First version of user story "OAuth token management for users"

#10393

src/main/java/org/genesys2/server/model/oauth/OAuthAccessToken.java

@@ -16,13 +16,12 @@
 
 package org.genesys2.server.model.oauth;
 
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.Id;
-import javax.persistence.Lob;
-import javax.persistence.Table;
-
 import org.genesys2.server.model.HibernateModel;
+import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.util.SerializationUtils;
+
+import javax.persistence.*;
+import java.util.Date;
 
 @Entity
 @Table(name = "oauth_access_token")
@@ -54,7 +53,29 @@ public class OAuthAccessToken implements HibernateModel {
 	@Column(name = "refresh_token")
 	private String refreshToken;
 
-	public String getTokenId() {
+
+
+    private DefaultOAuth2AccessToken defaultOAuth2AccessToken;
+
+
+    private synchronized DefaultOAuth2AccessToken getDefaultOAuth2AccessToken () {
+        if (this.defaultOAuth2AccessToken==null) {
+            this.defaultOAuth2AccessToken =  SerializationUtils.deserialize(this.token);
+        }
+        return this.defaultOAuth2AccessToken;
+    }
+
+    public Date getTokenExpiration() {
+        return getDefaultOAuth2AccessToken().getExpiration();
+    }
+
+    public Date getIssuedDate() {
+        return new Date(getTokenExpiration().getTime()-432000000l);
+    }
+
+
+
+    public String getTokenId() {
 		return tokenId;
 	}
 

src/main/java/org/genesys2/server/service/OAuth2ClientDetailsService.java

@@ -27,4 +27,6 @@ public interface OAuth2ClientDetailsService extends ClientDetailsService, Client
 	boolean exists(String clientId);
 
     Collection<OAuthAccessToken> findTokensByClientId(String clientId);
+
+    Collection<OAuthAccessToken> findTokensByUserName(String userName);
 }

src/main/java/org/genesys2/server/service/impl/OAuth2ClientDetailsServiceImpl.java

@@ -68,6 +68,11 @@ public class OAuth2ClientDetailsServiceImpl implements OAuth2ClientDetailsServic
         return accessTokenPersistence.findByClientId(clientId);
     }
 
+    @Override
+    public Collection<OAuthAccessToken> findTokensByUserName(String userName) {
+        return accessTokenPersistence.findByUserName(userName);
+    }
+
 	@Override
 	public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
 		logger.info("loadClientByClientId: " + clientId);

src/main/java/org/genesys2/server/servlet/controller/OAuthManagementController.java

@@ -2,13 +2,14 @@ package org.genesys2.server.servlet.controller;
 
 
 import org.apache.commons.lang.RandomStringUtils;
+import org.apache.commons.lang.time.DateUtils;
 import org.genesys2.server.model.oauth.OAuthAccessToken;
 import org.genesys2.server.service.OAuth2ClientDetailsService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
@@ -19,6 +20,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 
 import java.util.Collection;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -33,16 +35,17 @@ public class OAuthManagementController extends BaseController {
 
     @Autowired
     @Qualifier("tokenStore")
-//    @Qualifier("jdbcTokenStore")
     private TokenStore tokenStore;
 
 
-    @RequestMapping("/tokens")
+    @PreAuthorize("hasRole('ADMINISTRATOR')")
+    @RequestMapping("/allTokens")
     public String getAllTokens(Model model) {
         model.addAttribute("clientDetailsList", clientDetailsService.listClientDetails());
         return "/oauth/clientslist";
     }
 
+    @PreAuthorize("hasRole('ADMINISTRATOR')")
     @RequestMapping("/{clientId}")
     public String clientDetailsInfo(Model model, @PathVariable("clientId") String clientId) {
         ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
@@ -53,9 +56,9 @@ public class OAuthManagementController extends BaseController {
         return "/oauth/detailsinfo";
     }
 
+    @PreAuthorize("hasRole('ADMINISTRATOR')")
     @RequestMapping("/{clientId}/removeAll")
     public String removeAllAccessTokens(@PathVariable("clientId") String clientId) {
-        createDefaultTestToken();
 
         Collection<OAuthAccessToken> tokens = clientDetailsService.findTokensByClientId(clientId);
         for (OAuthAccessToken token : tokens) {
@@ -65,7 +68,7 @@ public class OAuthManagementController extends BaseController {
         return "redirect:/management/" + clientId;
     }
 
-
+    @PreAuthorize("hasRole('ADMINISTRATOR')")
     @RequestMapping("/{clientId}/{tokenId}/remove")
     public String removeAccessTokens(@PathVariable("tokenId") String tokenId,
                                      @PathVariable("clientId") String clientId) {
@@ -74,12 +77,29 @@ public class OAuthManagementController extends BaseController {
         return "redirect:/management/" + clientId;
     }
 
+    @RequestMapping("/user/{userName}/tokens")
+    public String getIssuedTokens(@PathVariable("userName") String userName, Model model) {
+        Collection<OAuthAccessToken> tokens = clientDetailsService.findTokensByUserName(userName);
+        model.addAttribute("tokens", tokens);
+        return "/oauth/tokenslist";
+    }
+
+    @RequestMapping("/user/{userName}/{tokenId}/remove")
+    public String removeUsersAccessToken(@PathVariable("tokenId") String tokenId,
+                                         @PathVariable("userName") String userName) {
+        tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(tokenId));
+        return "redirect:/management/user/" + userName + "/tokens";
+    }
+
     private void createDefaultTestToken() {
-        OAuth2AccessToken token = new DefaultOAuth2AccessToken(RandomStringUtils.randomAlphanumeric(5));
+        DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(RandomStringUtils.randomAlphanumeric(5));
+
+        token.setExpiration(DateUtils.addDays(new Date(), 5));
+
         Map<String, String> map = new HashMap<>();
         map.put("scope", "scope");
         DefaultAuthorizationRequest request = new DefaultAuthorizationRequest(map);
-        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(RandomStringUtils.randomAlphanumeric(5), RandomStringUtils.randomAlphabetic(5));
+        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("igoshin1991@gmail.com", "igoshin1991@gmail.com");
         OAuth2Authentication authentication = new OAuth2Authentication(request, authenticationToken);
         tokenStore.storeAccessToken(token, authentication);
     }

src/main/resources/content/language.properties

@@ -442,3 +442,7 @@ clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens
 oauth-client.remove=Remove
 oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens

src/main/resources/content/language_ar.properties

@@ -396,6 +396,10 @@ clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens granted by all users
 oauth-client.remove=Remove
 oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
 # validate.email.key=Enter key
 # validate.email=Email validation
 # validate.email.invalid.key=Invalid key

src/main/resources/content/language_de.properties

@@ -396,6 +396,10 @@ clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens granted by all users
 oauth-client.remove=Remove
 oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
 # validate.email.key=Enter key
 # validate.email=Email validation
 # validate.email.invalid.key=Invalid key

src/main/resources/content/language_en.properties

@@ -21,4 +21,8 @@ userprofile.enter.email=Enter your email
 userprofile.enter.password=Enter new password
 userprofile.email.send=Send email
 oauth-client.remove=Remove
-oauth-client.remove.all=Remove all
\ No newline at end of file
+oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
\ No newline at end of file

src/main/resources/content/language_es.properties

@@ -396,6 +396,10 @@ clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens granted by all users
 oauth-client.remove=Remove
 oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
 # validate.email.key=Enter key
 # validate.email=Email validation
 # validate.email.invalid.key=Invalid key

src/main/resources/content/language_fa.properties

@@ -254,6 +254,10 @@ clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens granted by all users
 oauth-client.remove=Remove
 oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
 
 # blurp.admin-no-blurp-here=No blurp here.
 # blurp.blurp-title=Blurp title

src/main/resources/content/language_fr.properties

@@ -396,6 +396,10 @@ clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens granted by all users
 oauth-client.remove=Remove
 oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
 # validate.email.key=Enter key
 # validate.email=Email validation
 # validate.email.invalid.key=Invalid key

src/main/resources/content/language_pt.properties

@@ -396,6 +396,10 @@ clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens granted by all users
 oauth-client.remove=Remove
 oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
 # validate.email.key=Enter key
 # validate.email=Email validation
 # validate.email.invalid.key=Invalid key

src/main/resources/content/language_ru.properties

@@ -396,6 +396,10 @@ clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens granted by all users
 oauth-client.remove=Remove
 oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
 # validate.email.key=Enter key
 # validate.email=Email validation
 # validate.email.invalid.key=Invalid key

src/main/resources/content/language_sl.properties

@@ -26,4 +26,8 @@ clinet.details.client.id=Client details id
 clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens granted by all users
 oauth-client.remove=Remove
-oauth-client.remove.all=Remove all
\ No newline at end of file
+oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
\ No newline at end of file

src/main/resources/content/language_zh.properties

@@ -396,6 +396,10 @@ clinet.details.additional.info=Additional info
 clinet.details.token.list=List of tokens granted by all users
 oauth-client.remove=Remove
 oauth-client.remove.all=Remove all
+oauth-client=Client
+oauth-client.token.issue.date=Issue date
+oauth-client.expires.date=Expires date
+oauth-client.issued.tokens=Issued tokens
 # validate.email.key=Enter key
 # validate.email=Email validation
 # validate.email.invalid.key=Invalid key

src/main/webapp/WEB-INF/jsp/oauth/detailsinfo.jsp

@@ -19,26 +19,29 @@
         <div class="col-lg-5">${clientDetails.clientId}</div>
     </div>
 
-    <div class="form-group">
-        <label class="col-lg-2 control-label"><spring:message code="clinet.details.token.list"/></label>
-
-        <div class="col-lg-5">
-            <table class="accessions">
-                <tbody>
-                <c:forEach items="${accessTokens}" var="accessToken">
-                    <tr>
-                        <td>${accessToken.userName}</td>
-                        <td>
-                            <a href="<c:url value="/management/${clientDetails.clientId}/${accessToken.tokenId}/remove"/> "><spring:message code="oauth-client.remove"/></a>
-                        </td>
-                    </tr>
-                </c:forEach>
-                </tbody>
-            </table>
+    <security:authorize access="hasRole('ADMINISTRATOR') && isAuthenticated()">
+        <div class="form-group">
+            <label class="col-lg-2 control-label"><spring:message code="clinet.details.token.list"/></label>
+
+            <div class="col-lg-5">
+                <table class="accessions">
+                    <tbody>
+                    <c:forEach items="${accessTokens}" var="accessToken">
+                        <tr>
+                            <td>${accessToken.userName}</td>
+                            <td>
+                                <a href="<c:url value="/management/${clientDetails.clientId}/${accessToken.tokenId}/remove"/> "><spring:message
+                                        code="oauth-client.remove"/></a>
+                            </td>
+                        </tr>
+                    </c:forEach>
+                    <a href="<c:url value="/management/${clientDetails.clientId}/removeAll"/> "><spring:message
+                            code="oauth-client.remove.all"/></a>
+                    </tbody>
+                </table>
+            </div>
         </div>
-        <a href="<c:url value="/management/${clientDetails.clientId}/removeAll"/> "><spring:message code="oauth-client.remove.all"/></a>
-    </div>
-
+    </security:authorize>
 </div>
 
 

src/main/webapp/WEB-INF/jsp/oauth/tokenslist.jsp

+<!DOCTYPE html>
+
+<%@include file="/WEB-INF/jsp/init.jsp" %>
+
+<html>
+<head>
+    <title><spring:message code="oauth-client.page.list.title"/></title>
+</head>
+<body>
+<h1>
+    <spring:message code="oauth-client.list"/>
+</h1>
+
+<p></p>
+<table class="accessions">
+    <thead>
+    <tr>
+        <td><spring:message code="oauth-client"/></td>
+        <td><spring:message code="oauth-client.token.issue.date"/></td>
+        <td><spring:message code="oauth-client.expires.date"/></td>
+        <td><spring:message code="edit"/></td>
+    </tr>
+    </thead>
+
+    <tbody>
+
+    <c:forEach items="${tokens}" var="token">
+        <tr>
+            <td>
+                <a href="<c:url value="/management/${token.clientId}"/> ">${token.clientId}</a>
+            </td>
+            <td>
+                <fmt:formatDate value="${token.issuedDate}" pattern="MM-dd-yyyy hh:mm:ss"/>
+            </td>
+            <td>
+                <fmt:formatDate value="${token.tokenExpiration}" pattern="MM-dd-yyyy hh:mm:ss"/>
+            </td>
+            <td>
+                <a href="<c:url value="/management/user/${token.userName}/${token.tokenId}/remove"/>"><spring:message
+                        code="oauth-client.remove"/></a>
+            </td>
+        </tr>
+    </c:forEach>
+
+    </tbody>
+</table>
+</body>
+</html>

src/main/webapp/WEB-INF/jsp/user/profile.jsp

@@ -55,9 +55,11 @@
 	</security:authorize>
 
     <div class="form-group">
+                <security:authorize access="hasRole('ADMINISTRATOR') && (isAuthenticated() && principal.user.id == #user.id)">
+                    <a href="<c:url value="/management/allTokens" />" class="btn btn-default"> <spring:message code="oauth-client.list" /></a>
+                </security:authorize>
                 <security:authorize access="hasRole('ADMINISTRATOR') || (isAuthenticated() && principal.user.id == #user.id)">
-                <%--<security:authorize access="hasRole('ADMINISTRATOR') && (isAuthenticated() && principal.user.id == #user.id)">--%>
-                    <a href="<c:url value="/management/tokens" />" class="btn btn-default"> <spring:message code="oauth-client.list" /></a>
+                    <a href="<c:url value="/management/user/${user.email}/tokens" />" class="btn btn-default"><spring:message code="oauth-client.issued.tokens" /></a>
                 </security:authorize>
                 <security:authorize access="(not hasRole('VALIDATEDUSER') && principal.user.id == #user.id)">
                     <a href="<c:url value="/profile/${user.uuid}/send"/>"  class="btn btn-default"/>Send validation email</a>