newClient.setAccessTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(1)); // access tokens good for 1hr - newClient.setIdTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(10)); // id tokens good for 10min - newClient.setRefreshTokenValiditySeconds(null); // refresh tokens good until revoked - } - - // this client has been dynamically registered (obviously) - newClient.setDynamicallyRegistered(true); - - // this client can't do token introspection - newClient.setAllowIntrospection(false); - - // now save it - try { - ClientDetailsEntity savedClient = clientService.saveNewClient(newClient); - - // generate the registration access token - OAuth2AccessTokenEntity token = connectTokenService.createRegistrationAccessToken(savedClient); - token = tokenService.saveAccessToken(token); - - // send it all out to the view - - RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); - m.addAttribute("client", registered); - m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201 - - return ClientInformationResponseView.VIEWNAME; - } catch (IllegalArgumentException e) { - logger.error("Couldn't save client", e); - - m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - - return JsonErrorView.VIEWNAME; - } - } else { - // didn't parse, this is a bad request - logger.error("registerNewClient failed; submitted JSON is malformed"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - - return HttpCodeView.VIEWNAME; - } - - } - - /** - * Get the meta information for a client. - * @param clientId - * @param m - * @param auth - * @return - */ - @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String readClientConfiguration(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { - - OAuth2AccessTokenEntity token = rotateRegistrationTokenIfNecessary(auth, client); - RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(client.getClientId(), "UTF-8")); - - // send it all out to the view - m.addAttribute("client", registered); - m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 - - return ClientInformationResponseView.VIEWNAME; - - } else { - // client mismatch - logger.error("readClientConfiguration failed, client ID mismatch: " - + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 - - return HttpCodeView.VIEWNAME; - } - } - - /** - * Update the metainformation for a given client. - * @param clientId - * @param jsonString - * @param m - * @param auth - * @return - */ - @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) - public String updateClient(@PathVariable("id") String clientId, @RequestBody String jsonString, Model m, OAuth2Authentication auth) { - - - ClientDetailsEntity newClient = null; - try { - newClient = ClientDetailsEntityJsonProcessor.parse(jsonString); - } catch (JsonSyntaxException e) { - // bad parse - // didn't parse, this is a bad request - logger.error("updateClient failed; submitted JSON is malformed"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - return HttpCodeView.VIEWNAME; - } - ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); - - if (newClient != null && oldClient != null // we have an existing client and the new one parsed - && oldClient.getClientId().equals(auth.getOAuth2Request().getClientId()) // the client passed in the URI matches the one in the auth - && oldClient.getClientId().equals(newClient.getClientId()) // the client passed in the body matches the one in the URI - ) { - - // a client can't ask to update its own client secret to any particular value - newClient.setClientSecret(oldClient.getClientSecret()); - - // we need to copy over all of the local and SECOAUTH fields - newClient.setAccessTokenValiditySeconds(oldClient.getAccessTokenValiditySeconds()); - newClient.setIdTokenValiditySeconds(oldClient.getIdTokenValiditySeconds()); - newClient.setRefreshTokenValiditySeconds(oldClient.getRefreshTokenValiditySeconds()); - newClient.setDynamicallyRegistered(true); // it's still dynamically registered - newClient.setAllowIntrospection(false); // dynamically registered clients can't do introspection -- use the resource registration instead - newClient.setAuthorities(oldClient.getAuthorities()); - newClient.setClientDescription(oldClient.getClientDescription()); - newClient.setCreatedAt(oldClient.getCreatedAt()); - newClient.setReuseRefreshToken(oldClient.isReuseRefreshToken()); - - // do validation on the fields - try { - newClient = validateSoftwareStatement(newClient); // need to handle the software statement first because it might override requested values - newClient = validateScopes(newClient); - newClient = validateResponseTypes(newClient); - newClient = validateGrantTypes(newClient); - newClient = validateRedirectUris(newClient); - newClient = validateAuth(newClient); - } catch (ValidationException ve) { - // validation failed, return an error - m.addAttribute(JsonErrorView.ERROR, ve.getError()); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, ve.getErrorDescription()); - m.addAttribute(HttpCodeView.CODE, ve.getStatus()); - return JsonErrorView.VIEWNAME; - } - - try { - // save the client - ClientDetailsEntity savedClient = clientService.updateClient(oldClient, newClient); - - OAuth2AccessTokenEntity token = rotateRegistrationTokenIfNecessary(auth, savedClient); - - RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); - - // send it all out to the view - m.addAttribute("client", registered); - m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 - - return ClientInformationResponseView.VIEWNAME; - } catch (IllegalArgumentException e) { - logger.error("Couldn't save client", e); - - m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - - return JsonErrorView.VIEWNAME; - } - } else { - // client mismatch - logger.error("updateClient failed, client ID mismatch: " - + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 - - return HttpCodeView.VIEWNAME; - } - } - - /** - * Delete the indicated client from the system. - * @param clientId - * @param m - * @param auth - * @return - */ - @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) - public String deleteClient(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { - - clientService.deleteClient(client); - - m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); // http 204 - - return HttpCodeView.VIEWNAME; - } else { - // client mismatch - logger.error("readClientConfiguration failed, client ID mismatch: " - + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 - - return HttpCodeView.VIEWNAME; - } - } - - private ClientDetailsEntity validateScopes(ClientDetailsEntity newClient) throws ValidationException { - // scopes that the client is asking for - Set requestedScopes = scopeService.fromStrings(newClient.getScope()); - - // the scopes that the client can have must be a subset of the dynamically allowed scopes - Set allowedScopes = scopeService.removeRestrictedAndReservedScopes(requestedScopes); - - // if the client didn't ask for any, give them the defaults - if (allowedScopes == null || allowedScopes.isEmpty()) { - allowedScopes = scopeService.getDefaults(); - } - - newClient.setScope(scopeService.toStrings(allowedScopes)); - - return newClient; - } - - private ClientDetailsEntity validateResponseTypes(ClientDetailsEntity newClient) throws ValidationException { - if (newClient.getResponseTypes() == null) { - newClient.setResponseTypes(new HashSet()); - } - return newClient; - } - - private ClientDetailsEntity validateGrantTypes(ClientDetailsEntity newClient) throws ValidationException { - // set default grant types if needed - if (newClient.getGrantTypes() == null || newClient.getGrantTypes().isEmpty()) { - if (newClient.getScope().contains("offline_access")) { // client asked for offline access - newClient.setGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authorization code and refresh token grant types by default - } else { - newClient.setGrantTypes(Sets.newHashSet("authorization_code")); // allow authorization code grant type by default - } - if (config.isDualClient()) { - Set extendedGrandTypes = newClient.getGrantTypes(); - extendedGrandTypes.add("client_credentials"); - newClient.setGrantTypes(extendedGrandTypes); - } - } - - // filter out unknown grant types - // TODO: make this a pluggable service - Set requestedGrantTypes = new HashSet<>(newClient.getGrantTypes()); - requestedGrantTypes.retainAll( - ImmutableSet.of("authorization_code", "implicit", - "password", "client_credentials", "refresh_token", - "urn:ietf:params:oauth:grant_type:redelegate")); - - // don't allow "password" grant type for dynamic registration - if (newClient.getGrantTypes().contains("password")) { - // return an error, you can't dynamically register for the password grant - throw new ValidationException("invalid_client_metadata", "The password grant type is not allowed in dynamic registration on this server.", HttpStatus.BAD_REQUEST); - } - - // don't allow clients to have multiple incompatible grant types and scopes - if (newClient.getGrantTypes().contains("authorization_code")) { - - // check for incompatible grants - if (newClient.getGrantTypes().contains("implicit") || - (!config.isDualClient() && newClient.getGrantTypes().contains("client_credentials"))) { - // return an error, you can't have these grant types together - throw new ValidationException("invalid_client_metadata", "Incompatible grant types requested: " + newClient.getGrantTypes(), HttpStatus.BAD_REQUEST); - } - - if (newClient.getResponseTypes().contains("token")) { - // return an error, you can't have this grant type and response type together - throw new ValidationException("invalid_client_metadata", "Incompatible response types requested: " + newClient.getGrantTypes() + " / " + newClient.getResponseTypes(), HttpStatus.BAD_REQUEST); - } - - newClient.getResponseTypes().add("code"); - } - - if (newClient.getGrantTypes().contains("implicit")) { - - // check for incompatible grants - if (newClient.getGrantTypes().contains("authorization_code") || - (!config.isDualClient() && newClient.getGrantTypes().contains("client_credentials"))) { - // return an error, you can't have these grant types together - throw new ValidationException("invalid_client_metadata", "Incompatible grant types requested: " + newClient.getGrantTypes(), HttpStatus.BAD_REQUEST); - } - - if (newClient.getResponseTypes().contains("code")) { - // return an error, you can't have this grant type and response type together - throw new ValidationException("invalid_client_metadata", "Incompatible response types requested: " + newClient.getGrantTypes() + " / " + newClient.getResponseTypes(), HttpStatus.BAD_REQUEST); - } - - newClient.getResponseTypes().add("token"); - - // don't allow refresh tokens in implicit clients - newClient.getGrantTypes().remove("refresh_token"); - newClient.getScope().remove(SystemScopeService.OFFLINE_ACCESS); - } - - if (newClient.getGrantTypes().contains("client_credentials")) { - - // check for incompatible grants - if (!config.isDualClient() && - (newClient.getGrantTypes().contains("authorization_code") || newClient.getGrantTypes().contains("implicit"))) { - // return an error, you can't have these grant types together - throw new ValidationException("invalid_client_metadata", "Incompatible grant types requested: " + newClient.getGrantTypes(), HttpStatus.BAD_REQUEST); - } - - if (!newClient.getResponseTypes().isEmpty()) { - // return an error, you can't have this grant type and response type together - throw new ValidationException("invalid_client_metadata", "Incompatible response types requested: " + newClient.getGrantTypes() + " / " + newClient.getResponseTypes(), HttpStatus.BAD_REQUEST); - } - - // don't allow refresh tokens or id tokens in client_credentials clients - newClient.getGrantTypes().remove("refresh_token"); - newClient.getScope().remove(SystemScopeService.OFFLINE_ACCESS); - newClient.getScope().remove(SystemScopeService.OPENID_SCOPE); - } - - if (newClient.getGrantTypes().isEmpty()) { - // return an error, you need at least one grant type selected - throw new ValidationException("invalid_client_metadata", "Clients must register at least one grant type.", HttpStatus.BAD_REQUEST); - } - return newClient; - } - - private ClientDetailsEntity validateRedirectUris(ClientDetailsEntity newClient) throws ValidationException { - // check to make sure this client registered a redirect URI if using a redirect flow - if (newClient.getGrantTypes().contains("authorization_code") || newClient.getGrantTypes().contains("implicit")) { - if (newClient.getRedirectUris() == null || newClient.getRedirectUris().isEmpty()) { - // return an error - throw new ValidationException("invalid_redirect_uri", "Clients using a redirect-based grant type must register at least one redirect URI.", HttpStatus.BAD_REQUEST); - } - - for (String uri : newClient.getRedirectUris()) { - if (blacklistService.isBlacklisted(uri)) { - // return an error - throw new ValidationException("invalid_redirect_uri", "Redirect URI is not allowed: " + uri, HttpStatus.BAD_REQUEST); - } - - if (uri.contains("#")) { - // if it contains the hash symbol then it has a fragment, which isn't allowed - throw new ValidationException("invalid_redirect_uri", "Redirect URI can not have a fragment", HttpStatus.BAD_REQUEST); - } - } - } - - return newClient; - } - - private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { - if (newClient.getTokenEndpointAuthMethod() == null) { - newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); - } - - if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || - newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || - newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { - - if (Strings.isNullOrEmpty(newClient.getClientSecret())) { - // no secret yet, we need to generate a secret - newClient = clientService.generateClientSecret(newClient); - } - } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { - if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { - throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); - } - - newClient.setClientSecret(null); - } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { - newClient.setClientSecret(null); - } else { - throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); - } - return newClient; - } - - - /** - * @param newClient - * @return - * @throws ValidationException - */ - private ClientDetailsEntity validateSoftwareStatement(ClientDetailsEntity newClient) throws ValidationException { - if (newClient.getSoftwareStatement() != null) { - if (assertionValidator.isValid(newClient.getSoftwareStatement())) { - // we have a software statement and its envelope passed all the checks from our validator - - // swap out all of the client's fields for the associated parts of the software statement - try { - JWTClaimsSet claimSet = newClient.getSoftwareStatement().getJWTClaimsSet(); - for (String claim : claimSet.getClaims().keySet()) { - switch (claim) { - case SOFTWARE_STATEMENT: - throw new ValidationException("invalid_client_metadata", "Software statement can't include another software statement", HttpStatus.BAD_REQUEST); - case CLAIMS_REDIRECT_URIS: - newClient.setClaimsRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case CLIENT_SECRET_EXPIRES_AT: - throw new ValidationException("invalid_client_metadata", "Software statement can't include a client secret expiration time", HttpStatus.BAD_REQUEST); - case CLIENT_ID_ISSUED_AT: - throw new ValidationException("invalid_client_metadata", "Software statement can't include a client ID issuance time", HttpStatus.BAD_REQUEST); - case REGISTRATION_CLIENT_URI: - throw new ValidationException("invalid_client_metadata", "Software statement can't include a client configuration endpoint", HttpStatus.BAD_REQUEST); - case REGISTRATION_ACCESS_TOKEN: - throw new ValidationException("invalid_client_metadata", "Software statement can't include a client registration access token", HttpStatus.BAD_REQUEST); - case REQUEST_URIS: - newClient.setRequestUris(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case POST_LOGOUT_REDIRECT_URIS: - newClient.setPostLogoutRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case INITIATE_LOGIN_URI: - newClient.setInitiateLoginUri(claimSet.getStringClaim(claim)); - break; - case DEFAULT_ACR_VALUES: - newClient.setDefaultACRvalues(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case REQUIRE_AUTH_TIME: - newClient.setRequireAuthTime(claimSet.getBooleanClaim(claim)); - break; - case DEFAULT_MAX_AGE: - newClient.setDefaultMaxAge(claimSet.getIntegerClaim(claim)); - break; - case TOKEN_ENDPOINT_AUTH_SIGNING_ALG: - newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case ID_TOKEN_ENCRYPTED_RESPONSE_ENC: - newClient.setIdTokenEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim))); - break; - case ID_TOKEN_ENCRYPTED_RESPONSE_ALG: - newClient.setIdTokenEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case ID_TOKEN_SIGNED_RESPONSE_ALG: - newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case USERINFO_ENCRYPTED_RESPONSE_ENC: - newClient.setUserInfoEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim))); - break; - case USERINFO_ENCRYPTED_RESPONSE_ALG: - newClient.setUserInfoEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case USERINFO_SIGNED_RESPONSE_ALG: - newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case REQUEST_OBJECT_SIGNING_ALG: - newClient.setRequestObjectSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); - break; - case SUBJECT_TYPE: - newClient.setSubjectType(SubjectType.getByValue(claimSet.getStringClaim(claim))); - break; - case SECTOR_IDENTIFIER_URI: - newClient.setSectorIdentifierUri(claimSet.getStringClaim(claim)); - break; - case APPLICATION_TYPE: - newClient.setApplicationType(AppType.getByValue(claimSet.getStringClaim(claim))); - break; - case JWKS_URI: - newClient.setJwksUri(claimSet.getStringClaim(claim)); - break; - case JWKS: - newClient.setJwks(JWKSet.parse(claimSet.getJSONObjectClaim(claim).toJSONString())); - break; - case POLICY_URI: - newClient.setPolicyUri(claimSet.getStringClaim(claim)); - break; - case RESPONSE_TYPES: - newClient.setResponseTypes(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case GRANT_TYPES: - newClient.setGrantTypes(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case SCOPE: - newClient.setScope(OAuth2Utils.parseParameterList(claimSet.getStringClaim(claim))); - break; - case TOKEN_ENDPOINT_AUTH_METHOD: - newClient.setTokenEndpointAuthMethod(AuthMethod.getByValue(claimSet.getStringClaim(claim))); - break; - case TOS_URI: - newClient.setTosUri(claimSet.getStringClaim(claim)); - break; - case CONTACTS: - newClient.setContacts(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case LOGO_URI: - newClient.setLogoUri(claimSet.getStringClaim(claim)); - break; - case CLIENT_URI: - newClient.setClientUri(claimSet.getStringClaim(claim)); - break; - case CLIENT_NAME: - newClient.setClientName(claimSet.getStringClaim(claim)); - break; - case REDIRECT_URIS: - newClient.setRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim))); - break; - case CLIENT_SECRET: - throw new ValidationException("invalid_client_metadata", "Software statement can't contain client secret", HttpStatus.BAD_REQUEST); - case CLIENT_ID: - throw new ValidationException("invalid_client_metadata", "Software statement can't contain client ID", HttpStatus.BAD_REQUEST); - - default: - logger.warn("Software statement contained unknown field: " + claim + " with value " + claimSet.getClaim(claim)); - break; - } - } - - return newClient; - } catch (ParseException e) { - throw new ValidationException("invalid_client_metadata", "Software statement claims didn't parse", HttpStatus.BAD_REQUEST); - } - } else { - throw new ValidationException("invalid_client_metadata", "Software statement rejected by validator", HttpStatus.BAD_REQUEST); - } - } else { - // nothing to see here, carry on - return newClient; - } - - } - - - /* - * Rotates the registration token if it's expired, otherwise returns it - */ - private OAuth2AccessTokenEntity rotateRegistrationTokenIfNecessary(OAuth2Authentication auth, ClientDetailsEntity client) { - - OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); - OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); - - if (config.getRegTokenLifeTime() != null) { - - try { - // Re-issue the token if it has been issued before [currentTime - validity] - Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000); - if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) { - logger.info("Rotating the registration access token for " + client.getClientId()); - tokenService.revokeAccessToken(token); - OAuth2AccessTokenEntity newToken = connectTokenService.createRegistrationAccessToken(client); - tokenService.saveAccessToken(newToken); - return newToken; - } else { - // it's not expired, keep going - return token; - } - } catch (ParseException e) { - logger.error("Couldn't parse a known-valid token?", e); - return token; - } - } else { - // tokens don't expire, just return it - return token; - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/EndSessionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/EndSessionEndpoint.java deleted file mode 100644 index 26055501a4..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/EndSessionEndpoint.java +++ /dev/null @@ -1,197 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.openid.connect.web; - -import java.text.ParseException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.mitre.jwt.assertion.AssertionValidator; -import org.mitre.jwt.assertion.impl.SelfAssertionValidator; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.UserInfoService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.util.UriComponents; -import org.springframework.web.util.UriComponentsBuilder; -import org.springframework.web.util.UriUtils; - -import com.google.common.base.Strings; -import com.google.common.collect.Iterables; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.JWTParser; - -/** - * Implementation of the End Session Endpoint from OIDC session management - * - * @author jricher - * - */ -@Controller -public class EndSessionEndpoint { - - public static final String URL = "endsession"; - - private static final String CLIENT_KEY = "client"; - private static final String STATE_KEY = "state"; - private static final String REDIRECT_URI_KEY = "redirectUri"; - - private static Logger logger = LoggerFactory.getLogger(EndSessionEndpoint.class); - - @Autowired - private SelfAssertionValidator validator; - - @Autowired - private UserInfoService userInfoService; - - @Autowired - private ClientDetailsEntityService clientService; - - @RequestMapping(value = "/" + URL, method = RequestMethod.GET) - public String endSession(@RequestParam (value = "id_token_hint", required = false) String idTokenHint, - @RequestParam (value = "post_logout_redirect_uri", required = false) String postLogoutRedirectUri, - @RequestParam (value = STATE_KEY, required = false) String state, - HttpServletRequest request, - HttpServletResponse response, - HttpSession session, - Authentication auth, Model m) { - - // conditionally filled variables - JWTClaimsSet idTokenClaims = null; // pulled from the parsed and validated ID token - ClientDetailsEntity client = null; // pulled from ID token's audience field - - if (!Strings.isNullOrEmpty(postLogoutRedirectUri)) { - session.setAttribute(REDIRECT_URI_KEY, postLogoutRedirectUri); - } - if (!Strings.isNullOrEmpty(state)) { - session.setAttribute(STATE_KEY, state); - } - - // parse the ID token hint to see if it's valid - if (!Strings.isNullOrEmpty(idTokenHint)) { - try { - JWT idToken = JWTParser.parse(idTokenHint); - - if (validator.isValid(idToken)) { - // we issued this ID token, figure out who it's for - idTokenClaims = idToken.getJWTClaimsSet(); - - String clientId = Iterables.getOnlyElement(idTokenClaims.getAudience()); - - client = clientService.loadClientByClientId(clientId); - - // save a reference in the session for us to pick up later - //session.setAttribute("endSession_idTokenHint_claims", idTokenClaims); - session.setAttribute(CLIENT_KEY, client); - } - } catch (ParseException e) { - // it's not a valid ID token, ignore it - logger.debug("Invalid id token hint", e); - } catch (InvalidClientException e) { - // couldn't find the client, ignore it - logger.debug("Invalid client", e); - } - } - - // are we logged in or not? - if (auth == null || !request.isUserInRole("ROLE_USER")) { - // we're not logged in anyway, process the final redirect bits if needed - return processLogout(null, request, response, session, auth, m); - } else { - // we are logged in, need to prompt the user before we log out - - // see who the current user is - UserInfo ui = userInfoService.getByUsername(auth.getName()); - - if (idTokenClaims != null) { - String subject = idTokenClaims.getSubject(); - // see if the current user is the same as the one in the ID token - // TODO: should we do anything different in these cases? - if (!Strings.isNullOrEmpty(subject) && subject.equals(ui.getSub())) { - // it's the same user - } else { - // it's not the same user - } - } - - m.addAttribute("client", client); - m.addAttribute("idToken", idTokenClaims); - - // display the log out confirmation page - return "logoutConfirmation"; - } - } - - @RequestMapping(value = "/" + URL, method = RequestMethod.POST) - public String processLogout(@RequestParam(value = "approve", required = false) String approved, - HttpServletRequest request, - HttpServletResponse response, - HttpSession session, - Authentication auth, Model m) { - - String redirectUri = (String) session.getAttribute(REDIRECT_URI_KEY); - String state = (String) session.getAttribute(STATE_KEY); - ClientDetailsEntity client = (ClientDetailsEntity) session.getAttribute(CLIENT_KEY); - - if (!Strings.isNullOrEmpty(approved)) { - // use approved, perform the logout - if (auth != null){ - new SecurityContextLogoutHandler().logout(request, response, auth); - } - SecurityContextHolder.getContext().setAuthentication(null); - // TODO: hook into other logout post-processing - } - - // if the user didn't approve, don't log out but hit the landing page anyway for redirect as needed - - - - // if we have a client AND the client has post-logout redirect URIs - // registered AND the URI given is in that list, then... - if (!Strings.isNullOrEmpty(redirectUri) && - client != null && client.getPostLogoutRedirectUris() != null) { - - if (client.getPostLogoutRedirectUris().contains(redirectUri)) { - // TODO: future, add the redirect URI to the model for the display page for an interstitial - // m.addAttribute("redirectUri", postLogoutRedirectUri); - - UriComponents uri = UriComponentsBuilder.fromHttpUrl(redirectUri).queryParam("state", state).build(); - - return "redirect:" + uri; - } - } - - // otherwise, return to a nice post-logout landing page - return "postLogout"; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java deleted file mode 100644 index 0c102a5494..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java +++ /dev/null @@ -1,67 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.web; - -import java.util.Map; - -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.openid.connect.view.JWKSetView; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestMapping; - -import com.nimbusds.jose.jwk.JWK; - -@Controller -public class JWKSetPublishingEndpoint { - - public static final String URL = "jwk"; - - @Autowired - private JWTSigningAndValidationService jwtService; - - @RequestMapping(value = "/" + URL, produces = MediaType.APPLICATION_JSON_VALUE) - public String getJwk(Model m) { - - // map from key id to key - Map keys = jwtService.getAllPublicKeys(); - - // TODO: check if keys are empty, return a 404 here or just an empty list? - - m.addAttribute("keys", keys); - - return JWKSetView.VIEWNAME; - } - - /** - * @return the jwtService - */ - public JWTSigningAndValidationService getJwtService() { - return jwtService; - } - - /** - * @param jwtService the jwtService to set - */ - public void setJwtService(JWTSigningAndValidationService jwtService) { - this.jwtService = jwtService; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java deleted file mode 100644 index 5be40caa34..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java +++ /dev/null @@ -1,455 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.web; - -import java.io.UnsupportedEncodingException; -import java.text.ParseException; -import java.util.Date; -import java.util.HashSet; -import java.util.Set; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.RegisteredClient; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.exception.ValidationException; -import org.mitre.openid.connect.service.OIDCTokenService; -import org.mitre.openid.connect.view.ClientInformationResponseView; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.util.UriUtils; - -import com.google.common.base.Strings; -import com.google.gson.JsonSyntaxException; - -@Controller -@RequestMapping(value = ProtectedResourceRegistrationEndpoint.URL) -public class ProtectedResourceRegistrationEndpoint { - - /** - * - */ - public static final String URL = "resource"; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private OAuth2TokenEntityService tokenService; - - @Autowired - private SystemScopeService scopeService; - - @Autowired - private ConfigurationPropertiesBean config; - - @Autowired - private OIDCTokenService connectTokenService; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(ProtectedResourceRegistrationEndpoint.class); - - /** - * Create a new Client, issue a client ID, and create a registration access token. - * @param jsonString - * @param m - * @param p - * @return - */ - @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public String registerNewProtectedResource(@RequestBody String jsonString, Model m) { - - ClientDetailsEntity newClient = null; - try { - newClient = ClientDetailsEntityJsonProcessor.parse(jsonString); - } catch (JsonSyntaxException e) { - // bad parse - // didn't parse, this is a bad request - logger.error("registerNewProtectedResource failed; submitted JSON is malformed"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - return HttpCodeView.VIEWNAME; - } - - if (newClient != null) { - // it parsed! - - // - // Now do some post-processing consistency checks on it - // - - // clear out any spurious id/secret (clients don't get to pick) - newClient.setClientId(null); - newClient.setClientSecret(null); - - // do validation on the fields - try { - newClient = validateScopes(newClient); - newClient = validateAuth(newClient); - } catch (ValidationException ve) { - // validation failed, return an error - m.addAttribute(JsonErrorView.ERROR, ve.getError()); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, ve.getErrorDescription()); - m.addAttribute(HttpCodeView.CODE, ve.getStatus()); - return JsonErrorView.VIEWNAME; - } - - - // no grant types are allowed - newClient.setGrantTypes(new HashSet()); - newClient.setResponseTypes(new HashSet()); - newClient.setRedirectUris(new HashSet()); - - // don't issue tokens to this client - newClient.setAccessTokenValiditySeconds(0); - newClient.setIdTokenValiditySeconds(0); - newClient.setRefreshTokenValiditySeconds(0); - - // clear out unused fields - newClient.setDefaultACRvalues(new HashSet()); - newClient.setDefaultMaxAge(null); - newClient.setIdTokenEncryptedResponseAlg(null); - newClient.setIdTokenEncryptedResponseEnc(null); - newClient.setIdTokenSignedResponseAlg(null); - newClient.setInitiateLoginUri(null); - newClient.setPostLogoutRedirectUris(null); - newClient.setRequestObjectSigningAlg(null); - newClient.setRequireAuthTime(null); - newClient.setReuseRefreshToken(false); - newClient.setSectorIdentifierUri(null); - newClient.setSubjectType(null); - newClient.setUserInfoEncryptedResponseAlg(null); - newClient.setUserInfoEncryptedResponseEnc(null); - newClient.setUserInfoSignedResponseAlg(null); - - // this client has been dynamically registered (obviously) - newClient.setDynamicallyRegistered(true); - - // this client has access to the introspection endpoint - newClient.setAllowIntrospection(true); - - // now save it - try { - ClientDetailsEntity savedClient = clientService.saveNewClient(newClient); - - // generate the registration access token - OAuth2AccessTokenEntity token = connectTokenService.createResourceAccessToken(savedClient); - tokenService.saveAccessToken(token); - - // send it all out to the view - - RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); - m.addAttribute("client", registered); - m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201 - - return ClientInformationResponseView.VIEWNAME; - } catch (IllegalArgumentException e) { - logger.error("Couldn't save client", e); - - m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - - return JsonErrorView.VIEWNAME; - } - } else { - // didn't parse, this is a bad request - logger.error("registerNewClient failed; submitted JSON is malformed"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - - return HttpCodeView.VIEWNAME; - } - - } - - private ClientDetailsEntity validateScopes(ClientDetailsEntity newClient) throws ValidationException { - // scopes that the client is asking for - Set requestedScopes = scopeService.fromStrings(newClient.getScope()); - - // the scopes that the client can have must be a subset of the dynamically allowed scopes - Set allowedScopes = scopeService.removeRestrictedAndReservedScopes(requestedScopes); - - // if the client didn't ask for any, give them the defaults - if (allowedScopes == null || allowedScopes.isEmpty()) { - allowedScopes = scopeService.getDefaults(); - } - - newClient.setScope(scopeService.toStrings(allowedScopes)); - - return newClient; - } - - /** - * Get the meta information for a client. - * @param clientId - * @param m - * @param auth - * @return - */ - @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String readResourceConfiguration(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { - - // possibly update the token - OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, client); - - RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(client.getClientId(), "UTF-8")); - - // send it all out to the view - m.addAttribute("client", registered); - m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 - - return ClientInformationResponseView.VIEWNAME; - - } else { - // client mismatch - logger.error("readResourceConfiguration failed, client ID mismatch: " - + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 - - return HttpCodeView.VIEWNAME; - } - } - - /** - * Update the metainformation for a given client. - * @param clientId - * @param jsonString - * @param m - * @param auth - * @return - */ - @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) - public String updateProtectedResource(@PathVariable("id") String clientId, @RequestBody String jsonString, Model m, OAuth2Authentication auth) { - - - ClientDetailsEntity newClient = null; - try { - newClient = ClientDetailsEntityJsonProcessor.parse(jsonString); - } catch (JsonSyntaxException e) { - // bad parse - // didn't parse, this is a bad request - logger.error("updateProtectedResource failed; submitted JSON is malformed"); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - return HttpCodeView.VIEWNAME; - } - - ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); - - if (newClient != null && oldClient != null // we have an existing client and the new one parsed - && oldClient.getClientId().equals(auth.getOAuth2Request().getClientId()) // the client passed in the URI matches the one in the auth - && oldClient.getClientId().equals(newClient.getClientId()) // the client passed in the body matches the one in the URI - ) { - - // a client can't ask to update its own client secret to any particular value - newClient.setClientSecret(oldClient.getClientSecret()); - - newClient.setCreatedAt(oldClient.getCreatedAt()); - - // no grant types are allowed - newClient.setGrantTypes(new HashSet()); - newClient.setResponseTypes(new HashSet()); - newClient.setRedirectUris(new HashSet()); - - // don't issue tokens to this client - newClient.setAccessTokenValiditySeconds(0); - newClient.setIdTokenValiditySeconds(0); - newClient.setRefreshTokenValiditySeconds(0); - - // clear out unused fields - newClient.setDefaultACRvalues(new HashSet()); - newClient.setDefaultMaxAge(null); - newClient.setIdTokenEncryptedResponseAlg(null); - newClient.setIdTokenEncryptedResponseEnc(null); - newClient.setIdTokenSignedResponseAlg(null); - newClient.setInitiateLoginUri(null); - newClient.setPostLogoutRedirectUris(null); - newClient.setRequestObjectSigningAlg(null); - newClient.setRequireAuthTime(null); - newClient.setReuseRefreshToken(false); - newClient.setSectorIdentifierUri(null); - newClient.setSubjectType(null); - newClient.setUserInfoEncryptedResponseAlg(null); - newClient.setUserInfoEncryptedResponseEnc(null); - newClient.setUserInfoSignedResponseAlg(null); - - // this client has been dynamically registered (obviously) - newClient.setDynamicallyRegistered(true); - - // this client has access to the introspection endpoint - newClient.setAllowIntrospection(true); - - // do validation on the fields - try { - newClient = validateScopes(newClient); - newClient = validateAuth(newClient); - } catch (ValidationException ve) { - // validation failed, return an error - m.addAttribute(JsonErrorView.ERROR, ve.getError()); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, ve.getErrorDescription()); - m.addAttribute(HttpCodeView.CODE, ve.getStatus()); - return JsonErrorView.VIEWNAME; - } - - - try { - // save the client - ClientDetailsEntity savedClient = clientService.updateClient(oldClient, newClient); - - // possibly update the token - OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, savedClient); - - RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); - - // send it all out to the view - m.addAttribute("client", registered); - m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 - - return ClientInformationResponseView.VIEWNAME; - } catch (IllegalArgumentException e) { - logger.error("Couldn't save client", e); - - m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 - - return JsonErrorView.VIEWNAME; - } - } else { - // client mismatch - logger.error("updateProtectedResource" + - " failed, client ID mismatch: " - + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 - - return HttpCodeView.VIEWNAME; - } - } - - /** - * Delete the indicated client from the system. - * @param clientId - * @param m - * @param auth - * @return - */ - @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) - public String deleteResource(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { - - clientService.deleteClient(client); - - m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); // http 204 - - return HttpCodeView.VIEWNAME; - } else { - // client mismatch - logger.error("readClientConfiguration failed, client ID mismatch: " - + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 - - return HttpCodeView.VIEWNAME; - } - } - - private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { - if (newClient.getTokenEndpointAuthMethod() == null) { - newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); - } - - if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || - newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || - newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { - - if (Strings.isNullOrEmpty(newClient.getClientSecret())) { - // no secret yet, we need to generate a secret - newClient = clientService.generateClientSecret(newClient); - } - } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { - if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { - throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); - } - - newClient.setClientSecret(null); - } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { - newClient.setClientSecret(null); - } else { - throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); - } - return newClient; - } - - private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) { - - OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); - OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); - - if (config.getRegTokenLifeTime() != null) { - - try { - // Re-issue the token if it has been issued before [currentTime - validity] - Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000); - if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) { - logger.info("Rotating the registration access token for " + client.getClientId()); - tokenService.revokeAccessToken(token); - OAuth2AccessTokenEntity newToken = connectTokenService.createResourceAccessToken(client); - tokenService.saveAccessToken(newToken); - return newToken; - } else { - // it's not expired, keep going - return token; - } - } catch (ParseException e) { - logger.error("Couldn't parse a known-valid token?", e); - return token; - } - } else { - // tokens don't expire, just return it - return token; - } - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/RootController.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/RootController.java deleted file mode 100644 index 6f08be5e06..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/RootController.java +++ /dev/null @@ -1,78 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.web; - -import java.util.Map; - -import org.mitre.openid.connect.service.StatsService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.RequestMapping; - -/** - * @author Michael Jett - */ - -@Controller -public class RootController { - - public static final String API_URL = "api"; - - @Autowired - private StatsService statsService; - - @RequestMapping({"", "home", "index"}) - public String showHomePage(ModelMap m) { - return "home"; - } - - @RequestMapping({"about", "about/"}) - public String showAboutPage(ModelMap m) { - return "about"; - } - - @RequestMapping({"stats", "stats/"}) - public String showStatsPage(ModelMap m) { - Map summary = statsService.getSummaryStats(); - - m.put("statsSummary", summary); - return "stats"; - } - - @RequestMapping({"contact", "contact/"}) - public String showContactPage(ModelMap m) { - return "contact"; - } - - @PreAuthorize("hasRole('ROLE_USER')") - @RequestMapping("manage/**") - public String showClientManager(ModelMap m) { - return "manage"; - } - - public StatsService getStatsService() { - return statsService; - } - - public void setStatsService(StatsService statsService) { - this.statsService = statsService; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java deleted file mode 100644 index f16693613f..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java +++ /dev/null @@ -1,54 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.web; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.config.UIConfiguration; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; - -/** - * - * Injects the server configuration bean into the request context. - * This allows JSPs and the like to call "config.logoUrl" among others. - * - * @author jricher - * - */ -public class ServerConfigInterceptor extends HandlerInterceptorAdapter { - - @Autowired - private ConfigurationPropertiesBean config; - - @Autowired - private UIConfiguration ui; - - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - request.setAttribute("config", config); - request.setAttribute("ui", ui); - return true; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java deleted file mode 100644 index d090f77216..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java +++ /dev/null @@ -1,78 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.web; - -import java.util.Map; - -import org.mitre.openid.connect.model.ClientStat; -import org.mitre.openid.connect.service.StatsService; -import org.mitre.openid.connect.view.JsonEntityView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; - -@Controller -@RequestMapping("/" + StatsAPI.URL) -public class StatsAPI { - - public static final String URL = RootController.API_URL + "/stats"; - - // Logger for this class - private static final Logger logger = LoggerFactory.getLogger(StatsAPI.class); - - @Autowired - private StatsService statsService; - - @RequestMapping(value = "summary", produces = MediaType.APPLICATION_JSON_VALUE) - public String statsSummary(ModelMap m) { - - Map e = statsService.getSummaryStats(); - - m.put(JsonEntityView.ENTITY, e); - - return JsonEntityView.VIEWNAME; - - } - - // @PreAuthorize("hasRole('ROLE_USER')") - // @RequestMapping(value = "byclientid", produces = MediaType.APPLICATION_JSON_VALUE) - // public String statsByClient(ModelMap m) { - // Map e = statsService.getByClientId(); - // - // m.put(JsonEntityView.ENTITY, e); - // - // return JsonEntityView.VIEWNAME; - // } - // - @PreAuthorize("hasRole('ROLE_USER')") - @RequestMapping(value = "byclientid/{id}", produces = MediaType.APPLICATION_JSON_VALUE) - public String statsByClientId(@PathVariable("id") String clientId, ModelMap m) { - ClientStat e = statsService.getCountForClientId(clientId); - - m.put(JsonEntityView.ENTITY, e); - - return JsonEntityView.VIEWNAME; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java deleted file mode 100644 index 16950a0926..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ /dev/null @@ -1,143 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.web; - -import java.util.List; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.UserInfoService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.UserInfoJWTView; -import org.mitre.openid.connect.view.UserInfoView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestHeader; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; - -import com.google.common.base.Strings; - -/** - * OpenID Connect UserInfo endpoint, as specified in Standard sec 5 and Messages sec 2.4. - * - * @author AANGANES - * - */ -@Controller -@RequestMapping("/" + UserInfoEndpoint.URL) -public class UserInfoEndpoint { - - public static final String URL = "userinfo"; - - @Autowired - private UserInfoService userInfoService; - - @Autowired - private ClientDetailsEntityService clientService; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(UserInfoEndpoint.class); - - /** - * Get information about the user as specified in the accessToken included in this request - */ - @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('" + SystemScopeService.OPENID_SCOPE + "')") - @RequestMapping(method= {RequestMethod.GET, RequestMethod.POST}, produces = {MediaType.APPLICATION_JSON_VALUE, UserInfoJWTView.JOSE_MEDIA_TYPE_VALUE}) - public String getInfo(@RequestParam(value="claims", required=false) String claimsRequestJsonString, - @RequestHeader(value=HttpHeaders.ACCEPT, required=false) String acceptHeader, - OAuth2Authentication auth, Model model) { - - if (auth == null) { - logger.error("getInfo failed; no principal. Requester is not authorized."); - model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - - String username = auth.getName(); - UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, auth.getOAuth2Request().getClientId()); - - if (userInfo == null) { - logger.error("getInfo failed; user not found: " + username); - model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - model.addAttribute(UserInfoView.SCOPE, auth.getOAuth2Request().getScope()); - - model.addAttribute(UserInfoView.AUTHORIZED_CLAIMS, auth.getOAuth2Request().getExtensions().get("claims")); - - if (!Strings.isNullOrEmpty(claimsRequestJsonString)) { - model.addAttribute(UserInfoView.REQUESTED_CLAIMS, claimsRequestJsonString); - } - - model.addAttribute(UserInfoView.USER_INFO, userInfo); - - // content negotiation - - // start off by seeing if the client has registered for a signed/encrypted JWT from here - ClientDetailsEntity client = clientService.loadClientByClientId(auth.getOAuth2Request().getClientId()); - model.addAttribute(UserInfoJWTView.CLIENT, client); - - List mediaTypes = MediaType.parseMediaTypes(acceptHeader); - MediaType.sortBySpecificityAndQuality(mediaTypes); - - if (client.getUserInfoSignedResponseAlg() != null - || client.getUserInfoEncryptedResponseAlg() != null - || client.getUserInfoEncryptedResponseEnc() != null) { - // client has a preference, see if they ask for plain JSON specifically on this request - for (MediaType m : mediaTypes) { - if (!m.isWildcardType() && m.isCompatibleWith(UserInfoJWTView.JOSE_MEDIA_TYPE)) { - return UserInfoJWTView.VIEWNAME; - } else if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { - return UserInfoView.VIEWNAME; - } - } - - // otherwise return JWT - return UserInfoJWTView.VIEWNAME; - } else { - // client has no preference, see if they asked for JWT specifically on this request - for (MediaType m : mediaTypes) { - if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { - return UserInfoView.VIEWNAME; - } else if (!m.isWildcardType() && m.isCompatibleWith(UserInfoJWTView.JOSE_MEDIA_TYPE)) { - return UserInfoJWTView.VIEWNAME; - } - } - - // otherwise return JSON - return UserInfoView.VIEWNAME; - } - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java deleted file mode 100644 index 8450c88ce2..0000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ /dev/null @@ -1,212 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.web; - -import java.security.Principal; -import java.util.Collection; - -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.service.WhitelistedSiteService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.gson.Gson; -import com.google.gson.JsonObject; -import com.google.gson.JsonParseException; -import com.google.gson.JsonParser; - -/** - * @author jricher - * - */ -@Controller -@RequestMapping("/" + WhitelistAPI.URL) -@PreAuthorize("hasRole('ROLE_USER')") -public class WhitelistAPI { - - public static final String URL = RootController.API_URL + "/whitelist"; - - @Autowired - private WhitelistedSiteService whitelistService; - - /** - * Logger for this class - */ - private static final Logger logger = LoggerFactory.getLogger(WhitelistAPI.class); - - private Gson gson = new Gson(); - private JsonParser parser = new JsonParser(); - - /** - * Get a list of all whitelisted sites - * @param m - * @return - */ - @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getAllWhitelistedSites(ModelMap m) { - - Collection all = whitelistService.getAll(); - - m.put(JsonEntityView.ENTITY, all); - - return JsonEntityView.VIEWNAME; - } - - /** - * Create a new whitelisted site - * @param jsonString - * @param m - * @param p - * @return - */ - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public String addNewWhitelistedSite(@RequestBody String jsonString, ModelMap m, Principal p) { - - JsonObject json; - - WhitelistedSite whitelist = null; - try { - json = parser.parse(jsonString).getAsJsonObject(); - whitelist = gson.fromJson(json, WhitelistedSite.class); - - } catch (JsonParseException e) { - logger.error("addNewWhitelistedSite failed due to JsonParseException", e); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } catch (IllegalStateException e) { - logger.error("addNewWhitelistedSite failed due to IllegalStateException", e); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } - - // save the id of the person who created this - whitelist.setCreatorUserId(p.getName()); - - WhitelistedSite newWhitelist = whitelistService.saveNew(whitelist); - - m.put(JsonEntityView.ENTITY, newWhitelist); - - return JsonEntityView.VIEWNAME; - - } - - /** - * Update an existing whitelisted site - */ - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public String updateWhitelistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) { - - JsonObject json; - - WhitelistedSite whitelist = null; - try { - json = parser.parse(jsonString).getAsJsonObject(); - whitelist = gson.fromJson(json, WhitelistedSite.class); - - } catch (JsonParseException e) { - logger.error("updateWhitelistedSite failed due to JsonParseException", e); - m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } catch (IllegalStateException e) { - logger.error("updateWhitelistedSite failed due to IllegalStateException", e); - m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return JsonErrorView.VIEWNAME; - } - - WhitelistedSite oldWhitelist = whitelistService.getById(id); - - if (oldWhitelist == null) { - logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found."); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found."); - return JsonErrorView.VIEWNAME; - } else { - - WhitelistedSite newWhitelist = whitelistService.update(oldWhitelist, whitelist); - - m.put(JsonEntityView.ENTITY, newWhitelist); - - return JsonEntityView.VIEWNAME; - } - } - - /** - * Delete a whitelisted site - * - */ - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value="/{id}", method = RequestMethod.DELETE) - public String deleteWhitelistedSite(@PathVariable("id") Long id, ModelMap m) { - WhitelistedSite whitelist = whitelistService.getById(id); - - if (whitelist == null) { - logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found."); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found."); - return JsonErrorView.VIEWNAME; - } else { - m.put(HttpCodeView.CODE, HttpStatus.OK); - whitelistService.remove(whitelist); - } - - return HttpCodeView.VIEWNAME; - } - - /** - * Get a single whitelisted site - */ - @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getWhitelistedSite(@PathVariable("id") Long id, ModelMap m) { - WhitelistedSite whitelist = whitelistService.getById(id); - if (whitelist == null) { - logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found."); - m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put(JsonErrorView.ERROR_MESSAGE, "The requested whitelisted site with id " + id + "could not be found."); - return JsonErrorView.VIEWNAME; - } else { - - m.put(JsonEntityView.ENTITY, whitelist); - - return JsonEntityView.VIEWNAME; - } - - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/repository/impl/TestDatabaseConfiguration.java b/openid-connect-server/src/test/java/org/mitre/oauth2/repository/impl/TestDatabaseConfiguration.java deleted file mode 100644 index 51ab0f43c5..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/repository/impl/TestDatabaseConfiguration.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.mitre.oauth2.repository.impl; - -import static java.nio.charset.StandardCharsets.UTF_8; - -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Paths; -import java.util.HashMap; -import java.util.Map; - -import javax.persistence.EntityManagerFactory; -import javax.sql.DataSource; - -import org.springframework.beans.factory.FactoryBean; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.core.io.ByteArrayResource; -import org.springframework.core.io.DefaultResourceLoader; -import org.springframework.core.io.Resource; -import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder; -import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType; -import org.springframework.orm.jpa.JpaTransactionManager; -import org.springframework.orm.jpa.JpaVendorAdapter; -import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean; -import org.springframework.orm.jpa.vendor.Database; -import org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter; -import org.springframework.transaction.PlatformTransactionManager; - -public class TestDatabaseConfiguration { - - @Autowired - private JpaVendorAdapter jpaAdapter; - - @Autowired - private DataSource dataSource; - - @Autowired - private EntityManagerFactory entityManagerFactory; - - @Bean - public JpaOAuth2TokenRepository repository() { - return new JpaOAuth2TokenRepository(); - } - - @Bean(name = "defaultPersistenceUnit") - public FactoryBean entityManagerFactory() { - LocalContainerEntityManagerFactoryBean factory = new LocalContainerEntityManagerFactoryBean(); - factory.setPackagesToScan("org.mitre", "org.mitre"); - factory.setPersistenceProviderClass(org.eclipse.persistence.jpa.PersistenceProvider.class); - factory.setPersistenceUnitName("test" + System.currentTimeMillis()); - factory.setDataSource(dataSource); - factory.setJpaVendorAdapter(jpaAdapter); - Map jpaProperties = new HashMap(); - jpaProperties.put("eclipselink.weaving", "false"); - jpaProperties.put("eclipselink.logging.level", "INFO"); - jpaProperties.put("eclipselink.logging.level.sql", "INFO"); - jpaProperties.put("eclipselink.cache.shared.default", "false"); - factory.setJpaPropertyMap(jpaProperties); - - return factory; - } - - @Bean - public DataSource dataSource() { - return new EmbeddedDatabaseBuilder(new DefaultResourceLoader() { - @Override - public Resource getResource(String location) { - String sql; - try { - sql = new String(Files.readAllBytes(Paths.get("..", "openid-connect-server-webapp", "src", "main", - "resources", "db", "hsql", location)), UTF_8); - } catch (IOException e) { - throw new RuntimeException("Failed to read sql-script " + location, e); - } - - return new ByteArrayResource(sql.getBytes(UTF_8)); - } - }).generateUniqueName(true).setScriptEncoding(UTF_8.name()).setType(EmbeddedDatabaseType.HSQL) - .addScripts("hsql_database_tables.sql").build(); - } - - @Bean - public JpaVendorAdapter jpaAdapter() { - EclipseLinkJpaVendorAdapter adapter = new EclipseLinkJpaVendorAdapter(); - adapter.setDatabase(Database.HSQL); - adapter.setShowSql(true); - return adapter; - } - - @Bean - public PlatformTransactionManager transactionManager() { - JpaTransactionManager platformTransactionManager = new JpaTransactionManager(); - platformTransactionManager.setEntityManagerFactory(entityManagerFactory); - return platformTransactionManager; - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/repository/impl/TestJpaOAuth2TokenRepository.java b/openid-connect-server/src/test/java/org/mitre/oauth2/repository/impl/TestJpaOAuth2TokenRepository.java deleted file mode 100644 index 4ad4b355cc..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/repository/impl/TestJpaOAuth2TokenRepository.java +++ /dev/null @@ -1,107 +0,0 @@ -package org.mitre.oauth2.repository.impl; - -import static org.junit.Assert.assertEquals; - -import java.util.Set; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.SavedUserAuthentication; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringRunner; -import org.springframework.transaction.annotation.Transactional; - -@RunWith(SpringRunner.class) -@ContextConfiguration(classes = { TestDatabaseConfiguration.class }) -@Transactional -public class TestJpaOAuth2TokenRepository { - - @Autowired - private JpaOAuth2TokenRepository repository; - - @PersistenceContext - private EntityManager entityManager; - - @Before - public void setUp(){ - createAccessToken("user1"); - createAccessToken("user1"); - createAccessToken("user2"); - createAccessToken("user2"); - - createRefreshToken("user1"); - createRefreshToken("user1"); - createRefreshToken("user2"); - createRefreshToken("user2"); - createRefreshToken("user2"); - } - - @Test - public void testGetAccessTokensByUserName() { - Set tokens = repository.getAccessTokensByUserName("user1"); - assertEquals(2, tokens.size()); - assertEquals("user1", tokens.iterator().next().getAuthenticationHolder().getUserAuth().getName()); - } - - @Test - public void testGetRefreshTokensByUserName() { - Set tokens = repository.getRefreshTokensByUserName("user2"); - assertEquals(3, tokens.size()); - assertEquals("user2", tokens.iterator().next().getAuthenticationHolder().getUserAuth().getName()); - } - - @Test - public void testGetAllAccessTokens(){ - Set tokens = repository.getAllAccessTokens(); - assertEquals(4, tokens.size()); - } - - @Test - public void testGetAllRefreshTokens(){ - Set tokens = repository.getAllRefreshTokens(); - assertEquals(5, tokens.size()); - } - - private OAuth2AccessTokenEntity createAccessToken(String name) { - SavedUserAuthentication userAuth = new SavedUserAuthentication(); - userAuth.setName(name); - userAuth = entityManager.merge(userAuth); - - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setUserAuth(userAuth); - authHolder = entityManager.merge(authHolder); - - OAuth2AccessTokenEntity accessToken = new OAuth2AccessTokenEntity(); - accessToken.setAuthenticationHolder(authHolder); - - accessToken = entityManager.merge(accessToken); - - return accessToken; - } - - private OAuth2RefreshTokenEntity createRefreshToken(String name) { - SavedUserAuthentication userAuth = new SavedUserAuthentication(); - userAuth.setName(name); - userAuth = entityManager.merge(userAuth); - - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setUserAuth(userAuth); - authHolder = entityManager.merge(authHolder); - - OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); - refreshToken.setAuthenticationHolder(authHolder); - - refreshToken = entityManager.merge(refreshToken); - - return refreshToken; - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java deleted file mode 100644 index 3698ec9e05..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java +++ /dev/null @@ -1,157 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.oauth2.service.impl; - -import static org.mockito.Matchers.anyString; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.service.BlacklistedSiteService; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.runners.MockitoJUnitRunner; -import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; -import org.springframework.security.oauth2.provider.ClientDetails; - -import com.google.common.collect.ImmutableSet; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; - -import static org.mockito.Mockito.when; - -import static org.junit.Assert.assertThat; - -/** - * @author jricher - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestBlacklistAwareRedirectResolver { - - @Mock - private BlacklistedSiteService blacklistService; - - @Mock - private ClientDetails client; - - @Mock - private ConfigurationPropertiesBean config; - - @InjectMocks - private BlacklistAwareRedirectResolver resolver; - - private String blacklistedUri = "https://evil.example.com/"; - - private String goodUri = "https://good.example.com/"; - - private String pathUri = "https://good.example.com/with/path"; - - /** - * @throws java.lang.Exception - */ - @Before - public void setUp() throws Exception { - - when(blacklistService.isBlacklisted(anyString())).thenReturn(false); - when(blacklistService.isBlacklisted(blacklistedUri)).thenReturn(true); - - when(client.getAuthorizedGrantTypes()).thenReturn(ImmutableSet.of("authorization_code")); - when(client.getRegisteredRedirectUri()).thenReturn(ImmutableSet.of(goodUri, blacklistedUri)); - - when(config.isHeartMode()).thenReturn(false); - } - - @Test - public void testResolveRedirect_safe() { - - // default uses prefix matching, the first one should work fine - - String res1 = resolver.resolveRedirect(goodUri, client); - - assertThat(res1, is(equalTo(goodUri))); - - // set the resolver to non-strict and test the path-based redirect resolution - - resolver.setStrictMatch(false); - - String res2 = resolver.resolveRedirect(pathUri, client); - - assertThat(res2, is(equalTo(pathUri))); - - - } - - @Test(expected = InvalidRequestException.class) - public void testResolveRedirect_blacklisted() { - - // this should fail with an error - resolver.resolveRedirect(blacklistedUri, client); - - } - - @Test - public void testRedirectMatches_default() { - - // this is not an exact match - boolean res1 = resolver.redirectMatches(pathUri, goodUri); - - assertThat(res1, is(false)); - - // this is an exact match - boolean res2 = resolver.redirectMatches(goodUri, goodUri); - - assertThat(res2, is(true)); - - } - - @Test - public void testRedirectMatches_nonstrict() { - - // set the resolver to non-strict match mode - resolver.setStrictMatch(false); - - // this is not an exact match (but that's OK) - boolean res1 = resolver.redirectMatches(pathUri, goodUri); - - assertThat(res1, is(true)); - - // this is an exact match - boolean res2 = resolver.redirectMatches(goodUri, goodUri); - - assertThat(res2, is(true)); - - } - - @Test - public void testHeartMode() { - when(config.isHeartMode()).thenReturn(true); - - // this is not an exact match - boolean res1 = resolver.redirectMatches(pathUri, goodUri); - - assertThat(res1, is(false)); - - // this is an exact match - boolean res2 = resolver.redirectMatches(goodUri, goodUri); - - assertThat(res2, is(true)); - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java deleted file mode 100644 index 423cab6da0..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java +++ /dev/null @@ -1,362 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service.impl; - -import static com.google.common.collect.Sets.newHashSet; -import static org.mockito.BDDMockito.given; - -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Map; -import java.util.Set; - -import javax.swing.text.DateFormatter; - -import org.junit.Test; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.service.IntrospectionResultAssembler; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.uma.model.Permission; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; - -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; - -import static org.mockito.Mockito.RETURNS_DEEP_STUBS; -import static org.mockito.Mockito.mock; - -import static org.junit.Assert.assertThat; - -public class TestDefaultIntrospectionResultAssembler { - - private IntrospectionResultAssembler assembler = new DefaultIntrospectionResultAssembler(); - - private static DateFormatter dateFormat = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")); - - @Test - public void shouldAssembleExpectedResultForAccessToken() throws ParseException { - - // given - OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer", - oauth2AuthenticationWithUser(oauth2Request("clientId"), "name")); - - UserInfo userInfo = userInfo("sub"); - - Set authScopes = scopes("foo", "bar", "baz"); - - // when - Map result = assembler.assembleFrom(accessToken, userInfo, authScopes); - - - // then - Map expected = new ImmutableMap.Builder() - .put("sub", "sub") - .put("exp", 123L) - .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) - .put("scope", "bar foo") - .put("active", Boolean.TRUE) - .put("user_id", "name") - .put("client_id", "clientId") - .put("token_type", "Bearer") - .build(); - assertThat(result, is(equalTo(expected))); - } - - @Test - public void shouldAssembleExpectedResultForAccessToken_withPermissions() throws ParseException { - - // given - OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), - permissions(permission(1L, "foo", "bar")), - "Bearer", oauth2AuthenticationWithUser(oauth2Request("clientId"), "name")); - - UserInfo userInfo = userInfo("sub"); - - Set authScopes = scopes("foo", "bar", "baz"); - - // when - Map result = assembler.assembleFrom(accessToken, userInfo, authScopes); - - - // then - Map expected = new ImmutableMap.Builder() - .put("sub", "sub") - .put("exp", 123L) - .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) - .put("permissions", new ImmutableSet.Builder<>() - .add(new ImmutableMap.Builder() - .put("resource_set_id", "1") // note that the resource ID comes out as a string - .put("scopes", new ImmutableSet.Builder<>() - .add("bar") - .add("foo") - .build()) - .build()) - .build()) - // note that scopes are not included if permissions are included - .put("active", Boolean.TRUE) - .put("user_id", "name") - .put("client_id", "clientId") - .put("token_type", "Bearer") - .build(); - assertThat(result, is(equalTo(expected))); - } - - @Test - public void shouldAssembleExpectedResultForAccessTokenWithoutUserInfo() throws ParseException { - - // given - OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer", - oauth2AuthenticationWithUser(oauth2Request("clientId"), "name")); - - Set authScopes = scopes("foo", "bar", "baz"); - - // when - Map result = assembler.assembleFrom(accessToken, null, authScopes); - - - // then - Map expected = new ImmutableMap.Builder() - .put("sub", "name") - .put("exp", 123L) - .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) - .put("scope", "bar foo") - .put("active", Boolean.TRUE) - .put("user_id", "name") - .put("client_id", "clientId") - .put("token_type", "Bearer") - .build(); - assertThat(result, is(equalTo(expected))); - } - - @Test - public void shouldAssembleExpectedResultForAccessTokenWithoutExpiry() { - - // given - OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), null, "Bearer", - oauth2AuthenticationWithUser(oauth2Request("clientId"), "name")); - - UserInfo userInfo = userInfo("sub"); - - Set authScopes = scopes("foo", "bar", "baz"); - - // when - Map result = assembler.assembleFrom(accessToken, userInfo, authScopes); - - - // then - Map expected = new ImmutableMap.Builder() - .put("sub", "sub") - .put("scope", "bar foo") - .put("active", Boolean.TRUE) - .put("user_id", "name") - .put("client_id", "clientId") - .put("token_type", "Bearer") - .build(); - assertThat(result, is(equalTo(expected))); - } - - @Test - public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException { - // given - OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer", - oauth2Authentication(oauth2Request("clientId"), null)); - - Set authScopes = scopes("foo", "bar", "baz"); - - // when - Map result = assembler.assembleFrom(accessToken, null, authScopes); - - - // then `user_id` should not be present - Map expected = new ImmutableMap.Builder() - .put("sub", "clientId") - .put("exp", 123L) - .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) - .put("scope", "bar foo") - .put("active", Boolean.TRUE) - .put("client_id", "clientId") - .put("token_type", "Bearer") - .build(); - assertThat(result, is(equalTo(expected))); - } - - @Test - public void shouldAssembleExpectedResultForRefreshToken() throws ParseException { - - // given - OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123 * 1000L), - oauth2AuthenticationWithUser(oauth2Request("clientId", scopes("foo", "bar")), "name")); - - UserInfo userInfo = userInfo("sub"); - - Set authScopes = scopes("foo", "bar", "baz"); - - // when - Map result = assembler.assembleFrom(refreshToken, userInfo, authScopes); - - - // then - Map expected = new ImmutableMap.Builder() - .put("sub", "sub") - .put("exp", 123L) - .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) - .put("scope", "bar foo") - .put("active", Boolean.TRUE) - .put("user_id", "name") - .put("client_id", "clientId") - .build(); - assertThat(result, is(equalTo(expected))); - } - - @Test - public void shouldAssembleExpectedResultForRefreshTokenWithoutUserInfo() throws ParseException { - - // given - OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123 * 1000L), - oauth2AuthenticationWithUser(oauth2Request("clientId", scopes("foo", "bar")), "name")); - - Set authScopes = scopes("foo", "bar", "baz"); - - // when - Map result = assembler.assembleFrom(refreshToken, null, authScopes); - - - // then - Map expected = new ImmutableMap.Builder() - .put("sub", "name") - .put("exp", 123L) - .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) - .put("scope", "bar foo") - .put("active", Boolean.TRUE) - .put("user_id", "name") - .put("client_id", "clientId") - .build(); - assertThat(result, is(equalTo(expected))); - } - - @Test - public void shouldAssembleExpectedResultForRefreshTokenWithoutExpiry() { - - // given - OAuth2RefreshTokenEntity refreshToken = refreshToken(null, - oauth2AuthenticationWithUser(oauth2Request("clientId", scopes("foo", "bar")), "name")); - - UserInfo userInfo = userInfo("sub"); - - Set authScopes = scopes("foo", "bar", "baz"); - - // when - Map result = assembler.assembleFrom(refreshToken, userInfo, authScopes); - - - // then - Map expected = new ImmutableMap.Builder() - .put("sub", "sub") - .put("scope", "bar foo") - .put("active", Boolean.TRUE) - .put("user_id", "name") - .put("client_id", "clientId") - .build(); - assertThat(result, is(equalTo(expected))); - } - - @Test - public void shouldAssembleExpectedResultForRefreshTokenWithoutUserAuthentication() throws ParseException { - // given - OAuth2RefreshTokenEntity refreshToken = refreshToken(null, - oauth2Authentication(oauth2Request("clientId", scopes("foo", "bar")), null)); - - Set authScopes = scopes("foo", "bar", "baz"); - - // when - Map result = assembler.assembleFrom(refreshToken, null, authScopes); - - - // then `user_id` should not be present - Map expected = new ImmutableMap.Builder() - .put("sub", "clientId") - .put("scope", "bar foo") - .put("active", Boolean.TRUE) - .put("client_id", "clientId") - .build(); - assertThat(result, is(equalTo(expected))); - } - - - - private UserInfo userInfo(String sub) { - UserInfo userInfo = mock(UserInfo.class); - given(userInfo.getSub()).willReturn(sub); - return userInfo; - } - - private OAuth2AccessTokenEntity accessToken(Date exp, Set scopes, Set permissions, String tokenType, OAuth2Authentication authentication) { - OAuth2AccessTokenEntity accessToken = mock(OAuth2AccessTokenEntity.class, RETURNS_DEEP_STUBS); - given(accessToken.getExpiration()).willReturn(exp); - given(accessToken.getScope()).willReturn(scopes); - given(accessToken.getPermissions()).willReturn(permissions); - given(accessToken.getTokenType()).willReturn(tokenType); - given(accessToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication); - return accessToken; - } - - private OAuth2RefreshTokenEntity refreshToken(Date exp, OAuth2Authentication authentication) { - OAuth2RefreshTokenEntity refreshToken = mock(OAuth2RefreshTokenEntity.class, RETURNS_DEEP_STUBS); - given(refreshToken.getExpiration()).willReturn(exp); - given(refreshToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication); - return refreshToken; - } - - private OAuth2Authentication oauth2AuthenticationWithUser(OAuth2Request request, String username) { - UsernamePasswordAuthenticationToken userAuthentication = new UsernamePasswordAuthenticationToken(username, "somepassword"); - return oauth2Authentication(request, userAuthentication); - } - - private OAuth2Authentication oauth2Authentication(OAuth2Request request, Authentication userAuthentication) { - return new OAuth2Authentication(request, userAuthentication); - } - - private OAuth2Request oauth2Request(String clientId) { - return oauth2Request(clientId, null); - } - - private OAuth2Request oauth2Request(String clientId, Set scopes) { - return new OAuth2Request(null, clientId, null, true, scopes, null, null, null, null); - } - - private Set scopes(String... scopes) { - return newHashSet(scopes); - } - - private Set permissions(Permission... permissions) { - return newHashSet(permissions); - } - - private Permission permission(Long resourceSetId, String... scopes) { - Permission permission = mock(Permission.class, RETURNS_DEEP_STUBS); - given(permission.getResourceSet().getId()).willReturn(resourceSetId); - given(permission.getScopes()).willReturn(scopes(scopes)); - return permission; - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java deleted file mode 100644 index 6ec31ca806..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java +++ /dev/null @@ -1,632 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service.impl; - -import java.util.HashSet; -import java.util.LinkedHashSet; -import java.util.Set; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.service.ApprovedSiteService; -import org.mitre.openid.connect.service.BlacklistedSiteService; -import org.mitre.openid.connect.service.StatsService; -import org.mitre.openid.connect.service.WhitelistedSiteService; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.service.ResourceSetService; -import org.mockito.AdditionalAnswers; -import org.mockito.InjectMocks; -import org.mockito.Matchers; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.runners.MockitoJUnitRunner; -import org.mockito.stubbing.Answer; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; - -import com.google.common.collect.Sets; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.CoreMatchers.nullValue; - -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; - -/** - * @author wkim - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultOAuth2ClientDetailsEntityService { - - @Mock - private OAuth2ClientRepository clientRepository; - - @Mock - private OAuth2TokenRepository tokenRepository; - - @Mock - private ApprovedSiteService approvedSiteService; - - @Mock - private WhitelistedSiteService whitelistedSiteService; - - @Mock - private BlacklistedSiteService blacklistedSiteService; - - @Mock - private SystemScopeService scopeService; - - @Mock - private ResourceSetService resourceSetService; - - @Mock - private StatsService statsService; - - @Mock - private ConfigurationPropertiesBean config; - - @InjectMocks - private DefaultOAuth2ClientDetailsEntityService service; - - @Before - public void prepare() { - Mockito.reset(clientRepository, tokenRepository, approvedSiteService, whitelistedSiteService, blacklistedSiteService, scopeService, statsService); - - Mockito.when(clientRepository.saveClient(Matchers.any(ClientDetailsEntity.class))).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - return (ClientDetailsEntity) args[0]; - } - }); - - Mockito.when(clientRepository.updateClient(Matchers.anyLong(), Matchers.any(ClientDetailsEntity.class))).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - return (ClientDetailsEntity) args[1]; - } - }); - - Mockito.when(scopeService.fromStrings(Matchers.anySet())).thenAnswer(new Answer>() { - @Override - public Set answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - Set input = (Set) args[0]; - Set output = new HashSet<>(); - for (String scope : input) { - output.add(new SystemScope(scope)); - } - return output; - } - }); - - Mockito.when(scopeService.toStrings(Matchers.anySet())).thenAnswer(new Answer>() { - @Override - public Set answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - Set input = (Set) args[0]; - Set output = new HashSet<>(); - for (SystemScope scope : input) { - output.add(scope.getValue()); - } - return output; - } - }); - - // we're not testing reserved scopes here, just pass through when it's called - Mockito.when(scopeService.removeReservedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg()); - - Mockito.when(config.isHeartMode()).thenReturn(false); - - } - - /** - * Failure case of existing client id. - */ - @Test(expected = IllegalArgumentException.class) - public void saveNewClient_badId() { - - // Set up a mock client. - ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class); - Mockito.when(client.getId()).thenReturn(12345L); // any non-null ID will work - - service.saveNewClient(client); - } - - /** - * Failure case of blacklisted client uri. - */ - @Test(expected = IllegalArgumentException.class) - public void saveNewClient_blacklisted() { - - ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class); - Mockito.when(client.getId()).thenReturn(null); - - String badUri = "badplace.xxx"; - - Mockito.when(blacklistedSiteService.isBlacklisted(badUri)).thenReturn(true); - Mockito.when(client.getRegisteredRedirectUri()).thenReturn(Sets.newHashSet(badUri)); - - service.saveNewClient(client); - } - - @Test - public void saveNewClient_idWasAssigned() { - - // Set up a mock client. - ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class); - Mockito.when(client.getId()).thenReturn(null); - - service.saveNewClient(client); - - Mockito.verify(client).setClientId(Matchers.anyString()); - } - - /** - * Makes sure client has offline access granted scope if allowed refresh tokens. - */ - @Test - public void saveNewClient_yesOfflineAccess() { - - ClientDetailsEntity client = new ClientDetailsEntity(); - - Set grantTypes = new HashSet<>(); - grantTypes.add("refresh_token"); - client.setGrantTypes(grantTypes); - - client = service.saveNewClient(client); - - assertThat(client.getScope().contains(SystemScopeService.OFFLINE_ACCESS), is(equalTo(true))); - } - - /** - * Makes sure client does not have offline access if not allowed to have refresh tokens. - */ - @Test - public void saveNewClient_noOfflineAccess() { - - ClientDetailsEntity client = new ClientDetailsEntity(); - - client = service.saveNewClient(client); - - Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet()); - - assertThat(client.getScope().contains(SystemScopeService.OFFLINE_ACCESS), is(equalTo(false))); - } - - @Test - public void loadClientByClientId_badId() { - - // null id - try { - service.loadClientByClientId(null); - fail("Null client id. Expected an IllegalArgumentException."); - } catch (IllegalArgumentException e) { - assertThat(e, is(notNullValue())); - } - - // empty id - try { - service.loadClientByClientId(""); - fail("Empty client id. Expected an IllegalArgumentException."); - } catch (IllegalArgumentException e) { - assertThat(e, is(notNullValue())); - } - - // id not found - String clientId = "b00g3r"; - Mockito.when(clientRepository.getClientByClientId(clientId)).thenReturn(null); - try { - service.loadClientByClientId(clientId); - fail("Client id not found. Expected an InvalidClientException."); - } catch (InvalidClientException e) { - assertThat(e, is(notNullValue())); - } - - } - - @Test(expected = InvalidClientException.class) - public void deleteClient_badId() { - - Long id = 12345L; - ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class); - Mockito.when(client.getId()).thenReturn(id); - Mockito.when(clientRepository.getById(id)).thenReturn(null); - - service.deleteClient(client); - } - - @Test - public void deleteClient() { - - Long id = 12345L; - String clientId = "b00g3r"; - - ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class); - Mockito.when(client.getId()).thenReturn(id); - Mockito.when(client.getClientId()).thenReturn(clientId); - - Mockito.when(clientRepository.getById(id)).thenReturn(client); - - WhitelistedSite site = Mockito.mock(WhitelistedSite.class); - Mockito.when(whitelistedSiteService.getByClientId(clientId)).thenReturn(site); - - Mockito.when(resourceSetService.getAllForClient(client)).thenReturn(new HashSet()); - - service.deleteClient(client); - - Mockito.verify(tokenRepository).clearTokensForClient(client); - Mockito.verify(approvedSiteService).clearApprovedSitesForClient(client); - Mockito.verify(whitelistedSiteService).remove(site); - Mockito.verify(clientRepository).deleteClient(client); - } - - @Test - public void updateClient_nullClients() { - - ClientDetailsEntity oldClient = Mockito.mock(ClientDetailsEntity.class); - ClientDetailsEntity newClient = Mockito.mock(ClientDetailsEntity.class); - - try { - service.updateClient(oldClient, null); - fail("New client is null. Expected an IllegalArgumentException."); - } catch (IllegalArgumentException e) { - assertThat(e, is(notNullValue())); - } - - try { - service.updateClient(null, newClient); - fail("Old client is null. Expected an IllegalArgumentException."); - } catch (IllegalArgumentException e) { - assertThat(e, is(notNullValue())); - } - - try { - service.updateClient(null, null); - fail("Both clients are null. Expected an IllegalArgumentException."); - } catch (IllegalArgumentException e) { - assertThat(e, is(notNullValue())); - } - } - - @Test(expected = IllegalArgumentException.class) - public void updateClient_blacklistedUri() { - - ClientDetailsEntity oldClient = Mockito.mock(ClientDetailsEntity.class); - ClientDetailsEntity newClient = Mockito.mock(ClientDetailsEntity.class); - - String badSite = "badsite.xxx"; - - Mockito.when(newClient.getRegisteredRedirectUri()).thenReturn(Sets.newHashSet(badSite)); - Mockito.when(blacklistedSiteService.isBlacklisted(badSite)).thenReturn(true); - - service.updateClient(oldClient, newClient); - } - - @Test - public void updateClient_yesOfflineAccess() { - - ClientDetailsEntity oldClient = new ClientDetailsEntity(); - ClientDetailsEntity client = new ClientDetailsEntity(); - - Set grantTypes = new HashSet<>(); - grantTypes.add("refresh_token"); - client.setGrantTypes(grantTypes); - - client = service.updateClient(oldClient, client); - - Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet()); - - assertThat(client.getScope().contains(SystemScopeService.OFFLINE_ACCESS), is(equalTo(true))); - } - - @Test - public void updateClient_noOfflineAccess() { - - ClientDetailsEntity oldClient = new ClientDetailsEntity(); - - oldClient.getScope().add(SystemScopeService.OFFLINE_ACCESS); - - ClientDetailsEntity client = new ClientDetailsEntity(); - - client = service.updateClient(oldClient, client); - - Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet()); - - assertThat(client.getScope().contains(SystemScopeService.OFFLINE_ACCESS), is(equalTo(false))); - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_authcode_invalidGrants() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("authorization_code"); - grantTypes.add("implicit"); - grantTypes.add("client_credentials"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - client.setRedirectUris(Sets.newHashSet("https://foo.bar/")); - - client.setJwksUri("https://foo.bar/jwks"); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_implicit_invalidGrants() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("implicit"); - grantTypes.add("authorization_code"); - grantTypes.add("client_credentials"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.NONE); - - client.setRedirectUris(Sets.newHashSet("https://foo.bar/")); - - client.setJwksUri("https://foo.bar/jwks"); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_clientcreds_invalidGrants() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("client_credentials"); - grantTypes.add("authorization_code"); - grantTypes.add("implicit"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - client.setJwksUri("https://foo.bar/jwks"); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_authcode_authMethod() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("authorization_code"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.SECRET_POST); - - client.setRedirectUris(Sets.newHashSet("https://foo.bar/")); - - client.setJwksUri("https://foo.bar/jwks"); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_implicit_authMethod() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("implicit"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - client.setRedirectUris(Sets.newHashSet("https://foo.bar/")); - - client.setJwksUri("https://foo.bar/jwks"); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_clientcreds_authMethod() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("client_credentials"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); - - client.setRedirectUris(Sets.newHashSet("https://foo.bar/")); - - client.setJwksUri("https://foo.bar/jwks"); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_authcode_redirectUris() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("authorization_code"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_implicit_redirectUris() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("implicit"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.NONE); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_clientcreds_redirectUris() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("client_credentials"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - client.setRedirectUris(Sets.newHashSet("http://foo.bar/")); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_clientSecret() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("authorization_code"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - client.setRedirectUris(Sets.newHashSet("http://foo.bar/")); - - client.setClientSecret("secret!"); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_noJwks() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("authorization_code"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - client.setRedirectUris(Sets.newHashSet("https://foo.bar/")); - - client.setJwks(null); - client.setJwksUri(null); - - service.saveNewClient(client); - - } - - @Test - public void heartMode_validAuthcodeClient() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("authorization_code"); - grantTypes.add("refresh_token"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - client.setRedirectUris(Sets.newHashSet("https://foo.bar/")); - - client.setJwksUri("https://foo.bar/jwks"); - - service.saveNewClient(client); - - assertThat(client.getClientId(), is(notNullValue(String.class))); - assertThat(client.getClientSecret(), is(nullValue())); - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_nonLocalHttpRedirect() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("authorization_code"); - grantTypes.add("refresh_token"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - client.setRedirectUris(Sets.newHashSet("http://foo.bar/")); - - client.setJwksUri("https://foo.bar/jwks"); - - service.saveNewClient(client); - - } - - @Test(expected = IllegalArgumentException.class) - public void heartMode_multipleRedirectClass() { - Mockito.when(config.isHeartMode()).thenReturn(true); - - ClientDetailsEntity client = new ClientDetailsEntity(); - Set grantTypes = new LinkedHashSet<>(); - grantTypes.add("authorization_code"); - grantTypes.add("refresh_token"); - client.setGrantTypes(grantTypes); - - client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY); - - client.setRedirectUris(Sets.newHashSet("http://localhost/", "https://foo.bar", "foo://bar")); - - client.setJwksUri("https://foo.bar/jwks"); - - service.saveNewClient(client); - - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java deleted file mode 100644 index afdb9dd6b0..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java +++ /dev/null @@ -1,546 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service.impl; - -import java.util.Date; -import java.util.HashSet; -import java.util.Set; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mockito.InjectMocks; -import org.mockito.Matchers; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.runners.MockitoJUnitRunner; -import org.mockito.stubbing.Answer; -import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; -import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.token.TokenEnhancer; - -import static com.google.common.collect.Sets.newHashSet; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.not; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.mockito.AdditionalAnswers.returnsFirstArg; -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anySet; -import static org.mockito.Matchers.anyString; -import static org.mockito.Mockito.atLeastOnce; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.never; -import static org.mockito.Mockito.reset; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -/** - * @author wkim - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultOAuth2ProviderTokenService { - - // Grace period for time-sensitive tests. - private static final long DELTA = 100L; - - // Test Fixture: - private OAuth2Authentication authentication; - private ClientDetailsEntity client; - private ClientDetailsEntity badClient; - private String clientId = "test_client"; - private String badClientId = "bad_client"; - private Set scope = newHashSet("openid", "profile", "email", "offline_access"); - private OAuth2RefreshTokenEntity refreshToken; - private OAuth2AccessTokenEntity accessToken; - private String refreshTokenValue = "refresh_token_value"; - private String userName = "6a50ac11786d402a9591d3e592ac770f"; - private TokenRequest tokenRequest; - - // for use when refreshing access tokens - private OAuth2Request storedAuthRequest; - private OAuth2Authentication storedAuthentication; - private AuthenticationHolderEntity storedAuthHolder; - private Set storedScope; - - @Mock - private OAuth2TokenRepository tokenRepository; - - @Mock - private AuthenticationHolderRepository authenticationHolderRepository; - - @Mock - private ClientDetailsEntityService clientDetailsService; - - @Mock - private TokenEnhancer tokenEnhancer; - - @Mock - private SystemScopeService scopeService; - - @InjectMocks - private DefaultOAuth2ProviderTokenService service; - - /** - * Set up a mock authentication and mock client to work with. - */ - @Before - public void prepare() { - reset(tokenRepository, authenticationHolderRepository, clientDetailsService, tokenEnhancer); - - authentication = Mockito.mock(OAuth2Authentication.class); - OAuth2Request clientAuth = new OAuth2Request(null, clientId, null, true, scope, null, null, null, null); - when(authentication.getOAuth2Request()).thenReturn(clientAuth); - - client = Mockito.mock(ClientDetailsEntity.class); - when(client.getClientId()).thenReturn(clientId); - when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(client); - when(client.isReuseRefreshToken()).thenReturn(true); - - // by default in tests, allow refresh tokens - when(client.isAllowRefresh()).thenReturn(true); - - // by default, clear access tokens on refresh - when(client.isClearAccessTokensOnRefresh()).thenReturn(true); - - badClient = Mockito.mock(ClientDetailsEntity.class); - when(badClient.getClientId()).thenReturn(badClientId); - when(clientDetailsService.loadClientByClientId(badClientId)).thenReturn(badClient); - - refreshToken = Mockito.mock(OAuth2RefreshTokenEntity.class); - when(tokenRepository.getRefreshTokenByValue(refreshTokenValue)).thenReturn(refreshToken); - when(refreshToken.getClient()).thenReturn(client); - when(refreshToken.isExpired()).thenReturn(false); - - accessToken = Mockito.mock(OAuth2AccessTokenEntity.class); - - tokenRequest = new TokenRequest(null, clientId, null, null); - - storedAuthentication = authentication; - storedAuthRequest = clientAuth; - storedAuthHolder = mock(AuthenticationHolderEntity.class); - storedScope = newHashSet(scope); - - when(refreshToken.getAuthenticationHolder()).thenReturn(storedAuthHolder); - when(storedAuthHolder.getAuthentication()).thenReturn(storedAuthentication); - when(storedAuthentication.getOAuth2Request()).thenReturn(storedAuthRequest); - - when(authenticationHolderRepository.save(any(AuthenticationHolderEntity.class))).thenReturn(storedAuthHolder); - - when(scopeService.fromStrings(anySet())).thenAnswer(new Answer>() { - @Override - public Set answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - Set input = (Set) args[0]; - Set output = new HashSet<>(); - for (String scope : input) { - output.add(new SystemScope(scope)); - } - return output; - } - }); - - when(scopeService.toStrings(anySet())).thenAnswer(new Answer>() { - @Override - public Set answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - Set input = (Set) args[0]; - Set output = new HashSet<>(); - for (SystemScope scope : input) { - output.add(scope.getValue()); - } - return output; - } - }); - - // we're not testing restricted or reserved scopes here, just pass through - when(scopeService.removeReservedScopes(anySet())).then(returnsFirstArg()); - when(scopeService.removeRestrictedAndReservedScopes(anySet())).then(returnsFirstArg()); - - when(tokenEnhancer.enhance(any(OAuth2AccessTokenEntity.class), any(OAuth2Authentication.class))) - .thenAnswer(new Answer(){ - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - return (OAuth2AccessTokenEntity) args[0]; - } - }); - - when(tokenRepository.saveAccessToken(any(OAuth2AccessTokenEntity.class))) - .thenAnswer(new Answer() { - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - return (OAuth2AccessTokenEntity) args[0]; - } - - }); - - when(tokenRepository.saveRefreshToken(any(OAuth2RefreshTokenEntity.class))) - .thenAnswer(new Answer() { - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - return (OAuth2RefreshTokenEntity) args[0]; - } - }); - - } - - /** - * Tests exception handling for null authentication or null authorization. - */ - @Test - public void createAccessToken_nullAuth() { - when(authentication.getOAuth2Request()).thenReturn(null); - - try { - service.createAccessToken(null); - fail("Authentication parameter is null. Excpected a AuthenticationCredentialsNotFoundException."); - } catch (AuthenticationCredentialsNotFoundException e) { - assertThat(e, is(notNullValue())); - } - - try { - service.createAccessToken(authentication); - fail("AuthorizationRequest is null. Excpected a AuthenticationCredentialsNotFoundException."); - } catch (AuthenticationCredentialsNotFoundException e) { - assertThat(e, is(notNullValue())); - } - } - - /** - * Tests exception handling for clients not found. - */ - @Test(expected = InvalidClientException.class) - public void createAccessToken_nullClient() { - when(clientDetailsService.loadClientByClientId(anyString())).thenReturn(null); - - service.createAccessToken(authentication); - } - - /** - * Tests the creation of access tokens for clients that are not allowed to have refresh tokens. - */ - @Test - public void createAccessToken_noRefresh() { - when(client.isAllowRefresh()).thenReturn(false); - - OAuth2AccessTokenEntity token = service.createAccessToken(authentication); - - verify(clientDetailsService).loadClientByClientId(anyString()); - verify(authenticationHolderRepository).save(any(AuthenticationHolderEntity.class)); - verify(tokenEnhancer).enhance(any(OAuth2AccessTokenEntity.class), Matchers.eq(authentication)); - verify(tokenRepository).saveAccessToken(any(OAuth2AccessTokenEntity.class)); - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - verify(tokenRepository, Mockito.never()).saveRefreshToken(any(OAuth2RefreshTokenEntity.class)); - - assertThat(token.getRefreshToken(), is(nullValue())); - } - - /** - * Tests the creation of access tokens for clients that are allowed to have refresh tokens. - */ - @Test - public void createAccessToken_yesRefresh() { - OAuth2Request clientAuth = new OAuth2Request(null, clientId, null, true, newHashSet(SystemScopeService.OFFLINE_ACCESS), null, null, null, null); - when(authentication.getOAuth2Request()).thenReturn(clientAuth); - when(client.isAllowRefresh()).thenReturn(true); - - OAuth2AccessTokenEntity token = service.createAccessToken(authentication); - - // Note: a refactor may be appropriate to only save refresh tokens once to the repository during creation. - verify(tokenRepository, atLeastOnce()).saveRefreshToken(any(OAuth2RefreshTokenEntity.class)); - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - assertThat(token.getRefreshToken(), is(notNullValue())); - } - - /** - * Checks to see that the expiration date of new tokens is being set accurately to within some delta for time skew. - */ - @Test - public void createAccessToken_expiration() { - Integer accessTokenValiditySeconds = 3600; - Integer refreshTokenValiditySeconds = 600; - - when(client.getAccessTokenValiditySeconds()).thenReturn(accessTokenValiditySeconds); - when(client.getRefreshTokenValiditySeconds()).thenReturn(refreshTokenValiditySeconds); - - long start = System.currentTimeMillis(); - OAuth2AccessTokenEntity token = service.createAccessToken(authentication); - long end = System.currentTimeMillis(); - - // Accounting for some delta for time skew on either side. - Date lowerBoundAccessTokens = new Date(start + (accessTokenValiditySeconds * 1000L) - DELTA); - Date upperBoundAccessTokens = new Date(end + (accessTokenValiditySeconds * 1000L) + DELTA); - Date lowerBoundRefreshTokens = new Date(start + (refreshTokenValiditySeconds * 1000L) - DELTA); - Date upperBoundRefreshTokens = new Date(end + (refreshTokenValiditySeconds * 1000L) + DELTA); - - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - assertTrue(token.getExpiration().after(lowerBoundAccessTokens) && token.getExpiration().before(upperBoundAccessTokens)); - assertTrue(token.getRefreshToken().getExpiration().after(lowerBoundRefreshTokens) && token.getRefreshToken().getExpiration().before(upperBoundRefreshTokens)); - } - - @Test - public void createAccessToken_checkClient() { - OAuth2AccessTokenEntity token = service.createAccessToken(authentication); - - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - assertThat(token.getClient().getClientId(), equalTo(clientId)); - } - - @Test - public void createAccessToken_checkScopes() { - OAuth2AccessTokenEntity token = service.createAccessToken(authentication); - - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - assertThat(token.getScope(), equalTo(scope)); - } - - @Test - public void createAccessToken_checkAttachedAuthentication() { - AuthenticationHolderEntity authHolder = mock(AuthenticationHolderEntity.class); - when(authHolder.getAuthentication()).thenReturn(authentication); - - when(authenticationHolderRepository.save(any(AuthenticationHolderEntity.class))).thenReturn(authHolder); - - OAuth2AccessTokenEntity token = service.createAccessToken(authentication); - - assertThat(token.getAuthenticationHolder().getAuthentication(), equalTo(authentication)); - verify(authenticationHolderRepository).save(any(AuthenticationHolderEntity.class)); - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - } - - @Test(expected = InvalidTokenException.class) - public void refreshAccessToken_noRefreshToken() { - when(tokenRepository.getRefreshTokenByValue(anyString())).thenReturn(null); - - service.refreshAccessToken(refreshTokenValue, tokenRequest); - } - - @Test(expected = InvalidClientException.class) - public void refreshAccessToken_notAllowRefresh() { - when(client.isAllowRefresh()).thenReturn(false); - - service.refreshAccessToken(refreshTokenValue, tokenRequest); - } - - @Test(expected = InvalidClientException.class) - public void refreshAccessToken_clientMismatch() { - tokenRequest = new TokenRequest(null, badClientId, null, null); - - service.refreshAccessToken(refreshTokenValue, tokenRequest); - } - - @Test(expected = InvalidTokenException.class) - public void refreshAccessToken_expired() { - when(refreshToken.isExpired()).thenReturn(true); - - service.refreshAccessToken(refreshTokenValue, tokenRequest); - } - - @Test - public void refreshAccessToken_verifyAcessToken() { - OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest); - - verify(tokenRepository).clearAccessTokensForRefreshToken(refreshToken); - - assertThat(token.getClient(), equalTo(client)); - assertThat(token.getRefreshToken(), equalTo(refreshToken)); - assertThat(token.getAuthenticationHolder(), equalTo(storedAuthHolder)); - - verify(tokenEnhancer).enhance(token, storedAuthentication); - verify(tokenRepository).saveAccessToken(token); - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - } - - @Test - public void refreshAccessToken_rotateRefreshToken() { - when(client.isReuseRefreshToken()).thenReturn(false); - - OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest); - - verify(tokenRepository).clearAccessTokensForRefreshToken(refreshToken); - - assertThat(token.getClient(), equalTo(client)); - assertThat(token.getRefreshToken(), not(equalTo(refreshToken))); - assertThat(token.getAuthenticationHolder(), equalTo(storedAuthHolder)); - - verify(tokenEnhancer).enhance(token, storedAuthentication); - verify(tokenRepository).saveAccessToken(token); - verify(tokenRepository).removeRefreshToken(refreshToken); - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - } - - @Test - public void refreshAccessToken_keepAccessTokens() { - when(client.isClearAccessTokensOnRefresh()).thenReturn(false); - - OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest); - - verify(tokenRepository, never()).clearAccessTokensForRefreshToken(refreshToken); - - assertThat(token.getClient(), equalTo(client)); - assertThat(token.getRefreshToken(), equalTo(refreshToken)); - assertThat(token.getAuthenticationHolder(), equalTo(storedAuthHolder)); - - verify(tokenEnhancer).enhance(token, storedAuthentication); - verify(tokenRepository).saveAccessToken(token); - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - } - - @Test - public void refreshAccessToken_requestingSameScope() { - OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest); - - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - assertThat(token.getScope(), equalTo(storedScope)); - } - - @Test - public void refreshAccessToken_requestingLessScope() { - Set lessScope = newHashSet("openid", "profile"); - - tokenRequest.setScope(lessScope); - - OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest); - - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - assertThat(token.getScope(), equalTo(lessScope)); - } - - @Test(expected = InvalidScopeException.class) - public void refreshAccessToken_requestingMoreScope() { - Set moreScope = newHashSet(storedScope); - moreScope.add("address"); - moreScope.add("phone"); - - tokenRequest.setScope(moreScope); - - service.refreshAccessToken(refreshTokenValue, tokenRequest); - } - - /** - * Tests the case where only some of the valid scope values are being requested along with - * other extra unauthorized scope values. - */ - @Test(expected = InvalidScopeException.class) - public void refreshAccessToken_requestingMixedScope() { - Set mixedScope = newHashSet("openid", "profile", "address", "phone"); // no email or offline_access - - tokenRequest.setScope(mixedScope); - - service.refreshAccessToken(refreshTokenValue, tokenRequest); - } - - @Test - public void refreshAccessToken_requestingEmptyScope() { - Set emptyScope = newHashSet(); - - tokenRequest.setScope(emptyScope); - - OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest); - - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - assertThat(token.getScope(), equalTo(storedScope)); - } - - @Test - public void refreshAccessToken_requestingNullScope() { - tokenRequest.setScope(null); - - OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest); - - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - assertThat(token.getScope(), equalTo(storedScope)); - - } - - /** - * Checks to see that the expiration date of refreshed tokens is being set accurately to within some delta for time skew. - */ - @Test - public void refreshAccessToken_expiration() { - Integer accessTokenValiditySeconds = 3600; - - when(client.getAccessTokenValiditySeconds()).thenReturn(accessTokenValiditySeconds); - - long start = System.currentTimeMillis(); - OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest); - long end = System.currentTimeMillis(); - - // Accounting for some delta for time skew on either side. - Date lowerBoundAccessTokens = new Date(start + (accessTokenValiditySeconds * 1000L) - DELTA); - Date upperBoundAccessTokens = new Date(end + (accessTokenValiditySeconds * 1000L) + DELTA); - - verify(scopeService, atLeastOnce()).removeReservedScopes(anySet()); - - assertTrue(token.getExpiration().after(lowerBoundAccessTokens) && token.getExpiration().before(upperBoundAccessTokens)); - } - - @Test - public void getAllAccessTokensForUser(){ - when(tokenRepository.getAccessTokensByUserName(userName)).thenReturn(newHashSet(accessToken)); - - Set tokens = service.getAllAccessTokensForUser(userName); - assertEquals(1, tokens.size()); - assertTrue(tokens.contains(accessToken)); - } - - @Test - public void getAllRefreshTokensForUser(){ - when(tokenRepository.getRefreshTokensByUserName(userName)).thenReturn(newHashSet(refreshToken)); - - Set tokens = service.getAllRefreshTokensForUser(userName); - assertEquals(1, tokens.size()); - assertTrue(tokens.contains(refreshToken)); - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java deleted file mode 100644 index 808d96b581..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java +++ /dev/null @@ -1,189 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.oauth2.service.impl; - -import java.util.Set; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; - -import com.google.common.collect.Sets; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; - -import static org.junit.Assert.assertThat; - -/** - * @author wkim - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultSystemScopeService { - - // test fixture - private SystemScope defaultDynScope1; - private SystemScope defaultDynScope2; - private SystemScope defaultScope1; - private SystemScope defaultScope2; - private SystemScope dynScope1; - private SystemScope restrictedScope1; - - private String defaultDynScope1String = "defaultDynScope1"; - private String defaultDynScope2String = "defaultDynScope2"; - private String defaultScope1String = "defaultScope1"; - private String defaultScope2String = "defaultScope2"; - private String dynScope1String = "dynScope1"; - private String restrictedScope1String = "restrictedScope1"; - - private Set allScopes; - private Set allScopeStrings; - private Set allScopesWithValue; - private Set allScopeStringsWithValue; - - @Mock - private SystemScopeRepository repository; - - @InjectMocks - private DefaultSystemScopeService service; - - /** - * Assumes these SystemScope defaults: isDefaultScope=false and isAllowDynReg=false. - */ - @Before - public void prepare() { - - Mockito.reset(repository); - - // two default and dynamically registerable scopes (unrestricted) - defaultDynScope1 = new SystemScope(defaultDynScope1String); - defaultDynScope2 = new SystemScope(defaultDynScope2String); - defaultDynScope1.setDefaultScope(true); - defaultDynScope2.setDefaultScope(true); - - // two strictly default scopes (restricted) - defaultScope1 = new SystemScope(defaultScope1String); - defaultScope2 = new SystemScope(defaultScope2String); - defaultScope1.setRestricted(true); - defaultScope2.setRestricted(true); - defaultScope1.setDefaultScope(true); - defaultScope2.setDefaultScope(true); - - // one strictly dynamically registerable scope (isDefault false) - dynScope1 = new SystemScope(dynScope1String); - - // extraScope1 : extra scope that is neither restricted nor default (defaults to false/false) - restrictedScope1 = new SystemScope(restrictedScope1String); - restrictedScope1.setRestricted(true); - - - allScopes = Sets.newHashSet(defaultDynScope1, defaultDynScope2, defaultScope1, defaultScope2, dynScope1, restrictedScope1); - allScopeStrings = Sets.newHashSet(defaultDynScope1String, defaultDynScope2String, defaultScope1String, defaultScope2String, dynScope1String, restrictedScope1String); - - allScopesWithValue = Sets.newHashSet(defaultDynScope1, defaultDynScope2, defaultScope1, defaultScope2, dynScope1, restrictedScope1); - allScopeStringsWithValue = Sets.newHashSet(defaultDynScope1String, defaultDynScope2String, defaultScope1String, defaultScope2String, dynScope1String, restrictedScope1String); - - Mockito.when(repository.getByValue(defaultDynScope1String)).thenReturn(defaultDynScope1); - Mockito.when(repository.getByValue(defaultDynScope2String)).thenReturn(defaultDynScope2); - Mockito.when(repository.getByValue(defaultScope1String)).thenReturn(defaultScope1); - Mockito.when(repository.getByValue(defaultScope2String)).thenReturn(defaultScope2); - Mockito.when(repository.getByValue(dynScope1String)).thenReturn(dynScope1); - Mockito.when(repository.getByValue(restrictedScope1String)).thenReturn(restrictedScope1); - - Mockito.when(repository.getAll()).thenReturn(allScopes); - } - - @Test - public void getAll() { - - assertThat(service.getAll(), equalTo(allScopes)); - } - - @Test - public void getDefaults() { - - Set defaults = Sets.newHashSet(defaultDynScope1, defaultDynScope2, defaultScope1, defaultScope2); - - assertThat(service.getDefaults(), equalTo(defaults)); - } - - @Test - public void getUnrestricted() { - - Set unrestricted = Sets.newHashSet(defaultDynScope1, defaultDynScope2, dynScope1); - - assertThat(service.getUnrestricted(), equalTo(unrestricted)); - } - - @Test - public void getRestricted() { - Set restricted = Sets.newHashSet(defaultScope1, defaultScope2, restrictedScope1); - - assertThat(service.getRestricted(), equalTo(restricted)); - - } - - @Test - public void fromStrings() { - - // check null condition - assertThat(service.fromStrings(null), is(nullValue())); - - assertThat(service.fromStrings(allScopeStrings), equalTo(allScopes)); - - assertThat(service.fromStrings(allScopeStringsWithValue), equalTo(allScopesWithValue)); - } - - @Test - public void toStrings() { - - // check null condition - assertThat(service.toStrings(null), is(nullValue())); - - assertThat(service.toStrings(allScopes), equalTo(allScopeStrings)); - - assertThat(service.toStrings(allScopesWithValue), equalTo(allScopeStringsWithValue)); - } - - @Test - public void scopesMatch() { - - Set expected = Sets.newHashSet("foo", "bar", "baz"); - Set actualGood = Sets.newHashSet("foo", "baz", "bar"); - Set actualGood2 = Sets.newHashSet("foo", "bar"); - Set actualBad = Sets.newHashSet("foo", "bob", "bar"); - - // same scopes, different order - assertThat(service.scopesMatch(expected, actualGood), is(true)); - - // subset - assertThat(service.scopesMatch(expected, actualGood2), is(true)); - - // extra scope (fail) - assertThat(service.scopesMatch(expected, actualBad), is(false)); - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/assertion/TestJWTBearerAuthenticationProvider.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/assertion/TestJWTBearerAuthenticationProvider.java deleted file mode 100644 index fde99f499e..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/assertion/TestJWTBearerAuthenticationProvider.java +++ /dev/null @@ -1,414 +0,0 @@ -package org.mitre.openid.connect.assertion; - -import static org.hamcrest.CoreMatchers.hasItems; -import static org.hamcrest.CoreMatchers.instanceOf; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.startsWith; -import static org.junit.Assert.assertThat; -import static org.mockito.Matchers.any; -import static org.mockito.Mockito.when; - -import java.util.Arrays; -import java.util.Date; -import java.util.List; -import java.util.concurrent.TimeUnit; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.jwt.signer.service.impl.ClientKeyCacheService; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.runners.MockitoJUnitRunner; -import org.springframework.security.authentication.AuthenticationServiceException; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.oauth2.common.exceptions.InvalidClientException; - -import com.google.common.collect.ImmutableList; -import com.google.common.collect.ImmutableSet; -import com.nimbusds.jose.EncryptionMethod; -import com.nimbusds.jose.JWEAlgorithm; -import com.nimbusds.jose.JWEHeader; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.EncryptedJWT; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.PlainJWT; -import com.nimbusds.jwt.SignedJWT; - -@RunWith(MockitoJUnitRunner.class) -public class TestJWTBearerAuthenticationProvider { - - private static final String CLIENT_ID = "client"; - private static final String SUBJECT = "subject"; - - @Mock - private ClientKeyCacheService validators; - @Mock - private ClientDetailsEntityService clientService; - @Mock - private ConfigurationPropertiesBean config; - - @InjectMocks - private JWTBearerAuthenticationProvider jwtBearerAuthenticationProvider; - - @Mock - private JWTBearerAssertionAuthenticationToken token; - @Mock - private ClientDetailsEntity client; - @Mock - private JWTSigningAndValidationService validator; - - private GrantedAuthority authority1 = new SimpleGrantedAuthority("1"); - private GrantedAuthority authority2 = new SimpleGrantedAuthority("2"); - private GrantedAuthority authority3 = new SimpleGrantedAuthority("3"); - - @Before - public void setup() { - when(clientService.loadClientByClientId(CLIENT_ID)).thenReturn(client); - - when(token.getName()).thenReturn(CLIENT_ID); - - when(client.getClientId()).thenReturn(CLIENT_ID); - when(client.getTokenEndpointAuthMethod()).thenReturn(AuthMethod.NONE); - when(client.getAuthorities()).thenReturn(ImmutableSet.of(authority1, authority2, authority3)); - - when(validators.getValidator(client, JWSAlgorithm.RS256)).thenReturn(validator); - when(validator.validateSignature(any(SignedJWT.class))).thenReturn(true); - - when(config.getIssuer()).thenReturn("http://issuer.com/"); - } - - @Test - public void should_not_support_UsernamePasswordAuthenticationToken() { - assertThat(jwtBearerAuthenticationProvider.supports(UsernamePasswordAuthenticationToken.class), is(false)); - } - - @Test - public void should_support_JWTBearerAssertionAuthenticationToken() { - assertThat(jwtBearerAuthenticationProvider.supports(JWTBearerAssertionAuthenticationToken.class), is(true)); - } - - @Test - public void should_throw_UsernameNotFoundException_when_clientService_throws_InvalidClientException() { - when(clientService.loadClientByClientId(CLIENT_ID)).thenThrow(new InvalidClientException("invalid client")); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(UsernameNotFoundException.class)); - assertThat(thrown.getMessage(), is("Could not find client: " + CLIENT_ID)); - } - - @Test - public void should_throw_AuthenticationServiceException_for_PlainJWT() { - mockPlainJWTAuthAttempt(); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), is("Unsupported JWT type: " + PlainJWT.class.getName())); - } - - @Test - public void should_throw_AuthenticationServiceException_for_EncryptedJWT() { - mockEncryptedJWTAuthAttempt(); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), is("Unsupported JWT type: " + EncryptedJWT.class.getName())); - } - - @Test - public void should_throw_AuthenticationServiceException_for_SignedJWT_when_signing_algorithms_do_not_match() { - when(client.getTokenEndpointAuthSigningAlg()).thenReturn(JWSAlgorithm.RS256); - SignedJWT signedJWT = createSignedJWT(JWSAlgorithm.ES384); - when(token.getJwt()).thenReturn(signedJWT); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), is("Client's registered token endpoint signing algorithm (RS256) does not match token's actual algorithm (ES384)")); - } - - @Test - public void should_throw_AuthenticationServiceException_for_SignedJWT_when_unsupported_authentication_method_for_SignedJWT() { - List unsupportedAuthMethods = - Arrays.asList(null, AuthMethod.NONE, AuthMethod.SECRET_BASIC, AuthMethod.SECRET_POST); - - for (AuthMethod unsupportedAuthMethod : unsupportedAuthMethods) { - SignedJWT signedJWT = createSignedJWT(); - when(token.getJwt()).thenReturn(signedJWT); - when(client.getTokenEndpointAuthMethod()).thenReturn(unsupportedAuthMethod); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), is("Client does not support this authentication method.")); - } - } - - @Test - public void should_throw_AuthenticationServiceException_for_SignedJWT_when_invalid_algorithm_for_PRIVATE_KEY_auth_method() { - List invalidAlgorithms = Arrays.asList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512); - - for (JWSAlgorithm algorithm : invalidAlgorithms) { - SignedJWT signedJWT = createSignedJWT(algorithm); - when(token.getJwt()).thenReturn(signedJWT); - when(client.getTokenEndpointAuthMethod()).thenReturn(AuthMethod.PRIVATE_KEY); - when(client.getTokenEndpointAuthSigningAlg()).thenReturn(algorithm); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), startsWith("Unable to create signature validator for method")); - } - } - - @Test - public void should_throw_AuthenticationServiceException_for_SignedJWT_when_invalid_algorithm_for_SECRET_JWT_auth_method() { - List invalidAlgorithms = Arrays.asList( - JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512, - JWSAlgorithm.ES256, JWSAlgorithm.ES384, JWSAlgorithm.ES512, - JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512); - - for (JWSAlgorithm algorithm : invalidAlgorithms) { - SignedJWT signedJWT = createSignedJWT(algorithm); - when(token.getJwt()).thenReturn(signedJWT); - when(client.getTokenEndpointAuthMethod()).thenReturn(AuthMethod.SECRET_JWT); - when(client.getTokenEndpointAuthSigningAlg()).thenReturn(algorithm); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), startsWith("Unable to create signature validator for method")); - } - } - - @Test - public void should_throw_AuthenticationServiceException_for_SignedJWT_when_in_heart_mode_and_auth_method_is_not_PRIVATE_KEY() { - SignedJWT signedJWT = createSignedJWT(JWSAlgorithm.HS256); - when(token.getJwt()).thenReturn(signedJWT); - when(client.getTokenEndpointAuthSigningAlg()).thenReturn(JWSAlgorithm.HS256); - when(config.isHeartMode()).thenReturn(true); - when(client.getTokenEndpointAuthMethod()).thenReturn(AuthMethod.SECRET_JWT); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), is("[HEART mode] Invalid authentication method")); - } - - @Test - public void should_throw_AuthenticationServiceException_for_SignedJWT_when_null_validator() { - mockSignedJWTAuthAttempt(); - when(validators.getValidator(any(ClientDetailsEntity.class), any(JWSAlgorithm.class))).thenReturn(null); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), startsWith("Unable to create signature validator for client")); - } - - @Test - public void should_throw_AuthenticationServiceException_for_SignedJWT_when_invalid_signature() { - SignedJWT signedJWT = mockSignedJWTAuthAttempt(); - when(validator.validateSignature(signedJWT)).thenReturn(false); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), is("Signature did not validate for presented JWT authentication.")); - } - - @Test - public void should_throw_AuthenticationServiceException_when_null_issuer() { - JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder().issuer(null).build(); - mockSignedJWTAuthAttempt(jwtClaimsSet); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), is("Assertion Token Issuer is null")); - } - - @Test - public void should_throw_AuthenticationServiceException_when_not_matching_issuer() { - JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder().issuer("not matching").build(); - mockSignedJWTAuthAttempt(jwtClaimsSet); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), startsWith("Issuers do not match")); - } - - @Test - public void should_throw_AuthenticationServiceException_when_null_expiration_time() { - JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder().issuer(CLIENT_ID).expirationTime(null).build(); - mockSignedJWTAuthAttempt(jwtClaimsSet); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), is("Assertion Token does not have required expiration claim")); - } - - @Test - public void should_throw_AuthenticationServiceException_when_expired_jwt() { - Date expiredDate = new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(500)); - JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder().issuer(CLIENT_ID).expirationTime(expiredDate).build(); - mockSignedJWTAuthAttempt(jwtClaimsSet); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), startsWith("Assertion Token is expired")); - } - - @Test - public void should_throw_AuthenticationServiceException_when_jwt_valid_in_future() { - Date futureDate = new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(500)); - JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder().issuer(CLIENT_ID).expirationTime(futureDate).notBeforeTime(futureDate).build(); - mockSignedJWTAuthAttempt(jwtClaimsSet); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), startsWith("Assertion Token not valid until")); - } - - @Test - public void should_throw_AuthenticationServiceException_when_jwt_issued_in_future() { - Date futureDate = new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(500)); - JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder().issuer(CLIENT_ID).expirationTime(futureDate).issueTime(futureDate).build(); - mockSignedJWTAuthAttempt(jwtClaimsSet); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), startsWith("Assertion Token was issued in the future")); - } - - @Test - public void should_throw_AuthenticationServiceException_when_unmatching_audience() { - JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder().issuer(CLIENT_ID).expirationTime(new Date()).audience("invalid").build(); - mockSignedJWTAuthAttempt(jwtClaimsSet); - - Throwable thrown = authenticateAndReturnThrownException(); - - assertThat(thrown, instanceOf(AuthenticationServiceException.class)); - assertThat(thrown.getMessage(), startsWith("Audience does not match")); - } - - @Test - public void should_return_valid_token_when_audience_contains_token_endpoint() { - JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder() - .issuer(CLIENT_ID) - .subject(SUBJECT) - .expirationTime(new Date()) - .audience(ImmutableList.of("http://issuer.com/token", "invalid")) - .build(); - JWT jwt = mockSignedJWTAuthAttempt(jwtClaimsSet); - - Authentication authentication = jwtBearerAuthenticationProvider.authenticate(token); - - assertThat(authentication, instanceOf(JWTBearerAssertionAuthenticationToken.class)); - - JWTBearerAssertionAuthenticationToken token = (JWTBearerAssertionAuthenticationToken) authentication; - assertThat(token.getName(), is(SUBJECT)); - assertThat(token.getJwt(), is(jwt)); - assertThat(token.getAuthorities(), hasItems(authority1, authority2, authority3)); - assertThat(token.getAuthorities().size(), is(4)); - } - - @Test - public void should_return_valid_token_when_issuer_does_not_end_with_slash_and_audience_contains_token_endpoint() { - JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder() - .issuer(CLIENT_ID) - .subject(SUBJECT) - .expirationTime(new Date()) - .audience(ImmutableList.of("http://issuer.com/token")) - .build(); - JWT jwt = mockSignedJWTAuthAttempt(jwtClaimsSet); - when(config.getIssuer()).thenReturn("http://issuer.com/"); - - Authentication authentication = jwtBearerAuthenticationProvider.authenticate(token); - - assertThat(authentication, instanceOf(JWTBearerAssertionAuthenticationToken.class)); - - JWTBearerAssertionAuthenticationToken token = (JWTBearerAssertionAuthenticationToken) authentication; - assertThat(token.getName(), is(SUBJECT)); - assertThat(token.getJwt(), is(jwt)); - assertThat(token.getAuthorities(), hasItems(authority1, authority2, authority3)); - assertThat(token.getAuthorities().size(), is(4)); - } - - private void mockPlainJWTAuthAttempt() { - PlainJWT plainJWT = new PlainJWT(createJwtClaimsSet()); - when(token.getJwt()).thenReturn(plainJWT); - } - - private void mockEncryptedJWTAuthAttempt() { - JWEHeader jweHeader = new JWEHeader.Builder(JWEAlgorithm.A128GCMKW, EncryptionMethod.A256GCM).build(); - EncryptedJWT encryptedJWT = new EncryptedJWT(jweHeader, createJwtClaimsSet()); - when(token.getJwt()).thenReturn(encryptedJWT); - } - - private SignedJWT mockSignedJWTAuthAttempt() { - return mockSignedJWTAuthAttempt(createJwtClaimsSet()); - } - - private SignedJWT mockSignedJWTAuthAttempt(JWTClaimsSet jwtClaimsSet) { - SignedJWT signedJWT = createSignedJWT(JWSAlgorithm.RS256, jwtClaimsSet); - when(token.getJwt()).thenReturn(signedJWT); - when(client.getTokenEndpointAuthMethod()).thenReturn(AuthMethod.PRIVATE_KEY); - when(client.getTokenEndpointAuthSigningAlg()).thenReturn(JWSAlgorithm.RS256); - return signedJWT; - } - - private Throwable authenticateAndReturnThrownException() { - try { - jwtBearerAuthenticationProvider.authenticate(token); - } catch (Throwable throwable) { - return throwable; - } - throw new AssertionError("No exception thrown when expected"); - } - - private SignedJWT createSignedJWT() { - return createSignedJWT(JWSAlgorithm.RS256); - } - - private SignedJWT createSignedJWT(JWSAlgorithm jwsAlgorithm) { - JWSHeader jwsHeader = new JWSHeader.Builder(jwsAlgorithm).build(); - JWTClaimsSet claims = createJwtClaimsSet(); - - return new SignedJWT(jwsHeader, claims); - } - - private SignedJWT createSignedJWT(JWSAlgorithm jwsAlgorithm, JWTClaimsSet jwtClaimsSet) { - JWSHeader jwsHeader = new JWSHeader.Builder(jwsAlgorithm).build(); - - return new SignedJWT(jwsHeader, jwtClaimsSet); - } - - private JWTClaimsSet createJwtClaimsSet() { - return new JWTClaimsSet.Builder() - .issuer(CLIENT_ID) - .expirationTime(new Date()) - .audience("http://issuer.com/") - .build(); - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/config/TestJsonMessageSource.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/config/TestJsonMessageSource.java deleted file mode 100644 index 04d7735d2f..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/config/TestJsonMessageSource.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.mitre.openid.connect.config; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Spy; -import org.mockito.runners.MockitoJUnitRunner; -import org.springframework.core.io.ClassPathResource; -import org.springframework.core.io.Resource; - -import java.text.MessageFormat; -import java.util.Locale; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; - -@RunWith(MockitoJUnitRunner.class) -public class TestJsonMessageSource { - - @InjectMocks - private JsonMessageSource jsonMessageSource; - - @Spy - private ConfigurationPropertiesBean config; - - private Locale localeThatHasAFile = new Locale("en"); - - private Locale localeThatDoesNotHaveAFile = new Locale("xx"); - - @Before - public void setup() { - //test message files are located in test/resources/js/locale/ - Resource resource = new ClassPathResource("/resources/js/locale/"); - jsonMessageSource.setBaseDirectory(resource); - } - - @Test - public void verifyWhenLocaleExists_canResolveCode() { - MessageFormat mf = jsonMessageSource.resolveCode("testAttribute", localeThatHasAFile); - assertEquals(mf.getLocale().getLanguage(), "en"); - assertEquals(mf.toPattern(), "testValue"); - } - - @Test - public void verifyWhenLocaleDoesNotExist_cannotResolveCode() { - MessageFormat mf = jsonMessageSource.resolveCode("test", localeThatDoesNotHaveAFile); - assertNull(mf); - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java deleted file mode 100644 index 8524145f0b..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java +++ /dev/null @@ -1,131 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mockito.Matchers.any; - -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.service.ApprovedSiteService; -import org.mitre.openid.connect.service.StatsService; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; -import org.springframework.test.annotation.Rollback; - -import com.google.common.collect.ImmutableList; -import com.google.common.collect.Sets; - -import static org.mockito.Mockito.never; -import static org.mockito.Mockito.times; - -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultApprovedSiteService { - - private ApprovedSite site1; - private ApprovedSite site2; - private ApprovedSite site3; - - private ClientDetailsEntity client; - private final String clientId = "client"; - - @Mock - private ApprovedSiteRepository repository; - - @Mock - private OAuth2TokenRepository tokenRepository; - - @Mock - private StatsService statsService; - - @InjectMocks - private ApprovedSiteService service = new DefaultApprovedSiteService(); - - - /** - * Initialize the service and repository mock. Initialize a client and - * several ApprovedSite objects for use in unit tests. - */ - @Before - public void prepare() { - - client = new ClientDetailsEntity(); - client.setClientId(clientId); - - site1 = new ApprovedSite(); - site1.setId(1L); - site1.setUserId("user1"); - site1.setClientId("other"); - - site2 = new ApprovedSite(); - site2.setId(2L); - site2.setUserId("user1"); - site2.setClientId(clientId); - - site3 = new ApprovedSite(); - site3.setId(3L); - site3.setUserId("user2"); - site3.setClientId(clientId); - - Mockito.reset(repository, statsService); - - } - - /** - * Test clearing approved sites for a client that has 2 stored approved sites. - * Ensure that the repository's remove() method is called twice. - */ - @Test - public void clearApprovedSitesForClient_success() { - Set setToReturn = Sets.newHashSet(site2, site3); - Mockito.when(repository.getByClientId(client.getClientId())).thenReturn(setToReturn); - List tokens = ImmutableList.of(); - Mockito.when(tokenRepository.getAccessTokensForApprovedSite(any(ApprovedSite.class))).thenReturn(tokens); - - service.clearApprovedSitesForClient(client); - - Mockito.verify(repository, times(2)).remove(any(ApprovedSite.class)); - } - - /** - * Test clearing approved sites for a client that doesn't have any stored approved - * sites. Ensure that the repository's remove() method is never called in this case. - */ - @Test - @Rollback - public void clearApprovedSitesForClient_null() { - String otherId = "a different id"; - client.setClientId(otherId); - service.clearApprovedSitesForClient(client); - Mockito.when(repository.getByClientId(otherId)).thenReturn(new HashSet()); - Mockito.verify(repository, never()).remove(any(ApprovedSite.class)); - } - - -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java deleted file mode 100644 index 79656cdddc..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java +++ /dev/null @@ -1,103 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import java.util.Set; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; - -import com.google.common.collect.Sets; - -import static org.mockito.Mockito.times; - -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -/** - * @author wkim - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultBlacklistedSiteService { - - private BlacklistedSite site1; - private BlacklistedSite site2; - - private String uri1 = "black1"; - private String uri2 = "black2"; - private String uri3 = "not-black"; - - private Set blackListedSitesSet; - - @Mock - private BlacklistedSiteRepository mockRepository; - - @InjectMocks - private DefaultBlacklistedSiteService service = new DefaultBlacklistedSiteService(); - - /** - * @throws java.lang.Exception - */ - @Before - public void prepare() throws Exception { - - site1 = new BlacklistedSite(); - site2 = new BlacklistedSite(); - - site1.setUri(uri1); - site2.setUri(uri2); - - blackListedSitesSet = Sets.newHashSet(site1, site2); - } - - /** - * Test finding blacklisted sites from the repository. - */ - @Test - public void isBlacklisted_yes() { - - Mockito.when(mockRepository.getAll()).thenReturn(blackListedSitesSet); - - assertTrue(service.isBlacklisted(uri1)); - assertTrue(service.isBlacklisted(uri2)); - - Mockito.verify(mockRepository, times(2)).getAll(); - } - - /** - * Tests for finding a site that is not blacklisted in the repository. - */ - @Test - public void isBlacklisted_no() { - - Mockito.when(mockRepository.getAll()).thenReturn(blackListedSitesSet); - - assertFalse(service.isBlacklisted(uri3)); - - Mockito.verify(mockRepository).getAll(); - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultOIDCTokenService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultOIDCTokenService.java deleted file mode 100644 index 01405474c0..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultOIDCTokenService.java +++ /dev/null @@ -1,81 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import java.util.Date; - -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.springframework.security.oauth2.provider.OAuth2Request; - -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; - -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultOIDCTokenService { - private static final String CLIENT_ID = "client"; - private static final String KEY_ID = "key"; - - private ConfigurationPropertiesBean configBean = new ConfigurationPropertiesBean(); - private ClientDetailsEntity client = new ClientDetailsEntity(); - private OAuth2AccessTokenEntity accessToken = new OAuth2AccessTokenEntity(); - private OAuth2Request request = new OAuth2Request(CLIENT_ID) { }; - - @Mock - private JWTSigningAndValidationService jwtService; - - @Before - public void prepare() { - configBean.setIssuer("https://auth.example.org/"); - - client.setClientId(CLIENT_ID); - Mockito.when(jwtService.getDefaultSigningAlgorithm()).thenReturn(JWSAlgorithm.RS256); - Mockito.when(jwtService.getDefaultSignerKeyId()).thenReturn(KEY_ID); - } - - @Test - public void invokesCustomClaimsHook() throws java.text.ParseException { - DefaultOIDCTokenService s = new DefaultOIDCTokenService() { - @Override - protected void addCustomIdTokenClaims(JWTClaimsSet.Builder idClaims, ClientDetailsEntity client, OAuth2Request request, - String sub, OAuth2AccessTokenEntity accessToken) { - idClaims.claim("test", "foo"); - } - }; - configure(s); - - JWT token = s.createIdToken(client, request, new Date(), "sub", accessToken); - Assert.assertEquals("foo", token.getJWTClaimsSet().getClaim("test")); - } - - - private void configure(DefaultOIDCTokenService s) { - s.setConfigBean(configBean); - s.setJwtService(jwtService); - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java deleted file mode 100644 index b5c1ae6b32..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java +++ /dev/null @@ -1,175 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import java.util.HashSet; -import java.util.Map; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.service.ApprovedSiteService; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; - -import com.google.common.collect.Sets; - -import static org.hamcrest.CoreMatchers.is; - -import static org.junit.Assert.assertThat; - -/** - * @author wkim - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultStatsService { - - // Test fixtures: - // Currently tests 4 approved sites with a total of 2 users and 3 clients for those sites. - // There is an extra client in the system to make sure the stats only count for approved sites. - - private String userId1 = "batman"; - private String userId2 = "alfred"; - - private String clientId1 = "bar"; - private String clientId2 = "pawnshop"; - private String clientId3 = "pizzastore"; - private String clientId4 = "gasstation"; - - private ApprovedSite ap1 = Mockito.mock(ApprovedSite.class); - private ApprovedSite ap2 = Mockito.mock(ApprovedSite.class); - private ApprovedSite ap3 = Mockito.mock(ApprovedSite.class); - private ApprovedSite ap4 = Mockito.mock(ApprovedSite.class); - private ApprovedSite ap5 = Mockito.mock(ApprovedSite.class); - private ApprovedSite ap6 = Mockito.mock(ApprovedSite.class); - - private ClientDetailsEntity client1 = Mockito.mock(ClientDetailsEntity.class); - private ClientDetailsEntity client2 = Mockito.mock(ClientDetailsEntity.class); - private ClientDetailsEntity client3 = Mockito.mock(ClientDetailsEntity.class); - private ClientDetailsEntity client4 = Mockito.mock(ClientDetailsEntity.class); - - @Mock - private ApprovedSiteService approvedSiteService; - - @InjectMocks - private DefaultStatsService service = new DefaultStatsService(); - - /** - * Prepares a collection of ApprovedSite mocks to be returned from the approvedSiteService - * and a collection of ClientDetailEntity mocks to be returned from the clientService. - */ - @Before - public void prepare() { - - Mockito.reset(approvedSiteService); - - Mockito.when(ap1.getUserId()).thenReturn(userId1); - Mockito.when(ap1.getClientId()).thenReturn(clientId1); - - Mockito.when(ap2.getUserId()).thenReturn(userId1); - Mockito.when(ap2.getClientId()).thenReturn(clientId1); - - Mockito.when(ap3.getUserId()).thenReturn(userId2); - Mockito.when(ap3.getClientId()).thenReturn(clientId2); - - Mockito.when(ap4.getUserId()).thenReturn(userId2); - Mockito.when(ap4.getClientId()).thenReturn(clientId3); - - Mockito.when(ap5.getUserId()).thenReturn(userId2); - Mockito.when(ap5.getClientId()).thenReturn(clientId1); - - Mockito.when(ap6.getUserId()).thenReturn(userId1); - Mockito.when(ap6.getClientId()).thenReturn(clientId4); - - Mockito.when(approvedSiteService.getAll()).thenReturn(Sets.newHashSet(ap1, ap2, ap3, ap4)); - - Mockito.when(client1.getId()).thenReturn(1L); - Mockito.when(client2.getId()).thenReturn(2L); - Mockito.when(client3.getId()).thenReturn(3L); - Mockito.when(client4.getId()).thenReturn(4L); - - Mockito.when(approvedSiteService.getByClientId(clientId1)).thenReturn(Sets.newHashSet(ap1, ap2)); - Mockito.when(approvedSiteService.getByClientId(clientId2)).thenReturn(Sets.newHashSet(ap3)); - Mockito.when(approvedSiteService.getByClientId(clientId3)).thenReturn(Sets.newHashSet(ap4)); - Mockito.when(approvedSiteService.getByClientId(clientId4)).thenReturn(Sets.newHashSet()); - } - - @Test - public void calculateSummaryStats_empty() { - - Mockito.when(approvedSiteService.getAll()).thenReturn(new HashSet()); - - Map stats = service.getSummaryStats(); - - assertThat(stats.get("approvalCount"), is(0)); - assertThat(stats.get("userCount"), is(0)); - assertThat(stats.get("clientCount"), is(0)); - } - - @Test - public void calculateSummaryStats() { - Map stats = service.getSummaryStats(); - - assertThat(stats.get("approvalCount"), is(4)); - assertThat(stats.get("userCount"), is(2)); - assertThat(stats.get("clientCount"), is(3)); - } - - @Test - public void countForClientId() { - // stats for ap1..ap4 - assertThat(service.getCountForClientId(clientId1).getApprovedSiteCount(), is(2)); - assertThat(service.getCountForClientId(clientId2).getApprovedSiteCount(), is(1)); - assertThat(service.getCountForClientId(clientId3).getApprovedSiteCount(), is(1)); - assertThat(service.getCountForClientId(clientId4).getApprovedSiteCount(), is(0)); - } - - @Test - public void cacheAndReset() { - - Map stats = service.getSummaryStats(); - - assertThat(stats.get("approvalCount"), is(4)); - assertThat(stats.get("userCount"), is(2)); - assertThat(stats.get("clientCount"), is(3)); - - Mockito.when(approvedSiteService.getAll()).thenReturn(Sets.newHashSet(ap1, ap2, ap3, ap4, ap5, ap6)); - - Map stats2 = service.getSummaryStats(); - - // cache should remain the same due to memoized functions - assertThat(stats2.get("approvalCount"), is(4)); - assertThat(stats2.get("userCount"), is(2)); - assertThat(stats2.get("clientCount"), is(3)); - - // reset the cache and make sure the count goes up - service.resetCache(); - - Map stats3 = service.getSummaryStats(); - - assertThat(stats3.get("approvalCount"), is(6)); - assertThat(stats3.get("userCount"), is(2)); - assertThat(stats3.get("clientCount"), is(4)); - - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java deleted file mode 100644 index e5e7070832..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java +++ /dev/null @@ -1,242 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.service.impl; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.model.DefaultUserInfo; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.repository.UserInfoRepository; -import org.mitre.openid.connect.service.PairwiseIdentiferService; -import org.mockito.InjectMocks; -import org.mockito.Matchers; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.runners.MockitoJUnitRunner; -import org.mockito.stubbing.Answer; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; - -/** - * @author jricher - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultUserInfoService { - @InjectMocks - private DefaultUserInfoService service = new DefaultUserInfoService(); - - @Mock - private UserInfoRepository userInfoRepository; - - @Mock - private ClientDetailsEntityService clientDetailsEntityService; - - @Mock - private PairwiseIdentiferService pairwiseIdentiferService; - - private UserInfo userInfoAdmin; - private UserInfo userInfoRegular; - - private ClientDetailsEntity publicClient1; - private ClientDetailsEntity publicClient2; - private ClientDetailsEntity pairwiseClient1; - private ClientDetailsEntity pairwiseClient2; - private ClientDetailsEntity pairwiseClient3; - private ClientDetailsEntity pairwiseClient4; - - private String adminUsername = "username"; - private String regularUsername = "regular"; - private String adminSub = "adminSub12d3a1f34a2"; - private String regularSub = "regularSub652ha23b"; - - private String pairwiseSub12 = "regularPairwise-12-31ijoef"; - private String pairwiseSub3 = "regularPairwise-3-1ojadsio"; - private String pairwiseSub4 = "regularPairwise-4-1ojadsio"; - - private String publicClientId1 = "publicClient-1-313124"; - private String publicClientId2 = "publicClient-2-4109312"; - private String pairwiseClientId1 = "pairwiseClient-1-2312"; - private String pairwiseClientId2 = "pairwiseClient-2-324416"; - private String pairwiseClientId3 = "pairwiseClient-3-154157"; - private String pairwiseClientId4 = "pairwiseClient-4-4589723"; - - private String sectorIdentifier1 = "https://sector-identifier-12/url"; - private String sectorIdentifier2 = "https://sector-identifier-12/url2"; - private String sectorIdentifier3 = "https://sector-identifier-3/url"; - - - - - /** - * Initialize the service and the mocked repository. - * Initialize 2 users, one of them an admin, for use in unit tests. - */ - @Before - public void prepare() { - - - userInfoAdmin = new DefaultUserInfo(); - userInfoAdmin.setPreferredUsername(adminUsername); - userInfoAdmin.setSub(adminSub); - - userInfoRegular = new DefaultUserInfo(); - userInfoRegular.setPreferredUsername(regularUsername); - userInfoRegular.setSub(regularSub); - - publicClient1 = new ClientDetailsEntity(); - publicClient1.setClientId(publicClientId1); - - publicClient2 = new ClientDetailsEntity(); - publicClient2.setClientId(publicClientId2); - publicClient2.setSubjectType(SubjectType.PUBLIC); - - // pairwise set 1 - pairwiseClient1 = new ClientDetailsEntity(); - pairwiseClient1.setClientId(pairwiseClientId1); - pairwiseClient1.setSubjectType(SubjectType.PAIRWISE); - pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1); - - pairwiseClient2 = new ClientDetailsEntity(); - pairwiseClient2.setClientId(pairwiseClientId2); - pairwiseClient2.setSubjectType(SubjectType.PAIRWISE); - pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2); - - // pairwise set 2 - pairwiseClient3 = new ClientDetailsEntity(); - pairwiseClient3.setClientId(pairwiseClientId3); - pairwiseClient3.setSubjectType(SubjectType.PAIRWISE); - pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3); - - // pairwise with null sector - pairwiseClient4 = new ClientDetailsEntity(); - pairwiseClient4.setClientId(pairwiseClientId4); - pairwiseClient4.setSubjectType(SubjectType.PAIRWISE); - - - - - } - - /** - * Test loading an admin user, ensuring that the UserDetails object returned - * has both the ROLE_USER and ROLE_ADMIN authorities. - */ - @Test - public void loadByUsername_admin_success() { - Mockito.when(userInfoRepository.getByUsername(adminUsername)).thenReturn(userInfoAdmin); - UserInfo user = service.getByUsername(adminUsername); - assertEquals(user.getSub(), adminSub); - } - - /** - * Test loading a regular, non-admin user, ensuring that the returned UserDetails - * object has ROLE_USER but *not* ROLE_ADMIN. - */ - @Test - public void loadByUsername_regular_success() { - - Mockito.when(userInfoRepository.getByUsername(regularUsername)).thenReturn(userInfoRegular); - UserInfo user = service.getByUsername(regularUsername); - assertEquals(user.getSub(), regularSub); - - } - - /** - * If a user is not found, the loadByUsername method should throw an exception. - */ - @Test() - public void loadByUsername_nullUser() { - - Mockito.when(userInfoRepository.getByUsername(adminUsername)).thenReturn(null); - UserInfo user = service.getByUsername(adminUsername); - - assertNull(user); - } - - /** - * Clients with public subs should always return the same sub - */ - @Test - public void getByUsernameAndClientId_publicClients() { - - Mockito.when(clientDetailsEntityService.loadClientByClientId(publicClientId1)).thenReturn(publicClient1); - Mockito.when(clientDetailsEntityService.loadClientByClientId(publicClientId2)).thenReturn(publicClient2); - - Mockito.when(userInfoRepository.getByUsername(regularUsername)).thenReturn(userInfoRegular); - - Mockito.verify(pairwiseIdentiferService, Mockito.never()).getIdentifier(Matchers.any(UserInfo.class), Matchers.any(ClientDetailsEntity.class)); - - UserInfo user1 = service.getByUsernameAndClientId(regularUsername, publicClientId1); - UserInfo user2 = service.getByUsernameAndClientId(regularUsername, publicClientId2); - - assertEquals(regularSub, user1.getSub()); - assertEquals(regularSub, user2.getSub()); - } - - /** - * Clients with pairwise subs should be grouped by the sector URI - */ - @Test - public void getByUsernameAndClientId_pairwiseClients() { - - Mockito.when(clientDetailsEntityService.loadClientByClientId(pairwiseClientId1)).thenReturn(pairwiseClient1); - Mockito.when(clientDetailsEntityService.loadClientByClientId(pairwiseClientId2)).thenReturn(pairwiseClient2); - Mockito.when(clientDetailsEntityService.loadClientByClientId(pairwiseClientId3)).thenReturn(pairwiseClient3); - Mockito.when(clientDetailsEntityService.loadClientByClientId(pairwiseClientId4)).thenReturn(pairwiseClient4); - - Mockito.when(userInfoRepository.getByUsername(regularUsername)).thenAnswer(new Answer() { - @Override - public UserInfo answer(InvocationOnMock invocation) throws Throwable { - UserInfo userInfo = new DefaultUserInfo(); - userInfo.setPreferredUsername(regularUsername); - userInfo.setSub(regularSub); - - return userInfo; - } - }); - - Mockito.when(pairwiseIdentiferService.getIdentifier(userInfoRegular, pairwiseClient1)).thenReturn(pairwiseSub12); - Mockito.when(pairwiseIdentiferService.getIdentifier(userInfoRegular, pairwiseClient2)).thenReturn(pairwiseSub12); - Mockito.when(pairwiseIdentiferService.getIdentifier(userInfoRegular, pairwiseClient3)).thenReturn(pairwiseSub3); - Mockito.when(pairwiseIdentiferService.getIdentifier(userInfoRegular, pairwiseClient4)).thenReturn(pairwiseSub4); - - UserInfo user1 = service.getByUsernameAndClientId(regularUsername, pairwiseClientId1); - UserInfo user2 = service.getByUsernameAndClientId(regularUsername, pairwiseClientId2); - UserInfo user3 = service.getByUsernameAndClientId(regularUsername, pairwiseClientId3); - UserInfo user4 = service.getByUsernameAndClientId(regularUsername, pairwiseClientId4); - - assertEquals(pairwiseSub12, user1.getSub()); - assertEquals(pairwiseSub12, user2.getSub()); - assertEquals(pairwiseSub3, user3.getSub()); - assertEquals(pairwiseSub4, user4.getSub()); - - } - - - -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java deleted file mode 100644 index 40e8d65087..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java +++ /dev/null @@ -1,114 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; - -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; - -/** - * @author wkim - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultWhitelistedSiteService { - - @Mock - private WhitelistedSiteRepository repository; - - @InjectMocks - private DefaultWhitelistedSiteService service; - - @Before - public void prepare() { - Mockito.reset(repository); - } - - @Test(expected = IllegalArgumentException.class) - public void saveNew_notNullId() { - - WhitelistedSite site = Mockito.mock(WhitelistedSite.class); - Mockito.when(site.getId()).thenReturn(12345L); // arbitrary long value - - service.saveNew(site); - } - - @Test - public void saveNew_success() { - WhitelistedSite site = Mockito.mock(WhitelistedSite.class); - Mockito.when(site.getId()).thenReturn(null); - - service.saveNew(site); - - Mockito.verify(repository).save(site); - } - - @Test - public void update_nullSites() { - - WhitelistedSite oldSite = Mockito.mock(WhitelistedSite.class); - WhitelistedSite newSite = Mockito.mock(WhitelistedSite.class); - - // old client null - try { - service.update(null, newSite); - fail("Old site input is null. Expected a IllegalArgumentException."); - } catch (IllegalArgumentException e) { - assertThat(e, is(notNullValue())); - } - - // new client null - try { - service.update(oldSite, null); - fail("New site input is null. Expected a IllegalArgumentException."); - } catch (IllegalArgumentException e) { - assertThat(e, is(notNullValue())); - } - - // both clients null - try { - service.update(null, null); - fail("Both site inputs are null. Expected a IllegalArgumentException."); - } catch (IllegalArgumentException e) { - assertThat(e, is(notNullValue())); - } - } - - @Test - public void update_success() { - - WhitelistedSite oldSite = Mockito.mock(WhitelistedSite.class); - WhitelistedSite newSite = Mockito.mock(WhitelistedSite.class); - - service.update(oldSite, newSite); - - Mockito.verify(repository).update(oldSite, newSite); - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java deleted file mode 100644 index 74c275939f..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java +++ /dev/null @@ -1,970 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mockito.Matchers.anyLong; -import static org.mockito.Matchers.anyString; -import static org.mockito.Matchers.isA; -import static org.mockito.Matchers.isNull; - -import java.io.IOException; -import java.io.StringReader; -import java.io.StringWriter; -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Locale; -import java.util.Map; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mockito.ArgumentCaptor; -import org.mockito.Captor; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.runners.MockitoJUnitRunner; -import org.mockito.stubbing.Answer; -import org.springframework.format.annotation.DateTimeFormat.ISO; -import org.springframework.format.datetime.DateFormatter; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; - -import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Lists; -import com.google.gson.stream.JsonReader; -import com.google.gson.stream.JsonWriter; -import com.nimbusds.jwt.JWTParser; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; - -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.mockito.Mockito.withSettings; - -import static org.junit.Assert.assertThat; - -@RunWith(MockitoJUnitRunner.class) -@SuppressWarnings(value = {"rawtypes", "unchecked"}) -public class TestMITREidDataService_1_0 { - - @Mock - private OAuth2ClientRepository clientRepository; - @Mock - private ApprovedSiteRepository approvedSiteRepository; - @Mock - private WhitelistedSiteRepository wlSiteRepository; - @Mock - private BlacklistedSiteRepository blSiteRepository; - @Mock - private AuthenticationHolderRepository authHolderRepository; - @Mock - private OAuth2TokenRepository tokenRepository; - @Mock - private SystemScopeRepository sysScopeRepository; - - @Captor - private ArgumentCaptor capturedRefreshTokens; - @Captor - private ArgumentCaptor capturedAccessTokens; - @Captor - private ArgumentCaptor capturedClients; - @Captor - private ArgumentCaptor capturedBlacklistedSites; - @Captor - private ArgumentCaptor capturedWhitelistedSites; - @Captor - private ArgumentCaptor capturedApprovedSites; - @Captor - private ArgumentCaptor capturedAuthHolders; - @Captor - private ArgumentCaptor capturedScope; - - @InjectMocks - private MITREidDataService_1_0 dataService; - - private DateFormatter formatter; - - @Before - public void prepare() { - formatter = new DateFormatter(); - formatter.setIso(ISO.DATE_TIME); - Mockito.reset(clientRepository, approvedSiteRepository, authHolderRepository, tokenRepository, sysScopeRepository, wlSiteRepository, blSiteRepository); - } - - private class refreshTokenIdComparator implements Comparator { - @Override - public int compare(OAuth2RefreshTokenEntity entity1, OAuth2RefreshTokenEntity entity2) { - return entity1.getId().compareTo(entity2.getId()); - } - } - - @Test - public void testImportRefreshTokens() throws IOException, ParseException { - Date expirationDate1 = formatter.parse("2014-09-10T22:49:44.090+00:00", Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.")); - token1.setAuthenticationHolder(mockedAuthHolder1); - - Date expirationDate2 = formatter.parse("2015-01-07T18:31:50.079+00:00", Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.")); - token2.setAuthenticationHolder(mockedAuthHolder2); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.\"}" + - - " ]" + - "}"; - - System.err.println(configJson); - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(tokenRepository.saveRefreshToken(isA(OAuth2RefreshTokenEntity.class))).thenAnswer(new Answer() { - Long id = 343L; - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2RefreshTokenEntity _token = (OAuth2RefreshTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeDb.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getRefreshTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 678L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _auth = mock(AuthenticationHolderEntity.class); - when(_auth.getId()).thenReturn(id); - id++; - return _auth; - } - }); - dataService.importData(reader); - //2 times for token, 2 times to update client, 2 times to update authHolder - verify(tokenRepository, times(6)).saveRefreshToken(capturedRefreshTokens.capture()); - - List savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues(); - Collections.sort(savedRefreshTokens, new refreshTokenIdComparator()); - - assertThat(savedRefreshTokens.size(), is(2)); - - assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId())); - assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration())); - assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue())); - - assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId())); - assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration())); - assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue())); - } - - private class accessTokenIdComparator implements Comparator { - @Override - public int compare(OAuth2AccessTokenEntity entity1, OAuth2AccessTokenEntity entity2) { - return entity1.getId().compareTo(entity2.getId()); - } - } - - @Test - public void testImportAccessTokens() throws IOException, ParseException { - Date expirationDate1 = formatter.parse("2014-09-10T22:49:44.090+00:00", Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token1 = new OAuth2AccessTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0")); - token1.setAuthenticationHolder(mockedAuthHolder1); - token1.setScope(ImmutableSet.of("id-token")); - token1.setTokenType("Bearer"); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity mockRefreshToken2 = mock(OAuth2RefreshTokenEntity.class); - when(mockRefreshToken2.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token2 = new OAuth2AccessTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ")); - token2.setAuthenticationHolder(mockedAuthHolder2); - token2.setRefreshToken(mockRefreshToken2); - token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile")); - token2.setTokenType("Bearer"); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"refreshTokenId\":null,\"idTokenId\":null,\"scope\":[\"id-token\"],\"type\":\"Bearer\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"refreshTokenId\":1,\"idTokenId\":1,\"scope\":[\"openid\",\"offline_access\",\"email\",\"profile\"],\"type\":\"Bearer\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ\"}" + - - " ]" + - "}"; - - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(tokenRepository.saveAccessToken(isA(OAuth2AccessTokenEntity.class))).thenAnswer(new Answer() { - Long id = 343L; - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2AccessTokenEntity _token = (OAuth2AccessTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeDb.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getAccessTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 234L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _auth = mock(AuthenticationHolderEntity.class); - when(_auth.getId()).thenReturn(id); - id++; - return _auth; - } - }); - dataService.importData(reader); - //2 times for token, 2 times to update client, 2 times to update authHolder, 1 times to update refresh token - verify(tokenRepository, times(7)).saveAccessToken(capturedAccessTokens.capture()); - - List savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues(); - Collections.sort(savedAccessTokens, new accessTokenIdComparator()); - - assertThat(savedAccessTokens.size(), is(2)); - - assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId())); - assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration())); - assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue())); - - assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId())); - assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration())); - assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue())); - } - - - //several new client fields added in 1.1, perhaps additional tests for these should be added - @Test - public void testImportClients() throws IOException { - ClientDetailsEntity client1 = new ClientDetailsEntity(); - client1.setId(1L); - client1.setAccessTokenValiditySeconds(3600); - client1.setClientId("client1"); - client1.setClientSecret("clientsecret1"); - client1.setRedirectUris(ImmutableSet.of("http://foo.com/")); - client1.setScope(ImmutableSet.of("foo", "bar", "baz", "dolphin")); - client1.setGrantTypes(ImmutableSet.of("implicit", "authorization_code", "urn:ietf:params:oauth:grant_type:redelegate", "refresh_token")); - client1.setAllowIntrospection(true); - - ClientDetailsEntity client2 = new ClientDetailsEntity(); - client2.setId(2L); - client2.setAccessTokenValiditySeconds(3600); - client2.setClientId("client2"); - client2.setClientSecret("clientsecret2"); - client2.setRedirectUris(ImmutableSet.of("http://bar.baz.com/")); - client2.setScope(ImmutableSet.of("foo", "dolphin", "electric-wombat")); - client2.setGrantTypes(ImmutableSet.of("client_credentials", "urn:ietf:params:oauth:grant_type:redelegate")); - client2.setAllowIntrospection(false); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [" + - - "{\"id\":1,\"accessTokenValiditySeconds\":3600,\"clientId\":\"client1\",\"secret\":\"clientsecret1\"," - + "\"redirectUris\":[\"http://foo.com/\"]," - + "\"scope\":[\"foo\",\"bar\",\"baz\",\"dolphin\"]," - + "\"grantTypes\":[\"implicit\",\"authorization_code\",\"urn:ietf:params:oauth:grant_type:redelegate\",\"refresh_token\"]," - + "\"allowIntrospection\":true}," + - "{\"id\":2,\"accessTokenValiditySeconds\":3600,\"clientId\":\"client2\",\"secret\":\"clientsecret2\"," - + "\"redirectUris\":[\"http://bar.baz.com/\"]," - + "\"scope\":[\"foo\",\"dolphin\",\"electric-wombat\"]," - + "\"grantTypes\":[\"client_credentials\",\"urn:ietf:params:oauth:grant_type:redelegate\"]," - + "\"allowIntrospection\":false}" + - - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(clientRepository, times(2)).saveClient(capturedClients.capture()); - - List savedClients = capturedClients.getAllValues(); - - assertThat(savedClients.size(), is(2)); - - assertThat(savedClients.get(0).getAccessTokenValiditySeconds(), equalTo(client1.getAccessTokenValiditySeconds())); - assertThat(savedClients.get(0).getClientId(), equalTo(client1.getClientId())); - assertThat(savedClients.get(0).getClientSecret(), equalTo(client1.getClientSecret())); - assertThat(savedClients.get(0).getRedirectUris(), equalTo(client1.getRedirectUris())); - assertThat(savedClients.get(0).getScope(), equalTo(client1.getScope())); - assertThat(savedClients.get(0).getGrantTypes(), equalTo(client1.getGrantTypes())); - assertThat(savedClients.get(0).isAllowIntrospection(), equalTo(client1.isAllowIntrospection())); - - assertThat(savedClients.get(1).getAccessTokenValiditySeconds(), equalTo(client2.getAccessTokenValiditySeconds())); - assertThat(savedClients.get(1).getClientId(), equalTo(client2.getClientId())); - assertThat(savedClients.get(1).getClientSecret(), equalTo(client2.getClientSecret())); - assertThat(savedClients.get(1).getRedirectUris(), equalTo(client2.getRedirectUris())); - assertThat(savedClients.get(1).getScope(), equalTo(client2.getScope())); - assertThat(savedClients.get(1).getGrantTypes(), equalTo(client2.getGrantTypes())); - assertThat(savedClients.get(1).isAllowIntrospection(), equalTo(client2.isAllowIntrospection())); - } - - @Test - public void testImportBlacklistedSites() throws IOException { - BlacklistedSite site1 = new BlacklistedSite(); - site1.setId(1L); - site1.setUri("http://foo.com"); - - BlacklistedSite site2 = new BlacklistedSite(); - site2.setId(2L); - site2.setUri("http://bar.com"); - - BlacklistedSite site3 = new BlacklistedSite(); - site3.setId(3L); - site3.setUri("http://baz.com"); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [" + - - "{\"id\":1,\"uri\":\"http://foo.com\"}," + - "{\"id\":2,\"uri\":\"http://bar.com\"}," + - "{\"id\":3,\"uri\":\"http://baz.com\"}" + - - " ]" + - "}"; - - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(blSiteRepository, times(3)).save(capturedBlacklistedSites.capture()); - - List savedSites = capturedBlacklistedSites.getAllValues(); - - assertThat(savedSites.size(), is(3)); - - assertThat(savedSites.get(0).getUri(), equalTo(site1.getUri())); - assertThat(savedSites.get(1).getUri(), equalTo(site2.getUri())); - assertThat(savedSites.get(2).getUri(), equalTo(site3.getUri())); - } - - @Test - public void testImportWhitelistedSites() throws IOException { - WhitelistedSite site1 = new WhitelistedSite(); - site1.setId(1L); - site1.setClientId("foo"); - - WhitelistedSite site2 = new WhitelistedSite(); - site2.setId(2L); - site2.setClientId("bar"); - - WhitelistedSite site3 = new WhitelistedSite(); - site3.setId(3L); - site3.setClientId("baz"); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [" + - - "{\"id\":1,\"clientId\":\"foo\"}," + - "{\"id\":2,\"clientId\":\"bar\"}," + - "{\"id\":3,\"clientId\":\"baz\"}" + - - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(wlSiteRepository.save(isA(WhitelistedSite.class))).thenAnswer(new Answer() { - Long id = 345L; - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - WhitelistedSite _site = (WhitelistedSite) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - when(wlSiteRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - - dataService.importData(reader); - verify(wlSiteRepository, times(3)).save(capturedWhitelistedSites.capture()); - - List savedSites = capturedWhitelistedSites.getAllValues(); - - assertThat(savedSites.size(), is(3)); - - assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId())); - assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId())); - assertThat(savedSites.get(2).getClientId(), equalTo(site3.getClientId())); - } - - @Test - public void testImportGrants() throws IOException, ParseException { - Date creationDate1 = formatter.parse("2014-09-10T22:49:44.090+00:00", Locale.ENGLISH); - Date accessDate1 = formatter.parse("2014-09-10T23:49:44.090+00:00", Locale.ENGLISH); - - OAuth2AccessTokenEntity mockToken1 = mock(OAuth2AccessTokenEntity.class); - when(mockToken1.getId()).thenReturn(1L); - - ApprovedSite site1 = new ApprovedSite(); - site1.setId(1L); - site1.setClientId("foo"); - site1.setCreationDate(creationDate1); - site1.setAccessDate(accessDate1); - site1.setUserId("user1"); - site1.setAllowedScopes(ImmutableSet.of("openid", "phone")); - when(mockToken1.getApprovedSite()).thenReturn(site1); - - Date creationDate2 = formatter.parse("2014-09-11T18:49:44.090+00:00", Locale.ENGLISH); - Date accessDate2 = formatter.parse("2014-09-11T20:49:44.090+00:00", Locale.ENGLISH); - Date timeoutDate2 = formatter.parse("2014-10-01T20:49:44.090+00:00", Locale.ENGLISH); - - ApprovedSite site2 = new ApprovedSite(); - site2.setId(2L); - site2.setClientId("bar"); - site2.setCreationDate(creationDate2); - site2.setAccessDate(accessDate2); - site2.setUserId("user2"); - site2.setAllowedScopes(ImmutableSet.of("openid", "offline_access", "email", "profile")); - site2.setTimeoutDate(timeoutDate2); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [" + - - "{\"id\":1,\"clientId\":\"foo\",\"creationDate\":\"2014-09-10T22:49:44.090+00:00\",\"accessDate\":\"2014-09-10T23:49:44.090+00:00\"," - + "\"userId\":\"user1\",\"whitelistedSiteId\":null,\"allowedScopes\":[\"openid\",\"phone\"], \"whitelistedSiteId\":1," - + "\"approvedAccessTokens\":[1]}," + - "{\"id\":2,\"clientId\":\"bar\",\"creationDate\":\"2014-09-11T18:49:44.090+00:00\",\"accessDate\":\"2014-09-11T20:49:44.090+00:00\"," - + "\"timeoutDate\":\"2014-10-01T20:49:44.090+00:00\",\"userId\":\"user2\"," - + "\"allowedScopes\":[\"openid\",\"offline_access\",\"email\",\"profile\"]}" + - - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(approvedSiteRepository.save(isA(ApprovedSite.class))).thenAnswer(new Answer() { - Long id = 343L; - @Override - public ApprovedSite answer(InvocationOnMock invocation) throws Throwable { - ApprovedSite _site = (ApprovedSite) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - when(approvedSiteRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public ApprovedSite answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(wlSiteRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 244L; - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - WhitelistedSite _site = mock(WhitelistedSite.class); - when(_site.getId()).thenReturn(id++); - return _site; - } - }); - when(tokenRepository.getAccessTokenById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 221L; - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2AccessTokenEntity _token = mock(OAuth2AccessTokenEntity.class); - when(_token.getId()).thenReturn(id++); - return _token; - } - }); - when(tokenRepository.getAccessTokensForApprovedSite(site1)).thenReturn(Lists.newArrayList(mockToken1)); - - dataService.importData(reader); - //2 for sites, 1 for updating access token ref on #1 - verify(approvedSiteRepository, times(3)).save(capturedApprovedSites.capture()); - - List savedSites = new ArrayList(fakeDb.values()); - - assertThat(savedSites.size(), is(2)); - - assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId())); - assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate())); - assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate())); - assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes())); - assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate())); - - assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId())); - assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate())); - assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate())); - assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes())); - assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate())); - } - - @Test - public void testImportAuthenticationHolders() throws IOException { - OAuth2Request req1 = new OAuth2Request(new HashMap(), "client1", new ArrayList(), - true, new HashSet(), new HashSet(), "http://foo.com", - new HashSet(), null); - Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1); - - AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity(); - holder1.setId(1L); - holder1.setAuthentication(auth1); - - OAuth2Request req2 = new OAuth2Request(new HashMap(), "client2", new ArrayList(), - true, new HashSet(), new HashSet(), "http://bar.com", - new HashSet(), null); - Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2); - - AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity(); - holder2.setId(2L); - holder2.setAuthentication(auth2); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [" + - - "{\"id\":1,\"authentication\":{\"clientAuthorization\":{\"clientId\":\"client1\",\"redirectUri\":\"http://foo.com\"}," - + "\"userAuthentication\":null}}," + - "{\"id\":2,\"authentication\":{\"clientAuthorization\":{\"clientId\":\"client2\",\"redirectUri\":\"http://bar.com\"}," - + "\"userAuthentication\":null}}" + - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(authHolderRepository.save(isA(AuthenticationHolderEntity.class))).thenAnswer(new Answer() { - Long id = 356L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _holder = (AuthenticationHolderEntity) invocation.getArguments()[0]; - if(_holder.getId() == null) { - _holder.setId(id++); - } - fakeDb.put(_holder.getId(), _holder); - return _holder; - } - }); - - dataService.importData(reader); - verify(authHolderRepository, times(2)).save(capturedAuthHolders.capture()); - - List savedAuthHolders = capturedAuthHolders.getAllValues(); - - assertThat(savedAuthHolders.size(), is(2)); - assertThat(savedAuthHolders.get(0).getAuthentication().getOAuth2Request().getClientId(), equalTo(holder1.getAuthentication().getOAuth2Request().getClientId())); - assertThat(savedAuthHolders.get(1).getAuthentication().getOAuth2Request().getClientId(), equalTo(holder2.getAuthentication().getOAuth2Request().getClientId())); - } - - @Test - public void testImportSystemScopes() throws IOException { - SystemScope scope1 = new SystemScope(); - scope1.setId(1L); - scope1.setValue("scope1"); - scope1.setDescription("Scope 1"); - scope1.setRestricted(true); - scope1.setDefaultScope(false); - scope1.setIcon("glass"); - - SystemScope scope2 = new SystemScope(); - scope2.setId(2L); - scope2.setValue("scope2"); - scope2.setDescription("Scope 2"); - scope2.setRestricted(false); - scope2.setDefaultScope(false); - scope2.setIcon("ball"); - - SystemScope scope3 = new SystemScope(); - scope3.setId(3L); - scope3.setValue("scope3"); - scope3.setDescription("Scope 3"); - scope3.setRestricted(false); - scope3.setDefaultScope(true); - scope3.setIcon("road"); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [" + - - "{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"allowDynReg\":false,\"defaultScope\":false}," + - "{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"allowDynReg\":true,\"defaultScope\":false}," + - "{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"allowDynReg\":true,\"defaultScope\":true}" + - - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(sysScopeRepository, times(3)).save(capturedScope.capture()); - - List savedScopes = capturedScope.getAllValues(); - - assertThat(savedScopes.size(), is(3)); - assertThat(savedScopes.get(0).getValue(), equalTo(scope1.getValue())); - assertThat(savedScopes.get(0).getDescription(), equalTo(scope1.getDescription())); - assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon())); - assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope())); - assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted())); - - assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue())); - assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription())); - assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon())); - assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope())); - assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted())); - - assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue())); - assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription())); - assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon())); - assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope())); - assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted())); - - } - - @Test - public void testFixRefreshTokenAuthHolderReferencesOnImport() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - OAuth2Request req1 = new OAuth2Request(new HashMap(), "client1", new ArrayList(), - true, new HashSet(), new HashSet(), "http://foo.com", - new HashSet(), null); - Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1); - - AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity(); - holder1.setId(1L); - holder1.setAuthentication(auth1); - - OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.")); - token1.setAuthenticationHolder(holder1); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - OAuth2Request req2 = new OAuth2Request(new HashMap(), "client2", new ArrayList(), - true, new HashSet(), new HashSet(), "http://bar.com", - new HashSet(), null); - Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2); - - AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity(); - holder2.setId(2L); - holder2.setAuthentication(auth2); - - OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.")); - token2.setAuthenticationHolder(holder2); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [" + - - "{\"id\":1,\"authentication\":{\"clientAuthorization\":{\"clientId\":\"client1\",\"redirectUri\":\"http://foo.com\"}," - + "\"userAuthentication\":null}}," + - "{\"id\":2,\"authentication\":{\"clientAuthorization\":{\"clientId\":\"client2\",\"redirectUri\":\"http://bar.com\"}," - + "\"userAuthentication\":null}}" + - " ]," + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.\"}" + - - " ]" + - "}"; - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - final Map fakeRefreshTokenTable = new HashMap<>(); - final Map fakeAuthHolderTable = new HashMap<>(); - when(tokenRepository.saveRefreshToken(isA(OAuth2RefreshTokenEntity.class))).thenAnswer(new Answer() { - Long id = 343L; - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2RefreshTokenEntity _token = (OAuth2RefreshTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeRefreshTokenTable.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getRefreshTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeRefreshTokenTable.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.save(isA(AuthenticationHolderEntity.class))).thenAnswer(new Answer() { - Long id = 356L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _holder = (AuthenticationHolderEntity) invocation.getArguments()[0]; - if(_holder.getId() == null) { - _holder.setId(id++); - } - fakeAuthHolderTable.put(_holder.getId(), _holder); - return _holder; - } - }); - when(authHolderRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeAuthHolderTable.get(_id); - } - }); - dataService.importData(reader); - - List savedRefreshTokens = new ArrayList(fakeRefreshTokenTable.values()); //capturedRefreshTokens.getAllValues(); - Collections.sort(savedRefreshTokens, new refreshTokenIdComparator()); - - assertThat(savedRefreshTokens.get(0).getAuthenticationHolder().getId(), equalTo(356L)); - assertThat(savedRefreshTokens.get(1).getAuthenticationHolder().getId(), equalTo(357L)); - } - - @Test(expected = UnsupportedOperationException.class) - public void testExportDisabled() throws IOException { - JsonWriter writer = new JsonWriter(new StringWriter()); - dataService.exportData(writer); - } - -} \ No newline at end of file diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java deleted file mode 100644 index cfeb43a6f7..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java +++ /dev/null @@ -1,972 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mockito.Matchers.anyLong; -import static org.mockito.Matchers.anyString; -import static org.mockito.Matchers.isA; -import static org.mockito.Matchers.isNull; - -import java.io.IOException; -import java.io.StringReader; -import java.io.StringWriter; -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Locale; -import java.util.Map; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mockito.ArgumentCaptor; -import org.mockito.Captor; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.runners.MockitoJUnitRunner; -import org.mockito.stubbing.Answer; -import org.springframework.format.annotation.DateTimeFormat.ISO; -import org.springframework.format.datetime.DateFormatter; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; - -import com.google.common.collect.ImmutableSet; -import com.google.gson.stream.JsonReader; -import com.google.gson.stream.JsonWriter; -import com.nimbusds.jwt.JWTParser; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; - -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.mockito.Mockito.withSettings; - -import static org.junit.Assert.assertThat; - -@RunWith(MockitoJUnitRunner.class) -@SuppressWarnings(value = {"rawtypes", "unchecked"}) -public class TestMITREidDataService_1_1 { - - @Mock - private OAuth2ClientRepository clientRepository; - @Mock - private ApprovedSiteRepository approvedSiteRepository; - @Mock - private WhitelistedSiteRepository wlSiteRepository; - @Mock - private BlacklistedSiteRepository blSiteRepository; - @Mock - private AuthenticationHolderRepository authHolderRepository; - @Mock - private OAuth2TokenRepository tokenRepository; - @Mock - private SystemScopeRepository sysScopeRepository; - - @Captor - private ArgumentCaptor capturedRefreshTokens; - @Captor - private ArgumentCaptor capturedAccessTokens; - @Captor - private ArgumentCaptor capturedClients; - @Captor - private ArgumentCaptor capturedBlacklistedSites; - @Captor - private ArgumentCaptor capturedWhitelistedSites; - @Captor - private ArgumentCaptor capturedApprovedSites; - @Captor - private ArgumentCaptor capturedAuthHolders; - @Captor - private ArgumentCaptor capturedScope; - - @InjectMocks - private MITREidDataService_1_1 dataService; - private DateFormatter formatter; - - @Before - public void prepare() { - formatter = new DateFormatter(); - formatter.setIso(ISO.DATE_TIME); - - Mockito.reset(clientRepository, approvedSiteRepository, authHolderRepository, tokenRepository, sysScopeRepository, wlSiteRepository, blSiteRepository); - } - - - private class refreshTokenIdComparator implements Comparator { - @Override - public int compare(OAuth2RefreshTokenEntity entity1, OAuth2RefreshTokenEntity entity2) { - return entity1.getId().compareTo(entity2.getId()); - } - } - - - @Test - public void testImportRefreshTokens() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.")); - token1.setAuthenticationHolder(mockedAuthHolder1); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.")); - token2.setAuthenticationHolder(mockedAuthHolder2); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.\"}" + - - " ]" + - "}"; - - System.err.println(configJson); - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(tokenRepository.saveRefreshToken(isA(OAuth2RefreshTokenEntity.class))).thenAnswer(new Answer() { - Long id = 332L; - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2RefreshTokenEntity _token = (OAuth2RefreshTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeDb.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getRefreshTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 131L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _auth = mock(AuthenticationHolderEntity.class); - when(_auth.getId()).thenReturn(id); - id++; - return _auth; - } - }); - dataService.importData(reader); - //2 times for token, 2 times to update client, 2 times to update authHolder - verify(tokenRepository, times(6)).saveRefreshToken(capturedRefreshTokens.capture()); - - List savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues(); - Collections.sort(savedRefreshTokens, new refreshTokenIdComparator()); - - assertThat(savedRefreshTokens.size(), is(2)); - - assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId())); - assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration())); - assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue())); - - assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId())); - assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration())); - assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue())); - } - - private class accessTokenIdComparator implements Comparator { - @Override - public int compare(OAuth2AccessTokenEntity entity1, OAuth2AccessTokenEntity entity2) { - return entity1.getId().compareTo(entity2.getId()); - } - } - - @Test - public void testImportAccessTokens() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token1 = new OAuth2AccessTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0")); - token1.setAuthenticationHolder(mockedAuthHolder1); - token1.setScope(ImmutableSet.of("id-token")); - token1.setTokenType("Bearer"); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity mockRefreshToken2 = mock(OAuth2RefreshTokenEntity.class); - when(mockRefreshToken2.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token2 = new OAuth2AccessTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ")); - token2.setAuthenticationHolder(mockedAuthHolder2); - token2.setRefreshToken(mockRefreshToken2); - token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile")); - token2.setTokenType("Bearer"); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"refreshTokenId\":null,\"idTokenId\":null,\"scope\":[\"id-token\"],\"type\":\"Bearer\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"refreshTokenId\":1,\"idTokenId\":1,\"scope\":[\"openid\",\"offline_access\",\"email\",\"profile\"],\"type\":\"Bearer\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ\"}" + - - " ]" + - "}"; - - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(tokenRepository.saveAccessToken(isA(OAuth2AccessTokenEntity.class))).thenAnswer(new Answer() { - Long id = 324L; - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2AccessTokenEntity _token = (OAuth2AccessTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeDb.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getAccessTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 133L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _auth = mock(AuthenticationHolderEntity.class); - when(_auth.getId()).thenReturn(id); - id++; - return _auth; - } - }); - dataService.importData(reader); - //2 times for token, 2 times to update client, 2 times to update authHolder, 1 times to update refresh token - verify(tokenRepository, times(7)).saveAccessToken(capturedAccessTokens.capture()); - - List savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues(); - Collections.sort(savedAccessTokens, new accessTokenIdComparator()); - - assertThat(savedAccessTokens.size(), is(2)); - - assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId())); - assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration())); - assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue())); - - assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId())); - assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration())); - assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue())); - } - - @Test - public void testImportClients() throws IOException { - ClientDetailsEntity client1 = new ClientDetailsEntity(); - client1.setId(1L); - client1.setAccessTokenValiditySeconds(3600); - client1.setClientId("client1"); - client1.setClientSecret("clientsecret1"); - client1.setRedirectUris(ImmutableSet.of("http://foo.com/")); - client1.setScope(ImmutableSet.of("foo", "bar", "baz", "dolphin")); - client1.setGrantTypes(ImmutableSet.of("implicit", "authorization_code", "urn:ietf:params:oauth:grant_type:redelegate", "refresh_token")); - client1.setAllowIntrospection(true); - - ClientDetailsEntity client2 = new ClientDetailsEntity(); - client2.setId(2L); - client2.setAccessTokenValiditySeconds(3600); - client2.setClientId("client2"); - client2.setClientSecret("clientsecret2"); - client2.setRedirectUris(ImmutableSet.of("http://bar.baz.com/")); - client2.setScope(ImmutableSet.of("foo", "dolphin", "electric-wombat")); - client2.setGrantTypes(ImmutableSet.of("client_credentials", "urn:ietf:params:oauth:grant_type:redelegate")); - client2.setAllowIntrospection(false); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [" + - - "{\"id\":1,\"accessTokenValiditySeconds\":3600,\"clientId\":\"client1\",\"secret\":\"clientsecret1\"," - + "\"redirectUris\":[\"http://foo.com/\"]," - + "\"scope\":[\"foo\",\"bar\",\"baz\",\"dolphin\"]," - + "\"grantTypes\":[\"implicit\",\"authorization_code\",\"urn:ietf:params:oauth:grant_type:redelegate\",\"refresh_token\"]," - + "\"allowIntrospection\":true}," + - "{\"id\":2,\"accessTokenValiditySeconds\":3600,\"clientId\":\"client2\",\"secret\":\"clientsecret2\"," - + "\"redirectUris\":[\"http://bar.baz.com/\"]," - + "\"scope\":[\"foo\",\"dolphin\",\"electric-wombat\"]," - + "\"grantTypes\":[\"client_credentials\",\"urn:ietf:params:oauth:grant_type:redelegate\"]," - + "\"allowIntrospection\":false}" + - - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(clientRepository, times(2)).saveClient(capturedClients.capture()); - - List savedClients = capturedClients.getAllValues(); - - assertThat(savedClients.size(), is(2)); - - assertThat(savedClients.get(0).getAccessTokenValiditySeconds(), equalTo(client1.getAccessTokenValiditySeconds())); - assertThat(savedClients.get(0).getClientId(), equalTo(client1.getClientId())); - assertThat(savedClients.get(0).getClientSecret(), equalTo(client1.getClientSecret())); - assertThat(savedClients.get(0).getRedirectUris(), equalTo(client1.getRedirectUris())); - assertThat(savedClients.get(0).getScope(), equalTo(client1.getScope())); - assertThat(savedClients.get(0).getGrantTypes(), equalTo(client1.getGrantTypes())); - assertThat(savedClients.get(0).isAllowIntrospection(), equalTo(client1.isAllowIntrospection())); - - assertThat(savedClients.get(1).getAccessTokenValiditySeconds(), equalTo(client2.getAccessTokenValiditySeconds())); - assertThat(savedClients.get(1).getClientId(), equalTo(client2.getClientId())); - assertThat(savedClients.get(1).getClientSecret(), equalTo(client2.getClientSecret())); - assertThat(savedClients.get(1).getRedirectUris(), equalTo(client2.getRedirectUris())); - assertThat(savedClients.get(1).getScope(), equalTo(client2.getScope())); - assertThat(savedClients.get(1).getGrantTypes(), equalTo(client2.getGrantTypes())); - assertThat(savedClients.get(1).isAllowIntrospection(), equalTo(client2.isAllowIntrospection())); - } - - @Test - public void testImportBlacklistedSites() throws IOException { - BlacklistedSite site1 = new BlacklistedSite(); - site1.setId(1L); - site1.setUri("http://foo.com"); - - BlacklistedSite site2 = new BlacklistedSite(); - site2.setId(2L); - site2.setUri("http://bar.com"); - - BlacklistedSite site3 = new BlacklistedSite(); - site3.setId(3L); - site3.setUri("http://baz.com"); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [" + - - "{\"id\":1,\"uri\":\"http://foo.com\"}," + - "{\"id\":2,\"uri\":\"http://bar.com\"}," + - "{\"id\":3,\"uri\":\"http://baz.com\"}" + - - " ]" + - "}"; - - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(blSiteRepository, times(3)).save(capturedBlacklistedSites.capture()); - - List savedSites = capturedBlacklistedSites.getAllValues(); - - assertThat(savedSites.size(), is(3)); - - assertThat(savedSites.get(0).getUri(), equalTo(site1.getUri())); - assertThat(savedSites.get(1).getUri(), equalTo(site2.getUri())); - assertThat(savedSites.get(2).getUri(), equalTo(site3.getUri())); - } - - @Test - public void testImportWhitelistedSites() throws IOException { - WhitelistedSite site1 = new WhitelistedSite(); - site1.setId(1L); - site1.setClientId("foo"); - - WhitelistedSite site2 = new WhitelistedSite(); - site2.setId(2L); - site2.setClientId("bar"); - - WhitelistedSite site3 = new WhitelistedSite(); - site3.setId(3L); - site3.setClientId("baz"); - //site3.setAllowedScopes(null); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [" + - - "{\"id\":1,\"clientId\":\"foo\"}," + - "{\"id\":2,\"clientId\":\"bar\"}," + - "{\"id\":3,\"clientId\":\"baz\"}" + - - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(wlSiteRepository.save(isA(WhitelistedSite.class))).thenAnswer(new Answer() { - Long id = 333L; - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - WhitelistedSite _site = (WhitelistedSite) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - when(wlSiteRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - - dataService.importData(reader); - verify(wlSiteRepository, times(3)).save(capturedWhitelistedSites.capture()); - - List savedSites = capturedWhitelistedSites.getAllValues(); - - assertThat(savedSites.size(), is(3)); - - assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId())); - assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId())); - assertThat(savedSites.get(2).getClientId(), equalTo(site3.getClientId())); - } - - @Test - public void testImportGrants() throws IOException, ParseException { - Date creationDate1 = formatter.parse("2014-09-10T22:49:44.090+00:00", Locale.ENGLISH); - Date accessDate1 = formatter.parse("2014-09-10T23:49:44.090+00:00", Locale.ENGLISH); - - OAuth2AccessTokenEntity mockToken1 = mock(OAuth2AccessTokenEntity.class); - when(mockToken1.getId()).thenReturn(1L); - - ApprovedSite site1 = new ApprovedSite(); - site1.setId(1L); - site1.setClientId("foo"); - site1.setCreationDate(creationDate1); - site1.setAccessDate(accessDate1); - site1.setUserId("user1"); - site1.setAllowedScopes(ImmutableSet.of("openid", "phone")); - when(mockToken1.getApprovedSite()).thenReturn(site1); - - Date creationDate2 = formatter.parse("2014-09-11T18:49:44.090+00:00", Locale.ENGLISH); - Date accessDate2 = formatter.parse("2014-09-11T20:49:44.090+00:00", Locale.ENGLISH); - Date timeoutDate2 = formatter.parse("2014-10-01T20:49:44.090+00:00", Locale.ENGLISH); - - ApprovedSite site2 = new ApprovedSite(); - site2.setId(2L); - site2.setClientId("bar"); - site2.setCreationDate(creationDate2); - site2.setAccessDate(accessDate2); - site2.setUserId("user2"); - site2.setAllowedScopes(ImmutableSet.of("openid", "offline_access", "email", "profile")); - site2.setTimeoutDate(timeoutDate2); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [" + - - "{\"id\":1,\"clientId\":\"foo\",\"creationDate\":\"2014-09-10T22:49:44.090+00:00\",\"accessDate\":\"2014-09-10T23:49:44.090+00:00\"," - + "\"userId\":\"user1\",\"whitelistedSiteId\":null,\"allowedScopes\":[\"openid\",\"phone\"], \"whitelistedSiteId\":1," - + "\"approvedAccessTokens\":[1]}," + - "{\"id\":2,\"clientId\":\"bar\",\"creationDate\":\"2014-09-11T18:49:44.090+00:00\",\"accessDate\":\"2014-09-11T20:49:44.090+00:00\"," - + "\"timeoutDate\":\"2014-10-01T20:49:44.090+00:00\",\"userId\":\"user2\"," - + "\"allowedScopes\":[\"openid\",\"offline_access\",\"email\",\"profile\"]}" + - - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(approvedSiteRepository.save(isA(ApprovedSite.class))).thenAnswer(new Answer() { - Long id = 364L; - @Override - public ApprovedSite answer(InvocationOnMock invocation) throws Throwable { - ApprovedSite _site = (ApprovedSite) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - when(approvedSiteRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public ApprovedSite answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(wlSiteRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 432L; - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - WhitelistedSite _site = mock(WhitelistedSite.class); - when(_site.getId()).thenReturn(id++); - return _site; - } - }); - when(tokenRepository.getAccessTokenById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 245L; - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2AccessTokenEntity _token = mock(OAuth2AccessTokenEntity.class); - when(_token.getId()).thenReturn(id++); - return _token; - } - }); - - dataService.importData(reader); - //2 for sites, 1 for updating access token ref on #1 - verify(approvedSiteRepository, times(3)).save(capturedApprovedSites.capture()); - - List savedSites = new ArrayList(fakeDb.values()); - - assertThat(savedSites.size(), is(2)); - - assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId())); - assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate())); - assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate())); - assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes())); - assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate())); - - assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId())); - assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate())); - assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate())); - assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes())); - assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate())); - } - - @Test - public void testImportAuthenticationHolders() throws IOException { - OAuth2Request req1 = new OAuth2Request(new HashMap(), "client1", new ArrayList(), - true, new HashSet(), new HashSet(), "http://foo.com", - new HashSet(), null); - Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1); - - AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity(); - holder1.setId(1L); - holder1.setAuthentication(auth1); - - OAuth2Request req2 = new OAuth2Request(new HashMap(), "client2", new ArrayList(), - true, new HashSet(), new HashSet(), "http://bar.com", - new HashSet(), null); - Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2); - - AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity(); - holder2.setId(2L); - holder2.setAuthentication(auth2); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [" + - - "{\"id\":1,\"authentication\":{\"clientAuthorization\":{\"clientId\":\"client1\",\"redirectUri\":\"http://foo.com\"}," - + "\"userAuthentication\":null}}," + - "{\"id\":2,\"authentication\":{\"clientAuthorization\":{\"clientId\":\"client2\",\"redirectUri\":\"http://bar.com\"}," - + "\"userAuthentication\":null}}" + - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(authHolderRepository.save(isA(AuthenticationHolderEntity.class))).thenAnswer(new Answer() { - Long id = 243L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _site = (AuthenticationHolderEntity) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - - dataService.importData(reader); - verify(authHolderRepository, times(2)).save(capturedAuthHolders.capture()); - - List savedAuthHolders = capturedAuthHolders.getAllValues(); - - assertThat(savedAuthHolders.size(), is(2)); - assertThat(savedAuthHolders.get(0).getAuthentication().getOAuth2Request().getClientId(), equalTo(holder1.getAuthentication().getOAuth2Request().getClientId())); - assertThat(savedAuthHolders.get(1).getAuthentication().getOAuth2Request().getClientId(), equalTo(holder2.getAuthentication().getOAuth2Request().getClientId())); - } - - @Test - public void testImportSystemScopes() throws IOException { - SystemScope scope1 = new SystemScope(); - scope1.setId(1L); - scope1.setValue("scope1"); - scope1.setDescription("Scope 1"); - scope1.setRestricted(true); - scope1.setDefaultScope(false); - scope1.setIcon("glass"); - - SystemScope scope2 = new SystemScope(); - scope2.setId(2L); - scope2.setValue("scope2"); - scope2.setDescription("Scope 2"); - scope2.setRestricted(false); - scope2.setDefaultScope(false); - scope2.setIcon("ball"); - - SystemScope scope3 = new SystemScope(); - scope3.setId(3L); - scope3.setValue("scope3"); - scope3.setDescription("Scope 3"); - scope3.setRestricted(false); - scope3.setDefaultScope(true); - scope3.setIcon("road"); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [" + - - "{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"allowDynReg\":false,\"defaultScope\":false}," + - "{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"allowDynReg\":true,\"defaultScope\":false}," + - "{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"allowDynReg\":true,\"defaultScope\":true}" + - - " ]" + - "}"; - - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(sysScopeRepository, times(3)).save(capturedScope.capture()); - - List savedScopes = capturedScope.getAllValues(); - - assertThat(savedScopes.size(), is(3)); - assertThat(savedScopes.get(0).getValue(), equalTo(scope1.getValue())); - assertThat(savedScopes.get(0).getDescription(), equalTo(scope1.getDescription())); - assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon())); - assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope())); - assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted())); - - assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue())); - assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription())); - assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon())); - assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope())); - assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted())); - - assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue())); - assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription())); - assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon())); - assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope())); - assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted())); - - } - - @Test - public void testFixRefreshTokenAuthHolderReferencesOnImport() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - OAuth2Request req1 = new OAuth2Request(new HashMap(), "client1", new ArrayList(), - true, new HashSet(), new HashSet(), "http://foo.com", - new HashSet(), null); - Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1); - - AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity(); - holder1.setId(1L); - holder1.setAuthentication(auth1); - - OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.")); - token1.setAuthenticationHolder(holder1); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - OAuth2Request req2 = new OAuth2Request(new HashMap(), "client2", new ArrayList(), - true, new HashSet(), new HashSet(), "http://bar.com", - new HashSet(), null); - Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2); - - AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity(); - holder2.setId(2L); - holder2.setAuthentication(auth2); - - OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.")); - token2.setAuthenticationHolder(holder2); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [" + - - "{\"id\":1,\"authentication\":{\"clientAuthorization\":{\"clientId\":\"client1\",\"redirectUri\":\"http://foo.com\"}," - + "\"userAuthentication\":null}}," + - "{\"id\":2,\"authentication\":{\"clientAuthorization\":{\"clientId\":\"client2\",\"redirectUri\":\"http://bar.com\"}," - + "\"userAuthentication\":null}}" + - " ]," + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.\"}" + - - " ]" + - "}"; - System.err.println(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - final Map fakeRefreshTokenTable = new HashMap<>(); - final Map fakeAuthHolderTable = new HashMap<>(); - when(tokenRepository.saveRefreshToken(isA(OAuth2RefreshTokenEntity.class))).thenAnswer(new Answer() { - Long id = 343L; - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2RefreshTokenEntity _token = (OAuth2RefreshTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeRefreshTokenTable.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getRefreshTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeRefreshTokenTable.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.save(isA(AuthenticationHolderEntity.class))).thenAnswer(new Answer() { - Long id = 356L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _holder = (AuthenticationHolderEntity) invocation.getArguments()[0]; - if(_holder.getId() == null) { - _holder.setId(id++); - } - fakeAuthHolderTable.put(_holder.getId(), _holder); - return _holder; - } - }); - when(authHolderRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeAuthHolderTable.get(_id); - } - }); - dataService.importData(reader); - - List savedRefreshTokens = new ArrayList(fakeRefreshTokenTable.values()); //capturedRefreshTokens.getAllValues(); - Collections.sort(savedRefreshTokens, new refreshTokenIdComparator()); - - assertThat(savedRefreshTokens.get(0).getAuthenticationHolder().getId(), equalTo(356L)); - assertThat(savedRefreshTokens.get(1).getAuthenticationHolder().getId(), equalTo(357L)); - } - - @Test(expected = UnsupportedOperationException.class) - public void testExportDisabled() throws IOException { - JsonWriter writer = new JsonWriter(new StringWriter()); - dataService.exportData(writer); - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java deleted file mode 100644 index 598471126f..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java +++ /dev/null @@ -1,976 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mockito.Matchers.anyLong; -import static org.mockito.Matchers.anyString; -import static org.mockito.Matchers.isA; -import static org.mockito.Matchers.isNull; - -import java.io.IOException; -import java.io.StringReader; -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Locale; -import java.util.Map; -import java.util.Set; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mockito.ArgumentCaptor; -import org.mockito.Captor; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.runners.MockitoJUnitRunner; -import org.mockito.stubbing.Answer; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.format.annotation.DateTimeFormat.ISO; -import org.springframework.format.datetime.DateFormatter; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; - -import com.google.common.collect.ImmutableSet; -import com.google.gson.JsonArray; -import com.google.gson.JsonElement; -import com.google.gson.stream.JsonReader; -import com.nimbusds.jwt.JWTParser; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; - -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.mockito.Mockito.withSettings; - -import static org.junit.Assert.assertThat; - -@RunWith(MockitoJUnitRunner.class) -@SuppressWarnings(value = {"rawtypes", "unchecked"}) -public class TestMITREidDataService_1_2 { - - private static Logger logger = LoggerFactory.getLogger(TestMITREidDataService_1_2.class); - - @Mock - private OAuth2ClientRepository clientRepository; - @Mock - private ApprovedSiteRepository approvedSiteRepository; - @Mock - private WhitelistedSiteRepository wlSiteRepository; - @Mock - private BlacklistedSiteRepository blSiteRepository; - @Mock - private AuthenticationHolderRepository authHolderRepository; - @Mock - private OAuth2TokenRepository tokenRepository; - @Mock - private SystemScopeRepository sysScopeRepository; - - @Captor - private ArgumentCaptor capturedRefreshTokens; - @Captor - private ArgumentCaptor capturedAccessTokens; - @Captor - private ArgumentCaptor capturedClients; - @Captor - private ArgumentCaptor capturedBlacklistedSites; - @Captor - private ArgumentCaptor capturedWhitelistedSites; - @Captor - private ArgumentCaptor capturedApprovedSites; - @Captor - private ArgumentCaptor capturedAuthHolders; - @Captor - private ArgumentCaptor capturedScope; - - @InjectMocks - private MITREidDataService_1_2 dataService; - private DateFormatter formatter; - - @Before - public void prepare() { - formatter = new DateFormatter(); - formatter.setIso(ISO.DATE_TIME); - - Mockito.reset(clientRepository, approvedSiteRepository, authHolderRepository, tokenRepository, sysScopeRepository, wlSiteRepository, blSiteRepository); - } - - private class refreshTokenIdComparator implements Comparator { - @Override - public int compare(OAuth2RefreshTokenEntity entity1, OAuth2RefreshTokenEntity entity2) { - return entity1.getId().compareTo(entity2.getId()); - } - } - - - @Test - public void testImportRefreshTokens() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.")); - token1.setAuthenticationHolder(mockedAuthHolder1); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.")); - token2.setAuthenticationHolder(mockedAuthHolder2); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.\"}" + - - " ]" + - "}"; - - logger.debug(configJson); - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(tokenRepository.saveRefreshToken(isA(OAuth2RefreshTokenEntity.class))).thenAnswer(new Answer() { - Long id = 332L; - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2RefreshTokenEntity _token = (OAuth2RefreshTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeDb.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getRefreshTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 131L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _auth = mock(AuthenticationHolderEntity.class); - when(_auth.getId()).thenReturn(id); - id++; - return _auth; - } - }); - dataService.importData(reader); - //2 times for token, 2 times to update client, 2 times to update authHolder - verify(tokenRepository, times(6)).saveRefreshToken(capturedRefreshTokens.capture()); - - List savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues(); - Collections.sort(savedRefreshTokens, new refreshTokenIdComparator()); - - assertThat(savedRefreshTokens.size(), is(2)); - - assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId())); - assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration())); - assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue())); - - assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId())); - assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration())); - assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue())); - } - - private class accessTokenIdComparator implements Comparator { - @Override - public int compare(OAuth2AccessTokenEntity entity1, OAuth2AccessTokenEntity entity2) { - return entity1.getId().compareTo(entity2.getId()); - } - } - - @Test - public void testImportAccessTokens() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token1 = new OAuth2AccessTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0")); - token1.setAuthenticationHolder(mockedAuthHolder1); - token1.setScope(ImmutableSet.of("id-token")); - token1.setTokenType("Bearer"); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity mockRefreshToken2 = mock(OAuth2RefreshTokenEntity.class); - when(mockRefreshToken2.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token2 = new OAuth2AccessTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ")); - token2.setAuthenticationHolder(mockedAuthHolder2); - token2.setRefreshToken(mockRefreshToken2); - token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile")); - token2.setTokenType("Bearer"); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"refreshTokenId\":null,\"idTokenId\":null,\"scope\":[\"id-token\"],\"type\":\"Bearer\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"refreshTokenId\":1,\"idTokenId\":1,\"scope\":[\"openid\",\"offline_access\",\"email\",\"profile\"],\"type\":\"Bearer\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ\"}" + - - " ]" + - "}"; - - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(tokenRepository.saveAccessToken(isA(OAuth2AccessTokenEntity.class))).thenAnswer(new Answer() { - Long id = 324L; - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2AccessTokenEntity _token = (OAuth2AccessTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeDb.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getAccessTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 133L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _auth = mock(AuthenticationHolderEntity.class); - when(_auth.getId()).thenReturn(id); - id++; - return _auth; - } - }); - dataService.importData(reader); - //2 times for token, 2 times to update client, 2 times to update authHolder, 1 times to update refresh token - verify(tokenRepository, times(7)).saveAccessToken(capturedAccessTokens.capture()); - - List savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues(); - Collections.sort(savedAccessTokens, new accessTokenIdComparator()); - - assertThat(savedAccessTokens.size(), is(2)); - - assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId())); - assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration())); - assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue())); - - assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId())); - assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration())); - assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue())); - } - - @Test - public void testImportClients() throws IOException { - ClientDetailsEntity client1 = new ClientDetailsEntity(); - client1.setId(1L); - client1.setAccessTokenValiditySeconds(3600); - client1.setClientId("client1"); - client1.setClientSecret("clientsecret1"); - client1.setRedirectUris(ImmutableSet.of("http://foo.com/")); - client1.setScope(ImmutableSet.of("foo", "bar", "baz", "dolphin")); - client1.setGrantTypes(ImmutableSet.of("implicit", "authorization_code", "urn:ietf:params:oauth:grant_type:redelegate", "refresh_token")); - client1.setAllowIntrospection(true); - - ClientDetailsEntity client2 = new ClientDetailsEntity(); - client2.setId(2L); - client2.setAccessTokenValiditySeconds(3600); - client2.setClientId("client2"); - client2.setClientSecret("clientsecret2"); - client2.setRedirectUris(ImmutableSet.of("http://bar.baz.com/")); - client2.setScope(ImmutableSet.of("foo", "dolphin", "electric-wombat")); - client2.setGrantTypes(ImmutableSet.of("client_credentials", "urn:ietf:params:oauth:grant_type:redelegate")); - client2.setAllowIntrospection(false); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [" + - - "{\"id\":1,\"accessTokenValiditySeconds\":3600,\"clientId\":\"client1\",\"secret\":\"clientsecret1\"," - + "\"redirectUris\":[\"http://foo.com/\"]," - + "\"scope\":[\"foo\",\"bar\",\"baz\",\"dolphin\"]," - + "\"grantTypes\":[\"implicit\",\"authorization_code\",\"urn:ietf:params:oauth:grant_type:redelegate\",\"refresh_token\"]," - + "\"allowIntrospection\":true}," + - "{\"id\":2,\"accessTokenValiditySeconds\":3600,\"clientId\":\"client2\",\"secret\":\"clientsecret2\"," - + "\"redirectUris\":[\"http://bar.baz.com/\"]," - + "\"scope\":[\"foo\",\"dolphin\",\"electric-wombat\"]," - + "\"grantTypes\":[\"client_credentials\",\"urn:ietf:params:oauth:grant_type:redelegate\"]," - + "\"allowIntrospection\":false}" + - - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(clientRepository, times(2)).saveClient(capturedClients.capture()); - - List savedClients = capturedClients.getAllValues(); - - assertThat(savedClients.size(), is(2)); - - assertThat(savedClients.get(0).getAccessTokenValiditySeconds(), equalTo(client1.getAccessTokenValiditySeconds())); - assertThat(savedClients.get(0).getClientId(), equalTo(client1.getClientId())); - assertThat(savedClients.get(0).getClientSecret(), equalTo(client1.getClientSecret())); - assertThat(savedClients.get(0).getRedirectUris(), equalTo(client1.getRedirectUris())); - assertThat(savedClients.get(0).getScope(), equalTo(client1.getScope())); - assertThat(savedClients.get(0).getGrantTypes(), equalTo(client1.getGrantTypes())); - assertThat(savedClients.get(0).isAllowIntrospection(), equalTo(client1.isAllowIntrospection())); - - assertThat(savedClients.get(1).getAccessTokenValiditySeconds(), equalTo(client2.getAccessTokenValiditySeconds())); - assertThat(savedClients.get(1).getClientId(), equalTo(client2.getClientId())); - assertThat(savedClients.get(1).getClientSecret(), equalTo(client2.getClientSecret())); - assertThat(savedClients.get(1).getRedirectUris(), equalTo(client2.getRedirectUris())); - assertThat(savedClients.get(1).getScope(), equalTo(client2.getScope())); - assertThat(savedClients.get(1).getGrantTypes(), equalTo(client2.getGrantTypes())); - assertThat(savedClients.get(1).isAllowIntrospection(), equalTo(client2.isAllowIntrospection())); - } - - @Test - public void testImportBlacklistedSites() throws IOException { - BlacklistedSite site1 = new BlacklistedSite(); - site1.setId(1L); - site1.setUri("http://foo.com"); - - BlacklistedSite site2 = new BlacklistedSite(); - site2.setId(2L); - site2.setUri("http://bar.com"); - - BlacklistedSite site3 = new BlacklistedSite(); - site3.setId(3L); - site3.setUri("http://baz.com"); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [" + - - "{\"id\":1,\"uri\":\"http://foo.com\"}," + - "{\"id\":2,\"uri\":\"http://bar.com\"}," + - "{\"id\":3,\"uri\":\"http://baz.com\"}" + - - " ]" + - "}"; - - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(blSiteRepository, times(3)).save(capturedBlacklistedSites.capture()); - - List savedSites = capturedBlacklistedSites.getAllValues(); - - assertThat(savedSites.size(), is(3)); - - assertThat(savedSites.get(0).getUri(), equalTo(site1.getUri())); - assertThat(savedSites.get(1).getUri(), equalTo(site2.getUri())); - assertThat(savedSites.get(2).getUri(), equalTo(site3.getUri())); - } - - @Test - public void testImportWhitelistedSites() throws IOException { - WhitelistedSite site1 = new WhitelistedSite(); - site1.setId(1L); - site1.setClientId("foo"); - - WhitelistedSite site2 = new WhitelistedSite(); - site2.setId(2L); - site2.setClientId("bar"); - - WhitelistedSite site3 = new WhitelistedSite(); - site3.setId(3L); - site3.setClientId("baz"); - //site3.setAllowedScopes(null); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [" + - - "{\"id\":1,\"clientId\":\"foo\"}," + - "{\"id\":2,\"clientId\":\"bar\"}," + - "{\"id\":3,\"clientId\":\"baz\"}" + - - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(wlSiteRepository.save(isA(WhitelistedSite.class))).thenAnswer(new Answer() { - Long id = 333L; - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - WhitelistedSite _site = (WhitelistedSite) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - when(wlSiteRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - - dataService.importData(reader); - verify(wlSiteRepository, times(3)).save(capturedWhitelistedSites.capture()); - - List savedSites = capturedWhitelistedSites.getAllValues(); - - assertThat(savedSites.size(), is(3)); - - assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId())); - assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId())); - assertThat(savedSites.get(2).getClientId(), equalTo(site3.getClientId())); - } - - @Test - public void testImportGrants() throws IOException, ParseException { - Date creationDate1 = formatter.parse("2014-09-10T22:49:44.090+00:00", Locale.ENGLISH); - Date accessDate1 = formatter.parse("2014-09-10T23:49:44.090+00:00", Locale.ENGLISH); - - OAuth2AccessTokenEntity mockToken1 = mock(OAuth2AccessTokenEntity.class); - when(mockToken1.getId()).thenReturn(1L); - - ApprovedSite site1 = new ApprovedSite(); - site1.setId(1L); - site1.setClientId("foo"); - site1.setCreationDate(creationDate1); - site1.setAccessDate(accessDate1); - site1.setUserId("user1"); - site1.setAllowedScopes(ImmutableSet.of("openid", "phone")); - when(mockToken1.getApprovedSite()).thenReturn(site1); - - Date creationDate2 = formatter.parse("2014-09-11T18:49:44.090+00:00", Locale.ENGLISH); - Date accessDate2 = formatter.parse("2014-09-11T20:49:44.090+00:00", Locale.ENGLISH); - Date timeoutDate2 = formatter.parse("2014-10-01T20:49:44.090+00:00", Locale.ENGLISH); - - ApprovedSite site2 = new ApprovedSite(); - site2.setId(2L); - site2.setClientId("bar"); - site2.setCreationDate(creationDate2); - site2.setAccessDate(accessDate2); - site2.setUserId("user2"); - site2.setAllowedScopes(ImmutableSet.of("openid", "offline_access", "email", "profile")); - site2.setTimeoutDate(timeoutDate2); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [" + - - "{\"id\":1,\"clientId\":\"foo\",\"creationDate\":\"2014-09-10T22:49:44.090+00:00\",\"accessDate\":\"2014-09-10T23:49:44.090+00:00\"," - + "\"userId\":\"user1\",\"whitelistedSiteId\":null,\"allowedScopes\":[\"openid\",\"phone\"], \"whitelistedSiteId\":1," - + "\"approvedAccessTokens\":[1]}," + - "{\"id\":2,\"clientId\":\"bar\",\"creationDate\":\"2014-09-11T18:49:44.090+00:00\",\"accessDate\":\"2014-09-11T20:49:44.090+00:00\"," - + "\"timeoutDate\":\"2014-10-01T20:49:44.090+00:00\",\"userId\":\"user2\"," - + "\"allowedScopes\":[\"openid\",\"offline_access\",\"email\",\"profile\"]}" + - - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(approvedSiteRepository.save(isA(ApprovedSite.class))).thenAnswer(new Answer() { - Long id = 364L; - @Override - public ApprovedSite answer(InvocationOnMock invocation) throws Throwable { - ApprovedSite _site = (ApprovedSite) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - when(approvedSiteRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public ApprovedSite answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(wlSiteRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 432L; - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - WhitelistedSite _site = mock(WhitelistedSite.class); - when(_site.getId()).thenReturn(id++); - return _site; - } - }); - when(tokenRepository.getAccessTokenById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 245L; - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2AccessTokenEntity _token = mock(OAuth2AccessTokenEntity.class); - when(_token.getId()).thenReturn(id++); - return _token; - } - }); - - dataService.importData(reader); - //2 for sites, 1 for updating access token ref on #1 - verify(approvedSiteRepository, times(3)).save(capturedApprovedSites.capture()); - - List savedSites = new ArrayList(fakeDb.values()); - - assertThat(savedSites.size(), is(2)); - - assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId())); - assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate())); - assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate())); - assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes())); - assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate())); - - assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId())); - assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate())); - assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate())); - assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes())); - assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate())); - } - - @Test - public void testImportAuthenticationHolders() throws IOException { - OAuth2Request req1 = new OAuth2Request(new HashMap(), "client1", new ArrayList(), - true, new HashSet(), new HashSet(), "http://foo.com", - new HashSet(), null); - Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1); - - AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity(); - holder1.setId(1L); - holder1.setAuthentication(auth1); - - OAuth2Request req2 = new OAuth2Request(new HashMap(), "client2", new ArrayList(), - true, new HashSet(), new HashSet(), "http://bar.com", - new HashSet(), null); - Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2); - - AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity(); - holder2.setId(2L); - holder2.setAuthentication(auth2); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [" + - - "{\"id\":1,\"clientId\":\"client1\",\"redirectUri\":\"http://foo.com\"," - + "\"savedUserAuthentication\":null}," + - "{\"id\":2,\"clientId\":\"client2\",\"redirectUri\":\"http://bar.com\"," - + "\"savedUserAuthentication\":null}" + - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(authHolderRepository.save(isA(AuthenticationHolderEntity.class))).thenAnswer(new Answer() { - Long id = 243L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _site = (AuthenticationHolderEntity) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - - dataService.importData(reader); - verify(authHolderRepository, times(2)).save(capturedAuthHolders.capture()); - - List savedAuthHolders = capturedAuthHolders.getAllValues(); - - assertThat(savedAuthHolders.size(), is(2)); - assertThat(savedAuthHolders.get(0).getAuthentication().getOAuth2Request().getClientId(), equalTo(holder1.getAuthentication().getOAuth2Request().getClientId())); - assertThat(savedAuthHolders.get(1).getAuthentication().getOAuth2Request().getClientId(), equalTo(holder2.getAuthentication().getOAuth2Request().getClientId())); - } - - @Test - public void testImportSystemScopes() throws IOException { - SystemScope scope1 = new SystemScope(); - scope1.setId(1L); - scope1.setValue("scope1"); - scope1.setDescription("Scope 1"); - scope1.setRestricted(true); - scope1.setDefaultScope(false); - scope1.setIcon("glass"); - - SystemScope scope2 = new SystemScope(); - scope2.setId(2L); - scope2.setValue("scope2"); - scope2.setDescription("Scope 2"); - scope2.setRestricted(false); - scope2.setDefaultScope(false); - scope2.setIcon("ball"); - - SystemScope scope3 = new SystemScope(); - scope3.setId(3L); - scope3.setValue("scope3"); - scope3.setDescription("Scope 3"); - scope3.setRestricted(false); - scope3.setDefaultScope(true); - scope3.setIcon("road"); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [" + - - "{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"restricted\":true,\"defaultScope\":false}," + - "{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"restricted\":false,\"defaultScope\":false}," + - "{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"restricted\":false,\"defaultScope\":true}" + - - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(sysScopeRepository, times(3)).save(capturedScope.capture()); - - List savedScopes = capturedScope.getAllValues(); - - assertThat(savedScopes.size(), is(3)); - assertThat(savedScopes.get(0).getValue(), equalTo(scope1.getValue())); - assertThat(savedScopes.get(0).getDescription(), equalTo(scope1.getDescription())); - assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon())); - assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope())); - assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted())); - - assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue())); - assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription())); - assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon())); - assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope())); - assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted())); - - assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue())); - assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription())); - assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon())); - assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope())); - assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted())); - - } - - @Test - public void testFixRefreshTokenAuthHolderReferencesOnImport() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - OAuth2Request req1 = new OAuth2Request(new HashMap(), "client1", new ArrayList(), - true, new HashSet(), new HashSet(), "http://foo.com", - new HashSet(), null); - Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1); - - AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity(); - holder1.setId(1L); - holder1.setAuthentication(auth1); - - OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.")); - token1.setAuthenticationHolder(holder1); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - OAuth2Request req2 = new OAuth2Request(new HashMap(), "client2", new ArrayList(), - true, new HashSet(), new HashSet(), "http://bar.com", - new HashSet(), null); - Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2); - - AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity(); - holder2.setId(2L); - holder2.setAuthentication(auth2); - - OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.")); - token2.setAuthenticationHolder(holder2); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [" + - - "{\"id\":1,\"authentication\":{\"authorizationRequest\":{\"clientId\":\"client1\",\"redirectUri\":\"http://foo.com\"}," - + "\"userAuthentication\":null}}," + - "{\"id\":2,\"authentication\":{\"authorizationRequest\":{\"clientId\":\"client2\",\"redirectUri\":\"http://bar.com\"}," - + "\"userAuthentication\":null}}" + - " ]," + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.\"}" + - - " ]" + - "}"; - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - final Map fakeRefreshTokenTable = new HashMap<>(); - final Map fakeAuthHolderTable = new HashMap<>(); - when(tokenRepository.saveRefreshToken(isA(OAuth2RefreshTokenEntity.class))).thenAnswer(new Answer() { - Long id = 343L; - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2RefreshTokenEntity _token = (OAuth2RefreshTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeRefreshTokenTable.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getRefreshTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeRefreshTokenTable.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.save(isA(AuthenticationHolderEntity.class))).thenAnswer(new Answer() { - Long id = 356L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _holder = (AuthenticationHolderEntity) invocation.getArguments()[0]; - if(_holder.getId() == null) { - _holder.setId(id++); - } - fakeAuthHolderTable.put(_holder.getId(), _holder); - return _holder; - } - }); - when(authHolderRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeAuthHolderTable.get(_id); - } - }); - dataService.importData(reader); - - List savedRefreshTokens = new ArrayList(fakeRefreshTokenTable.values()); //capturedRefreshTokens.getAllValues(); - Collections.sort(savedRefreshTokens, new refreshTokenIdComparator()); - - assertThat(savedRefreshTokens.get(0).getAuthenticationHolder().getId(), equalTo(356L)); - assertThat(savedRefreshTokens.get(1).getAuthenticationHolder().getId(), equalTo(357L)); - } - - private Set jsonArrayToStringSet(JsonArray a) { - Set s = new HashSet<>(); - for (JsonElement jsonElement : a) { - s.add(jsonElement.getAsString()); - } - return s; - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java deleted file mode 100644 index 19a12c2350..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java +++ /dev/null @@ -1,1858 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.service.impl; - -import static org.mockito.Matchers.anyLong; -import static org.mockito.Matchers.anyString; -import static org.mockito.Matchers.isA; -import static org.mockito.Matchers.isNull; - -import java.io.IOException; -import java.io.StringReader; -import java.io.StringWriter; -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Locale; -import java.util.Map; -import java.util.Set; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.PKCEAlgorithm; -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.repository.OAuth2ClientRepository; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.oauth2.repository.SystemScopeRepository; -import org.mitre.openid.connect.model.ApprovedSite; -import org.mitre.openid.connect.model.BlacklistedSite; -import org.mitre.openid.connect.model.WhitelistedSite; -import org.mitre.openid.connect.repository.ApprovedSiteRepository; -import org.mitre.openid.connect.repository.BlacklistedSiteRepository; -import org.mitre.openid.connect.repository.WhitelistedSiteRepository; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mockito.ArgumentCaptor; -import org.mockito.Captor; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.runners.MockitoJUnitRunner; -import org.mockito.stubbing.Answer; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.format.annotation.DateTimeFormat.ISO; -import org.springframework.format.datetime.DateFormatter; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.AuthorityUtils; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; - -import com.google.common.collect.ImmutableList; -import com.google.common.collect.ImmutableSet; -import com.google.gson.JsonArray; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.stream.JsonReader; -import com.google.gson.stream.JsonWriter; -import com.nimbusds.jwt.JWTParser; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; - -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.mockito.Mockito.withSettings; - -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -@RunWith(MockitoJUnitRunner.class) -@SuppressWarnings(value = {"rawtypes", "unchecked"}) -public class TestMITREidDataService_1_3 { - - private static Logger logger = LoggerFactory.getLogger(TestMITREidDataService_1_3.class); - - @Mock - private OAuth2ClientRepository clientRepository; - @Mock - private ApprovedSiteRepository approvedSiteRepository; - @Mock - private WhitelistedSiteRepository wlSiteRepository; - @Mock - private BlacklistedSiteRepository blSiteRepository; - @Mock - private AuthenticationHolderRepository authHolderRepository; - @Mock - private OAuth2TokenRepository tokenRepository; - @Mock - private SystemScopeRepository sysScopeRepository; - - @Captor - private ArgumentCaptor capturedRefreshTokens; - @Captor - private ArgumentCaptor capturedAccessTokens; - @Captor - private ArgumentCaptor capturedClients; - @Captor - private ArgumentCaptor capturedBlacklistedSites; - @Captor - private ArgumentCaptor capturedWhitelistedSites; - @Captor - private ArgumentCaptor capturedApprovedSites; - @Captor - private ArgumentCaptor capturedAuthHolders; - @Captor - private ArgumentCaptor capturedScope; - - @InjectMocks - private MITREidDataService_1_3 dataService; - private DateFormatter formatter; - - @Before - public void prepare() { - formatter = new DateFormatter(); - formatter.setIso(ISO.DATE_TIME); - - Mockito.reset(clientRepository, approvedSiteRepository, authHolderRepository, tokenRepository, sysScopeRepository, wlSiteRepository, blSiteRepository); - } - - @Test - public void testExportRefreshTokens() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.")); - token1.setAuthenticationHolder(mockedAuthHolder1); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.")); - token2.setAuthenticationHolder(mockedAuthHolder2); - - Set allRefreshTokens = ImmutableSet.of(token1, token2); - - Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet()); - Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList()); - Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet()); - Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(allRefreshTokens); - Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet()); - - // do the data export - StringWriter stringWriter = new StringWriter(); - JsonWriter writer = new JsonWriter(stringWriter); - writer.beginObject(); - dataService.exportData(writer); - writer.endObject(); - writer.close(); - - // parse the output as a JSON object for testing - JsonElement elem = new JsonParser().parse(stringWriter.toString()); - JsonObject root = elem.getAsJsonObject(); - - // make sure the root is there - assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_3), is(true)); - - JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_3).getAsJsonObject(); - - // make sure all the root elements are there - assertThat(config.has(MITREidDataService.CLIENTS), is(true)); - assertThat(config.has(MITREidDataService.GRANTS), is(true)); - assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true)); - assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true)); - assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true)); - assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true)); - - // make sure the root elements are all arrays - assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true)); - - - // check our refresh token list (this test) - JsonArray refreshTokens = config.get(MITREidDataService.REFRESHTOKENS).getAsJsonArray(); - - assertThat(refreshTokens.size(), is(2)); - // check for both of our refresh tokens in turn - Set checked = new HashSet<>(); - for (JsonElement e : refreshTokens) { - assertThat(e.isJsonObject(), is(true)); - JsonObject token = e.getAsJsonObject(); - - OAuth2RefreshTokenEntity compare = null; - if (token.get("id").getAsLong() == token1.getId()) { - compare = token1; - } else if (token.get("id").getAsLong() == token2.getId()) { - compare = token2; - } - - if (compare == null) { - fail("Could not find matching id: " + token.get("id").getAsString()); - } else { - assertThat(token.get("id").getAsLong(), equalTo(compare.getId())); - assertThat(token.get("clientId").getAsString(), equalTo(compare.getClient().getClientId())); - assertThat(token.get("expiration").getAsString(), equalTo(formatter.print(compare.getExpiration(), Locale.ENGLISH))); - assertThat(token.get("value").getAsString(), equalTo(compare.getValue())); - assertThat(token.get("authenticationHolderId").getAsLong(), equalTo(compare.getAuthenticationHolder().getId())); - checked.add(compare); - } - } - // make sure all of our refresh tokens were found - assertThat(checked.containsAll(allRefreshTokens), is(true)); - } - - private class refreshTokenIdComparator implements Comparator { - @Override - public int compare(OAuth2RefreshTokenEntity entity1, OAuth2RefreshTokenEntity entity2) { - return entity1.getId().compareTo(entity2.getId()); - } - } - - - @Test - public void testImportRefreshTokens() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.")); - token1.setAuthenticationHolder(mockedAuthHolder1); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.")); - token2.setAuthenticationHolder(mockedAuthHolder2); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.\"}" + - - " ]" + - "}"; - - logger.debug(configJson); - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(tokenRepository.saveRefreshToken(isA(OAuth2RefreshTokenEntity.class))).thenAnswer(new Answer() { - Long id = 332L; - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2RefreshTokenEntity _token = (OAuth2RefreshTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeDb.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getRefreshTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 131L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _auth = mock(AuthenticationHolderEntity.class); - when(_auth.getId()).thenReturn(id); - id++; - return _auth; - } - }); - dataService.importData(reader); - //2 times for token, 2 times to update client, 2 times to update authHolder - verify(tokenRepository, times(6)).saveRefreshToken(capturedRefreshTokens.capture()); - - List savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues(); - Collections.sort(savedRefreshTokens, new refreshTokenIdComparator()); - - assertThat(savedRefreshTokens.size(), is(2)); - - assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId())); - assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration())); - assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue())); - - assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId())); - assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration())); - assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue())); - } - - @Test - public void testExportAccessTokens() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token1 = new OAuth2AccessTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0")); - token1.setAuthenticationHolder(mockedAuthHolder1); - token1.setScope(ImmutableSet.of("id-token")); - token1.setTokenType("Bearer"); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity mockRefreshToken2 = mock(OAuth2RefreshTokenEntity.class); - when(mockRefreshToken2.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token2 = new OAuth2AccessTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ")); - token2.setAuthenticationHolder(mockedAuthHolder2); - token2.setRefreshToken(mockRefreshToken2); - token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile")); - token2.setTokenType("Bearer"); - - Set allAccessTokens = ImmutableSet.of(token1, token2); - - Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet()); - Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList()); - Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet()); - Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(allAccessTokens); - Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet()); - - // do the data export - StringWriter stringWriter = new StringWriter(); - JsonWriter writer = new JsonWriter(stringWriter); - writer.beginObject(); - dataService.exportData(writer); - writer.endObject(); - writer.close(); - - // parse the output as a JSON object for testing - JsonElement elem = new JsonParser().parse(stringWriter.toString()); - JsonObject root = elem.getAsJsonObject(); - - // make sure the root is there - assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_3), is(true)); - - JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_3).getAsJsonObject(); - - // make sure all the root elements are there - assertThat(config.has(MITREidDataService.CLIENTS), is(true)); - assertThat(config.has(MITREidDataService.GRANTS), is(true)); - assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true)); - assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true)); - assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true)); - assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true)); - - // make sure the root elements are all arrays - assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true)); - - - // check our access token list (this test) - JsonArray accessTokens = config.get(MITREidDataService.ACCESSTOKENS).getAsJsonArray(); - - assertThat(accessTokens.size(), is(2)); - // check for both of our access tokens in turn - Set checked = new HashSet<>(); - for (JsonElement e : accessTokens) { - assertTrue(e.isJsonObject()); - JsonObject token = e.getAsJsonObject(); - - OAuth2AccessTokenEntity compare = null; - if (token.get("id").getAsLong() == token1.getId().longValue()) { - compare = token1; - } else if (token.get("id").getAsLong() == token2.getId().longValue()) { - compare = token2; - } - - if (compare == null) { - fail("Could not find matching id: " + token.get("id").getAsString()); - } else { - assertThat(token.get("id").getAsLong(), equalTo(compare.getId())); - assertThat(token.get("clientId").getAsString(), equalTo(compare.getClient().getClientId())); - assertThat(token.get("expiration").getAsString(), equalTo(formatter.print(compare.getExpiration(), Locale.ENGLISH))); - assertThat(token.get("value").getAsString(), equalTo(compare.getValue())); - assertThat(token.get("type").getAsString(), equalTo(compare.getTokenType())); - assertThat(token.get("authenticationHolderId").getAsLong(), equalTo(compare.getAuthenticationHolder().getId())); - assertTrue(token.get("scope").isJsonArray()); - assertThat(jsonArrayToStringSet(token.getAsJsonArray("scope")), equalTo(compare.getScope())); - if(token.get("refreshTokenId").isJsonNull()) { - assertNull(compare.getRefreshToken()); - } else { - assertThat(token.get("refreshTokenId").getAsLong(), equalTo(compare.getRefreshToken().getId())); - } - checked.add(compare); - } - } - // make sure all of our access tokens were found - assertThat(checked.containsAll(allAccessTokens), is(true)); - } - - private class accessTokenIdComparator implements Comparator { - @Override - public int compare(OAuth2AccessTokenEntity entity1, OAuth2AccessTokenEntity entity2) { - return entity1.getId().compareTo(entity2.getId()); - } - } - - @Test - public void testImportAccessTokens() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder1.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token1 = new OAuth2AccessTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0")); - token1.setAuthenticationHolder(mockedAuthHolder1); - token1.setScope(ImmutableSet.of("id-token")); - token1.setTokenType("Bearer"); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class); - when(mockedAuthHolder2.getId()).thenReturn(2L); - - OAuth2RefreshTokenEntity mockRefreshToken2 = mock(OAuth2RefreshTokenEntity.class); - when(mockRefreshToken2.getId()).thenReturn(1L); - - OAuth2AccessTokenEntity token2 = new OAuth2AccessTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ")); - token2.setAuthenticationHolder(mockedAuthHolder2); - token2.setRefreshToken(mockRefreshToken2); - token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile")); - token2.setTokenType("Bearer"); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"refreshTokenId\":null,\"idTokenId\":null,\"scope\":[\"id-token\"],\"type\":\"Bearer\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"refreshTokenId\":1,\"idTokenId\":1,\"scope\":[\"openid\",\"offline_access\",\"email\",\"profile\"],\"type\":\"Bearer\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ\"}" + - - " ]" + - "}"; - - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(tokenRepository.saveAccessToken(isA(OAuth2AccessTokenEntity.class))).thenAnswer(new Answer() { - Long id = 324L; - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2AccessTokenEntity _token = (OAuth2AccessTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeDb.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getAccessTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 133L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _auth = mock(AuthenticationHolderEntity.class); - when(_auth.getId()).thenReturn(id); - id++; - return _auth; - } - }); - dataService.importData(reader); - //2 times for token, 2 times to update client, 2 times to update authHolder, 1 times to update refresh token - verify(tokenRepository, times(7)).saveAccessToken(capturedAccessTokens.capture()); - - List savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues(); - Collections.sort(savedAccessTokens, new accessTokenIdComparator()); - - assertThat(savedAccessTokens.size(), is(2)); - - assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId())); - assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration())); - assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue())); - - assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId())); - assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration())); - assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue())); - } - - @Test - public void testExportClients() throws IOException { - ClientDetailsEntity client1 = new ClientDetailsEntity(); - client1.setId(1L); - client1.setAccessTokenValiditySeconds(3600); - client1.setClientId("client1"); - client1.setClientSecret("clientsecret1"); - client1.setRedirectUris(ImmutableSet.of("http://foo.com/")); - client1.setScope(ImmutableSet.of("foo", "bar", "baz", "dolphin")); - client1.setGrantTypes(ImmutableSet.of("implicit", "authorization_code", "urn:ietf:params:oauth:grant_type:redelegate", "refresh_token")); - client1.setAllowIntrospection(true); - - ClientDetailsEntity client2 = new ClientDetailsEntity(); - client2.setId(2L); - client2.setAccessTokenValiditySeconds(3600); - client2.setClientId("client2"); - client2.setClientSecret("clientsecret2"); - client2.setRedirectUris(ImmutableSet.of("http://bar.baz.com/")); - client2.setScope(ImmutableSet.of("foo", "dolphin", "electric-wombat")); - client2.setGrantTypes(ImmutableSet.of("client_credentials", "urn:ietf:params:oauth:grant_type:redelegate")); - client2.setAllowIntrospection(false); - client2.setCodeChallengeMethod(PKCEAlgorithm.S256); - - Set allClients = ImmutableSet.of(client1, client2); - - Mockito.when(clientRepository.getAllClients()).thenReturn(allClients); - Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList()); - Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet()); - Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet()); - Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet()); - - // do the data export - StringWriter stringWriter = new StringWriter(); - JsonWriter writer = new JsonWriter(stringWriter); - writer.beginObject(); - dataService.exportData(writer); - writer.endObject(); - writer.close(); - - // parse the output as a JSON object for testing - JsonElement elem = new JsonParser().parse(stringWriter.toString()); - JsonObject root = elem.getAsJsonObject(); - - // make sure the root is there - assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_3), is(true)); - - JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_3).getAsJsonObject(); - - // make sure all the root elements are there - assertThat(config.has(MITREidDataService.CLIENTS), is(true)); - assertThat(config.has(MITREidDataService.GRANTS), is(true)); - assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true)); - assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true)); - assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true)); - assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true)); - - // make sure the root elements are all arrays - assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true)); - - - // check our client list (this test) - JsonArray clients = config.get(MITREidDataService.CLIENTS).getAsJsonArray(); - - assertThat(clients.size(), is(2)); - // check for both of our clients in turn - Set checked = new HashSet<>(); - for (JsonElement e : clients) { - assertThat(e.isJsonObject(), is(true)); - JsonObject client = e.getAsJsonObject(); - - ClientDetailsEntity compare = null; - if (client.get("clientId").getAsString().equals(client1.getClientId())) { - compare = client1; - } else if (client.get("clientId").getAsString().equals(client2.getClientId())) { - compare = client2; - } - - if (compare == null) { - fail("Could not find matching clientId: " + client.get("clientId").getAsString()); - } else { - assertThat(client.get("clientId").getAsString(), equalTo(compare.getClientId())); - assertThat(client.get("secret").getAsString(), equalTo(compare.getClientSecret())); - assertThat(client.get("accessTokenValiditySeconds").getAsInt(), equalTo(compare.getAccessTokenValiditySeconds())); - assertThat(client.get("allowIntrospection").getAsBoolean(), equalTo(compare.isAllowIntrospection())); - assertThat(jsonArrayToStringSet(client.get("redirectUris").getAsJsonArray()), equalTo(compare.getRedirectUris())); - assertThat(jsonArrayToStringSet(client.get("scope").getAsJsonArray()), equalTo(compare.getScope())); - assertThat(jsonArrayToStringSet(client.get("grantTypes").getAsJsonArray()), equalTo(compare.getGrantTypes())); - assertThat((client.has("codeChallengeMethod") && !client.get("codeChallengeMethod").isJsonNull()) ? PKCEAlgorithm.parse(client.get("codeChallengeMethod").getAsString()) : null, equalTo(compare.getCodeChallengeMethod())); - checked.add(compare); - } - } - // make sure all of our clients were found - assertThat(checked.containsAll(allClients), is(true)); - } - - @Test - public void testImportClients() throws IOException { - ClientDetailsEntity client1 = new ClientDetailsEntity(); - client1.setId(1L); - client1.setAccessTokenValiditySeconds(3600); - client1.setClientId("client1"); - client1.setClientSecret("clientsecret1"); - client1.setRedirectUris(ImmutableSet.of("http://foo.com/")); - client1.setScope(ImmutableSet.of("foo", "bar", "baz", "dolphin")); - client1.setGrantTypes(ImmutableSet.of("implicit", "authorization_code", "urn:ietf:params:oauth:grant_type:redelegate", "refresh_token")); - client1.setAllowIntrospection(true); - - ClientDetailsEntity client2 = new ClientDetailsEntity(); - client2.setId(2L); - client2.setAccessTokenValiditySeconds(3600); - client2.setClientId("client2"); - client2.setClientSecret("clientsecret2"); - client2.setRedirectUris(ImmutableSet.of("http://bar.baz.com/")); - client2.setScope(ImmutableSet.of("foo", "dolphin", "electric-wombat")); - client2.setGrantTypes(ImmutableSet.of("client_credentials", "urn:ietf:params:oauth:grant_type:redelegate")); - client2.setAllowIntrospection(false); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [" + - - "{\"id\":1,\"accessTokenValiditySeconds\":3600,\"clientId\":\"client1\",\"secret\":\"clientsecret1\"," - + "\"redirectUris\":[\"http://foo.com/\"]," - + "\"scope\":[\"foo\",\"bar\",\"baz\",\"dolphin\"]," - + "\"grantTypes\":[\"implicit\",\"authorization_code\",\"urn:ietf:params:oauth:grant_type:redelegate\",\"refresh_token\"]," - + "\"allowIntrospection\":true}," + - "{\"id\":2,\"accessTokenValiditySeconds\":3600,\"clientId\":\"client2\",\"secret\":\"clientsecret2\"," - + "\"redirectUris\":[\"http://bar.baz.com/\"]," - + "\"scope\":[\"foo\",\"dolphin\",\"electric-wombat\"]," - + "\"grantTypes\":[\"client_credentials\",\"urn:ietf:params:oauth:grant_type:redelegate\"]," - + "\"allowIntrospection\":false}" + - - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(clientRepository, times(2)).saveClient(capturedClients.capture()); - - List savedClients = capturedClients.getAllValues(); - - assertThat(savedClients.size(), is(2)); - - assertThat(savedClients.get(0).getAccessTokenValiditySeconds(), equalTo(client1.getAccessTokenValiditySeconds())); - assertThat(savedClients.get(0).getClientId(), equalTo(client1.getClientId())); - assertThat(savedClients.get(0).getClientSecret(), equalTo(client1.getClientSecret())); - assertThat(savedClients.get(0).getRedirectUris(), equalTo(client1.getRedirectUris())); - assertThat(savedClients.get(0).getScope(), equalTo(client1.getScope())); - assertThat(savedClients.get(0).getGrantTypes(), equalTo(client1.getGrantTypes())); - assertThat(savedClients.get(0).isAllowIntrospection(), equalTo(client1.isAllowIntrospection())); - - assertThat(savedClients.get(1).getAccessTokenValiditySeconds(), equalTo(client2.getAccessTokenValiditySeconds())); - assertThat(savedClients.get(1).getClientId(), equalTo(client2.getClientId())); - assertThat(savedClients.get(1).getClientSecret(), equalTo(client2.getClientSecret())); - assertThat(savedClients.get(1).getRedirectUris(), equalTo(client2.getRedirectUris())); - assertThat(savedClients.get(1).getScope(), equalTo(client2.getScope())); - assertThat(savedClients.get(1).getGrantTypes(), equalTo(client2.getGrantTypes())); - assertThat(savedClients.get(1).isAllowIntrospection(), equalTo(client2.isAllowIntrospection())); - } - - @Test - public void testExportBlacklistedSites() throws IOException { - BlacklistedSite site1 = new BlacklistedSite(); - site1.setId(1L); - site1.setUri("http://foo.com"); - - BlacklistedSite site2 = new BlacklistedSite(); - site2.setId(2L); - site2.setUri("http://bar.com"); - - BlacklistedSite site3 = new BlacklistedSite(); - site3.setId(3L); - site3.setUri("http://baz.com"); - - Set allBlacklistedSites = ImmutableSet.of(site1, site2, site3); - - Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet()); - Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(blSiteRepository.getAll()).thenReturn(allBlacklistedSites); - Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList()); - Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet()); - Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet()); - Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet()); - - // do the data export - StringWriter stringWriter = new StringWriter(); - JsonWriter writer = new JsonWriter(stringWriter); - writer.beginObject(); - dataService.exportData(writer); - writer.endObject(); - writer.close(); - - // parse the output as a JSON object for testing - JsonElement elem = new JsonParser().parse(stringWriter.toString()); - JsonObject root = elem.getAsJsonObject(); - - // make sure the root is there - assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_3), is(true)); - - JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_3).getAsJsonObject(); - - // make sure all the root elements are there - assertThat(config.has(MITREidDataService.CLIENTS), is(true)); - assertThat(config.has(MITREidDataService.GRANTS), is(true)); - assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true)); - assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true)); - assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true)); - assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true)); - - // make sure the root elements are all arrays - assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true)); - - // check our scope list (this test) - JsonArray sites = config.get(MITREidDataService.BLACKLISTEDSITES).getAsJsonArray(); - - assertThat(sites.size(), is(3)); - // check for both of our sites in turn - Set checked = new HashSet<>(); - for (JsonElement e : sites) { - assertThat(e.isJsonObject(), is(true)); - JsonObject site = e.getAsJsonObject(); - - BlacklistedSite compare = null; - if (site.get("id").getAsLong() == site1.getId().longValue()) { - compare = site1; - } else if (site.get("id").getAsLong() == site2.getId().longValue()) { - compare = site2; - } else if (site.get("id").getAsLong() == site3.getId().longValue()) { - compare = site3; - } - - if (compare == null) { - fail("Could not find matching blacklisted site id: " + site.get("id").getAsString()); - } else { - assertThat(site.get("uri").getAsString(), equalTo(compare.getUri())); - checked.add(compare); - } - } - // make sure all of our clients were found - assertThat(checked.containsAll(allBlacklistedSites), is(true)); - - } - - @Test - public void testImportBlacklistedSites() throws IOException { - BlacklistedSite site1 = new BlacklistedSite(); - site1.setId(1L); - site1.setUri("http://foo.com"); - - BlacklistedSite site2 = new BlacklistedSite(); - site2.setId(2L); - site2.setUri("http://bar.com"); - - BlacklistedSite site3 = new BlacklistedSite(); - site3.setId(3L); - site3.setUri("http://baz.com"); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [" + - - "{\"id\":1,\"uri\":\"http://foo.com\"}," + - "{\"id\":2,\"uri\":\"http://bar.com\"}," + - "{\"id\":3,\"uri\":\"http://baz.com\"}" + - - " ]" + - "}"; - - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(blSiteRepository, times(3)).save(capturedBlacklistedSites.capture()); - - List savedSites = capturedBlacklistedSites.getAllValues(); - - assertThat(savedSites.size(), is(3)); - - assertThat(savedSites.get(0).getUri(), equalTo(site1.getUri())); - assertThat(savedSites.get(1).getUri(), equalTo(site2.getUri())); - assertThat(savedSites.get(2).getUri(), equalTo(site3.getUri())); - } - - @Test - public void testExportWhitelistedSites() throws IOException { - WhitelistedSite site1 = new WhitelistedSite(); - site1.setId(1L); - site1.setClientId("foo"); - - WhitelistedSite site2 = new WhitelistedSite(); - site2.setId(2L); - site2.setClientId("bar"); - - WhitelistedSite site3 = new WhitelistedSite(); - site3.setId(3L); - site3.setClientId("baz"); - - Set allWhitelistedSites = ImmutableSet.of(site1, site2, site3); - - Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet()); - Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(wlSiteRepository.getAll()).thenReturn(allWhitelistedSites); - Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList()); - Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet()); - Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet()); - Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet()); - - // do the data export - StringWriter stringWriter = new StringWriter(); - JsonWriter writer = new JsonWriter(stringWriter); - writer.beginObject(); - dataService.exportData(writer); - writer.endObject(); - writer.close(); - - // parse the output as a JSON object for testing - JsonElement elem = new JsonParser().parse(stringWriter.toString()); - JsonObject root = elem.getAsJsonObject(); - - // make sure the root is there - assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_3), is(true)); - - JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_3).getAsJsonObject(); - - // make sure all the root elements are there - assertThat(config.has(MITREidDataService.CLIENTS), is(true)); - assertThat(config.has(MITREidDataService.GRANTS), is(true)); - assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true)); - assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true)); - assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true)); - assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true)); - - // make sure the root elements are all arrays - assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true)); - - // check our scope list (this test) - JsonArray sites = config.get(MITREidDataService.WHITELISTEDSITES).getAsJsonArray(); - - assertThat(sites.size(), is(3)); - // check for both of our sites in turn - Set checked = new HashSet<>(); - for (JsonElement e : sites) { - assertThat(e.isJsonObject(), is(true)); - JsonObject site = e.getAsJsonObject(); - - WhitelistedSite compare = null; - if (site.get("id").getAsLong() == site1.getId().longValue()) { - compare = site1; - } else if (site.get("id").getAsLong() == site2.getId().longValue()) { - compare = site2; - } else if (site.get("id").getAsLong() == site3.getId().longValue()) { - compare = site3; - } - - if (compare == null) { - fail("Could not find matching whitelisted site id: " + site.get("id").getAsString()); - } else { - assertThat(site.get("clientId").getAsString(), equalTo(compare.getClientId())); - checked.add(compare); - } - } - // make sure all of our clients were found - assertThat(checked.containsAll(allWhitelistedSites), is(true)); - - } - - @Test - public void testImportWhitelistedSites() throws IOException { - WhitelistedSite site1 = new WhitelistedSite(); - site1.setId(1L); - site1.setClientId("foo"); - - WhitelistedSite site2 = new WhitelistedSite(); - site2.setId(2L); - site2.setClientId("bar"); - - WhitelistedSite site3 = new WhitelistedSite(); - site3.setId(3L); - site3.setClientId("baz"); - //site3.setAllowedScopes(null); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [" + - - "{\"id\":1,\"clientId\":\"foo\"}," + - "{\"id\":2,\"clientId\":\"bar\"}," + - "{\"id\":3,\"clientId\":\"baz\"}" + - - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(wlSiteRepository.save(isA(WhitelistedSite.class))).thenAnswer(new Answer() { - Long id = 333L; - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - WhitelistedSite _site = (WhitelistedSite) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - when(wlSiteRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - - dataService.importData(reader); - verify(wlSiteRepository, times(3)).save(capturedWhitelistedSites.capture()); - - List savedSites = capturedWhitelistedSites.getAllValues(); - - assertThat(savedSites.size(), is(3)); - - assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId())); - assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId())); - assertThat(savedSites.get(2).getClientId(), equalTo(site3.getClientId())); - } - - @Test - public void testExportGrants() throws IOException, ParseException { - Date creationDate1 = formatter.parse("2014-09-10T22:49:44.090+00:00", Locale.ENGLISH); - Date accessDate1 = formatter.parse("2014-09-10T23:49:44.090+00:00", Locale.ENGLISH); - - OAuth2AccessTokenEntity mockToken1 = mock(OAuth2AccessTokenEntity.class); - when(mockToken1.getId()).thenReturn(1L); - - ApprovedSite site1 = new ApprovedSite(); - site1.setId(1L); - site1.setClientId("foo"); - site1.setCreationDate(creationDate1); - site1.setAccessDate(accessDate1); - site1.setUserId("user1"); - site1.setAllowedScopes(ImmutableSet.of("openid", "phone")); - when(mockToken1.getApprovedSite()).thenReturn(site1); - - Date creationDate2 = formatter.parse("2014-09-11T18:49:44.090+00:00", Locale.ENGLISH); - Date accessDate2 = formatter.parse("2014-09-11T20:49:44.090+00:00", Locale.ENGLISH); - Date timeoutDate2 = formatter.parse("2014-10-01T20:49:44.090+00:00", Locale.ENGLISH); - - ApprovedSite site2 = new ApprovedSite(); - site2.setId(2L); - site2.setClientId("bar"); - site2.setCreationDate(creationDate2); - site2.setAccessDate(accessDate2); - site2.setUserId("user2"); - site2.setAllowedScopes(ImmutableSet.of("openid", "offline_access", "email", "profile")); - site2.setTimeoutDate(timeoutDate2); - - Set allApprovedSites = ImmutableSet.of(site1, site2); - - Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet()); - Mockito.when(approvedSiteRepository.getAll()).thenReturn(allApprovedSites); - Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList()); - Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet()); - Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet()); - Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet()); - - // do the data export - StringWriter stringWriter = new StringWriter(); - JsonWriter writer = new JsonWriter(stringWriter); - writer.beginObject(); - dataService.exportData(writer); - writer.endObject(); - writer.close(); - - // parse the output as a JSON object for testing - JsonElement elem = new JsonParser().parse(stringWriter.toString()); - JsonObject root = elem.getAsJsonObject(); - - // make sure the root is there - assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_3), is(true)); - - JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_3).getAsJsonObject(); - - // make sure all the root elements are there - assertThat(config.has(MITREidDataService.CLIENTS), is(true)); - assertThat(config.has(MITREidDataService.GRANTS), is(true)); - assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true)); - assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true)); - assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true)); - assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true)); - - // make sure the root elements are all arrays - assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true)); - - // check our scope list (this test) - JsonArray sites = config.get(MITREidDataService.GRANTS).getAsJsonArray(); - - assertThat(sites.size(), is(2)); - // check for both of our sites in turn - Set checked = new HashSet<>(); - for (JsonElement e : sites) { - assertThat(e.isJsonObject(), is(true)); - JsonObject site = e.getAsJsonObject(); - - ApprovedSite compare = null; - if (site.get("id").getAsLong() == site1.getId().longValue()) { - compare = site1; - } else if (site.get("id").getAsLong() == site2.getId().longValue()) { - compare = site2; - } - - if (compare == null) { - fail("Could not find matching whitelisted site id: " + site.get("id").getAsString()); - } else { - assertThat(site.get("clientId").getAsString(), equalTo(compare.getClientId())); - assertThat(site.get("creationDate").getAsString(), equalTo(formatter.print(compare.getCreationDate(), Locale.ENGLISH))); - assertThat(site.get("accessDate").getAsString(), equalTo(formatter.print(compare.getAccessDate(), Locale.ENGLISH))); - if(site.get("timeoutDate").isJsonNull()) { - assertNull(compare.getTimeoutDate()); - } else { - assertThat(site.get("timeoutDate").getAsString(), equalTo(formatter.print(compare.getTimeoutDate(), Locale.ENGLISH))); - } - assertThat(site.get("userId").getAsString(), equalTo(compare.getUserId())); - assertThat(jsonArrayToStringSet(site.getAsJsonArray("allowedScopes")), equalTo(compare.getAllowedScopes())); - checked.add(compare); - } - } - // make sure all of our clients were found - assertThat(checked.containsAll(allApprovedSites), is(true)); - } - - @Test - public void testImportGrants() throws IOException, ParseException { - Date creationDate1 = formatter.parse("2014-09-10T22:49:44.090+00:00", Locale.ENGLISH); - Date accessDate1 = formatter.parse("2014-09-10T23:49:44.090+00:00", Locale.ENGLISH); - - OAuth2AccessTokenEntity mockToken1 = mock(OAuth2AccessTokenEntity.class); - when(mockToken1.getId()).thenReturn(1L); - - ApprovedSite site1 = new ApprovedSite(); - site1.setId(1L); - site1.setClientId("foo"); - site1.setCreationDate(creationDate1); - site1.setAccessDate(accessDate1); - site1.setUserId("user1"); - site1.setAllowedScopes(ImmutableSet.of("openid", "phone")); - when(mockToken1.getApprovedSite()).thenReturn(site1); - - Date creationDate2 = formatter.parse("2014-09-11T18:49:44.090+00:00", Locale.ENGLISH); - Date accessDate2 = formatter.parse("2014-09-11T20:49:44.090+00:00", Locale.ENGLISH); - Date timeoutDate2 = formatter.parse("2014-10-01T20:49:44.090+00:00", Locale.ENGLISH); - - ApprovedSite site2 = new ApprovedSite(); - site2.setId(2L); - site2.setClientId("bar"); - site2.setCreationDate(creationDate2); - site2.setAccessDate(accessDate2); - site2.setUserId("user2"); - site2.setAllowedScopes(ImmutableSet.of("openid", "offline_access", "email", "profile")); - site2.setTimeoutDate(timeoutDate2); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [" + - - "{\"id\":1,\"clientId\":\"foo\",\"creationDate\":\"2014-09-10T22:49:44.090+00:00\",\"accessDate\":\"2014-09-10T23:49:44.090+00:00\"," - + "\"userId\":\"user1\",\"whitelistedSiteId\":null,\"allowedScopes\":[\"openid\",\"phone\"], \"whitelistedSiteId\":1," - + "\"approvedAccessTokens\":[1]}," + - "{\"id\":2,\"clientId\":\"bar\",\"creationDate\":\"2014-09-11T18:49:44.090+00:00\",\"accessDate\":\"2014-09-11T20:49:44.090+00:00\"," - + "\"timeoutDate\":\"2014-10-01T20:49:44.090+00:00\",\"userId\":\"user2\"," - + "\"allowedScopes\":[\"openid\",\"offline_access\",\"email\",\"profile\"]}" + - - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(approvedSiteRepository.save(isA(ApprovedSite.class))).thenAnswer(new Answer() { - Long id = 364L; - @Override - public ApprovedSite answer(InvocationOnMock invocation) throws Throwable { - ApprovedSite _site = (ApprovedSite) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - when(approvedSiteRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public ApprovedSite answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeDb.get(_id); - } - }); - when(wlSiteRepository.getById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 432L; - @Override - public WhitelistedSite answer(InvocationOnMock invocation) throws Throwable { - WhitelistedSite _site = mock(WhitelistedSite.class); - when(_site.getId()).thenReturn(id++); - return _site; - } - }); - when(tokenRepository.getAccessTokenById(isNull(Long.class))).thenAnswer(new Answer() { - Long id = 245L; - @Override - public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2AccessTokenEntity _token = mock(OAuth2AccessTokenEntity.class); - when(_token.getId()).thenReturn(id++); - return _token; - } - }); - - dataService.importData(reader); - //2 for sites, 1 for updating access token ref on #1 - verify(approvedSiteRepository, times(3)).save(capturedApprovedSites.capture()); - - List savedSites = new ArrayList(fakeDb.values()); - - assertThat(savedSites.size(), is(2)); - - assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId())); - assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate())); - assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate())); - assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes())); - assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate())); - - assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId())); - assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate())); - assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate())); - assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes())); - assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate())); - } - - @Test - public void testExportAuthenticationHolders() throws IOException { - OAuth2Request req1 = new OAuth2Request(new HashMap(), "client1", new ArrayList(), - true, new HashSet(), new HashSet(), "http://foo.com", - new HashSet(), null); - Authentication mockAuth1 = new UsernamePasswordAuthenticationToken("user1", "pass1", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")); - OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1); - - AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity(); - holder1.setId(1L); - holder1.setAuthentication(auth1); - - OAuth2Request req2 = new OAuth2Request(new HashMap(), "client2", new ArrayList(), - true, new HashSet(), new HashSet(), "http://bar.com", - new HashSet(), null); - OAuth2Authentication auth2 = new OAuth2Authentication(req2, null); - - AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity(); - holder2.setId(2L); - holder2.setAuthentication(auth2); - - List allAuthHolders = ImmutableList.of(holder1, holder2); - - when(clientRepository.getAllClients()).thenReturn(new HashSet()); - when(approvedSiteRepository.getAll()).thenReturn(new HashSet()); - when(wlSiteRepository.getAll()).thenReturn(new HashSet()); - when(blSiteRepository.getAll()).thenReturn(new HashSet()); - when(authHolderRepository.getAll()).thenReturn(allAuthHolders); - when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet()); - when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet()); - when(sysScopeRepository.getAll()).thenReturn(new HashSet()); - - // do the data export - StringWriter stringWriter = new StringWriter(); - JsonWriter writer = new JsonWriter(stringWriter); - writer.beginObject(); - dataService.exportData(writer); - writer.endObject(); - writer.close(); - - // parse the output as a JSON object for testing - JsonElement elem = new JsonParser().parse(stringWriter.toString()); - JsonObject root = elem.getAsJsonObject(); - - // make sure the root is there - assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_3), is(true)); - - JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_3).getAsJsonObject(); - - // make sure all the root elements are there - assertThat(config.has(MITREidDataService.CLIENTS), is(true)); - assertThat(config.has(MITREidDataService.GRANTS), is(true)); - assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true)); - assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true)); - assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true)); - assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true)); - - // make sure the root elements are all arrays - assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true)); - - - // check our holder list (this test) - JsonArray holders = config.get(MITREidDataService.AUTHENTICATIONHOLDERS).getAsJsonArray(); - - assertThat(holders.size(), is(2)); - // check for both of our clients in turn - Set checked = new HashSet<>(); - for (JsonElement e : holders) { - assertThat(e.isJsonObject(), is(true)); - JsonObject holder = e.getAsJsonObject(); - - AuthenticationHolderEntity compare = null; - if (holder.get("id").getAsLong() == holder1.getId()) { - compare = holder1; - } else if (holder.get("id").getAsLong() == holder2.getId()) { - compare = holder2; - } - - if (compare == null) { - fail("Could not find matching authentication holder id: " + holder.get("id").getAsString()); - } else { - assertTrue(holder.get("clientId").getAsString().equals(compare.getClientId())); - assertTrue(holder.get("approved").getAsBoolean() == compare.isApproved()); - assertTrue(holder.get("redirectUri").getAsString().equals(compare.getRedirectUri())); - if (compare.getUserAuth() != null) { - assertTrue(holder.get("savedUserAuthentication").isJsonObject()); - JsonObject savedAuth = holder.get("savedUserAuthentication").getAsJsonObject(); - assertTrue(savedAuth.get("name").getAsString().equals(compare.getUserAuth().getName())); - assertTrue(savedAuth.get("authenticated").getAsBoolean() == compare.getUserAuth().isAuthenticated()); - assertTrue(savedAuth.get("sourceClass").getAsString().equals(compare.getUserAuth().getSourceClass())); - } - checked.add(compare); - } - } - // make sure all of our clients were found - assertThat(checked.containsAll(allAuthHolders), is(true)); - } - - @Test - public void testImportAuthenticationHolders() throws IOException { - OAuth2Request req1 = new OAuth2Request(new HashMap(), "client1", new ArrayList(), - true, new HashSet(), new HashSet(), "http://foo.com", - new HashSet(), null); - Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1); - - AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity(); - holder1.setId(1L); - holder1.setAuthentication(auth1); - - OAuth2Request req2 = new OAuth2Request(new HashMap(), "client2", new ArrayList(), - true, new HashSet(), new HashSet(), "http://bar.com", - new HashSet(), null); - Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2); - - AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity(); - holder2.setId(2L); - holder2.setAuthentication(auth2); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [" + - - "{\"id\":1,\"clientId\":\"client1\",\"redirectUri\":\"http://foo.com\"," - + "\"savedUserAuthentication\":null}," + - "{\"id\":2,\"clientId\":\"client2\",\"redirectUri\":\"http://bar.com\"," - + "\"savedUserAuthentication\":null}" + - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - final Map fakeDb = new HashMap<>(); - when(authHolderRepository.save(isA(AuthenticationHolderEntity.class))).thenAnswer(new Answer() { - Long id = 243L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _site = (AuthenticationHolderEntity) invocation.getArguments()[0]; - if(_site.getId() == null) { - _site.setId(id++); - } - fakeDb.put(_site.getId(), _site); - return _site; - } - }); - - dataService.importData(reader); - verify(authHolderRepository, times(2)).save(capturedAuthHolders.capture()); - - List savedAuthHolders = capturedAuthHolders.getAllValues(); - - assertThat(savedAuthHolders.size(), is(2)); - assertThat(savedAuthHolders.get(0).getAuthentication().getOAuth2Request().getClientId(), equalTo(holder1.getAuthentication().getOAuth2Request().getClientId())); - assertThat(savedAuthHolders.get(1).getAuthentication().getOAuth2Request().getClientId(), equalTo(holder2.getAuthentication().getOAuth2Request().getClientId())); - } - - @Test - public void testExportSystemScopes() throws IOException { - SystemScope scope1 = new SystemScope(); - scope1.setId(1L); - scope1.setValue("scope1"); - scope1.setDescription("Scope 1"); - scope1.setRestricted(true); - scope1.setDefaultScope(false); - scope1.setIcon("glass"); - - SystemScope scope2 = new SystemScope(); - scope2.setId(2L); - scope2.setValue("scope2"); - scope2.setDescription("Scope 2"); - scope2.setRestricted(false); - scope2.setDefaultScope(false); - scope2.setIcon("ball"); - - SystemScope scope3 = new SystemScope(); - scope3.setId(3L); - scope3.setValue("scope3"); - scope3.setDescription("Scope 3"); - scope3.setRestricted(false); - scope3.setDefaultScope(true); - scope3.setIcon("road"); - - Set allScopes = ImmutableSet.of(scope1, scope2, scope3); - - Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet()); - Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet()); - Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList()); - Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet()); - Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet()); - Mockito.when(sysScopeRepository.getAll()).thenReturn(allScopes); - - // do the data export - StringWriter stringWriter = new StringWriter(); - JsonWriter writer = new JsonWriter(stringWriter); - writer.beginObject(); - dataService.exportData(writer); - writer.endObject(); - writer.close(); - - // parse the output as a JSON object for testing - JsonElement elem = new JsonParser().parse(stringWriter.toString()); - JsonObject root = elem.getAsJsonObject(); - - // make sure the root is there - assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_3), is(true)); - - JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_3).getAsJsonObject(); - - // make sure all the root elements are there - assertThat(config.has(MITREidDataService.CLIENTS), is(true)); - assertThat(config.has(MITREidDataService.GRANTS), is(true)); - assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true)); - assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true)); - assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true)); - assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true)); - assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true)); - - // make sure the root elements are all arrays - assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true)); - assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true)); - - - // check our scope list (this test) - JsonArray scopes = config.get(MITREidDataService.SYSTEMSCOPES).getAsJsonArray(); - - assertThat(scopes.size(), is(3)); - // check for both of our clients in turn - Set checked = new HashSet<>(); - for (JsonElement e : scopes) { - assertThat(e.isJsonObject(), is(true)); - JsonObject scope = e.getAsJsonObject(); - - SystemScope compare = null; - if (scope.get("value").getAsString().equals(scope1.getValue())) { - compare = scope1; - } else if (scope.get("value").getAsString().equals(scope2.getValue())) { - compare = scope2; - } else if (scope.get("value").getAsString().equals(scope3.getValue())) { - compare = scope3; - } - - if (compare == null) { - fail("Could not find matching scope value: " + scope.get("value").getAsString()); - } else { - assertThat(scope.get("value").getAsString(), equalTo(compare.getValue())); - assertThat(scope.get("description").getAsString(), equalTo(compare.getDescription())); - assertThat(scope.get("icon").getAsString(), equalTo(compare.getIcon())); - assertThat(scope.get("restricted").getAsBoolean(), equalTo(compare.isRestricted())); - assertThat(scope.get("defaultScope").getAsBoolean(), equalTo(compare.isDefaultScope())); - checked.add(compare); - } - } - // make sure all of our clients were found - assertThat(checked.containsAll(allScopes), is(true)); - - } - - @Test - public void testImportSystemScopes() throws IOException { - SystemScope scope1 = new SystemScope(); - scope1.setId(1L); - scope1.setValue("scope1"); - scope1.setDescription("Scope 1"); - scope1.setRestricted(true); - scope1.setDefaultScope(false); - scope1.setIcon("glass"); - - SystemScope scope2 = new SystemScope(); - scope2.setId(2L); - scope2.setValue("scope2"); - scope2.setDescription("Scope 2"); - scope2.setRestricted(false); - scope2.setDefaultScope(false); - scope2.setIcon("ball"); - - SystemScope scope3 = new SystemScope(); - scope3.setId(3L); - scope3.setValue("scope3"); - scope3.setDescription("Scope 3"); - scope3.setRestricted(false); - scope3.setDefaultScope(true); - scope3.setIcon("road"); - - String configJson = "{" + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [], " + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [" + - - "{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"restricted\":true,\"defaultScope\":false}," + - "{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"restricted\":false,\"defaultScope\":false}," + - "{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"restricted\":false,\"defaultScope\":true}" + - - " ]" + - "}"; - - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - - dataService.importData(reader); - verify(sysScopeRepository, times(3)).save(capturedScope.capture()); - - List savedScopes = capturedScope.getAllValues(); - - assertThat(savedScopes.size(), is(3)); - assertThat(savedScopes.get(0).getValue(), equalTo(scope1.getValue())); - assertThat(savedScopes.get(0).getDescription(), equalTo(scope1.getDescription())); - assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon())); - assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope())); - assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted())); - - assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue())); - assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription())); - assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon())); - assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope())); - assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted())); - - assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue())); - assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription())); - assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon())); - assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope())); - assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted())); - - } - - @Test - public void testFixRefreshTokenAuthHolderReferencesOnImport() throws IOException, ParseException { - String expiration1 = "2014-09-10T22:49:44.090+00:00"; - Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH); - - ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class); - when(mockedClient1.getClientId()).thenReturn("mocked_client_1"); - - OAuth2Request req1 = new OAuth2Request(new HashMap(), "client1", new ArrayList(), - true, new HashSet(), new HashSet(), "http://foo.com", - new HashSet(), null); - Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1); - - AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity(); - holder1.setId(1L); - holder1.setAuthentication(auth1); - - OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity(); - token1.setId(1L); - token1.setClient(mockedClient1); - token1.setExpiration(expirationDate1); - token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.")); - token1.setAuthenticationHolder(holder1); - - String expiration2 = "2015-01-07T18:31:50.079+00:00"; - Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH); - - ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class); - when(mockedClient2.getClientId()).thenReturn("mocked_client_2"); - - OAuth2Request req2 = new OAuth2Request(new HashMap(), "client2", new ArrayList(), - true, new HashSet(), new HashSet(), "http://bar.com", - new HashSet(), null); - Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable()); - OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2); - - AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity(); - holder2.setId(2L); - holder2.setAuthentication(auth2); - - OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity(); - token2.setId(2L); - token2.setClient(mockedClient2); - token2.setExpiration(expirationDate2); - token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.")); - token2.setAuthenticationHolder(holder2); - - String configJson = "{" + - "\"" + MITREidDataService.SYSTEMSCOPES + "\": [], " + - "\"" + MITREidDataService.ACCESSTOKENS + "\": [], " + - "\"" + MITREidDataService.CLIENTS + "\": [], " + - "\"" + MITREidDataService.GRANTS + "\": [], " + - "\"" + MITREidDataService.WHITELISTEDSITES + "\": [], " + - "\"" + MITREidDataService.BLACKLISTEDSITES + "\": [], " + - "\"" + MITREidDataService.AUTHENTICATIONHOLDERS + "\": [" + - - "{\"id\":1,\"authentication\":{\"authorizationRequest\":{\"clientId\":\"client1\",\"redirectUri\":\"http://foo.com\"}," - + "\"userAuthentication\":null}}," + - "{\"id\":2,\"authentication\":{\"authorizationRequest\":{\"clientId\":\"client2\",\"redirectUri\":\"http://bar.com\"}," - + "\"userAuthentication\":null}}" + - " ]," + - "\"" + MITREidDataService.REFRESHTOKENS + "\": [" + - - "{\"id\":1,\"clientId\":\"mocked_client_1\",\"expiration\":\"2014-09-10T22:49:44.090+00:00\"," - + "\"authenticationHolderId\":1,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.\"}," + - "{\"id\":2,\"clientId\":\"mocked_client_2\",\"expiration\":\"2015-01-07T18:31:50.079+00:00\"," - + "\"authenticationHolderId\":2,\"value\":\"eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ.\"}" + - - " ]" + - "}"; - logger.debug(configJson); - - JsonReader reader = new JsonReader(new StringReader(configJson)); - final Map fakeRefreshTokenTable = new HashMap<>(); - final Map fakeAuthHolderTable = new HashMap<>(); - when(tokenRepository.saveRefreshToken(isA(OAuth2RefreshTokenEntity.class))).thenAnswer(new Answer() { - Long id = 343L; - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - OAuth2RefreshTokenEntity _token = (OAuth2RefreshTokenEntity) invocation.getArguments()[0]; - if(_token.getId() == null) { - _token.setId(id++); - } - fakeRefreshTokenTable.put(_token.getId(), _token); - return _token; - } - }); - when(tokenRepository.getRefreshTokenById(anyLong())).thenAnswer(new Answer() { - @Override - public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeRefreshTokenTable.get(_id); - } - }); - when(clientRepository.getClientByClientId(anyString())).thenAnswer(new Answer() { - @Override - public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { - String _clientId = (String) invocation.getArguments()[0]; - ClientDetailsEntity _client = mock(ClientDetailsEntity.class); - when(_client.getClientId()).thenReturn(_clientId); - return _client; - } - }); - when(authHolderRepository.save(isA(AuthenticationHolderEntity.class))).thenAnswer(new Answer() { - Long id = 356L; - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - AuthenticationHolderEntity _holder = (AuthenticationHolderEntity) invocation.getArguments()[0]; - if(_holder.getId() == null) { - _holder.setId(id++); - } - fakeAuthHolderTable.put(_holder.getId(), _holder); - return _holder; - } - }); - when(authHolderRepository.getById(anyLong())).thenAnswer(new Answer() { - @Override - public AuthenticationHolderEntity answer(InvocationOnMock invocation) throws Throwable { - Long _id = (Long) invocation.getArguments()[0]; - return fakeAuthHolderTable.get(_id); - } - }); - dataService.importData(reader); - - List savedRefreshTokens = new ArrayList(fakeRefreshTokenTable.values()); //capturedRefreshTokens.getAllValues(); - Collections.sort(savedRefreshTokens, new refreshTokenIdComparator()); - - assertThat(savedRefreshTokens.get(0).getAuthenticationHolder().getId(), equalTo(356L)); - assertThat(savedRefreshTokens.get(1).getAuthenticationHolder().getId(), equalTo(357L)); - } - - private Set jsonArrayToStringSet(JsonArray a) { - Set s = new HashSet<>(); - for (JsonElement jsonElement : a) { - s.add(jsonElement.getAsString()); - } - return s; - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java deleted file mode 100644 index 30e9f5f514..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java +++ /dev/null @@ -1,201 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.openid.connect.service.impl; - -import java.util.Set; -import java.util.UUID; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.openid.connect.model.DefaultUserInfo; -import org.mitre.openid.connect.model.PairwiseIdentifier; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.repository.PairwiseIdentifierRepository; -import org.mockito.InjectMocks; -import org.mockito.Matchers; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; - -import com.google.common.collect.ImmutableSet; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotSame; - -/** - * @author jricher - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestUUIDPairwiseIdentiferService { - - @Mock - private PairwiseIdentifierRepository pairwiseIdentifierRepository; - - @InjectMocks - private UUIDPairwiseIdentiferService service; - - private UserInfo userInfoRegular; - - private ClientDetailsEntity pairwiseClient1; - private ClientDetailsEntity pairwiseClient2; - private ClientDetailsEntity pairwiseClient3; - private ClientDetailsEntity pairwiseClient4; - private ClientDetailsEntity pairwiseClient5; - - private String regularUsername = "regular"; - private String regularSub = "regularSub652ha23b"; - private String pairwiseSub = "pairwise-12-regular-user"; - - private String pairwiseClientId1 = "pairwiseClient-1-2312"; - private String pairwiseClientId2 = "pairwiseClient-2-324416"; - private String pairwiseClientId3 = "pairwiseClient-3-154157"; - private String pairwiseClientId4 = "pairwiseClient-4-4589723"; - private String pairwiseClientId5 = "pairwiseClient-5-34908713"; - - private String sectorHost12 = "sector-identifier-12"; - private String sectorHost3 = "sector-identifier-3"; - private String clientHost4 = "client-redirect-4"; - private String clientHost5 = "client-redirect-5"; - - private String sectorIdentifier1 = "https://" + sectorHost12 + "/url"; - private String sectorIdentifier2 = "https://" + sectorHost12 + "/url2"; - private String sectorIdentifier3 = "https://" + sectorHost3 + "/url"; - - private Set pairwiseClient3RedirectUris = ImmutableSet.of("https://" + sectorHost3 + "/oauth", "https://" + sectorHost3 + "/other"); - private Set pairwiseClient4RedirectUris = ImmutableSet.of("https://" + clientHost4 + "/oauth"); - private Set pairwiseClient5RedirectUris = ImmutableSet.of("https://" + clientHost5 + "/oauth", "https://" + clientHost5 + "/other"); - - private PairwiseIdentifier savedPairwiseIdentifier; - - @Before - public void prepare() { - userInfoRegular = new DefaultUserInfo(); - userInfoRegular.setPreferredUsername(regularUsername); - userInfoRegular.setSub(regularSub); - - // pairwise set 1 - pairwiseClient1 = new ClientDetailsEntity(); - pairwiseClient1.setClientId(pairwiseClientId1); - pairwiseClient1.setSubjectType(SubjectType.PAIRWISE); - pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1); - - pairwiseClient2 = new ClientDetailsEntity(); - pairwiseClient2.setClientId(pairwiseClientId2); - pairwiseClient2.setSubjectType(SubjectType.PAIRWISE); - pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2); - - // pairwise set 2 - pairwiseClient3 = new ClientDetailsEntity(); - pairwiseClient3.setClientId(pairwiseClientId3); - pairwiseClient3.setSubjectType(SubjectType.PAIRWISE); - pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3); - pairwiseClient3.setRedirectUris(pairwiseClient3RedirectUris); - - // pairwise with null sector - pairwiseClient4 = new ClientDetailsEntity(); - pairwiseClient4.setClientId(pairwiseClientId4); - pairwiseClient4.setSubjectType(SubjectType.PAIRWISE); - pairwiseClient4.setRedirectUris(pairwiseClient4RedirectUris); - - // pairwise with multiple redirects and no sector (error) - pairwiseClient5 = new ClientDetailsEntity(); - pairwiseClient5.setClientId(pairwiseClientId5); - pairwiseClient5.setSubjectType(SubjectType.PAIRWISE); - pairwiseClient5.setRedirectUris(pairwiseClient5RedirectUris); - - // saved pairwise identifier from repository - savedPairwiseIdentifier = new PairwiseIdentifier(); - savedPairwiseIdentifier.setUserSub(regularSub); - savedPairwiseIdentifier.setIdentifier(pairwiseSub); - savedPairwiseIdentifier.setSectorIdentifier(sectorHost12); - - } - - /** - * Test method for {@link org.mitre.openid.connect.service.impl.UUIDPairwiseIdentiferService#getIdentifier(org.mitre.openid.connect.model.UserInfo, org.mitre.oauth2.model.ClientDetailsEntity)}. - */ - @Test - public void testGetIdentifier_existingEqual() { - - Mockito.when(pairwiseIdentifierRepository.getBySectorIdentifier(regularSub, sectorHost12)).thenReturn(savedPairwiseIdentifier); - - String pairwise1 = service.getIdentifier(userInfoRegular, pairwiseClient1); - String pairwise2 = service.getIdentifier(userInfoRegular, pairwiseClient2); - - assertEquals(pairwiseSub, pairwise1); - assertEquals(pairwiseSub, pairwise2); - - } - - @Test - public void testGetIdentifier_newEqual() { - - String pairwise1 = service.getIdentifier(userInfoRegular, pairwiseClient1); - Mockito.verify(pairwiseIdentifierRepository, Mockito.atLeast(1)).save(Matchers.any(PairwiseIdentifier.class)); - - PairwiseIdentifier pairwiseId = new PairwiseIdentifier(); - pairwiseId.setUserSub(regularSub); - pairwiseId.setIdentifier(pairwise1); - pairwiseId.setSectorIdentifier(sectorHost12); - - Mockito.when(pairwiseIdentifierRepository.getBySectorIdentifier(regularSub, sectorHost12)).thenReturn(pairwiseId); - - String pairwise2 = service.getIdentifier(userInfoRegular, pairwiseClient2); - - assertNotSame(pairwiseSub, pairwise1); - assertNotSame(pairwiseSub, pairwise2); - - assertEquals(pairwise1, pairwise2); - - // see if the pairwise id's are actual UUIDs - UUID uudi1 = UUID.fromString(pairwise1); - UUID uuid2 = UUID.fromString(pairwise2); - - } - - @Test - public void testGetIdentifer_unique() { - String pairwise1 = service.getIdentifier(userInfoRegular, pairwiseClient1); - String pairwise3 = service.getIdentifier(userInfoRegular, pairwiseClient3); - String pairwise4 = service.getIdentifier(userInfoRegular, pairwiseClient4); - - // make sure nothing's equal - assertNotSame(pairwise1, pairwise3); - assertNotSame(pairwise1, pairwise4); - assertNotSame(pairwise3, pairwise4); - - // see if the pairwise id's are actual UUIDs - UUID uudi1 = UUID.fromString(pairwise1); - UUID uudi3 = UUID.fromString(pairwise3); - UUID uudi4 = UUID.fromString(pairwise4); - - } - - @Test(expected = IllegalArgumentException.class) - public void testGetIdentifier_multipleRedirectError() { - String pairwise5 = service.getIdentifier(userInfoRegular, pairwiseClient5); - } - -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/token/TestConnectTokenEnhancer.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/token/TestConnectTokenEnhancer.java deleted file mode 100644 index 7e1acbfd99..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/token/TestConnectTokenEnhancer.java +++ /dev/null @@ -1,108 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.token; - -import java.text.ParseException; - -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.OIDCTokenService; -import org.mitre.openid.connect.service.UserInfoService; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; - -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet.Builder; - -@RunWith(MockitoJUnitRunner.class) -public class TestConnectTokenEnhancer { - - private static final String CLIENT_ID = "client"; - private static final String KEY_ID = "key"; - - private ConfigurationPropertiesBean configBean = new ConfigurationPropertiesBean(); - - @Mock - private JWTSigningAndValidationService jwtService; - - @Mock - private ClientDetailsEntityService clientService; - - @Mock - private UserInfoService userInfoService; - - @Mock - private OIDCTokenService connectTokenService; - - @Mock - private OAuth2Authentication authentication; - - private OAuth2Request request = new OAuth2Request(CLIENT_ID) { }; - - @InjectMocks - private ConnectTokenEnhancer enhancer = new ConnectTokenEnhancer(); - - @Before - public void prepare() { - configBean.setIssuer("https://auth.example.org/"); - enhancer.setConfigBean(configBean); - - ClientDetailsEntity client = new ClientDetailsEntity(); - client.setClientId(CLIENT_ID); - Mockito.when(clientService.loadClientByClientId(Mockito.anyString())).thenReturn(client); - Mockito.when(authentication.getOAuth2Request()).thenReturn(request); - Mockito.when(jwtService.getDefaultSigningAlgorithm()).thenReturn(JWSAlgorithm.RS256); - Mockito.when(jwtService.getDefaultSignerKeyId()).thenReturn(KEY_ID); - } - - @Test - public void invokesCustomClaimsHook() throws ParseException { - configure(enhancer = new ConnectTokenEnhancer() { - @Override - protected void addCustomAccessTokenClaims(Builder builder, OAuth2AccessTokenEntity token, - OAuth2Authentication authentication) { - builder.claim("test", "foo"); - } - }); - - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - - OAuth2AccessTokenEntity enhanced = (OAuth2AccessTokenEntity) enhancer.enhance(token, authentication); - Assert.assertEquals("foo", enhanced.getJwt().getJWTClaimsSet().getClaim("test")); - } - - private void configure(ConnectTokenEnhancer e) { - e.setConfigBean(configBean); - e.setJwtService(jwtService); - e.setClientService(clientService); - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java deleted file mode 100644 index b8ccbfd4ca..0000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java +++ /dev/null @@ -1,142 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Portions copyright 2011-2013 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.openid.connect.util; - - -import java.text.ParseException; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; - -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.util.Base64URL; -import com.nimbusds.jwt.JWTParser; - -import static org.junit.Assert.assertEquals; - -/** - * - * @author wkim - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestIdTokenHashUtils { - - @Mock - OAuth2AccessTokenEntity mockToken256; - @Mock - OAuth2AccessTokenEntity mockToken384; - @Mock - OAuth2AccessTokenEntity mockToken512; - - @Before - public void prepare() throws ParseException { - - /* - Claims for first token: - - claims.setType("JWT"); - claims.setIssuer("www.example.com"); - claims.setSubject("example_user"); - claims.setClaim("alg", "HS256"); - */ - Mockito.when(mockToken256.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9.")); - - /* - * Claims for second token - claims = new JWTClaimsSet(); - claims.setType("JWT"); - claims.setIssuer("www.another-example.net"); - claims.setSubject("another_user"); - claims.setClaim("alg", "ES384"); - */ - Mockito.when(mockToken384.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJFUzM4NCIsInN1YiI6ImFub3RoZXJfdXNlciIsImlzcyI6Ind3dy5hbm90aGVyLWV4YW1wbGUubmV0IiwidHlwIjoiSldUIn0.")); - - /* - * Claims for third token: - claims = new JWTClaimsSet(); - claims.setType("JWT"); - claims.setIssuer("www.different.com"); - claims.setSubject("different_user"); - claims.setClaim("alg", "RS512"); - */ - Mockito.when(mockToken512.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJSUzUxMiIsInN1YiI6ImRpZmZlcmVudF91c2VyIiwiaXNzIjoid3d3LmRpZmZlcmVudC5jb20iLCJ0eXAiOiJKV1QifQ.")); - } - - @Test - public void getAccessTokenHash256() { - - mockToken256.getJwt().serialize(); - Base64URL expectedHash = new Base64URL("EP1gXNeESRH-n57baopfTQ"); - - Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.HS256, mockToken256); - - assertEquals(expectedHash, resultHash); - } - - @Test - public void getAccessTokenHash384() { - - /* - * independently generate hash - ascii of token = eyJhbGciOiJub25lIn0.eyJhbGciOiJFUzM4NCIsInN1YiI6ImFub3RoZXJfdXNlciIsImlzcyI6Ind3dy5hbm90aGVyLWV4YW1wbGUubmV0IiwidHlwIjoiSldUIn0. - base64url of hash = BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK - */ - - mockToken384.getJwt().serialize(); - Base64URL expectedHash = new Base64URL("BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK"); - - Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.ES384, mockToken384); - - assertEquals(expectedHash, resultHash); - } - - @Test - public void getAccessTokenHash512() { - - /* - * independently generate hash - ascii of token = eyJhbGciOiJub25lIn0.eyJhbGciOiJSUzUxMiIsInN1YiI6ImRpZmZlcmVudF91c2VyIiwiaXNzIjoid3d3LmRpZmZlcmVudC5jb20iLCJ0eXAiOiJKV1QifQ. - base64url of hash = vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k - */ - - mockToken512.getJwt().serialize(); - Base64URL expectedHash = new Base64URL("vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k"); - - Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.RS512, mockToken512); - - assertEquals(expectedHash, resultHash); - } - - @Test - public void getCodeHash512() { - - String testCode = "b0x0rZ"; - - Base64URL expectedHash = new Base64URL("R5DCRi5eOjlvyTAJfry2dNM9adJ2ElpDEKYYByYU920"); // independently generated - - Base64URL resultHash = IdTokenHashUtils.getCodeHash(JWSAlgorithm.ES512, testCode); - - assertEquals(expectedHash, resultHash); - } -} diff --git a/openid-connect-server/src/test/resources/resources/js/locale/en/messages.json b/openid-connect-server/src/test/resources/resources/js/locale/en/messages.json deleted file mode 100644 index 6c5b3d3cbc..0000000000 --- a/openid-connect-server/src/test/resources/resources/js/locale/en/messages.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "testAttribute": "testValue" -} diff --git a/pom.xml b/pom.xml index 3c223dae63..bae701275a 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ 4.0.0 org.mitre openid-connect-parent - 1.3.5-SNAPSHOT + 1.3.4.1 MITREid Connect pom @@ -40,10 +40,10 @@ openid-connect-common openid-connect-client - openid-connect-server + @@ -70,7 +70,7 @@ - 11 + 21 1.7.25 A reference implementation of OpenID Connect (http://openid.net/connect/), OAuth 2.0, and UMA built on top of Java, Spring, and Spring Security. The project contains a fully functioning server, client, and utility library. @@ -96,7 +96,7 @@ org.jacoco jacoco-maven-plugin - 0.8.7 + 0.8.11 org.apache.maven.plugins @@ -178,7 +178,7 @@ ro.isdc.wro4j wro4j-maven-plugin - 1.10.0 + 1.8.0 compile @@ -191,7 +191,7 @@ ro.isdc.wro4j wro4j-extensions - 1.10.0 + 1.8.0 @@ -282,72 +282,20 @@ org.apache.maven.plugins maven-site-plugin + + + + org.apache.maven.plugins + maven-surefire-plugin + 3.1.2 - - - org.apache.maven.plugins - maven-project-info-reports-plugin - - false - false - - - index - cim - dependencies - dependency-convergence - - dependency-management - help - issue-tracking - license - mailing-list - modules - plugin-management - plugins - project-team - scm - summary - - - - org.apache.maven.plugins - maven-javadoc-plugin - - true - true - true - true - MITREid Connect ${project.name} v. ${project.version} - MITREid Connect ${project.name} v. ${project.version} - ${basedir}/src/main/javadoc/overview.html - -Xdoclint:none - - - - org.apache.maven.plugins - maven-checkstyle-plugin - - checkstyle.xml - - - - org.apache.maven.plugins - maven-surefire-plugin - - junit:junit - - **/*_Roo_* - - - - - org.jacoco - jacoco-maven-plugin - - + --add-opens java.base/java.lang=ALL-UNNAMED + -Xmx1024m + 1 + true + @@ -365,53 +313,53 @@ org.springframework spring-framework-bom - 5.3.9 + 6.0.15 pom import - - com.fasterxml.jackson.core - jackson-databind - 2.9.8 - - - com.fasterxml.jackson.core - jackson-annotations - 2.9.8 + jakarta.annotation + jakarta.annotation-api + 3.0.0 org.springframework.security spring-security-bom - 5.5.2 + 6.0.8 pom import - org.springframework.security.oauth - spring-security-oauth2 - 2.1.0.RELEASE + org.springframework.security + spring-security-oauth2-client + 6.0.8 - - - javax.servlet - jstl - 1.2 + org.springframework.security + spring-security-oauth2-resource-server + 6.0.8 - javax.servlet - servlet-api - 2.5 + org.springframework.security + spring-security-oauth2-authorization-server + 1.0.4 + + + + + + jakarta.servlet + jakarta.servlet-api + 6.0.0 provided - javax.servlet.jsp - jsp-api - 2.1 + jakarta.servlet.jsp + jakarta.servlet.jsp-api + 3.1.1 provided @@ -442,9 +390,9 @@ 2.7.4 - org.eclipse.persistence - javax.persistence - 2.2.1 + jakarta.persistence + jakarta.persistence-api + 3.2.0 com.zaxxer @@ -514,12 +462,20 @@ 3.4 test + + + + + + + org.mockito - mockito-all - 1.9.5 + mockito-core + 5.18.0 test + org.mitre @@ -572,9 +528,9 @@ 2.8.0 - org.apache.httpcomponents - httpclient - 4.5.3 + org.apache.httpcomponents.client5 + httpclient5 + 5.4.4 commons-logging @@ -605,34 +561,7 @@ ro.isdc.wro4j wro4j-extensions - 1.10.0 - - - - - javax.annotation - javax.annotation-api - 1.3.2 - - - jakarta.xml.bind - jakarta.xml.bind-api - 3.0.0 - - - javax.xml.bind - jaxb-api - 2.3.1 - - - javax.activation - activation - 1.1 - - - org.glassfish.jaxb - jaxb-runtime - 2.3.0-b170127.1453 + 1.8.0 @@ -657,10 +586,15 @@ + + + + org.mockito - mockito-all + mockito-core + org.slf4j slf4j-jdk14 @@ -670,12 +604,12 @@ jcl-over-slf4j - javax.servlet - servlet-api + jakarta.servlet + jakarta.servlet-api - javax.servlet.jsp - jsp-api + jakarta.servlet.jsp + jakarta.servlet.jsp-api diff --git a/uma-server-webapp/pom.xml b/uma-server-webapp/pom.xml deleted file mode 100644 index a1db8a2739..0000000000 --- a/uma-server-webapp/pom.xml +++ /dev/null @@ -1,97 +0,0 @@ - - - - 4.0.0 - - org.mitre - openid-connect-parent - 1.3.5-SNAPSHOT - .. - - uma-server-webapp - war - UMA Server Webapp - Deployable package of the User Managed Access (UMA) server extension to MITREid Connect - - - - org.apache.maven.plugins - maven-compiler-plugin - - ${java-version} - ${java-version} - - - - org.appfuse.plugins - warpath-maven-plugin - true - - - - add-classes - - - - - - org.apache.maven.plugins - maven-war-plugin - - uma-server-webapp - - - org.mitre - openid-connect-server-webapp - - - false - - - - org.eclipse.jetty - jetty-maven-plugin - - ${project.build.directory}/uma-server-webapp.war - - /uma-server-webapp - - - - - - - - org.mitre - openid-connect-server-webapp - war - - - org.mitre - openid-connect-server-webapp - warpath - - - org.mitre - uma-server - - - org.mitre - openid-connect-client - - - diff --git a/uma-server-webapp/src/main/resources/db/hsql/clients.sql b/uma-server-webapp/src/main/resources/db/hsql/clients.sql deleted file mode 100755 index 8d41bcad94..0000000000 --- a/uma-server-webapp/src/main/resources/db/hsql/clients.sql +++ /dev/null @@ -1,77 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT FALSE; - -START TRANSACTION; - --- --- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here. --- - -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('client', 'secret', 'Test Client', false, null, 3600, 600, true), - ('rs', 'secret', 'Test UMA RS', false, null, null, 600, false), - ('c', 'secret', 'Test UMA Client', false, null, null, 600, false); - -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES - ('client', 'openid'), - ('client', 'profile'), - ('client', 'email'), - ('client', 'address'), - ('client', 'phone'), - ('client', 'offline_access'), - ('rs', 'uma_protection'), - ('c', 'uma_authorization'); - -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES - ('client', 'http://localhost/'), - ('client', 'http://localhost:8080/'); - -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES - ('client', 'authorization_code'), - ('client', 'urn:ietf:params:oauth:grant_type:redelegate'), - ('client', 'implicit'), - ('client', 'refresh_token'), - ('rs', 'authorization_code'), - ('rs', 'implicit'), - ('c', 'authorization_code'), - ('c', 'implicit'); - --- --- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store. --- - -MERGE INTO client_details - USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) AS vals(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) - ON vals.client_id = client_details.client_id - WHEN NOT MATCHED THEN - INSERT (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection); - -MERGE INTO client_scope - USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) AS vals(id, scope) - ON vals.id = client_scope.owner_id AND vals.scope = client_scope.scope - WHEN NOT MATCHED THEN - INSERT (owner_id, scope) values (vals.id, vals.scope); - -MERGE INTO client_redirect_uri - USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) AS vals(id, redirect_uri) - ON vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri - WHEN NOT MATCHED THEN - INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri); - -MERGE INTO client_grant_type - USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) AS vals(id, grant_type) - ON vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type - WHEN NOT MATCHED THEN - INSERT (owner_id, grant_type) values (vals.id, vals.grant_type); - --- --- Close the transaction and turn autocommit back on --- - -COMMIT; - -SET AUTOCOMMIT TRUE; - diff --git a/uma-server-webapp/src/main/resources/db/hsql/scopes.sql b/uma-server-webapp/src/main/resources/db/hsql/scopes.sql deleted file mode 100755 index c3ea0b1133..0000000000 --- a/uma-server-webapp/src/main/resources/db/hsql/scopes.sql +++ /dev/null @@ -1,35 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT FALSE; - -START TRANSACTION; - --- --- Insert scope information into the temporary tables. --- - -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES - ('openid', 'log in using your identity', 'user', false, true), - ('profile', 'basic profile information', 'list-alt', false, true), - ('email', 'email address', 'envelope', false, true), - ('address', 'physical address', 'home', false, true), - ('phone', 'telephone number', 'bell', false, true), - ('offline_access', 'offline access', 'time', false, false), - ('uma_protection', 'manage protected resources', 'briefcase', false, false), - ('uma_authorization', 'request access to protected resources', 'share', false, false); - --- --- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. --- - -MERGE INTO system_scope - USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope) - ON vals.scope = system_scope.scope - WHEN NOT MATCHED THEN - INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope); - -COMMIT; - -SET AUTOCOMMIT TRUE; diff --git a/uma-server-webapp/src/main/resources/db/mysql/clients.sql b/uma-server-webapp/src/main/resources/db/mysql/clients.sql deleted file mode 100755 index 02444c4732..0000000000 --- a/uma-server-webapp/src/main/resources/db/mysql/clients.sql +++ /dev/null @@ -1,69 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT = 0; - -START TRANSACTION; - --- --- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here. --- - -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('client', 'secret', 'Test Client', false, null, 3600, 600, true), - ('rs', 'secret', 'Test UMA RS', false, null, null, 600, false), - ('c', 'secret', 'Test UMA Client', false, null, null, 600, false); - -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES - ('client', 'openid'), - ('client', 'profile'), - ('client', 'email'), - ('client', 'address'), - ('client', 'phone'), - ('client', 'offline_access'), - ('rs', 'uma_protection'), - ('c', 'uma_authorization'); - -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES - ('client', 'http://localhost/'), - ('client', 'http://localhost:8080/'); - -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES - ('client', 'authorization_code'), - ('client', 'urn:ietf:params:oauth:grant_type:redelegate'), - ('client', 'implicit'), - ('client', 'refresh_token'), - ('rs', 'authorization_code'), - ('rs', 'implicit'), - ('c', 'authorization_code'), - ('c', 'implicit'); - --- --- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store. --- - -INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) - SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP - ON DUPLICATE KEY UPDATE client_details.client_id = client_details.client_id; - -INSERT INTO client_scope (owner_id, scope) - SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id - ON DUPLICATE KEY UPDATE client_scope.owner_id = client_scope.owner_id; - -INSERT INTO client_redirect_uri (owner_id, redirect_uri) - SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id - ON DUPLICATE KEY UPDATE client_redirect_uri.owner_id = client_redirect_uri.owner_id; - -INSERT INTO client_grant_type (owner_id, grant_type) - SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id - ON DUPLICATE KEY UPDATE client_grant_type.owner_id = client_grant_type.owner_id; - --- --- Close the transaction and turn autocommit back on --- - -COMMIT; - -SET AUTOCOMMIT = 1; - diff --git a/uma-server-webapp/src/main/resources/db/mysql/scopes.sql b/uma-server-webapp/src/main/resources/db/mysql/scopes.sql deleted file mode 100755 index bdcc0f6e30..0000000000 --- a/uma-server-webapp/src/main/resources/db/mysql/scopes.sql +++ /dev/null @@ -1,33 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - -SET AUTOCOMMIT = 0; - -START TRANSACTION; - --- --- Insert scope information into the temporary tables. --- - -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('openid', 'log in using your identity', 'user', false, true, false, null), - ('profile', 'basic profile information', 'list-alt', false, true, false, null), - ('email', 'email address', 'envelope', false, true, false, null), - ('address', 'physical address', 'home', false, true, false, null), - ('phone', 'telephone number', 'bell', false, true, false, null), - ('offline_access', 'offline access', 'time', false, false, false, null), - ('uma_protection', 'manage protected resources', 'briefcase', false, false, false, null), - ('uma_authorization', 'request access to protected resources', 'share', false, false, false, null); - --- --- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. --- - -INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description) - SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP - ON DUPLICATE KEY UPDATE system_scope.scope = system_scope.scope; - -COMMIT; - -SET AUTOCOMMIT = 1; diff --git a/uma-server-webapp/src/main/resources/db/oracle/clients_oracle.sql b/uma-server-webapp/src/main/resources/db/oracle/clients_oracle.sql deleted file mode 100755 index 783ff2d3a4..0000000000 --- a/uma-server-webapp/src/main/resources/db/oracle/clients_oracle.sql +++ /dev/null @@ -1,61 +0,0 @@ --- --- Insert client information into the temporary tables. To add clients to the Oracle database, edit things here. --- - -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('client', 'secret', 'Test Client', 0, null, 3600, 600, 1); -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('rs', 'secret', 'Test UMA RS', false, null, null, 600, false); -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('c', 'secret', 'Test UMA Client', false, null, null, 600, false); - -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'openid'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'profile'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'email'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'address'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'phone'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'offline_access'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('rs', 'uma_protection'); -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('c', 'uma_authorization'); - -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost/'); -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost:8080/'); - -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'authorization_code'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'urn:ietf:params:oauth:grant_type:redelegate'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'implicit'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'refresh_token'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('rs', 'authorization_code'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('rs', 'implicit'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('c', 'authorization_code'); -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('c', 'implicit'); - --- --- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store. --- - -MERGE INTO client_details - USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) vals - ON (vals.client_id = client_details.client_id) - WHEN NOT MATCHED THEN - INSERT (id, client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, - id_token_validity_seconds, allow_introspection) VALUES(client_details_seq.nextval, vals.client_id, vals.client_secret, vals.client_name, vals.dynamically_registered, - vals.refresh_token_validity_seconds, vals.access_token_validity_seconds, vals.id_token_validity_seconds, vals.allow_introspection); - -MERGE INTO client_scope - USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) vals - ON (vals.id = client_scope.owner_id AND vals.scope = client_scope.scope) - WHEN NOT MATCHED THEN - INSERT (owner_id, scope) values (vals.id, vals.scope); - -MERGE INTO client_redirect_uri - USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) vals - ON (vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri) - WHEN NOT MATCHED THEN - INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri); - -MERGE INTO client_grant_type - USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) vals - ON (vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type) - WHEN NOT MATCHED THEN - INSERT (owner_id, grant_type) values (vals.id, vals.grant_type); diff --git a/uma-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql b/uma-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql deleted file mode 100755 index a52e021dea..0000000000 --- a/uma-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql +++ /dev/null @@ -1,31 +0,0 @@ --- --- Insert scope information into the temporary tables. --- - -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('openid', 'log in using your identity', 'user', 0, 1, 0, null); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('profile', 'basic profile information', 'list-alt', 0, 1, 0, null); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('email', 'email address', 'envelope', 0, 1, 0, null); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('address', 'physical address', 'home', 0, 1, 0, null); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('phone', 'telephone number', 'bell', 0, 1, 0, null); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('offline_access', 'offline access', 'time', 0, 0, 0, null); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('uma_protection', 'manage protected resources', 'briefcase', 0, 0, 0, null); -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('uma_authorization', 'request access to protected resources', 'share', 0, 0, 0, null); - --- --- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. --- - -MERGE INTO system_scope - USING (SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP) vals - ON (vals.scope = system_scope.scope) - WHEN NOT MATCHED THEN - INSERT (id, scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES(system_scope_seq.nextval, vals.scope, - vals.description, vals.icon, vals.restricted, vals.default_scope, vals.structured, vals.structured_param_description); diff --git a/uma-server-webapp/src/main/resources/db/psql/clients.sql b/uma-server-webapp/src/main/resources/db/psql/clients.sql deleted file mode 100755 index d4c75e7fe6..0000000000 --- a/uma-server-webapp/src/main/resources/db/psql/clients.sql +++ /dev/null @@ -1,74 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - ---SET AUTOCOMMIT = OFF; - -START TRANSACTION; - --- --- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here. --- - -INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES - ('client', 'secret', 'Test Client', false, null, 3600, 600, true), - ('rs', 'secret', 'Test UMA RS', false, null, null, 600, false), - ('c', 'secret', 'Test UMA Client', false, null, null, 600, false); - -INSERT INTO client_scope_TEMP (owner_id, scope) VALUES - ('client', 'openid'), - ('client', 'profile'), - ('client', 'email'), - ('client', 'address'), - ('client', 'phone'), - ('client', 'offline_access'), - ('rs', 'uma_protection'), - ('c', 'uma_authorization'); - -INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES - ('client', 'http://localhost/'), - ('client', 'http://localhost:8080/'); - -INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES - ('client', 'authorization_code'), - ('client', 'urn:ietf:params:oauth:grant_type:redelegate'), - ('client', 'implicit'), - ('client', 'refresh_token'), - ('rs', 'authorization_code'), - ('rs', 'implicit'), - ('c', 'authorization_code'), - ('c', 'implicit'); - --- --- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store. --- - -INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) - SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP - ON CONFLICT - DO NOTHING; - -INSERT INTO client_scope (scope) - SELECT scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id - ON CONFLICT - DO NOTHING; - -INSERT INTO client_redirect_uri (redirect_uri) - SELECT redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id - ON CONFLICT - DO NOTHING; - -INSERT INTO client_grant_type (grant_type) - SELECT grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id - ON CONFLICT - DO NOTHING; - --- --- Close the transaction and turn autocommit back on --- - -COMMIT; - ---SET AUTOCOMMIT = ON; - - diff --git a/uma-server-webapp/src/main/resources/db/psql/scopes.sql b/uma-server-webapp/src/main/resources/db/psql/scopes.sql deleted file mode 100755 index 8b2611b832..0000000000 --- a/uma-server-webapp/src/main/resources/db/psql/scopes.sql +++ /dev/null @@ -1,33 +0,0 @@ --- --- Turn off autocommit and start a transaction so that we can use the temp tables --- - ---SET AUTOCOMMIT = OFF; - -START TRANSACTION; - --- --- Insert scope information into the temporary tables. --- - -INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES - ('openid', 'log in using your identity', 'user', false, true, false, null), - ('profile', 'basic profile information', 'list-alt', false, true, false, null), - ('email', 'email address', 'envelope', false, true, false, null), - ('address', 'physical address', 'home', false, true, false, null), - ('phone', 'telephone number', 'bell', false, true, false, null), - ('offline_access', 'offline access', 'time', false, false, false, null); - --- --- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. --- - -INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description) - SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP - ON CONFLICT(scope) - DO NOTHING; - -COMMIT; - ---SET AUTOCOMMIT = ON; - diff --git a/uma-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml b/uma-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml deleted file mode 100644 index 7c645d23a8..0000000000 --- a/uma-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/uma-server-webapp/src/main/webapp/WEB-INF/server-config.xml b/uma-server-webapp/src/main/webapp/WEB-INF/server-config.xml deleted file mode 100644 index 92685552c6..0000000000 --- a/uma-server-webapp/src/main/webapp/WEB-INF/server-config.xml +++ /dev/null @@ -1,68 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - uma - messages - - - - - - - - - - - - diff --git a/uma-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag b/uma-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag deleted file mode 100644 index 47df4a3615..0000000000 --- a/uma-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag +++ /dev/null @@ -1,21 +0,0 @@ -<%@ tag language="java" pageEncoding="UTF-8"%> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -<%@ taglib prefix="security" - uri="http://www.springframework.org/security/tags"%> - -
        • -
        • -
        • -
        • -
        • -
      • -         -
        • -
        • -
        • -
        • -
        • -
      • -
        • -
      • -
      • \ No newline at end of file diff --git a/uma-server-webapp/src/main/webapp/WEB-INF/ui-config.xml b/uma-server-webapp/src/main/webapp/WEB-INF/ui-config.xml deleted file mode 100644 index 2cd7bfc33b..0000000000 --- a/uma-server-webapp/src/main/webapp/WEB-INF/ui-config.xml +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - - - - resources/js/client.js - resources/js/grant.js - resources/js/scope.js - resources/js/whitelist.js - resources/js/dynreg.js - resources/js/rsreg.js - resources/js/token.js - resources/js/blacklist.js - resources/js/profile.js - resources/js/policy.js - - - - - - diff --git a/uma-server-webapp/src/main/webapp/WEB-INF/user-context.xml b/uma-server-webapp/src/main/webapp/WEB-INF/user-context.xml deleted file mode 100644 index 4a2f7bb0d3..0000000000 --- a/uma-server-webapp/src/main/webapp/WEB-INF/user-context.xml +++ /dev/null @@ -1,142 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - openid - profile - email - phone - address - - - - - - #{configBean.issuer + "openid_connect_login"} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/uma-server-webapp/src/main/webapp/WEB-INF/views/external_login.jsp b/uma-server-webapp/src/main/webapp/WEB-INF/views/external_login.jsp deleted file mode 100644 index 897afdaaa1..0000000000 --- a/uma-server-webapp/src/main/webapp/WEB-INF/views/external_login.jsp +++ /dev/null @@ -1,42 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> -<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %> -<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> - - -
        -
        -
        - -

        Log In

        - -

        Enter your email address to log in

        - -
        -
        - -
        -
        - - -
        -
        - -
        - -
        -
        -
        - - - \ No newline at end of file diff --git a/uma-server-webapp/src/main/webapp/resources/js/locale/en/uma.json b/uma-server-webapp/src/main/webapp/resources/js/locale/en/uma.json deleted file mode 100644 index 69ff2e1869..0000000000 --- a/uma-server-webapp/src/main/webapp/resources/js/locale/en/uma.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "admin": { - "policies": "Manage Protected Resource Policies" - }, - "policy" : { - "resource-sets": "Resource Sets", - "edit-policies": "Edit Policies", - "new-policy": "New Policy", - "edit-policy": "Edit Policy", - "loading-policies": "Policies", - "loading-policy": "Policy", - "loading-rs": "Resource Set", - "rs-table": { - "confirm": "Are you sure you want to delete this resource set?", - "no-resource-sets": "There are no resource sets registered. Introduce a protected to this authorization server to let it register some.", - "scopes": "Scopes", - "shared-with": "Shared with:", - "shared-nobody": "NOBODY", - "shared-nobody-tooltip": "This resource is not accessible by anyone else, edit the policies and share it with someone.", - "sharing": "Sharing Policies" - }, - "policy-table": { - "new": "Add New Policy", - "return": "Return to list", - "edit": "Edit Policy", - "confirm": "Are you sure you want to delete this policy?", - "delete": "Delete", - "no-policies": "There are no policies for this resource set: This resource set is inaccessible by others.", - "required-claims": "Required Claims", - "required-claims-info": "Users that you share this resource will with need to be able to present the following claims in order to access the resource.", - "remove": "Remove", - "issuers": "Issuers", - "claim": "Claim", - "value": "Value" - }, - "policy-form": { - "email-address": "email address", - "share-email": "Share with email address", - "new": "New Policy", - "edit": "Edit Policy", - "claim-name": "claim name", - "friendly-claim-name": "friendly claim name", - "claim-value": "claim value", - "value-type-text": "Text", - "value-type-number": "Number", - "clear-all": "Clear all claims", - "clear-all-confirm": "Are you sure you want to clear all claims from this policy?" - }, - "webfinger-error": "Error", - "webfinger-error-description": "The server was unable to find an identity provider for __email__.", - "advanced-error": "Error", - "advanced-error-description": "There was an error saving your advanced claim. Did you fill in all required fields?" - }, - "sidebar": { - "personal": { - "resource_policies": "Manage Protected Resource Policies" - } - } -} \ No newline at end of file diff --git a/uma-server-webapp/src/main/webapp/resources/js/locale/zh/uma.json b/uma-server-webapp/src/main/webapp/resources/js/locale/zh/uma.json deleted file mode 100644 index e2444c4ea1..0000000000 --- a/uma-server-webapp/src/main/webapp/resources/js/locale/zh/uma.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "admin": { - "policies": "管理受保护资源的政策" - }, - "policy" : { - "resource-sets": "资源集", - "edit-policies": "编辑政策", - "new-policy": "新建政策", - "edit-policy": "编辑政策", - "loading-policies": "政策", - "loading-policy": "政策", - "loading-rs": "资源集", - "rs-table": { - "confirm": "确定要删除该资源?", - "no-resource-sets": "尚未有已注册的资源集。您可在此授权服务器中注册一个。", - "scopes": "范围", - "shared-with": "共享给:", - "shared-nobody": "不共享", - "shared-nobody-tooltip": "此资源别人无法访问,请编辑政策使其与其他人共享。", - "sharing": "共享政策" - }, - "policy-table": { - "new": "新建政策", - "return": "返回到列表", - "edit": "编辑政策", - "confirm": "确定要删除该政策?", - "delete": "删除", - "no-policies": "此资源集尚未有政策:别人无法访问此资源集。", - "required-claims": "必须的声明", - "required-claims-info": "与您共享此资源的用户必须具备以下声明,才能访问该资源。", - "remove": "移除", - "issuers": "签发者", - "claim": "声明项", - "value": "值" - }, - "policy-form": { - "email-address": "email地址", - "share-email": "连带email地址共享", - "new": "新建政策", - "edit": "编辑政策", - "claim-name": "声明项名称", - "friendly-claim-name": "声明的显示名", - "claim-value": "声明的值", - "value-type-text": "文本", - "value-type-number": "数字", - "clear-all": "清除全部声明", - "clear-all-confirm": "您是否要从此政策中清除全部声明?" - }, - "webfinger-error": "错误", - "webfinger-error-description": "服务器无法找到__email__的身份提供者。", - "advanced-error": "错误", - "advanced-error-description": "保存高级声明时出错。您是否填写了全部必填项?" - }, - "sidebar": { - "personal": { - "resource_policies": "管理受保护资源的政策" - } - } -} \ No newline at end of file diff --git a/uma-server-webapp/src/main/webapp/resources/js/locale/zh_CN/uma.json b/uma-server-webapp/src/main/webapp/resources/js/locale/zh_CN/uma.json deleted file mode 100644 index e2444c4ea1..0000000000 --- a/uma-server-webapp/src/main/webapp/resources/js/locale/zh_CN/uma.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "admin": { - "policies": "管理受保护资源的政策" - }, - "policy" : { - "resource-sets": "资源集", - "edit-policies": "编辑政策", - "new-policy": "新建政策", - "edit-policy": "编辑政策", - "loading-policies": "政策", - "loading-policy": "政策", - "loading-rs": "资源集", - "rs-table": { - "confirm": "确定要删除该资源?", - "no-resource-sets": "尚未有已注册的资源集。您可在此授权服务器中注册一个。", - "scopes": "范围", - "shared-with": "共享给:", - "shared-nobody": "不共享", - "shared-nobody-tooltip": "此资源别人无法访问,请编辑政策使其与其他人共享。", - "sharing": "共享政策" - }, - "policy-table": { - "new": "新建政策", - "return": "返回到列表", - "edit": "编辑政策", - "confirm": "确定要删除该政策?", - "delete": "删除", - "no-policies": "此资源集尚未有政策:别人无法访问此资源集。", - "required-claims": "必须的声明", - "required-claims-info": "与您共享此资源的用户必须具备以下声明,才能访问该资源。", - "remove": "移除", - "issuers": "签发者", - "claim": "声明项", - "value": "值" - }, - "policy-form": { - "email-address": "email地址", - "share-email": "连带email地址共享", - "new": "新建政策", - "edit": "编辑政策", - "claim-name": "声明项名称", - "friendly-claim-name": "声明的显示名", - "claim-value": "声明的值", - "value-type-text": "文本", - "value-type-number": "数字", - "clear-all": "清除全部声明", - "clear-all-confirm": "您是否要从此政策中清除全部声明?" - }, - "webfinger-error": "错误", - "webfinger-error-description": "服务器无法找到__email__的身份提供者。", - "advanced-error": "错误", - "advanced-error-description": "保存高级声明时出错。您是否填写了全部必填项?" - }, - "sidebar": { - "personal": { - "resource_policies": "管理受保护资源的政策" - } - } -} \ No newline at end of file diff --git a/uma-server-webapp/src/main/webapp/resources/js/locale/zh_TW/uma.json b/uma-server-webapp/src/main/webapp/resources/js/locale/zh_TW/uma.json deleted file mode 100644 index 5232328326..0000000000 --- a/uma-server-webapp/src/main/webapp/resources/js/locale/zh_TW/uma.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "admin": { - "policies": "管理受保護資源的政策" - }, - "policy" : { - "resource-sets": "資源集", - "edit-policies": "編輯政策", - "new-policy": "新建政策", - "edit-policy": "編輯政策", - "loading-policies": "政策", - "loading-policy": "政策", - "loading-rs": "資源集", - "rs-table": { - "confirm": "確定要刪除該資源?", - "no-resource-sets": "尚未有已注冊的資源集。您可在此授權伺服器中注冊一個。", - "scopes": "范圍", - "shared-with": "共享給:", - "shared-nobody": "不共享", - "shared-nobody-tooltip": "此資源別人無法訪問,請編輯政策使其與其他人共享。", - "sharing": "共享政策" - }, - "policy-table": { - "new": "新建政策", - "return": "返回到列表", - "edit": "編輯政策", - "confirm": "確定要刪除該政策?", - "delete": "刪除", - "no-policies": "此資源集尚未有政策:別人無法訪問此資源集。", - "required-claims": "必須的聲明", - "required-claims-info": "與您共享此資源的用戶必須具備以下聲明,才能訪問該資源。", - "remove": "移除", - "issuers": "簽發者", - "claim": "聲明項", - "value": "值" - }, - "policy-form": { - "email-address": "email地址", - "share-email": "連帶email地址共享", - "new": "新建政策", - "edit": "編輯政策", - "claim-name": "聲明項名稱", - "friendly-claim-name": "聲明的顯示名", - "claim-value": "聲明的值", - "value-type-text": "文本", - "value-type-number": "數字", - "clear-all": "清除全部聲明", - "clear-all-confirm": "您是否要從此政策中清除全部聲明?" - }, - "webfinger-error": "錯誤", - "webfinger-error-description": "伺服器無法找到__email__的身份提供者。", - "advanced-error": "錯誤", - "advanced-error-description": "保存高級聲明時出錯。您是否填寫了全部必填項?" - }, - "sidebar": { - "personal": { - "resource_policies": "管理受保護資源的政策" - } - } -} \ No newline at end of file diff --git a/uma-server-webapp/src/main/webapp/resources/js/policy.js b/uma-server-webapp/src/main/webapp/resources/js/policy.js deleted file mode 100644 index 6a3b6420c0..0000000000 --- a/uma-server-webapp/src/main/webapp/resources/js/policy.js +++ /dev/null @@ -1,786 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -var ResourceSetModel = Backbone.Model.extend({ - urlRoot: 'api/resourceset' -}); - -var ResourceSetCollection = Backbone.Collection.extend({ - model: ResourceSetModel, - url: 'api/resourceset' -}); - -var PolicyModel = Backbone.Model.extend({ - urlRoot: function() { - return 'api/resourceset/' + this.options.rsid + '/policy/'; - }, - initialize: function(model, options) { - this.options = options; - } -}); - -var PolicyCollection = Backbone.Collection.extend({ - model: PolicyModel, - url: function() { - return 'api/resourceset/' + this.options.rsid + '/policy/'; - }, - initialize: function(models, options) { - this.options = options; - } -}); - -var ResourceSetListView = Backbone.View.extend({ - tagName: 'span', - - initialize:function (options) { - this.options = options; - }, - - load:function(callback) { - if (this.model.isFetched && - this.options.clientList.isFetched && - this.options.systemScopeList.isFetched) { - callback(); - return; - } - - $('#loadingbox').sheet('show'); - $('#loading').html( - '' + $.t('policy.resource-sets') + ' ' + - '' + $.t('common.clients') + ' ' + - '' + $.t('common.scopes') + ' ' - ); - - $.when(this.model.fetchIfNeeded({success:function(e) {$('#loading-resourcesets').addClass('label-success');}}), - this.options.clientList.fetchIfNeeded({success:function(e) {$('#loading-clients').addClass('label-success');}}), - this.options.systemScopeList.fetchIfNeeded({success:function(e) {$('#loading-scopes').addClass('label-success');}})) - .done(function() { - $('#loadingbox').sheet('hide'); - callback(); - }); - }, - - events: { - "click .refresh-table":"refreshTable" - }, - - render:function (eventName) { - $(this.el).html($('#tmpl-resource-set-table').html()); - - var _self = this; - - _.each(this.model.models, function (resourceSet) { - - // look up client - var client = this.options.clientList.getByClientId(resourceSet.get('clientId')); - - // if there's no client ID, this is an error! - if (client != null) { - var view = new ResourceSetView({model: resourceSet, client: client, systemScopeList: _self.options.systemScopeList}); - view.parentView = _self; - $('#resource-set-table', this.el).append(view.render().el); - } - - }, this); - - this.togglePlaceholder(); - $(this.el).i18n(); - return this; - }, - - togglePlaceholder:function() { - if (this.model.length > 0) { - $('#resource-set-table', this.el).show(); - $('#resource-set-table-empty', this.el).hide(); - } else { - $('#resource-set-table', this.el).hide(); - $('#resource-set-table-empty', this.el).show(); - } - }, - - refreshTable:function(e) { - e.preventDefault(); - var _self = this; - $('#loadingbox').sheet('show'); - $('#loading').html( - '' + $.t('policy.resource-sets') + ' ' + - '' + $.t('common.clients') + ' ' + - '' + $.t('common.scopes') + ' ' - ); - - $.when(this.model.fetch({success:function(e) {$('#loading-resourcesets').addClass('label-success');}}), - this.options.clientList.fetch({success:function(e) {$('#loading-clients').addClass('label-success');}}), - this.options.systemScopeList.fetch({success:function(e) {$('#loading-scopes').addClass('label-success');}})) - .done(function() { - $('#loadingbox').sheet('hide'); - _self.render(); - }); - } - - -}); - - -var ResourceSetView = Backbone.View.extend({ - tagName: 'tr', - - initialize:function(options) { - this.options = options; - if (!this.template) { - this.template = _.template($('#tmpl-resource-set').html()); - } - - if (!this.scopeTemplate) { - this.scopeTemplate = _.template($('#tmpl-scope-list').html()); - } - - if (!this.moreInfoTemplate) { - this.moreInfoTemplate = _.template($('#tmpl-client-more-info-block').html()); - } - - this.model.bind('change', this.render, this); - }, - - render:function(eventName) { - - var json = {rs: this.model.toJSON(), client: this.options.client.toJSON()}; - - this.$el.html(this.template(json)); - - $('.scope-list', this.el).html(this.scopeTemplate({scopes: this.model.get('scopes'), systemScopes: this.options.systemScopeList})); - - $('.client-more-info-block', this.el).html(this.moreInfoTemplate({client: this.options.client.toJSON()})); - - $(this.el).i18n(); - return this; - }, - - events:{ - 'click .btn-edit': 'editPolicies', - 'click .btn-delete': 'deleteResourceSet', - 'click .toggleMoreInformation': 'toggleMoreInformation' - }, - - editPolicies:function(e) { - e.preventDefault(); - app.navigate('user/policy/' + this.model.get('id'), {trigger: true}); - }, - - deleteResourceSet:function(e) { - e.preventDefault(); - - if (confirm($.t('policy.rs-table.confirm'))) { - var _self = this; - - this.model.destroy({ - dataType: false, processData: false, - success:function () { - _self.$el.fadeTo("fast", 0.00, function () { //fade - $(this).slideUp("fast", function () { //slide up - $(this).remove(); //then remove from the DOM - _self.parentView.togglePlaceholder(); - }); - }); - }, - error:function (error, response) { - console.log("An error occurred when deleting a resource set"); - - //Pull out the response text. - var responseJson = JSON.parse(response.responseText); - - //Display an alert with an error message - $('#modalAlert div.modal-header').html(responseJson.error); - $('#modalAlert div.modal-body').html(responseJson.error_description); - - $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog - "backdrop" : "static", - "keyboard" : true, - "show" : true // ensure the modal is shown immediately - }); - } - }); - - _self.parentView.delegateEvents(); - } - - return false; - - }, - - toggleMoreInformation:function(e) { - e.preventDefault(); - if ($('.moreInformation', this.el).is(':visible')) { - // hide it - $('.moreInformation', this.el).hide('fast'); - $('.toggleMoreInformation i', this.el).attr('class', 'icon-chevron-right'); - $('.moreInformationContainer', this.el).removeClass('alert').removeClass('alert-info').addClass('muted'); - - } else { - // show it - $('.moreInformation', this.el).show('fast'); - $('.toggleMoreInformation i', this.el).attr('class', 'icon-chevron-down'); - $('.moreInformationContainer', this.el).addClass('alert').addClass('alert-info').removeClass('muted'); - } - }, - -}); - -var PolicyListView = Backbone.View.extend({ - tagName: 'span', - - initialize:function(options) { - this.options = options; - }, - - load:function(callback) { - if (this.model.isFetched && - this.options.rs.isFetched && - this.options.systemScopeList.isFetched) { - callback(); - return; - } - - $('#loadingbox').sheet('show'); - $('#loading').html( - '' + $.t('policy.loading-policies') + ' ' + - '' + $.t('policy.loading-rs') + ' ' + - '' + $.t("common.scopes") + ' ' - ); - - $.when(this.model.fetchIfNeeded({success:function(e) {$('#loading-policies').addClass('label-success');}}), - this.options.rs.fetchIfNeeded({success:function(e) {$('#loading-rs').addClass('label-success');}}), - this.options.systemScopeList.fetchIfNeeded({success:function(e) {$('#loading-scopes').addClass('label-success');}})) - .done(function() { - $('#loadingbox').sheet('hide'); - callback(); - }); - }, - - events:{ - 'click .btn-add':'addPolicy', - 'click .btn-cancel':'cancel' - }, - - cancel:function(e) { - e.preventDefault(); - app.navigate('user/policy', {trigger: true}); - }, - - togglePlaceholder:function() { - if (this.model.length > 0) { - $('#policy-info', this.el).show(); - $('#policy-table', this.el).show(); - $('#policy-table-empty', this.el).hide(); - } else { - $('#policy-info', this.el).hide(); - $('#policy-table', this.el).hide(); - $('#policy-table-empty', this.el).show(); - } - }, - - addPolicy:function(e) { - e.preventDefault(); - app.navigate('user/policy/' + this.options.rs.get('id') +'/new', {trigger: true}); - }, - - render:function (eventName) { - $(this.el).html($('#tmpl-policy-table').html()); - - var _self = this; - - _.each(this.model.models, function (policy) { - - var view = new PolicyView({model: policy, systemScopeList: _self.options.systemScopeList, rs: _self.options.rs}); - view.parentView = _self; - $('#policy-table', this.el).append(view.render().el); - - }, this); - - this.togglePlaceholder(); - $(this.el).i18n(); - return this; - } -}); - - -var PolicyView = Backbone.View.extend({ - tagName: 'tr', - - initialize:function(options) { - this.options = options; - - if (!this.template) { - this.template = _.template($('#tmpl-policy').html()); - } - - if (!this.scopeTemplate) { - this.scopeTemplate = _.template($('#tmpl-scope-list').html()); - } - - - }, - - events:{ - 'click .btn-edit':'editPolicy', - 'click .btn-remove':'removePolicy' - }, - - editPolicy:function(e) { - e.preventDefault(); - app.navigate('user/policy/' + this.options.rs.get("id") + '/' + this.model.get('id'), {trigger: true}); - }, - - removePolicy:function(e) { - e.preventDefault(); - - if (confirm($.t('policy.policy-table.confirm'))) { - var _self = this; - this.model.destroy({ - dataType: false, processData: false, - success:function () { - _self.$el.fadeTo("fast", 0.00, function () { //fade - $(this).slideUp("fast", function () { //slide up - $(this).remove(); //then remove from the DOM - _self.parentView.togglePlaceholder(); - }); - }); - }, - error:function (error, response) { - console.log("An error occurred when deleting a client"); - - //Pull out the response text. - var responseJson = JSON.parse(response.responseText); - - //Display an alert with an error message - $('#modalAlert div.modal-header').html(responseJson.error); - $('#modalAlert div.modal-body').html(responseJson.error_description); - - $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog - "backdrop" : "static", - "keyboard" : true, - "show" : true // ensure the modal is shown immediately - }); - } - }); - - _self.parentView.delegateEvents(); - } - }, - - render:function (eventName) { - var json = this.model.toJSON(); - - this.$el.html(this.template(json)); - - $('.scope-list', this.el).html(this.scopeTemplate({scopes: this.model.get('scopes'), systemScopes: this.options.systemScopeList})); - - $(this.el).i18n(); - return this; - } - - -}); - - -var PolicyFormView = Backbone.View.extend({ - tagName: 'div', - - initialize:function(options) { - this.options = options; - - if (!this.template) { - this.template = _.template($('#tmpl-policy-form').html()); - } - - this.issuerCollection = new Backbone.Collection(); - - }, - - events:{ - 'click .btn-share': 'addWebfingerClaim', - 'click .btn-share-advanced': 'addAdvancedClaim', - 'click .btn-clear': 'clearAllClaims', - 'click .btn-save': 'savePolicy', - 'click .btn-cancel': 'cancel' - }, - - load:function(callback) { - if (this.model.isFetched && - this.options.rs.isFetched && - this.options.systemScopeList.isFetched) { - callback(); - return; - } - - $('#loadingbox').sheet('show'); - $('#loading').html( - '' + $.t('policy.loading-policy') + ' ' + - '' + $.t('policy.loading-rs') + ' ' + - '' + $.t("common.scopes") + ' ' - ); - - $.when(this.model.fetchIfNeeded({success:function(e) {$('#loading-policies').addClass('label-success');}}), - this.options.rs.fetchIfNeeded({success:function(e) {$('#loading-rs').addClass('label-success');}}), - this.options.systemScopeList.fetchIfNeeded({success:function(e) {$('#loading-scopes').addClass('label-success');}})) - .done(function() { - $('#loadingbox').sheet('hide'); - callback(); - }); - }, - - addWebfingerClaim:function(e) { - e.preventDefault(); - - // post to the webfinger helper and get the response back - - var _self = this; - - var email = $('#email', this.el).val(); - - $('#loadingbox').sheet('show'); - $('#loading').html( - 'Looking up identity provider...' - ); - - var base = $('base').attr('href'); - $.getJSON(base + '/api/emailsearch?' + $.param({'identifier': email}), function(data) { - - // grab the current state of the scopes checkboxes just in case - var scopes = $('#scopes input[type="checkbox"]:checked').map(function(idx, elem) { return $(elem).val(); }).get(); - - _self.model.set({ - scopes: scopes, - claimsRequired: data - }, {trigger: false}); - - _self.render(); - - $('#loadingbox').sheet('hide'); - - }).error(function(jqXHR, textStatus, errorThrown) { - console.log("An error occurred when doing a webfinger lookup", errorThrown); - - $('#loadingbox').sheet('hide'); - - //Display an alert with an error message - $('#modalAlert div.modal-header').html($.t('policy.webfinger-error')); - $('#modalAlert div.modal-body').html($.t('policy.webfinger-error-description', {email: email})); - - $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog - "backdrop" : "static", - "keyboard" : true, - "show" : true // ensure the modal is shown immediately - }); - }); - - }, - - addAdvancedClaim:function(e) { - e.preventDefault(); - - var name = $('#name', this.el).val(); - var friendly = $('#friendly-name', this.el).val(); - var rawValue = $('#value', this.el).val(); - var valueType = $('#value-type', this.el).val(); - var value = null; - if (valueType == 'number') { - value = Number(rawValue); - } else if (valueType == 'boolean') { - value = (rawValue.toLowerCase() == 'true'); - } else if (valueType == 'json') { - value = JSON.parse(rawValue); - } else { - // treat it as a string, the default - value = rawValue; - } - - var issuers = this.issuerCollection.pluck('item'); - - console.log(name, friendly, rawValue, valueType, value, issuers); - - if (!_.isEmpty(issuers) - && name - && value) { - // we've got a valid claim, add it to our set - // grab the current state of the scopes checkboxes just in case - var scopes = $('#scopes input[type="checkbox"]:checked').map(function(idx, elem) { return $(elem).val(); }).get(); - - var claimsRequired = this.model.get('claimsRequired'); - if (!claimsRequired) { - claimsRequired = []; - } - claimsRequired.push({ - name: name, - friendlyName: friendly, - value: value, - issuer: issuers - }); - - this.model.set({ - scopes: scopes, - claimsRequired: claimsRequired - }, {trigger: false}); - - $('#name', this.el).val(''); - $('#friendly-name', this.el).val(''); - $('#value', this.el).val(''); - $('#value-type', this.el).val('text'); - - this.render(); - - // re-select the advanced tab - $('a[data-target="#policy-advanced-tab"]', this.el).tab('show') - - } else { - // something is missing - $('#loadingbox').sheet('hide'); - - //Display an alert with an error message - $('#modalAlert div.modal-header').html($.t('policy.advanced-error')); - $('#modalAlert div.modal-body').html($.t('policy.advanced-error-description')); - - $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog - "backdrop" : "static", - "keyboard" : true, - "show" : true // ensure the modal is shown immediately - }); - } - }, - - clearAllClaims:function(e) { - e.preventDefault(); - - if (confirm($.t('policy.policy-form.clear-all-confirm'))) { - - var scopes = $('#scopes input[type="checkbox"]:checked').map(function(idx, elem) { return $(elem).val(); }).get(); - - var claimsRequired = []; - - this.model.set({ - scopes: scopes, - claimsRequired: claimsRequired - }, {trigger: false}); - - this.render(); - } - }, - - savePolicy:function(e) { - e.preventDefault(); - - // get all the scopes that are checked - var scopes = $('#scopes input[type="checkbox"]:checked').map(function(idx, elem) { return $(elem).val(); }).get(); - - var valid = this.model.set({ - scopes: scopes - }); - - if (valid) { - - var _self = this; - this.model.save({}, { - success:function() { - app.systemScopeList.add(_self.model); - - // refresh the associated RS - _self.options.rs.fetch({success: function() { - app.navigate('user/policy/' + _self.options.rs.get('id'), {trigger: true}); - }}); - - }, - error:function(error, response) { - - //Pull out the response text. - var responseJson = JSON.parse(response.responseText); - - //Display an alert with an error message - $('#modalAlert div.modal-header').html(responseJson.error); - $('#modalAlert div.modal-body').html(responseJson.error_description); - - $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog - "backdrop" : "static", - "keyboard" : true, - "show" : true // ensure the modal is shown immediately - }); - } - }); - } - - return false; - - }, - - cancel:function(e) { - e.preventDefault(); - app.navigate('user/policy/' + this.options.rs.get('id'), {trigger: true}); - }, - - render:function (eventName) { - var json = this.model.toJSON(); - var rs = this.options.rs.toJSON(); - - this.$el.html(this.template({policy: json, rs: rs})); - - // build and bind issuer view - var issuerView = new ListWidgetView({ - placeholder: $.t('policy.policy-form.issuer-placeholder'), - helpBlockText: $.t('policy.policy-form.issuer-help'), - collection: this.issuerCollection}); - $("#issuers .controls",this.el).html(issuerView.render().el); - - $(this.el).i18n(); - - return this; - } -}); - - -ui.routes.push({path: "user/policy", name: "policy", callback: - function() { - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([ - {text:$.t('admin.home'), href:""}, - {text:$.t('policy.resource-sets'), href:"manage/#user/policy"} - ]); - - this.updateSidebar('user/policy'); - - var view = new ResourceSetListView({model: this.resourceSetList, clientList: this.clientList, systemScopeList: this.systemScopeList}); - - view.load(function() { - $('#content').html(view.render().el); - setPageTitle($.t('policy.resource-sets')); - }); - - } -}); - -ui.routes.push({path: "user/policy/:rsid", name: "editPolicies", callback: - function(rsid) { - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([ - {text:$.t('admin.home'), href:""}, - {text:$.t('policy.resource-sets'), href:"manage/#user/policy"}, - {text:$.t('policy.edit-policies'), href:"manage/#user/policy/" + rsid} - ]); - - this.updateSidebar('user/policy'); - - var rs = this.resourceSetList.get(rsid); - var policies = null; - if (rs == null) { - // need to load it directly - policies = new PolicyCollection([], {rsid: rsid}); - rs = new ResourceSetModel({id: rsid}); - this.resourceSetList.add(rs); // it will be loaded below, don't need to load it again in the future - } else { - // the resource set is loaded, preload the claims - policies = new PolicyCollection(rs.get('policies'), {rsid: rsid}); - policies.isFetched = true; - } - - var view = new PolicyListView({model: policies, rs: rs, systemScopeList: this.systemScopeList}); - - view.load(function() { - $('#content').html(view.render().el); - setPageTitle($.t('policy.edit-policy')); - }); - - } -}); - -ui.routes.push({path: "user/policy/:rsid/new", name: "newPolicy", callback: - function(rsid) { - - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([ - {text:$.t('admin.home'), href:""}, - {text:$.t('policy.resource-sets'), href:"manage/#user/policy"}, - {text:$.t('policy.edit-policies'), href:"manage/#user/policy/" + rsid}, - {text:$.t('policy.new-policy'), href:"manage/#user/policy/" + rsid + "/new"} - ]); - - this.updateSidebar('user/policy'); - - var policy = policy = new PolicyModel({}, {rsid: rsid}); - - var rs = this.resourceSetList.get(rsid); - if (rs == null) { - // need to load it directly - rs = new ResourceSetModel({id: rsid}); - this.resourceSetList.add(rs); // it will be loaded below, don't need to load it again in the future - } - - var view = new PolicyFormView({model: policy, rs: rs, systemScopeList: this.systemScopeList}); - - view.load(function() { - $('#content').html(view.render().el); - setPageTitle($.t('policy.edit-policy')); - }); - } -}); - -ui.routes.push({path: "user/policy/:rsid/:pid", name: "editPolicy", callback: - function(rsid, pid) { - this.breadCrumbView.collection.reset(); - this.breadCrumbView.collection.add([ - {text:$.t('admin.home'), href:""}, - {text:$.t('policy.resource-sets'), href:"manage/#user/policy"}, - {text:$.t('policy.edit-policies'), href:"manage/#user/policy/" + rsid}, - {text:$.t('policy.edit-policy'), href:"manage/#user/policy/" + rsid + "/" + pid} - ]); - - this.updateSidebar('user/policy'); - - var rs = this.resourceSetList.get(rsid); - var policy = null; - if (rs == null) { - // need to load it directly - policy = new PolicyModel({id: pid}, {rsid: rsid}); - rs = new ResourceSetModel({id: rsid}); - this.resourceSetList.add(rs); // it will be loaded below, don't need to load it again in the future - } else { - // the resource set is loaded, preload the claims - _.each(rs.get('policies'), function(p) { - if (p.id == pid) { - policy = new PolicyModel(p, {rsid: rsid}); - policy.isFetched = true; - } - }); - if (policy == null) { - // need to load it directly - policy = new PolicyModel({id: pid}, {rsid: rsid}); - } - } - - var view = new PolicyFormView({model: policy, rs: rs, systemScopeList: this.systemScopeList}); - - view.load(function() { - $('#content').html(view.render().el); - setPageTitle($.t('policy.edit-policy')); - }); - - - } -}); - -ui.templates.push('resources/template/policy.html'); - -ui.init.push(function(app) { - app.resourceSetList = new ResourceSetCollection(); -}); diff --git a/uma-server-webapp/src/main/webapp/resources/template/policy.html b/uma-server-webapp/src/main/webapp/resources/template/policy.html deleted file mode 100644 index 576da1b1ad..0000000000 --- a/uma-server-webapp/src/main/webapp/resources/template/policy.html +++ /dev/null @@ -1,255 +0,0 @@ - - - - - - - - - - - - - - \ No newline at end of file diff --git a/uma-server/pom.xml b/uma-server/pom.xml deleted file mode 100644 index 515c7200f5..0000000000 --- a/uma-server/pom.xml +++ /dev/null @@ -1,50 +0,0 @@ - - - - 4.0.0 - - org.mitre - openid-connect-parent - 1.3.5-SNAPSHOT - .. - - uma-server - UMA Server Library - User Managed Access (UMA) extension of the MITREid Connect server - - - - org.apache.maven.plugins - maven-compiler-plugin - - ${java-version} - ${java-version} - - - - - - - org.mitre - openid-connect-server - - - org.mitre - openid-connect-client - - - diff --git a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java b/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java deleted file mode 100644 index 6f460d200d..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java +++ /dev/null @@ -1,107 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.repository.impl; - -import java.util.Collection; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.uma.model.Permission; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.repository.PermissionRepository; -import org.mitre.util.jpa.JpaUtil; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * @author jricher - * - */ -@Repository -public class JpaPermissionRepository implements PermissionRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager em; - - @Override - @Transactional(value="defaultTransactionManager") - public PermissionTicket save(PermissionTicket p) { - return JpaUtil.saveOrUpdate(p.getId(), em, p); - } - - /* (non-Javadoc) - * @see org.mitre.uma.repository.PermissionRepository#getByTicket(java.lang.String) - */ - @Override - public PermissionTicket getByTicket(String ticket) { - TypedQuery query = em.createNamedQuery(PermissionTicket.QUERY_TICKET, PermissionTicket.class); - query.setParameter(PermissionTicket.PARAM_TICKET, ticket); - return JpaUtil.getSingleResult(query.getResultList()); - } - - /* (non-Javadoc) - * @see org.mitre.uma.repository.PermissionRepository#getAll() - */ - @Override - public Collection getAll() { - TypedQuery query = em.createNamedQuery(PermissionTicket.QUERY_ALL, PermissionTicket.class); - return query.getResultList(); - } - - /* (non-Javadoc) - * @see org.mitre.uma.repository.PermissionRepository#saveRawPermission(org.mitre.uma.model.Permission) - */ - @Override - @Transactional(value="defaultTransactionManager") - public Permission saveRawPermission(Permission p) { - return JpaUtil.saveOrUpdate(p.getId(), em, p); - } - - /* (non-Javadoc) - * @see org.mitre.uma.repository.PermissionRepository#getById(java.lang.Long) - */ - @Override - public Permission getById(Long permissionId) { - return em.find(Permission.class, permissionId); - } - - /* (non-Javadoc) - * @see org.mitre.uma.repository.PermissionRepository#getPermissionTicketsForResourceSet(org.mitre.uma.model.ResourceSet) - */ - @Override - public Collection getPermissionTicketsForResourceSet(ResourceSet rs) { - TypedQuery query = em.createNamedQuery(PermissionTicket.QUERY_BY_RESOURCE_SET, PermissionTicket.class); - query.setParameter(PermissionTicket.PARAM_RESOURCE_SET_ID, rs.getId()); - return query.getResultList(); - } - - /* (non-Javadoc) - * @see org.mitre.uma.repository.PermissionRepository#remove(org.mitre.uma.model.PermissionTicket) - */ - @Override - @Transactional(value="defaultTransactionManager") - public void remove(PermissionTicket ticket) { - PermissionTicket found = getByTicket(ticket.getTicket()); - if (found != null) { - em.remove(found); - } - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java b/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java deleted file mode 100644 index e19236c399..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java +++ /dev/null @@ -1,97 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.repository.impl; - -import java.util.Collection; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.repository.ResourceSetRepository; -import org.mitre.util.jpa.JpaUtil; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; - -/** - * @author jricher - * - */ -@Repository -public class JpaResourceSetRepository implements ResourceSetRepository { - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager em; - private static Logger logger = LoggerFactory.getLogger(JpaResourceSetRepository.class); - - @Override - @Transactional(value="defaultTransactionManager") - public ResourceSet save(ResourceSet rs) { - return JpaUtil.saveOrUpdate(rs.getId(), em, rs); - } - - @Override - public ResourceSet getById(Long id) { - return em.find(ResourceSet.class, id); - } - - @Override - @Transactional(value="defaultTransactionManager") - public void remove(ResourceSet rs) { - ResourceSet found = getById(rs.getId()); - if (found != null) { - em.remove(found); - } else { - logger.info("Tried to remove unknown resource set: " + rs.getId()); - } - } - - @Override - public Collection getAllForOwner(String owner) { - TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_BY_OWNER, ResourceSet.class); - query.setParameter(ResourceSet.PARAM_OWNER, owner); - return query.getResultList(); - } - - @Override - public Collection getAllForOwnerAndClient(String owner, String clientId) { - TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_BY_OWNER_AND_CLIENT, ResourceSet.class); - query.setParameter(ResourceSet.PARAM_OWNER, owner); - query.setParameter(ResourceSet.PARAM_CLIENTID, clientId); - return query.getResultList(); - } - - @Override - public Collection getAll() { - TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_ALL, ResourceSet.class); - return query.getResultList(); - } - - /* (non-Javadoc) - * @see org.mitre.uma.repository.ResourceSetRepository#getAllForClient(org.mitre.oauth2.model.ClientDetailsEntity) - */ - @Override - public Collection getAllForClient(String clientId) { - TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_BY_CLIENT, ResourceSet.class); - query.setParameter(ResourceSet.PARAM_CLIENTID, clientId); - return query.getResultList(); - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java deleted file mode 100644 index 8b9c379e48..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java +++ /dev/null @@ -1,96 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.service.impl; - -import java.sql.Date; -import java.util.Set; -import java.util.UUID; - -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.uma.model.Permission; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.repository.PermissionRepository; -import org.mitre.uma.service.PermissionService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException; -import org.springframework.stereotype.Service; - -/** - * @author jricher - * - */ -@Service -public class DefaultPermissionService implements PermissionService { - - @Autowired - private PermissionRepository repository; - - @Autowired - private SystemScopeService scopeService; - - private Long permissionExpirationSeconds = 60L * 60L; // 1 hr - - /* (non-Javadoc) - * @see org.mitre.uma.service.PermissionService#create(org.mitre.uma.model.ResourceSet, java.util.Set) - */ - @Override - public PermissionTicket createTicket(ResourceSet resourceSet, Set scopes) { - - // check to ensure that the scopes requested are a subset of those in the resource set - - if (!scopeService.scopesMatch(resourceSet.getScopes(), scopes)) { - throw new InsufficientScopeException("Scopes of resource set are not enough for requested permission."); - } - - Permission perm = new Permission(); - perm.setResourceSet(resourceSet); - perm.setScopes(scopes); - - PermissionTicket ticket = new PermissionTicket(); - ticket.setPermission(perm); - ticket.setTicket(UUID.randomUUID().toString()); - ticket.setExpiration(new Date(System.currentTimeMillis() + permissionExpirationSeconds * 1000L)); - - return repository.save(ticket); - - } - - /* (non-Javadoc) - * @see org.mitre.uma.service.PermissionService#getByTicket(java.lang.String) - */ - @Override - public PermissionTicket getByTicket(String ticket) { - return repository.getByTicket(ticket); - } - - /* (non-Javadoc) - * @see org.mitre.uma.service.PermissionService#updateTicket(org.mitre.uma.model.PermissionTicket) - */ - @Override - public PermissionTicket updateTicket(PermissionTicket ticket) { - if (ticket.getId() != null) { - return repository.save(ticket); - } else { - return null; - } - - } - - - -} diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java deleted file mode 100644 index a5c3e5ec4b..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java +++ /dev/null @@ -1,149 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.service.impl; - -import java.util.Collection; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.model.Policy; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.repository.PermissionRepository; -import org.mitre.uma.repository.ResourceSetRepository; -import org.mitre.uma.service.ResourceSetService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Primary; -import org.springframework.stereotype.Service; - -/** - * @author jricher - * - */ -@Service -@Primary -public class DefaultResourceSetService implements ResourceSetService { - - private static final Logger logger = LoggerFactory.getLogger(DefaultResourceSetService.class); - - @Autowired - private ResourceSetRepository repository; - - @Autowired - private OAuth2TokenRepository tokenRepository; - - @Autowired - private PermissionRepository ticketRepository; - - @Override - public ResourceSet saveNew(ResourceSet rs) { - - if (rs.getId() != null) { - throw new IllegalArgumentException("Can't save a new resource set with an ID already set to it."); - } - - if (!checkScopeConsistency(rs)) { - throw new IllegalArgumentException("Can't save a resource set with inconsistent claims."); - } - - ResourceSet saved = repository.save(rs); - - return saved; - - } - - @Override - public ResourceSet getById(Long id) { - return repository.getById(id); - } - - @Override - public ResourceSet update(ResourceSet oldRs, ResourceSet newRs) { - - if (oldRs.getId() == null || newRs.getId() == null - || !oldRs.getId().equals(newRs.getId())) { - - throw new IllegalArgumentException("Resource set IDs mismatched"); - - } - - if (!checkScopeConsistency(newRs)) { - throw new IllegalArgumentException("Can't save a resource set with inconsistent claims."); - } - - newRs.setOwner(oldRs.getOwner()); // preserve the owner tag across updates - newRs.setClientId(oldRs.getClientId()); // preserve the client id across updates - - ResourceSet saved = repository.save(newRs); - - return saved; - - } - - @Override - public void remove(ResourceSet rs) { - // find all the access tokens issued against this resource set and revoke them - Collection tokens = tokenRepository.getAccessTokensForResourceSet(rs); - for (OAuth2AccessTokenEntity token : tokens) { - tokenRepository.removeAccessToken(token); - } - - // find all outstanding tickets issued against this resource set and revoke them too - Collection tickets = ticketRepository.getPermissionTicketsForResourceSet(rs); - for (PermissionTicket ticket : tickets) { - ticketRepository.remove(ticket); - } - - repository.remove(rs); - } - - @Override - public Collection getAllForOwner(String owner) { - return repository.getAllForOwner(owner); - } - - @Override - public Collection getAllForOwnerAndClient(String owner, String clientId) { - return repository.getAllForOwnerAndClient(owner, clientId); - } - - private boolean checkScopeConsistency(ResourceSet rs) { - if (rs.getPolicies() == null) { - // nothing to check, no problem! - return true; - } - for (Policy policy : rs.getPolicies()) { - if (!rs.getScopes().containsAll(policy.getScopes())) { - return false; - } - } - // we've checked everything, we're good - return true; - } - - /* (non-Javadoc) - * @see org.mitre.uma.service.ResourceSetService#getAllForClient(org.mitre.oauth2.model.ClientDetailsEntity) - */ - @Override - public Collection getAllForClient(ClientDetailsEntity client) { - return repository.getAllForClient(client.getClientId()); - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java deleted file mode 100644 index 62bd24eac0..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java +++ /dev/null @@ -1,120 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.service.impl; - -import java.util.Date; -import java.util.HashSet; -import java.util.Set; -import java.util.UUID; - -import org.mitre.jwt.signer.service.JWTSigningAndValidationService; -import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.uma.model.Permission; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.model.Policy; -import org.mitre.uma.service.UmaTokenService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.stereotype.Service; - -import com.google.common.collect.Lists; -import com.google.common.collect.Sets; -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.SignedJWT; - -/** - * @author jricher - * - */ -@Service("defaultUmaTokenService") -public class DefaultUmaTokenService implements UmaTokenService { - - @Autowired - private AuthenticationHolderRepository authenticationHolderRepository; - - @Autowired - private OAuth2TokenEntityService tokenService; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private ConfigurationPropertiesBean config; - - @Autowired - private JWTSigningAndValidationService jwtService; - - - @Override - public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy) { - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setAuthentication(o2auth); - authHolder = authenticationHolderRepository.save(authHolder); - - token.setAuthenticationHolder(authHolder); - - ClientDetailsEntity client = clientService.loadClientByClientId(o2auth.getOAuth2Request().getClientId()); - token.setClient(client); - - Set ticketScopes = ticket.getPermission().getScopes(); - Set policyScopes = policy.getScopes(); - - Permission perm = new Permission(); - perm.setResourceSet(ticket.getPermission().getResourceSet()); - perm.setScopes(new HashSet<>(Sets.intersection(ticketScopes, policyScopes))); - - token.setPermissions(Sets.newHashSet(perm)); - - JWTClaimsSet.Builder claims = new JWTClaimsSet.Builder(); - - claims.audience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString())); - claims.issuer(config.getIssuer()); - claims.jwtID(UUID.randomUUID().toString()); - - if (config.getRqpTokenLifeTime() != null) { - Date exp = new Date(System.currentTimeMillis() + config.getRqpTokenLifeTime() * 1000L); - - claims.expirationTime(exp); - token.setExpiration(exp); - } - - - JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm(); - JWSHeader header = new JWSHeader(signingAlgorithm, null, null, null, null, null, null, null, null, null, - jwtService.getDefaultSignerKeyId(), - null, null); - SignedJWT signed = new SignedJWT(header, claims.build()); - - jwtService.signJwt(signed); - - token.setJwt(signed); - - tokenService.saveAccessToken(token); - - return token; - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java deleted file mode 100644 index 8ceb548e8c..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java +++ /dev/null @@ -1,95 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.service.impl; - -import java.util.Collection; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; -import javax.persistence.TypedQuery; - -import org.mitre.oauth2.model.RegisteredClient; -import org.mitre.openid.connect.client.service.RegisteredClientService; -import org.mitre.uma.model.SavedRegisteredClient; -import org.mitre.uma.service.SavedRegisteredClientService; -import org.mitre.util.jpa.JpaUtil; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -/** - * @author jricher - * - */ -@Service -public class JpaRegisteredClientService implements RegisteredClientService, SavedRegisteredClientService{ - - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager em; - - /* (non-Javadoc) - * @see org.mitre.openid.connect.client.service.RegisteredClientService#getByIssuer(java.lang.String) - */ - @Override - public RegisteredClient getByIssuer(String issuer) { - SavedRegisteredClient saved = getSavedRegisteredClientFromStorage(issuer); - - if (saved == null) { - return null; - } else { - return saved.getRegisteredClient(); - } - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.client.service.RegisteredClientService#save(java.lang.String, org.mitre.oauth2.model.RegisteredClient) - */ - @Override - @Transactional(value="defaultTransactionManager") - public void save(String issuer, RegisteredClient client) { - - - SavedRegisteredClient saved = getSavedRegisteredClientFromStorage(issuer); - - if (saved == null) { - saved = new SavedRegisteredClient(); - saved.setIssuer(issuer); - } - - saved.setRegisteredClient(client); - - em.persist(saved); - - } - - private SavedRegisteredClient getSavedRegisteredClientFromStorage(String issuer) { - TypedQuery query = em.createQuery("SELECT c from SavedRegisteredClient c where c.issuer = :issuer", SavedRegisteredClient.class); - query.setParameter("issuer", issuer); - - SavedRegisteredClient saved = JpaUtil.getSingleResult(query.getResultList()); - return saved; - } - - /** - * @return - */ - @Override - public Collection getAll() { - TypedQuery query = em.createQuery("SELECT c from SavedRegisteredClient c", SavedRegisteredClient.class); - return query.getResultList(); - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java deleted file mode 100644 index 7d480bf619..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java +++ /dev/null @@ -1,89 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.service.impl; - -import java.util.Collection; -import java.util.HashSet; - -import org.mitre.uma.model.Claim; -import org.mitre.uma.model.ClaimProcessingResult; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.model.Policy; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.service.ClaimsProcessingService; -import org.springframework.stereotype.Service; - -/** - * Tests if all the claims in the required set have a matching - * value in the supplied set. - * - * @author jricher - * - */ -@Service("matchAllClaimsOnAnyPolicy") -public class MatchAllClaimsOnAnyPolicy implements ClaimsProcessingService { - - /* (non-Javadoc) - * @see org.mitre.uma.service.ClaimsProcessingService#claimsAreSatisfied(java.util.Collection, java.util.Collection) - */ - @Override - public ClaimProcessingResult claimsAreSatisfied(ResourceSet rs, PermissionTicket ticket) { - Collection allUnmatched = new HashSet<>(); - for (Policy policy : rs.getPolicies()) { - Collection unmatched = checkIndividualClaims(policy.getClaimsRequired(), ticket.getClaimsSupplied()); - if (unmatched.isEmpty()) { - // we found something that's satisfied the claims, let's go with it! - return new ClaimProcessingResult(policy); - } else { - // otherwise add it to the stack to send back - allUnmatched.addAll(unmatched); - } - } - - // otherwise, tell the caller that we'll need some set of these fulfilled somehow - return new ClaimProcessingResult(allUnmatched); - } - - private Collection checkIndividualClaims(Collection claimsRequired, Collection claimsSupplied) { - - Collection claimsUnmatched = new HashSet<>(claimsRequired); - - // see if each of the required claims has a counterpart in the supplied claims set - for (Claim required : claimsRequired) { - for (Claim supplied : claimsSupplied) { - - if (required.getIssuer().containsAll(supplied.getIssuer())) { - // it's from the right issuer - - if (required.getName().equals(supplied.getName()) && - required.getValue().equals(supplied.getValue())) { - - // the claim matched, pull it from the set - claimsUnmatched.remove(required); - - } - - } - } - } - - // if there's anything left then the claims aren't satisfied, return the leftovers - return claimsUnmatched; - - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/UmaDataServiceExtension_1_3.java b/uma-server/src/main/java/org/mitre/uma/service/impl/UmaDataServiceExtension_1_3.java deleted file mode 100644 index 6e9fba180f..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/service/impl/UmaDataServiceExtension_1_3.java +++ /dev/null @@ -1,715 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.service.impl; - -import static org.mitre.util.JsonUtils.readSet; - -import java.io.IOException; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.RegisteredClient; -import org.mitre.oauth2.repository.OAuth2TokenRepository; -import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; -import org.mitre.openid.connect.service.MITREidDataService; -import org.mitre.openid.connect.service.MITREidDataServiceExtension; -import org.mitre.openid.connect.service.MITREidDataServiceMaps; -import org.mitre.openid.connect.service.impl.MITREidDataServiceSupport; -import org.mitre.uma.model.Claim; -import org.mitre.uma.model.Permission; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.model.Policy; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.model.SavedRegisteredClient; -import org.mitre.uma.repository.PermissionRepository; -import org.mitre.uma.repository.ResourceSetRepository; -import org.mitre.uma.service.SavedRegisteredClientService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import com.google.gson.JsonElement; -import com.google.gson.JsonParser; -import com.google.gson.stream.JsonReader; -import com.google.gson.stream.JsonToken; -import com.google.gson.stream.JsonWriter; - -/** - * @author jricher - * - */ -@Service("umaDataExtension_1_3") -public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport implements MITREidDataServiceExtension { - - private static final String THIS_VERSION = MITREidDataService.MITREID_CONNECT_1_3; - - private static final String REGISTERED_CLIENT = "registeredClient"; - private static final String URI = "uri"; - private static final String NAME = "name"; - private static final String TYPE = "type"; - private static final String VALUE = "value"; - private static final String CLIENT_ID = "clientId"; - private static final String EXPIRATION = "expiration"; - private static final String ID = "id"; - private static final String ICON_URI = "iconUri"; - private static final String OWNER = "owner"; - private static final String POLICIES = "policies"; - private static final String SCOPES = "scopes"; - private static final String CLAIMS_REQUIRED = "claimsRequired"; - private static final String ISSUER = "issuer"; - private static final String CLAIM_TOKEN_FORMAT = "claimTokenFormat"; - private static final String CLAIM_TYPE = "claimType"; - private static final String FRIENDLY_NAME = "friendlyName"; - private static final String PERMISSIONS = "permissions"; - private static final String RESOURCE_SET = "resourceSet"; - private static final String PERMISSION_TICKETS = "permissionTickets"; - private static final String PERMISSION = "permission"; - private static final String TICKET = "ticket"; - private static final String CLAIMS_SUPPLIED = "claimsSupplied"; - private static final String SAVED_REGISTERED_CLIENTS = "savedRegisteredClients"; - private static final String RESOURCE_SETS = "resourceSets"; - private static final String TOKEN_PERMISSIONS = "tokenPermissions"; - private static final String TOKEN_ID = "tokenId"; - - private static final Logger logger = LoggerFactory.getLogger(UmaDataServiceExtension_1_3.class); - - - - @Autowired - private SavedRegisteredClientService registeredClientService; - @Autowired - private ResourceSetRepository resourceSetRepository; - @Autowired - private PermissionRepository permissionRepository; - @Autowired - private OAuth2TokenRepository tokenRepository; - - private Map> tokenToPermissionRefs = new HashMap<>(); - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataServiceExtension#supportsVersion(java.lang.String) - */ - @Override - public boolean supportsVersion(String version) { - return THIS_VERSION.equals(version); - - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataServiceExtension#exportExtensionData(com.google.gson.stream.JsonWriter) - */ - @Override - public void exportExtensionData(JsonWriter writer) throws IOException { - writer.name(SAVED_REGISTERED_CLIENTS); - writer.beginArray(); - writeSavedRegisteredClients(writer); - writer.endArray(); - - writer.name(RESOURCE_SETS); - writer.beginArray(); - writeResourceSets(writer); - writer.endArray(); - - writer.name(PERMISSION_TICKETS); - writer.beginArray(); - writePermissionTickets(writer); - writer.endArray(); - - writer.name(TOKEN_PERMISSIONS); - writer.beginArray(); - writeTokenPermissions(writer); - writer.endArray(); - } - - /** - * @param writer - * @throws IOException - */ - private void writeTokenPermissions(JsonWriter writer) throws IOException { - for (OAuth2AccessTokenEntity token : tokenRepository.getAllAccessTokens()) { - if (!token.getPermissions().isEmpty()) { // skip tokens that don't have the permissions structure attached - writer.beginObject(); - writer.name(TOKEN_ID).value(token.getId()); - writer.name(PERMISSIONS); - writer.beginArray(); - for (Permission p : token.getPermissions()) { - writer.beginObject(); - writer.name(RESOURCE_SET).value(p.getResourceSet().getId()); - writer.name(SCOPES); - writer.beginArray(); - for (String s : p.getScopes()) { - writer.value(s); - } - writer.endArray(); - writer.endObject(); - } - writer.endArray(); - - writer.endObject(); - } - } - } - - /** - * @param writer - * @throws IOException - */ - private void writePermissionTickets(JsonWriter writer) throws IOException { - for (PermissionTicket ticket : permissionRepository.getAll()) { - writer.beginObject(); - - writer.name(CLAIMS_SUPPLIED); - writer.beginArray(); - for (Claim claim : ticket.getClaimsSupplied()) { - writer.beginObject(); - - writer.name(ISSUER); - writer.beginArray(); - for (String issuer : claim.getIssuer()) { - writer.value(issuer); - } - writer.endArray(); - writer.name(CLAIM_TOKEN_FORMAT); - writer.beginArray(); - for (String format : claim.getClaimTokenFormat()) { - writer.value(format); - } - writer.endArray(); - writer.name(CLAIM_TYPE).value(claim.getClaimType()); - writer.name(FRIENDLY_NAME).value(claim.getFriendlyName()); - writer.name(NAME).value(claim.getName()); - writer.name(VALUE).value(claim.getValue().toString()); - writer.endObject(); - } - writer.endArray(); - - writer.name(EXPIRATION).value(toUTCString(ticket.getExpiration())); - - writer.name(PERMISSION); - writer.beginObject(); - Permission p = ticket.getPermission(); - writer.name(RESOURCE_SET).value(p.getResourceSet().getId()); - writer.name(SCOPES); - writer.beginArray(); - for (String s : p.getScopes()) { - writer.value(s); - } - writer.endArray(); - writer.endObject(); - - writer.name(TICKET).value(ticket.getTicket()); - - writer.endObject(); - } - - - } - - /** - * @param writer - * @throws IOException - */ - private void writeResourceSets(JsonWriter writer) throws IOException { - for (ResourceSet rs : resourceSetRepository.getAll()) { - writer.beginObject(); - writer.name(ID).value(rs.getId()); - writer.name(CLIENT_ID).value(rs.getClientId()); - writer.name(ICON_URI).value(rs.getIconUri()); - writer.name(NAME).value(rs.getName()); - writer.name(TYPE).value(rs.getType()); - writer.name(URI).value(rs.getUri()); - writer.name(OWNER).value(rs.getOwner()); - writer.name(POLICIES); - writer.beginArray(); - for (Policy policy : rs.getPolicies()) { - writer.beginObject(); - writer.name(NAME).value(policy.getName()); - writer.name(SCOPES); - writer.beginArray(); - for (String scope : policy.getScopes()) { - writer.value(scope); - } - writer.endArray(); - writer.name(CLAIMS_REQUIRED); - writer.beginArray(); - for (Claim claim : policy.getClaimsRequired()) { - writer.beginObject(); - - writer.name(ISSUER); - writer.beginArray(); - for (String issuer : claim.getIssuer()) { - writer.value(issuer); - } - writer.endArray(); - writer.name(CLAIM_TOKEN_FORMAT); - writer.beginArray(); - for (String format : claim.getClaimTokenFormat()) { - writer.value(format); - } - writer.endArray(); - writer.name(CLAIM_TYPE).value(claim.getClaimType()); - writer.name(FRIENDLY_NAME).value(claim.getFriendlyName()); - writer.name(NAME).value(claim.getName()); - writer.name(VALUE).value(claim.getValue().toString()); - writer.endObject(); - } - writer.endArray(); - writer.endObject(); - } - writer.endArray(); - writer.name(SCOPES); - writer.beginArray(); - for (String scope : rs.getScopes()) { - writer.value(scope); - } - writer.endArray(); - writer.endObject(); - logger.debug("Finished writing resource set {}", rs.getId()); - } - - } - - /** - * @param writer - */ - private void writeSavedRegisteredClients(JsonWriter writer) throws IOException { - for (SavedRegisteredClient src : registeredClientService.getAll()) { - writer.beginObject(); - writer.name(ISSUER).value(src.getIssuer()); - writer.name(REGISTERED_CLIENT).value(src.getRegisteredClient().getSource().toString()); - writer.endObject(); - logger.debug("Wrote saved registered client {}", src.getId()); - } - logger.info("Done writing saved registered clients"); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataServiceExtension#importExtensionData(com.google.gson.stream.JsonReader) - */ - @Override - public boolean importExtensionData(String name, JsonReader reader) throws IOException { - if (name.equals(SAVED_REGISTERED_CLIENTS)) { - readSavedRegisteredClients(reader); - return true; - } else if (name.equals(RESOURCE_SETS)) { - readResourceSets(reader); - return true; - } else if (name.equals(PERMISSION_TICKETS)) { - readPermissionTickets(reader); - return true; - } else if (name.equals(TOKEN_PERMISSIONS)) { - readTokenPermissions(reader); - return true; - } else { - return false; - } - } - - /** - * @param reader - */ - private void readTokenPermissions(JsonReader reader) throws IOException { - reader.beginArray(); - while(reader.hasNext()) { - reader.beginObject(); - Long tokenId = null; - Set permissions = new HashSet<>(); - while (reader.hasNext()) { - switch(reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (name.equals(TOKEN_ID)) { - tokenId = reader.nextLong(); - } else if (name.equals(PERMISSIONS)) { - reader.beginArray(); - while (reader.hasNext()) { - Permission p = new Permission(); - Long rsid = null; - Set scope = new HashSet<>(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String pname = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (pname.equals(RESOURCE_SET)) { - rsid = reader.nextLong(); - } else if (pname.equals(SCOPES)) { - scope = readSet(reader); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - p.setScopes(scope); - Permission saved = permissionRepository.saveRawPermission(p); - permissionToResourceRefs.put(saved.getId(), rsid); - permissions.add(saved.getId()); - } - reader.endArray(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - tokenToPermissionRefs.put(tokenId, permissions); - } - reader.endArray(); - - } - - private Map permissionToResourceRefs = new HashMap<>(); - - /** - * @param reader - */ - private void readPermissionTickets(JsonReader reader) throws IOException { - JsonParser parser = new JsonParser(); - reader.beginArray(); - while (reader.hasNext()) { - PermissionTicket ticket = new PermissionTicket(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(CLAIMS_SUPPLIED)) { - Set claimsSupplied = new HashSet<>(); - reader.beginArray(); - while (reader.hasNext()) { - Claim c = new Claim(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String cname = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (cname.equals(ISSUER)) { - c.setIssuer(readSet(reader)); - } else if (cname.equals(CLAIM_TOKEN_FORMAT)) { - c.setClaimTokenFormat(readSet(reader)); - } else if (cname.equals(CLAIM_TYPE)) { - c.setClaimType(reader.nextString()); - } else if (cname.equals(FRIENDLY_NAME)) { - c.setFriendlyName(reader.nextString()); - } else if (cname.equals(NAME)) { - c.setName(reader.nextString()); - } else if (cname.equals(VALUE)) { - JsonElement e = parser.parse(reader.nextString()); - c.setValue(e); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - claimsSupplied.add(c); - } - reader.endArray(); - ticket.setClaimsSupplied(claimsSupplied); - } else if (name.equals(EXPIRATION)) { - ticket.setExpiration(utcToDate(reader.nextString())); - } else if (name.equals(PERMISSION)) { - Permission p = new Permission(); - Long rsid = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String pname = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (pname.equals(RESOURCE_SET)) { - rsid = reader.nextLong(); - } else if (pname.equals(SCOPES)) { - p.setScopes(readSet(reader)); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Permission saved = permissionRepository.saveRawPermission(p); - permissionToResourceRefs.put(saved.getId(), rsid); - ticket.setPermission(saved); - } else if (name.equals(TICKET)) { - ticket.setTicket(reader.nextString()); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - permissionRepository.save(ticket); - } - reader.endArray(); - } - - - private Map resourceSetOldToNewIdMap = new HashMap<>(); - - /** - * @param reader - */ - private void readResourceSets(JsonReader reader) throws IOException { - JsonParser parser = new JsonParser(); - reader.beginArray(); - while (reader.hasNext()) { - Long oldId = null; - ResourceSet rs = new ResourceSet(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ID)) { - oldId = reader.nextLong(); - } else if (name.equals(CLIENT_ID)) { - rs.setClientId(reader.nextString()); - } else if (name.equals(ICON_URI)) { - rs.setIconUri(reader.nextString()); - } else if (name.equals(NAME)) { - rs.setName(reader.nextString()); - } else if (name.equals(TYPE)) { - rs.setType(reader.nextString()); - } else if (name.equals(URI)) { - rs.setUri(reader.nextString()); - } else if (name.equals(OWNER)) { - rs.setOwner(reader.nextString()); - } else if (name.equals(POLICIES)) { - Set policies = new HashSet<>(); - reader.beginArray(); - while (reader.hasNext()) { - Policy p = new Policy(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String pname = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (pname.equals(NAME)) { - p.setName(reader.nextString()); - } else if (pname.equals(SCOPES)) { - p.setScopes(readSet(reader)); - } else if (pname.equals(CLAIMS_REQUIRED)) { - Set claimsRequired = new HashSet<>(); - reader.beginArray(); - while (reader.hasNext()) { - Claim c = new Claim(); - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String cname = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (cname.equals(ISSUER)) { - c.setIssuer(readSet(reader)); - } else if (cname.equals(CLAIM_TOKEN_FORMAT)) { - c.setClaimTokenFormat(readSet(reader)); - } else if (cname.equals(CLAIM_TYPE)) { - c.setClaimType(reader.nextString()); - } else if (cname.equals(FRIENDLY_NAME)) { - c.setFriendlyName(reader.nextString()); - } else if (cname.equals(NAME)) { - c.setName(reader.nextString()); - } else if (cname.equals(VALUE)) { - JsonElement e = parser.parse(reader.nextString()); - c.setValue(e); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - claimsRequired.add(c); - } - reader.endArray(); - p.setClaimsRequired(claimsRequired); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - policies.add(p); - } - reader.endArray(); - rs.setPolicies(policies); - } else if (name.equals(SCOPES)) { - rs.setScopes(readSet(reader)); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - Long newId = resourceSetRepository.save(rs).getId(); - resourceSetOldToNewIdMap.put(oldId, newId); - } - reader.endArray(); - logger.info("Done reading resource sets"); - } - - /** - * @param reader - */ - private void readSavedRegisteredClients(JsonReader reader) throws IOException{ - reader.beginArray(); - while (reader.hasNext()) { - String issuer = null; - String clientString = null; - reader.beginObject(); - while (reader.hasNext()) { - switch (reader.peek()) { - case END_OBJECT: - continue; - case NAME: - String name = reader.nextName(); - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else if (name.equals(ISSUER)) { - issuer = reader.nextString(); - } else if (name.equals(REGISTERED_CLIENT)) { - clientString = reader.nextString(); - } else { - logger.debug("Found unexpected entry"); - reader.skipValue(); - } - break; - default: - logger.debug("Found unexpected entry"); - reader.skipValue(); - continue; - } - } - reader.endObject(); - RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(clientString); - registeredClientService.save(issuer, client); - logger.debug("Saved registered client"); - } - reader.endArray(); - logger.info("Done reading saved registered clients"); - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.MITREidDataServiceExtension#fixExtensionObjectReferences() - */ - @Override - public void fixExtensionObjectReferences(MITREidDataServiceMaps maps) { - for (Long permissionId : permissionToResourceRefs.keySet()) { - Long oldResourceId = permissionToResourceRefs.get(permissionId); - Long newResourceId = resourceSetOldToNewIdMap.get(oldResourceId); - Permission p = permissionRepository.getById(permissionId); - ResourceSet rs = resourceSetRepository.getById(newResourceId); - p.setResourceSet(rs); - permissionRepository.saveRawPermission(p); - logger.debug("Mapping rsid " + oldResourceId + " to " + newResourceId + " for permission " + permissionId); - } - for (Long tokenId : tokenToPermissionRefs.keySet()) { - Long newTokenId = maps.getAccessTokenOldToNewIdMap().get(tokenId); - OAuth2AccessTokenEntity token = tokenRepository.getAccessTokenById(newTokenId); - - Set permissions = new HashSet<>(); - for (Long permissionId : tokenToPermissionRefs.get(tokenId)) { - Permission p = permissionRepository.getById(permissionId); - permissions.add(p); - } - - token.setPermissions(permissions); - tokenRepository.saveAccessToken(token); - } - permissionToResourceRefs.clear(); - resourceSetOldToNewIdMap.clear(); - tokenToPermissionRefs.clear(); - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java b/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java deleted file mode 100644 index 9626eba04a..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.util; - -import java.util.Collection; - -import org.mitre.openid.connect.client.OIDCAuthoritiesMapper; -import org.mitre.openid.connect.model.UserInfo; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; - -import com.google.common.collect.Sets; -import com.nimbusds.jwt.JWT; - -/** - * Utility class to map all external logins to the ROLE_EXTERNAL_USER authority - * to prevent them from accessing other parts of the server. - * - * @author jricher - * - */ -public class ExternalLoginAuthoritiesMapper implements OIDCAuthoritiesMapper { - - private static final GrantedAuthority ROLE_EXTERNAL_USER = new SimpleGrantedAuthority("ROLE_EXTERNAL_USER"); - - @Override - public Collection mapAuthorities(JWT idToken, UserInfo userInfo) { - return Sets.newHashSet(ROLE_EXTERNAL_USER); - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java b/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java deleted file mode 100644 index 9f581fb67c..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java +++ /dev/null @@ -1,119 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.uma.view; - -import java.io.IOException; -import java.io.Writer; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.uma.model.ResourceSet; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpStatus; -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.common.base.Strings; -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonObject; -import com.google.gson.LongSerializationPolicy; - -@Component(ResourceSetEntityAbbreviatedView.VIEWNAME) -public class ResourceSetEntityAbbreviatedView extends AbstractView { - private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class); - - public static final String VIEWNAME = "resourceSetEntityAbbreviatedView"; - - public static final String LOCATION = "location"; - - @Autowired - private ConfigurationPropertiesBean config; - - private Gson gson = new GsonBuilder() - .setExclusionStrategies(new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - - return false; - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }) - .serializeNulls() - .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") - .setLongSerializationPolicy(LongSerializationPolicy.STRING) - .create(); - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - response.setContentType("application/json"); - - - HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); - if (code == null) { - code = HttpStatus.OK; // default to 200 - } - - response.setStatus(code.value()); - - String location = (String) model.get(LOCATION); - if (!Strings.isNullOrEmpty(location)) { - response.setHeader(HttpHeaders.LOCATION, location); - } - - try { - - Writer out = response.getWriter(); - ResourceSet rs = (ResourceSet) model.get(JsonEntityView.ENTITY); - - JsonObject o = new JsonObject(); - - o.addProperty("_id", rs.getId().toString()); // set the ID to a string - o.addProperty("user_access_policy_uri", config.getIssuer() + "manage/user/policy/" + rs.getId()); - - - gson.toJson(o, out); - - } catch (IOException e) { - - logger.error("IOException in ResourceSetEntityView.java: ", e); - - } - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java b/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java deleted file mode 100644 index e34e474313..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java +++ /dev/null @@ -1,121 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.uma.view; - -import java.io.IOException; -import java.io.Writer; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.uma.model.ResourceSet; -import org.mitre.util.JsonUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpStatus; -import org.springframework.stereotype.Component; -import org.springframework.validation.BeanPropertyBindingResult; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.common.base.Strings; -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonObject; -import com.google.gson.LongSerializationPolicy; - -@Component(ResourceSetEntityView.VIEWNAME) -public class ResourceSetEntityView extends AbstractView { - private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class); - - public static final String VIEWNAME = "resourceSetEntityView"; - - @Autowired - private ConfigurationPropertiesBean config; - - private Gson gson = new GsonBuilder() - .setExclusionStrategies(new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - - return false; - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } - return false; - } - - }) - .serializeNulls() - .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ") - .setLongSerializationPolicy(LongSerializationPolicy.STRING) - .create(); - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - - response.setContentType("application/json"); - - - HttpStatus code = (HttpStatus) model.get("code"); - if (code == null) { - code = HttpStatus.OK; // default to 200 - } - - response.setStatus(code.value()); - - String location = (String) model.get("location"); - if (!Strings.isNullOrEmpty(location)) { - response.setHeader(HttpHeaders.LOCATION, location); - } - - try { - - Writer out = response.getWriter(); - ResourceSet rs = (ResourceSet) model.get("entity"); - - JsonObject o = new JsonObject(); - - o.addProperty("_id", rs.getId().toString()); // send the id as a string - o.addProperty("user_access_policy_uri", config.getIssuer() + "manage/resource/" + rs.getId()); - o.addProperty("name", rs.getName()); - o.addProperty("uri", rs.getUri()); - o.addProperty("type", rs.getType()); - o.add("scopes", JsonUtils.getAsArray(rs.getScopes())); - o.addProperty("icon_uri", rs.getIconUri()); - - gson.toJson(o, out); - - } catch (IOException e) { - - logger.error("IOException in ResourceSetEntityView.java: ", e); - - } - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java deleted file mode 100644 index 04f8378445..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java +++ /dev/null @@ -1,202 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.web; - -import java.util.Map; - -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.oauth2.web.AuthenticationUtilities; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.mitre.uma.model.Claim; -import org.mitre.uma.model.ClaimProcessingResult; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.service.ClaimsProcessingService; -import org.mitre.uma.service.PermissionService; -import org.mitre.uma.service.UmaTokenService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.util.MimeTypeUtils; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.common.collect.ImmutableMap; -import com.google.gson.JsonArray; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonPrimitive; - -/** - * @author jricher - * - */ -@Controller -@RequestMapping("/" + AuthorizationRequestEndpoint.URL) -public class AuthorizationRequestEndpoint { - // Logger for this class - private static final Logger logger = LoggerFactory.getLogger(AuthorizationRequestEndpoint.class); - - public static final String RPT = "rpt"; - public static final String TICKET = "ticket"; - public static final String URL = "authz_request"; - - @Autowired - private PermissionService permissionService; - - @Autowired - private OAuth2TokenEntityService tokenService; - - @Autowired - private ClaimsProcessingService claimsProcessingService; - - @Autowired - private UmaTokenService umaTokenService; - - @RequestMapping(method = RequestMethod.POST, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String authorizationRequest(@RequestBody String jsonString, Model m, Authentication auth) { - - AuthenticationUtilities.ensureOAuthScope(auth, SystemScopeService.UMA_AUTHORIZATION_SCOPE); - - JsonParser parser = new JsonParser(); - JsonElement e = parser.parse(jsonString); - - if (e.isJsonObject()) { - JsonObject o = e.getAsJsonObject(); - - if (o.has(TICKET)) { - - OAuth2AccessTokenEntity incomingRpt = null; - if (o.has(RPT)) { - String rptValue = o.get(RPT).getAsString(); - incomingRpt = tokenService.readAccessToken(rptValue); - } - - String ticketValue = o.get(TICKET).getAsString(); - - PermissionTicket ticket = permissionService.getByTicket(ticketValue); - - if (ticket != null) { - // found the ticket, see if it's any good - - ResourceSet rs = ticket.getPermission().getResourceSet(); - - if (rs.getPolicies() == null || rs.getPolicies().isEmpty()) { - // the required claims are empty, this resource has no way to be authorized - - m.addAttribute(JsonErrorView.ERROR, "not_authorized"); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This resource set can not be accessed."); - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return JsonErrorView.VIEWNAME; - } else { - // claims weren't empty or missing, we need to check against what we have - - ClaimProcessingResult result = claimsProcessingService.claimsAreSatisfied(rs, ticket); - - - if (result.isSatisfied()) { - // the service found what it was looking for, issue a token - - // we need to downscope this based on the required set that was matched if it was matched - OAuth2Authentication o2auth = (OAuth2Authentication) auth; - - OAuth2AccessTokenEntity token = umaTokenService.createRequestingPartyToken(o2auth, ticket, result.getMatched()); - - // if we have an inbound RPT, throw it out because we're replacing it - if (incomingRpt != null) { - tokenService.revokeAccessToken(incomingRpt); - } - - Map entity = ImmutableMap.of("rpt", token.getValue()); - - m.addAttribute(JsonEntityView.ENTITY, entity); - - return JsonEntityView.VIEWNAME; - - } else { - - // if we got here, the claim didn't match, forward the user to the claim gathering endpoint - JsonObject entity = new JsonObject(); - - entity.addProperty(JsonErrorView.ERROR, "need_info"); - JsonObject details = new JsonObject(); - - JsonObject rpClaims = new JsonObject(); - rpClaims.addProperty("redirect_user", true); - rpClaims.addProperty("ticket", ticketValue); - JsonArray req = new JsonArray(); - for (Claim claim : result.getUnmatched()) { - JsonObject c = new JsonObject(); - c.addProperty("name", claim.getName()); - c.addProperty("friendly_name", claim.getFriendlyName()); - c.addProperty("claim_type", claim.getClaimType()); - JsonArray f = new JsonArray(); - for (String format : claim.getClaimTokenFormat()) { - f.add(new JsonPrimitive(format)); - } - c.add("claim_token_format", f); - JsonArray i = new JsonArray(); - for (String issuer : claim.getIssuer()) { - i.add(new JsonPrimitive(issuer)); - } - c.add("issuer", i); - req.add(c); - } - rpClaims.add("required_claims", req); - details.add("requesting_party_claims", rpClaims); - entity.add("error_details", details); - - m.addAttribute(JsonEntityView.ENTITY, entity); - return JsonEntityView.VIEWNAME; - } - - - } - } else { - // ticket wasn't found, return an error - m.addAttribute(HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR, "invalid_ticket"); - return JsonErrorView.VIEWNAME; - } - - } else { - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Missing JSON elements."); - return JsonErrorView.VIEWNAME; - } - - - } else { - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Malformed JSON request."); - return JsonErrorView.VIEWNAME; - } - - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java deleted file mode 100644 index 52061e4ebf..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java +++ /dev/null @@ -1,152 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.web; - -import java.util.Set; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.openid.connect.model.OIDCAuthenticationToken; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.uma.model.Claim; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.service.PermissionService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.util.UriComponentsBuilder; - -import com.google.common.base.Strings; -import com.google.common.collect.Sets; -import com.google.gson.JsonElement; -import com.google.gson.JsonPrimitive; - -/** - * - * Collect claims interactively from the end user. - * - * @author jricher - * - */ -@Controller -@PreAuthorize("hasRole('ROLE_EXTERNAL_USER')") -@RequestMapping("/" + ClaimsCollectionEndpoint.URL) -public class ClaimsCollectionEndpoint { - // Logger for this class - private static final Logger logger = LoggerFactory.getLogger(ClaimsCollectionEndpoint.class); - - public static final String URL = "rqp_claims"; - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private PermissionService permissionService; - - - @RequestMapping(method = RequestMethod.GET) - public String collectClaims(@RequestParam("client_id") String clientId, @RequestParam(value = "redirect_uri", required = false) String redirectUri, - @RequestParam("ticket") String ticketValue, @RequestParam(value = "state", required = false) String state, - Model m, OIDCAuthenticationToken auth) { - - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - PermissionTicket ticket = permissionService.getByTicket(ticketValue); - - if (client == null || ticket == null) { - logger.info("Client or ticket not found: " + clientId + " :: " + ticketValue); - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - // we've got a client and ticket, let's attach the claims that we have from the token and userinfo - - // subject - Set claimsSupplied = Sets.newHashSet(ticket.getClaimsSupplied()); - - String issuer = auth.getIssuer(); - UserInfo userInfo = auth.getUserInfo(); - - claimsSupplied.add(mkClaim(issuer, "sub", new JsonPrimitive(auth.getSub()))); - if (userInfo.getEmail() != null) { - claimsSupplied.add(mkClaim(issuer, "email", new JsonPrimitive(userInfo.getEmail()))); - } - if (userInfo.getEmailVerified() != null) { - claimsSupplied.add(mkClaim(issuer, "email_verified", new JsonPrimitive(userInfo.getEmailVerified()))); - } - if (userInfo.getPhoneNumber() != null) { - claimsSupplied.add(mkClaim(issuer, "phone_number", new JsonPrimitive(auth.getUserInfo().getPhoneNumber()))); - } - if (userInfo.getPhoneNumberVerified() != null) { - claimsSupplied.add(mkClaim(issuer, "phone_number_verified", new JsonPrimitive(auth.getUserInfo().getPhoneNumberVerified()))); - } - if (userInfo.getPreferredUsername() != null) { - claimsSupplied.add(mkClaim(issuer, "preferred_username", new JsonPrimitive(auth.getUserInfo().getPreferredUsername()))); - } - if (userInfo.getProfile() != null) { - claimsSupplied.add(mkClaim(issuer, "profile", new JsonPrimitive(auth.getUserInfo().getProfile()))); - } - - ticket.setClaimsSupplied(claimsSupplied); - - PermissionTicket updatedTicket = permissionService.updateTicket(ticket); - - if (Strings.isNullOrEmpty(redirectUri)) { - if (client.getClaimsRedirectUris().size() == 1) { - redirectUri = client.getClaimsRedirectUris().iterator().next(); // get the first (and only) redirect URI to use here - logger.info("No redirect URI passed in, using registered value: " + redirectUri); - } else { - throw new RedirectMismatchException("Unable to find redirect URI and none passed in."); - } - } else { - if (!client.getClaimsRedirectUris().contains(redirectUri)) { - throw new RedirectMismatchException("Claims redirect did not match the registered values."); - } - } - - UriComponentsBuilder template = UriComponentsBuilder.fromUriString(redirectUri); - template.queryParam("authorization_state", "claims_submitted"); - if (!Strings.isNullOrEmpty(state)) { - template.queryParam("state", state); - } - - String uriString = template.toUriString(); - logger.info("Redirecting to " + uriString); - - return "redirect:" + uriString; - } - - - private Claim mkClaim(String issuer, String name, JsonElement value) { - Claim c = new Claim(); - c.setIssuer(Sets.newHashSet(issuer)); - c.setName(name); - c.setValue(value); - return c; - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java deleted file mode 100644 index a3b6601294..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java +++ /dev/null @@ -1,155 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.web; - -import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope; -import static org.mitre.util.JsonUtils.getAsLong; -import static org.mitre.util.JsonUtils.getAsStringSet; - -import java.util.Set; - -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.service.PermissionService; -import org.mitre.uma.service.ResourceSetService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.Authentication; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.util.MimeTypeUtils; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParseException; -import com.google.gson.JsonParser; - -/** - * @author jricher - * - */ -@Controller -@RequestMapping("/" + PermissionRegistrationEndpoint.URL) -@PreAuthorize("hasRole('ROLE_USER')") -public class PermissionRegistrationEndpoint { - // Logger for this class - private static final Logger logger = LoggerFactory.getLogger(PermissionRegistrationEndpoint.class); - - public static final String URL = "permission"; - - @Autowired - private PermissionService permissionService; - - @Autowired - private ResourceSetService resourceSetService; - - @Autowired - private SystemScopeService scopeService; - - private JsonParser parser = new JsonParser(); - - @RequestMapping(method = RequestMethod.POST, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String getPermissionTicket(@RequestBody String jsonString, Model m, Authentication auth) { - - ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); - - try { - - // parse the permission request - - JsonElement el = parser.parse(jsonString); - if (el.isJsonObject()) { - JsonObject o = el.getAsJsonObject(); - - Long rsid = getAsLong(o, "resource_set_id"); - Set scopes = getAsStringSet(o, "scopes"); - - if (rsid == null || scopes == null || scopes.isEmpty()){ - // missing information - m.addAttribute("code", HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Missing required component of permission registration request."); - return JsonErrorView.VIEWNAME; - } - - // trim any restricted scopes - Set scopesRequested = scopeService.fromStrings(scopes); - scopesRequested = scopeService.removeRestrictedAndReservedScopes(scopesRequested); - scopes = scopeService.toStrings(scopesRequested); - - ResourceSet resourceSet = resourceSetService.getById(rsid); - - // requested resource set doesn't exist - if (resourceSet == null) { - m.addAttribute("code", HttpStatus.NOT_FOUND); - m.addAttribute("errorMessage", "Requested resource set not found: " + rsid); - return JsonErrorView.VIEWNAME; - } - - // authorized user of the token doesn't match owner of the resource set - if (!resourceSet.getOwner().equals(auth.getName())) { - m.addAttribute("code", HttpStatus.FORBIDDEN); - m.addAttribute("errorMessage", "Party requesting permission is not owner of resource set, expected " + resourceSet.getOwner() + " got " + auth.getName()); - return JsonErrorView.VIEWNAME; - } - - // create the permission - PermissionTicket permission = permissionService.createTicket(resourceSet, scopes); - - if (permission != null) { - // we've created the permission, return the ticket - JsonObject out = new JsonObject(); - out.addProperty("ticket", permission.getTicket()); - m.addAttribute("entity", out); - - m.addAttribute("code", HttpStatus.CREATED); - - return JsonEntityView.VIEWNAME; - } else { - // there was a failure creating the permission object - - m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); - m.addAttribute("errorMessage", "Unable to save permission and generate ticket."); - - return JsonErrorView.VIEWNAME; - } - - } else { - // malformed request - m.addAttribute("code", HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Malformed JSON request."); - return JsonErrorView.VIEWNAME; - } - } catch (JsonParseException e) { - // malformed request - m.addAttribute("code", HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Malformed JSON request."); - return JsonErrorView.VIEWNAME; - } - - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java b/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java deleted file mode 100644 index 2b1feda583..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java +++ /dev/null @@ -1,391 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.web; - -import java.util.Collection; -import java.util.HashSet; -import java.util.Set; - -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.mitre.openid.connect.web.RootController; -import org.mitre.uma.model.Claim; -import org.mitre.uma.model.Policy; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.service.ResourceSetService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.Authentication; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.util.MimeTypeUtils; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.common.collect.Sets; -import com.google.gson.Gson; - -/** - * API for managing policies on resource sets. - * - * @author jricher - * - */ -@Controller -@RequestMapping("/" + PolicyAPI.URL) -@PreAuthorize("hasRole('ROLE_USER')") -public class PolicyAPI { - - // Logger for this class - private static final Logger logger = LoggerFactory.getLogger(PolicyAPI.class); - - public static final String URL = RootController.API_URL + "/resourceset"; - public static final String POLICYURL = "/policy"; - - private Gson gson = new Gson(); - - @Autowired - private ResourceSetService resourceSetService; - - /** - * List all resource sets for the current user - * @param m - * @param auth - * @return - */ - @RequestMapping(value = "", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String getResourceSetsForCurrentUser(Model m, Authentication auth) { - - Collection resourceSets = resourceSetService.getAllForOwner(auth.getName()); - - m.addAttribute(JsonEntityView.ENTITY, resourceSets); - - return JsonEntityView.VIEWNAME; - } - - /** - * Get the indicated resource set - * @param rsid - * @param m - * @param auth - * @return - */ - @RequestMapping(value = "/{rsid}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String getResourceSet(@PathVariable (value = "rsid") Long rsid, Model m, Authentication auth) { - - ResourceSet rs = resourceSetService.getById(rsid); - - if (rs == null) { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - if (!rs.getOwner().equals(auth.getName())) { - logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); - - // authenticated user didn't match the owner of the resource set - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - - m.addAttribute(JsonEntityView.ENTITY, rs); - - return JsonEntityView.VIEWNAME; - } - - /** - * Delete the indicated resource set - * @param rsid - * @param m - * @param auth - * @return - */ - @RequestMapping(value = "/{rsid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String deleteResourceSet(@PathVariable (value = "rsid") Long rsid, Model m, Authentication auth) { - - ResourceSet rs = resourceSetService.getById(rsid); - - if (rs == null) { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - if (!rs.getOwner().equals(auth.getName())) { - logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); - - // authenticated user didn't match the owner of the resource set - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - - resourceSetService.remove(rs); - m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); - return HttpCodeView.VIEWNAME; - - } - - /** - * List all the policies for the given resource set - * @param rsid - * @param m - * @param auth - * @return - */ - @RequestMapping(value = "/{rsid}" + POLICYURL, method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String getPoliciesForResourceSet(@PathVariable (value = "rsid") Long rsid, Model m, Authentication auth) { - - ResourceSet rs = resourceSetService.getById(rsid); - - if (rs == null) { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - if (!rs.getOwner().equals(auth.getName())) { - logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); - - // authenticated user didn't match the owner of the resource set - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - - m.addAttribute(JsonEntityView.ENTITY, rs.getPolicies()); - - return JsonEntityView.VIEWNAME; - } - - /** - * Create a new policy on the given resource set - * @param rsid - * @param m - * @param auth - * @return - */ - @RequestMapping(value = "/{rsid}" + POLICYURL, method = RequestMethod.POST, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String createNewPolicyForResourceSet(@PathVariable (value = "rsid") Long rsid, @RequestBody String jsonString, Model m, Authentication auth) { - ResourceSet rs = resourceSetService.getById(rsid); - - if (rs == null) { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - if (!rs.getOwner().equals(auth.getName())) { - logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); - - // authenticated user didn't match the owner of the resource set - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - - Policy p = gson.fromJson(jsonString, Policy.class); - - if (p.getId() != null) { - logger.warn("Tried to add a policy with a non-null ID: " + p.getId()); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - return HttpCodeView.VIEWNAME; - } - - for (Claim claim : p.getClaimsRequired()) { - if (claim.getId() != null) { - logger.warn("Tried to add a policy with a non-null claim ID: " + claim.getId()); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - return HttpCodeView.VIEWNAME; - } - } - - rs.getPolicies().add(p); - ResourceSet saved = resourceSetService.update(rs, rs); - - // find the new policy object - Collection newPolicies = Sets.difference(new HashSet<>(saved.getPolicies()), new HashSet<>(rs.getPolicies())); - - if (newPolicies.size() == 1) { - Policy newPolicy = newPolicies.iterator().next(); - m.addAttribute(JsonEntityView.ENTITY, newPolicy); - return JsonEntityView.VIEWNAME; - } else { - logger.warn("Unexpected result trying to add a new policy object: " + newPolicies); - m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR); - return HttpCodeView.VIEWNAME; - } - - } - - /** - * Get a specific policy - * @param rsid - * @param pid - * @param m - * @param auth - * @return - */ - @RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String getPolicy(@PathVariable (value = "rsid") Long rsid, @PathVariable (value = "pid") Long pid, Model m, Authentication auth) { - - ResourceSet rs = resourceSetService.getById(rsid); - - if (rs == null) { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - if (!rs.getOwner().equals(auth.getName())) { - logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); - - // authenticated user didn't match the owner of the resource set - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - - for (Policy policy : rs.getPolicies()) { - if (policy.getId().equals(pid)) { - // found it! - m.addAttribute(JsonEntityView.ENTITY, policy); - return JsonEntityView.VIEWNAME; - } - } - - // if we made it this far, we haven't found it - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - /** - * Update a specific policy - * @param rsid - * @param pid - * @param jsonString - * @param m - * @param auth - * @return - */ - @RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.PUT, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String setClaimsForResourceSet(@PathVariable (value = "rsid") Long rsid, @PathVariable (value = "pid") Long pid, @RequestBody String jsonString, Model m, Authentication auth) { - - ResourceSet rs = resourceSetService.getById(rsid); - - if (rs == null) { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - if (!rs.getOwner().equals(auth.getName())) { - logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); - - // authenticated user didn't match the owner of the resource set - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return HttpCodeView.VIEWNAME; - } - - Policy p = gson.fromJson(jsonString, Policy.class); - - if (!pid.equals(p.getId())) { - logger.warn("Policy ID mismatch, expected " + pid + " got " + p.getId()); - - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - return HttpCodeView.VIEWNAME; - } - - for (Policy policy : rs.getPolicies()) { - if (policy.getId().equals(pid)) { - // found it! - - // find the existing claim IDs, make sure we're not overwriting anything from another policy - Set claimIds = new HashSet<>(); - for (Claim claim : policy.getClaimsRequired()) { - claimIds.add(claim.getId()); - } - - for (Claim claim : p.getClaimsRequired()) { - if (claim.getId() != null && !claimIds.contains(claim.getId())) { - logger.warn("Tried to add a policy with a an unmatched claim ID: got " + claim.getId() + " expected " + claimIds); - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - return HttpCodeView.VIEWNAME; - } - } - - // update the existing object with the new values - policy.setClaimsRequired(p.getClaimsRequired()); - policy.setName(p.getName()); - policy.setScopes(p.getScopes()); - - resourceSetService.update(rs, rs); - - m.addAttribute(JsonEntityView.ENTITY, policy); - return JsonEntityView.VIEWNAME; - } - } - - // if we made it this far, we haven't found it - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - } - - /** - * Delete a specific policy - * @param rsid - * @param pid - * @param m - * @param auth - * @return - */ - @RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String deleteResourceSet(@PathVariable ("rsid") Long rsid, @PathVariable (value = "pid") Long pid, Model m, Authentication auth) { - - ResourceSet rs = resourceSetService.getById(rsid); - - if (rs == null) { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.addAttribute(JsonErrorView.ERROR, "not_found"); - return JsonErrorView.VIEWNAME; - } - - if (!auth.getName().equals(rs.getOwner())) { - - logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); - - // it wasn't issued to this user - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return JsonErrorView.VIEWNAME; - } - - - for (Policy policy : rs.getPolicies()) { - if (policy.getId().equals(pid)) { - // found it! - rs.getPolicies().remove(policy); - resourceSetService.update(rs, rs); - - m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); - return HttpCodeView.VIEWNAME; - } - } - - // if we made it this far, we haven't found it - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return HttpCodeView.VIEWNAME; - - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java deleted file mode 100644 index ce10568fba..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java +++ /dev/null @@ -1,317 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -package org.mitre.uma.web; - - -import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope; -import static org.mitre.util.JsonUtils.getAsLong; -import static org.mitre.util.JsonUtils.getAsString; -import static org.mitre.util.JsonUtils.getAsStringSet; - -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.service.ResourceSetService; -import org.mitre.uma.view.ResourceSetEntityAbbreviatedView; -import org.mitre.uma.view.ResourceSetEntityView; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.util.MimeTypeUtils; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.common.base.Strings; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParseException; -import com.google.gson.JsonParser; - -@Controller -@RequestMapping("/" + ResourceSetRegistrationEndpoint.URL) -@PreAuthorize("hasRole('ROLE_USER')") -public class ResourceSetRegistrationEndpoint { - - private static final Logger logger = LoggerFactory.getLogger(ResourceSetRegistrationEndpoint.class); - - public static final String DISCOVERY_URL = "resource_set"; - public static final String URL = DISCOVERY_URL + "/resource_set"; - - @Autowired - private ResourceSetService resourceSetService; - - @Autowired - private ConfigurationPropertiesBean config; - - @Autowired - private SystemScopeService scopeService; - - private JsonParser parser = new JsonParser(); - - @RequestMapping(method = RequestMethod.POST, produces = MimeTypeUtils.APPLICATION_JSON_VALUE, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String createResourceSet(@RequestBody String jsonString, Model m, Authentication auth) { - ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); - - ResourceSet rs = parseResourceSet(jsonString); - - if (rs == null) { // there was no resource set in the body - logger.warn("Resource set registration missing body."); - - m.addAttribute("code", HttpStatus.BAD_REQUEST); - m.addAttribute("error_description", "Resource request was missing body."); - return JsonErrorView.VIEWNAME; - } - - if (auth instanceof OAuth2Authentication) { - // if it's an OAuth mediated call, it's on behalf of a client, so store that - OAuth2Authentication o2a = (OAuth2Authentication) auth; - rs.setClientId(o2a.getOAuth2Request().getClientId()); - rs.setOwner(auth.getName()); // the username is going to be in the auth object - } else { - // this one shouldn't be called if it's not OAuth - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This call must be made with an OAuth token"); - return JsonErrorView.VIEWNAME; - } - - rs = validateScopes(rs); - - if (Strings.isNullOrEmpty(rs.getName()) // there was no name (required) - || rs.getScopes() == null // there were no scopes (required) - ) { - - logger.warn("Resource set registration missing one or more required fields."); - - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields."); - return JsonErrorView.VIEWNAME; - } - - ResourceSet saved = resourceSetService.saveNew(rs); - - m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); - m.addAttribute(JsonEntityView.ENTITY, saved); - m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + saved.getId()); - - return ResourceSetEntityAbbreviatedView.VIEWNAME; - - } - - @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String readResourceSet(@PathVariable ("id") Long id, Model m, Authentication auth) { - ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); - - ResourceSet rs = resourceSetService.getById(id); - - if (rs == null) { - m.addAttribute("code", HttpStatus.NOT_FOUND); - m.addAttribute("error", "not_found"); - return JsonErrorView.VIEWNAME; - } else { - - rs = validateScopes(rs); - - if (!auth.getName().equals(rs.getOwner())) { - - logger.warn("Unauthorized resource set request from wrong user; expected " + rs.getOwner() + " got " + auth.getName()); - - // it wasn't issued to this user - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return JsonErrorView.VIEWNAME; - } else { - m.addAttribute(JsonEntityView.ENTITY, rs); - return ResourceSetEntityView.VIEWNAME; - } - - } - - } - - @RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String updateResourceSet(@PathVariable ("id") Long id, @RequestBody String jsonString, Model m, Authentication auth) { - ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); - - ResourceSet newRs = parseResourceSet(jsonString); - - if (newRs == null // there was no resource set in the body - || Strings.isNullOrEmpty(newRs.getName()) // there was no name (required) - || newRs.getScopes() == null // there were no scopes (required) - || newRs.getId() == null || !newRs.getId().equals(id) // the IDs didn't match - ) { - - logger.warn("Resource set registration missing one or more required fields."); - - m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields."); - return JsonErrorView.VIEWNAME; - } - - ResourceSet rs = resourceSetService.getById(id); - - if (rs == null) { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.addAttribute(JsonErrorView.ERROR, "not_found"); - return JsonErrorView.VIEWNAME; - } else { - if (!auth.getName().equals(rs.getOwner())) { - - logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); - - // it wasn't issued to this user - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return JsonErrorView.VIEWNAME; - } else { - - ResourceSet saved = resourceSetService.update(rs, newRs); - - m.addAttribute(JsonEntityView.ENTITY, saved); - m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + rs.getId()); - return ResourceSetEntityAbbreviatedView.VIEWNAME; - } - - } - } - - @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String deleteResourceSet(@PathVariable ("id") Long id, Model m, Authentication auth) { - ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); - - ResourceSet rs = resourceSetService.getById(id); - - if (rs == null) { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.addAttribute(JsonErrorView.ERROR, "not_found"); - return JsonErrorView.VIEWNAME; - } else { - if (!auth.getName().equals(rs.getOwner())) { - - logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); - - // it wasn't issued to this user - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return JsonErrorView.VIEWNAME; - } else if (auth instanceof OAuth2Authentication && - !((OAuth2Authentication)auth).getOAuth2Request().getClientId().equals(rs.getClientId())){ - - logger.warn("Unauthorized resource set request from bad client; expected " + rs.getClientId() + " got " + ((OAuth2Authentication)auth).getOAuth2Request().getClientId()); - - // it wasn't issued to this client - m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - return JsonErrorView.VIEWNAME; - } else { - - // user and client matched - resourceSetService.remove(rs); - - m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); - return HttpCodeView.VIEWNAME; - } - - } - } - - @RequestMapping(method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String listResourceSets(Model m, Authentication auth) { - ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); - - String owner = auth.getName(); - - Collection resourceSets = Collections.emptySet(); - if (auth instanceof OAuth2Authentication) { - // if it's an OAuth mediated call, it's on behalf of a client, so look that up too - OAuth2Authentication o2a = (OAuth2Authentication) auth; - resourceSets = resourceSetService.getAllForOwnerAndClient(owner, o2a.getOAuth2Request().getClientId()); - } else { - // otherwise get everything for the current user - resourceSets = resourceSetService.getAllForOwner(owner); - } - - // build the entity here and send to the display - - Set ids = new HashSet<>(); - for (ResourceSet resourceSet : resourceSets) { - ids.add(resourceSet.getId().toString()); // add them all as strings so that gson renders them properly - } - - m.addAttribute(JsonEntityView.ENTITY, ids); - return JsonEntityView.VIEWNAME; - } - - private ResourceSet parseResourceSet(String jsonString) { - - try { - JsonElement el = parser.parse(jsonString); - - if (el.isJsonObject()) { - JsonObject o = el.getAsJsonObject(); - - ResourceSet rs = new ResourceSet(); - rs.setId(getAsLong(o, "_id")); - rs.setName(getAsString(o, "name")); - rs.setIconUri(getAsString(o, "icon_uri")); - rs.setType(getAsString(o, "type")); - rs.setScopes(getAsStringSet(o, "scopes")); - rs.setUri(getAsString(o, "uri")); - - return rs; - - } - - return null; - - } catch (JsonParseException e) { - return null; - } - - } - - - /** - * - * Make sure the resource set doesn't have any restricted or reserved scopes. - * - * @param rs - */ - private ResourceSet validateScopes(ResourceSet rs) { - // scopes that the client is asking for - Set requestedScopes = scopeService.fromStrings(rs.getScopes()); - - // the scopes that the resource set can have must be a subset of the dynamically allowed scopes - Set allowedScopes = scopeService.removeRestrictedAndReservedScopes(requestedScopes); - - rs.setScopes(scopeService.toStrings(allowedScopes)); - - return rs; - } - -} diff --git a/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java deleted file mode 100644 index 6dc8717adb..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java +++ /dev/null @@ -1,79 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.web; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Map; - -import org.mitre.oauth2.web.IntrospectionEndpoint; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.RequestMapping; - -import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Lists; - -/** - * @author jricher - * - */ -@Controller -public class UmaDiscoveryEndpoint { - - @Autowired - private ConfigurationPropertiesBean config; - - @RequestMapping(".well-known/uma-configuration") - public String umaConfiguration(Model model) { - - Map m = new HashMap<>(); - - String issuer = config.getIssuer(); - ImmutableSet tokenProfiles = ImmutableSet.of("bearer"); - ArrayList grantTypes = Lists.newArrayList("authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer", "client_credentials", "urn:ietf:params:oauth:grant_type:redelegate"); - - m.put("version", "1.0"); - m.put("issuer", issuer); - m.put("pat_profiles_supported", tokenProfiles); - m.put("aat_profiles_supported", tokenProfiles); - m.put("rpt_profiles_supported", tokenProfiles); - m.put("pat_grant_types_supported", grantTypes); - m.put("aat_grant_types_supported", grantTypes); - m.put("claim_token_profiles_supported", ImmutableSet.of()); - m.put("uma_profiles_supported", ImmutableSet.of()); - m.put("dynamic_client_endpoint", issuer + DynamicClientRegistrationEndpoint.URL); - m.put("token_endpoint", issuer + "token"); - m.put("authorization_endpoint", issuer + "authorize"); - m.put("requesting_party_claims_endpoint", issuer + ClaimsCollectionEndpoint.URL); - m.put("introspection_endpoint", issuer + IntrospectionEndpoint.URL); - m.put("resource_set_registration_endpoint", issuer + ResourceSetRegistrationEndpoint.DISCOVERY_URL); - m.put("permission_registration_endpoint", issuer + PermissionRegistrationEndpoint.URL); - m.put("rpt_endpoint", issuer + AuthorizationRequestEndpoint.URL); - - - - model.addAttribute("entity", m); - return JsonEntityView.VIEWNAME; - } - - -} diff --git a/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java b/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java deleted file mode 100644 index 3773264707..0000000000 --- a/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java +++ /dev/null @@ -1,117 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.web; - -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; - -import org.mitre.openid.connect.client.model.IssuerServiceResponse; -import org.mitre.openid.connect.client.service.impl.WebfingerIssuerService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.model.UserInfo; -import org.mitre.openid.connect.service.UserInfoService; -import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonEntityView; -import org.mitre.openid.connect.view.JsonErrorView; -import org.mitre.openid.connect.web.RootController; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.Authentication; -import org.springframework.stereotype.Controller; -import org.springframework.ui.Model; -import org.springframework.util.MimeTypeUtils; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; - -import com.google.common.collect.ImmutableSet; - - -/** - * @author jricher - * - */ -@Controller -@RequestMapping("/" + UserClaimSearchHelper.URL) -@PreAuthorize("hasRole('ROLE_USER')") -public class UserClaimSearchHelper { - - public static final String URL = RootController.API_URL + "/emailsearch"; - - private WebfingerIssuerService webfingerIssuerService = new WebfingerIssuerService(); - - @Autowired - private UserInfoService userInfoService; - - @Autowired - private ConfigurationPropertiesBean config; - - - @RequestMapping(method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) - public String search(@RequestParam(value = "identifier") String email, Model m, Authentication auth, HttpServletRequest req) { - - // check locally first - UserInfo localUser = userInfoService.getByEmailAddress(email); - - if (localUser != null) { - Map e = new HashMap<>(); - e.put("issuer", ImmutableSet.of(config.getIssuer())); - e.put("name", "email"); - e.put("value", localUser.getEmail()); - - Map ev = new HashMap<>(); - ev.put("issuer", ImmutableSet.of(config.getIssuer())); - ev.put("name", "email_verified"); - ev.put("value", localUser.getEmailVerified()); - - Map s = new HashMap<>(); - s.put("issuer", ImmutableSet.of(config.getIssuer())); - s.put("name", "sub"); - s.put("value", localUser.getSub()); - - m.addAttribute(JsonEntityView.ENTITY, ImmutableSet.of(e, ev, s)); - return JsonEntityView.VIEWNAME; - } else { - - // otherwise do a webfinger lookup - IssuerServiceResponse resp = webfingerIssuerService.getIssuer(req); - - if (resp != null && resp.getIssuer() != null) { - // we found an issuer, return that - Map e = new HashMap<>(); - e.put("issuer", ImmutableSet.of(resp.getIssuer())); - e.put("name", "email"); - e.put("value", email); - - Map ev = new HashMap<>(); - ev.put("issuer", ImmutableSet.of(resp.getIssuer())); - ev.put("name", "email_verified"); - ev.put("value", true); - - m.addAttribute(JsonEntityView.ENTITY, ImmutableSet.of(e, ev)); - return JsonEntityView.VIEWNAME; - } else { - m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - return JsonErrorView.VIEWNAME; - } - } - } - -} diff --git a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java b/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java deleted file mode 100644 index 0a2063cb3e..0000000000 --- a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java +++ /dev/null @@ -1,173 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.service.impl; - -import static org.mockito.Matchers.anySetOf; - -import java.util.Set; -import java.util.UUID; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.oauth2.service.SystemScopeService; -import org.mitre.uma.model.PermissionTicket; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.repository.PermissionRepository; -import org.mockito.AdditionalAnswers; -import org.mockito.InjectMocks; -import org.mockito.Matchers; -import org.mockito.Mock; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.runners.MockitoJUnitRunner; -import org.mockito.stubbing.Answer; -import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException; - -import com.google.common.collect.ImmutableSet; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.not; - -import static org.mockito.Mockito.when; - -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertThat; - -/** - * @author jricher - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultPermissionService { - - @Mock - private PermissionRepository permissionRepository; - - @Mock - private SystemScopeService scopeService; - - @InjectMocks - private DefaultPermissionService permissionService; - - private Set scopes1 = ImmutableSet.of("foo", "bar", "baz"); - private Set scopes2 = ImmutableSet.of("alpha", "beta", "betest"); - - private ResourceSet rs1; - private ResourceSet rs2; - - private String rs1Name = "resource set 1"; - private String rs1Owner = "resource set owner 1"; - private Long rs1Id = 1L; - - private String rs2Name = "resource set 2"; - private String rs2Owner = "resource set owner 2"; - private Long rs2Id = 2L; - - - @Before - public void prepare() { - rs1 = new ResourceSet(); - rs1.setName(rs1Name); - rs1.setOwner(rs1Owner); - rs1.setId(rs1Id ); - rs1.setScopes(scopes1); - - rs2 = new ResourceSet(); - rs2.setName(rs2Name); - rs2.setOwner(rs2Owner); - rs2.setId(rs2Id); - rs2.setScopes(scopes2); - - // have the repository just pass the argument through - when(permissionRepository.save(Matchers.any(PermissionTicket.class))).then(AdditionalAnswers.returnsFirstArg()); - - when(scopeService.scopesMatch(anySetOf(String.class), anySetOf(String.class))).then(new Answer() { - - @Override - public Boolean answer(InvocationOnMock invocation) throws Throwable { - Object[] arguments = invocation.getArguments(); - @SuppressWarnings("unchecked") - Set expected = (Set) arguments[0]; - @SuppressWarnings("unchecked") - Set actual = (Set) arguments[1]; - - return expected.containsAll(actual); - } - }); - - } - - - /** - * Test method for {@link org.mitre.uma.service.impl.DefaultPermissionService#createTicket(org.mitre.uma.model.ResourceSet, java.util.Set)}. - */ - @Test - public void testCreate_ticket() { - - PermissionTicket perm = permissionService.createTicket(rs1, scopes1); - - // we want there to be a non-null ticket - assertNotNull(perm.getTicket()); - } - - @Test - public void testCreate_uuid() { - PermissionTicket perm = permissionService.createTicket(rs1, scopes1); - - // we expect this to be a UUID - UUID uuid = UUID.fromString(perm.getTicket()); - - assertNotNull(uuid); - - } - - @Test - public void testCreate_differentTicketsSameClient() { - - PermissionTicket perm1 = permissionService.createTicket(rs1, scopes1); - PermissionTicket perm2 = permissionService.createTicket(rs1, scopes1); - - assertNotNull(perm1.getTicket()); - assertNotNull(perm2.getTicket()); - - // make sure these are different from each other - assertThat(perm1.getTicket(), not(equalTo(perm2.getTicket()))); - - } - - @Test - public void testCreate_differentTicketsDifferentClient() { - - PermissionTicket perm1 = permissionService.createTicket(rs1, scopes1); - PermissionTicket perm2 = permissionService.createTicket(rs2, scopes2); - - assertNotNull(perm1.getTicket()); - assertNotNull(perm2.getTicket()); - - // make sure these are different from each other - assertThat(perm1.getTicket(), not(equalTo(perm2.getTicket()))); - - } - - @Test(expected = InsufficientScopeException.class) - public void testCreate_scopeMismatch() { - @SuppressWarnings("unused") - // try to get scopes outside of what we're allowed to do, this should throw an exception - PermissionTicket perm = permissionService.createTicket(rs1, scopes2); - } - -} diff --git a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java b/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java deleted file mode 100644 index 52ca091be8..0000000000 --- a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java +++ /dev/null @@ -1,101 +0,0 @@ -/******************************************************************************* - * Copyright 2018 The MIT Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ - -package org.mitre.uma.service.impl; - -import static org.mockito.Matchers.any; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.uma.model.ResourceSet; -import org.mitre.uma.repository.ResourceSetRepository; -import org.mockito.AdditionalAnswers; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.runners.MockitoJUnitRunner; - -import static org.mockito.Mockito.when; - -/** - * @author jricher - * - */ -@RunWith(MockitoJUnitRunner.class) -public class TestDefaultResourceSetService { - - @Mock - private ResourceSetRepository repository; - - @InjectMocks - private DefaultResourceSetService resourceSetService; - - /** - * @throws java.lang.Exception - */ - @Before - public void setUp() throws Exception { - - when(repository.save(any(ResourceSet.class))).then(AdditionalAnswers.returnsFirstArg()); - - } - - /** - * Test method for {@link org.mitre.uma.service.impl.DefaultResourceSetService#saveNew(org.mitre.uma.model.ResourceSet)}. - */ - @Test(expected = IllegalArgumentException.class) - public void testSaveNew_hasId() { - - ResourceSet rs = new ResourceSet(); - rs.setId(1L); - - resourceSetService.saveNew(rs); - - } - - @Test(expected = IllegalArgumentException.class) - public void testUpdate_nullId() { - ResourceSet rs = new ResourceSet(); - rs.setId(1L); - - ResourceSet rs2 = new ResourceSet(); - - resourceSetService.update(rs, rs2); - } - - @Test(expected = IllegalArgumentException.class) - public void testUpdate_nullId2() { - ResourceSet rs = new ResourceSet(); - - ResourceSet rs2 = new ResourceSet(); - rs2.setId(1L); - - resourceSetService.update(rs, rs2); - } - - @Test(expected = IllegalArgumentException.class) - public void testUpdate_mismatchedIds() { - ResourceSet rs = new ResourceSet(); - rs.setId(1L); - - ResourceSet rs2 = new ResourceSet(); - rs2.setId(2L); - - resourceSetService.update(rs, rs2); - - } - -}