public static Matcher<? super ConsumerToken> equalTo(ConsumerToken token) { // Hamcrest's is/equalTo matcher uses Object.equals so Consumer properties // need to be explicitly checked // Note: token properties excluded from match as they do not survive conversion // from OAuthAccessors return allOf(hasProperty("consumer", samePropertyValuesAs(token.getConsumer())), hasProperty("token", is(token.getToken())), hasProperty("tokenSecret", is(token.getTokenSecret()))); }
@Override protected Request createUnsignedRequest() { // a 3LO request needs a valid OAuth token. return new com.atlassian.oauth.Request(toOAuthMethodType(methodType), URI.create(url), toOAuthParameters(consumerToken.getToken())); }
public void addConsumerToken(final ApplicationLink applicationLink, final String username, final ConsumerToken consumerToken) { Preconditions.checkNotNull(applicationLink, "applicationLink"); Preconditions.checkNotNull(username, "username"); Preconditions.checkNotNull(consumerToken, "consumerToken"); verifyOAuthOutgoingEnabled(applicationLink.getId()); final Map<String, String> tokenProperties = new HashMap<String, String>(); tokenProperties.put(APPLINKS_APPLICATION_LINK_ID, applicationLink.getId().get()); final ConsumerTokenStore.Key key = makeOAuthApplinksConsumerKey(username, applicationLink.getId().get()); ConsumerToken.ConsumerTokenBuilder tokenBuilder; if (consumerToken.isAccessToken()) { tokenBuilder = ConsumerToken.newAccessToken(consumerToken.getToken()); } else { tokenBuilder = ConsumerToken.newRequestToken(consumerToken.getToken()); } tokenBuilder.tokenSecret(consumerToken.getTokenSecret()).consumer(consumerToken.getConsumer()).properties(tokenProperties); consumerTokenStore.put(key, tokenBuilder.build()); }
private void obtainAndAuthorizeRequestToken(final ApplicationLink applicationLink, final HttpServletResponse resp, final HttpServletRequest req) throws ResponseException, IOException { final Map<String, String> config = authenticationConfigurationManager.getConfiguration(applicationLink.getId(), OAuthAuthenticationProvider.class); final ServiceProvider serviceProvider = ServiceProviderUtil.getServiceProvider(config, applicationLink); final String consumerKey = getConsumerKey(applicationLink); final String redirectUrl = getRedirectUrl(req); URI baseUrl = RequestUtil.getBaseURLFromRequest(req, internalHostApplication.getBaseUrl()); final String redirectToMeUrl = baseUrl + ServletPathConstants.APPLINKS_SERVLETS_PATH + "/oauth/login-dance/" + ACCESS_PATH + "?" + APPLICATION_LINK_ID_PARAM + "=" + applicationLink.getId() + (redirectUrl != null ? "&" + REDIRECT_URL_PARAM + "=" + URLEncoder.encode(redirectUrl, "UTF-8") : ""); final ConsumerToken requestToken = oAuthTokenRetriever.getRequestToken(serviceProvider, consumerKey, redirectToMeUrl); consumerTokenStoreService.addConsumerToken(applicationLink, getRemoteUsername(req), requestToken); Map<String, String> parameters = new HashMap<String, String>(); parameters.put(OAuth.OAUTH_TOKEN, requestToken.getToken()); parameters.put(OAuth.OAUTH_CALLBACK, redirectToMeUrl); resp.sendRedirect(serviceProvider.getAuthorizeUri() + "?" + OAuth.formEncode(parameters.entrySet())); }
public ConsumerToken getAccessToken(ServiceProvider serviceProvider, ConsumerToken requestTokenPair, String requestVerifier, final String consumerKey) throws ResponseException { final List<Request.Parameter> parameters = new ArrayList<Request.Parameter>(); parameters.add(new Request.Parameter(OAuth.OAUTH_TOKEN, requestTokenPair.getToken())); if (StringUtils.isNotBlank(requestVerifier)) // Added in OAuth 1.0a { parameters.add(new Request.Parameter(OAuth.OAUTH_VERIFIER, requestVerifier)); } final Request oAuthRequest = new Request(Request.HttpMethod.POST, serviceProvider.getAccessTokenUri(), parameters); final Request signedRequest = consumerService.sign(oAuthRequest, serviceProvider, requestTokenPair); final TokenAndSecret tokenAndSecret = requestToken(serviceProvider.getAccessTokenUri().toString(), signedRequest); ConsumerToken accessToken = ConsumerToken.newAccessToken(tokenAndSecret.token).tokenSecret(tokenAndSecret.secret).consumer(getConsumer(consumerKey)).build(); assert (accessToken.isAccessToken()); return accessToken; }
private void getAccessToken(String requestToken, final ApplicationLink applicationLink, final HttpServletRequest request) throws ResponseException { final String username = getRemoteUsername(request); final ConsumerToken requestTokenPair = consumerTokenStoreService.getConsumerToken(applicationLink, username); if (requestTokenPair == null) { throw new ResponseException("Cannot get access token as no request token pair can be found"); } if (requestTokenPair.isAccessToken()) { //Already has access token. return; } if (!requestToken.equals(requestTokenPair.getToken())) { throw new ResponseException("The oauth_token in the request is not the same as the token persisted in the system."); } final Map<String, String> config = authenticationConfigurationManager.getConfiguration(applicationLink.getId(), OAuthAuthenticationProvider.class); final ServiceProvider serviceProvider = ServiceProviderUtil.getServiceProvider(config, applicationLink); final String requestVerifier = request.getParameter(OAuth.OAUTH_VERIFIER); final String consumerKey = getConsumerKey(applicationLink); final ConsumerToken accessToken = oAuthTokenRetriever.getAccessToken(serviceProvider, requestTokenPair, requestVerifier, consumerKey); consumerTokenStoreService.removeConsumerToken(applicationLink.getId(), username); consumerTokenStoreService.addConsumerToken(applicationLink, username, accessToken); }