Building up machinery to handle authorization codes

fcrepo4-archive · Jun 11, 2013 · ff8760b · ff8760b
1 parent 42b2a87
commit ff8760b
Showing 1 changed file with 44 additions and 3 deletions.
diff --git a/src/main/java/org/fcrepo/auth/oauth/api/TokenEndpoint.java b/src/main/java/org/fcrepo/auth/oauth/api/TokenEndpoint.java
@@ -1,6 +1,8 @@
 
 package org.fcrepo.auth.oauth.api;
 
+import static com.google.common.collect.Sets.intersection;
+import static com.google.common.collect.Sets.newHashSet;
 import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
 import static javax.servlet.http.HttpServletResponse.SC_OK;
 import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
@@ -13,14 +15,21 @@
 import static org.apache.oltu.oauth2.common.error.OAuthError.TokenResponse.INVALID_GRANT;
 import static org.apache.oltu.oauth2.common.error.OAuthError.TokenResponse.UNAUTHORIZED_CLIENT;
 import static org.apache.oltu.oauth2.common.message.OAuthResponse.errorResponse;
+import static org.apache.oltu.oauth2.common.message.types.GrantType.AUTHORIZATION_CODE;
 import static org.fcrepo.auth.oauth.Constants.CLIENT_PROPERTY;
 import static org.fcrepo.auth.oauth.Constants.OAUTH_WORKSPACE;
 import static org.fcrepo.auth.oauth.Constants.PRINCIPAL_PROPERTY;
+import static org.fcrepo.auth.oauth.Constants.SCOPES_PROPERTY;
 import static org.fcrepo.auth.oauth.api.Util.createOauthWorkspace;
+import static org.fcrepo.utils.FedoraTypesUtils.map;
+import static org.fcrepo.utils.FedoraTypesUtils.value2string;
 import static org.slf4j.LoggerFactory.getLogger;
 
+import java.util.Set;
+
 import javax.annotation.PostConstruct;
 import javax.jcr.Node;
+import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.servlet.http.HttpServletRequest;
@@ -94,9 +103,9 @@ public Response getToken(@Context
 
             // do checking for different grant types
             if (oauthRequest.getParam(OAUTH_GRANT_TYPE).equals(
-                    GrantType.AUTHORIZATION_CODE.toString())) {
+                    AUTHORIZATION_CODE.toString())) {
                 // TODO check if authzcode is valid
-                if (isValid()) {
+                if (isValidAuthCode(oauthRequest)) {
                     final OAuthResponse response =
                             errorResponse(SC_BAD_REQUEST).setError(
                                     INVALID_GRANT).setErrorDescription(
@@ -105,7 +114,7 @@ public Response getToken(@Context
                     return status(response.getResponseStatus()).entity(
                             response.getBody()).build();
                 }
-            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(
+            } else if (oauthRequest.getParam(OAUTH_GRANT_TYPE).equals(
                     GrantType.PASSWORD.toString())) {
                 // TODO check if username/password is valid
                 if (isValid()) {
@@ -147,6 +156,38 @@ public Response getToken(@Context
         }
     }
 
+    private boolean isValidAuthCode(final OAuthTokenRequest oauthRequest)
+            throws RepositoryException {
+        final String client = oauthRequest.getClientId();
+        final String code = oauthRequest.getCode();
+        final Set<String> scopes = oauthRequest.getScopes();
+        final Session session = sessions.getSession(OAUTH_WORKSPACE);
+        try {
+            final Node authCodeNode =
+                    session.getNode("/authorization-codes/" + code);
+            // if the client is right
+            if (authCodeNode.getProperty(CLIENT_PROPERTY).getString().equals(
+                    client)) {
+                final Set<String> storedScopes =
+                        newHashSet(map(authCodeNode
+                                .getProperty(SCOPES_PROPERTY).getValues(),
+                                value2string));
+                // and if there is at least one scope in common
+                if (intersection(storedScopes, scopes).size() > 0) {
+                    return true;
+                }
+            }
+        } catch (final PathNotFoundException e) {
+            // this wasn't a code we stored
+            return false;
+        } finally {
+            session.logout();
+        }
+        throw new RuntimeException(
+                "Could not establish validity or invalidity of authorization code! Code:" +
+                        code);
+    }
+
     private void saveToken(final String token, final String client,
             final String username) throws RepositoryException {
         final Session session = sessions.getSession(OAUTH_WORKSPACE);