Source code

001/*******************************************************************************
002 * Copyright 2017 The MIT Internet Trust Consortium
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *   http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *******************************************************************************/
016
017package org.mitre.uma.web;
018
019import java.util.HashMap;
020import java.util.Map;
021
022import javax.servlet.http.HttpServletRequest;
023
024import org.mitre.openid.connect.client.model.IssuerServiceResponse;
025import org.mitre.openid.connect.client.service.impl.WebfingerIssuerService;
026import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
027import org.mitre.openid.connect.model.UserInfo;
028import org.mitre.openid.connect.service.UserInfoService;
029import org.mitre.openid.connect.view.HttpCodeView;
030import org.mitre.openid.connect.view.JsonEntityView;
031import org.mitre.openid.connect.view.JsonErrorView;
032import org.mitre.openid.connect.web.RootController;
033import org.springframework.beans.factory.annotation.Autowired;
034import org.springframework.http.HttpStatus;
035import org.springframework.security.access.prepost.PreAuthorize;
036import org.springframework.security.core.Authentication;
037import org.springframework.stereotype.Controller;
038import org.springframework.ui.Model;
039import org.springframework.util.MimeTypeUtils;
040import org.springframework.web.bind.annotation.RequestMapping;
041import org.springframework.web.bind.annotation.RequestMethod;
042import org.springframework.web.bind.annotation.RequestParam;
043
044import com.google.common.collect.ImmutableSet;
045
046
047/**
048 * @author jricher
049 *
050 */
051@Controller
052@RequestMapping("/" + UserClaimSearchHelper.URL)
053@PreAuthorize("hasRole('ROLE_USER')")
054public class UserClaimSearchHelper {
055
056        public static final String URL = RootController.API_URL + "/emailsearch";
057
058        private WebfingerIssuerService webfingerIssuerService = new WebfingerIssuerService();
059
060        @Autowired
061        private UserInfoService userInfoService;
062
063        @Autowired
064        private ConfigurationPropertiesBean config;
065
066
067        @RequestMapping(method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
068        public String search(@RequestParam(value = "identifier") String email, Model m, Authentication auth, HttpServletRequest req) {
069
070                // check locally first
071                UserInfo localUser = userInfoService.getByEmailAddress(email);
072
073                if (localUser != null) {
074                        Map<String, Object> e = new HashMap<>();
075                        e.put("issuer", ImmutableSet.of(config.getIssuer()));
076                        e.put("name", "email");
077                        e.put("value", localUser.getEmail());
078
079                        Map<String, Object> ev = new HashMap<>();
080                        ev.put("issuer", ImmutableSet.of(config.getIssuer()));
081                        ev.put("name", "email_verified");
082                        ev.put("value", localUser.getEmailVerified());
083
084                        Map<String, Object> s = new HashMap<>();
085                        s.put("issuer", ImmutableSet.of(config.getIssuer()));
086                        s.put("name", "sub");
087                        s.put("value", localUser.getSub());
088
089                        m.addAttribute(JsonEntityView.ENTITY, ImmutableSet.of(e, ev, s));
090                        return JsonEntityView.VIEWNAME;
091                } else {
092
093                        // otherwise do a webfinger lookup
094                        IssuerServiceResponse resp = webfingerIssuerService.getIssuer(req);
095
096                        if (resp != null && resp.getIssuer() != null) {
097                                // we found an issuer, return that
098                                Map<String, Object> e = new HashMap<>();
099                                e.put("issuer", ImmutableSet.of(resp.getIssuer()));
100                                e.put("name", "email");
101                                e.put("value", email);
102
103                                Map<String, Object> ev = new HashMap<>();
104                                ev.put("issuer", ImmutableSet.of(resp.getIssuer()));
105                                ev.put("name", "email_verified");
106                                ev.put("value", true);
107
108                                m.addAttribute(JsonEntityView.ENTITY, ImmutableSet.of(e, ev));
109                                return JsonEntityView.VIEWNAME;
110                        } else {
111                                m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
112                                return JsonErrorView.VIEWNAME;
113                        }
114                }
115        }
116
117}