Use current authentication for device authorization
Issue gh-1189
This commit is contained in:
@@ -22,30 +22,19 @@ import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.core.ParameterizedTypeReference;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
|
||||
import org.springframework.security.oauth2.core.OAuth2DeviceCode;
|
||||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.web.context.SecurityContextRepository;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.util.LinkedMultiValueMap;
|
||||
@@ -83,12 +72,6 @@ public class DeviceController {
|
||||
|
||||
private final String messagesBaseUri;
|
||||
|
||||
private final SecurityContextRepository securityContextRepository =
|
||||
new HttpSessionSecurityContextRepository();
|
||||
|
||||
private final SecurityContextHolderStrategy securityContextHolderStrategy =
|
||||
SecurityContextHolder.getContextHolderStrategy();
|
||||
|
||||
public DeviceController(ClientRegistrationRepository clientRegistrationRepository, WebClient webClient,
|
||||
@Value("${messages.base-uri}") String messagesBaseUri) {
|
||||
|
||||
@@ -98,7 +81,7 @@ public class DeviceController {
|
||||
}
|
||||
|
||||
@GetMapping("/device_authorize")
|
||||
public String authorize(Model model, HttpServletRequest request, HttpServletResponse response) {
|
||||
public String authorize(Model model) {
|
||||
// @formatter:off
|
||||
ClientRegistration clientRegistration =
|
||||
this.clientRegistrationRepository.findByRegistrationId(
|
||||
@@ -143,13 +126,9 @@ public class DeviceController {
|
||||
Instant issuedAt = Instant.now();
|
||||
Integer expiresIn = (Integer) responseParameters.get(OAuth2ParameterNames.EXPIRES_IN);
|
||||
Instant expiresAt = issuedAt.plusSeconds(expiresIn);
|
||||
String deviceCodeValue = (String) responseParameters.get(OAuth2ParameterNames.DEVICE_CODE);
|
||||
|
||||
OAuth2DeviceCode deviceCode = new OAuth2DeviceCode(deviceCodeValue, issuedAt, expiresAt);
|
||||
saveSecurityContext(deviceCode, request, response);
|
||||
|
||||
model.addAttribute("deviceCode", deviceCode.getTokenValue());
|
||||
model.addAttribute("expiresAt", deviceCode.getExpiresAt());
|
||||
model.addAttribute("deviceCode", responseParameters.get(OAuth2ParameterNames.DEVICE_CODE));
|
||||
model.addAttribute("expiresAt", expiresAt);
|
||||
model.addAttribute("userCode", responseParameters.get(OAuth2ParameterNames.USER_CODE));
|
||||
model.addAttribute("verificationUri", responseParameters.get(OAuth2ParameterNames.VERIFICATION_URI));
|
||||
// Note: You could use a QR-code to display this URL
|
||||
@@ -210,19 +189,4 @@ public class DeviceController {
|
||||
return "index";
|
||||
}
|
||||
|
||||
private void saveSecurityContext(OAuth2DeviceCode deviceCode, HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
|
||||
// @formatter:off
|
||||
UsernamePasswordAuthenticationToken deviceAuthentication =
|
||||
UsernamePasswordAuthenticationToken.authenticated(
|
||||
deviceCode, null, AuthorityUtils.createAuthorityList("ROLE_DEVICE"));
|
||||
// @formatter:on
|
||||
|
||||
SecurityContext securityContext = this.securityContextHolderStrategy.createEmptyContext();
|
||||
securityContext.setAuthentication(deviceAuthentication);
|
||||
this.securityContextHolderStrategy.setContext(securityContext);
|
||||
this.securityContextRepository.saveContext(securityContext, request, response);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user