From 2319e1c707eedd25b3ca88b6ee00f416031d22a3 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton@traccar.org>
Date: Sun, 29 Oct 2023 13:49:22 -0700
Subject: Cleanup OpenID class

---
 .../java/org/traccar/database/OpenIdProvider.java  | 87 +++++++++++-----------
 1 file changed, 43 insertions(+), 44 deletions(-)

diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java
index 312be8890..19780c68d 100644
--- a/src/main/java/org/traccar/database/OpenIdProvider.java
+++ b/src/main/java/org/traccar/database/OpenIdProvider.java
@@ -66,20 +66,20 @@ public class OpenIdProvider {
     private final Boolean force;
     private final ClientID clientId;
     private final ClientAuthentication clientAuth;
-    private URI callbackUrl;
-    private URI authUrl;
-    private URI tokenUrl;
-    private URI userInfoUrl;
-    private URI baseUrl;
+    private final URI callbackUrl;
+    private final URI authUrl;
+    private final URI tokenUrl;
+    private final URI userInfoUrl;
+    private final URI baseUrl;
     private final String adminGroup;
     private final String allowGroup;
 
-    private LoginService loginService;
+    private final LoginService loginService;
 
     @Inject
-    public OpenIdProvider(
-        Config config, LoginService loginService, HttpClient httpClient, ObjectMapper objectMapper
-        ) throws InterruptedException, IOException, URISyntaxException {
+    public OpenIdProvider(Config config, LoginService loginService, HttpClient httpClient, ObjectMapper objectMapper)
+        throws InterruptedException, IOException, URISyntaxException {
+
         this.loginService = loginService;
 
         force = config.getBoolean(Keys.OPENID_FORCE);
@@ -97,8 +97,7 @@ public class OpenIdProvider {
 
             String httpResponse = httpClient.send(httpRequest, BodyHandlers.ofString()).body();
 
-            Map<String, Object> discoveryMap = objectMapper.readValue(
-                httpResponse, new TypeReference<Map<String, Object>>() { });
+            Map<String, Object> discoveryMap = objectMapper.readValue(httpResponse, new TypeReference<>() {});
 
             authUrl = new URI((String) discoveryMap.get("authorization_endpoint"));
             tokenUrl = new URI((String) discoveryMap.get("token_endpoint"));
@@ -132,18 +131,18 @@ public class OpenIdProvider {
                 .toURI();
     }
 
-    private OIDCTokenResponse getToken(
-        AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException {
-            AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl);
-            TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant);
+    private OIDCTokenResponse getToken(AuthorizationCode code)
+            throws IOException, ParseException, GeneralSecurityException {
+        AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl);
+        TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant);
 
-            HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send();
-            TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse);
-            if (!token.indicatesSuccess()) {
-                throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider.");
-            }
+        HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send();
+        TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse);
+        if (!token.indicatesSuccess()) {
+            throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider.");
+        }
 
-            return (OIDCTokenResponse) token.toSuccessResponse();
+        return (OIDCTokenResponse) token.toSuccessResponse();
     }
 
     private UserInfo getUserInfo(BearerAccessToken token) throws IOException, ParseException, GeneralSecurityException {
@@ -161,40 +160,40 @@ public class OpenIdProvider {
         return userInfoResponse.toSuccessResponse().getUserInfo();
     }
 
-    public URI handleCallback(
-            URI requestUri, HttpServletRequest request
-        ) throws StorageException, ParseException, IOException, GeneralSecurityException {
-            AuthorizationResponse response = AuthorizationResponse.parse(requestUri);
+    public URI handleCallback(URI requestUri, HttpServletRequest request)
+            throws StorageException, ParseException, IOException, GeneralSecurityException {
+
+        AuthorizationResponse response = AuthorizationResponse.parse(requestUri);
 
-            if (!response.indicatesSuccess()) {
-                throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription());
-            }
+        if (!response.indicatesSuccess()) {
+            throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription());
+        }
 
-            AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode();
+        AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode();
 
-            if (authCode == null) {
-                throw new GeneralSecurityException("Malformed OpenID callback.");
-            }
+        if (authCode == null) {
+            throw new GeneralSecurityException("Malformed OpenID callback.");
+        }
 
-            OIDCTokenResponse tokens = getToken(authCode);
+        OIDCTokenResponse tokens = getToken(authCode);
 
-            BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken();
+        BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken();
 
-            UserInfo userInfo = getUserInfo(bearerToken);
+        UserInfo userInfo = getUserInfo(bearerToken);
 
-            List<String> userGroups = userInfo.getStringListClaim("groups");
-            Boolean administrator = adminGroup != null && userGroups.contains(adminGroup);
+        List<String> userGroups = userInfo.getStringListClaim("groups");
+        boolean administrator = adminGroup != null && userGroups.contains(adminGroup);
 
-            if (!(administrator || allowGroup == null || userGroups.contains(allowGroup))) {
-                throw new GeneralSecurityException("Your OpenID Groups do not permit access to Traccar.");
-            }
+        if (!(administrator || allowGroup == null || userGroups.contains(allowGroup))) {
+            throw new GeneralSecurityException("Your OpenID Groups do not permit access to Traccar.");
+        }
 
-            User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), administrator);
+        User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), administrator);
 
-            request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId());
-            LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
+        request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId());
+        LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
 
-            return baseUrl;
+        return baseUrl;
     }
 
     public boolean getForce() {
-- 
cgit v1.2.3