Merge pull request mitreid-connect#1378 from ketola/fetch-tokens-by-sub

Fetch tokens by user name

Author: jricher

openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java

@@ -71,7 +71,8 @@
 	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
 	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE),
 	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
-	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID)
+	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
+	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME)
 })
 @org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2AccessTokenJackson1Serializer.class)
 @org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2AccessTokenJackson1Deserializer.class)
@@ -86,13 +87,15 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate";
 	public static final String QUERY_ALL = "OAuth2AccessTokenEntity.getAll";
 	public static final String QUERY_BY_RESOURCE_SET = "OAuth2AccessTokenEntity.getByResourceSet";
+	public static final String QUERY_BY_NAME = "OAuth2AccessTokenEntity.getByName";
 
 	public static final String PARAM_TOKEN_VALUE = "tokenValue";
 	public static final String PARAM_CLIENT = "client";
 	public static final String PARAM_REFERSH_TOKEN = "refreshToken";
 	public static final String PARAM_DATE = "date";
 	public static final String PARAM_RESOURCE_SET_ID = "rsid";
 	public static final String PARAM_APPROVED_SITE = "approvedSite";
+	public static final String PARAM_NAME = "name";
 
 	public static final String ID_TOKEN_FIELD_NAME = "id_token";
 

openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java

@@ -53,18 +53,21 @@
 	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_ALL, query = "select r from OAuth2RefreshTokenEntity r"),
 	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :" + OAuth2RefreshTokenEntity.PARAM_DATE),
 	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, query = "select r from OAuth2RefreshTokenEntity r where r.client = :" + OAuth2RefreshTokenEntity.PARAM_CLIENT),
-	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE)
+	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE),
+	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2RefreshTokenEntity.PARAM_NAME)
 })
 public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 
 	public static final String QUERY_BY_TOKEN_VALUE = "OAuth2RefreshTokenEntity.getByTokenValue";
 	public static final String QUERY_BY_CLIENT = "OAuth2RefreshTokenEntity.getByClient";
 	public static final String QUERY_EXPIRED_BY_DATE = "OAuth2RefreshTokenEntity.getAllExpiredByDate";
 	public static final String QUERY_ALL = "OAuth2RefreshTokenEntity.getAll";
+	public static final String QUERY_BY_NAME = "OAuth2RefreshTokenEntity.getByName";
 
 	public static final String PARAM_TOKEN_VALUE = "tokenValue";
 	public static final String PARAM_CLIENT = "client";
 	public static final String PARAM_DATE = "date";
+	public static final String PARAM_NAME = "name";
 
 	private Long id;
 

openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java

@@ -52,6 +52,10 @@ public interface OAuth2TokenRepository {
 	public List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client);
 
 	public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client);
+	
+	public Set<OAuth2AccessTokenEntity> getAccessTokensByUserName(String name);
+	
+	public Set<OAuth2RefreshTokenEntity> getRefreshTokensByUserName(String name);
 
 	public Set<OAuth2AccessTokenEntity> getAllAccessTokens();
 

openid-connect-server/pom.xml

@@ -47,10 +47,31 @@
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-tx</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-orm</artifactId>
+			<scope>test</scope>
+			<exclusions>
+				<exclusion>
+					<groupId>commons-logging</groupId>
+					<artifactId>commons-logging</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
 		<dependency>
 			<groupId>org.eclipse.persistence</groupId>
 			<artifactId>org.eclipse.persistence.core</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.hsqldb</groupId>
+			<artifactId>hsqldb</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.eclipse.persistence</groupId>
+			<artifactId>org.eclipse.persistence.jpa</artifactId>
+			<scope>test</scope>
+		</dependency>
 
 		<dependency>
 			<groupId>org.apache.commons</groupId>

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java

@@ -20,6 +20,7 @@
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
@@ -168,9 +169,6 @@ public void clearTokensForClient(ClientDetailsEntity client) {
 		}
 	}
 
-	/* (non-Javadoc)
-	 * @see org.mitre.oauth2.repository.OAuth2TokenRepository#getAccessTokensForClient(org.mitre.oauth2.model.ClientDetailsEntity)
-	 */
 	@Override
 	public List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client) {
 		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_CLIENT, OAuth2AccessTokenEntity.class);
@@ -179,16 +177,29 @@ public List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntit
 		return accessTokens;
 	}
 
-	/* (non-Javadoc)
-	 * @see org.mitre.oauth2.repository.OAuth2TokenRepository#getRefreshTokensForClient(org.mitre.oauth2.model.ClientDetailsEntity)
-	 */
 	@Override
 	public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client) {
 		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, OAuth2RefreshTokenEntity.class);
 		queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client);
 		List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
 		return refreshTokens;
 	}
+	
+	@Override
+	public Set<OAuth2AccessTokenEntity> getAccessTokensByUserName(String name) {
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_NAME, OAuth2AccessTokenEntity.class);
+	    query.setParameter(OAuth2AccessTokenEntity.PARAM_NAME, name);
+	    List<OAuth2AccessTokenEntity> results = query.getResultList();
+	    return results != null ? new HashSet<>(query.getResultList()) : new HashSet<>();
+	}
+	
+	@Override
+	public Set<OAuth2RefreshTokenEntity> getRefreshTokensByUserName(String name) {
+		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_NAME, OAuth2RefreshTokenEntity.class);
+	    query.setParameter(OAuth2RefreshTokenEntity.PARAM_NAME, name);
+	    List<OAuth2RefreshTokenEntity> results = query.getResultList();
+	    return results != null ? new HashSet<>(query.getResultList()) : new HashSet<>();
+	}
 
 	@Override
 	public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens() {
@@ -216,25 +227,16 @@ public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pag
 		return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria));
 	}
 
-
-
-	/* (non-Javadoc)
-	 * @see org.mitre.oauth2.repository.OAuth2TokenRepository#getAccessTokensForResourceSet(org.mitre.uma.model.ResourceSet)
-	 */
 	@Override
 	public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs) {
 		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, OAuth2AccessTokenEntity.class);
 		query.setParameter(OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID, rs.getId());
 		return new LinkedHashSet<>(query.getResultList());
 	}
 
-	/* (non-Javadoc)
-	 * @see org.mitre.oauth2.repository.OAuth2TokenRepository#clearDuplicateAccessTokens()
-	 */
 	@Override
 	@Transactional(value="defaultTransactionManager")
 	public void clearDuplicateAccessTokens() {
-
 		Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2AccessTokenEntity a GROUP BY a.jwt HAVING count(1) > 1");
 		@SuppressWarnings("unchecked")
 		List<Object[]> resultList = query.getResultList();
@@ -253,9 +255,6 @@ public void clearDuplicateAccessTokens() {
 		}
 	}
 
-	/* (non-Javadoc)
-	 * @see org.mitre.oauth2.repository.OAuth2TokenRepository#clearDuplicateRefreshTokens()
-	 */
 	@Override
 	@Transactional(value="defaultTransactionManager")
 	public void clearDuplicateRefreshTokens() {

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java

@@ -66,7 +66,6 @@
 import org.springframework.transaction.annotation.Transactional;
 
 import com.google.common.base.Strings;
-import com.google.common.collect.Sets;
 import com.nimbusds.jose.util.Base64URL;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.PlainJWT;
@@ -102,35 +101,14 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	@Autowired
 	private ApprovedSiteService approvedSiteService;
 
-
 	@Override
-	public Set<OAuth2AccessTokenEntity> getAllAccessTokensForUser(String id) {
-
-		Set<OAuth2AccessTokenEntity> all = tokenRepository.getAllAccessTokens();
-		Set<OAuth2AccessTokenEntity> results = Sets.newLinkedHashSet();
-
-		for (OAuth2AccessTokenEntity token : all) {
-			if (clearExpiredAccessToken(token) != null && token.getAuthenticationHolder().getAuthentication().getName().equals(id)) {
-				results.add(token);
-			}
-		}
-
-		return results;
+	public Set<OAuth2AccessTokenEntity> getAllAccessTokensForUser(String userName) {
+		return tokenRepository.getAccessTokensByUserName(userName);
 	}
 
-
 	@Override
-	public Set<OAuth2RefreshTokenEntity> getAllRefreshTokensForUser(String id) {
-		Set<OAuth2RefreshTokenEntity> all = tokenRepository.getAllRefreshTokens();
-		Set<OAuth2RefreshTokenEntity> results = Sets.newLinkedHashSet();
-
-		for (OAuth2RefreshTokenEntity token : all) {
-			if (clearExpiredRefreshToken(token) != null && token.getAuthenticationHolder().getAuthentication().getName().equals(id)) {
-				results.add(token);
-			}
-		}
-
-		return results;
+	public Set<OAuth2RefreshTokenEntity> getAllRefreshTokensForUser(String userName) {
+		return tokenRepository.getRefreshTokensByUserName(userName);
 	}
 
 	@Override
@@ -192,7 +170,6 @@ public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentica
 				throw new InvalidClientException("Client not found: " + request.getClientId());
 			}
 
-
 			// handle the PKCE code challenge if present
 			if (request.getExtensions().containsKey(CODE_CHALLENGE)) {
 				String challenge = (String) request.getExtensions().get(CODE_CHALLENGE);
@@ -220,7 +197,6 @@ public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentica
 
 			}
 
-
 			OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken();
 
 			// attach the client
@@ -306,8 +282,6 @@ private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client,
 		refreshToken.setAuthenticationHolder(authHolder);
 		refreshToken.setClient(client);
 
-
-
 		// save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?)
 		OAuth2RefreshTokenEntity savedRefreshToken = tokenRepository.saveRefreshToken(refreshToken);
 		return savedRefreshToken;
@@ -410,12 +384,10 @@ public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, Toke
 		tokenRepository.saveAccessToken(token);
 
 		return token;
-
 	}
 
 	@Override
 	public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException {
-
 		OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue));
 
 		if (accessToken == null) {
@@ -481,18 +453,11 @@ public void revokeAccessToken(OAuth2AccessTokenEntity accessToken) {
 		tokenRepository.removeAccessToken(accessToken);
 	}
 
-
-	/* (non-Javadoc)
-	 * @see org.mitre.oauth2.service.OAuth2TokenEntityService#getAccessTokensForClient(org.mitre.oauth2.model.ClientDetailsEntity)
-	 */
 	@Override
 	public List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client) {
 		return tokenRepository.getAccessTokensForClient(client);
 	}
 
-	/* (non-Javadoc)
-	 * @see org.mitre.oauth2.service.OAuth2TokenEntityService#getRefreshTokensForClient(org.mitre.oauth2.model.ClientDetailsEntity)
-	 */
 	@Override
 	public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client) {
 		return tokenRepository.getRefreshTokensForClient(client);
@@ -595,7 +560,4 @@ public OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetails
 
 		return null;
 	}
-
-
-
 }

openid-connect-server/src/test/java/org/mitre/oauth2/repository/impl/TestDatabaseConfiguration.java

@@ -0,0 +1,96 @@
+package org.mitre.oauth2.repository.impl;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.persistence.EntityManagerFactory;
+import javax.sql.DataSource;
+
+import org.springframework.beans.factory.FactoryBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.core.io.ByteArrayResource;
+import org.springframework.core.io.DefaultResourceLoader;
+import org.springframework.core.io.Resource;
+import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
+import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType;
+import org.springframework.orm.jpa.JpaTransactionManager;
+import org.springframework.orm.jpa.JpaVendorAdapter;
+import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
+import org.springframework.orm.jpa.vendor.Database;
+import org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter;
+import org.springframework.transaction.PlatformTransactionManager;
+
+public class TestDatabaseConfiguration {
+
+	@Autowired
+	private JpaVendorAdapter jpaAdapter;
+
+	@Autowired
+	private DataSource dataSource;
+
+	@Autowired
+	private EntityManagerFactory entityManagerFactory;
+
+	@Bean
+	public JpaOAuth2TokenRepository repository() {
+		return new JpaOAuth2TokenRepository();
+	}
+
+	@Bean(name = "defaultPersistenceUnit")
+	public FactoryBean<EntityManagerFactory> entityManagerFactory() {
+		LocalContainerEntityManagerFactoryBean factory = new LocalContainerEntityManagerFactoryBean();
+		factory.setPackagesToScan("org.mitre", "org.mitre");
+		factory.setPersistenceProviderClass(org.eclipse.persistence.jpa.PersistenceProvider.class);
+		factory.setPersistenceUnitName("test" + System.currentTimeMillis());
+		factory.setDataSource(dataSource);
+		factory.setJpaVendorAdapter(jpaAdapter);
+		Map<String, Object> jpaProperties = new HashMap<String, Object>();
+		jpaProperties.put("eclipselink.weaving", "false");
+		jpaProperties.put("eclipselink.logging.level", "INFO");
+		jpaProperties.put("eclipselink.logging.level.sql", "INFO");
+		jpaProperties.put("eclipselink.cache.shared.default", "false");
+		factory.setJpaPropertyMap(jpaProperties);
+
+		return factory;
+	}
+
+	@Bean
+	public DataSource dataSource() {
+		return new EmbeddedDatabaseBuilder(new DefaultResourceLoader() {
+			@Override
+			public Resource getResource(String location) {
+				String sql;
+				try {
+					sql = new String(Files.readAllBytes(Paths.get("..", "openid-connect-server-webapp", "src", "main",
+							"resources", "db", "hsql", location)), UTF_8);
+				} catch (IOException e) {
+					throw new RuntimeException("Failed to read sql-script " + location, e);
+				}
+
+				return new ByteArrayResource(sql.getBytes(UTF_8));
+			}
+		}).generateUniqueName(true).setScriptEncoding(UTF_8.name()).setType(EmbeddedDatabaseType.HSQL)
+				.addScripts("hsql_database_tables.sql").build();
+	}
+
+	@Bean
+	public JpaVendorAdapter jpaAdapter() {
+		EclipseLinkJpaVendorAdapter adapter = new EclipseLinkJpaVendorAdapter();
+		adapter.setDatabase(Database.HSQL);
+		adapter.setShowSql(true);
+		return adapter;
+	}
+
+	@Bean
+	public PlatformTransactionManager transactionManager() {
+		JpaTransactionManager platformTransactionManager = new JpaTransactionManager();
+		platformTransactionManager.setEntityManagerFactory(entityManagerFactory);
+		return platformTransactionManager;
+	}
+}