[brooklyn-server] 19/49: Merge branch 'oauth-juan' into oauth-merged

[heneveld]

This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git

commit bf952bf3044fc82d43e305285dc31c8bfc37cdf7
Merge: fc5ee8d 8dc19c1
Author: Alex Heneveld <alex.henev...@cloudsoftcorp.com>
AuthorDate: Wed Dec 12 13:38:51 2018 +0000

    Merge branch 'oauth-juan' into oauth-merged
    
    merge diffs in the GoogleOauthLoginModule - still WIP

 .../rest/security/jaas/GoogleOauthLoginModule.java | 109 ++++++++++++++-------
 1 file changed, 73 insertions(+), 36 deletions(-)

diff --cc 
rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/jaas/GoogleOauthLoginModule.java
index 9a187ef,ed2d68d..8a86e1f
--- 
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/jaas/GoogleOauthLoginModule.java
+++ 
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/jaas/GoogleOauthLoginModule.java
@@@ -18,7 -18,8 +18,27 @@@
   */
  package org.apache.brooklyn.rest.security.jaas;
  
--import net.minidev.json.JSONObject;
++import java.io.IOException;
++import java.security.Principal;
++import java.util.ArrayList;
++import java.util.HashMap;
++import java.util.HashSet;
++import java.util.List;
++import java.util.Map;
++import java.util.Optional;
++import java.util.Random;
++import java.util.Set;
++
++import javax.security.auth.Subject;
++import javax.security.auth.callback.Callback;
++import javax.security.auth.callback.CallbackHandler;
++import javax.security.auth.callback.NameCallback;
++import javax.security.auth.callback.UnsupportedCallbackException;
++import javax.security.auth.login.LoginException;
++import javax.security.auth.spi.LoginModule;
++import javax.servlet.ServletException;
++
+ import org.apache.brooklyn.util.text.Strings;
  import org.apache.http.HttpEntity;
  import org.apache.http.HttpResponse;
  import org.apache.http.NameValuePair;
@@@ -28,7 -29,7 +48,6 @@@ import org.apache.http.client.entity.Ur
  import org.apache.http.client.methods.HttpGet;
  import org.apache.http.client.methods.HttpPost;
  import org.apache.http.client.methods.HttpRequestBase;
--import org.apache.http.entity.ContentType;
  import org.apache.http.impl.client.DefaultHttpClient;
  import org.apache.http.message.BasicNameValuePair;
  import org.apache.http.util.EntityUtils;
@@@ -39,20 -41,21 +58,9 @@@ import org.eclipse.jetty.server.Respons
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  
--import javax.security.auth.Subject;
--import javax.security.auth.callback.CallbackHandler;
--import javax.security.auth.login.LoginException;
--import javax.security.auth.spi.LoginModule;
 -import java.lang.reflect.Array;
--import java.util.*;
--import java.io.IOException;
--import java.security.Principal;
--
--import javax.security.auth.callback.Callback;
--import javax.security.auth.callback.NameCallback;
--import javax.security.auth.callback.UnsupportedCallbackException;
--import javax.servlet.ServletException;
 -import javax.servlet.http.Cookie;
 -import javax.servlet.http.HttpServletResponse;
++import net.minidev.json.JSONObject;
++import net.minidev.json.parser.JSONParser;
++import net.minidev.json.parser.ParseException;
  
  
  public class GoogleOauthLoginModule implements LoginModule {
@@@ -67,12 -71,11 +76,24 @@@
  //    public static final String PARAM_CALLBACK_URI = "callbackUri";
  //    public static final String PARAM_AUDIENCE = "audience";
  
-     private String authoriseURL = "https://github.com/login/oauth/authorize";;
-     private String tokenURL = "https://github.com/login/oauth/access_token";;
-     private String apiURLBase = "https://api.github.com/";;
+     private String uriGetToken = "https://accounts.google.com/o/oauth2/token";;
++    private String uriAuthorize = "https://accounts.google.com/o/oauth2/auth";;
+     private String uriTokenInfo = 
"https://www.googleapis.com/oauth2/v1/tokeninfo";;
++    
++    // or github:
++//    private String uriGetToken = "https://github.com/login/oauth/authorize";;
++//    private String uriAuthorize = 
"https://github.com/login/oauth/authorize";;
++//    private String uriTokenInfo = 
"https://github.com/login/oauth/access_token";;
++    
++//    private String apiURLBase = "https://api.github.com/";;
++
      private String uriTokenRedirect = "/";
-     private String clientId = "7f76b9970d8ac15b30b0";
-     private String clientSecret = "9e15f8dd651f0b1896a3a582f17fa82f049fc910";
++    // google
+     private String clientId = 
"789182012565-burd24h3bc0im74g2qemi7lnihvfqd02.apps.googleusercontent.com";
+     private String clientSecret = "X00v-LfU34U4SfsHqPKMWfQl";
++    // github
++//    private String clientId = "7f76b9970d8ac15b30b0";
++//    private String clientSecret = 
"9e15f8dd651f0b1896a3a582f17fa82f049fc910";
      private String callbackUri = "http://localhost.io:8081/";;
      private String audience = "audience";
  
@@@ -138,12 -141,11 +159,11 @@@
  
          // Getting token, if exists, from the current session
          String token = (String) 
request.getSession().getAttribute(SESSION_KEY_ACCESS_TOKEN);
- 
+ //        token=TOKEN;
          try {
-             if (code != null && !"".equals(code)) { // in brooklyn, have
-                 // Strings.isNonBlank(code)
-             eligible = getToken();
-             } else if (token == null || "".equals(token)) { // isBlank
+             if (Strings.isNonBlank(code)) {
+                 eligible = getToken();
 -            } else if (token == null || "".equals(token)) { // isBlank
++            } else if (Strings.isEmpty(token)) {
                      eligible = redirectLogin();
              } else {
                  eligible = validateToken(token);
@@@ -305,31 -312,32 +330,43 @@@
          principals = null;
      }
  
 +    private static String createRandomHexString(int length){
 +        Random random = new Random();
 +        StringBuilder sb = new StringBuilder();
 +        while (sb.length() < length) {
 +            sb.append(Integer.toHexString(random.nextInt()));
 +        }
 +        return sb.toString();
 +    }
 +
      private boolean redirectLogin() throws IOException {
 -        String state="state";
 -        StringBuilder oauthUrl = new 
StringBuilder().append("https://accounts.google.com/o/oauth2/auth";)
 -                .append("?client_id=").append(clientId) // the client id from 
the api console registration
 -                
.append("&response_type=code").append("&scope=openid%20email") // scope is the 
api permissions we
 -                // are requesting
 -                .append("&redirect_uri=").append(callbackUri) // the servlet 
that google redirects to after
 +        String state=createRandomHexString(16); //should be stored in session
-         StringBuilder oauthUrl = new StringBuilder().append(authoriseURL)
++        StringBuilder oauthUrl = new StringBuilder().append(uriAuthorize)
 +                .append("?response_type=").append("code")
 +                .append("&client_id=").append(clientId) // the client id from 
the api console registration
 +                .append("&redirect_uri=").append(callbackUri) // the servlet 
that github redirects to after
                  // authorization
 +                .append("&scope=").append("user public_repo")
++//                .append("&scope=openid%20email") // scope is the api 
permissions we
                  .append("&state=").append(state)
                  .append("&access_type=offline") // here we are asking to 
access to user's data while they are not
                  // signed in
                  .append("&approval_prompt=force"); // this requires them to 
verify which account to use, if they are
 +        // already signed in
+ 
+         // just for look inside
 -        Collection<String> originalHeaders = response.getHeaderNames();
++//        Collection<String> originalHeaders = response.getHeaderNames();
+ 
+         response.reset();
 -        response.addHeader("Origin", "http://localhost.io:8081";);
 -        response.addHeader("Access-Control-Allow-Origin", "*");
 -//        response.addHeader("Access-Control-Request-Method", "GET, POST");
 -//        response.addHeader("Access-Control-Request-Headers", "origin, 
x-requested-with");
++//        response.addHeader("Origin", "http://localhost.io:8081";);
++//        response.addHeader("Access-Control-Allow-Origin", "*");
++////        response.addHeader("Access-Control-Request-Method", "GET, POST");
++////        response.addHeader("Access-Control-Request-Headers", "origin, 
x-requested-with");
          logger.debug(oauthUrl.toString());
          response.sendRedirect(oauthUrl.toString());
+ 
          return false;
+ 
      }
  
      private Request getJettyRequest() {