Merge pull request #170 from shabanovd/develop

Fix for google OAuth authentication

.gitignore

@@ -44,3 +44,4 @@ test/junit/
 test/temp/
 nbproject/build/
 nbproject/private/
+/target

extensions/security/oauth/ivy.xml

@@ -0,0 +1,9 @@
+<!--
+    Ivy module to retrieve jar for OAuth
+-->
+<ivy-module version="2.0">
+    <info organisation="org.exist" module="security.oauth"/>
+    <dependencies>
+        <dependency org="org.scribe" name="scribe" rev="1.3.5" conf="*->*,!sources,!javadoc"/>
+    </dependencies>
+</ivy-module>

extensions/security/oauth/src/org/exist/security/realm/oauth/OAuthServlet.java

@@ -28,11 +28,15 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.json.JSONTokener;
 import org.scribe.model.OAuthConstants;
 import org.scribe.model.OAuthRequest;
 import org.scribe.model.Token;
 import org.scribe.model.Verifier;
 import org.scribe.oauth.OAuthService;
+import org.scribe.utils.OAuthEncoder;
 
 /**
  * @author <a href="mailto:shabanovd@gmail.com">Dmitriy Shabanov</a>
@@ -102,21 +106,41 @@ private void process(HttpServletRequest request, HttpServletResponse response) t
 	        OAuthRequest req = new OAuthRequest(api.getAccessTokenVerb(), api.getAccessTokenEndpoint());
 	        req.addBodyParameter(OAuthConstants.CLIENT_ID, config.getApiKey());
 	        req.addBodyParameter(OAuthConstants.CLIENT_SECRET, config.getApiSecret());
-	        req.addBodyParameter(OAuthConstants.CODE, verification);
+	        req.addBodyParameter(OAuthConstants.CODE, verifier.getValue());
 		// jetty.port.jetty
-        	req.addBodyParameter(OAuthConstants.REDIRECT_URI, "http://localhost:" + System.getProperty("jetty.port") + "/oauth/cook2gl");
+        	req.addBodyParameter(OAuthConstants.REDIRECT_URI, config.getReturnURL());
 	        req.addBodyParameter("grant_type", "authorization_code");
-	        accessToken = api.getAccessTokenExtractor().extract(req.send().getBody());
+	        
+	        String responce = req.send().getBody();
+
+	        JSONTokener tokener = new JSONTokener(responce);
+	        try {
+	            JSONObject root = new JSONObject(tokener);
+	            String access_token = root.getString("access_token");
+
+	            String token = OAuthEncoder.decode(access_token);
+	            accessToken = new Token(token, "", responce);
+
+	        } catch (JSONException e) {
+	            throw new IOException(e);
+	        }
+	        
+	        //accessToken = api.getAccessTokenExtractor().extract(req.send().getBody());
         } else
-        	accessToken = service.getAccessToken(EMPTY_TOKEN, verifier);
+            accessToken = service.getAccessToken(EMPTY_TOKEN, verifier);
         
         try {
-        	OAuthRealm._.getServiceBulderByPath(path).saveAccessToken(request, service, accessToken);
-		} catch (Exception e) {
-			throw new ServletException(e);
-		}
+            OAuthRealm._.getServiceBulderByPath(path).saveAccessToken(request, service, accessToken);
+        } catch (Exception e) {
+            throw new ServletException(e);
+        }
         
         String returnToPage = (String)request.getSession().getAttribute(RETURN_TO_PAGE);
-        response.sendRedirect(returnToPage);
+        
+        if (returnToPage != null) {
+            response.sendRedirect(returnToPage);
+        } else {
+            response.sendRedirect("/");
+        }
     }
 }

extensions/security/oauth/src/org/exist/security/realm/oauth/Service.java

@@ -1,120 +1,130 @@
-/*
- *  eXist Open Source Native XML Database
- *  Copyright (C) 2011 The eXist Project
- *  http://exist-db.org
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU Lesser General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public
- *  License along with this library; if not, write to the Free Software
- *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- *  $Id$
- */
-package org.exist.security.realm.oauth;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.exist.config.Configurable;
-import org.exist.config.Configuration;
-import org.exist.config.Configurator;
-import org.exist.config.annotation.ConfigurationClass;
-import org.exist.config.annotation.ConfigurationFieldAsAttribute;
-import org.scribe.builder.ServiceBuilder;
-import org.scribe.builder.api.Api;
-import org.scribe.builder.api.FacebookApi;
-import org.scribe.model.Token;
-import org.scribe.oauth.OAuthService;
-
-/**
- * <service name="app" key="APP_ID" secret="APP_SECRET" />
- * 
- * @author <a href="mailto:shabanovd@gmail.com">Dmitriy Shabanov</a>
- *
- */
-@ConfigurationClass("service")
-public class Service implements Configurable {
-	
-	private Configuration configuration = null;
-	
-	@ConfigurationFieldAsAttribute("name")
-	String name;
-
-	@ConfigurationFieldAsAttribute("key")
-	String apiKey;
-    
-    @ConfigurationFieldAsAttribute("secret")
-    String apiSecret;
-
-    @ConfigurationFieldAsAttribute("provider")
-    String provider;
-
-    public Service(OAuthRealm realm, Configuration config) {
-
-		configuration = Configurator.configure(this, config);
-	}
-
-	public String getName() {
-		return name;
-	}
-
-	public ServiceBuilder getServiceBuilder() {
-        return new ServiceBuilder()
-        		.provider(getProviderClass())
-        		.apiKey(apiKey)
-        		.apiSecret(apiSecret);
-	}
-	
-	private String getProvider() {
-		if (provider == null)
-			throw new IllegalArgumentException("Provider was not set.");
-		
-		return provider; 
-	}
-
-	private Class<? extends Api> getProviderClass() {
-		String provider = getProvider().toLowerCase();
-
-		if (provider.equalsIgnoreCase("facebook"))
-			return FacebookApi.class;
-		else if (provider.equalsIgnoreCase("google"))
-			return Google2Api.class;
-		
-		throw new IllegalArgumentException("Unknown provider '"+provider+"'");
-	}
-
-	public void saveAccessToken(HttpServletRequest request, OAuthService service, Token accessToken) throws Exception {
-		String provider = getProvider().toLowerCase();
-
-		if (provider.equalsIgnoreCase("facebook"))
-			ServiceFacebook.saveAccessToken(request, service, accessToken);
-		else if (provider.equalsIgnoreCase("google"))
-			ServiceGoogle.saveAccessToken(request, service, accessToken);
-		
-		throw new IllegalArgumentException("Unknown provider '"+provider+"'");
-	}
-	
-	public String getApiKey() {
-		return apiKey;
-	}
-
-	public String getApiSecret() {
-		return apiSecret;
-	}
-
-	public boolean isConfigured() {
-		return configuration != null;
-	}
-
-	public Configuration getConfiguration() {
-		return configuration;
-	}
+/*
+ *  eXist Open Source Native XML Database
+ *  Copyright (C) 2011 The eXist Project
+ *  http://exist-db.org
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ *  $Id$
+ */
+package org.exist.security.realm.oauth;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.exist.config.Configurable;
+import org.exist.config.Configuration;
+import org.exist.config.Configurator;
+import org.exist.config.annotation.ConfigurationClass;
+import org.exist.config.annotation.ConfigurationFieldAsAttribute;
+import org.scribe.builder.ServiceBuilder;
+import org.scribe.builder.api.Api;
+import org.scribe.builder.api.FacebookApi;
+import org.scribe.model.Token;
+import org.scribe.oauth.OAuthService;
+
+/**
+ * <service name="app" key="APP_ID" secret="APP_SECRET" />
+ * 
+ * @author <a href="mailto:shabanovd@gmail.com">Dmitriy Shabanov</a>
+ * 
+ */
+@ConfigurationClass("service")
+public class Service implements Configurable {
+
+    private Configuration configuration = null;
+
+    @ConfigurationFieldAsAttribute("name")
+    String name;
+
+    @ConfigurationFieldAsAttribute("key")
+    String apiKey;
+
+    @ConfigurationFieldAsAttribute("secret")
+    String apiSecret;
+
+    @ConfigurationFieldAsAttribute("provider")
+    String provider;
+
+    @ConfigurationFieldAsAttribute("return-url")
+    String return_url;
+
+    public Service(OAuthRealm realm, Configuration config) {
+
+        configuration = Configurator.configure(this, config);
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public ServiceBuilder getServiceBuilder() {
+        return new ServiceBuilder()
+            .provider(getProviderClass())
+            .apiKey(apiKey)
+            .apiSecret(apiSecret);
+    }
+
+    private String getProvider() {
+        if (provider == null)
+            throw new IllegalArgumentException("Provider was not set.");
+
+        return provider;
+    }
+
+    private Class<? extends Api> getProviderClass() {
+        String provider = getProvider().toLowerCase();
+
+        if (provider.equalsIgnoreCase("facebook"))
+            return FacebookApi.class;
+        else if (provider.equalsIgnoreCase("google"))
+            return Google2Api.class;
+
+        throw new IllegalArgumentException("Unknown provider '" + provider + "'");
+    }
+
+    public void saveAccessToken(HttpServletRequest request, OAuthService service, Token accessToken) throws Exception {
+        String provider = getProvider().toLowerCase();
+
+        if (provider.equalsIgnoreCase("facebook")) {
+            ServiceFacebook.saveAccessToken(request, service, accessToken);
+        
+        } else if (provider.equalsIgnoreCase("google")) {
+            ServiceGoogle.saveAccessToken(request, service, accessToken);
+        
+        } else {
+            throw new IllegalArgumentException("Unknown provider '" + provider + "'");
+        }
+    }
+
+    public String getApiKey() {
+        return apiKey;
+    }
+
+    public String getApiSecret() {
+        return apiSecret;
+    }
+    
+    public String getReturnURL() {
+        return return_url;
+    }
+
+    public boolean isConfigured() {
+        return configuration != null;
+    }
+
+    public Configuration getConfiguration() {
+        return configuration;
+    }
 }

extensions/security/oauth/src/org/exist/security/realm/oauth/ServiceGoogle.java

@@ -100,17 +100,22 @@ public static void saveAccessToken(HttpServletRequest request, OAuthService serv
 			
 		String id = responseAttributes.get("id");
 		
-		String accountName = id + "@facebook.com";
+		String accountName = id + "@google.com";
 
 		Account found = OAuthRealm._.getAccount(accountName);
 		
 		if (found == null) {
 			Map<SchemaType, String> metadata = new HashMap<SchemaType, String>();
-			metadata.put(GoogleSchemaType.ID, responseAttributes.get("id"));
-			metadata.put(AXSchemaType.FIRSTNAME, responseAttributes.get("given_name"));
-			metadata.put(AXSchemaType.LASTNAME, responseAttributes.get("family_name"));
-			metadata.put(AXSchemaType.FULLNAME, responseAttributes.get("name"));
-			metadata.put(AXSchemaType.TIMEZONE, responseAttributes.get("timezone"));
+			addMetadata(responseAttributes, metadata, GoogleSchemaType.ID, "id");
+			addMetadata(responseAttributes, metadata, AXSchemaType.FIRSTNAME, "given_name");
+			addMetadata(responseAttributes, metadata, AXSchemaType.LASTNAME, "family_name");
+			addMetadata(responseAttributes, metadata, AXSchemaType.FULLNAME, "name");
+			addMetadata(responseAttributes, metadata, AXSchemaType.TIMEZONE, "timezone");
+
+			addMetadata(responseAttributes, metadata, GoogleSchemaType.PICTURE, "picture");
+			addMetadata(responseAttributes, metadata, GoogleSchemaType.LOCALE, "locale");
+			addMetadata(responseAttributes, metadata, GoogleSchemaType.LINK, "link");
+			addMetadata(responseAttributes, metadata, GoogleSchemaType.GENDER, "gender");			
 			
 			found = OAuthRealm._.createAccountInDatabase(accountName, metadata);
 		}
@@ -153,10 +158,22 @@ public static void saveAccessToken(HttpServletRequest request, OAuthService serv
 		return parameters;
 	}
 	
-	public enum GoogleSchemaType implements SchemaType {
+	private static void addMetadata(Map<String, String> attributes, Map<SchemaType, String> metadata, SchemaType type, String attrName) {
+	    String val = attributes.get(attrName);
 
-	    ID("https://www.googleapis.com/oauth2/v1/userinfo", "id");
+	    if (val != null) {
+	        metadata.put(type, val);
+	    }
+	}
+	
+	public enum GoogleSchemaType implements SchemaType {
 
+	    ID("https://www.googleapis.com/oauth2/v1/userinfo", "id"),
+	    PICTURE("https://www.googleapis.com/oauth2/v1/userinfo", "picture"),
+	    LOCALE("https://www.googleapis.com/oauth2/v1/userinfo", "locale"),
+	    LINK("https://www.googleapis.com/oauth2/v1/userinfo", "link"),
+	    GENDER("https://www.googleapis.com/oauth2/v1/userinfo", "gender");
+	    
 	    private final String namespace;
 	    private final String alias;