Skip to content

Commit

Permalink
adding handling for bearer tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
@dankle
dankle committed Sep 25, 2023
1 parent 201e601 commit 71a55ea
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 11 deletions.
8 changes: 4 additions & 4 deletions ...gins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,9 +126,9 @@ public String getTokenSigningKey() throws IOException {
}
}

public Profile getUserProfile(String refreshToken) throws IOException {
public Profile getUserProfileFromRefreshToken(String refreshToken) throws IOException {
Token token = getTokenByRefreshToken(refreshToken);
return getProfile(token);
return getProfile(token.accessToken());
}

private Token getToken(String urlParameters) throws IOException {
Expand Down Expand Up @@ -178,15 +178,15 @@ private void postRequest(HttpURLConnection con, String urlParameters) throws IOE
}
}

private Profile getProfile(Token token) throws IOException {
public Profile getProfile(String accessToken) throws IOException {
if (cfg.getUserInfoEndpointUrl() == null) {
return null;
}
HttpURLConnection con = null;
try {
URL url = new URL(cfg.getUserInfoEndpointUrl());
con = (HttpURLConnection) url.openConnection();
String authzHeaderValue = String.format("Bearer %s", token.accessToken());
String authzHeaderValue = String.format("Bearer %s", accessToken);
con.setRequestProperty(HttpHeaders.AUTHORIZATION, authzHeaderValue);
con.setRequestProperty(HttpHeaders.CONTENT_TYPE, CONTENT_TYPE_HEADER);
con.setRequestMethod("GET");
Expand Down
35 changes: 28 additions & 7 deletions ...ins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,29 +56,34 @@ public AuthenticationToken createToken(ServletRequest request, ServletResponse r

HttpServletRequest req = WebUtils.toHttp(request);

String token = SsoCookies.getTokenCookie(req);
if (token == null) {
String bearerToken = extractTokenFromRequest(req);
String incomingToken = bearerToken != null ? bearerToken : SsoCookies.getTokenCookie(req);

if (incomingToken == null) {
return null;
}

String login = jwtAuthenticator.validateTokenAndGetLogin(token);
//TODO: If token comes in from bearer token, then this should be an access_token.
// Use this directly to get the user profile i.e. ssoClient.getProfile(accessToken);

String login = jwtAuthenticator.validateTokenAndGetLogin(incomingToken);
if (login == null) {
return null;
}

String[] as = parseDomain(login);
String[] as = parseDomain(login); //TODO: Can we not get this info from userInfo endpoint? i.e. SsoClient.Profile

String refreshToken = SsoCookies.getRefreshCookie(req);
// get userprofile send the response as null if refreshToken is expired or used
SsoClient.Profile profile;
try {
profile = ssoClient.getUserProfile(refreshToken);
profile = bearerToken != null ? ssoClient.getProfile(bearerToken) : ssoClient.getUserProfileFromRefreshToken(incomingToken);

} catch (IOException e) {
return null;
}
if (profile == null) {
return null;
}
//TODO: User name and domain should be returned by the userInfo endpoint(profile) "sub". Do we really need these two? as[0], as[1]
return new SsoToken(as[0], as[1], profile.displayName(), profile.mail(), profile.userPrincipalName(), profile.nameInNamespace(), profile.groups());
}

Expand Down Expand Up @@ -112,4 +117,20 @@ private String[] parseDomain(String s) {
String domain = s.substring(pos + 1);
return new String[]{username, domain};
}

private String extractTokenFromRequest(HttpServletRequest request) {
final String value = request.getHeader("Authorization");

if (value == null || !value.toLowerCase().startsWith("bearer")) {
return null;
}

String[] parts = value.split(" ");

if (parts.length < 2) {
return null;
}

return parts[1].trim();
}
}

0 comments on commit 71a55ea

Please sign in to comment.