diff --git a/src/main/java/org/gcube/portlet/user/my_vres/client/GetParameters.java b/src/main/java/org/gcube/portlet/user/my_vres/client/GetParameters.java index 40f0387..43a350d 100644 --- a/src/main/java/org/gcube/portlet/user/my_vres/client/GetParameters.java +++ b/src/main/java/org/gcube/portlet/user/my_vres/client/GetParameters.java @@ -5,17 +5,14 @@ public class GetParameters { String state; String context; String clientId; - String clientSecret; - - public GetParameters(String redirectURI, String state, String context, String clientId, String clientSecret) { + public GetParameters(String redirectURI, String state, String context, String clientId) { super(); this.redirectURI = redirectURI; this.state = state; this.context = context; this.clientId = clientId; - this.clientSecret = clientSecret; } public String getRedirectURI() { @@ -34,14 +31,10 @@ public class GetParameters { return clientId; } - public String getClientSecret() { - return clientSecret; - } - @Override public String toString() { return "GetParameters [redirectURI=" + redirectURI + ", state=" + state + ", context=" + context + ", clientId=" - + clientId + ", clientSecret=" + clientSecret + "]"; + + clientId + "]"; } diff --git a/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREs.java b/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREs.java index 72be32b..951449e 100644 --- a/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREs.java +++ b/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREs.java @@ -49,7 +49,7 @@ public class MyVREs implements EntryPoint { RootPanel.get("myVREsDIV").add(new VresPanel(params)); } else { - myVREsService.getUserToken(params.context, params.state, params.clientId, params.clientSecret, new AsyncCallback() { + myVREsService.getUserToken(params.context, params.state, params.clientId, params.redirectURI, new AsyncCallback() { @Override public void onSuccess(AuthorizationBean result) { if (result.isSuccess()) { @@ -80,8 +80,7 @@ public class MyVREs implements EntryPoint { String state = Window.Location.getParameter(GET_STATE_PARAMETER); String context = Window.Location.getParameter(GET_CONTEXT_PARAMETER); String clientId = Window.Location.getParameter(GET_CLIENT_ID_PARAMETER); - String clientSecret = Window.Location.getParameter(GET_CLIENT_SECRET_PARAMETER); - return new GetParameters(redirectURI, state, context, clientId, clientSecret); + return new GetParameters(redirectURI, state, context, clientId); } } diff --git a/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsService.java b/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsService.java index c277bd2..30d2023 100644 --- a/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsService.java +++ b/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsService.java @@ -18,5 +18,5 @@ public interface MyVREsService extends RemoteService { String getSiteLandingPagePath(); - AuthorizationBean getUserToken(String context, String state, String clientId, String clientSecret); + AuthorizationBean getUserToken(String context, String state, String clientId, String authorisedRedirectURL); } diff --git a/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsServiceAsync.java b/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsServiceAsync.java index e495187..d4620ff 100644 --- a/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsServiceAsync.java +++ b/src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsServiceAsync.java @@ -15,7 +15,7 @@ public interface MyVREsServiceAsync { void getSiteLandingPagePath(AsyncCallback callback); - void getUserToken(String context, String state, String clientId, String clientSecret, + void getUserToken(String context, String state, String clientId, String authorisedRedirectURI, AsyncCallback callback); } diff --git a/src/main/java/org/gcube/portlet/user/my_vres/client/widgets/ClickableVRE.java b/src/main/java/org/gcube/portlet/user/my_vres/client/widgets/ClickableVRE.java index 68bda49..e3b0274 100644 --- a/src/main/java/org/gcube/portlet/user/my_vres/client/widgets/ClickableVRE.java +++ b/src/main/java/org/gcube/portlet/user/my_vres/client/widgets/ClickableVRE.java @@ -62,7 +62,7 @@ public class ClickableVRE extends HTML { if (params != null) { addClickHandler(new ClickHandler() { public void onClick(ClickEvent event) { - myVREsService.getUserToken(vre.getContext(), params.getState(), params.getClientId(), params.getClientSecret(), new AsyncCallback() { + myVREsService.getUserToken(vre.getContext(), params.getState(), params.getClientId(), params.getRedirectURI(), new AsyncCallback() { @Override public void onSuccess(AuthorizationBean result) { if (result.isSuccess()) { diff --git a/src/main/java/org/gcube/portlet/user/my_vres/server/MyVREsServiceImpl.java b/src/main/java/org/gcube/portlet/user/my_vres/server/MyVREsServiceImpl.java index be4dac1..a6fc37e 100644 --- a/src/main/java/org/gcube/portlet/user/my_vres/server/MyVREsServiceImpl.java +++ b/src/main/java/org/gcube/portlet/user/my_vres/server/MyVREsServiceImpl.java @@ -10,7 +10,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.gcube.common.encryption.StringEncrypter; import org.gcube.common.portal.GCubePortalConstants; import org.gcube.common.portal.PortalContext; import org.gcube.common.resources.gcore.ServiceEndpoint; @@ -51,10 +50,14 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements MyVREsSer * */ public static final String CACHED_VOS = "CACHED_VRES"; + /** + * needed when querying for authorised services in authentication + */ + public static final String REDIRECT_URL = "RedirectURL"; + private static final String SERVICE_ENDPOINT_CATEGORY = "OnlineService"; public static final String ADD_MORE_CATEGORY = "Add More"; public static final String ADD_MORE_IMAGE_PATH= "images/More.png"; - private static final String SERVICE_ENDPOINT_CATEGORY = "Portal"; @Override public String getSiteLandingPagePath() { @@ -257,20 +260,25 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements MyVREsSer } @Override - public AuthorizationBean getUserToken(String context, String state, String clientId, String clientSecret) { + public AuthorizationBean getUserToken(String context, String state, String clientId, String redirectURL) { if (clientId == null || clientId.compareTo("")== 0) { return new AuthorizationBean(null, null, false, "client_id is null, you MUST register your application to allow users connect with their D4Science Credentials"); } - if (clientSecret == null || clientSecret.compareTo("")== 0) { - return new AuthorizationBean(null, null, false, "client_secret is null, you MUST pass the clientSecret related to your client_id registered application to allow users connect with their D4Science Credentials"); + if (redirectURL == null || redirectURL.compareTo("")== 0) { + return new AuthorizationBean(null, null, false, "authorised redirect URL is null, you MUST pass the authorisedRedirectURI related to your client_id registered application to allow users connect with their D4Science Credentials"); } - String registeredClientSecret = getClientSecretFromIs(clientId); - if (registeredClientSecret == null) { - return new AuthorizationBean(null, null, false, "Your client_id ("+ clientId +") is not registered in the infrastructure, you MUST register your client_id to allow users connect with their D4Science Credentials"); - } - if (registeredClientSecret.compareTo(clientSecret)!=0) { - return new AuthorizationBean(null, null, false, "The client_secret for clientId ("+ clientId +"), does not match"); + List authorisedRedirectURLs = getAuthorisedRedirectURLsFromIs(clientId); + if (authorisedRedirectURLs == null || authorisedRedirectURLs.isEmpty()) { + return new AuthorizationBean(null, null, false, "Your application ("+ clientId + ") is not registered or there are no authorised redirect URLs registered for your application"); } + boolean urlAuthorised = false; + for (String authorisedURL : authorisedRedirectURLs) + if (authorisedURL.compareTo(redirectURL)==0) { + urlAuthorised = true; + break; + } + if (! urlAuthorised) + return new AuthorizationBean(null, null, false, "Invalid redirect URL. This value must match a URL registered with the clientId: " + clientId); if (state == null || state.compareTo("")== 0) { return new AuthorizationBean(null, null, false, "State is null, please use a unique string value of your choice that is hard to guess (e.g. state=7d12bf13-111c-4f46-ab06-9e9e08ad377b). Used to prevent CSRF attacks"); } @@ -312,13 +320,13 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements MyVREsSer } //TODO: check the query, it doesn work - private List getPortalConfigurationFromIS(String infrastructureName, String gatewayName) throws Exception { + private List getPortalConfigurationFromIS(String infrastructureName, String clientId) throws Exception { String scope = "/" + infrastructureName; String currScope = ScopeProvider.instance.get(); ScopeProvider.instance.set(scope); SimpleQuery query = queryFor(ServiceEndpoint.class); query.addCondition("$resource/Profile/Category/text() eq '"+ SERVICE_ENDPOINT_CATEGORY +"'"); - query.addCondition("$resource/Profile/Name/text() eq '"+ gatewayName +"'"); + query.addCondition("$resource/Profile/Name/text() eq '"+ clientId +"'"); DiscoveryClient client = clientFor(ServiceEndpoint.class); List toReturn = client.submit(query); ScopeProvider.instance.set(currScope); @@ -330,37 +338,26 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements MyVREsSer * @param clientId * @return the client secret related to the id, or null if non existent */ - private String getClientSecretFromIs(String clientId) { + private List getAuthorisedRedirectURLsFromIs(String clientId) { PortalContext pContext = PortalContext.getConfiguration(); - String gatewayName = pContext.getGatewayName(getThreadLocalRequest()); String scope = "/"+pContext.getInfrastructureName(); + List autRedirectURLs = new ArrayList<>(); try { - List list = getPortalConfigurationFromIS(pContext.getInfrastructureName(), gatewayName); + List list = getPortalConfigurationFromIS(pContext.getInfrastructureName(), clientId); if (list.size() > 1) { - _log.error("Too many Service Endpoints having name " + gatewayName +" in this scope having Category " + SERVICE_ENDPOINT_CATEGORY); + _log.error("Too many Service Endpoints having name " + clientId +" in this scope having Category " + SERVICE_ENDPOINT_CATEGORY); } else if (list.size() == 0){ - _log.warn("There is no Service Endpoint having name " + gatewayName +" and Category " + SERVICE_ENDPOINT_CATEGORY + " in this scope: " + scope); + _log.warn("There is no Service Endpoint having name " + clientId +" and Category " + SERVICE_ENDPOINT_CATEGORY + " in this scope: " + scope); } else { for (ServiceEndpoint res : list) { Group apGroup = res.profile().accessPoints(); AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]); for (int i = 0; i < accessPoints.length; i++) { - if (accessPoints[i].name().compareTo(clientId) == 0) { - _log.info("Found credentials for " + clientId); + if (accessPoints[i].name().compareTo(REDIRECT_URL) == 0) { AccessPoint found = accessPoints[i]; - //String thumbnailURL = found.address(); - String encrPassword = found.password(); - String clientSecret = ""; - try { - clientSecret = StringEncrypter.getEncrypter().decrypt( encrPassword); - _log.debug("clientSecret for " + clientId + " found"); - return clientSecret; - } catch (Exception e) { - _log.error("Something went wrong while decrypting password for " + clientId); - e.printStackTrace(); - } + autRedirectURLs.add(found.address()); } } } @@ -369,7 +366,7 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements MyVREsSer e.printStackTrace(); return null; } - return null; + return autRedirectURLs; } } \ No newline at end of file