Package org.apache.shindig.social.opensocial.oauth

Examples of org.apache.shindig.social.opensocial.oauth.OAuthEntry


    verify();
  }

  @Test
  public void testVerifyFailTokenIsRequest() throws Exception {
    OAuthEntry authEntry = createOAuthEntry();
    authEntry.setType(OAuthEntry.Type.REQUEST);
    expectTokenEntry(authEntry);
    expectConsumer();
    replay();
    HttpServletRequest request = formEncodedPost.sign(TOKEN,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
View Full Code Here


    verify();
  }

  @Test
  public void testVerifyFailTokenIsExpired() throws Exception {
    OAuthEntry authEntry = createOAuthEntry();
    authEntry.setIssueTime(new Date(System.currentTimeMillis()
        - (OAuthEntry.ONE_YEAR + 1)));
    authEntry.setType(OAuthEntry.Type.REQUEST);
    expectTokenEntry(authEntry);
    expectConsumer();
    replay();
    HttpServletRequest request = formEncodedPost.sign(TOKEN,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
View Full Code Here

    }
  }

  protected SecurityToken verifyMessage(OAuthMessage message)
    throws OAuthProblemException {
    OAuthEntry entry = getOAuthEntry(message);
    OAuthConsumer authConsumer = getConsumer(message);

    OAuthAccessor accessor = new OAuthAccessor(authConsumer);

    if (entry != null) {
      accessor.tokenSecret = entry.getTokenSecret();
      accessor.accessToken = entry.getToken();
    }

    try {
      validator.validateMessage(message, accessor);
    } catch (OAuthProblemException e) {
View Full Code Here

    }
    return getTokenFromVerifiedRequest(message, entry, authConsumer);
  }

  protected OAuthEntry getOAuthEntry(OAuthMessage message) throws OAuthProblemException {
    OAuthEntry entry = null;
    String token = getParameter(message, OAuth.OAUTH_TOKEN);
    if (!Strings.isNullOrEmpty(token))  {
      entry = store.getEntry(token);
      if (entry == null) {
        OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "cannot find token");
        throw e;
      } else if (entry.getType() != OAuthEntry.Type.ACCESS) {
        OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "token is not an access token");
        throw e;
      } else if (entry.isExpired()) {
        throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
      }
    }
    return entry;
  }
View Full Code Here

    if (callback == null) {
      callback = "oob";
    }

    // generate request_token and secret
    OAuthEntry entry = dataStore.generateRequestToken(consumerKey,
                                                      requestMessage.getParameter(OAuth.OAUTH_VERSION), callback);

    List<Parameter> responseParams = OAuth.newList(OAuth.OAUTH_TOKEN, entry.getToken(),
                                                   OAuth.OAUTH_TOKEN_SECRET, entry.getTokenSecret());
    if (callback != null) {
      responseParams.add(new Parameter(OAuth.OAUTH_CALLBACK_CONFIRMED, "true"));
    }
    sendResponse(servletResponse, responseParams);
  }
View Full Code Here

    if (requestMessage.getToken() == null) {
      // MALFORMED REQUEST
      servletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Authentication token not found");
      return;
    }
    OAuthEntry entry = dataStore.getEntry(requestMessage.getToken());

    if (entry == null) {
      servletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "OAuth Entry not found");
      return;
    }

    OAuthConsumer consumer = dataStore.getConsumer(entry.getConsumerKey());

    // Extremely rare case where consumer dissappears
    if (consumer == null) {
      servletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "consumer for entry not found");
      return;
    }

    // The token is disabled if you try to convert to an access token prior to authorization
    if (entry.getType() == OAuthEntry.Type.DISABLED) {
      servletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "This token is disabled, please reinitate login");
      return;
    }

    String callback = entry.getCallbackUrl();

    // Redirect to a UI flow if the token is not authorized
    if (!entry.isAuthorized()) {
      // TBD -- need to decode encrypted payload somehow..
      if (this.oauthAuthorizeAction.startsWith("http")) {
        // Redirect to authorization page with params
        // Supply standard set of params
        // TBD
      } else {
        // Use internal forward to a jsp page
        servletRequest.setAttribute("OAUTH_DATASTORE",  dataStore);

        servletRequest.setAttribute("OAUTH_ENTRY",  entry);
        servletRequest.setAttribute("CALLBACK", callback);

        servletRequest.setAttribute("TOKEN", entry.getToken());
        servletRequest.setAttribute("CONSUMER", consumer);

        servletRequest.getRequestDispatcher(oauthAuthorizeAction).forward(servletRequest,servletResponse);
      }
      return;
    }

    // If we're here then the entry has been authorized

    // redirect to callback
    if (callback == null || "oob".equals(callback)) {
      // consumer did not specify a callback
      servletResponse.setContentType("text/plain");
      PrintWriter out = servletResponse.getWriter();
      out.write("Token successfully authorized.\n");
      if (entry.getCallbackToken() != null) {
        // Usability fail.
        out.write("Please enter code " + entry.getCallbackToken() + " at the consumer.");
      }
    } else {
      callback = OAuth.addParameters(callback, OAuth.OAUTH_TOKEN, entry.getToken());
      // Add user_id to the callback
      callback = OAuth.addParameters(callback, "user_id", entry.getUserId());
      if (entry.getCallbackToken() != null) {
        callback = OAuth.addParameters(callback, OAuth.OAUTH_VERIFIER,
                                       entry.getCallbackToken());
      }

      servletResponse.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
      servletResponse.setHeader("Location", callback);
    }
View Full Code Here

  // the requestToken
  private void createAccessToken(HttpServletRequest servletRequest,
                                 HttpServletResponse servletResponse) throws ServletException, IOException, OAuthException, URISyntaxException {
    OAuthMessage requestMessage = OAuthServlet.getMessage(servletRequest, null);

    OAuthEntry entry = getValidatedEntry(requestMessage);
    if (entry == null)
      throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);

    if (entry.getCallbackToken() != null) {
      // We're using the fixed protocol
      String clientCallbackToken = requestMessage.getParameter(OAuth.OAUTH_VERIFIER);
      if (!entry.getCallbackToken().equals(clientCallbackToken)) {
        dataStore.disableToken(entry);
        servletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "This token is not authorized");
        return;
      }
    } else if (!entry.isAuthorized()) {
      // Old protocol.  Catch consumers trying to convert a token to one that's not authorized
      dataStore.disableToken(entry);
      servletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "This token is not authorized");
      return;
    }

    // turn request token into access token
    OAuthEntry accessEntry = dataStore.convertToAccessToken(entry);

    sendResponse(servletResponse, OAuth.newList(
                   OAuth.OAUTH_TOKEN, accessEntry.getToken(),
                   OAuth.OAUTH_TOKEN_SECRET, accessEntry.getTokenSecret(),
                   "user_id", entry.getUserId()));
  }
View Full Code Here


  private OAuthEntry getValidatedEntry(OAuthMessage requestMessage)
    throws IOException, ServletException, OAuthException, URISyntaxException {

    OAuthEntry entry = dataStore.getEntry(requestMessage.getToken());
    if (entry == null)
      throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);

    if (entry.getType() != OAuthEntry.Type.REQUEST)
      throw new OAuthProblemException(OAuth.Problems.TOKEN_USED);

    if (entry.isExpired())
      throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);

    // find consumer key, compare with supplied value, if present.

    if  (requestMessage.getConsumerKey() == null) {
      OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
      e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY);
      throw e;
    }

    String consumerKey = entry.getConsumerKey();
    if (!consumerKey.equals(requestMessage.getConsumerKey()))
      throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED);

    OAuthConsumer consumer = dataStore.getConsumer(consumerKey);
    if (consumer == null)
      throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);

    OAuthAccessor accessor = new OAuthAccessor(consumer);
    accessor.requestToken = entry.getToken();
    accessor.tokenSecret = entry.getTokenSecret();

    validator.validateMessage(requestMessage, accessor);

    return entry;
  }
View Full Code Here

  }

  // Generate a valid requestToken for the given consumerKey
  public OAuthEntry generateRequestToken(String consumerKey, String oauthVersion,
                                         String signedCallbackUrl) {
    OAuthEntry entry = new OAuthEntry();
    entry.setAppId(consumerKey);
    entry.setConsumerKey(consumerKey);
    entry.setDomain("samplecontainer.com");
    entry.setContainer("default");

    entry.setToken(UUID.randomUUID().toString());
    entry.setTokenSecret(UUID.randomUUID().toString());

    entry.setType(OAuthEntry.Type.REQUEST);
    entry.setIssueTime(new Date());
    entry.setOauthVersion(oauthVersion);
    if (signedCallbackUrl != null) {
      entry.setCallbackUrlSigned(true);
      entry.setCallbackUrl(signedCallbackUrl);
    }

    oauthEntries.put(entry.getToken(), entry);
    return entry;
  }
View Full Code Here

  // Turns the request token into an access token
  public OAuthEntry convertToAccessToken(OAuthEntry entry) {
    Preconditions.checkNotNull(entry);
    Preconditions.checkState(entry.getType() == OAuthEntry.Type.REQUEST, "Token must be a request token");

    OAuthEntry accessEntry = new OAuthEntry(entry);

    accessEntry.setToken(UUID.randomUUID().toString());
    accessEntry.setTokenSecret(UUID.randomUUID().toString());

    accessEntry.setType(OAuthEntry.Type.ACCESS);
    accessEntry.setIssueTime(new Date());

    oauthEntries.invalidate(entry.getToken());
    oauthEntries.put(accessEntry.getToken(), accessEntry);

    return accessEntry;
  }
View Full Code Here

TOP

Related Classes of org.apache.shindig.social.opensocial.oauth.OAuthEntry

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.