Add revoke with refresh token method and remove deleteOldTokens
This commit is contained in:
parent
2d2796053d
commit
c3c6d66d29
|
@ -40,10 +40,10 @@ public class UserController {
|
||||||
return ResponseEntity.ok(this.userInfoService.getAccessToken(refreshToken));
|
return ResponseEntity.ok(this.userInfoService.getAccessToken(refreshToken));
|
||||||
}
|
}
|
||||||
|
|
||||||
@RequestMapping(value = "/refresh", method = RequestMethod.DELETE)
|
@RequestMapping(value = "/revoke", method = RequestMethod.POST)
|
||||||
@PreAuthorize("@SecurityService.hasRefreshToken()")
|
@PreAuthorize("@SecurityService.hasRefreshToken()")
|
||||||
public void deleteOldRefreshToken() {
|
public void revoke() {
|
||||||
this.userInfoService.deleteOldRefreshTokens();
|
this.userInfoService.revoke();
|
||||||
}
|
}
|
||||||
|
|
||||||
@RequestMapping(value = "/redirect", method = RequestMethod.GET)
|
@RequestMapping(value = "/redirect", method = RequestMethod.GET)
|
||||||
|
|
|
@ -1,72 +0,0 @@
|
||||||
package eu.dnetlib.authentication.entities;
|
|
||||||
|
|
||||||
import java.util.Arrays;
|
|
||||||
|
|
||||||
public class RefreshToken {
|
|
||||||
private String value;
|
|
||||||
private int id;
|
|
||||||
private String[] scopes;
|
|
||||||
private String clientId;
|
|
||||||
private String userId;
|
|
||||||
private String expiration;
|
|
||||||
|
|
||||||
public String getValue() {
|
|
||||||
return value;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setValue(String value) {
|
|
||||||
this.value = value;
|
|
||||||
}
|
|
||||||
|
|
||||||
public int getId() {
|
|
||||||
return id;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setId(int id) {
|
|
||||||
this.id = id;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String[] getScopes() {
|
|
||||||
return scopes;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setScopes(String[] scopes) {
|
|
||||||
this.scopes = scopes;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getClientId() {
|
|
||||||
return clientId;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setClientId(String clientId) {
|
|
||||||
this.clientId = clientId;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getUserId() {
|
|
||||||
return userId;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setUserId(String userId) {
|
|
||||||
this.userId = userId;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getExpiration() {
|
|
||||||
return expiration;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setExpiration(String expiration) {
|
|
||||||
this.expiration = expiration;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String toString() {
|
|
||||||
return "RefreshToken{" +
|
|
||||||
"value='" + value + '\'' +
|
|
||||||
", id=" + id +
|
|
||||||
", scopes=" + Arrays.toString(scopes) +
|
|
||||||
", clientId='" + clientId + '\'' +
|
|
||||||
", userId='" + userId + '\'' +
|
|
||||||
", expiration='" + expiration + '\'' +
|
|
||||||
'}';
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -54,7 +54,7 @@ public class Configurations {
|
||||||
serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
|
serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
|
||||||
serverConfiguration.setUserInfoUri(issuer + "/protocol/openid-connect/userinfo");
|
serverConfiguration.setUserInfoUri(issuer + "/protocol/openid-connect/userinfo");
|
||||||
serverConfiguration.setJwksUri(issuer + "/protocol/openid-connect/certs");
|
serverConfiguration.setJwksUri(issuer + "/protocol/openid-connect/certs");
|
||||||
serverConfiguration.setRevocationEndpointUri(issuer + "/revoke");
|
serverConfiguration.setRevocationEndpointUri(issuer + "/protocol/openid-connect/revoke");
|
||||||
} else {
|
} else {
|
||||||
serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize");
|
serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize");
|
||||||
serverConfiguration.setTokenEndpointUri(issuer + "token");
|
serverConfiguration.setTokenEndpointUri(issuer + "token");
|
||||||
|
|
|
@ -33,8 +33,10 @@ public class OpenAIREAuthenticationFilter extends OIDCAuthenticationFilter {
|
||||||
final StringBuffer originalUrl = ((HttpServletRequest) getRequest()).getRequestURL();
|
final StringBuffer originalUrl = ((HttpServletRequest) getRequest()).getRequestURL();
|
||||||
if(originalUrl.toString().contains(OIDCAuthenticationFilter.FILTER_PROCESSES_URL)) {
|
if(originalUrl.toString().contains(OIDCAuthenticationFilter.FILTER_PROCESSES_URL)) {
|
||||||
return new StringBuffer(properties.getOidc().getHome());
|
return new StringBuffer(properties.getOidc().getHome());
|
||||||
} else {
|
} else if(properties.getOidc().getRedirect() != null){
|
||||||
return new StringBuffer(properties.getOidc().getRedirect());
|
return new StringBuffer(properties.getOidc().getRedirect());
|
||||||
|
} else {
|
||||||
|
return originalUrl;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
package eu.dnetlib.authentication.services;
|
package eu.dnetlib.authentication.services;
|
||||||
|
|
||||||
import eu.dnetlib.authentication.configuration.Properties;
|
import eu.dnetlib.authentication.configuration.Properties;
|
||||||
import eu.dnetlib.authentication.entities.RefreshToken;
|
|
||||||
import eu.dnetlib.authentication.entities.TokenResponse;
|
import eu.dnetlib.authentication.entities.TokenResponse;
|
||||||
import eu.dnetlib.authentication.entities.User;
|
import eu.dnetlib.authentication.entities.User;
|
||||||
import eu.dnetlib.authentication.exception.ResourceNotFoundException;
|
import eu.dnetlib.authentication.exception.ResourceNotFoundException;
|
||||||
|
@ -19,10 +18,6 @@ import org.springframework.util.LinkedMultiValueMap;
|
||||||
import org.springframework.util.MultiValueMap;
|
import org.springframework.util.MultiValueMap;
|
||||||
import org.springframework.web.client.RestTemplate;
|
import org.springframework.web.client.RestTemplate;
|
||||||
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
|
|
||||||
@Service
|
@Service
|
||||||
public class UserInfoService {
|
public class UserInfoService {
|
||||||
|
|
||||||
|
@ -65,29 +60,24 @@ public class UserInfoService {
|
||||||
return map;
|
return map;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void deleteOldRefreshTokens() {
|
public void revoke() {
|
||||||
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
||||||
HttpHeaders headers = new HttpHeaders();
|
HttpHeaders headers = new HttpHeaders();
|
||||||
headers.setContentType(MediaType.APPLICATION_JSON);
|
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
|
||||||
headers.set(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getAccessTokenValue());
|
HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(revokeTokenRequest(authentication.getRefreshTokenValue()), headers);
|
||||||
HttpEntity<Void> requestEntity = new HttpEntity<>(headers);
|
|
||||||
try {
|
try {
|
||||||
ResponseEntity<RefreshToken[]> response = restTemplate.exchange(this.issuer + "/api/tokens/refresh/", HttpMethod.GET, requestEntity, RefreshToken[].class);
|
restTemplate.exchange(server.getRevocationEndpointUri(), HttpMethod.POST, entity, String.class);
|
||||||
List<RefreshToken> old = Arrays.stream(response.getBody()).
|
|
||||||
filter(token -> !token.getValue().equals(authentication.getRefreshTokenValue())).collect(Collectors.toList());
|
|
||||||
for(RefreshToken token: old) {
|
|
||||||
try {
|
|
||||||
ResponseEntity<String> delete = restTemplate.exchange(this.issuer + "/api/tokens/refresh/" + token.getId(), HttpMethod.DELETE, requestEntity, String.class);
|
|
||||||
if (delete.getStatusCode() != HttpStatus.OK) {
|
|
||||||
logger.warn(delete.getStatusCode() + " - Something went wrong for token: " + token.getId());
|
|
||||||
}
|
|
||||||
} catch (Exception e) {
|
|
||||||
logger.warn("Couldn't delete token: " + token.getId());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Couldn't fetch refresh tokens");
|
logger.error("Couldn't revoke refresh Tokens");
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public MultiValueMap<String, String> revokeTokenRequest(String refreshToken) {
|
||||||
|
MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
|
||||||
|
map.add("client_id", this.client.getClientId());
|
||||||
|
map.add("client_secret", this.client.getClientSecret());
|
||||||
|
map.add("token", refreshToken);
|
||||||
|
return map;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue