From c3c6d66d29d8ae4c9c3f827d63f4c0a16a0f521b Mon Sep 17 00:00:00 2001 From: "k.triantafyllou" Date: Wed, 26 Jul 2023 18:23:20 +0300 Subject: [PATCH] Add revoke with refresh token method and remove deleteOldTokens --- .../controllers/UserController.java | 6 +- .../authentication/entities/RefreshToken.java | 72 ------------------- .../security/initiliazers/Configurations.java | 2 +- .../oidc/OpenAIREAuthenticationFilter.java | 4 +- .../services/UserInfoService.java | 36 ++++------ 5 files changed, 20 insertions(+), 100 deletions(-) delete mode 100644 src/main/java/eu/dnetlib/authentication/entities/RefreshToken.java diff --git a/src/main/java/eu/dnetlib/authentication/controllers/UserController.java b/src/main/java/eu/dnetlib/authentication/controllers/UserController.java index cbfe5e0..5fdc3d9 100644 --- a/src/main/java/eu/dnetlib/authentication/controllers/UserController.java +++ b/src/main/java/eu/dnetlib/authentication/controllers/UserController.java @@ -40,10 +40,10 @@ public class UserController { return ResponseEntity.ok(this.userInfoService.getAccessToken(refreshToken)); } - @RequestMapping(value = "/refresh", method = RequestMethod.DELETE) + @RequestMapping(value = "/revoke", method = RequestMethod.POST) @PreAuthorize("@SecurityService.hasRefreshToken()") - public void deleteOldRefreshToken() { - this.userInfoService.deleteOldRefreshTokens(); + public void revoke() { + this.userInfoService.revoke(); } @RequestMapping(value = "/redirect", method = RequestMethod.GET) diff --git a/src/main/java/eu/dnetlib/authentication/entities/RefreshToken.java b/src/main/java/eu/dnetlib/authentication/entities/RefreshToken.java deleted file mode 100644 index 8498ea8..0000000 --- a/src/main/java/eu/dnetlib/authentication/entities/RefreshToken.java +++ /dev/null @@ -1,72 +0,0 @@ -package eu.dnetlib.authentication.entities; - -import java.util.Arrays; - -public class RefreshToken { - private String value; - private int id; - private String[] scopes; - private String clientId; - private String userId; - private String expiration; - - public String getValue() { - return value; - } - - public void setValue(String value) { - this.value = value; - } - - public int getId() { - return id; - } - - public void setId(int id) { - this.id = id; - } - - public String[] getScopes() { - return scopes; - } - - public void setScopes(String[] scopes) { - this.scopes = scopes; - } - - public String getClientId() { - return clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - - public String getUserId() { - return userId; - } - - public void setUserId(String userId) { - this.userId = userId; - } - - public String getExpiration() { - return expiration; - } - - public void setExpiration(String expiration) { - this.expiration = expiration; - } - - @Override - public String toString() { - return "RefreshToken{" + - "value='" + value + '\'' + - ", id=" + id + - ", scopes=" + Arrays.toString(scopes) + - ", clientId='" + clientId + '\'' + - ", userId='" + userId + '\'' + - ", expiration='" + expiration + '\'' + - '}'; - } -} diff --git a/src/main/java/eu/dnetlib/authentication/security/initiliazers/Configurations.java b/src/main/java/eu/dnetlib/authentication/security/initiliazers/Configurations.java index 6f31574..980f4cf 100644 --- a/src/main/java/eu/dnetlib/authentication/security/initiliazers/Configurations.java +++ b/src/main/java/eu/dnetlib/authentication/security/initiliazers/Configurations.java @@ -54,7 +54,7 @@ public class Configurations { serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token"); serverConfiguration.setUserInfoUri(issuer + "/protocol/openid-connect/userinfo"); serverConfiguration.setJwksUri(issuer + "/protocol/openid-connect/certs"); - serverConfiguration.setRevocationEndpointUri(issuer + "/revoke"); + serverConfiguration.setRevocationEndpointUri(issuer + "/protocol/openid-connect/revoke"); } else { serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize"); serverConfiguration.setTokenEndpointUri(issuer + "token"); diff --git a/src/main/java/eu/dnetlib/authentication/security/oidc/OpenAIREAuthenticationFilter.java b/src/main/java/eu/dnetlib/authentication/security/oidc/OpenAIREAuthenticationFilter.java index 2d40da6..c802330 100644 --- a/src/main/java/eu/dnetlib/authentication/security/oidc/OpenAIREAuthenticationFilter.java +++ b/src/main/java/eu/dnetlib/authentication/security/oidc/OpenAIREAuthenticationFilter.java @@ -33,8 +33,10 @@ public class OpenAIREAuthenticationFilter extends OIDCAuthenticationFilter { final StringBuffer originalUrl = ((HttpServletRequest) getRequest()).getRequestURL(); if(originalUrl.toString().contains(OIDCAuthenticationFilter.FILTER_PROCESSES_URL)) { return new StringBuffer(properties.getOidc().getHome()); - } else { + } else if(properties.getOidc().getRedirect() != null){ return new StringBuffer(properties.getOidc().getRedirect()); + } else { + return originalUrl; } } }; diff --git a/src/main/java/eu/dnetlib/authentication/services/UserInfoService.java b/src/main/java/eu/dnetlib/authentication/services/UserInfoService.java index 38c513a..eb7e2cb 100644 --- a/src/main/java/eu/dnetlib/authentication/services/UserInfoService.java +++ b/src/main/java/eu/dnetlib/authentication/services/UserInfoService.java @@ -1,7 +1,6 @@ package eu.dnetlib.authentication.services; import eu.dnetlib.authentication.configuration.Properties; -import eu.dnetlib.authentication.entities.RefreshToken; import eu.dnetlib.authentication.entities.TokenResponse; import eu.dnetlib.authentication.entities.User; import eu.dnetlib.authentication.exception.ResourceNotFoundException; @@ -19,10 +18,6 @@ import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.client.RestTemplate; -import java.util.Arrays; -import java.util.List; -import java.util.stream.Collectors; - @Service public class UserInfoService { @@ -65,29 +60,24 @@ public class UserInfoService { return map; } - public void deleteOldRefreshTokens() { + public void revoke() { OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); HttpHeaders headers = new HttpHeaders(); - headers.setContentType(MediaType.APPLICATION_JSON); - headers.set(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getAccessTokenValue()); - HttpEntity requestEntity = new HttpEntity<>(headers); + headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); + HttpEntity> entity = new HttpEntity<>(revokeTokenRequest(authentication.getRefreshTokenValue()), headers); try { - ResponseEntity response = restTemplate.exchange(this.issuer + "/api/tokens/refresh/", HttpMethod.GET, requestEntity, RefreshToken[].class); - List old = Arrays.stream(response.getBody()). - filter(token -> !token.getValue().equals(authentication.getRefreshTokenValue())).collect(Collectors.toList()); - for(RefreshToken token: old) { - try { - ResponseEntity delete = restTemplate.exchange(this.issuer + "/api/tokens/refresh/" + token.getId(), HttpMethod.DELETE, requestEntity, String.class); - if (delete.getStatusCode() != HttpStatus.OK) { - logger.warn(delete.getStatusCode() + " - Something went wrong for token: " + token.getId()); - } - } catch (Exception e) { - logger.warn("Couldn't delete token: " + token.getId()); - } - } + restTemplate.exchange(server.getRevocationEndpointUri(), HttpMethod.POST, entity, String.class); } catch (Exception e) { - logger.error("Couldn't fetch refresh tokens"); + logger.error("Couldn't revoke refresh Tokens"); } } + + public MultiValueMap revokeTokenRequest(String refreshToken) { + MultiValueMap map = new LinkedMultiValueMap<>(); + map.add("client_id", this.client.getClientId()); + map.add("client_secret", this.client.getClientSecret()); + map.add("token", refreshToken); + return map; + } }