diff --git a/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/PathHandler.java b/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/PathHandler.java index a71ec36..70fa63b 100644 --- a/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/PathHandler.java +++ b/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/PathHandler.java @@ -119,6 +119,7 @@ public abstract class PathHandler implements HttpHandler { } public static boolean sendContent(HttpExchange ex, Object o) throws IOException { + if (o instanceof JSONObject) ex.getResponseHeaders().add(CONTENT_TYPE, JSON); return sendContent(ex, HTTP_OK, o.toString().getBytes(UTF_8)); } diff --git a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/Backend.java b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/Backend.java index 25b0d1a..c83485d 100644 --- a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/Backend.java +++ b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/Backend.java @@ -59,10 +59,23 @@ public class Backend extends PathHandler { @Override public boolean doGet(String path, HttpExchange ex) throws IOException { + // pre-login paths switch (path) { case "/openid-configuration": return openidConfig(ex); } + + var optSession = getSession(ex); + if (optSession.isEmpty()) return sendEmptyResponse(HTTP_UNAUTHORIZED, ex); + + // post-login paths + var session = optSession.get(); + switch (path) { + case "/logout": + return logout(ex,session); + } + + System.err.println("not implemented"); return sendEmptyResponse(HTTP_NOT_FOUND, ex); } @@ -98,6 +111,12 @@ public class Backend extends PathHandler { return SessionToken.from(ex).map(SessionToken::sessionId).flatMap(sessions::retrieve); } + private boolean logout(HttpExchange ex, Session session) throws IOException { + sessions.dropSession(session.id()); + new SessionToken("").addTo(ex); + return sendEmptyResponse(HTTP_OK,ex); + } + private boolean openidConfig(HttpExchange ex) throws IOException { var uri = ex.getRequestURI().toString(); JSONObject json = new JSONObject(); @@ -108,15 +127,8 @@ public class Backend extends PathHandler { private boolean sendUserAndCookie(HttpExchange ex, Session session) throws IOException { - var bytes = new JSONObject(session.user().map(false)).toString().getBytes(UTF_8); - var headers = ex.getResponseHeaders(); - - headers.add(CONTENT_TYPE, JSON); - new SessionToken(session.id()).addTo(headers); - ex.sendResponseHeaders(200, bytes.length); - var out = ex.getResponseBody(); - out.write(bytes); - return true; + new SessionToken(session.id()).addTo(ex); + return sendContent(ex,new JSONObject(session.user().map(false))); } private boolean updatePassword(HttpExchange ex, Session session) throws IOException { @@ -126,13 +138,15 @@ public class Backend extends PathHandler { if (!uuid.equals(user.uuid())) { return sendEmptyResponse(HTTP_FORBIDDEN, ex); } - var oldPass = json.getJSONArray("oldpass"); - var oldPass1 = oldPass.getString(0); - if (!oldPass1.equals(oldPass.getString(1))){ + var oldPass = json.getString("oldpass"); + if (!users.passwordMatches(oldPass,user.hashedPassword())) return sendError(ex,"wrong password"); + + var newpass = json.getJSONArray("newpass"); + var newPass1 = newpass.getString(0); + if (!newPass1.equals(newpass.getString(1))){ return sendError(ex,"password mismatch"); } - if (!users.passwordMatches(oldPass1,user.hashedPassword())) return sendError(ex,"wrong password"); - users.updatePassword(user,json.getString("newpass")); + users.updatePassword(user,newPass1); return sendContent(ex,new JSONObject(user.map(false))); } diff --git a/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java b/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java index b1ffb9c..8c467ce 100644 --- a/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java +++ b/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java @@ -143,6 +143,9 @@ public class FileStore implements ClientService, SessionService, UserService { /*** Session Service Methods ***/ + // TODO: prolong session on user activity + // TODO: drop expired sessions + @Override public Session createSession(User user) { var now = Instant.now(); @@ -152,7 +155,9 @@ public class FileStore implements ClientService, SessionService, UserService { @Override public SessionService dropSession(String sessionId) { - return null; + json.getJSONObject(SESSIONS).remove(sessionId); + save(); + return this; } @Override diff --git a/de.srsoftware.oidc.web/src/main/resources/en/login.html b/de.srsoftware.oidc.web/src/main/resources/en/login.html index e2a3271..fac4445 100644 --- a/de.srsoftware.oidc.web/src/main/resources/en/login.html +++ b/de.srsoftware.oidc.web/src/main/resources/en/login.html @@ -4,6 +4,7 @@ Light OIDC +

Login

@@ -15,7 +16,7 @@ diff --git a/de.srsoftware.oidc.web/src/main/resources/en/login.js b/de.srsoftware.oidc.web/src/main/resources/en/login.js index ba04950..fe5c536 100644 --- a/de.srsoftware.oidc.web/src/main/resources/en/login.js +++ b/de.srsoftware.oidc.web/src/main/resources/en/login.js @@ -30,4 +30,8 @@ function tryLogin(){ }) }).then(handleLogin); return false; +} + +function keyDown(ev){ + if (event.keyCode == 13) tryLogin(); } \ No newline at end of file diff --git a/de.srsoftware.oidc.web/src/main/resources/en/logout.html b/de.srsoftware.oidc.web/src/main/resources/en/logout.html new file mode 100644 index 0000000..0a33e49 --- /dev/null +++ b/de.srsoftware.oidc.web/src/main/resources/en/logout.html @@ -0,0 +1,12 @@ + + + + Light OIDC + + + + + + You are being logged out… + + \ No newline at end of file diff --git a/de.srsoftware.oidc.web/src/main/resources/en/logout.js b/de.srsoftware.oidc.web/src/main/resources/en/logout.js new file mode 100644 index 0000000..3ed71e9 --- /dev/null +++ b/de.srsoftware.oidc.web/src/main/resources/en/logout.js @@ -0,0 +1,7 @@ +function handleLogout(response){ + if (response.ok){ + document.body.innerHTML += 'success'; + document.location.href='index.html'; + } +} +fetch(api+"/logout").then(handleLogout) \ No newline at end of file diff --git a/de.srsoftware.oidc.web/src/main/resources/en/newclient.html b/de.srsoftware.oidc.web/src/main/resources/en/newclient.html index 1ee087c..5340da8 100644 --- a/de.srsoftware.oidc.web/src/main/resources/en/newclient.html +++ b/de.srsoftware.oidc.web/src/main/resources/en/newclient.html @@ -4,6 +4,7 @@ Light OIDC +

Add new client

diff --git a/de.srsoftware.oidc.web/src/main/resources/en/settings.html b/de.srsoftware.oidc.web/src/main/resources/en/settings.html index adc3996..52fb86b 100644 --- a/de.srsoftware.oidc.web/src/main/resources/en/settings.html +++ b/de.srsoftware.oidc.web/src/main/resources/en/settings.html @@ -38,15 +38,15 @@ - + - - + + - - + +
Old password
Repeat PasswordNew Password
New PasswordRepeat Password
diff --git a/de.srsoftware.oidc.web/src/main/resources/en/settings.js b/de.srsoftware.oidc.web/src/main/resources/en/settings.js index cb36e9f..8f21613 100644 --- a/de.srsoftware.oidc.web/src/main/resources/en/settings.js +++ b/de.srsoftware.oidc.web/src/main/resources/en/settings.js @@ -47,8 +47,8 @@ function updatePass(){ disable('passBtn'); setText('passBtn','sent…'); var newData = { - oldpass : [getValue('oldpass1'),getValue('oldpass2')], - newpass : getValue('newpass'), + oldpass : getValue('oldpass'), + newpass : [getValue('newpass1'),getValue('newpass2')], uuid : getValue('uuid') } fetch(api+'/update/password',{ @@ -65,4 +65,8 @@ function updatePass(){ },10000); } +function passKeyDown(ev){ + if (event.keyCode == 13) updatePass(); +} + setTimeout(fillForm,100); \ No newline at end of file