Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create an approved site when using device code flow #821

Open
wants to merge 49 commits into
base: develop
Choose a base branch
from
Open

Create an approved site when using device code flow #821

Show file tree
Hide file tree
Changes from 46 commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
058697b
Assign oidc-agent clients to whom approved it (#812)
federicaagostini Jul 25, 2024
19224bd
Fix Sonar issues
federicaagostini Jul 25, 2024
636f7b6
Add tests
federicaagostini Jul 25, 2024
6ee8e23
Restore IamOAuthConfirmationController class
federicaagostini Jul 25, 2024
e7d89e5
Add more tests
federicaagostini Jul 25, 2024
cc52027
Add some test
federicaagostini Jul 25, 2024
46ba6ad
Hopefully increase coverage
federicaagostini Jul 26, 2024
541bff2
Rename test class
federicaagostini Jul 31, 2024
df46a08
Fake commit to trigger Sonar
federicaagostini Jul 31, 2024
46dd366
Fix issues
federicaagostini Jul 31, 2024
100ff9d
Cosmetic fix
federicaagostini Jul 31, 2024
aa04ce1
Add approved sites when using device code flow
federicaagostini Jul 31, 2024
3dd7862
Add test
federicaagostini Jul 31, 2024
bf2b4a2
Remove issues
federicaagostini Jul 31, 2024
9ade9b1
Filter scope before device consent page
rmiccoli Aug 1, 2024
0e1954a
Hopefully fix tests
federicaagostini Aug 2, 2024
18d7c6a
Remove failing test
federicaagostini Aug 2, 2024
7fabb49
WIP: import device code approval phase in IAM
federicaagostini Aug 2, 2024
7781b7a
Change tests expectation
federicaagostini Aug 5, 2024
8a2cfd1
Use same consent logic as authz code flow
federicaagostini Aug 5, 2024
eb9690d
Fix tests
federicaagostini Aug 5, 2024
754cca5
Fix Sonar issues
federicaagostini Aug 6, 2024
e471749
Migrate TofuUserApprovalHandler class into IAM
federicaagostini Aug 6, 2024
ced7bfc
Use OAuth2 parameters
federicaagostini Aug 6, 2024
63aeda9
Fix Sonar issues
federicaagostini Aug 6, 2024
41df699
Improve coverage
federicaagostini Aug 6, 2024
911c1c3
Fix Sonar issues and improve coverage
federicaagostini Aug 7, 2024
732e487
Hopefully fix test
federicaagostini Aug 7, 2024
e333548
Fix Sonar issues
federicaagostini Aug 7, 2024
b4973c1
Cleanup
federicaagostini Aug 7, 2024
1bf90fd
Fix authZ code flow consent
federicaagostini Aug 7, 2024
cab9012
An already approved device code cannot be reused
federicaagostini Aug 7, 2024
e8d8f6b
Hopefully cleanup redundancy checks
federicaagostini Aug 7, 2024
2823adc
Small fixes
federicaagostini Aug 8, 2024
cd4b906
More tests
federicaagostini Aug 8, 2024
0204c94
Fix and add tests
federicaagostini Aug 8, 2024
337428a
Fix Sonar issue
federicaagostini Aug 8, 2024
d37f47f
Move scope filter into dedicated class
federicaagostini Aug 8, 2024
c3c77f1
Fix and add test
federicaagostini Aug 8, 2024
49dccc4
Change scope filter logic
federicaagostini Aug 8, 2024
eaaf0c6
Cleanup
federicaagostini Aug 8, 2024
e405c5d
Fix Sonar issue
federicaagostini Aug 8, 2024
af82375
One more test
federicaagostini Aug 9, 2024
c33c406
Correct sorting method and add tests
federicaagostini Aug 9, 2024
fefa959
Unify methods for showing info in consent page
federicaagostini Aug 12, 2024
b712586
Fix Sonar issues
federicaagostini Aug 12, 2024
f8ecfdd
Remove oidc-agent client linking
federicaagostini Oct 29, 2024
f682797
Rename test class
federicaagostini Oct 29, 2024
3795bd7
Remove unused import
federicaagostini Oct 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion iam-login-service/src/main/java/it/infn/mw/iam/IamLoginService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@

import org.mitre.discovery.web.DiscoveryEndpoint;
import org.mitre.oauth2.web.CorsFilter;
import org.mitre.oauth2.web.DeviceEndpoint;
import org.mitre.oauth2.web.OAuthConfirmationController;
import org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint;
import org.mitre.openid.connect.web.JWKSetPublishingEndpoint;
Expand Down Expand Up @@ -77,7 +78,9 @@
@ComponentScan.Filter(type=FilterType.ASSIGNABLE_TYPE,
value=CorsFilter.class),
@ComponentScan.Filter(type=FilterType.ASSIGNABLE_TYPE,
value=OAuthConfirmationController.class)
value=OAuthConfirmationController.class),
@ComponentScan.Filter(type=FilterType.ASSIGNABLE_TYPE,
value=DeviceEndpoint.class)
})
@EnableCaching
@EnableAutoConfiguration(
Expand Down
7 changes: 7 additions & 0 deletions iam-login-service/src/main/java/it/infn/mw/iam/config/IamConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;

Expand All @@ -55,6 +56,7 @@
import it.infn.mw.iam.api.account.AccountUtils;
import it.infn.mw.iam.authn.ExternalAuthenticationInfoProcessor;
import it.infn.mw.iam.core.oauth.IamIntrospectionResultAssembler;
import it.infn.mw.iam.core.oauth.IamUserApprovalHandler;
import it.infn.mw.iam.core.oauth.attributes.AttributeMapHelper;
import it.infn.mw.iam.core.oauth.profile.IamTokenEnhancer;
import it.infn.mw.iam.core.oauth.profile.JWTProfile;
Expand Down Expand Up @@ -307,6 +309,11 @@ ServletRegistrationBean<WebServlet> h2Console() {
UsernameValidator usernameRegExpValidator() {
return new UsernameValidator();
}

@Bean
UserApprovalHandler iamUserApprovalHandler() {
return new IamUserApprovalHandler();
}

@Bean(destroyMethod = "shutdown")
public ScheduledExecutorService taskScheduler() {
Expand Down
16 changes: 4 additions & 12 deletions iam-login-service/src/main/java/it/infn/mw/iam/config/MitreServicesConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,6 @@
import org.mitre.openid.connect.service.impl.MatchLoginHintsAgainstUsers;
import org.mitre.openid.connect.service.impl.UUIDPairwiseIdentiferService;
import org.mitre.openid.connect.token.ConnectTokenEnhancer;
import org.mitre.openid.connect.token.TofuUserApprovalHandler;
import org.mitre.openid.connect.web.AuthenticationTimeStamper;
import org.mitre.openid.connect.web.ServerConfigInterceptor;
import org.mitre.uma.service.ResourceSetService;
Expand All @@ -70,7 +69,6 @@
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.OAuth2RequestValidator;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
Expand Down Expand Up @@ -129,8 +127,9 @@ public ConfigurationPropertiesBean config(IamProperties properties) {

config.setForceHttps(false);
config.setLocale(Locale.ENGLISH);

config.setAllowCompleteDeviceCodeUri(properties.getDeviceCode().getAllowCompleteVerificationUri());

config
.setAllowCompleteDeviceCodeUri(properties.getDeviceCode().getAllowCompleteVerificationUri());

return config;
}
Expand Down Expand Up @@ -162,12 +161,6 @@ OAuth2RequestValidator requestValidator(ScopeMatcherRegistry registry) {
return new ScopeMatcherOAuthRequestValidator(registry);
}

@Bean
UserApprovalHandler tofuApprovalHandler() {

return new TofuUserApprovalHandler();
}

@Bean
OAuth2RequestFactory requestFactory(IamScopeFilter scopeFilter,
JWTProfileResolver profileResolver) {
Expand Down Expand Up @@ -203,8 +196,7 @@ public ServerConfigInterceptor serverConfigInterceptor() {
public FilterRegistrationBean<AuthorizationRequestFilter> disabledMitreFilterRegistration(
AuthorizationRequestFilter f) {

FilterRegistrationBean<AuthorizationRequestFilter> b =
new FilterRegistrationBean<>(f);
FilterRegistrationBean<AuthorizationRequestFilter> b = new FilterRegistrationBean<>(f);
b.setEnabled(false);
return b;
}
Expand Down
Loading
Loading