Wip
This commit is contained in:
Claude Brisson
@@ -16,7 +16,6 @@
|
||||
<description>PairGoth pairing system</description>
|
||||
<url>TODO</url>
|
||||
<properties>
|
||||
<pac4j.version>5.7.1</pac4j.version>
|
||||
<lucene.version>9.9.0</lucene.version>
|
||||
</properties>
|
||||
<build>
|
||||
@@ -184,9 +183,9 @@
|
||||
</dependency>
|
||||
<!-- auth -->
|
||||
<dependency>
|
||||
<groupId>org.pac4j</groupId>
|
||||
<artifactId>pac4j-oauth</artifactId>
|
||||
<version>${pac4j.version}</version>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>1.16.1</version>
|
||||
</dependency>
|
||||
<!-- logging -->
|
||||
<dependency>
|
||||
|
||||
@@ -6,7 +6,6 @@ import com.republicate.kson.Json
|
||||
import org.jeudego.pairgoth.web.WebappManager
|
||||
//import com.republicate.modality.util.AESCryptograph
|
||||
//import com.republicate.modality.util.Cryptograph
|
||||
import org.apache.commons.codec.binary.Base64
|
||||
import org.apache.http.NameValuePair
|
||||
import org.jeudego.pairgoth.util.AESCryptograph
|
||||
import org.jeudego.pairgoth.util.ApiClient.JsonApiClient
|
||||
@@ -14,8 +13,6 @@ import org.jeudego.pairgoth.util.Cryptograph
|
||||
import org.slf4j.Logger
|
||||
import org.slf4j.LoggerFactory
|
||||
import java.io.IOException
|
||||
import java.io.UnsupportedEncodingException
|
||||
import java.net.URLEncoder
|
||||
|
||||
abstract class OAuthHelper {
|
||||
abstract val name: String
|
||||
@@ -28,20 +25,22 @@ abstract class OAuthHelper {
|
||||
get() = WebappManager.getMandatoryProperty("webapp.external.url").removeSuffix("/") + "/oauth/${name}"
|
||||
|
||||
protected fun getState(sessionId: String): String {
|
||||
return name + ":" + encrypt(sessionId)
|
||||
return name + ":" + cryptograph.webEncrypt(sessionId)
|
||||
}
|
||||
|
||||
fun checkState(state: String, expectedSessionId: String): Boolean {
|
||||
val foundSessionId = decrypt(state)
|
||||
val foundSessionId = cryptograph.webDecrypt(state)
|
||||
return expectedSessionId == foundSessionId
|
||||
}
|
||||
|
||||
protected abstract fun getAccessTokenURL(code: String): Pair<String, List<NameValuePair>>
|
||||
|
||||
@Throws(IOException::class)
|
||||
fun getAccessToken(code: String): String {
|
||||
fun getAccessToken(sessionID: String, code: String): String {
|
||||
val (url, params) = getAccessTokenURL(code)
|
||||
val json = JsonApiClient.post(url, null, *params.toTypedArray()).asObject()
|
||||
val state = json.getString("state") ?: throw IOException("could not get state")
|
||||
if (!checkState(state, sessionID)) throw IOException("invalid state")
|
||||
return json.getString("access_token") ?: throw IOException("could not get access token")
|
||||
}
|
||||
|
||||
@@ -55,17 +54,8 @@ abstract class OAuthHelper {
|
||||
|
||||
companion object {
|
||||
protected var logger: Logger = LoggerFactory.getLogger("oauth")
|
||||
private const val salt = "0efd28fb53cbac42"
|
||||
private val sessionIdCrypto: Cryptograph = AESCryptograph().apply {
|
||||
init(salt)
|
||||
}
|
||||
|
||||
private fun encrypt(input: String): String {
|
||||
return Base64.encodeBase64URLSafeString(sessionIdCrypto.encrypt(input))
|
||||
}
|
||||
|
||||
private fun decrypt(input: String): String {
|
||||
return sessionIdCrypto.decrypt(Base64.decodeBase64(input))
|
||||
private val cryptograph: Cryptograph = AESCryptograph().apply {
|
||||
init("0efd28fb53cbac42")
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -34,7 +34,7 @@ class AuthFilter: Filter {
|
||||
if (auth == "oauth" && uri.startsWith("/oauth/")) {
|
||||
val provider = uri.substring("/oauth/".length)
|
||||
val helper = OauthHelperFactory.getHelper(provider)
|
||||
val accessToken = helper.getAccessToken(request.getParameter("code") ?: "")
|
||||
val accessToken = helper.getAccessToken(request.session.id, request.getParameter("code") ?: "")
|
||||
val user = helper.getUserInfos(accessToken)
|
||||
request.session.setAttribute("logged", user)
|
||||
response.sendRedirect("/index")
|
||||
|
||||
Reference in New Issue
Block a user