Fix Update old OIDC #1218

GluuFederation · Sep 14, 2018 · 5a53527 · 5a53527
1 parent 1b6d48e
commit 5a53527
Showing 1 changed file with 38 additions and 24 deletions.
diff --git a/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java b/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
@@ -25,6 +25,7 @@
 import javax.inject.Named;
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang.RandomStringUtils;
 import org.apache.commons.lang.StringUtils;
 import org.gluu.jsf2.message.FacesMessages;
 import org.gluu.jsf2.service.ConversationService;
@@ -41,7 +42,7 @@
 import org.gluu.oxtrust.security.Identity;
 import org.gluu.oxtrust.service.PasswordGenerator;
 import org.gluu.oxtrust.util.OxTrustConstants;
-import org.gluu.persist.exception.BasePersistenceException;
+import org.gluu.site.ldap.persistence.exception.LdapMappingException;
 import org.slf4j.Logger;
 import org.xdi.config.oxtrust.AppConfiguration;
 import org.xdi.model.DisplayNameEntry;
@@ -62,7 +63,7 @@
  * @author Reda Zerrad Date: 06.11.2012
  * @author Yuriy Movchan Date: 04/07/2014
  * @author Javier Rojas Blum
- * @version June 13, 2018
+ * @version June 21, 2018
  */
 @Named
 @ConversationScoped
@@ -113,6 +114,8 @@ public class UpdateClientAction implements Serializable {
 	private String inum;
 
 	private boolean update;
+
+	private Date previousClientExpirationDate;
 
 	private OxAuthClient client;
 
@@ -121,8 +124,6 @@ public class UpdateClientAction implements Serializable {
 	private List<String> clientlogoutUris;
 	private List<String> claimRedirectURIList;
 
-
-
 	private List<DisplayNameEntry> scopes;
 	private List<DisplayNameEntry> claims;
 	private List<ResponseType> responseTypes;
@@ -215,7 +216,8 @@ public String update() throws Exception {
 		try {
 			log.debug("inum : " + inum);
 			this.client = clientService.getClientByInum(inum);
-		} catch (BasePersistenceException ex) {
+			previousClientExpirationDate=this.client.getClientSecretExpiresAt();
+		} catch (LdapMappingException ex) {
 			log.error("Failed to find client {}", inum, ex);
 		}
 
@@ -271,7 +273,8 @@ private List<String> getNonEmptyStringList(String[] currentList) {
 
 	public String cancel() {
 		if (update) {
-			facesMessages.add(FacesMessage.SEVERITY_INFO, "Client '#{updateClientAction.client.displayName}' not updated");
+			facesMessages.add(FacesMessage.SEVERITY_INFO,
+					"Client '#{updateClientAction.client.displayName}' not updated");
 		} else {
 			facesMessages.add(FacesMessage.SEVERITY_INFO, "New client not added");
 		}
@@ -288,7 +291,7 @@ public String save() throws Exception {
 		if (this.client.getClientSecretExpiresAt() == null && !update) {
 			this.client.setClientSecretExpiresAt(today);
 		}
-		if (this.client.getClientSecretExpiresAt().before(today)) {
+		if (previousClientExpirationDate!=null && this.client.getClientSecretExpiresAt().before(today)) {
 			facesMessages.add(FacesMessage.SEVERITY_ERROR, "This client has expired. Update the expiration date in order to save changes");
 			return OxTrustConstants.RESULT_FAILURE;
 		}
@@ -319,15 +322,17 @@ public String save() throws Exception {
 						"OPENID CLIENT " + this.client.getInum() + " **" + this.client.getDisplayName() + "** UPDATED",
 						identity.getUser(),
 						(HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest());
-			} catch (BasePersistenceException ex) {
+			} catch (LdapMappingException ex) {
 
 				log.error("Failed to update client {}", this.inum, ex);
 
-				facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to update client '#{updateClientAction.client.displayName}'");
+				facesMessages.add(FacesMessage.SEVERITY_ERROR,
+						"Failed to update client '#{updateClientAction.client.displayName}'");
 				return OxTrustConstants.RESULT_FAILURE;
 			}
 
-			facesMessages.add(FacesMessage.SEVERITY_INFO, "Client '#{updateClientAction.client.displayName}' updated successfully");
+			facesMessages.add(FacesMessage.SEVERITY_INFO,
+					"Client '#{updateClientAction.client.displayName}' updated successfully");
 		} else {
 			this.inum = clientService.generateInumForNewClient();
 			String dn = clientService.getDnForClient(this.inum);
@@ -345,14 +350,15 @@ public String save() throws Exception {
 						"OPENID CLIENT " + this.client.getInum() + " **" + this.client.getDisplayName() + "** ADDED ",
 						identity.getUser(),
 						(HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest());
-			} catch (BasePersistenceException ex) {
+			} catch (LdapMappingException ex) {
 				log.error("Failed to add new client {}", this.inum, ex);
 
 				facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to add new client");
 				return OxTrustConstants.RESULT_FAILURE;
 			}
 
-			facesMessages.add(FacesMessage.SEVERITY_INFO, "New client '#{updateClientAction.client.displayName}' added successfully");
+			facesMessages.add(FacesMessage.SEVERITY_INFO,
+					"New client '#{updateClientAction.client.displayName}' added successfully");
 
 			conversationService.endConversation();
 
@@ -391,7 +397,8 @@ public String delete() throws Exception {
 			}
 		}
 
-		facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to remove client '#{updateClientAction.client.displayName}'");
+		facesMessages.add(FacesMessage.SEVERITY_ERROR,
+				"Failed to remove client '#{updateClientAction.client.displayName}'");
 
 		return OxTrustConstants.RESULT_FAILURE;
 	}
@@ -407,7 +414,7 @@ public void removeLogoutURI(String uri) {
 	public void removeClientLogoutURI(String uri) {
 		removeFromList(this.clientlogoutUris, uri);
 	}
-	
+
 	public void removeClaimRedirectURI(String uri) {
 		removeFromList(this.claimRedirectURIList, uri);
 	}
@@ -609,7 +616,7 @@ public void acceptSelectClientLogoutUri() {
 
 		this.availableClientlogoutUri = "https://";
 	}
-	
+
 	public void acceptSelectClaimRedirectUri() {
 		if (StringHelper.isEmpty(this.availableClaimRedirectUri)) {
 			return;
@@ -711,7 +718,7 @@ public void cancelSelectLogoutUri() {
 	public void cancelClientLogoutUri() {
 		this.availableClientlogoutUri = "http://";
 	}
-	
+
 	public void cancelClaimRedirectUri() {
 		this.availableClaimRedirectUri = "http://";
 	}
@@ -774,6 +781,7 @@ private void updateClientLogoutURIs() {
 	}
 
 	private void updateContacts() {
+		validateContacts();
 		if (contacts == null || contacts.size() == 0) {
 			client.setContacts(null);
 			return;
@@ -828,7 +836,7 @@ private void updateAuthorizedOrigins() {
 
 		client.setAuthorizedOrigins(tmpAuthorizedOrigins.toArray(new String[tmpAuthorizedOrigins.size()]));
 	}
-	
+
 	private void updateClaimredirectUri() {
 		if (claimRedirectURIList == null || claimRedirectURIList.size() == 0) {
 			client.setClaimRedirectURI(null);
@@ -930,7 +938,8 @@ public void searchAvailableScopes() {
 
 		try {
 
-			this.availableScopes = scopeService.searchScopes(this.searchAvailableScopePattern, OxTrustConstants.searchClientsSizeLimit);
+			this.availableScopes = scopeService.searchScopes(this.searchAvailableScopePattern,
+					OxTrustConstants.searchClientsSizeLimit);
 			this.oldSearchAvailableScopePattern = this.searchAvailableScopePattern;
 			selectAddedScopes();
 		} catch (Exception ex) {
@@ -944,7 +953,8 @@ public void searchAvailableClaims() {
 		}
 
 		try {
-			this.availableClaims = attributeService.searchAttributes(this.searchAvailableClaimPattern, OxTrustConstants.searchClientsSizeLimit);
+			this.availableClaims = attributeService.searchAttributes(this.searchAvailableClaimPattern,
+					OxTrustConstants.searchClientsSizeLimit);
 			this.oldSearchAvailableClaimPattern = this.searchAvailableClaimPattern;
 			selectAddedClaims();
 		} catch (Exception ex) {
@@ -958,7 +968,8 @@ private List<DisplayNameEntry> getInitialScopeDisplayNameEntiries() throws Excep
 			return result;
 		}
 
-		List<DisplayNameEntry> tmp = lookupService.getDisplayNameEntries(scopeService.getDnForScope(null), this.client.getOxAuthScopes());
+		List<DisplayNameEntry> tmp = lookupService.getDisplayNameEntries(scopeService.getDnForScope(null),
+				this.client.getOxAuthScopes());
 		if (tmp != null) {
 			result.addAll(tmp);
 		}
@@ -972,7 +983,8 @@ private List<DisplayNameEntry> getInitialClaimDisplayNameEntries() throws Except
 			return result;
 		}
 
-		List<DisplayNameEntry> tmp = lookupService.getDisplayNameEntries(attributeService.getDnForAttribute(null), this.client.getOxAuthClaims());
+		List<DisplayNameEntry> tmp = lookupService.getDisplayNameEntries(attributeService.getDnForAttribute(null),
+				this.client.getOxAuthClaims());
 		if (tmp != null) {
 			result.addAll(tmp);
 		}
@@ -1137,7 +1149,7 @@ private void selectAddedGrantTypes() {
 			availableGrantType.setSelected(addedGrantTypes.contains(availableGrantType.getEntity()));
 		}
 	}
-	
+
 	public List<String> getClaimRedirectURIList() {
 		return claimRedirectURIList;
 	}
@@ -1353,7 +1365,8 @@ private boolean checkBlackListRedirectUris(String redirectUri) {
 
 	public boolean checkClientSecretRequired() {
 		for (ResponseType responseType : this.responseTypes) {
-			if (responseType.getValue().equalsIgnoreCase("token") || responseType.getValue().equalsIgnoreCase("id_token")) {
+			if (responseType.getValue().equalsIgnoreCase("token")
+					|| responseType.getValue().equalsIgnoreCase("id_token")) {
 				return false;
 			}
 		}
@@ -1388,7 +1401,8 @@ private void validateContacts() {
 	}
 
 	public void generatePassword() throws EncryptionException {
-		String pwd = passwordGenerator.generate();
+		String characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+		String pwd = RandomStringUtils.random(24, characters);
 		this.client.setOxAuthClientSecret(pwd);
 		this.client.setEncodedClientSecret(encryptionService.encrypt(pwd));
 	}