public static BlobCrypterSecurityToken fromToken(SecurityToken token) { BlobCrypterSecurityToken interpretedToken = new BlobCrypterSecurityToken(token.getContainer(), token.getDomain(), token.getActiveUrl(), null); interpretedToken .setAppId(token.getAppId()) .setAppUrl(token.getAppUrl()) .setExpiresAt(token.getExpiresAt()) .setModuleId(token.getModuleId()) .setOwnerId(token.getOwnerId()) .setTrustedJson(token.getTrustedJson()) .setViewerId(token.getViewerId()); return interpretedToken; } }
public boolean isAnonymous() { return delegate.isAnonymous(); }
public String getUserId(SecurityToken token) { switch(type) { case owner: return token.getOwnerId(); case viewer: case me: return token.getViewerId(); case userId: return userId; default: throw new IllegalStateException("The type field is not a valid enum: " + type); } }
public OAuthGadgetContext(SecurityToken securityToken, OAuthArguments arguments) { this.securityToken = securityToken; this.container = securityToken.getContainer(); this.appUrl = Uri.parse(securityToken.getAppUrl()); this.bypassSpecCache = arguments.getBypassSpecCache(); }
/** * Encodes a token using the a plaintext dummy format. * @param token token to encode * @return token with values separated by colons */ public String encodeToken(SecurityToken token) { return Joiner.on(":").join( Utf8UrlCoder.encode(token.getOwnerId()), Utf8UrlCoder.encode(token.getViewerId()), Utf8UrlCoder.encode(token.getAppId()), Utf8UrlCoder.encode(token.getDomain()), Utf8UrlCoder.encode(token.getAppUrl()), Long.toString(token.getModuleId()), Utf8UrlCoder.encode(token.getContainer())); }
@Test public void testCreateToken() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", null, null, values); String encrypted = t.getContainer() + ":" + getBlobCrypter(getContainerKey("container")).wrap(t.toMap()); SecurityToken t2 = codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); assertEquals("http://www.example.com/gadget.xml", t2.getAppId()); assertEquals("http://www.example.com/gadget.xml", t2.getAppUrl()); assertEquals("container.com", t2.getDomain()); assertEquals(12345L, t2.getModuleId()); assertEquals("owner", t2.getOwnerId()); assertEquals("viewer", t2.getViewerId()); assertEquals("trusted", t2.getTrustedJson()); }
@Test public void testBasicDecoder() throws Exception { DefaultSecurityTokenCodec codec = new DefaultSecurityTokenCodec( new FakeContainerConfig("insecure")); String token = "o:v:app:domain:appurl:12345:container"; Map<String, String> parameters = Collections.singletonMap( SecurityTokenCodec.SECURITY_TOKEN_NAME, token); SecurityToken st = codec.createToken(parameters); assertEquals("o", st.getOwnerId()); assertEquals("v", st.getViewerId()); assertEquals("appurl", st.getAppUrl()); assertEquals("container", st.getContainer()); }
private BasicOAuthStoreTokenIndex makeBasicOAuthStoreTokenIndex( SecurityToken securityToken, String serviceName, String tokenName) { BasicOAuthStoreTokenIndex tokenKey = new BasicOAuthStoreTokenIndex(); tokenKey.setGadgetUri(securityToken.getAppUrl()); tokenKey.setModuleId(securityToken.getModuleId()); tokenKey.setServiceName(serviceName); tokenKey.setTokenName(tokenName); tokenKey.setUserId(securityToken.getViewerId()); return tokenKey; }
@Test public void testVerifyOAuthRequest() throws Exception { expectTokenEntry(); expectConsumer(); replay(); HttpServletRequest request = formEncodedPost.sign(TOKEN, FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE); SecurityToken token = reqHandler.getSecurityTokenFromRequest(request); assertEquals(FakeOAuthRequest.REQUESTOR, token.getViewerId()); assertEquals(APP_ID, token.getAppId()); assertEquals(DOMAIN, token.getDomain()); assertEquals(CONTAINER, token.getContainer()); assertNotNull(token); assertTrue(token instanceof OAuthSecurityToken); verify(); }
@Operation(httpMethods = "GET", path="/@supportedFields") public List<Object> supportedFields(RequestItem request) { // TODO: Would be nice if name in config matched name of service. String container = Objects.firstNonNull(request.getToken().getContainer(), ContainerConfig.DEFAULT_CONTAINER); return config.getList(container, "${Cur['gadgets.features'].opensocial.supportedFields.activity}"); } }
public String getValue(SecurityToken token) { return token.getAppId(); } public void loadFromMap(AbstractSecurityToken token, Map<String, String> map) {
private void checkSecurityToken(HttpRequest request) { if (request.getSecurityToken() == null) { throw new RuntimeException("Security token should not be null" ); } if (!request.getSecurityToken().isAnonymous()) { throw new RuntimeException("Expected an anonymous security token" ); } if (expectedRequestSecurityToken != null) { if (!expectedRequestSecurityToken.getAppUrl().equals( request.getSecurityToken().getAppUrl() )) { throw new RuntimeException("Security token AppUrl mismatch" ); } } }
protected static String getOwnerId(HttpRequest request) { if (request.getAuthType() != AuthType.NONE && request.getOAuthArguments().getSignOwner()) { Preconditions.checkState(request.getSecurityToken() != null, "No Security Token set for request"); String ownerId = request.getSecurityToken().getOwnerId(); return Objects.firstNonNull(ownerId, ""); } // Requests that don't use authentication can share the result. return null; }
private Uri checkGadgetCanRender(SecurityToken securityToken, OAuthArguments arguments, OAuthResponseParams responseParams) throws OAuthRequestException { try { GadgetContext context = new OAuthGadgetContext(securityToken, arguments); // This feels really heavy-weight, is there a simpler way to figure out if a gadget requires // a locked-domain? Gadget gadget = processor.process(context); Uri activeUrl = Uri.parse(securityToken.getActiveUrl()); String hostname = activeUrl.getAuthority(); if (!lockedDomainService.isGadgetValidForHost(hostname, gadget, securityToken.getContainer())) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Gadget should not be using URL " + activeUrl); } return activeUrl; } catch (ProcessingException e) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Unable to check if gadget is using locked-domain", e); } }
public String getValue(SecurityToken token) { return token.getDomain(); } public void loadFromMap(AbstractSecurityToken token, Map<String, String> map) {
public String getValue(SecurityToken token) { return token.getTrustedJson(); } public void loadFromMap(AbstractSecurityToken token, Map<String, String> map) {
public String getValue(SecurityToken token) { return token.getViewerId(); } public void loadFromMap(AbstractSecurityToken token, Map<String, String> map) {
public String getValue(SecurityToken token) { long value = token.getModuleId(); if (value == 0) { return null; } return Long.toString(token.getModuleId(), 10); } public void loadFromMap(AbstractSecurityToken token, Map<String, String> map) {
public String getActiveUrl() { return delegate.getActiveUrl(); } }