aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/main/java/org/traccar/database/OpenIdProvider.java87
1 files changed, 43 insertions, 44 deletions
diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java
index 312be8890..19780c68d 100644
--- a/src/main/java/org/traccar/database/OpenIdProvider.java
+++ b/src/main/java/org/traccar/database/OpenIdProvider.java
@@ -66,20 +66,20 @@ public class OpenIdProvider {
private final Boolean force;
private final ClientID clientId;
private final ClientAuthentication clientAuth;
- private URI callbackUrl;
- private URI authUrl;
- private URI tokenUrl;
- private URI userInfoUrl;
- private URI baseUrl;
+ private final URI callbackUrl;
+ private final URI authUrl;
+ private final URI tokenUrl;
+ private final URI userInfoUrl;
+ private final URI baseUrl;
private final String adminGroup;
private final String allowGroup;
- private LoginService loginService;
+ private final LoginService loginService;
@Inject
- public OpenIdProvider(
- Config config, LoginService loginService, HttpClient httpClient, ObjectMapper objectMapper
- ) throws InterruptedException, IOException, URISyntaxException {
+ public OpenIdProvider(Config config, LoginService loginService, HttpClient httpClient, ObjectMapper objectMapper)
+ throws InterruptedException, IOException, URISyntaxException {
+
this.loginService = loginService;
force = config.getBoolean(Keys.OPENID_FORCE);
@@ -97,8 +97,7 @@ public class OpenIdProvider {
String httpResponse = httpClient.send(httpRequest, BodyHandlers.ofString()).body();
- Map<String, Object> discoveryMap = objectMapper.readValue(
- httpResponse, new TypeReference<Map<String, Object>>() { });
+ Map<String, Object> discoveryMap = objectMapper.readValue(httpResponse, new TypeReference<>() {});
authUrl = new URI((String) discoveryMap.get("authorization_endpoint"));
tokenUrl = new URI((String) discoveryMap.get("token_endpoint"));
@@ -132,18 +131,18 @@ public class OpenIdProvider {
.toURI();
}
- private OIDCTokenResponse getToken(
- AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException {
- AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl);
- TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant);
+ private OIDCTokenResponse getToken(AuthorizationCode code)
+ throws IOException, ParseException, GeneralSecurityException {
+ AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl);
+ TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant);
- HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send();
- TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse);
- if (!token.indicatesSuccess()) {
- throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider.");
- }
+ HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send();
+ TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse);
+ if (!token.indicatesSuccess()) {
+ throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider.");
+ }
- return (OIDCTokenResponse) token.toSuccessResponse();
+ return (OIDCTokenResponse) token.toSuccessResponse();
}
private UserInfo getUserInfo(BearerAccessToken token) throws IOException, ParseException, GeneralSecurityException {
@@ -161,40 +160,40 @@ public class OpenIdProvider {
return userInfoResponse.toSuccessResponse().getUserInfo();
}
- public URI handleCallback(
- URI requestUri, HttpServletRequest request
- ) throws StorageException, ParseException, IOException, GeneralSecurityException {
- AuthorizationResponse response = AuthorizationResponse.parse(requestUri);
+ public URI handleCallback(URI requestUri, HttpServletRequest request)
+ throws StorageException, ParseException, IOException, GeneralSecurityException {
+
+ AuthorizationResponse response = AuthorizationResponse.parse(requestUri);
- if (!response.indicatesSuccess()) {
- throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription());
- }
+ if (!response.indicatesSuccess()) {
+ throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription());
+ }
- AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode();
+ AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode();
- if (authCode == null) {
- throw new GeneralSecurityException("Malformed OpenID callback.");
- }
+ if (authCode == null) {
+ throw new GeneralSecurityException("Malformed OpenID callback.");
+ }
- OIDCTokenResponse tokens = getToken(authCode);
+ OIDCTokenResponse tokens = getToken(authCode);
- BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken();
+ BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken();
- UserInfo userInfo = getUserInfo(bearerToken);
+ UserInfo userInfo = getUserInfo(bearerToken);
- List<String> userGroups = userInfo.getStringListClaim("groups");
- Boolean administrator = adminGroup != null && userGroups.contains(adminGroup);
+ List<String> userGroups = userInfo.getStringListClaim("groups");
+ boolean administrator = adminGroup != null && userGroups.contains(adminGroup);
- if (!(administrator || allowGroup == null || userGroups.contains(allowGroup))) {
- throw new GeneralSecurityException("Your OpenID Groups do not permit access to Traccar.");
- }
+ if (!(administrator || allowGroup == null || userGroups.contains(allowGroup))) {
+ throw new GeneralSecurityException("Your OpenID Groups do not permit access to Traccar.");
+ }
- User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), administrator);
+ User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), administrator);
- request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId());
- LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
+ request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId());
+ LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
- return baseUrl;
+ return baseUrl;
}
public boolean getForce() {