OAuth20 update clientSecret Fix

2025-12-08 09:58:56 +08:00 · 2020-06-05 15:22:08 +08:00 · 2020-06-05 15:22:08 +08:00 · 4ab7dccca0
commit 4ab7dccca0
parent 173f5cdfb8
3 changed files with 555 additions and 578 deletions
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsOAuth20Details.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsOAuth20Details.java
@ -5,7 +5,6 @@ import javax.persistence.Table;
 import org.maxkey.domain.apps.oauth2.provider.client.BaseClientDetails;
 import org.springframework.util.StringUtils;

-
@Table(name = "APPS_OAUTH_CLIENT_DETAILS")
 public class AppsOAuth20Details extends Apps {

@ -14,20 +13,19 @@ public class AppsOAuth20Details  extends Apps {
     */
    private static final long serialVersionUID = 6786113671104069370L;

-
    private String clientId;

    private String clientSecret;

-	private String scope ;
+    private String scope;

-	private String resourceIds ;
+    private String resourceIds;

    private String authorizedGrantTypes;

    private String registeredRedirectUris;

-	private String authorities ;
+    private String authorities;

    private Integer accessTokenValiditySeconds;

@ -35,7 +33,7 @@ public class AppsOAuth20Details  extends Apps {

    private String approvalPrompt;

-	//for OpenID Connect
+    // for OpenID Connect
    private String idTokenSigningAlgorithm;
    private String idTokenEncryptedAlgorithm;
    private String idTokenEncryptionMethod;
@ -57,43 +55,43 @@ public class AppsOAuth20Details  extends Apps {
    /**
     * 
     */
-	public AppsOAuth20Details(Apps application,BaseClientDetails baseClientDetails) {
+    public AppsOAuth20Details(Apps application, BaseClientDetails baseClientDetails) {
        super();
-		this.id=application.getId();
+        this.id = application.getId();
        this.setName(application.getName());
        this.setLoginUrl(application.getLoginUrl());
        this.setCategory(application.getCategory());
        this.setProtocol(application.getProtocol());
        this.setIcon(application.getIcon());
-		this.clientId=application.getId();
+        this.clientId = application.getId();

        this.setSortIndex(application.getSortIndex());
        this.setVendor(application.getVendor());
        this.setVendorUrl(application.getVendorUrl());

-		this.clientSecret=baseClientDetails.getClientSecret();
-		this.scope=baseClientDetails.getScope().toString();
-		this.resourceIds=baseClientDetails.getResourceIds().toString();
-		this.authorizedGrantTypes=baseClientDetails.getAuthorizedGrantTypes().toString();
-		this.registeredRedirectUris=StringUtils.collectionToCommaDelimitedString(baseClientDetails.getRegisteredRedirectUri());
-		this.authorities=baseClientDetails.getAuthorities().toString();
-		this.accessTokenValiditySeconds=baseClientDetails.getAccessTokenValiditySeconds();
-		this.refreshTokenValiditySeconds=baseClientDetails.getRefreshTokenValiditySeconds();
-		this.approvalPrompt=baseClientDetails.isAutoApprove("all")+"";
+        this.clientSecret = baseClientDetails.getClientSecret();
+        this.scope = baseClientDetails.getScope().toString();
+        this.resourceIds = baseClientDetails.getResourceIds().toString();
+        this.authorizedGrantTypes = baseClientDetails.getAuthorizedGrantTypes().toString();
+        this.registeredRedirectUris = StringUtils
+                .collectionToCommaDelimitedString(baseClientDetails.getRegisteredRedirectUri());
+        this.authorities = baseClientDetails.getAuthorities().toString();
+        this.accessTokenValiditySeconds = baseClientDetails.getAccessTokenValiditySeconds();
+        this.refreshTokenValiditySeconds = baseClientDetails.getRefreshTokenValiditySeconds();
+        this.approvalPrompt = baseClientDetails.isAutoApprove("all") + "";

-		this.idTokenEncryptedAlgorithm=baseClientDetails.getIdTokenEncryptedAlgorithm();
-		this.idTokenEncryptionMethod=baseClientDetails.getIdTokenEncryptionMethod();
-		this.idTokenSigningAlgorithm=baseClientDetails.getIdTokenSigningAlgorithm();
+        this.idTokenEncryptedAlgorithm = baseClientDetails.getIdTokenEncryptedAlgorithm();
+        this.idTokenEncryptionMethod = baseClientDetails.getIdTokenEncryptionMethod();
+        this.idTokenSigningAlgorithm = baseClientDetails.getIdTokenSigningAlgorithm();

-		this.userInfoEncryptedAlgorithm=baseClientDetails.getUserInfoEncryptedAlgorithm();
-		this.userInfoEncryptionMethod=baseClientDetails.getUserInfoEncryptionMethod();
-		this.userInfoSigningAlgorithm=baseClientDetails.getUserInfoSigningAlgorithm();
+        this.userInfoEncryptedAlgorithm = baseClientDetails.getUserInfoEncryptedAlgorithm();
+        this.userInfoEncryptionMethod = baseClientDetails.getUserInfoEncryptionMethod();
+        this.userInfoSigningAlgorithm = baseClientDetails.getUserInfoSigningAlgorithm();

-		this.jwksUri=baseClientDetails.getJwksUri();
+        this.jwksUri = baseClientDetails.getJwksUri();

    }

-
    /**
     * @return the clientId
     */
@ -101,9 +99,6 @@ public class AppsOAuth20Details  extends Apps {
        return clientId;
    }

-	
-	
-
    /**
     * @return the approvalPrompt
     */
@ -125,7 +120,6 @@ public class AppsOAuth20Details  extends Apps {
        this.clientId = clientId;
    }

-
    /**
     * @return the clientSecret
     */
@ -133,7 +127,6 @@ public class AppsOAuth20Details  extends Apps {
        return clientSecret;
    }

-
    /**
     * @param clientSecret the clientSecret to set
     */
@ -141,7 +134,6 @@ public class AppsOAuth20Details  extends Apps {
        this.clientSecret = clientSecret;
    }

-
    /**
     * @return the scope
     */
@ -149,7 +141,6 @@ public class AppsOAuth20Details  extends Apps {
        return scope;
    }

-
    /**
     * @param scope the scope to set
     */
@ -157,7 +148,6 @@ public class AppsOAuth20Details  extends Apps {
        this.scope = scope;
    }

-
    /**
     * @return the resourceIds
     */
@ -165,7 +155,6 @@ public class AppsOAuth20Details  extends Apps {
        return resourceIds;
    }

-
    /**
     * @param resourceIds the resourceIds to set
     */
@ -173,7 +162,6 @@ public class AppsOAuth20Details  extends Apps {
        this.resourceIds = resourceIds;
    }

-
    /**
     * @return the authorizedGrantTypes
     */
@ -181,7 +169,6 @@ public class AppsOAuth20Details  extends Apps {
        return authorizedGrantTypes;
    }

-
    /**
     * @param authorizedGrantTypes the authorizedGrantTypes to set
     */
@ -189,7 +176,6 @@ public class AppsOAuth20Details  extends Apps {
        this.authorizedGrantTypes = authorizedGrantTypes;
    }

-
    /**
     * @return the registeredRedirectUris
     */
@ -197,7 +183,6 @@ public class AppsOAuth20Details  extends Apps {
        return registeredRedirectUris;
    }

-
    /**
     * @param registeredRedirectUris the registeredRedirectUris to set
     */
@ -205,7 +190,6 @@ public class AppsOAuth20Details  extends Apps {
        this.registeredRedirectUris = registeredRedirectUris;
    }

-
    /**
     * @return the authorities
     */
@ -213,7 +197,6 @@ public class AppsOAuth20Details  extends Apps {
        return authorities;
    }

-
    /**
     * @param authorities the authorities to set
     */
@ -221,7 +204,6 @@ public class AppsOAuth20Details  extends Apps {
        this.authorities = authorities;
    }

-
    /**
     * @return the accessTokenValiditySeconds
     */
@ -229,7 +211,6 @@ public class AppsOAuth20Details  extends Apps {
        return accessTokenValiditySeconds;
    }

-
    /**
     * @param accessTokenValiditySeconds the accessTokenValiditySeconds to set
     */
@ -237,7 +218,6 @@ public class AppsOAuth20Details  extends Apps {
        this.accessTokenValiditySeconds = accessTokenValiditySeconds;
    }

-
    /**
     * @return the refreshTokenValiditySeconds
     */
@ -245,7 +225,6 @@ public class AppsOAuth20Details  extends Apps {
        return refreshTokenValiditySeconds;
    }

-
    /**
     * @param refreshTokenValiditySeconds the refreshTokenValiditySeconds to set
     */
@ -253,8 +232,6 @@ public class AppsOAuth20Details  extends Apps {
        this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
    }

-	
-
    public String getIdTokenSigningAlgorithm() {
        return idTokenSigningAlgorithm;
    }
@ -311,10 +288,9 @@ public class AppsOAuth20Details  extends Apps {
        this.jwksUri = jwksUri;
    }

-	public  BaseClientDetails clientDetailsRowMapper(){
-		BaseClientDetails baseClientDetails =new BaseClientDetails( this.getId(), 
-				this.getId(),  this.getScope(),  this.getAuthorizedGrantTypes(),  "ROLE_CLIENT, ROLE_TRUSTED_CLIENT",
-				this.getRegisteredRedirectUris());
+    public BaseClientDetails clientDetailsRowMapper() {
+        BaseClientDetails baseClientDetails = new BaseClientDetails(this.getId(), this.getId(), this.getScope(),
+                this.getAuthorizedGrantTypes(), "ROLE_CLIENT, ROLE_TRUSTED_CLIENT", this.getRegisteredRedirectUris());
        baseClientDetails.setAccessTokenValiditySeconds(this.getAccessTokenValiditySeconds());
        baseClientDetails.setRefreshTokenValiditySeconds(this.getRefreshTokenValiditySeconds());
        baseClientDetails.setClientSecret(this.getClientSecret());
@ -333,18 +309,17 @@ public class AppsOAuth20Details  extends Apps {
        return baseClientDetails;
    }

-	/* (non-Javadoc)
+    /*
+     * (non-Javadoc)
+     * 
     * @see java.lang.Object#toString()
     */
    @Override
    public String toString() {
-		return "OAuth20Details [clientId=" + clientId + ", clientSecret="
-				+ clientSecret + ", scope=" + scope + ", resourceIds="
-				+ resourceIds + ", authorizedGrantTypes="
-				+ authorizedGrantTypes + ", registeredRedirectUris="
-				+ registeredRedirectUris + ", authorities=" + authorities
-				+ ", accessTokenValiditySeconds=" + accessTokenValiditySeconds
-				+ ", refreshTokenValiditySeconds="
+        return "OAuth20Details [clientId=" + clientId + ", clientSecret=" + clientSecret + ", scope=" + scope
+                + ", resourceIds=" + resourceIds + ", authorizedGrantTypes=" + authorizedGrantTypes
+                + ", registeredRedirectUris=" + registeredRedirectUris + ", authorities=" + authorities
+                + ", accessTokenValiditySeconds=" + accessTokenValiditySeconds + ", refreshTokenValiditySeconds="
                + refreshTokenValiditySeconds + "]";
    }

--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/client/JdbcClientDetailsService.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/client/JdbcClientDetailsService.java
@ -121,8 +121,7 @@ public class JdbcClientDetailsService implements ClientDetailsService, ClientReg
        ClientDetails details;
        try {
            details = jdbcTemplate.queryForObject(selectClientDetailsSql, new ClientDetailsRowMapper(), clientId);
-		}
-		catch (EmptyResultDataAccessException e) {
+        } catch (EmptyResultDataAccessException e) {
            throw new NoSuchClientException("No client with requested id: " + clientId);
        }

@ -132,8 +131,7 @@ public class JdbcClientDetailsService implements ClientDetailsService, ClientReg
    public void addClientDetails(ClientDetails clientDetails) throws ClientAlreadyExistsException {
        try {
            jdbcTemplate.update(insertClientDetailsSql, getFields(clientDetails));
-		}
-		catch (DuplicateKeyException e) {
+        } catch (DuplicateKeyException e) {
            throw new ClientAlreadyExistsException("Client already exists: " + clientDetails.getClientId(), e);
        }
    }
@ -160,7 +158,7 @@ public class JdbcClientDetailsService implements ClientDetailsService, ClientReg
    }

    public List<ClientDetails> listClientDetails() {
-		return listFactory.getList(findClientDetailsSql, Collections.<String, Object> emptyMap(), rowMapper);
+        return listFactory.getList(findClientDetailsSql, Collections.<String, Object>emptyMap(), rowMapper);
    }

    private Object[] getFields(ClientDetails clientDetails) {
@ -176,26 +174,30 @@ public class JdbcClientDetailsService implements ClientDetailsService, ClientReg
        String json = null;
        try {
            json = mapper.write(clientDetails.getAdditionalInformation());
-		}
-		catch (Exception e) {
+        } catch (Exception e) {
            logger.warn("Could not serialize additional information: " + clientDetails, e);
        }
        return new Object[] {
-				clientDetails.getResourceIds() != null ? StringUtils.collectionToCommaDelimitedString(clientDetails
-						.getResourceIds()) : null,
-				clientDetails.getScope() != null ? StringUtils.collectionToCommaDelimitedString(clientDetails
-						.getScope()) : null,
-				clientDetails.getAuthorizedGrantTypes() != null ? StringUtils
-						.collectionToCommaDelimitedString(clientDetails.getAuthorizedGrantTypes()) : null,
-				clientDetails.getRegisteredRedirectUri() != null ? StringUtils
-						.collectionToCommaDelimitedString(clientDetails.getRegisteredRedirectUri()) : null,
-				clientDetails.getAuthorities() != null ? StringUtils.collectionToCommaDelimitedString(clientDetails
-						.getAuthorities()) : null, clientDetails.getAccessTokenValiditySeconds(),
-				clientDetails.getRefreshTokenValiditySeconds(), json, getAutoApproveScopes(clientDetails),
-				clientDetails.getIdTokenSigningAlgorithm(),clientDetails.getIdTokenEncryptedAlgorithm(),clientDetails.getIdTokenEncryptionMethod(),
-				clientDetails.getUserInfoSigningAlgorithm(),clientDetails.getUserInfoEncryptedAlgorithm(),clientDetails.getUserInfoEncryptionMethod(),
-				clientDetails.getJwksUri(),
-				clientDetails.getClientId() };
+                clientDetails.getResourceIds() != null
+                        ? StringUtils.collectionToCommaDelimitedString(clientDetails.getResourceIds())
+                        : null,
+                clientDetails.getScope() != null
+                        ? StringUtils.collectionToCommaDelimitedString(clientDetails.getScope())
+                        : null,
+                clientDetails.getAuthorizedGrantTypes() != null
+                        ? StringUtils.collectionToCommaDelimitedString(clientDetails.getAuthorizedGrantTypes())
+                        : null,
+                clientDetails.getRegisteredRedirectUri() != null
+                        ? StringUtils.collectionToCommaDelimitedString(clientDetails.getRegisteredRedirectUri())
+                        : null,
+                clientDetails.getAuthorities() != null
+                        ? StringUtils.collectionToCommaDelimitedString(clientDetails.getAuthorities())
+                        : null,
+                clientDetails.getAccessTokenValiditySeconds(), clientDetails.getRefreshTokenValiditySeconds(), json,
+                getAutoApproveScopes(clientDetails), clientDetails.getIdTokenSigningAlgorithm(),
+                clientDetails.getIdTokenEncryptedAlgorithm(), clientDetails.getIdTokenEncryptionMethod(),
+                clientDetails.getUserInfoSigningAlgorithm(), clientDetails.getUserInfoEncryptedAlgorithm(),
+                clientDetails.getUserInfoEncryptionMethod(), clientDetails.getJwksUri(), clientDetails.getClientId() };
    }

    private String getAutoApproveScopes(ClientDetails clientDetails) {
@ -284,8 +286,7 @@ public class JdbcClientDetailsService implements ClientDetailsService, ClientReg
                    @SuppressWarnings("unchecked")
                    Map<String, Object> additionalInformation = mapper.read(json, Map.class);
                    details.setAdditionalInformation(additionalInformation);
-				}
-				catch (Exception e) {
+                } catch (Exception e) {
                    logger.warn("Could not decode JSON for additional information: " + details, e);
                }
            }
--- a/maxkey-web-manage/src/main/java/org/maxkey/web/apps/contorller/OAuth20DetailsController.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/web/apps/contorller/OAuth20DetailsController.java
@ -88,11 +88,12 @@ public class OAuth20DetailsController  extends BaseAppContorller {
 		//
 		_logger.debug("-update  application :" + oauth20Details);
 		_logger.debug("-update  oauth20Details use oauth20JdbcClientDetails" );
-		transform(oauth20Details);
-		
 		oauth20Details.setClientSecret(oauth20Details.getSecret());
        oauth20JdbcClientDetailsService.updateClientDetails(oauth20Details.clientDetailsRowMapper());
        oauth20JdbcClientDetailsService.updateClientSecret(oauth20Details.getClientId(), oauth20Details.getClientSecret());
+        
+		transform(oauth20Details);
+		
 		if (appsService.updateApp(oauth20Details)) {
 			  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success);
 		} else {