Add revoke with refresh token method and remove deleteOldTokens
This commit is contained in:
parent
2d2796053d
commit
c3c6d66d29
|
|
@ -40,10 +40,10 @@ public class UserController {
|
|||
return ResponseEntity.ok(this.userInfoService.getAccessToken(refreshToken));
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/refresh", method = RequestMethod.DELETE)
|
||||
@RequestMapping(value = "/revoke", method = RequestMethod.POST)
|
||||
@PreAuthorize("@SecurityService.hasRefreshToken()")
|
||||
public void deleteOldRefreshToken() {
|
||||
this.userInfoService.deleteOldRefreshTokens();
|
||||
public void revoke() {
|
||||
this.userInfoService.revoke();
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/redirect", method = RequestMethod.GET)
|
||||
|
|
|
|||
|
|
@ -1,72 +0,0 @@
|
|||
package eu.dnetlib.authentication.entities;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
public class RefreshToken {
|
||||
private String value;
|
||||
private int id;
|
||||
private String[] scopes;
|
||||
private String clientId;
|
||||
private String userId;
|
||||
private String expiration;
|
||||
|
||||
public String getValue() {
|
||||
return value;
|
||||
}
|
||||
|
||||
public void setValue(String value) {
|
||||
this.value = value;
|
||||
}
|
||||
|
||||
public int getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(int id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public String[] getScopes() {
|
||||
return scopes;
|
||||
}
|
||||
|
||||
public void setScopes(String[] scopes) {
|
||||
this.scopes = scopes;
|
||||
}
|
||||
|
||||
public String getClientId() {
|
||||
return clientId;
|
||||
}
|
||||
|
||||
public void setClientId(String clientId) {
|
||||
this.clientId = clientId;
|
||||
}
|
||||
|
||||
public String getUserId() {
|
||||
return userId;
|
||||
}
|
||||
|
||||
public void setUserId(String userId) {
|
||||
this.userId = userId;
|
||||
}
|
||||
|
||||
public String getExpiration() {
|
||||
return expiration;
|
||||
}
|
||||
|
||||
public void setExpiration(String expiration) {
|
||||
this.expiration = expiration;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "RefreshToken{" +
|
||||
"value='" + value + '\'' +
|
||||
", id=" + id +
|
||||
", scopes=" + Arrays.toString(scopes) +
|
||||
", clientId='" + clientId + '\'' +
|
||||
", userId='" + userId + '\'' +
|
||||
", expiration='" + expiration + '\'' +
|
||||
'}';
|
||||
}
|
||||
}
|
||||
|
|
@ -54,7 +54,7 @@ public class Configurations {
|
|||
serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
|
||||
serverConfiguration.setUserInfoUri(issuer + "/protocol/openid-connect/userinfo");
|
||||
serverConfiguration.setJwksUri(issuer + "/protocol/openid-connect/certs");
|
||||
serverConfiguration.setRevocationEndpointUri(issuer + "/revoke");
|
||||
serverConfiguration.setRevocationEndpointUri(issuer + "/protocol/openid-connect/revoke");
|
||||
} else {
|
||||
serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize");
|
||||
serverConfiguration.setTokenEndpointUri(issuer + "token");
|
||||
|
|
|
|||
|
|
@ -33,8 +33,10 @@ public class OpenAIREAuthenticationFilter extends OIDCAuthenticationFilter {
|
|||
final StringBuffer originalUrl = ((HttpServletRequest) getRequest()).getRequestURL();
|
||||
if(originalUrl.toString().contains(OIDCAuthenticationFilter.FILTER_PROCESSES_URL)) {
|
||||
return new StringBuffer(properties.getOidc().getHome());
|
||||
} else {
|
||||
} else if(properties.getOidc().getRedirect() != null){
|
||||
return new StringBuffer(properties.getOidc().getRedirect());
|
||||
} else {
|
||||
return originalUrl;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
package eu.dnetlib.authentication.services;
|
||||
|
||||
import eu.dnetlib.authentication.configuration.Properties;
|
||||
import eu.dnetlib.authentication.entities.RefreshToken;
|
||||
import eu.dnetlib.authentication.entities.TokenResponse;
|
||||
import eu.dnetlib.authentication.entities.User;
|
||||
import eu.dnetlib.authentication.exception.ResourceNotFoundException;
|
||||
|
|
@ -19,10 +18,6 @@ import org.springframework.util.LinkedMultiValueMap;
|
|||
import org.springframework.util.MultiValueMap;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Service
|
||||
public class UserInfoService {
|
||||
|
||||
|
|
@ -65,29 +60,24 @@ public class UserInfoService {
|
|||
return map;
|
||||
}
|
||||
|
||||
public void deleteOldRefreshTokens() {
|
||||
public void revoke() {
|
||||
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.setContentType(MediaType.APPLICATION_JSON);
|
||||
headers.set(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getAccessTokenValue());
|
||||
HttpEntity<Void> requestEntity = new HttpEntity<>(headers);
|
||||
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
|
||||
HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(revokeTokenRequest(authentication.getRefreshTokenValue()), headers);
|
||||
try {
|
||||
ResponseEntity<RefreshToken[]> response = restTemplate.exchange(this.issuer + "/api/tokens/refresh/", HttpMethod.GET, requestEntity, RefreshToken[].class);
|
||||
List<RefreshToken> old = Arrays.stream(response.getBody()).
|
||||
filter(token -> !token.getValue().equals(authentication.getRefreshTokenValue())).collect(Collectors.toList());
|
||||
for(RefreshToken token: old) {
|
||||
try {
|
||||
ResponseEntity<String> delete = restTemplate.exchange(this.issuer + "/api/tokens/refresh/" + token.getId(), HttpMethod.DELETE, requestEntity, String.class);
|
||||
if (delete.getStatusCode() != HttpStatus.OK) {
|
||||
logger.warn(delete.getStatusCode() + " - Something went wrong for token: " + token.getId());
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.warn("Couldn't delete token: " + token.getId());
|
||||
}
|
||||
}
|
||||
restTemplate.exchange(server.getRevocationEndpointUri(), HttpMethod.POST, entity, String.class);
|
||||
} catch (Exception e) {
|
||||
logger.error("Couldn't fetch refresh tokens");
|
||||
logger.error("Couldn't revoke refresh Tokens");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public MultiValueMap<String, String> revokeTokenRequest(String refreshToken) {
|
||||
MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
|
||||
map.add("client_id", this.client.getClientId());
|
||||
map.add("client_secret", this.client.getClientSecret());
|
||||
map.add("token", refreshToken);
|
||||
return map;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue