From 4d8e769d0f6084a2a9bb4842c2187bb8455adb03 Mon Sep 17 00:00:00 2001 From: Gasmyr Date: Wed, 26 Sep 2018 09:49:29 +0100 Subject: [PATCH] Fix loginUris selection #1257 --- .../oxtrust/action/UpdateClientAction.java | 88 +++++++++++++------ 1 file changed, 62 insertions(+), 26 deletions(-) diff --git a/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java b/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java index e41de0732..e8afe1e88 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java @@ -6,7 +6,11 @@ package org.gluu.oxtrust.action; +import java.io.IOException; import java.io.Serializable; +import java.net.MalformedURLException; +import java.net.URL; +import java.nio.charset.Charset; import java.time.LocalDate; import java.time.ZoneId; import java.util.ArrayList; @@ -25,8 +29,11 @@ import javax.inject.Named; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.io.IOUtils; import org.apache.commons.lang.RandomStringUtils; import org.apache.commons.lang.StringUtils; +import org.codehaus.jettison.json.JSONArray; +import org.codehaus.jettison.json.JSONException; import org.gluu.jsf2.message.FacesMessages; import org.gluu.jsf2.service.ConversationService; import org.gluu.oxtrust.ldap.service.AttributeService; @@ -34,15 +41,13 @@ import org.gluu.oxtrust.ldap.service.EncryptionService; import org.gluu.oxtrust.ldap.service.OxTrustAuditService; import org.gluu.oxtrust.ldap.service.ScopeService; -import org.gluu.oxtrust.ldap.service.SectorIdentifierService; import org.gluu.oxtrust.model.GluuGroup; import org.gluu.oxtrust.model.OxAuthClient; import org.gluu.oxtrust.model.OxAuthScope; -import org.gluu.oxtrust.model.OxAuthSectorIdentifier; import org.gluu.oxtrust.security.Identity; import org.gluu.oxtrust.service.PasswordGenerator; import org.gluu.oxtrust.util.OxTrustConstants; -import org.gluu.persist.exception.BasePersistenceException; +import org.gluu.site.ldap.persistence.exception.LdapMappingException; import org.slf4j.Logger; import org.xdi.config.oxtrust.AppConfiguration; import org.xdi.model.DisplayNameEntry; @@ -108,9 +113,6 @@ public class UpdateClientAction implements Serializable { @Inject private PasswordGenerator passwordGenerator; - @Inject - private SectorIdentifierService sectorIdentifierService; - private String inum; private boolean update; @@ -194,7 +196,7 @@ public String add() throws Exception { this.requestUris = getNonEmptyStringList(client.getRequestUris()); this.authorizedOrigins = getNonEmptyStringList(client.getAuthorizedOrigins()); this.claimRedirectURIList = getNonEmptyStringList(client.getClaimRedirectURI()); - } catch (BasePersistenceException ex) { + } catch (LdapMappingException ex) { log.error("Failed to prepare lists", ex); facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to add new client"); @@ -217,7 +219,7 @@ public String update() throws Exception { log.debug("inum : " + inum); this.client = clientService.getClientByInum(inum); previousClientExpirationDate = this.client.getClientSecretExpiresAt(); - } catch (BasePersistenceException ex) { + } catch (LdapMappingException ex) { log.error("Failed to find client {}", inum, ex); } @@ -243,7 +245,7 @@ public String update() throws Exception { this.requestUris = getNonEmptyStringList(client.getRequestUris()); this.authorizedOrigins = getNonEmptyStringList(client.getAuthorizedOrigins()); this.claimRedirectURIList = getNonEmptyStringList(client.getClaimRedirectURI()); - } catch (BasePersistenceException ex) { + } catch (LdapMappingException ex) { log.error("Failed to prepare lists", ex); facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to load client"); @@ -323,7 +325,7 @@ public String save() throws Exception { "OPENID CLIENT " + this.client.getInum() + " **" + this.client.getDisplayName() + "** UPDATED", identity.getUser(), (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()); - } catch (BasePersistenceException ex) { + } catch (LdapMappingException ex) { log.error("Failed to update client {}", this.inum, ex); @@ -351,7 +353,7 @@ public String save() throws Exception { "OPENID CLIENT " + this.client.getInum() + " **" + this.client.getDisplayName() + "** ADDED ", identity.getUser(), (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()); - } catch (BasePersistenceException ex) { + } catch (LdapMappingException ex) { log.error("Failed to add new client {}", this.inum, ex); facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to add new client"); @@ -393,7 +395,7 @@ public String delete() throws Exception { conversationService.endConversation(); return OxTrustConstants.RESULT_SUCCESS; - } catch (BasePersistenceException ex) { + } catch (LdapMappingException ex) { log.error("Failed to remove client {}", this.inum, ex); } } @@ -539,10 +541,7 @@ public void acceptSelectLoginUri() { if (!this.loginUris.contains(this.availableLoginUri) && checkWhiteListRedirectUris(availableLoginUri) && checkBlackListRedirectUris(availableLoginUri)) { - - if (this.loginUris.size() < 1) { - this.loginUris.add(this.availableLoginUri); - } else if (this.loginUris.size() >= 1 && sectorExist()) { + if (isAcceptable(this.availableLoginUri)) { this.loginUris.add(this.availableLoginUri); } else { facesMessages.add(FacesMessage.SEVERITY_ERROR, "A sector identifier must be defined first.", @@ -557,20 +556,57 @@ && checkBlackListRedirectUris(availableLoginUri)) { this.availableLoginUri = "https://"; } + private boolean isAcceptable(String availableLoginUri) { + boolean result = false; + try { + if (this.loginUris.size() < 1) { + result = true; + } else if (this.loginUris.size() >= 1 && hasSameHostname(this.availableLoginUri)) { + result = true; + } else if (this.loginUris.size() >= 1 && !hasSameHostname(this.availableLoginUri) && sectorExist()) { + result = true; + } + } catch (MalformedURLException e) { + facesMessages.add(FacesMessage.SEVERITY_ERROR, "One of the url is no malformed", + "One of the url is no malformed"); + log.error(e.getMessage()); + } + return result; + } + + private boolean hasSameHostname(String url1) throws MalformedURLException { + boolean result = true; + URL uri1 = new URL(url1); + for (String url : this.loginUris) { + URL uri = new URL(url); + if (!(uri1.getHost().equalsIgnoreCase(uri.getHost()))) { + result = false; + break; + } + } + return result; + } + private boolean sectorExist() { + boolean result = false; String sectorUri = this.client.getSectorIdentifierUri(); - if (sectorUri != null && !sectorUri.isEmpty()) { - String[] paths = sectorUri.split("/"); - String id = paths[paths.length - 1]; - OxAuthSectorIdentifier result = sectorIdentifierService.getSectorIdentifierById(id); - if (result != null && result.getId().equalsIgnoreCase(id)) { - return true; - } else { - return false; + try { + if (sectorUri != null && !sectorUri.isEmpty()) { + JSONArray json = new JSONArray(IOUtils.toString(new URL(sectorUri), Charset.forName("UTF-8"))); + if (json != null) { + result = true; + } } - } else { - return false; + } catch (MalformedURLException e) { + facesMessages.add(FacesMessage.SEVERITY_ERROR, "The url of the sector assigned to this client is malformed", + "The url of the sector assigned to this client is malformed"); + log.error(e.getMessage()); + } catch (IOException e) { + log.error(e.getMessage()); + } catch (JSONException e) { + log.error(e.getMessage()); } + return result; } public void acceptSelectClaims() {