Update

cthit · Jun 25, 2024 · 2610aad · 2610aad
1 parent fa4aebd
commit 2610aad
Show file tree

Hide file tree

Showing 4 changed files with 79 additions and 14 deletions.
diff --git a/app/src/main/java/it/chalmers/gamma/adapter/primary/web/ConsentController.java b/app/src/main/java/it/chalmers/gamma/adapter/primary/web/ConsentController.java
@@ -4,6 +4,8 @@
 
 import it.chalmers.gamma.app.client.ClientFacade;
 import it.chalmers.gamma.app.user.UserFacade;
+import java.util.Arrays;
+import java.util.List;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
@@ -27,20 +29,62 @@ public ConsentController(
 
   public record UserOwner(String name) {}
 
+  public ModelAndView createClientIssuesModelAndView(
+      boolean htmxRequest, String title, String description) {
+    ModelAndView mv = new ModelAndView();
+
+    if (htmxRequest) {
+      mv.setViewName("pages/client-authorizing-issue");
+    } else {
+      mv.setViewName("index");
+      mv.addObject("page", "pages/client-authorizing-issue");
+    }
+
+    mv.addObject("title", title);
+    mv.addObject("description", description);
+
+    return mv;
+  }
+
   @GetMapping("/oauth2/consent")
   public ModelAndView getOAuth2Consent(
       @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
-      @RequestParam(OAuth2ParameterNames.CLIENT_ID) String clientId,
-      @RequestParam(OAuth2ParameterNames.SCOPE) String scope,
-      @RequestParam(OAuth2ParameterNames.STATE) String state) {
+      @RequestParam(value = OAuth2ParameterNames.CLIENT_ID, required = false) String clientId,
+      @RequestParam(value = OAuth2ParameterNames.SCOPE, required = false) String scope,
+      @RequestParam(value = OAuth2ParameterNames.STATE, required = false) String state) {
+
+    if (clientId == null) {
+      return createClientIssuesModelAndView(
+          htmxRequest, "Client id missing", "A client_id must be provided to authorize");
+    }
+
+    if (scope == null) {
+      return createClientIssuesModelAndView(
+          htmxRequest, "Client scopes missing", "A scope must be specified to authorize.");
+    }
+
+    if (state == null) {
+      return createClientIssuesModelAndView(
+          htmxRequest, "Client state missing", "A state must be specified to authorize.");
+    }
 
     RegisteredClient client = this.registeredClientRepository.findByClientId(clientId);
+    ModelAndView mv = new ModelAndView();
 
     if (client == null) {
-      throw new RuntimeException();
+      return createClientIssuesModelAndView(
+          htmxRequest, "Client not found", "A client with the given client id was not found.");
     }
 
-    ModelAndView mv = new ModelAndView();
+    List<String> scopesList = Arrays.stream(scope.split(" ")).sorted().toList();
+    List<String> clientScopesOrdered = client.getScopes().stream().sorted().toList();
+
+    if (!scopesList.equals(clientScopesOrdered)) {
+      return createClientIssuesModelAndView(
+          htmxRequest,
+          "Mismatch scopes for client",
+          "There is a mismatch between registered client scopes, and the scopes specified for this authorization.");
+    }
 
     if (htmxRequest) {
       mv.setViewName("pages/authorize");

diff --git a/app/src/main/java/it/chalmers/gamma/app/oauth2/GammaRegisteredClientRepository.java b/app/src/main/java/it/chalmers/gamma/app/oauth2/GammaRegisteredClientRepository.java
@@ -26,18 +26,26 @@ public void save(RegisteredClient registeredClient) {
 
   @Override
   public RegisteredClient findById(String id) {
-    Client client =
-        this.clientRepository.get(ClientUid.valueOf(id)).orElseThrow(NullPointerException::new);
-
-    return toRegisteredClient(client);
+    try {
+      return this.clientRepository
+          .get(ClientUid.valueOf(id))
+          .map(this::toRegisteredClient)
+          .orElse(null);
+    } catch (IllegalArgumentException e) {
+      return null;
+    }
   }
 
   @Override
   public RegisteredClient findByClientId(String clientId) {
-    Client client =
-        this.clientRepository.get(new ClientId(clientId)).orElseThrow(NullPointerException::new);
-
-    return toRegisteredClient(client);
+    try {
+      return this.clientRepository
+          .get(new ClientId(clientId))
+          .map(this::toRegisteredClient)
+          .orElse(null);
+    } catch (IllegalArgumentException e) {
+      return null;
+    }
   }
 
   private RegisteredClient toRegisteredClient(Client client) {

diff --git a/app/src/main/resources/templates/pages/client-authorizing-issue.html b/app/src/main/resources/templates/pages/client-authorizing-issue.html
@@ -0,0 +1,13 @@
+<header th:replace="~{common/header-without-nav}"></header>
+<main>
+    <article>
+        <header th:text="${title}">
+        </header>
+        <p th:text="${description}"></p>
+        <p>
+            Read more how to authorize with gamma here:
+            <a target="_blank" href="https://github.com/cthit/Gamma/wiki/Authenticating-With-Gamma">github.com/cthit/Gamma/wiki/Authenticating-With-Gamma</a>
+        </p>
+    </article>
+</main>
+
diff --git a/app/src/main/resources/templates/pages/my-clients.html b/app/src/main/resources/templates/pages/my-clients.html
@@ -2,7 +2,7 @@
 <main>
     <p>
         Here you are able to create your own OAuth2 client to authenticate Gamma with!
-        Read more about how here: <br><a href="https://github.com/cthit/Gamma/wiki/Authenticating-With-Gamma">github.com/cthit/Gamma/wiki/Authenticating-With-Gamma</a>
+        Read more about how here: <br><a target="_blank" href="https://github.com/cthit/Gamma/wiki/Authenticating-With-Gamma">github.com/cthit/Gamma/wiki/Authenticating-With-Gamma</a>
     </p>
     <a href="/my-clients/create">Create client</a>
     <table>