Fix loginUris selection #1257

GluuFederation · Sep 26, 2018 · 4d8e769 · 4d8e769
1 parent e12f618
commit 4d8e769
Showing 1 changed file with 62 additions and 26 deletions.
diff --git a/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java b/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
@@ -6,7 +6,11 @@
 
 package org.gluu.oxtrust.action;
 
+import java.io.IOException;
 import java.io.Serializable;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.nio.charset.Charset;
 import java.time.LocalDate;
 import java.time.ZoneId;
 import java.util.ArrayList;
@@ -25,24 +29,25 @@
 import javax.inject.Named;
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.RandomStringUtils;
 import org.apache.commons.lang.StringUtils;
+import org.codehaus.jettison.json.JSONArray;
+import org.codehaus.jettison.json.JSONException;
 import org.gluu.jsf2.message.FacesMessages;
 import org.gluu.jsf2.service.ConversationService;
 import org.gluu.oxtrust.ldap.service.AttributeService;
 import org.gluu.oxtrust.ldap.service.ClientService;
 import org.gluu.oxtrust.ldap.service.EncryptionService;
 import org.gluu.oxtrust.ldap.service.OxTrustAuditService;
 import org.gluu.oxtrust.ldap.service.ScopeService;
-import org.gluu.oxtrust.ldap.service.SectorIdentifierService;
 import org.gluu.oxtrust.model.GluuGroup;
 import org.gluu.oxtrust.model.OxAuthClient;
 import org.gluu.oxtrust.model.OxAuthScope;
-import org.gluu.oxtrust.model.OxAuthSectorIdentifier;
 import org.gluu.oxtrust.security.Identity;
 import org.gluu.oxtrust.service.PasswordGenerator;
 import org.gluu.oxtrust.util.OxTrustConstants;
-import org.gluu.persist.exception.BasePersistenceException;
+import org.gluu.site.ldap.persistence.exception.LdapMappingException;
 import org.slf4j.Logger;
 import org.xdi.config.oxtrust.AppConfiguration;
 import org.xdi.model.DisplayNameEntry;
@@ -108,9 +113,6 @@ public class UpdateClientAction implements Serializable {
 	@Inject
 	private PasswordGenerator passwordGenerator;
 
-	@Inject
-	private SectorIdentifierService sectorIdentifierService;
-
 	private String inum;
 
 	private boolean update;
@@ -194,7 +196,7 @@ public String add() throws Exception {
 			this.requestUris = getNonEmptyStringList(client.getRequestUris());
 			this.authorizedOrigins = getNonEmptyStringList(client.getAuthorizedOrigins());
 			this.claimRedirectURIList = getNonEmptyStringList(client.getClaimRedirectURI());
-		} catch (BasePersistenceException ex) {
+		} catch (LdapMappingException ex) {
 			log.error("Failed to prepare lists", ex);
 
 			facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to add new client");
@@ -217,7 +219,7 @@ public String update() throws Exception {
 			log.debug("inum : " + inum);
 			this.client = clientService.getClientByInum(inum);
 			previousClientExpirationDate = this.client.getClientSecretExpiresAt();
-		} catch (BasePersistenceException ex) {
+		} catch (LdapMappingException ex) {
 			log.error("Failed to find client {}", inum, ex);
 		}
 
@@ -243,7 +245,7 @@ public String update() throws Exception {
 			this.requestUris = getNonEmptyStringList(client.getRequestUris());
 			this.authorizedOrigins = getNonEmptyStringList(client.getAuthorizedOrigins());
 			this.claimRedirectURIList = getNonEmptyStringList(client.getClaimRedirectURI());
-		} catch (BasePersistenceException ex) {
+		} catch (LdapMappingException ex) {
 			log.error("Failed to prepare lists", ex);
 			facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to load client");
 
@@ -323,7 +325,7 @@ public String save() throws Exception {
 						"OPENID CLIENT " + this.client.getInum() + " **" + this.client.getDisplayName() + "** UPDATED",
 						identity.getUser(),
 						(HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest());
-			} catch (BasePersistenceException ex) {
+			} catch (LdapMappingException ex) {
 
 				log.error("Failed to update client {}", this.inum, ex);
 
@@ -351,7 +353,7 @@ public String save() throws Exception {
 						"OPENID CLIENT " + this.client.getInum() + " **" + this.client.getDisplayName() + "** ADDED ",
 						identity.getUser(),
 						(HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest());
-			} catch (BasePersistenceException ex) {
+			} catch (LdapMappingException ex) {
 				log.error("Failed to add new client {}", this.inum, ex);
 
 				facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to add new client");
@@ -393,7 +395,7 @@ public String delete() throws Exception {
 				conversationService.endConversation();
 
 				return OxTrustConstants.RESULT_SUCCESS;
-			} catch (BasePersistenceException ex) {
+			} catch (LdapMappingException ex) {
 				log.error("Failed to remove client {}", this.inum, ex);
 			}
 		}
@@ -539,10 +541,7 @@ public void acceptSelectLoginUri() {
 
 		if (!this.loginUris.contains(this.availableLoginUri) && checkWhiteListRedirectUris(availableLoginUri)
 				&& checkBlackListRedirectUris(availableLoginUri)) {
-
-			if (this.loginUris.size() < 1) {
-				this.loginUris.add(this.availableLoginUri);
-			} else if (this.loginUris.size() >= 1 && sectorExist()) {
+			if (isAcceptable(this.availableLoginUri)) {
 				this.loginUris.add(this.availableLoginUri);
 			} else {
 				facesMessages.add(FacesMessage.SEVERITY_ERROR, "A sector identifier must be defined first.",
@@ -557,20 +556,57 @@ && checkBlackListRedirectUris(availableLoginUri)) {
 		this.availableLoginUri = "https://";
 	}
 
+	private boolean isAcceptable(String availableLoginUri) {
+		boolean result = false;
+		try {
+			if (this.loginUris.size() < 1) {
+				result = true;
+			} else if (this.loginUris.size() >= 1 && hasSameHostname(this.availableLoginUri)) {
+				result = true;
+			} else if (this.loginUris.size() >= 1 && !hasSameHostname(this.availableLoginUri) && sectorExist()) {
+				result = true;
+			}
+		} catch (MalformedURLException e) {
+			facesMessages.add(FacesMessage.SEVERITY_ERROR, "One of the url is no malformed",
+					"One of the url is no malformed");
+			log.error(e.getMessage());
+		}
+		return result;
+	}
+
+	private boolean hasSameHostname(String url1) throws MalformedURLException {
+		boolean result = true;
+		URL uri1 = new URL(url1);
+		for (String url : this.loginUris) {
+			URL uri = new URL(url);
+			if (!(uri1.getHost().equalsIgnoreCase(uri.getHost()))) {
+				result = false;
+				break;
+			}
+		}
+		return result;
+	}
+
 	private boolean sectorExist() {
+		boolean result = false;
 		String sectorUri = this.client.getSectorIdentifierUri();
-		if (sectorUri != null && !sectorUri.isEmpty()) {
-			String[] paths = sectorUri.split("/");
-			String id = paths[paths.length - 1];
-			OxAuthSectorIdentifier result = sectorIdentifierService.getSectorIdentifierById(id);
-			if (result != null && result.getId().equalsIgnoreCase(id)) {
-				return true;
-			} else {
-				return false;
+		try {
+			if (sectorUri != null && !sectorUri.isEmpty()) {
+				JSONArray json = new JSONArray(IOUtils.toString(new URL(sectorUri), Charset.forName("UTF-8")));
+				if (json != null) {
+					result = true;
+				}
 			}
-		} else {
-			return false;
+		} catch (MalformedURLException e) {
+			facesMessages.add(FacesMessage.SEVERITY_ERROR, "The url of the sector assigned to this client is malformed",
+					"The url of the sector assigned to this client is malformed");
+			log.error(e.getMessage());
+		} catch (IOException e) {
+			log.error(e.getMessage());
+		} catch (JSONException e) {
+			log.error(e.getMessage());
 		}
+		return result;
 	}
 
 	public void acceptSelectClaims() {