Merge commit '813f3d28982ee1c583caf1218be7058760bc15b2' into sqlite

de.srsoftware.http/src/main/java/de/srsoftware/http/PathHandler.java

@@ -81,7 +81,7 @@ public abstract class PathHandler implements HttpHandler {
 			case POST -> doPost(path,ex);
 			default -> false;
 		};
-		ex.getResponseBody().close();
+ 		ex.getResponseBody().close();
 	}
 
 	public String relativePath(HttpExchange ex) {

de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java

@@ -3,69 +3,69 @@ package de.srsoftware.oidc.api;
 
 
 public class Constants {
-	public static final String ACCESS_TOKEN	           = "access_token";
+	public static final String ACCESS_TOKEN	            = "access_token";
-	public static final String APP_NAME	           = "LightOIDC";
+	public static final String APP_NAME	            = "LightOIDC";
-	public static final String AT_HASH	           = "at_hash";
+	public static final String AT_HASH	            = "at_hash";
-	public static final String ATTEMPTS	           = "attempts";
+	public static final String ATTEMPTS	            = "attempts";
-	public static final String AUTH_CODE	           = "authorization_code";
+	public static final String AUTH_CODE	            = "authorization_code";
-	public static final String AUTHORZED	           = "authorized";
+	public static final String AUTHORZED	            = "authorized";
-	public static final String BEARER	           = "Bearer";
+	public static final String BEARER	            = "Bearer";
-	public static final String CAUSE	           = "cause";
+	public static final String CAUSE	            = "cause";
-	public static final String CLIENT_ID	           = "client_id";
+	public static final String CLIENT_ID	            = "client_id";
-	public static final String CLIENT_SECRET	           = "client_secret";
+	public static final String CLIENT_SECRET	            = "client_secret";
-	public static final String CODE		           = "code";
+	public static final String CODE		            = "code";
-	public static final String EMAIL	           = "email";
+	public static final String EMAIL	            = "email";
-	public static final String ERROR	           = "error";
+	public static final String ERROR	            = "error";
-	public static final String CONFIG_PATH	           = "LIGHTOIDC_CONFIG_PATH";
+	public static final String CONFIG_PATH	            = "LIGHTOIDC_CONFIG_PATH";
-	public static final String CONFIRMED	           = "confirmed";
+	public static final String CONFIRMED	            = "confirmed";
-	public static final String DAYS		           = "days";
+	public static final String DAYS		            = "days";
-	public static final String ENCRYPTION_KEY	           = "encryption_key";
+	public static final String ENCRYPTION_KEY	            = "encryption_key";
-	public static final String ERROR_DESCRIPTION	           = "error_description";
+	public static final String ERROR_DESCRIPTION	            = "error_description";
-	public static final String ERROR_INVALID_REDIRECT          = "error_invalid_redirect";
+	public static final String ERROR_INVALID_REDIRECT           = "error_invalid_redirect";
-	public static final String ERROR_LOCKED	           = "error_locked";
+	public static final String ERROR_LOCKED	            = "error_locked";
-	public static final String ERROR_LOGIN_FAILED	           = "error_login_failed";
+	public static final String ERROR_LOGIN_FAILED	            = "error_login_failed";
-	public static final String ERROR_MISSING_PARAMETER         = "error_missing_parameter";
+	public static final String ERROR_MISSING_PARAMETER          = "error_missing_parameter";
-	public static final String ERROR_MISSONG_CODE_RESPONSE_TYPE = "error_missing_code";
+	public static final String ERROR_MISSING_CODE_RESPONSE_TYPE = "error_missing_code";
-	public static final String ERROR_NO_USERNAME	           = "error_no_username";
+	public static final String ERROR_NO_USERNAME	            = "error_no_username";
-	public static final String ERROR_UNKNOWN_CLIENT	           = "error_unknown_client";
+	public static final String ERROR_UNKNOWN_CLIENT	            = "error_unknown_client";
-	public static final String ERROR_UNSUPPORTED_RESPONSE_TYPE = "error_unsupported_response_type";
+	public static final String ERROR_UNSUPPORTED_RESPONSE_TYPE  = "error_unsupported_response_type";
-	public static final String EXPIRATION	           = "expiration";
+	public static final String EXPIRATION	            = "expiration";
-	public static final String EXPIRES_IN	           = "expires_in";
+	public static final String EXPIRES_IN	            = "expires_in";
-	public static final String GRANT_TYPE	           = "grant_type";
+	public static final String GRANT_TYPE	            = "grant_type";
-	public static final String ID_TOKEN	           = "id_token";
+	public static final String ID_TOKEN	            = "id_token";
-	public static final String INVALID_CLIENT	           = "invalid_client";
+	public static final String INVALID_CLIENT	            = "invalid_client";
-	public static final String INVALID_GRANT	           = "invalid_grant";
+	public static final String INVALID_GRANT	            = "invalid_grant";
-	public static final String INVALID_REDIRECT_URI	           = "invalid_request_uri";
+	public static final String INVALID_REDIRECT_URI	            = "invalid_request_uri";
-	public static final String INVALID_REQUEST	           = "invalid_request";
+	public static final String INVALID_REQUEST	            = "invalid_request";
-	public static final String INVALID_REQUEST_OBJECT          = "invalid_request_object";
+	public static final String INVALID_REQUEST_OBJECT           = "invalid_request_object";
-	public static final String INVALID_SCOPE	           = "invalid_scope";
+	public static final String INVALID_SCOPE	            = "invalid_scope";
-	public static final String LANDING_PAGE	           = "landing_page";
+	public static final String LANDING_PAGE	            = "landing_page";
-	public static final String MAILCONFIG	           = "mail_config";
+	public static final String MAILCONFIG	            = "mail_config";
-	public static final String NAME		           = "name";
+	public static final String NAME		            = "name";
-	public static final String NONCE	           = "nonce";
+	public static final String NONCE	            = "nonce";
-	public static final String PARAM	           = "parameter";
+	public static final String PARAM	            = "parameter";
-	public static final String PERMISSION	           = "permission";
+	public static final String PERMISSION	            = "permission";
-	public static final String OPENID	           = "openid";
+	public static final String OPENID	            = "openid";
-	public static final String REDIRECT_URI	           = "redirect_uri";
+	public static final String REDIRECT_URI	            = "redirect_uri";
-	public static final String REDIRECT_URIS	           = "redirect_uris";
+	public static final String REDIRECT_URIS	            = "redirect_uris";
-	public static final String RELEASE	           = "release";
+	public static final String RELEASE	            = "release";
-	public static final String REQUEST_NOT_SUPPORTED           = "request_not_supported";
+	public static final String REQUEST_NOT_SUPPORTED            = "request_not_supported";
-	public static final String RESPONSE_TYPE	           = "response_type";
+	public static final String RESPONSE_TYPE	            = "response_type";
-	public static final String SALT		           = "salt";
+	public static final String SALT		            = "salt";
-	public static final String SCOPE	           = "scope";
+	public static final String SCOPE	            = "scope";
-	public static final String SECRET	           = "secret";
+	public static final String SECRET	            = "secret";
-	public static final String SESSION_DURATION	           = "session_duration";
+	public static final String SESSION_DURATION	            = "session_duration";
-	public static final String SMTP_USER	           = "smtp_user";
+	public static final String SMTP_USER	            = "smtp_user";
-	public static final String SMTP_PASSWORD	           = "smtp_pass";
+	public static final String SMTP_PASSWORD	            = "smtp_pass";
-	public static final String SMTP_AUTH	           = "smtp_auth";
+	public static final String SMTP_AUTH	            = "smtp_auth";
-	public static final String SMTP_HOST	           = "smtp_host";
+	public static final String SMTP_HOST	            = "smtp_host";
-	public static final String SMTP_PORT	           = "smtp_port";
+	public static final String SMTP_PORT	            = "smtp_port";
-	public static final String STATE	           = "state";
+	public static final String STATE	            = "state";
-	public static final String START_TLS	           = "start_tls";
+	public static final String START_TLS	            = "start_tls";
-	public static final String TOKEN	           = "token";
+	public static final String TOKEN	            = "token";
-	public static final String TOKEN_TYPE	           = "token_type";
+	public static final String TOKEN_TYPE	            = "token_type";
-	public static final String TRUST	           = "trust";
+	public static final String TRUST	            = "trust";
-	public static final String UNAUTHORIZED_CLIENT	           = "unauthorized_client";
+	public static final String UNAUTHORIZED_CLIENT	            = "unauthorized_client";
-	public static final String USER		           = "user";
+	public static final String USER		            = "user";
-	public static final String USER_ID	           = "user_id";
+	public static final String USER_ID	            = "user_id";
 }

de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java

@@ -56,16 +56,16 @@ public class Application {
 	private static ConnectionProvider connectionProvider = new ConnectionProvider();
 
 	public static void main(String[] args) throws Exception {
-		var            argMap      = map(args);
+		var            argMap        = map(args);
-		Optional<Path> basePath    = argMap.get(BASE_PATH) instanceof Path p ? Optional.of(p) : empty();
+		Optional<Path> basePath      = argMap.get(BASE_PATH) instanceof Path p ? Optional.of(p) : empty();
-		var            configDir   = configDir(APP_NAME);
+		var            configDir     = configDir(APP_NAME);
-		var            defaultFile = configDir.resolve("data.json");
+		var            defaultFile   = configDir.resolve("data.json");
-		var            configFile  = (argMap.get(CONFIG_PATH) instanceof Path p ? p : configDir.resolve("config.json")).toFile();
+		var            configFile    = (argMap.get(CONFIG_PATH) instanceof Path p ? p : configDir.resolve("config.json")).toFile();
-		var            config      = new Configuration(configFile);
+		var            config        = new Configuration(configFile);
-		var encryptionKey = nullable(System.getenv(ENCRYPTION_KEY)).or(() -> config.get(ENCRYPTION_KEY));
+		var            encryptionKey = nullable(System.getenv(ENCRYPTION_KEY)).or(() -> config.get(ENCRYPTION_KEY));
-		var            passHasher  = new UuidHasher();
+		var            passHasher    = new UuidHasher();
-		var            firstHash   = passHasher.hash(FIRST_USER_PASS, FIRST_UUID);
+		var            firstHash     = passHasher.hash(FIRST_USER_PASS, FIRST_UUID);
-		var            firstUser   = new User(FIRST_USER, firstHash, FIRST_USER, "%s@internal".formatted(FIRST_USER), FIRST_UUID).add(MANAGE_CLIENTS, MANAGE_PERMISSIONS, MANAGE_SMTP, MANAGE_USERS);
+		var            firstUser     = new User(FIRST_USER, firstHash, FIRST_USER, "%s@internal".formatted(FIRST_USER), FIRST_UUID).add(MANAGE_CLIENTS, MANAGE_PERMISSIONS, MANAGE_SMTP, MANAGE_USERS);
 
 
 		FileStoreProvider fileStoreProvider = new FileStoreProvider(passHasher);

de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/ClientController.java

@@ -38,6 +38,7 @@ public class ClientController extends Controller {
 		if (optUser.isEmpty()) return invalidSessionUser(ex);
 		var user  = optUser.get();
 		var json  = json(ex);
+		LOG.log(System.Logger.Level.WARNING,"json: {0}",json);
 		var state = json.has(STATE) ? json.getString(STATE) : null;
 		if (!json.has(CLIENT_ID)) return badRequest(ex, Error.message(ERROR_MISSING_PARAMETER, PARAM, CLIENT_ID, STATE, state));
 		var clientId  = json.getString(CLIENT_ID);
@@ -57,7 +58,7 @@ public class ClientController extends Controller {
 					return badRequest(ex, Error.message(ERROR_UNSUPPORTED_RESPONSE_TYPE, RESPONSE_TYPE, responseType, STATE, state));
 			}
 		}
-		if (!responseTypes.contains(CODE)) return badRequest(ex, Error.message(ERROR_MISSONG_CODE_RESPONSE_TYPE, STATE, state));
+		if (!responseTypes.contains(CODE)) return badRequest(ex, Error.message(ERROR_MISSING_CODE_RESPONSE_TYPE, STATE, state));
 
 		var client   = optClient.get();
 		var redirect = json.getString(REDIRECT_URI);

de.srsoftware.oidc.web/src/main/resources/de/edit_client.html

@@ -43,6 +43,28 @@
                 </tr>
             </table>
         </fieldset>
+        <fieldset class="wide">
+            <legend>Client-Konfiguration</legend>
+            <p>Nutzen Sie die folgenden Daten, um ihren Client einzurichten:</p>
+            <table>
+                <tr>
+                    <th>Autodiscovery-URL:</th>
+                    <td><code id="autodiscover"></code></td>
+                </tr>
+                <tr>
+                    <th>Autorization-Endpunkt:</th>
+                    <td><code id="authorization"></code></td>
+                </tr>
+                <tr>
+                    <th>Token-Endpunkt:</th>
+                    <td><code id="token"></code></td>
+                </tr>
+                <tr>
+                    <th>Userinfo-Endpunkt:</th>
+                    <td><code id="userinfo"></code></td>
+                </tr>
+            </table>
+        </fieldset>
     </div>
 </body>
 </html>

de.srsoftware.oidc.web/src/main/resources/de/navigation.html

@@ -2,6 +2,6 @@
 <a href="clients.html" class="MANAGE_CLIENTS">Clients</a>
 <a href="users.html" class="MANAGE_USERS">Benutzer</a>
 <a href="settings.html">Einstellungen</a>
-<a href="todo.html">TODO</a>
+<a href="todo.html" class="MANAGE_CLIENTS" >TODO</a>
-<a href="https://openid.net/specs/openid-connect-core-1_0.html" target="_blank">Spec</a>
+<a href="https://openid.net/specs/openid-connect-core-1_0.html" class="MANAGE_CLIENTS" target="_blank">Spec</a>
 <a href="logout.html">Abmelden</a>

de.srsoftware.oidc.web/src/main/resources/de/new_client.html

@@ -42,6 +42,28 @@
                     </tr>
                 </table>
             </fieldset>
+            <fieldset class="wide">
+                <legend>Client-Konfiguration</legend>
+                <p>Nutzen Sie die folgenden Daten, um ihren Client einzurichten:</p>
+                <table>
+                    <tr>
+                        <th>Autodiscovery-URL:</th>
+                        <td><code id="autodiscover"></code></td>
+                    </tr>
+                    <tr>
+                        <th>Autorization-Endpunkt:</th>
+                        <td><code id="authorization"></code></td>
+                    </tr>
+                    <tr>
+                        <th>Token-Endpunkt:</th>
+                        <td><code id="token"></code></td>
+                    </tr>
+                    <tr>
+                        <th>Userinfo-Endpunkt:</th>
+                        <td><code id="userinfo"></code></td>
+                    </tr>
+                </table>
+            </fieldset>
         </div>
     </body>
 </html>

de.srsoftware.oidc.web/src/main/resources/en/authorization.html

@@ -22,19 +22,19 @@
         <button type="button" onclick="grantAutorization(365)">Yes - for 1 year</button>
         <button type="button" onclick="denyAutorization()">No</button>
     </div>
-    <div id="error_missing_parameter" class="error">
+    <div id="error_missing_parameter" class="error" style="display: none">
         Request does not contain required parameter "<span id="parameter"></span>"!
     </div>
-    <div id="error_unknown_client" class="error">
+    <div id="error_unknown_client" class="error" style="display: none">
         Client "<span id="client_id"></span>" unknown to backend!
     </div>
-    <div id="error_unsupported_response_type" class="error">
+    <div id="error_unsupported_response_type" class="error" style="display: none">
         Response type "<span id="response_type"></span>" not supported!
     </div>
     <div id="error_missing_code" class="error">
         Missing response type: code
     </div>
-    <div id="error_invalid_redirect" class="error">
+    <div id="error_invalid_redirect" class="error" style="display: none">
         invalid redirect: <span id="redirect_uri"></span>
     </div>
     <div id="missing_scopes" class="error" style="display: none">Authorization resource contained neither list of <em>unauthorized scopes</em> nor list of <em>authorized scopes</em>! This is a server problem.</div>

de.srsoftware.oidc.web/src/main/resources/en/edit_client.html

@@ -43,6 +43,28 @@
                 </tr>
             </table>
         </fieldset>
+        <fieldset class="wide">
+            <legend>Client configuration</legend>
+            <p>User the following data to set up your client:</p>
+            <table>
+                <tr>
+                    <th>Autodiscovery URL:</th>
+                    <td><code id="autodiscover"></code></td>
+                </tr>
+                <tr>
+                    <th>Autorization endpoint:</th>
+                    <td><code id="authorization"></code></td>
+                </tr>
+                <tr>
+                    <th>Token endpoint:</th>
+                    <td><code id="token"></code></td>
+                </tr>
+                <tr>
+                    <th>Userinfo endpoint:</th>
+                    <td><code id="userinfo"></code></td>
+                </tr>
+            </table>
+        </fieldset>
     </div>
 </body>
 </html>

de.srsoftware.oidc.web/src/main/resources/en/navigation.html

@@ -2,6 +2,6 @@
 <a href="clients.html" class="MANAGE_CLIENTS">Clients</a>
 <a href="users.html" class="MANAGE_USERS">Users</a>
 <a href="settings.html">Settings</a>
-<a href="todo.html">TODO</a>
+<a href="todo.html" class="MANAGE_CLIENTS">TODO</a>
 <a href="https://openid.net/specs/openid-connect-core-1_0.html" target="_blank">Spec</a>
 <a href="logout.html">Logout</a>

de.srsoftware.oidc.web/src/main/resources/en/new_client.html

@@ -42,6 +42,28 @@
                     </tr>
                 </table>
             </fieldset>
+            <fieldset class="wide">
+                <legend>Client configuration</legend>
+                <p>User the following data to set up your client:</p>
+                <table>
+                    <tr>
+                        <th>Autodiscovery URL:</th>
+                        <td><code id="autodiscover"></code></td>
+                    </tr>
+                    <tr>
+                        <th>Autorization endpoint:</th>
+                        <td><code id="authorization"></code></td>
+                    </tr>
+                    <tr>
+                        <th>Token endpoint:</th>
+                        <td><code id="token"></code></td>
+                    </tr>
+                    <tr>
+                        <th>Userinfo endpoint:</th>
+                        <td><code id="userinfo"></code></td>
+                    </tr>
+                </table>
+            </fieldset>
         </div>
     </body>
 </html>

de.srsoftware.oidc.web/src/main/resources/en/scripts/edit_client.js

@@ -1,7 +1,16 @@
 var params = new URLSearchParams(window.location.search);
 var id = params.get('id');
 
-
+function handleAutoDiscover(response){
+    if (response.ok){
+        response.json().then(json => {
+            console.log(json);
+            setText('authorization',json.authorization_endpoint);
+            setText('token',json.token_endpoint);
+            setText('userinfo',json.userinfo_endpoint);
+        });
+    }
+}
 function handleLoadResponse(response){
     if (response.ok){
         response.json().then(json => {
@@ -48,11 +57,17 @@ function updateClient(){
     setTimeout(resetButton,4000);
 }
 
-fetch(api+'/client',
+document.addEventListener("DOMContentLoaded", function(event) { // wait until page loaded
-    {
+    fetch(api+'/client', {
         method: 'POST',
         body: JSON.stringify({
             client_id : id
         }),
         credentials:'include'
     }).then(handleLoadResponse);
+    var autodiscover = window.location.origin+'/.well-known/openid-configuration';
+    setText('autodiscover',autodiscover);
+    fetch(autodiscover).then(handleAutoDiscover);
+});
+
+

de.srsoftware.oidc.web/src/main/resources/en/scripts/index.js

@@ -15,7 +15,7 @@ function handleDash(response){
             var client = clients[id];
                 if (client.landing_page){
                 var div = document.createElement("div");
-                div.innerHTML = `<button onclick="window.location.href='${client.landing_page}';">${client.name}</button>`;
+                div.innerHTML = `<button onclick="window.open('${client.landing_page}','_blank').focus();">${client.name}</button>`;
                 content.append(div);
                 any = true;
             }

de.srsoftware.oidc.web/src/main/resources/en/scripts/new_client.js

@@ -14,7 +14,7 @@ function addClient(){
         },
         body : JSON.stringify(newData),
         credentials:'include'
-    }).then(handleClientdResponse);
+    }).then(handleClientResponse);
 
     setText('button','sent…');
     setTimeout(function(){
@@ -23,7 +23,18 @@ function addClient(){
     },10000);
 }
 
-function handleClientdResponse(response){
+function handleAutoDiscover(response){
+    if (response.ok){
+        response.json().then(json => {
+            console.log(json);
+            setText('authorization',json.authorization_endpoint);
+            setText('token',json.token_endpoint);
+            setText('userinfo',json.userinfo_endpoint);
+        });
+    }
+}
+
+function handleClientResponse(response){
     if (response.ok){
         redirect("clients.html");
     } else {
@@ -36,4 +47,10 @@ function checkPermissions(){
     if (user && !user.permissions.includes('MANAGE_CLIENTS')) redirect("index.html");
 }
 
+
+document.addEventListener("DOMContentLoaded", function(event) { // wait until page loaded
 setTimeout(checkPermissions,100);
+    var autodiscover = window.location.origin+'/.well-known/openid-configuration';
+    setText('autodiscover',autodiscover);
+    fetch(autodiscover).then(handleAutoDiscover);
+});

de.srsoftware.oidc.web/src/main/resources/en/style.css

@@ -67,11 +67,18 @@ body fieldset {
     display: inline-block;
 }
 
+code {
+    font-weight: bold;
+    color: orange;
+}
+
 .wide input, textarea{
     width: 600px;
 }
 
-
+th {
+    padding: 10px;
+}
 input:-webkit-autofill{
     filter: none;
     box-shadow: 0 0 0 100px rgb(38, 103, 152) inset;