svn commit: r941010 - in /shindig/trunk/java: common/conf/ gadgets/src/main/java/org/apache/shindig/gadgets/oauth/ gadgets/src/test/java/org/apache/shindig/gadgets/oauth/ server/src/main/webapp/WEB-INF/ social-api/src/main/java/org/apache/shindig/socia...

[lindner]

Author: lindner
Date: Tue May  4 19:45:28 2010
New Revision: 941010

URL: http://svn.apache.org/viewvc?rev=941010&view=rev
Log:
remove non 1.0a functionality

Modified:
    shindig/trunk/java/common/conf/shindig.properties
    
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java
    
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java
    shindig/trunk/java/server/src/main/webapp/WEB-INF/authorize.jsp
    
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java

Modified: shindig/trunk/java/common/conf/shindig.properties
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/common/conf/shindig.properties?rev=941010&r1=941009&r2=941010&view=diff
==============================================================================
--- shindig/trunk/java/common/conf/shindig.properties (original)
+++ shindig/trunk/java/common/conf/shindig.properties Tue May  4 19:45:28 2010
@@ -29,8 +29,6 @@ shindig.blacklist.file=
 shindig.oauth.base-url=/oauth/
 shindig.oauth.authorize-action=/WEB-INF/authorize.jsp
 shindig.oauth.legacy-body-signing=true
-shindig.oauth.enable-oauth-1.0=true
-shindig.oauth.enable-signed-callbacks=true
 
 ### Outbound OAuth support
 shindig.signing.state-key=

Modified: 
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java?rev=941010&r1=941009&r2=941010&view=diff
==============================================================================
--- 
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java
 (original)
+++ 
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java
 Tue May  4 19:45:28 2010
@@ -81,18 +81,15 @@ import org.apache.shindig.gadgets.servle
  */
 public class GadgetOAuthCallbackGenerator implements OAuthCallbackGenerator {
 
-  private final boolean enableSignedCallbacks;
   private final Processor processor;
   private final LockedDomainService lockedDomainService;
   private final UrlGenerator urlGenerator;
   private final BlobCrypter stateCrypter;
 
   @Inject
-  public 
GadgetOAuthCallbackGenerator(@Named("shindig.signing.enable-signed-callbacks")
-      boolean enableSignedCallbacks, Processor processor, LockedDomainService 
lockedDomainService,
+  public GadgetOAuthCallbackGenerator(Processor processor, LockedDomainService 
lockedDomainService,
       UrlGenerator urlGenerator, @Named(OAuthFetcherConfig.OAUTH_STATE_CRYPTER)
       BlobCrypter stateCrypter) {
-    this.enableSignedCallbacks = enableSignedCallbacks;
     this.processor = processor;
     this.lockedDomainService = lockedDomainService;
     this.urlGenerator = urlGenerator;
@@ -101,9 +98,6 @@ public class GadgetOAuthCallbackGenerato
   
   public String generateCallback(OAuthFetcherConfig fetcherConfig, String 
baseCallback,
       HttpRequest request, OAuthResponseParams responseParams) throws 
OAuthRequestException {
-    if (!enableSignedCallbacks) {
-      return null;
-    }
     Uri activeUrl = checkGadgetCanRender(request.getSecurityToken(),
         request.getOAuthArguments(), responseParams);
     String gadgetDomainCallback = 
getGadgetDomainCallback(request.getSecurityToken(), activeUrl);

Modified: 
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java?rev=941010&r1=941009&r2=941010&view=diff
==============================================================================
--- 
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java
 (original)
+++ 
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java
 Tue May  4 19:45:28 2010
@@ -74,18 +74,11 @@ public class GadgetOAuthCallbackGenerato
   }
   
   private GadgetOAuthCallbackGenerator getGenerator() {
-    return new GadgetOAuthCallbackGenerator(true, processor, 
lockedDomainService, urlGenerator,
+    return new GadgetOAuthCallbackGenerator(processor, lockedDomainService, 
urlGenerator,
         stateCrypter);
   }
 
   @Test
-  public void testDisabled() throws Exception {
-    GadgetOAuthCallbackGenerator generator = new 
GadgetOAuthCallbackGenerator(false, null, null,
-        null, null);
-    assertNull(generator.generateCallback(null, null, null, null));
-  }
-  
-  @Test
   public void testWrongDomain() throws Exception {
     HttpRequest request = new HttpRequest(DEST_URL);
     request.setSecurityToken(securityToken);

Modified: shindig/trunk/java/server/src/main/webapp/WEB-INF/authorize.jsp
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/server/src/main/webapp/WEB-INF/authorize.jsp?rev=941010&r1=941009&r2=941010&view=diff
==============================================================================
--- shindig/trunk/java/server/src/main/webapp/WEB-INF/authorize.jsp (original)
+++ shindig/trunk/java/server/src/main/webapp/WEB-INF/authorize.jsp Tue May  4 
19:45:28 2010
@@ -71,17 +71,9 @@ The following application wants to acces
 <img src="${appThumbnail}" align="left" width="120" height="60"/>
 <c:out value="${appDesc}" default=""/>
 <br/>
-<c:if test="${SECURITY_THREAT_2009_1}">
-  <font color="red"><b>POSSIBLE SECURITY RISK</b> - 
-  Deny this request unless you directly initiated it from the Official 
-  <i><c:out value="${appTitle}"/></i> web site
-  </font>
-</c:if>
 
 <form name="authZForm" action="authorize" method="POST">
   <input type="hidden" name="oauth_token" value="<%= token %>"/>
-  <input type="hidden" name="oauth_callback" value="<%= 
-    (callback != null ? URLEncoder.encode(callback, "UTF-8") : "") %>"/>
   <input type="submit" name="Authorize" value="Deny"/>
   <input type="submit" name="Authorize" value="Authorize"/>
 </form>

Modified: 
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java?rev=941010&r1=941009&r2=941010&view=diff
==============================================================================
--- 
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java
 (original)
+++ 
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java
 Tue May  4 19:45:28 2010
@@ -60,15 +60,6 @@ public class SampleOAuthServlet extends 
   @Inject void setAuthorizeAction(@Named("shindig.oauth.authorize-action") 
String authorizeAction) {
      this.oauthAuthorizeAction = authorizeAction;
   }
-  
-  @Inject void setSupportOAuth10(@Named("shindig.oauth.enable-oauth-1.0") 
boolean enableOAuth10) {
-    this.enableOAuth10 = enableOAuth10;
-  }
-
-  @Inject void 
setSupportSignedCallbacks(@Named("shindig.oauth.enable-signed-callbacks")
-      boolean enableSignedCallbacks) {
-    this.enableSignedCallbacks = enableSignedCallbacks;
-  }
 
   @Override
   protected void doPost(HttpServletRequest servletRequest,
@@ -120,16 +111,16 @@ public class SampleOAuthServlet extends 
     OAuthAccessor accessor = new OAuthAccessor(consumer);
     VALIDATOR.validateMessage(requestMessage, accessor);
 
-    String callback = null;
-    if (enableSignedCallbacks) {
-      callback = requestMessage.getParameter(OAuth.OAUTH_CALLBACK);
+    String callback = requestMessage.getParameter(OAuth.OAUTH_CALLBACK);
+
+    if (callback == null) {
+      // see if the consumer has a callback
+      callback = consumer.callbackURL;
     }
-    if (callback == null && !enableOAuth10) {
-      OAuthProblemException e = new 
OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
-      e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, 
OAuth.OAUTH_CALLBACK);
-      throw e;
+    if (callback == null) {
+      callback = "oob";
     }
-   
+
     // generate request_token and secret
     OAuthEntry entry = dataStore.generateRequestToken(consumerKey,
         requestMessage.getParameter(OAuth.OAUTH_VERSION), callback);
@@ -169,22 +160,6 @@ public class SampleOAuthServlet extends 
       servletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "consumer 
for entry not found");
       return;
     }
-    
-    // A flag to deal with protocol flaws in OAuth/1.0
-    Boolean securityThreat_2009_1 = !entry.callbackUrlSigned;
-
-    // Check for a callback in the oauth entry
-    String callback = entry.callbackUrl;
-
-    if (callback == null) {
-      // see if there's a callback in the url params
-      callback = requestMessage.getParameter(OAuth.OAUTH_CALLBACK);
-    }
-
-    if (callback == null) {
-      // see if the consumer has a callback
-      callback = consumer.callbackURL;
-    }
 
     // The token is disabled if you try to convert to an access token prior to 
authorization
     if (entry.type == OAuthEntry.Type.DISABLED) {
@@ -192,6 +167,8 @@ public class SampleOAuthServlet extends 
       return;
     }
 
+    String callback = entry.callbackUrl;
+
     // Redirect to a UI flow if the token is not authorized
     if (!entry.authorized) {
       // TBD -- need to decode encrypted payload somehow..
@@ -208,8 +185,7 @@ public class SampleOAuthServlet extends 
 
         servletRequest.setAttribute("TOKEN", entry.token);
         servletRequest.setAttribute("CONSUMER", consumer);
-        servletRequest.setAttribute("SECURITY_THREAT_2009_1", 
securityThreat_2009_1);
-        
+
         
servletRequest.getRequestDispatcher(oauthAuthorizeAction).forward(servletRequest,servletResponse);
       }
       return;