diff options
7 files changed, 46 insertions, 38 deletions
diff --git a/src/main/java/org/traccar/MainModule.java b/src/main/java/org/traccar/MainModule.java index 7b06b4840..51097511a 100644 --- a/src/main/java/org/traccar/MainModule.java +++ b/src/main/java/org/traccar/MainModule.java @@ -171,7 +171,7 @@ public class MainModule extends AbstractModule { } return null; } - + @Singleton @Provides public static OpenIdProvider provideOpenIDProvider(Config config, LoginService loginService) { diff --git a/src/main/java/org/traccar/api/resource/ServerResource.java b/src/main/java/org/traccar/api/resource/ServerResource.java index 9b4d82a66..6a3b8919e 100644 --- a/src/main/java/org/traccar/api/resource/ServerResource.java +++ b/src/main/java/org/traccar/api/resource/ServerResource.java @@ -71,7 +71,7 @@ public class ServerResource extends BaseResource { server.setEmailEnabled(mailManager.getEmailEnabled()); server.setGeocoderEnabled(geocoder != null); server.setOpenIdEnabled(openIdProvider != null); - server.setOpenIdForce(openIdProvider != null && openIdProvider.force); + server.setOpenIdForce(openIdProvider != null && openIdProvider.getForce()); User user = permissionsService.getUser(getUserId()); if (user != null) { if (user.getAdministrator()) { diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java index 94a6a4595..ac39fa449 100644 --- a/src/main/java/org/traccar/api/resource/SessionResource.java +++ b/src/main/java/org/traccar/api/resource/SessionResource.java @@ -174,7 +174,7 @@ public class SessionResource extends BaseResource { public Response openIdAuth() throws IOException { return Response.seeOther(openIdProvider.createAuthUri()).build(); } - + @PermitAll @Path("openid/callback") @GET diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java index 1c58cec3c..19d88782f 100644 --- a/src/main/java/org/traccar/api/resource/UserResource.java +++ b/src/main/java/org/traccar/api/resource/UserResource.java @@ -17,7 +17,6 @@ package org.traccar.api.resource; import org.traccar.api.BaseObjectResource; import org.traccar.config.Config; -import org.traccar.config.Keys; import org.traccar.helper.LogAction; import org.traccar.helper.model.UserUtil; import org.traccar.model.ManagedUser; diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java index d92f7ce15..c7482a2e3 100644 --- a/src/main/java/org/traccar/api/security/LoginService.java +++ b/src/main/java/org/traccar/api/security/LoginService.java @@ -107,7 +107,7 @@ public class LoginService { user.setEmail(email); user.setFixedEmail(true); user.setAdministrator(administrator); - user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); + user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); checkUserEnabled(user); return user; } diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java index a666667d4..707e9e815 100644 --- a/src/main/java/org/traccar/config/Keys.java +++ b/src/main/java/org/traccar/config/Keys.java @@ -628,7 +628,7 @@ public final class Keys { List.of(KeyType.CONFIG)); /** - * OpenID Connect Client Secret. + * OpenID Connect Client Secret. * This is a secret assigned to each application you register with your identity provider. * Required to enable SSO. */ diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java index 5e5c54523..f5c7eef15 100644 --- a/src/main/java/org/traccar/database/OpenIdProvider.java +++ b/src/main/java/org/traccar/database/OpenIdProvider.java @@ -50,7 +50,6 @@ import com.nimbusds.oauth2.sdk.token.BearerAccessToken; import com.nimbusds.oauth2.sdk.id.State; import com.nimbusds.oauth2.sdk.id.ClientID; import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; -import com.nimbusds.openid.connect.sdk.Nonce; import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser; import com.nimbusds.openid.connect.sdk.UserInfoResponse; import com.nimbusds.openid.connect.sdk.UserInfoRequest; @@ -60,8 +59,8 @@ import com.nimbusds.openid.connect.sdk.claims.UserInfo; public class OpenIdProvider { private static final Logger LOGGER = LoggerFactory.getLogger(OpenIdProvider.class); - - public final Boolean force; + + private final Boolean force; private final ClientID clientId; private final ClientAuthentication clientAuth; private URI callbackUrl; @@ -74,7 +73,7 @@ public class OpenIdProvider { private LoginService loginService; @Inject - public OpenIdProvider(Config config, LoginService loginService) { + public OpenIdProvider(Config config, LoginService loginService) { this.loginService = loginService; force = config.getBoolean(Keys.OPENID_FORCE); @@ -87,7 +86,7 @@ public class OpenIdProvider { tokenUrl = new URI(config.getString(Keys.OPENID_TOKENURL, "")); userInfoUrl = new URI(config.getString(Keys.OPENID_USERINFOURL, "")); baseUrl = new URI(config.getString(Keys.WEB_URL, "")); - } catch(URISyntaxException error) { + } catch (URISyntaxException error) { LOGGER.error("Invalid URIs provided in OpenID configuration"); } @@ -100,24 +99,25 @@ public class OpenIdProvider { new Scope("openid", "profile", "email", "groups"), clientId, callbackUrl); - + return request.endpointURI(authUrl) .state(new State()) .build() .toURI(); } - private OIDCTokenResponse getToken(AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException { - AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl); - TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant); + private OIDCTokenResponse getToken( + AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException { + AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl); + TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant); - HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send(); - TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse); - if (!token.indicatesSuccess()) { - throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider."); - } + HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send(); + TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse); + if (!token.indicatesSuccess()) { + throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider."); + } - return (OIDCTokenResponse) token.toSuccessResponse(); + return (OIDCTokenResponse) token.toSuccessResponse(); } private UserInfo getUserInfo(BearerAccessToken token) throws IOException, ParseException, GeneralSecurityException { @@ -128,36 +128,45 @@ public class OpenIdProvider { UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse); if (!userInfoResponse.indicatesSuccess()) { - throw new GeneralSecurityException("Failed to access OpenID Connect user info endpoint. Please contact your administrator."); + throw new GeneralSecurityException( + "Failed to access OpenID Connect user info endpoint. Please contact your administrator."); } return userInfoResponse.toSuccessResponse().getUserInfo(); } - public URI handleCallback(URI requestUri, HttpServletRequest request) throws StorageException, ParseException, IOException, GeneralSecurityException { - AuthorizationResponse response = AuthorizationResponse.parse(requestUri); + public URI handleCallback( + URI requestUri, HttpServletRequest request + ) throws StorageException, ParseException, IOException, GeneralSecurityException { + AuthorizationResponse response = AuthorizationResponse.parse(requestUri); - if (!response.indicatesSuccess()) { - throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription()); - } + if (!response.indicatesSuccess()) { + throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription()); + } - AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode(); + AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode(); - if (authCode == null) { - throw new GeneralSecurityException( "Malformed OpenID callback."); - } + if (authCode == null) { + throw new GeneralSecurityException("Malformed OpenID callback."); + } + + OIDCTokenResponse tokens = getToken(authCode); - OIDCTokenResponse tokens = getToken(authCode); + BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); - BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); + UserInfo userInfo = getUserInfo(bearerToken); - UserInfo userInfo = getUserInfo(bearerToken); + User user = loginService.login( + userInfo.getEmailAddress(), userInfo.getName(), + userInfo.getStringListClaim("groups").contains(adminGroup)); - User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), userInfo.getStringListClaim("groups").contains(adminGroup)); + request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); + LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); - request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); - LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); + return baseUrl; + } - return baseUrl; + public boolean getForce() { + return force; } } |