MaDgIK
/
uoa-login-core
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add revoke with refresh token method and remove deleteOldTokens

This commit is contained in:
Konstantinos Triantafyllou 2023-07-26 18:23:20 +03:00
parent 2d2796053d
commit c3c6d66d29
5 changed files with 20 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/eu/dnetlib/authentication/controllers/UserController.java
View File

@ -40,10 +40,10 @@ public class UserController {
return ResponseEntity.ok(this.userInfoService.getAccessToken(refreshToken)); return ResponseEntity.ok(this.userInfoService.getAccessToken(refreshToken));
} }
@RequestMapping(value = "/refresh", method = RequestMethod.DELETE) @RequestMapping(value = "/revoke", method = RequestMethod.POST)
@PreAuthorize("@SecurityService.hasRefreshToken()") @PreAuthorize("@SecurityService.hasRefreshToken()")
public void deleteOldRefreshToken() { public void revoke() {
this.userInfoService.deleteOldRefreshTokens(); this.userInfoService.revoke();
} }
@RequestMapping(value = "/redirect", method = RequestMethod.GET) @RequestMapping(value = "/redirect", method = RequestMethod.GET)

72
src/main/java/eu/dnetlib/authentication/entities/RefreshToken.java
View File

@ -1,72 +0,0 @@
package eu.dnetlib.authentication.entities;
import java.util.Arrays;
public class RefreshToken {
private String value;
private int id;
private String[] scopes;
private String clientId;
private String userId;
private String expiration;
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String[] getScopes() {
return scopes;
}
public void setScopes(String[] scopes) {
this.scopes = scopes;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getExpiration() {
return expiration;
}
public void setExpiration(String expiration) {
this.expiration = expiration;
}
@Override
public String toString() {
return "RefreshToken{" +
"value='" + value + '\'' +
", id=" + id +
", scopes=" + Arrays.toString(scopes) +
", clientId='" + clientId + '\'' +
", userId='" + userId + '\'' +
", expiration='" + expiration + '\'' +
'}';
}
}

2
src/main/java/eu/dnetlib/authentication/security/initiliazers/Configurations.java
View File

@ -54,7 +54,7 @@ public class Configurations {
serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token"); serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
serverConfiguration.setUserInfoUri(issuer + "/protocol/openid-connect/userinfo"); serverConfiguration.setUserInfoUri(issuer + "/protocol/openid-connect/userinfo");
serverConfiguration.setJwksUri(issuer + "/protocol/openid-connect/certs"); serverConfiguration.setJwksUri(issuer + "/protocol/openid-connect/certs");
serverConfiguration.setRevocationEndpointUri(issuer + "/revoke"); serverConfiguration.setRevocationEndpointUri(issuer + "/protocol/openid-connect/revoke");
} else { } else {
serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize"); serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize");
serverConfiguration.setTokenEndpointUri(issuer + "token"); serverConfiguration.setTokenEndpointUri(issuer + "token");

4
src/main/java/eu/dnetlib/authentication/security/oidc/OpenAIREAuthenticationFilter.java
View File

@ -33,8 +33,10 @@ public class OpenAIREAuthenticationFilter extends OIDCAuthenticationFilter {
final StringBuffer originalUrl = ((HttpServletRequest) getRequest()).getRequestURL(); final StringBuffer originalUrl = ((HttpServletRequest) getRequest()).getRequestURL();
if(originalUrl.toString().contains(OIDCAuthenticationFilter.FILTER_PROCESSES_URL)) { if(originalUrl.toString().contains(OIDCAuthenticationFilter.FILTER_PROCESSES_URL)) {
return new StringBuffer(properties.getOidc().getHome()); return new StringBuffer(properties.getOidc().getHome());
} else { } else if(properties.getOidc().getRedirect() != null){
return new StringBuffer(properties.getOidc().getRedirect()); return new StringBuffer(properties.getOidc().getRedirect());
} else {
return originalUrl;
} }
} }
}; };

36
src/main/java/eu/dnetlib/authentication/services/UserInfoService.java
View File

@ -1,7 +1,6 @@
package eu.dnetlib.authentication.services; package eu.dnetlib.authentication.services;
import eu.dnetlib.authentication.configuration.Properties; import eu.dnetlib.authentication.configuration.Properties;
import eu.dnetlib.authentication.entities.RefreshToken;
import eu.dnetlib.authentication.entities.TokenResponse; import eu.dnetlib.authentication.entities.TokenResponse;
import eu.dnetlib.authentication.entities.User; import eu.dnetlib.authentication.entities.User;
import eu.dnetlib.authentication.exception.ResourceNotFoundException; import eu.dnetlib.authentication.exception.ResourceNotFoundException;
@ -19,10 +18,6 @@ import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap; import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate; import org.springframework.web.client.RestTemplate;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
@Service @Service
public class UserInfoService { public class UserInfoService {
@ -65,29 +60,24 @@ public class UserInfoService {
return map; return map;
} }
public void deleteOldRefreshTokens() { public void revoke() {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
HttpHeaders headers = new HttpHeaders(); HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON); headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.set(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getAccessTokenValue()); HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(revokeTokenRequest(authentication.getRefreshTokenValue()), headers);
HttpEntity<Void> requestEntity = new HttpEntity<>(headers);
try { try {
ResponseEntity<RefreshToken[]> response = restTemplate.exchange(this.issuer + "/api/tokens/refresh/", HttpMethod.GET, requestEntity, RefreshToken[].class); restTemplate.exchange(server.getRevocationEndpointUri(), HttpMethod.POST, entity, String.class);
List<RefreshToken> old = Arrays.stream(response.getBody()).
filter(token -> !token.getValue().equals(authentication.getRefreshTokenValue())).collect(Collectors.toList());
for(RefreshToken token: old) {
try {
ResponseEntity<String> delete = restTemplate.exchange(this.issuer + "/api/tokens/refresh/" + token.getId(), HttpMethod.DELETE, requestEntity, String.class);
if (delete.getStatusCode() != HttpStatus.OK) {
logger.warn(delete.getStatusCode() + " - Something went wrong for token: " + token.getId());
}
} catch (Exception e) {
logger.warn("Couldn't delete token: " + token.getId());
}
}
} catch (Exception e) { } catch (Exception e) {
logger.error("Couldn't fetch refresh tokens"); logger.error("Couldn't revoke refresh Tokens");
} }
} }
public MultiValueMap<String, String> revokeTokenRequest(String refreshToken) {
MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
map.add("client_id", this.client.getClientId());
map.add("client_secret", this.client.getClientSecret());
map.add("token", refreshToken);
return map;
}
} }