Permalink
Browse files

Merge pull request #170 from shabanovd/develop

Fix for google OAuth authentication
  • Loading branch information...
wolfgangmm committed Mar 16, 2014
2 parents 48d9f15 + a47c059 commit 481d10e61f4e2ecf5bebedb26a557ab1d754eaf9
View
@@ -44,3 +44,4 @@ test/junit/
test/temp/
nbproject/build/
nbproject/private/
+/target
@@ -0,0 +1,9 @@
+<!--
+ Ivy module to retrieve jar for OAuth
+-->
+<ivy-module version="2.0">
+ <info organisation="org.exist" module="security.oauth"/>
+ <dependencies>
+ <dependency org="org.scribe" name="scribe" rev="1.3.5" conf="*->*,!sources,!javadoc"/>
+ </dependencies>
+</ivy-module>
@@ -28,11 +28,15 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.json.JSONTokener;
import org.scribe.model.OAuthConstants;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Token;
import org.scribe.model.Verifier;
import org.scribe.oauth.OAuthService;
+import org.scribe.utils.OAuthEncoder;
/**
* @author <a href="mailto:shabanovd@gmail.com">Dmitriy Shabanov</a>
@@ -102,21 +106,41 @@ private void process(HttpServletRequest request, HttpServletResponse response) t
OAuthRequest req = new OAuthRequest(api.getAccessTokenVerb(), api.getAccessTokenEndpoint());
req.addBodyParameter(OAuthConstants.CLIENT_ID, config.getApiKey());
req.addBodyParameter(OAuthConstants.CLIENT_SECRET, config.getApiSecret());
- req.addBodyParameter(OAuthConstants.CODE, verification);
+ req.addBodyParameter(OAuthConstants.CODE, verifier.getValue());
// jetty.port.jetty
- req.addBodyParameter(OAuthConstants.REDIRECT_URI, "http://localhost:" + System.getProperty("jetty.port") + "/oauth/cook2gl");
+ req.addBodyParameter(OAuthConstants.REDIRECT_URI, config.getReturnURL());
req.addBodyParameter("grant_type", "authorization_code");
- accessToken = api.getAccessTokenExtractor().extract(req.send().getBody());
+
+ String responce = req.send().getBody();
+
+ JSONTokener tokener = new JSONTokener(responce);
+ try {
+ JSONObject root = new JSONObject(tokener);
+ String access_token = root.getString("access_token");
+
+ String token = OAuthEncoder.decode(access_token);
+ accessToken = new Token(token, "", responce);
+
+ } catch (JSONException e) {
+ throw new IOException(e);
+ }
+
+ //accessToken = api.getAccessTokenExtractor().extract(req.send().getBody());
} else
- accessToken = service.getAccessToken(EMPTY_TOKEN, verifier);
+ accessToken = service.getAccessToken(EMPTY_TOKEN, verifier);
try {
- OAuthRealm._.getServiceBulderByPath(path).saveAccessToken(request, service, accessToken);
- } catch (Exception e) {
- throw new ServletException(e);
- }
+ OAuthRealm._.getServiceBulderByPath(path).saveAccessToken(request, service, accessToken);
+ } catch (Exception e) {
+ throw new ServletException(e);
+ }
String returnToPage = (String)request.getSession().getAttribute(RETURN_TO_PAGE);
- response.sendRedirect(returnToPage);
+
+ if (returnToPage != null) {
+ response.sendRedirect(returnToPage);
+ } else {
+ response.sendRedirect("/");
+ }
}
}
@@ -1,120 +1,130 @@
-/*
- * eXist Open Source Native XML Database
- * Copyright (C) 2011 The eXist Project
- * http://exist-db.org
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * $Id$
- */
-package org.exist.security.realm.oauth;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.exist.config.Configurable;
-import org.exist.config.Configuration;
-import org.exist.config.Configurator;
-import org.exist.config.annotation.ConfigurationClass;
-import org.exist.config.annotation.ConfigurationFieldAsAttribute;
-import org.scribe.builder.ServiceBuilder;
-import org.scribe.builder.api.Api;
-import org.scribe.builder.api.FacebookApi;
-import org.scribe.model.Token;
-import org.scribe.oauth.OAuthService;
-
-/**
- * <service name="app" key="APP_ID" secret="APP_SECRET" />
- *
- * @author <a href="mailto:shabanovd@gmail.com">Dmitriy Shabanov</a>
- *
- */
-@ConfigurationClass("service")
-public class Service implements Configurable {
-
- private Configuration configuration = null;
-
- @ConfigurationFieldAsAttribute("name")
- String name;
-
- @ConfigurationFieldAsAttribute("key")
- String apiKey;
-
- @ConfigurationFieldAsAttribute("secret")
- String apiSecret;
-
- @ConfigurationFieldAsAttribute("provider")
- String provider;
-
- public Service(OAuthRealm realm, Configuration config) {
-
- configuration = Configurator.configure(this, config);
- }
-
- public String getName() {
- return name;
- }
-
- public ServiceBuilder getServiceBuilder() {
- return new ServiceBuilder()
- .provider(getProviderClass())
- .apiKey(apiKey)
- .apiSecret(apiSecret);
- }
-
- private String getProvider() {
- if (provider == null)
- throw new IllegalArgumentException("Provider was not set.");
-
- return provider;
- }
-
- private Class<? extends Api> getProviderClass() {
- String provider = getProvider().toLowerCase();
-
- if (provider.equalsIgnoreCase("facebook"))
- return FacebookApi.class;
- else if (provider.equalsIgnoreCase("google"))
- return Google2Api.class;
-
- throw new IllegalArgumentException("Unknown provider '"+provider+"'");
- }
-
- public void saveAccessToken(HttpServletRequest request, OAuthService service, Token accessToken) throws Exception {
- String provider = getProvider().toLowerCase();
-
- if (provider.equalsIgnoreCase("facebook"))
- ServiceFacebook.saveAccessToken(request, service, accessToken);
- else if (provider.equalsIgnoreCase("google"))
- ServiceGoogle.saveAccessToken(request, service, accessToken);
-
- throw new IllegalArgumentException("Unknown provider '"+provider+"'");
- }
-
- public String getApiKey() {
- return apiKey;
- }
-
- public String getApiSecret() {
- return apiSecret;
- }
-
- public boolean isConfigured() {
- return configuration != null;
- }
-
- public Configuration getConfiguration() {
- return configuration;
- }
+/*
+ * eXist Open Source Native XML Database
+ * Copyright (C) 2011 The eXist Project
+ * http://exist-db.org
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * $Id$
+ */
+package org.exist.security.realm.oauth;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.exist.config.Configurable;
+import org.exist.config.Configuration;
+import org.exist.config.Configurator;
+import org.exist.config.annotation.ConfigurationClass;
+import org.exist.config.annotation.ConfigurationFieldAsAttribute;
+import org.scribe.builder.ServiceBuilder;
+import org.scribe.builder.api.Api;
+import org.scribe.builder.api.FacebookApi;
+import org.scribe.model.Token;
+import org.scribe.oauth.OAuthService;
+
+/**
+ * <service name="app" key="APP_ID" secret="APP_SECRET" />
+ *
+ * @author <a href="mailto:shabanovd@gmail.com">Dmitriy Shabanov</a>
+ *
+ */
+@ConfigurationClass("service")
+public class Service implements Configurable {
+
+ private Configuration configuration = null;
+
+ @ConfigurationFieldAsAttribute("name")
+ String name;
+
+ @ConfigurationFieldAsAttribute("key")
+ String apiKey;
+
+ @ConfigurationFieldAsAttribute("secret")
+ String apiSecret;
+
+ @ConfigurationFieldAsAttribute("provider")
+ String provider;
+
+ @ConfigurationFieldAsAttribute("return-url")
+ String return_url;
+
+ public Service(OAuthRealm realm, Configuration config) {
+
+ configuration = Configurator.configure(this, config);
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public ServiceBuilder getServiceBuilder() {
+ return new ServiceBuilder()
+ .provider(getProviderClass())
+ .apiKey(apiKey)
+ .apiSecret(apiSecret);
+ }
+
+ private String getProvider() {
+ if (provider == null)
+ throw new IllegalArgumentException("Provider was not set.");
+
+ return provider;
+ }
+
+ private Class<? extends Api> getProviderClass() {
+ String provider = getProvider().toLowerCase();
+
+ if (provider.equalsIgnoreCase("facebook"))
+ return FacebookApi.class;
+ else if (provider.equalsIgnoreCase("google"))
+ return Google2Api.class;
+
+ throw new IllegalArgumentException("Unknown provider '" + provider + "'");
+ }
+
+ public void saveAccessToken(HttpServletRequest request, OAuthService service, Token accessToken) throws Exception {
+ String provider = getProvider().toLowerCase();
+
+ if (provider.equalsIgnoreCase("facebook")) {
+ ServiceFacebook.saveAccessToken(request, service, accessToken);
+
+ } else if (provider.equalsIgnoreCase("google")) {
+ ServiceGoogle.saveAccessToken(request, service, accessToken);
+
+ } else {
+ throw new IllegalArgumentException("Unknown provider '" + provider + "'");
+ }
+ }
+
+ public String getApiKey() {
+ return apiKey;
+ }
+
+ public String getApiSecret() {
+ return apiSecret;
+ }
+
+ public String getReturnURL() {
+ return return_url;
+ }
+
+ public boolean isConfigured() {
+ return configuration != null;
+ }
+
+ public Configuration getConfiguration() {
+ return configuration;
+ }
}
@@ -100,17 +100,22 @@ public static void saveAccessToken(HttpServletRequest request, OAuthService serv
String id = responseAttributes.get("id");
- String accountName = id + "@facebook.com";
+ String accountName = id + "@google.com";
Account found = OAuthRealm._.getAccount(accountName);
if (found == null) {
Map<SchemaType, String> metadata = new HashMap<SchemaType, String>();
- metadata.put(GoogleSchemaType.ID, responseAttributes.get("id"));
- metadata.put(AXSchemaType.FIRSTNAME, responseAttributes.get("given_name"));
- metadata.put(AXSchemaType.LASTNAME, responseAttributes.get("family_name"));
- metadata.put(AXSchemaType.FULLNAME, responseAttributes.get("name"));
- metadata.put(AXSchemaType.TIMEZONE, responseAttributes.get("timezone"));
+ addMetadata(responseAttributes, metadata, GoogleSchemaType.ID, "id");
+ addMetadata(responseAttributes, metadata, AXSchemaType.FIRSTNAME, "given_name");
+ addMetadata(responseAttributes, metadata, AXSchemaType.LASTNAME, "family_name");
+ addMetadata(responseAttributes, metadata, AXSchemaType.FULLNAME, "name");
+ addMetadata(responseAttributes, metadata, AXSchemaType.TIMEZONE, "timezone");
+
+ addMetadata(responseAttributes, metadata, GoogleSchemaType.PICTURE, "picture");
+ addMetadata(responseAttributes, metadata, GoogleSchemaType.LOCALE, "locale");
+ addMetadata(responseAttributes, metadata, GoogleSchemaType.LINK, "link");
+ addMetadata(responseAttributes, metadata, GoogleSchemaType.GENDER, "gender");
found = OAuthRealm._.createAccountInDatabase(accountName, metadata);
}
@@ -153,10 +158,22 @@ public static void saveAccessToken(HttpServletRequest request, OAuthService serv
return parameters;
}
- public enum GoogleSchemaType implements SchemaType {
+ private static void addMetadata(Map<String, String> attributes, Map<SchemaType, String> metadata, SchemaType type, String attrName) {
+ String val = attributes.get(attrName);
- ID("https://www.googleapis.com/oauth2/v1/userinfo", "id");
+ if (val != null) {
+ metadata.put(type, val);
+ }
+ }
+
+ public enum GoogleSchemaType implements SchemaType {
+ ID("https://www.googleapis.com/oauth2/v1/userinfo", "id"),
+ PICTURE("https://www.googleapis.com/oauth2/v1/userinfo", "picture"),
+ LOCALE("https://www.googleapis.com/oauth2/v1/userinfo", "locale"),
+ LINK("https://www.googleapis.com/oauth2/v1/userinfo", "link"),
+ GENDER("https://www.googleapis.com/oauth2/v1/userinfo", "gender");
+
private final String namespace;
private final String alias;

0 comments on commit 481d10e

Please sign in to comment.