aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/main/java/org/traccar/MainModule.java2
-rw-r--r--src/main/java/org/traccar/api/resource/ServerResource.java2
-rw-r--r--src/main/java/org/traccar/api/resource/SessionResource.java2
-rw-r--r--src/main/java/org/traccar/api/resource/UserResource.java1
-rw-r--r--src/main/java/org/traccar/api/security/LoginService.java2
-rw-r--r--src/main/java/org/traccar/config/Keys.java2
-rw-r--r--src/main/java/org/traccar/database/OpenIdProvider.java73
7 files changed, 46 insertions, 38 deletions
diff --git a/src/main/java/org/traccar/MainModule.java b/src/main/java/org/traccar/MainModule.java
index 7b06b4840..51097511a 100644
--- a/src/main/java/org/traccar/MainModule.java
+++ b/src/main/java/org/traccar/MainModule.java
@@ -171,7 +171,7 @@ public class MainModule extends AbstractModule {
}
return null;
}
-
+
@Singleton
@Provides
public static OpenIdProvider provideOpenIDProvider(Config config, LoginService loginService) {
diff --git a/src/main/java/org/traccar/api/resource/ServerResource.java b/src/main/java/org/traccar/api/resource/ServerResource.java
index 9b4d82a66..6a3b8919e 100644
--- a/src/main/java/org/traccar/api/resource/ServerResource.java
+++ b/src/main/java/org/traccar/api/resource/ServerResource.java
@@ -71,7 +71,7 @@ public class ServerResource extends BaseResource {
server.setEmailEnabled(mailManager.getEmailEnabled());
server.setGeocoderEnabled(geocoder != null);
server.setOpenIdEnabled(openIdProvider != null);
- server.setOpenIdForce(openIdProvider != null && openIdProvider.force);
+ server.setOpenIdForce(openIdProvider != null && openIdProvider.getForce());
User user = permissionsService.getUser(getUserId());
if (user != null) {
if (user.getAdministrator()) {
diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index 94a6a4595..ac39fa449 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -174,7 +174,7 @@ public class SessionResource extends BaseResource {
public Response openIdAuth() throws IOException {
return Response.seeOther(openIdProvider.createAuthUri()).build();
}
-
+
@PermitAll
@Path("openid/callback")
@GET
diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java
index 1c58cec3c..19d88782f 100644
--- a/src/main/java/org/traccar/api/resource/UserResource.java
+++ b/src/main/java/org/traccar/api/resource/UserResource.java
@@ -17,7 +17,6 @@ package org.traccar.api.resource;
import org.traccar.api.BaseObjectResource;
import org.traccar.config.Config;
-import org.traccar.config.Keys;
import org.traccar.helper.LogAction;
import org.traccar.helper.model.UserUtil;
import org.traccar.model.ManagedUser;
diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java
index d92f7ce15..c7482a2e3 100644
--- a/src/main/java/org/traccar/api/security/LoginService.java
+++ b/src/main/java/org/traccar/api/security/LoginService.java
@@ -107,7 +107,7 @@ public class LoginService {
user.setEmail(email);
user.setFixedEmail(true);
user.setAdministrator(administrator);
- user.setId(storage.addObject(user, new Request(new Columns.Exclude("id"))));
+ user.setId(storage.addObject(user, new Request(new Columns.Exclude("id"))));
checkUserEnabled(user);
return user;
}
diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java
index a666667d4..707e9e815 100644
--- a/src/main/java/org/traccar/config/Keys.java
+++ b/src/main/java/org/traccar/config/Keys.java
@@ -628,7 +628,7 @@ public final class Keys {
List.of(KeyType.CONFIG));
/**
- * OpenID Connect Client Secret.
+ * OpenID Connect Client Secret.
* This is a secret assigned to each application you register with your identity provider.
* Required to enable SSO.
*/
diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java
index 5e5c54523..f5c7eef15 100644
--- a/src/main/java/org/traccar/database/OpenIdProvider.java
+++ b/src/main/java/org/traccar/database/OpenIdProvider.java
@@ -50,7 +50,6 @@ import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
-import com.nimbusds.openid.connect.sdk.Nonce;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
import com.nimbusds.openid.connect.sdk.UserInfoResponse;
import com.nimbusds.openid.connect.sdk.UserInfoRequest;
@@ -60,8 +59,8 @@ import com.nimbusds.openid.connect.sdk.claims.UserInfo;
public class OpenIdProvider {
private static final Logger LOGGER = LoggerFactory.getLogger(OpenIdProvider.class);
-
- public final Boolean force;
+
+ private final Boolean force;
private final ClientID clientId;
private final ClientAuthentication clientAuth;
private URI callbackUrl;
@@ -74,7 +73,7 @@ public class OpenIdProvider {
private LoginService loginService;
@Inject
- public OpenIdProvider(Config config, LoginService loginService) {
+ public OpenIdProvider(Config config, LoginService loginService) {
this.loginService = loginService;
force = config.getBoolean(Keys.OPENID_FORCE);
@@ -87,7 +86,7 @@ public class OpenIdProvider {
tokenUrl = new URI(config.getString(Keys.OPENID_TOKENURL, ""));
userInfoUrl = new URI(config.getString(Keys.OPENID_USERINFOURL, ""));
baseUrl = new URI(config.getString(Keys.WEB_URL, ""));
- } catch(URISyntaxException error) {
+ } catch (URISyntaxException error) {
LOGGER.error("Invalid URIs provided in OpenID configuration");
}
@@ -100,24 +99,25 @@ public class OpenIdProvider {
new Scope("openid", "profile", "email", "groups"),
clientId,
callbackUrl);
-
+
return request.endpointURI(authUrl)
.state(new State())
.build()
.toURI();
}
- private OIDCTokenResponse getToken(AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException {
- AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl);
- TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant);
+ private OIDCTokenResponse getToken(
+ AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException {
+ AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl);
+ TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant);
- HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send();
- TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse);
- if (!token.indicatesSuccess()) {
- throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider.");
- }
+ HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send();
+ TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse);
+ if (!token.indicatesSuccess()) {
+ throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider.");
+ }
- return (OIDCTokenResponse) token.toSuccessResponse();
+ return (OIDCTokenResponse) token.toSuccessResponse();
}
private UserInfo getUserInfo(BearerAccessToken token) throws IOException, ParseException, GeneralSecurityException {
@@ -128,36 +128,45 @@ public class OpenIdProvider {
UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);
if (!userInfoResponse.indicatesSuccess()) {
- throw new GeneralSecurityException("Failed to access OpenID Connect user info endpoint. Please contact your administrator.");
+ throw new GeneralSecurityException(
+ "Failed to access OpenID Connect user info endpoint. Please contact your administrator.");
}
return userInfoResponse.toSuccessResponse().getUserInfo();
}
- public URI handleCallback(URI requestUri, HttpServletRequest request) throws StorageException, ParseException, IOException, GeneralSecurityException {
- AuthorizationResponse response = AuthorizationResponse.parse(requestUri);
+ public URI handleCallback(
+ URI requestUri, HttpServletRequest request
+ ) throws StorageException, ParseException, IOException, GeneralSecurityException {
+ AuthorizationResponse response = AuthorizationResponse.parse(requestUri);
- if (!response.indicatesSuccess()) {
- throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription());
- }
+ if (!response.indicatesSuccess()) {
+ throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription());
+ }
- AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode();
+ AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode();
- if (authCode == null) {
- throw new GeneralSecurityException( "Malformed OpenID callback.");
- }
+ if (authCode == null) {
+ throw new GeneralSecurityException("Malformed OpenID callback.");
+ }
+
+ OIDCTokenResponse tokens = getToken(authCode);
- OIDCTokenResponse tokens = getToken(authCode);
+ BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken();
- BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken();
+ UserInfo userInfo = getUserInfo(bearerToken);
- UserInfo userInfo = getUserInfo(bearerToken);
+ User user = loginService.login(
+ userInfo.getEmailAddress(), userInfo.getName(),
+ userInfo.getStringListClaim("groups").contains(adminGroup));
- User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), userInfo.getStringListClaim("groups").contains(adminGroup));
+ request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId());
+ LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request));
- request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId());
- LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request));
+ return baseUrl;
+ }
- return baseUrl;
+ public boolean getForce() {
+ return force;
}
}