public static Matcher<? super ServiceProviderToken> equalTo(ServiceProviderToken token) { // Hamcrest's is/equalTo matcher uses Object.equals so Consumer and Session properties // need to be explicitly checked Consumer consumer = token.getConsumer(); Matcher<?> consumerMatcher = consumer == null ? nullValue() : samePropertyValuesAs(consumer); ServiceProviderToken.Session session = token.getSession(); Matcher<?> sessionMatcher = session == null ? nullValue() : samePropertyValuesAs(session); return allOf(hasProperty("consumer", consumerMatcher), hasProperty("session", sessionMatcher), hasProperty("authorization", is(token.getAuthorization())), hasProperty("callback", is(token.getCallback())), hasProperty("creationTime", is(token.getCreationTime())), hasProperty("timeToLive", is(token.getTimeToLive())), hasProperty("user", is(token.getUser())), hasProperty("verifier", is(token.getVerifier())), hasProperty("version", is(token.getVersion())), hasProperty("properties", is(token.getProperties())), hasProperty("token", is(token.getToken())), hasProperty("tokenSecret", is(token.getTokenSecret()))); }
public ServiceProviderToken generateAccessToken(ServiceProviderToken token) { checkNotNull(token, "token"); // make sure token is authorized if (token.isRequestToken() && token.getAuthorization() != Authorization.AUTHORIZED) { throw new IllegalArgumentException("token is not an authorized request token"); } String t = randomizer.randomAlphanumericString(32); return ServiceProviderToken.newAccessToken(t) .tokenSecret(token.getTokenSecret()) .consumer(token.getConsumer()) .authorizedBy(token.getUser()) .properties(propertiesFactory.newAccessTokenProperties(token)) .session(newSession(token)) .build(); }
/** * The date/time at which the token will expire. */ public Date getExpirationTime() { return new Date(token.getCreationTime() + token.getTimeToLive()); }
/** * The human-readable name of the consumer application. */ public String getConsumerName() { if (token.hasProperty("alternate.consumer.name")) { return token.getProperty("alternate.consumer.name"); } return token.getConsumer().getName(); }
private void redirectBackToConsumerVersion1a(HttpServletRequest request, HttpServletResponse response, ServiceProviderToken token) throws IOException { URI callback = token.getCallback() == null ? token.getConsumer().getCallback() : token.getCallback(); if (callback == null) { response.setContentType("text/html"); if (token.getAuthorization() == Authorization.AUTHORIZED) { // no call back, display the verification code so the user can enter it manually templateRenderer.render(AUTH_NO_CALLBACK_APPROVAL_V1A_TEMPLATE, ImmutableMap.<String, Object>of("token", token), response.getWriter()); } else { templateRenderer.render(AUTH_NO_CALLBACK_DENIED_TEMPLATE, ImmutableMap.<String, Object>of("token", token), response.getWriter()); } } else { // add the token and verifier parameters to the callback and send the redirect // if the token was denied, then the verifier is set to a placeholder value in case consumers don't handle // a blank or missing verifier parameter response.sendRedirect(addParameters(callback.toString(), OAUTH_TOKEN, token.getToken(), OAUTH_VERIFIER, token.getAuthorization() == Authorization.AUTHORIZED ? token.getVerifier() : "denied") ); } }
throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); if (token.isRequestToken()) { checkRequestToken(requestMessage, token); } else { accessToken = tokenStore.addToken(ServiceProviderToken.newAccessToken(RandomStringUtils.randomAlphanumeric(32)) .tokenSecret(token.getTokenSecret()) .consumer(token.getConsumer()) .authorizedBy(token.getUser()) .session(newSession(token)) .build()); tokenStore.removeToken(token.getToken()); } catch (Exception e) { handleException(response, e, ApplicationLinkStore.getStore().getApplicationUrl(), true); OAuth.OAUTH_TOKEN, accessToken.getToken(), OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret(), Request.OAUTH_EXPIRES_IN, Long.toString(accessToken.getTimeToLive() / 1000), Request.OAUTH_SESSION_HANDLE, accessToken.getSession().getHandle(), Request.OAUTH_AUTHORIZATION_EXPIRES_IN, Long.toString(accessToken.getSession().getTimeToLive() / 1000) ), response.getOutputStream());
private static void setTokenData(OAuthAccessor accessor, ServiceProviderToken token) { Tokens.setCommonTokenData(accessor, token); if (token.isRequestToken()) { if (token.getAuthorization() == Authorization.AUTHORIZED) { accessor.setProperty(Tokens.AccessorProperty.USER, token.getUser()); accessor.setProperty(Tokens.AccessorProperty.AUTHORIZED, true); } else if (token.getAuthorization() == Authorization.DENIED) { accessor.setProperty(Tokens.AccessorProperty.USER, token.getUser()); accessor.setProperty(Tokens.AccessorProperty.AUTHORIZED, false); } } else { accessor.accessToken = token.getToken(); accessor.setProperty(Tokens.AccessorProperty.USER, token.getUser()); accessor.setProperty(Tokens.AccessorProperty.AUTHORIZED, true); } accessor.tokenSecret = token.getTokenSecret(); accessor.setProperty(Tokens.AccessorProperty.CREATION_TIME, token.getCreationTime()); } }
private void checkRequestToken(OAuthMessage requestMessage, ServiceProviderToken token) throws Exception { if (token.hasExpired(clock)) { throw new OAuthProblemException(TOKEN_EXPIRED); } if (token.getAuthorization() == Authorization.NONE) { throw new OAuthProblemException(PERMISSION_UNKNOWN); } if (token.getAuthorization() == Authorization.DENIED) { throw new OAuthProblemException(PERMISSION_DENIED); } if (!token.getConsumer().getKey().equals(requestMessage.getConsumerKey())) { throw new OAuthProblemException(TOKEN_REJECTED); } if (V_1_0_A.equals(token.getVersion())) { requestMessage.requireParameters(OAUTH_VERIFIER); if (!token.getVerifier().equals(requestMessage.getParameter(OAUTH_VERIFIER))) { throw new OAuthProblemException(TOKEN_REJECTED); } } }
ServletException { URI callback = null; if (token.getVersion() == ServiceProviderToken.Version.V_1_0_A && token.getCallback() != null) { callback = token.getCallback(); } else if (token.getVersion() == ServiceProviderToken.Version.V_1_0 && request.hasParameter(OAuth.OAUTH_CALLBACK)) { callback = URI.create(request.getParameter(OAuth.OAUTH_CALLBACK)); String newCallback = OAuth.addParameters(callback.toString(), OAuth.OAUTH_TOKEN, token.getToken()); if (token.getVersion() == ServiceProviderToken.Version.V_1_0_A) { newCallback = OAuth.addParameters(newCallback, OAuth.OAUTH_VERIFIER, token.getAuthorization() == ServiceProviderToken .Authorization.AUTHORIZED ? token.getVerifier() : "denied"); if (token.getAuthorization() == ServiceProviderToken.Authorization.AUTHORIZED) { view = "approved-authorization.jelly"; } else {
if (!token.isAccessToken()) { if (LOG.isDebugEnabled()) { LOG.debug(String.format("3-Legged-OAuth token rejected. Service Provider Token, for Consumer provided token [%s], is NOT an access token.", tokenStr)); if (!token.getConsumer().getKey().equals(message.getConsumerKey())) { if (LOG.isDebugEnabled()) { LOG.debug(String.format("3-Legged-OAuth token rejected. Service Provider Token, for Consumer provided token [%s], consumer key [%s] does not match request consumer key [%s]", tokenStr, token.getConsumer().getKey(), message.getConsumerKey())); if (token.hasExpired(clock)) { if (LOG.isDebugEnabled()) { LOG.debug(String.format("3-Legged-OAuth token rejected. Token has expired. Token creation time [%d] time to live [%d] clock (contains logging delay) [%d]", token.getCreationTime(), token.getTimeToLive(), clock.timeInMilliseconds())); final Principal user = token.getUser();
throw new OAuthProblemException(TOKEN_REJECTED); if (token.isRequestToken()) { checkRequestToken(requestMessage, token); } else { tokenStore.removeAndNotify(token.getToken()); } catch (Exception e) { handleException(response, e, applicationProperties.getBaseUrl(), true); OutputStream out = response.getOutputStream(); formEncode(newList( OAUTH_TOKEN, accessToken.getToken(), OAUTH_TOKEN_SECRET, accessToken.getTokenSecret(), OAUTH_EXPIRES_IN, Long.toString(accessToken.getTimeToLive() / 1000), OAUTH_SESSION_HANDLE, accessToken.getSession().getHandle(), OAUTH_AUTHORIZATION_EXPIRES_IN, Long.toString(accessToken.getSession().getTimeToLive() / 1000) ), out);
private void redirectBackToConsumerVersion1(HttpServletRequest request, HttpServletResponse response, ServiceProviderToken token) throws IOException { String callback = request.getParameter(OAUTH_CALLBACK); if (isEmpty(callback) && token.getConsumer().getCallback() != null) { callback = token.getConsumer().getCallback().toString(); } if (isEmpty(callback)) { // no call back it must be a client response.setContentType("text/html"); if (token.getAuthorization() == Authorization.AUTHORIZED) { // no call back, display the verification code so the user can enter it manually templateRenderer.render(AUTH_NO_CALLBACK_APPROVAL_V1_TEMPLATE, ImmutableMap.<String, Object>of("token", token), response.getWriter()); } else { templateRenderer.render(AUTH_NO_CALLBACK_DENIED_TEMPLATE, ImmutableMap.<String, Object>of("token", token), response.getWriter()); } } else { if (token.getToken() != null) { callback = addParameters(callback, "oauth_token", token.getToken()); } response.sendRedirect(callback); } }
@DELETE @Path("service-provider/{applinkId}/{username}") public Response removeServiceProviderAccessTokens(@PathParam("applinkId") String applinkId, @PathParam("username") String username) throws TypeNotInstalledException { Consumer consumer = getConsumerForApplink(new ApplicationId(applinkId)); Iterable<ServiceProviderToken> tokens = serviceProviderTokenStore.getAccessTokensForUser(username); for (ServiceProviderToken token : tokens) { if (token.getConsumer().getKey().equals(consumer.getKey())) { serviceProviderTokenStore.removeAndNotify(token.getToken()); } } return Response.noContent().build(); }
requestMessage.requireParameters(OAuth.OAUTH_TOKEN); token = ServiceProviderTokenStore.getStore().getToken(requestMessage.getToken()); if (token == null || token.isAccessToken()) { throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); } else if (token.getAuthorization() == ServiceProviderToken.Authorization.AUTHORIZED || token.getAuthorization() == ServiceProviderToken.Authorization.DENIED) { throw new OAuthProblemException(OAuth.Problems.TOKEN_USED); } else if (token.hasExpired(clock)) { throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED); if (request.hasParameter("approve")) { String verifier = RandomStringUtils.randomAlphanumeric(VERIFIER_LENGTH); newToken = token.authorize(new PrincipalConverter.UserPrincipal(User.current()), verifier); } else if (request.hasParameter("deny")) { newToken = token.deny(new PrincipalConverter.UserPrincipal(User.current())); } else { handleGet(request, response);
/** * Validate the given {@code message} as 3 Legged OAuth and get the {@link OAuthConsumer} * * @param message the {@link OAuthMessage} to validate * @return the {@link OAuthConsumer} * @throws Exception */ private OAuthConsumer validate3LOAuthMessage(OAuthMessage message, ServiceProviderToken token) throws Exception { if (token == null || !token.isAccessToken() || !token.getConsumer().getKey().equals(message.getConsumerKey())) { throw new OAuthProblemException(TOKEN_REJECTED); } if (token.hasExpired(clock)) { throw new OAuthProblemException(TOKEN_EXPIRED); } return ConsumerUtils.toOAuthConsumer(token); }
/** * Additional descriptive text about the consumer application. */ public String getDescription() { return token.getConsumer().getDescription(); }
/** * Convert a given {@code token} to an {@link net.oauth.OAuthConsumer} * * @param token the {@link com.atlassian.oauth.serviceprovider.ServiceProviderToken} to convert * @return the {@link net.oauth.OAuthConsumer} */ public static OAuthConsumer toOAuthConsumer(ServiceProviderToken token) { String callback = token.getCallback() != null ? token.getCallback().toString() : null; final OAuthConsumer consumer = new OAuthConsumer(callback, token.getConsumer().getKey(), null, null); consumer.setProperty(NAME, token.getConsumer().getName()); consumer.setProperty(DESCRIPTION, token.getConsumer().getDescription()); consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1); consumer.setProperty(RSA_SHA1.PUBLIC_KEY, token.getConsumer().getPublicKey()); return consumer; }
public ServiceProviderToken getTokenForAuthorization(HttpServletRequest request) throws OAuthProblemException, IOException { OAuthMessage requestMessage = OAuthServlet.getMessage(request, null); requestMessage.requireParameters(OAUTH_TOKEN); ServiceProviderToken token; try { token = store.get(requestMessage.getToken()); } catch (InvalidTokenException e) { throw new OAuthProblemException(TOKEN_REJECTED); } if (token == null || token.isAccessToken()) { throw new OAuthProblemException(TOKEN_REJECTED); } if (token.getAuthorization() == Authorization.AUTHORIZED || token.getAuthorization() == Authorization.DENIED) { throw new OAuthProblemException(TOKEN_USED); } if (token.hasExpired(clock)) { throw new OAuthProblemException(TOKEN_EXPIRED); } return token; }
ServiceProviderToken nonAuthorizedRequestTokenForAuthorizing = ServiceProviderToken.newRequestToken("bb6dd1391ce33b5bd3ecad1175139a39") .tokenSecret("29c3005cc5fbe5d431f27b29d6191ea3") .consumer(hardcodedConsumer) ServiceProviderToken nonAuthorizedRequestTokenForDenying = ServiceProviderToken.newRequestToken("RiZie2UaooXee5siJi6gee0tmeeBe0cu") .tokenSecret("ew0kaiK1Eetekee2Ahjah2hoAif5eu9P") .consumer(hardcodedConsumer) ServiceProviderToken spareNonAuthorizedRequestToken = ServiceProviderToken.newRequestToken("cc7ee2402df44c6ce4fdbe2286240b40") .tokenSecret("30d4116dd6acf6e542a38c30e7202fb4") .consumer(hardcodedConsumer) ServiceProviderToken nonAuthorizedRequestTokenWithoutCallbackForAuthorizing = ServiceProviderToken.newRequestToken("iezied5IEeh0IoquuGh9riexUenei4Ai") .tokenSecret("xei1kohXEepheed3Hemie7AhpoiG2cum") .consumer(hardcodedConsumerWithoutCallback) ServiceProviderToken nonAuthorizedRequestTokenWithoutCallbackForDenying = ServiceProviderToken.newRequestToken("Ga9zoo0Ger0oa0IuNaeShoh4eiShae6a") .tokenSecret("Zijae1XuoT5AYooneingi4NoXiw0uvee") .consumer(hardcodedConsumerWithoutCallback) ServiceProviderToken authorizedRequestTokenForSwapping = ServiceProviderToken.newRequestToken("5c09d8d4e50065eb49a05200035bd780") .tokenSecret("870abbc4847d9b5790cff56a2e9b8279") .consumer(hardcodedConsumer) ServiceProviderToken spareAuthorizedRequestToken = ServiceProviderToken.newRequestToken("6b10e9e5f61176fc50b16311146ce891") .tokenSecret("981bccd5958e0c6801daa67b3f0c9380") .consumer(hardcodedConsumer) ServiceProviderToken accessToken = ServiceProviderToken.newAccessToken("71b5607f60c0aae6161ce251dd55e8ed")
/** * The token string. */ public String getToken() { return token.getToken(); }