ziver/zutil
1
0
Fork 0
Code Issues Pull requests Activity Actions

Added more test cases for OAuth and fixed osme issues

Browse source
This commit is contained in:
Ziver Koc 2020-11-22 01:28:36 +01:00
parent f65cb0e4c4
commit 6f7510ce42
5 changed files with 334 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/zutil/Timer.java
View file

@ -40,10 +40,12 @@ public class Timer {
/**
* Creates a new timer that in reset state.
* Create a new timer that will timeout in a specified amount of time from now.
*
* @param millisecond the time in milliseconds that the timeout should happen.
*/
public Timer(long milisec){
this.period = milisec;
public Timer(long millisecond){
this.period = millisecond;
reset();
}

6
src/zutil/net/http/page/oauth/OAuth2Registry.java
View file

@ -144,6 +144,8 @@ public class OAuth2Registry {
ClientRegister reg = getClientRegistry(clientId);
if (reg != null) {
boolean b1 = reg.accessTokens.containsKey(token);
boolean b2 = reg.accessTokens.get(token).hasTimedOut();
return reg.accessTokens.containsKey(token) &&
!reg.accessTokens.get(token).hasTimedOut();
}
@ -161,7 +163,7 @@ public class OAuth2Registry {
ClientRegister reg = getClientRegistry(clientId);
if (reg != null) {
reg.authCodes.put(code, new Timer(timeoutMillis));
reg.authCodes.put(code, new Timer(timeoutMillis).start());
return timeoutMillis;
}
return -1;
@ -174,7 +176,7 @@ public class OAuth2Registry {
ClientRegister reg = getClientRegistry(clientId);
if (reg != null) {
reg.accessTokens.put(token, new Timer(timeoutMillis));
reg.accessTokens.put(token, new Timer(timeoutMillis).start());
return timeoutMillis;
}
return -1;

50
src/zutil/net/http/page/oauth/OAuth2TokenPage.java
View file

@ -81,20 +81,20 @@ public class OAuth2TokenPage extends HttpJsonPage {
/** The request is missing a required parameter, includes an unsupported parameter value (other than grant type),
repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the
client, or is otherwise malformed. **/
protected static final String ERROR_INVALID_REQUEST = "invalid_request";
private static final String ERROR_INVALID_REQUEST = "invalid_request";
/** Client authentication failed (e.g., unknown client, no client authentication included, or unsupported
authentication method). **/
protected static final String ERROR_INVALID_CLIENT = "invalid_client";
authentication method). **/
private static final String ERROR_INVALID_CLIENT = "invalid_client";
/** The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is
invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to
another client. **/
protected static final String ERROR_INVALID_GRANT = "invalid_grant";
private static final String ERROR_INVALID_GRANT = "invalid_grant";
/** The authenticated client is not authorized to use this authorization grant type. **/
protected static final String ERROR_UNAUTHORIZED_CLIENT = "unauthorized_client";
private static final String ERROR_UNAUTHORIZED_CLIENT = "unauthorized_client";
/** The authorization grant type is not supported by the authorization server. **/
protected static final String ERROR_UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
private static final String ERROR_UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
/** The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner. **/
protected static final String ERROR_INVALID_SCOPE = "invalid_scope";
private static final String ERROR_INVALID_SCOPE = "invalid_scope";
private Random random = new Random();
private OAuth2Registry registry;
@ -119,18 +119,48 @@ public class OAuth2TokenPage extends HttpJsonPage {
out.setHeader("Cache-Control", "no-store");
out.setHeader("Pragma", "no-cache");
// -----------------------------------------------
// Validate parameters
// -----------------------------------------------
DataNode jsonRes = new DataNode(DataNode.DataType.Map);
// Validate client_id
if (!request.containsKey("client_id"))
return errorResponse(out, ERROR_INVALID_REQUEST , request.get("state"), "Missing mandatory parameter client_id.");
return errorResponse(out, ERROR_INVALID_REQUEST , request.get("state"), "Missing mandatory parameter: client_id");
String clientId = request.get("client_id");
if (registry.isClientIdValid(clientId))
if (!registry.isClientIdValid(clientId))
return errorResponse(out, ERROR_INVALID_CLIENT , request.get("state"), "Invalid client_id value.");
// Validate code
if (!request.containsKey("code"))
return errorResponse(out, ERROR_INVALID_REQUEST , request.get("state"), "Missing mandatory parameter: code");
if (!registry.isAuthorizationCodeValid(clientId, request.get("code")))
return errorResponse(out, ERROR_INVALID_GRANT, request.get("state"), "Invalid authorization code value provided.");
return errorResponse(out, ERROR_INVALID_GRANT, request.get("state"), "Invalid authorization code value.");
// Validate redirect_uri
if (!request.containsKey("redirect_uri"))
return errorResponse(out, ERROR_INVALID_REQUEST , request.get("state"), "Missing mandatory parameter: redirect_uri");
// TODO: ensure that the "redirect_uri" parameter is present if the
// "redirect_uri" parameter was included in the initial authorization
// request as described in Section 4.1.1, and if included ensure that
// their values are identical.
// Validate grant_type
if (!request.containsKey("grant_type"))
return errorResponse(out, ERROR_INVALID_REQUEST , request.get("state"), "Missing mandatory parameter grant_type.");
// -----------------------------------------------
// Handle request
// -----------------------------------------------
String grantType = request.get("grant_type");