mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27477 Commits
59 Branches
Tree: c1caffa9fb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c1caffa9fb'
${ noResults }
sonarqube/server/sonar-server/src/main/java/org/sonar/server/authentication/OAuth2ContextFactory.java

OAuth2ContextFactory.java 5.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2018 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.authentication;

  21. 

  22. import java.io.IOException;

  23. import java.util.Optional;

  24. import javax.servlet.http.HttpServletRequest;

  25. import javax.servlet.http.HttpServletResponse;

  26. import org.sonar.api.platform.Server;

  27. import org.sonar.api.server.ServerSide;

  28. import org.sonar.api.server.authentication.OAuth2IdentityProvider;

  29. import org.sonar.api.server.authentication.UserIdentity;

  30. import org.sonar.db.user.UserDto;

  31. import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy;

  32. import org.sonar.server.authentication.UserRegistration.UpdateLoginStrategy;

  33. import org.sonar.server.authentication.event.AuthenticationEvent;

  34. import org.sonar.server.user.ThreadLocalUserSession;

  35. import org.sonar.server.user.UserSessionFactory;

  36. 

  37. import static java.lang.String.format;

  38. import static org.sonar.server.authentication.OAuth2CallbackFilter.CALLBACK_PATH;

  39. 

  40. @ServerSide

  41. public class OAuth2ContextFactory {

  42. 

  43.   private final ThreadLocalUserSession threadLocalUserSession;

  44.   private final UserRegistrar userRegistrar;

  45.   private final Server server;

  46.   private final OAuthCsrfVerifier csrfVerifier;

  47.   private final JwtHttpHandler jwtHttpHandler;

  48.   private final UserSessionFactory userSessionFactory;

  49.   private final OAuth2AuthenticationParameters oAuthParameters;

  50. 

  51.   public OAuth2ContextFactory(ThreadLocalUserSession threadLocalUserSession, UserRegistrar userRegistrar, Server server,

  52.     OAuthCsrfVerifier csrfVerifier, JwtHttpHandler jwtHttpHandler, UserSessionFactory userSessionFactory, OAuth2AuthenticationParameters oAuthParameters) {

  53.     this.threadLocalUserSession = threadLocalUserSession;

  54.     this.userRegistrar = userRegistrar;

  55.     this.server = server;

  56.     this.csrfVerifier = csrfVerifier;

  57.     this.jwtHttpHandler = jwtHttpHandler;

  58.     this.userSessionFactory = userSessionFactory;

  59.     this.oAuthParameters = oAuthParameters;

  60.   }

  61. 

  62.   public OAuth2IdentityProvider.InitContext newContext(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider identityProvider) {

  63.     return new OAuthContextImpl(request, response, identityProvider);

  64.   }

  65. 

  66.   public OAuth2IdentityProvider.CallbackContext newCallback(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider identityProvider) {

  67.     return new OAuthContextImpl(request, response, identityProvider);

  68.   }

  69. 

  70.   private class OAuthContextImpl implements OAuth2IdentityProvider.InitContext, OAuth2IdentityProvider.CallbackContext {

  71. 

  72.     private final HttpServletRequest request;

  73.     private final HttpServletResponse response;

  74.     private final OAuth2IdentityProvider identityProvider;

  75. 

  76.     public OAuthContextImpl(HttpServletRequest request, HttpServletResponse response, OAuth2IdentityProvider identityProvider) {

  77.       this.request = request;

  78.       this.response = response;

  79.       this.identityProvider = identityProvider;

  80.     }

  81. 

  82.     @Override

  83.     public String getCallbackUrl() {

  84.       return server.getPublicRootUrl() + CALLBACK_PATH + identityProvider.getKey();

  85.     }

  86. 

  87.     @Override

  88.     public String generateCsrfState() {

  89.       return csrfVerifier.generateState(request, response);

  90.     }

  91. 

  92.     @Override

  93.     public HttpServletRequest getRequest() {

  94.       return request;

  95.     }

  96. 

  97.     @Override

  98.     public HttpServletResponse getResponse() {

  99.       return response;

  100.     }

  101. 

  102.     @Override

  103.     public void redirectTo(String url) {

  104.       try {

  105.         response.sendRedirect(url);

  106.       } catch (IOException e) {

  107.         throw new IllegalStateException(format("Fail to redirect to %s", url), e);

  108.       }

  109.     }

  110. 

  111.     @Override

  112.     public void verifyCsrfState() {

  113.       csrfVerifier.verifyState(request, response, identityProvider);

  114.     }

  115. 

  116.     @Override

  117.     public void verifyCsrfState(String parameterName) {

  118.       csrfVerifier.verifyState(request, response, identityProvider, parameterName);

  119.     }

  120. 

  121.     @Override

  122.     public void redirectToRequestedPage() {

  123.       try {

  124.         Optional<String> redirectTo = oAuthParameters.getReturnTo(request);

  125.         oAuthParameters.delete(request, response);

  126.         getResponse().sendRedirect(redirectTo.orElse(server.getContextPath() + "/"));

  127.       } catch (IOException e) {

  128.         throw new IllegalStateException("Fail to redirect to requested page", e);

  129.       }

  130.     }

  131. 

  132.     @Override

  133.     public void authenticate(UserIdentity userIdentity) {

  134.       Boolean allowEmailShift = oAuthParameters.getAllowEmailShift(request).orElse(false);

  135.       Boolean allowUpdateLogin = oAuthParameters.getAllowUpdateLogin(request).orElse(false);

  136.       UserDto userDto = userRegistrar.register(

  137.         UserRegistration.builder()

  138.           .setUserIdentity(userIdentity)

  139.           .setProvider(identityProvider)

  140.           .setSource(AuthenticationEvent.Source.oauth2(identityProvider))

  141.           .setExistingEmailStrategy(allowEmailShift ? ExistingEmailStrategy.ALLOW : ExistingEmailStrategy.WARN)

  142.           .setUpdateLoginStrategy(allowUpdateLogin ? UpdateLoginStrategy.ALLOW : UpdateLoginStrategy.WARN)

  143.           .build());

  144.       jwtHttpHandler.generateToken(userDto, request, response);

  145.       threadLocalUserSession.set(userSessionFactory.create(userDto));

  146.     }

  147.   }

  148. }