From 173f5cdfb82558ce5ae720aec68bcdb114715054 Mon Sep 17 00:00:00 2001
From: shimingxy <shimingxy@163.com>
Date: Fri, 5 Jun 2020 11:09:40 +0800
Subject: [PATCH] OAuth2 Access Confirmation

OAuth2 Access Confirmation
---
 .../authz/endpoint/AuthorizeBaseEndpoint.java |   5 +-
 .../OAuth20AccessConfirmationController.java  | 137 +++++++++++-------
 .../resources/messages/message.properties     |   5 +
 .../resources/messages/message_en.properties  |   5 +
 .../authorize/oauth_access_confirmation.ftl   |  32 ++--
 5 files changed, 119 insertions(+), 65 deletions(-)

diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
index 97f9e2aa..172b4aee 100644
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
@@ -40,12 +40,13 @@ public class AuthorizeBaseEndpoint {
 		Apps  app=(Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
 		//session中为空或者id不一致重新加载
 		if(app==null||!app.getId().equalsIgnoreCase(id)) {
-			app=appsService.get(id);		
+			app=appsService.get(id);
+			WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
 		}
 		if(app	==	null){
 			_logger.error("Applications for id "+id + "  is null");
 		}
-		WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
+		
 		return app;
 	}
 	
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
index 9c2ee7ed..a8b8261c 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
@@ -1,17 +1,18 @@
 package org.maxkey.authz.oauth2.provider.approval.controller;
 
-import java.security.Principal;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
-
 import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
 import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
 import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
 import org.maxkey.authz.oauth2.provider.ClientDetailsService;
 import org.maxkey.authz.oauth2.provider.approval.Approval;
-import org.maxkey.authz.oauth2.provider.approval.ApprovalStore;
 import org.maxkey.authz.oauth2.provider.approval.Approval.ApprovalStatus;
+import org.maxkey.authz.oauth2.provider.approval.ApprovalStore;
+import org.maxkey.dao.service.AppsService;
+import org.maxkey.domain.apps.Apps;
 import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
 import org.maxkey.web.WebContext;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -32,56 +33,84 @@ import org.springframework.web.servlet.ModelAndView;
 @SessionAttributes("authorizationRequest")
 public class OAuth20AccessConfirmationController {
 
-	@Autowired
-	@Qualifier("oauth20JdbcClientDetailsService")
-	private ClientDetailsService clientDetailsService;
-  
-	@Autowired
-	@Qualifier("oauth20ApprovalStore")
-	private ApprovalStore approvalStore;
-	
-	@Autowired
-	@Qualifier("oauth20UserApprovalHandler")
-	OAuth20UserApprovalHandler oauth20UserApprovalHandler;
-	
-	
-	@RequestMapping("/oauth/v20/approval_confirm")
-	public ModelAndView getAccessConfirmation(@RequestParam  Map<String, Object> model) throws Exception {
-		model.remove("authorizationRequest");
-		Map<String, String> modelRequest=new HashMap<String, String>();
-		for(Object key:model.keySet()){
-			modelRequest.put(key.toString(), model.get(key).toString());
-		}
-		String principal=((BasicAuthentication)WebContext.getAuthentication().getPrincipal()).getUsername();
-		 //Map<String, Object> model
-		AuthorizationRequest clientAuth = (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
-		ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
-		model.put("auth_request", clientAuth);
-		model.put("client", client);
-		model.put("oauth_version", "oauth 2.0");
-		Map<String, String> scopes = new LinkedHashMap<String, String>();
-		for (String scope : clientAuth.getScope()) {
-			scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
-		}
-		
-		for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
-			if (clientAuth.getScope().contains(approval.getScope())) {
-				scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
-						approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
-			}
-		}
-		model.put("scopes", scopes);
-		
-		ModelAndView modelAndView=new ModelAndView("authorize/oauth_access_confirmation");
-		modelAndView.addObject("model",model);
-		return modelAndView;
-	}
+    @Autowired
+    @Qualifier("appsService")
+    protected AppsService appsService;
+    
+    @Autowired
+    @Qualifier("oauth20JdbcClientDetailsService")
+    private ClientDetailsService clientDetailsService;
+
+    @Autowired
+    @Qualifier("oauth20ApprovalStore")
+    private ApprovalStore approvalStore;
+
+    @Autowired
+    @Qualifier("oauth20UserApprovalHandler")
+    OAuth20UserApprovalHandler oauth20UserApprovalHandler;
+
+    /**
+     * getAccessConfirmation.
+     * @param model  Map
+     * @return
+     * throws Exception  
+     */
+    @RequestMapping("/oauth/v20/approval_confirm")
+    public ModelAndView getAccessConfirmation(
+            @RequestParam Map<String, Object> model) throws Exception {
+        model.remove("authorizationRequest");
+        Map<String, String> modelRequest = new HashMap<String, String>();
+        for (Object key : model.keySet()) {
+            modelRequest.put(key.toString(), model.get(key).toString());
+        }
+        
+        // Map<String, Object> model
+        AuthorizationRequest clientAuth = 
+                (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
+        ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
+        Apps  app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
+        //session中为空或者id不一致重新加载
+        if (app == null || !app.getId().equalsIgnoreCase(clientAuth.getClientId())) {
+            app = appsService.get(clientAuth.getClientId()); 
+            WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
+            WebContext.setAttribute(app.getId(), app.getIcon());
+        }
+       
+        model.put("auth_request", clientAuth);
+        model.put("client", client);
+        model.put("app", app);
+        model.put("oauth_version", "oauth 2.0");
+        Map<String, String> scopes = new LinkedHashMap<String, String>();
+        for (String scope : clientAuth.getScope()) {
+            scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
+        }
+        String principal = 
+                ((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).getUsername();
+        for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
+            if (clientAuth.getScope().contains(approval.getScope())) {
+                scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
+                        approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
+            }
+        }
+        model.put("scopes", scopes);
+
+        ModelAndView modelAndView = new ModelAndView("authorize/oauth_access_confirmation");
+        modelAndView.addObject("model", model);
+        return modelAndView;
+    }
 
-	@RequestMapping("/oauth/v20/error")
-	public String handleError(Map<String,Object> model) throws Exception {
-		// We can add more stuff to the model here for JSP rendering.  If the client was a machine then
-		// the JSON will already have been rendered.
-		model.put("message", "There was a problem with the OAuth2 protocol");
-		return "oauth_error";
-	}
+    /**
+     * handleError.
+     * @param model Map
+     * @return
+     * throws Exception
+     */
+    @RequestMapping("/oauth/v20/error")
+    public String handleError(Map<String, Object> model) throws Exception {
+        // We can add more stuff to the model here for JSP rendering. If the client was
+        // a machine then
+        // the JSON will already have been rendered.
+        model.put("message", "There was a problem with the OAuth2 protocol");
+        return "oauth_error";
+    }
 }
diff --git a/maxkey-web-maxkey/src/main/resources/messages/message.properties b/maxkey-web-maxkey/src/main/resources/messages/message.properties
index 14caa000..937696ed 100644
--- a/maxkey-web-maxkey/src/main/resources/messages/message.properties
+++ b/maxkey-web-maxkey/src/main/resources/messages/message.properties
@@ -180,6 +180,11 @@ apps.protocol=\u8BBF\u95EE\u534F\u8BAE
 apps.category=\u7C7B\u578B
 apps.account=\u8D26\u53F7
 
+apps.oauth.approval.title=OAuth \u6388\u6743\u8BF7\u6C42
+apps.oauth.approval.info=\u6B64\u7B2C\u4E09\u65B9\u5E94\u7528\u8BF7\u6C42\u83B7\u5F97\u4EE5\u4E0B\u6743\u9650:
+apps.oauth.approval.context=\u8BBF\u95EE\u4F60\u7684\u4E2A\u4EBA\u4FE1\u606F
+apps.oauth.approval.authorize=\u540C\u610F\u6388\u6743
+
 button.text.action=\u8BBF\u95EE
 button.text.visit=\u8BBF\u95EE
 button.text.save=\u4FDD\u5B58
diff --git a/maxkey-web-maxkey/src/main/resources/messages/message_en.properties b/maxkey-web-maxkey/src/main/resources/messages/message_en.properties
index fe6f34c5..1b817bcc 100644
--- a/maxkey-web-maxkey/src/main/resources/messages/message_en.properties
+++ b/maxkey-web-maxkey/src/main/resources/messages/message_en.properties
@@ -179,6 +179,11 @@ apps.protocol=protocol
 apps.category=category
 apps.account=account
 
+apps.oauth.approval.title=OAuth Authorize Confirm
+apps.oauth.approval.info=This third-party app request has the following permissions:
+apps.oauth.approval.context=Access your personal information
+apps.oauth.approval.authorize=Authorize
+
 button.text.action=Action
 button.text.visit=Visit
 button.text.save=Save
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
index e105ff39..585709d1 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
@@ -11,17 +11,31 @@
 	</div>
 	<div class="container">	
 		<#if 'oauth 2.0'==model.oauth_version>
-			<!-- oauth 2.0 -->
-		      <h2>Please Confirm OAuth 2.0</h2>
-		
-		      <p>You hereby authorize "${model.client.clientId!}" to access your protected resources.</p>
+			 <!-- oauth 2.0 -->
+			 <table  class="table table-bordered">
+                        <tr>
+                            <th colspan='2'><@locale code="apps.oauth.approval.title"/></th>
+                        </tr>
+                         <tr>
+                            <td><img src="<@base/>/image/${model.app.id}" title="${model.app.name}" width="65px" height="65px"  style="border:0;"/></td>
+                            <td>
+                                <b>${model.app.name!}</b><br/>
+                                <@locale code="apps.oauth.approval.info"/>
+                            </td>
+                        </tr>
+                         <tr>
+                            <td></td>
+                            <td>
+                                    <span class="checkboxspan icon_checkbox_selected"></span>
+                                    <@locale code="apps.oauth.approval.context"/>
+                            </td>
+                        </tr>
+              </table>   
+		      
+		      <!--<p>You hereby authorize "${model.client.clientId!}" to access your protected resources.</p>-->
 		      <form id="confirmationForm" name="confirmationForm" action="<@base/>/oauth/v20/authorize" method="post">
 		        <input name="user_oauth_approval" value="true" type="hidden"/>
-		        	
-			        <ul>
-			        	
-		       		 </ul>
-		        <label><input name="authorize" value="Authorize" type="submit"/></label>
+		        <label><input class="button btn btn-primary mr-3" name="authorize" value='<@locale code="apps.oauth.approval.authorize"/>' type="submit"/></label>
 		      </form>
 	    </#if>
     </div>
-- 
GitLab