StephanRichter
/
LightOidc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Gültigkeitsdauer von Tokens editierbar gemacht 

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
main
Stephan Richter 1 month ago
parent
44d7dfe267
commit
6ae33ac0fc
11 changed files with 86 additions and 21 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java
  2. 48
      de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/data/Client.java
  3. 5
      de.srsoftware.oidc.api/src/test/java/de/srsoftware/oidc/api/ClientServiceTest.java
  4. 4
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/ClientController.java
  5. 2
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
  6. 4
      de.srsoftware.oidc.datastore.encrypted/src/main/java/de/srsoftware/oidc/datastore/encrypted/EncryptedClientService.java
  7. 2
      de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java
  8. 8
      de.srsoftware.oidc.web/src/main/resources/de/edit_client.html
  9. 9
      de.srsoftware.oidc.web/src/main/resources/en/edit_client.html
  10. 22
      de.srsoftware.oidc.web/src/main/resources/en/scripts/edit_client.js
  11. 2
      de.srsoftware.oidc.web/src/main/resources/en/todo.html

1
de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java
Unescape View File

@ -64,6 +64,7 @@ public class Constants { @@ -64,6 +64,7 @@ public class Constants {
public static final String START_TLS = "start_tls";
public static final String TOKEN = "token";
public static final String TOKEN_TYPE = "token_type";
public static final String TOKEN_VALIDITY = "token_validity";
public static final String TRUST = "trust";
public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
public static final String USER = "user";

48
de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/data/Client.java
Unescape View File

@ -5,6 +5,7 @@ package de.srsoftware.oidc.api.data; @@ -5,6 +5,7 @@ package de.srsoftware.oidc.api.data;
import static de.srsoftware.oidc.api.Constants.*;
import static de.srsoftware.utils.Optionals.nullable;
import java.time.Duration;
import java.util.*;
public final class Client {
@ -14,15 +15,36 @@ public final class Client { @@ -14,15 +15,36 @@ public final class Client {
private final String name;
private final String secret;
private final Set<String> redirectUris;
private Duration tokenValidity;
public Client(String id, String name, String secret, Set<String> redirectUris) {
this.id = id;
landingPage = null;
this.name = name;
this.secret = secret;
this.redirectUris = redirectUris;
this.id = id;
landingPage = null;
this.name = name;
this.secret = secret;
this.redirectUris = redirectUris;
this.tokenValidity = Duration.ofMinutes(10);
}
@Override
public boolean equals(Object obj) {
if (obj == this) return true;
if (obj == null || obj.getClass() != this.getClass()) return false;
var that = (Client)obj;
return Objects.equals(this.id, that.id) //
&& Objects.equals(this.name, that.name) //
&& Objects.equals(this.secret, that.secret) //
&& Objects.equals(this.redirectUris, that.redirectUris) //
&& Objects.equals(landingPage, that.landingPage) //
&& Objects.equals(tokenValidity, that.tokenValidity);
}
@Override
public int hashCode() {
return Objects.hash(id, name, secret, redirectUris);
}
public String id() {
return id;
}
@ -53,6 +75,7 @@ public final class Client { @@ -53,6 +75,7 @@ public final class Client {
map.put(NAME, name);
nullable(redirectUris).ifPresent(uris -> map.put(REDIRECT_URIS, uris));
nullable(landingPage).ifPresent(lp -> map.put(LANDING_PAGE, lp));
nullable(tokenValidity).ifPresent(tv -> map.put(TOKEN_VALIDITY, tv.toMinutes()));
return map;
}
@ -65,17 +88,14 @@ public final class Client { @@ -65,17 +88,14 @@ public final class Client {
return redirectUris;
}
@Override
public boolean equals(Object obj) {
if (obj == this) return true;
if (obj == null || obj.getClass() != this.getClass()) return false;
var that = (Client)obj;
return Objects.equals(this.id, that.id) && Objects.equals(this.name, that.name) && Objects.equals(this.secret, that.secret) && Objects.equals(this.redirectUris, that.redirectUris);
public Duration tokenValidity() {
return tokenValidity;
}
@Override
public int hashCode() {
return Objects.hash(id, name, secret, redirectUris);
public Client tokenValidity(Duration newValue) {
this.tokenValidity = newValue;
return this;
}
@Override

5
de.srsoftware.oidc.api/src/test/java/de/srsoftware/oidc/api/ClientServiceTest.java
Unescape View File

@ -6,6 +6,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; @@ -6,6 +6,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import de.srsoftware.oidc.api.data.Client;
import java.time.Duration;
import java.util.Set;
import org.junit.jupiter.api.Test;
@ -23,7 +24,7 @@ public abstract class ClientServiceTest { @@ -23,7 +24,7 @@ public abstract class ClientServiceTest {
var clientId = uuid();
var clientSecret = uuid();
var landingPage = uuid();
var client = new Client(clientId, NAME, clientSecret, Set.of(URI)).landingPage(landingPage);
var client = new Client(clientId, NAME, clientSecret, Set.of(URI));
var list = cs.save(client).listClients();
assertEquals(1, list.size());
assertTrue(list.contains(client));
@ -37,7 +38,7 @@ public abstract class ClientServiceTest { @@ -37,7 +38,7 @@ public abstract class ClientServiceTest {
var clientId = uuid();
var clientSecret = uuid();
var landingPage = uuid();
var client = new Client(clientId, NAME, clientSecret, Set.of(URI)).landingPage(landingPage);
var client = new Client(clientId, NAME, clientSecret, Set.of(URI)).landingPage(landingPage).tokenValidity(Duration.ofMinutes(23));
var optClient = cs.save(client).getClient(clientId);
assertTrue(optClient.isPresent());
assertEquals(client, optClient.get());

4
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/ClientController.java
Unescape View File

@ -14,6 +14,7 @@ import de.srsoftware.oidc.api.data.User; @@ -14,6 +14,7 @@ import de.srsoftware.oidc.api.data.User;
import de.srsoftware.utils.Error;
import de.srsoftware.utils.Optionals;
import java.io.IOException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.*;
@ -210,7 +211,8 @@ public class ClientController extends Controller { @@ -210,7 +211,8 @@ public class ClientController extends Controller {
if (o instanceof String s) redirects.add(s);
}
var landingPage = json.has(LANDING_PAGE) ? json.getString(LANDING_PAGE) : null;
var client = new Client(json.getString(CLIENT_ID), json.getString(NAME), json.getString(SECRET), redirects).landingPage(landingPage);
var token_duration = Duration.ofMinutes(json.has(TOKEN_VALIDITY) ? json.getLong(TOKEN_VALIDITY) : 10);
var client = new Client(json.getString(CLIENT_ID), json.getString(NAME), json.getString(SECRET), redirects).landingPage(landingPage).tokenValidity(token_duration);
clients.save(client);
return sendContent(ex, client);
}

2
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
Unescape View File

@ -176,7 +176,7 @@ public class TokenController extends PathHandler { @@ -176,7 +176,7 @@ public class TokenController extends PathHandler {
claims.setIssuer(issuer); // who creates the token and signs it
claims.setSubject(user.uuid()); // the subject/principal is whom the token is about
claims.setAudience(client.id());
claims.setExpirationTimeMinutesInTheFuture(config.tokenExpirationMinutes); // time when the token will expire (10 minutes from now)
claims.setExpirationTimeMinutesInTheFuture(client.tokenValidity().toMinutes()); // time when the token will expire (10 minutes from now)
claims.setIssuedAtToNow();
claims.setClaim(AT_HASH, atHash);
claims.setClaim(CLIENT_ID, client.id());

4
de.srsoftware.oidc.datastore.encrypted/src/main/java/de/srsoftware/oidc/datastore/encrypted/EncryptedClientService.java
Unescape View File

@ -19,12 +19,12 @@ public class EncryptedClientService extends EncryptedConfig implements ClientSer @@ -19,12 +19,12 @@ public class EncryptedClientService extends EncryptedConfig implements ClientSer
public Client decrypt(Client client) {
var decryptedUrls = client.redirectUris().stream().map(this::decrypt).collect(Collectors.toSet());
return new Client(decrypt(client.id()), decrypt(client.name()), decrypt(client.secret()), decryptedUrls).landingPage(decrypt(client.landingPage()));
return new Client(decrypt(client.id()), decrypt(client.name()), decrypt(client.secret()), decryptedUrls).landingPage(decrypt(client.landingPage())).tokenValidity(client.tokenValidity());
}
public Client encrypt(Client client) {
var encryptedUrls = client.redirectUris().stream().map(this::encrypt).collect(Collectors.toSet());
return new Client(encrypt(client.id()), encrypt(client.name()), encrypt(client.secret()), encryptedUrls).landingPage(encrypt(client.landingPage()));
return new Client(encrypt(client.id()), encrypt(client.name()), encrypt(client.secret()), encryptedUrls).landingPage(encrypt(client.landingPage())).tokenValidity(client.tokenValidity());
}
@Override

2
de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java
Unescape View File

@ -21,6 +21,7 @@ import java.io.FileNotFoundException; @@ -21,6 +21,7 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.*;
@ -329,6 +330,7 @@ public class FileStore implements AuthorizationService, ClientService, SessionSe @@ -329,6 +330,7 @@ public class FileStore implements AuthorizationService, ClientService, SessionSe
}
var client = new Client(clientId, clientData.getString(NAME), clientData.getString(SECRET), redirectUris);
if (clientData.has(LANDING_PAGE)) client.landingPage(clientData.getString(LANDING_PAGE));
if (clientData.has(TOKEN_VALIDITY)) client.tokenValidity(Duration.ofMinutes(clientData.getLong(TOKEN_VALIDITY)));
return client;
}

8
de.srsoftware.oidc.web/src/main/resources/de/edit_client.html
Unescape View File

@ -37,6 +37,14 @@ @@ -37,6 +37,14 @@
<th>Ziel-Seite</th>
<td><input type="text" id="landing-page" /></td>
</tr>
<tr>
<th>Gültigkeitsdauer von Access-Tokens</th>
<td>
<input type="range" id="token_validity" min="1" max="120" oninput="durationUpdate()" />
<br/>
<span id="days"></span> Tage, <span id="hours"></span> Stunden, <span id="minutes"></span> Minuten
</td>
</tr>
<tr>
<td></td>
<td><button type="button" id="button" onclick="updateClient();">Aktualisieren</button></td>

9
de.srsoftware.oidc.web/src/main/resources/en/edit_client.html
Unescape View File

@ -37,10 +37,19 @@ @@ -37,10 +37,19 @@
<th>Landing page</th>
<td><input type="text" id="landing-page" /></td>
</tr>
<tr>
<th>Token validity duration</th>
<td>
<input type="range" id="token_validity" min="1" max="120" oninput="durationUpdate()" />
<br/>
<span id="days"></span> days, <span id="hours"></span> hours, <span id="minutes"></span> minutes
</td>
</tr>
<tr>
<td></td>
<td><button type="button" id="button" onclick="updateClient();">Update</button></td>
</tr>
</table>
</fieldset>
<fieldset class="wide">

22
de.srsoftware.oidc.web/src/main/resources/en/scripts/edit_client.js
Unescape View File

@ -1,5 +1,22 @@ @@ -1,5 +1,22 @@
var params = new URLSearchParams(window.location.search);
var id = params.get('id');
var token_validity = 10;
function displayDuration(){
var mins = token_validity;
hrs = Math.floor(mins/60);
mins-=60*hrs;
days = Math.floor(hrs/24);
hrs-=24*days;
setText('days',days);
setText('hours',hrs);
setText('minutes',mins);
}
function durationUpdate(){
token_validity = getValue('token_validity');
displayDuration();
}
function handleAutoDiscover(response){
if (response.ok){
@ -19,6 +36,8 @@ function handleLoadResponse(response){ @@ -19,6 +36,8 @@ function handleLoadResponse(response){
get('client-secret').value = json.secret;
get('redirect-urls').value = json.redirect_uris.join("\n");
get('landing-page').value = json.landing_page?json.landing_page:'';
token_validity = json.token_validity?json.token_validity:10;
displayDuration();
});
}
}
@ -44,7 +63,8 @@ function updateClient(){ @@ -44,7 +63,8 @@ function updateClient(){
name : getValue('client-name'),
secret : getValue('client-secret'),
redirect_uris : getValue('redirect-urls').split("\n"),
landing_page : getValue('landing-page')
landing_page : getValue('landing-page'),
token_validity : getValue('token_validity')
};
fetch(client_controller+'/update',{
method : 'POST',

2
de.srsoftware.oidc.web/src/main/resources/en/todo.html
Unescape View File

@ -16,6 +16,8 @@ @@ -16,6 +16,8 @@
<li>implement token refresh</li>
<li>Configuration im Frontend</li>
<li>TOTP authentifizierung</li>
<li>Gültigkeitsdauer von Tokens pro Client konfigurierbar machen</li>
<li>Besserer Hinweis beim Zurücksetzen von Passworten, wenn das neue Passwort zu einfach ist</li>
</ul>
</div>
</body>

Write Preview
Loading…
Cancel
Save