diff options
Diffstat (limited to 'src/main/java/org/traccar/database')
-rw-r--r-- | src/main/java/org/traccar/database/OpenIdProvider.java | 87 |
1 files changed, 43 insertions, 44 deletions
diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java index 312be8890..19780c68d 100644 --- a/src/main/java/org/traccar/database/OpenIdProvider.java +++ b/src/main/java/org/traccar/database/OpenIdProvider.java @@ -66,20 +66,20 @@ public class OpenIdProvider { private final Boolean force; private final ClientID clientId; private final ClientAuthentication clientAuth; - private URI callbackUrl; - private URI authUrl; - private URI tokenUrl; - private URI userInfoUrl; - private URI baseUrl; + private final URI callbackUrl; + private final URI authUrl; + private final URI tokenUrl; + private final URI userInfoUrl; + private final URI baseUrl; private final String adminGroup; private final String allowGroup; - private LoginService loginService; + private final LoginService loginService; @Inject - public OpenIdProvider( - Config config, LoginService loginService, HttpClient httpClient, ObjectMapper objectMapper - ) throws InterruptedException, IOException, URISyntaxException { + public OpenIdProvider(Config config, LoginService loginService, HttpClient httpClient, ObjectMapper objectMapper) + throws InterruptedException, IOException, URISyntaxException { + this.loginService = loginService; force = config.getBoolean(Keys.OPENID_FORCE); @@ -97,8 +97,7 @@ public class OpenIdProvider { String httpResponse = httpClient.send(httpRequest, BodyHandlers.ofString()).body(); - Map<String, Object> discoveryMap = objectMapper.readValue( - httpResponse, new TypeReference<Map<String, Object>>() { }); + Map<String, Object> discoveryMap = objectMapper.readValue(httpResponse, new TypeReference<>() {}); authUrl = new URI((String) discoveryMap.get("authorization_endpoint")); tokenUrl = new URI((String) discoveryMap.get("token_endpoint")); @@ -132,18 +131,18 @@ public class OpenIdProvider { .toURI(); } - private OIDCTokenResponse getToken( - AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException { - AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl); - TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant); + private OIDCTokenResponse getToken(AuthorizationCode code) + throws IOException, ParseException, GeneralSecurityException { + AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl); + TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant); - HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send(); - TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse); - if (!token.indicatesSuccess()) { - throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider."); - } + HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send(); + TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse); + if (!token.indicatesSuccess()) { + throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider."); + } - return (OIDCTokenResponse) token.toSuccessResponse(); + return (OIDCTokenResponse) token.toSuccessResponse(); } private UserInfo getUserInfo(BearerAccessToken token) throws IOException, ParseException, GeneralSecurityException { @@ -161,40 +160,40 @@ public class OpenIdProvider { return userInfoResponse.toSuccessResponse().getUserInfo(); } - public URI handleCallback( - URI requestUri, HttpServletRequest request - ) throws StorageException, ParseException, IOException, GeneralSecurityException { - AuthorizationResponse response = AuthorizationResponse.parse(requestUri); + public URI handleCallback(URI requestUri, HttpServletRequest request) + throws StorageException, ParseException, IOException, GeneralSecurityException { + + AuthorizationResponse response = AuthorizationResponse.parse(requestUri); - if (!response.indicatesSuccess()) { - throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription()); - } + if (!response.indicatesSuccess()) { + throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription()); + } - AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode(); + AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode(); - if (authCode == null) { - throw new GeneralSecurityException("Malformed OpenID callback."); - } + if (authCode == null) { + throw new GeneralSecurityException("Malformed OpenID callback."); + } - OIDCTokenResponse tokens = getToken(authCode); + OIDCTokenResponse tokens = getToken(authCode); - BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); + BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); - UserInfo userInfo = getUserInfo(bearerToken); + UserInfo userInfo = getUserInfo(bearerToken); - List<String> userGroups = userInfo.getStringListClaim("groups"); - Boolean administrator = adminGroup != null && userGroups.contains(adminGroup); + List<String> userGroups = userInfo.getStringListClaim("groups"); + boolean administrator = adminGroup != null && userGroups.contains(adminGroup); - if (!(administrator || allowGroup == null || userGroups.contains(allowGroup))) { - throw new GeneralSecurityException("Your OpenID Groups do not permit access to Traccar."); - } + if (!(administrator || allowGroup == null || userGroups.contains(allowGroup))) { + throw new GeneralSecurityException("Your OpenID Groups do not permit access to Traccar."); + } - User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), administrator); + User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), administrator); - request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); - LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request)); + request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); + LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request)); - return baseUrl; + return baseUrl; } public boolean getForce() { |