-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Toteuta frontend-polku minimitarkistuksin;
Backendin toteutus vielä puuttuu, mutta client_id:n ja redirect_uri:n oikeellisuudesta pidetään huolta.
- Loading branch information
1 parent
d9d81c5
commit 431ece4
Showing
24 changed files
with
1,908 additions
and
83 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -80,3 +80,5 @@ object CasAuthenticatingClient extends Logging { | |
} | ||
} | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
src/main/scala/fi/oph/koski/omadataoauth2/OmaDataOAuth2CASWorkaroundServlet.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package fi.oph.koski.omadataoauth2 | ||
|
||
import fi.oph.koski.config.{Environment, KoskiApplication} | ||
import fi.oph.koski.frontendvalvonta.FrontendValvontaMode | ||
import fi.oph.koski.koskiuser.KoskiSpecificAuthenticationSupport | ||
import fi.oph.koski.servlet.{OmaOpintopolkuSupport, OppijaHtmlServlet} | ||
import org.scalatra.ScalatraServlet | ||
|
||
// TODO: TOR-2210: Turhia kantaluokkia tässä? | ||
|
||
// Workaround: CAS-oppija ei päästä paluuosoitteessa olevia query-parametreja läpi. Ne on siksi base64url-enkoodattu path-parametriksi. | ||
class OmaDataOAuth2CASWorkaroundServlet(implicit val application: KoskiApplication) extends ScalatraServlet | ||
with OppijaHtmlServlet with KoskiSpecificAuthenticationSupport with OmaOpintopolkuSupport with OmaDataOAuth2Support with OmaDataOAuth2Config { | ||
|
||
val allowFrameAncestors: Boolean = !Environment.isServerEnvironment(application.config) | ||
val frontendValvontaMode: FrontendValvontaMode.FrontendValvontaMode = | ||
FrontendValvontaMode(application.config.getString("frontend-valvonta.mode")) | ||
|
||
get("/authorize/:base64UrlEnkoodattuPaluuosoitteenParametrilista")(nonce => { | ||
val decodedParameters = base64UrlDecode(params("base64UrlEnkoodattuPaluuosoitteenParametrilista")) | ||
val decodedUrl = s"/koski/omadata-oauth2/authorize?${decodedParameters}" | ||
|
||
redirect(decodedUrl) | ||
}) | ||
|
||
get("/post-response/:base64UrlEnkoodattuPaluuosoitteenParametrilista")(nonce => { | ||
val decodedParameters = base64UrlDecode(params("base64UrlEnkoodattuPaluuosoitteenParametrilista")) | ||
val decodedUrl = s"/koski/omadata-oauth2/post-response?${decodedParameters}" | ||
|
||
redirect(decodedUrl) | ||
}) | ||
} |
27 changes: 27 additions & 0 deletions
27
src/main/scala/fi/oph/koski/omadataoauth2/OmaDataOAuth2Config.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package fi.oph.koski.omadataoauth2 | ||
|
||
import com.typesafe.config.{Config => TypeSafeConfig} | ||
import fi.oph.koski.config.KoskiApplication | ||
import fi.oph.koski.log.Logging | ||
import scala.collection.JavaConverters._ | ||
|
||
|
||
trait OmaDataOAuth2Config extends Logging { | ||
def application: KoskiApplication | ||
protected def conf: TypeSafeConfig = application.config.getConfig("omadataoauth2") | ||
|
||
def hasConfigForClient(client_id: String): Boolean = getConfigOption(client_id).isDefined | ||
|
||
def hasRedirectUri(client_id: String, redirect_uri: String): Boolean = { | ||
getConfigOption(client_id) match { | ||
case Some(clientConfig) => | ||
clientConfig.getStringList("redirect_uris").asScala.contains(redirect_uri) | ||
case _ => false | ||
} | ||
} | ||
|
||
private def getConfigOption(client_id: String): Option[TypeSafeConfig] = { | ||
conf.getConfigList("clients").asScala.find(member => member.getString("client_id") == client_id) | ||
} | ||
|
||
} |
58 changes: 58 additions & 0 deletions
58
src/main/scala/fi/oph/koski/omadataoauth2/OmaDataOAuth2LogoutPostResponseServlet.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
package fi.oph.koski.omadataoauth2 | ||
|
||
import fi.oph.koski.config.{Environment, KoskiApplication} | ||
import fi.oph.koski.frontendvalvonta.FrontendValvontaMode | ||
import fi.oph.koski.servlet.{NoCache, OppijaHtmlServlet} | ||
import org.scalatra.ScalatraServlet | ||
import fi.oph.koski.util.JsStringInterpolation._ | ||
|
||
import scala.xml.NodeSeq | ||
|
||
// Julkinen servlet, joka tarvitaan, että CAS-oppija logoutin jälkeen voidaan ohjata käyttäjä URLeihin, joita CAS-oppijan | ||
// nykyiset redirect-regexpit eivät salli. | ||
class OmaDataOAuth2LogoutPostResponseServlet(implicit val application: KoskiApplication) extends ScalatraServlet with OppijaHtmlServlet with NoCache with OmaDataOAuth2Support { | ||
|
||
val allowFrameAncestors: Boolean = !Environment.isServerEnvironment(application.config) | ||
val frontendValvontaMode: FrontendValvontaMode.FrontendValvontaMode = | ||
FrontendValvontaMode(application.config.getString("frontend-valvonta.mode")) | ||
|
||
get("/")(nonce => { | ||
validateQueryClientParams() match { | ||
case Left(validationError) => | ||
logger.error(s"Internal error: ${validationError.loggedMessage}") | ||
halt(500) | ||
case Right(ClientInfo(clientId, redirectUri)) => | ||
val paramNames = Seq("redirect_uri", "code", "state", "error", "error_description", "error_uri") | ||
paramNames.foreach(n => logger.info(s"${n}: ${multiParams(n)}")) | ||
|
||
val inputParams = Seq( | ||
"state", | ||
"code", | ||
"error", | ||
"error_description", | ||
"error_uri" | ||
) | ||
|
||
<html lang={lang}> | ||
<head> | ||
<title> | ||
Submit This Form | ||
</title> | ||
<script nonce={nonce}> | ||
<!-- Workaround to autosubmit form after loading, since nonce cannot be specified for onload eventhandler. --> | ||
{jsAtom"const s = document.createElement('script'); s.src = '/koski/empty.js'; s.onload = () => { document.forms[0].submit(); }; document.documentElement.appendChild(s); "} | ||
</script> | ||
</head> | ||
<body> | ||
<form method="post" action={redirectUri}> | ||
{inputParams.map(renderInputIfParameterDefined)} | ||
</form> | ||
</body> | ||
</html> | ||
} | ||
}) | ||
|
||
private def renderInputIfParameterDefined(paramName: String) = { | ||
multiParams(paramName).headOption.map(v => <input type="hidden" name={paramName} value={v}/>).getOrElse(NodeSeq.Empty) | ||
} | ||
} |
Oops, something went wrong.