From 5ba5cc8291d0bd5d497563ddebf08dfc6d239ee9 Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 5 Apr 2023 20:40:09 +0100 Subject: Review changes --- src/main/java/org/traccar/MainModule.java | 12 +++-- src/main/java/org/traccar/config/Keys.java | 16 +++--- .../java/org/traccar/database/OpenIdProvider.java | 62 +++++++++------------- 3 files changed, 41 insertions(+), 49 deletions(-) diff --git a/src/main/java/org/traccar/MainModule.java b/src/main/java/org/traccar/MainModule.java index 51097511a..220798767 100644 --- a/src/main/java/org/traccar/MainModule.java +++ b/src/main/java/org/traccar/MainModule.java @@ -97,6 +97,7 @@ import javax.ws.rs.client.ClientBuilder; import java.io.IOException; import java.net.InetAddress; import java.net.UnknownHostException; +import java.net.http.HttpClient; import java.util.Properties; public class MainModule extends AbstractModule { @@ -174,11 +175,12 @@ public class MainModule extends AbstractModule { @Singleton @Provides - public static OpenIdProvider provideOpenIDProvider(Config config, LoginService loginService) { - if (config.hasKey(Keys.OPENID_CLIENTID)) { - return new OpenIdProvider(config, loginService); - } - return null; + public static OpenIdProvider provideOpenIDProvider( + Config config, LoginService loginService, ObjectMapper objectMapper) throws InterruptedException, IOException { + if (config.hasKey(Keys.OPENID_CLIENT_ID)) { + return new OpenIdProvider(config, loginService, HttpClient.newHttpClient(), objectMapper); + } + return null; } @Provides diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java index 363d4a472..6c46ef390 100644 --- a/src/main/java/org/traccar/config/Keys.java +++ b/src/main/java/org/traccar/config/Keys.java @@ -623,7 +623,7 @@ public final class Keys { * This is a unique ID assigned to each application you register with your identity provider. * Required to enable SSO. */ - public static final ConfigKey OPENID_CLIENTID = new StringConfigKey( + public static final ConfigKey OPENID_CLIENT_ID = new StringConfigKey( "openid.clientId", List.of(KeyType.CONFIG)); @@ -632,7 +632,7 @@ public final class Keys { * This is a secret assigned to each application you register with your identity provider. * Required to enable SSO. */ - public static final ConfigKey OPENID_CLIENTSECRET = new StringConfigKey( + public static final ConfigKey OPENID_CLIENT_SECRET = new StringConfigKey( "openid.clientSecret", List.of(KeyType.CONFIG)); @@ -641,7 +641,7 @@ public final class Keys { * This is used to automatically configure the authorization, token and user info URLs if * they are not provided. */ - public static final ConfigKey OPENID_ISSUERURL = new StringConfigKey( + public static final ConfigKey OPENID_ISSUER_URL = new StringConfigKey( "openid.issuerUrl", List.of(KeyType.CONFIG)); @@ -651,7 +651,7 @@ public final class Keys { * configuration endpoint, eg. https://auth.example.com//.well-known/openid-configuration * Required to enable SSO if openid.issuerUrl is not set. */ - public static final ConfigKey OPENID_AUTHURL = new StringConfigKey( + public static final ConfigKey OPENID_AUTH_URL = new StringConfigKey( "openid.authUrl", List.of(KeyType.CONFIG)); /** @@ -659,7 +659,7 @@ public final class Keys { * This can be found in the same ways at openid.authUrl. * Required to enable SSO if openid.issuerUrl is not set. */ - public static final ConfigKey OPENID_TOKENURL = new StringConfigKey( + public static final ConfigKey OPENID_TOKEN_URL = new StringConfigKey( "openid.tokenUrl", List.of(KeyType.CONFIG)); @@ -668,7 +668,7 @@ public final class Keys { * This can be found in the same ways at openid.authUrl. * Required to enable SSO if openid.issuerUrl is not set. */ - public static final ConfigKey OPENID_USERINFOURL = new StringConfigKey( + public static final ConfigKey OPENID_USERINFO_URL = new StringConfigKey( "openid.userInfoUrl", List.of(KeyType.CONFIG)); @@ -677,7 +677,7 @@ public final class Keys { * If this is not provided, all OpenID users will have access to Traccar. * This option will only work if your OpenID provider supports the groups scope. */ - public static final ConfigKey OPENID_ALLOWGROUP = new StringConfigKey( + public static final ConfigKey OPENID_ALLOW_GROUP = new StringConfigKey( "openid.allowGroup", List.of(KeyType.CONFIG)); @@ -686,7 +686,7 @@ public final class Keys { * If this is not provided, no groups will be granted admin access. * This option will only work if your OpenID provider supports the groups scope. */ - public static final ConfigKey OPENID_ADMINGROUP = new StringConfigKey( + public static final ConfigKey OPENID_ADMIN_GROUP = new StringConfigKey( "openid.adminGroup", List.of(KeyType.CONFIG)); diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java index 370876ed9..8b93feea7 100644 --- a/src/main/java/org/traccar/database/OpenIdProvider.java +++ b/src/main/java/org/traccar/database/OpenIdProvider.java @@ -82,56 +82,46 @@ public class OpenIdProvider { private LoginService loginService; @Inject - public OpenIdProvider(Config config, LoginService loginService) { - this.loginService = loginService; - - force = config.getBoolean(Keys.OPENID_FORCE); - clientId = new ClientID(config.getString(Keys.OPENID_CLIENTID)); - clientAuth = new ClientSecretBasic(clientId, new Secret(config.getString(Keys.OPENID_CLIENTSECRET))); - - try { - callbackUrl = new URI(config.getString(Keys.WEB_URL, "") + "/api/session/openid/callback"); - baseUrl = new URI(config.getString(Keys.WEB_URL, "")); - - if ( - config.hasKey(Keys.OPENID_ISSUERURL) - && ( - !config.hasKey(Keys.OPENID_AUTHURL) - || !config.hasKey(Keys.OPENID_TOKENURL) - || !config.hasKey(Keys.OPENID_USERINFOURL)) - ) { - HttpClient httpClient = HttpClient.newHttpClient(); + public OpenIdProvider( + Config config, LoginService loginService, HttpClient httpClient, ObjectMapper objectMapper + ) throws InterruptedException, IOException { + this.loginService = loginService; + force = config.getBoolean(Keys.OPENID_FORCE); + clientId = new ClientID(config.getString(Keys.OPENID_CLIENT_ID)); + clientAuth = new ClientSecretBasic(clientId, new Secret(config.getString(Keys.OPENID_CLIENT_SECRET))); + + try { + callbackUrl = new URI(config.getString(Keys.WEB_URL, "") + "/api/session/openid/callback"); + baseUrl = new URI(config.getString(Keys.WEB_URL, "")); + + if (config.hasKey(Keys.OPENID_ISSUER_URL)) { HttpRequest httpRequest = HttpRequest.newBuilder( - URI.create( - config.getString(Keys.OPENID_ISSUERURL) + "/.well-known/openid-configuration") - ) - .header("accept", "application/json") + URI.create(config.getString(Keys.OPENID_ISSUER_URL) + "/.well-known/openid-configuration")) + .header("Accept", "application/json") .build(); String httpResponse = httpClient.send(httpRequest, BodyHandlers.ofString()).body(); - Map discoveryMap = new ObjectMapper().readValue( + Map discoveryMap = objectMapper.readValue( httpResponse, new TypeReference>() { }); - authUrl = new URI(discoveryMap.get("authorization_endpoint").toString()); - tokenUrl = new URI(discoveryMap.get("token_endpoint").toString()); - userInfoUrl = new URI(discoveryMap.get("userinfo_endpoint").toString()); + authUrl = new URI((String) discoveryMap.get("authorization_endpoint")); + tokenUrl = new URI((String) discoveryMap.get("token_endpoint")); + userInfoUrl = new URI((String) discoveryMap.get("userinfo_endpoint")); LOGGER.info("OpenID Connect auto discovery successful"); - } else { - authUrl = new URI(config.getString(Keys.OPENID_AUTHURL)); - tokenUrl = new URI(config.getString(Keys.OPENID_TOKENURL)); - userInfoUrl = new URI(config.getString(Keys.OPENID_USERINFOURL)); - } + } else { + authUrl = new URI(config.getString(Keys.OPENID_AUTH_URL)); + tokenUrl = new URI(config.getString(Keys.OPENID_TOKEN_URL)); + userInfoUrl = new URI(config.getString(Keys.OPENID_USERINFO_URL)); + } } catch (URISyntaxException error) { LOGGER.error("Invalid URIs provided in OpenID configuration"); - } catch (InterruptedException | IOException error) { - LOGGER.error("OpenID Connect auto discovery failed"); } - adminGroup = config.getString(Keys.OPENID_ADMINGROUP); - allowGroup = config.getString(Keys.OPENID_ALLOWGROUP); + adminGroup = config.getString(Keys.OPENID_ADMIN_GROUP); + allowGroup = config.getString(Keys.OPENID_ALLOW_GROUP); } public URI createAuthUri() { -- cgit v1.2.3