Merge remote-tracking branch 'origin/develop' into develop

Author: adhesivee

oauth2-server-client-inmemory/src/main/java/nl/myndocs/oauth2/client/inmemory/ClientConfiguration.kt

@@ -5,5 +5,5 @@ data class ClientConfiguration(
         var clientSecret: String? = null,
         var scopes: Set<String> = setOf(),
         var redirectUris: Set<String> = setOf(),
-        var oauthFlows: Set<String> = setOf()
+        var authorizedGrantTypes: Set<String> = setOf()
 )

oauth2-server-client-inmemory/src/main/java/nl/myndocs/oauth2/client/inmemory/InMemoryClient.kt

@@ -16,7 +16,7 @@ class InMemoryClient : ClientService {
 
     override fun clientOf(clientId: String): Client? {
         return clients.filter { it.clientId == clientId }
-                .map { client -> nl.myndocs.oauth2.client.Client(client.clientId!!, client.scopes, client.redirectUris) }
+                .map { client -> nl.myndocs.oauth2.client.Client(client.clientId!!, client.scopes, client.redirectUris, client.authorizedGrantTypes) }
                 .firstOrNull()
     }
 

oauth2-server-core/src/main/java/nl/myndocs/oauth2/Oauth2TokenService.kt

@@ -2,6 +2,7 @@ package nl.myndocs.oauth2
 
 import nl.myndocs.oauth2.authenticator.Authenticator
 import nl.myndocs.oauth2.authenticator.IdentityScopeVerifier
+import nl.myndocs.oauth2.client.AuthorizedGrantType
 import nl.myndocs.oauth2.client.Client
 import nl.myndocs.oauth2.client.ClientService
 import nl.myndocs.oauth2.exception.*
@@ -46,6 +47,12 @@ class Oauth2TokenService(
         val requestedClient = clientService.clientOf(
                 passwordGrantRequest.clientId!!
         )!!
+
+        val authorizedGrantType = AuthorizedGrantType.PASSWORD
+        if (!requestedClient.authorizedGrantTypes.contains(authorizedGrantType)) {
+            throw InvalidGrantException("Authorize not allowed: '$authorizedGrantType'")
+        }
+
         val requestedIdentity = identityService.identityOf(
                 requestedClient, passwordGrantRequest.username
         )
@@ -127,6 +134,13 @@ class Oauth2TokenService(
             throw InvalidGrantException()
         }
 
+        val client = clientService.clientOf(refreshToken.clientId)!!
+
+        val authorizedGrantType = AuthorizedGrantType.REFRESH_TOKEN
+        if (!client.authorizedGrantTypes.contains(authorizedGrantType)) {
+            throw InvalidGrantException("Authorize not allowed: '$authorizedGrantType'")
+        }
+
         val accessToken = accessTokenConverter.convertToToken(
                 refreshToken.username,
                 refreshToken.clientId,
@@ -165,6 +179,11 @@ class Oauth2TokenService(
             throw InvalidGrantException("invalid 'redirect_uri'")
         }
 
+        val authorizedGrantType = AuthorizedGrantType.AUTHORIZATION_CODE
+        if (!clientOf.authorizedGrantTypes.contains(authorizedGrantType)) {
+            throw InvalidGrantException("Authorize not allowed: '$authorizedGrantType'")
+        }
+
         val identityOf = identityService.identityOf(clientOf, redirect.username) ?: throw InvalidIdentityException()
 
         var validIdentity = authenticator?.validCredentials(clientOf, identityOf, redirect.password)
@@ -220,6 +239,11 @@ class Oauth2TokenService(
             throw InvalidGrantException("invalid 'redirect_uri'")
         }
 
+        val authorizedGrantType = AuthorizedGrantType.IMPLICIT
+        if (!clientOf.authorizedGrantTypes.contains(authorizedGrantType)) {
+            throw InvalidGrantException("Authorize not allowed: '$authorizedGrantType'")
+        }
+
         val identityOf = identityService.identityOf(clientOf, redirect.username) ?: throw InvalidIdentityException()
 
         var validIdentity = authenticator?.validCredentials(clientOf, identityOf, redirect.password)

oauth2-server-core/src/main/java/nl/myndocs/oauth2/client/AuthorizedGrantType.kt

@@ -0,0 +1,8 @@
+package nl.myndocs.oauth2.client
+
+object AuthorizedGrantType {
+    const val IMPLICIT = "implicit"
+    const val REFRESH_TOKEN = "refresh_token"
+    const val PASSWORD = "password"
+    const val AUTHORIZATION_CODE = "authorization_code"
+}

oauth2-server-core/src/main/java/nl/myndocs/oauth2/client/Client.kt

@@ -3,5 +3,6 @@ package nl.myndocs.oauth2.client
 data class Client(
         val clientId: String,
         val clientScopes: Set<String>,
-        val redirectUris: Set<String>
+        val redirectUris: Set<String>,
+        val authorizedGrantTypes: Set<String>
 )

oauth2-server-core/src/test/java/nl/myndocs/oauth2/AuthorizationCodeGrantTokenServiceTest.kt

@@ -5,6 +5,7 @@ import io.mockk.impl.annotations.InjectMockKs
 import io.mockk.impl.annotations.MockK
 import io.mockk.impl.annotations.RelaxedMockK
 import io.mockk.junit5.MockKExtension
+import nl.myndocs.oauth2.client.AuthorizedGrantType
 import nl.myndocs.oauth2.client.Client
 import nl.myndocs.oauth2.client.ClientService
 import nl.myndocs.oauth2.exception.InvalidClientException
@@ -60,7 +61,7 @@ internal class AuthorizationCodeGrantTokenServiceTest {
     fun validAuthorizationCodeGrant() {
         val requestScopes = setOf("scope1")
 
-        val client = Client(clientId, setOf("scope1", "scope2"), setOf())
+        val client = Client(clientId, setOf("scope1", "scope2"), setOf(), setOf(AuthorizedGrantType.AUTHORIZATION_CODE))
         val identity = Identity(username)
         val codeToken = CodeToken(code, Instant.now(), username, clientId, redirectUri, requestScopes)
 
@@ -88,7 +89,7 @@ internal class AuthorizationCodeGrantTokenServiceTest {
 
     @Test
     fun invalidClientException() {
-        val client = Client(clientId, setOf(), setOf())
+        val client = Client(clientId, setOf(), setOf(), setOf(AuthorizedGrantType.AUTHORIZATION_CODE))
         every { clientService.clientOf(clientId) } returns client
         every { clientService.validClient(client, clientSecret) } returns false
 
@@ -106,7 +107,7 @@ internal class AuthorizationCodeGrantTokenServiceTest {
                 redirectUri
         )
 
-        val client = Client(clientId, setOf(), setOf())
+        val client = Client(clientId, setOf(), setOf(), setOf(AuthorizedGrantType.AUTHORIZATION_CODE))
         every { clientService.clientOf(clientId) } returns client
         every { clientService.validClient(client, clientSecret) } returns true
 
@@ -124,7 +125,7 @@ internal class AuthorizationCodeGrantTokenServiceTest {
                 null
         )
 
-        val client = Client(clientId, setOf(), setOf())
+        val client = Client(clientId, setOf(), setOf(), setOf(AuthorizedGrantType.AUTHORIZATION_CODE))
         every { clientService.clientOf(clientId) } returns client
         every { clientService.validClient(client, clientSecret) } returns true
 
@@ -138,7 +139,7 @@ internal class AuthorizationCodeGrantTokenServiceTest {
         val wrongRedirectUri = ""
         val requestScopes = setOf("scope1")
 
-        val client = Client(clientId, setOf("scope1", "scope2"), setOf())
+        val client = Client(clientId, setOf("scope1", "scope2"), setOf(), setOf(AuthorizedGrantType.AUTHORIZATION_CODE))
         val codeToken = CodeToken(code, Instant.now(), username, clientId, wrongRedirectUri, requestScopes)
 
         val refreshToken = RefreshToken("test", Instant.now(), username, clientId, requestScopes)
@@ -157,7 +158,7 @@ internal class AuthorizationCodeGrantTokenServiceTest {
 
     @Test
     fun invalidCodeException() {
-        val client = Client(clientId, setOf("scope1", "scope2"), setOf())
+        val client = Client(clientId, setOf("scope1", "scope2"), setOf(), setOf(AuthorizedGrantType.AUTHORIZATION_CODE))
 
         every { clientService.clientOf(clientId) } returns client
         every { clientService.validClient(client, clientSecret) } returns true

oauth2-server-core/src/test/java/nl/myndocs/oauth2/PasswordGrantTokenServiceTest.kt

@@ -6,6 +6,7 @@ import io.mockk.impl.annotations.MockK
 import io.mockk.impl.annotations.RelaxedMockK
 import io.mockk.junit5.MockKExtension
 import io.mockk.verify
+import nl.myndocs.oauth2.client.AuthorizedGrantType
 import nl.myndocs.oauth2.client.Client
 import nl.myndocs.oauth2.client.ClientService
 import nl.myndocs.oauth2.exception.InvalidClientException
@@ -61,7 +62,7 @@ internal class PasswordGrantTokenServiceTest {
 
     @Test
     fun validPasswordGrant() {
-        val client = Client(clientId, setOf("scope1", "scope2"), setOf())
+        val client = Client(clientId, setOf("scope1", "scope2"), setOf(), setOf(AuthorizedGrantType.PASSWORD))
         val identity = Identity(username)
         val requestScopes = setOf("scope1")
         val refreshToken = RefreshToken("test", Instant.now(), username, clientId, requestScopes)
@@ -91,7 +92,7 @@ internal class PasswordGrantTokenServiceTest {
 
     @Test
     fun invalidClientException() {
-        val client = Client(clientId, setOf(), setOf())
+        val client = Client(clientId, setOf(), setOf(), setOf(AuthorizedGrantType.PASSWORD))
         every { clientService.clientOf(clientId) } returns client
         every { clientService.validClient(client, clientSecret) } returns false
 
@@ -110,7 +111,7 @@ internal class PasswordGrantTokenServiceTest {
                 scope
         )
 
-        val client = Client(clientId, setOf(), setOf())
+        val client = Client(clientId, setOf(), setOf(), setOf(AuthorizedGrantType.PASSWORD))
         every { clientService.clientOf(clientId) } returns client
         every { clientService.validClient(client, clientSecret) } returns true
 
@@ -129,7 +130,7 @@ internal class PasswordGrantTokenServiceTest {
                 scope
         )
 
-        val client = Client(clientId, setOf(), setOf())
+        val client = Client(clientId, setOf(), setOf(), setOf(AuthorizedGrantType.PASSWORD))
         every { clientService.clientOf(clientId) } returns client
         every { clientService.validClient(client, clientSecret) } returns true
 
@@ -140,7 +141,7 @@ internal class PasswordGrantTokenServiceTest {
 
     @Test
     fun invalidIdentityException() {
-        val client = Client(clientId, setOf(), setOf())
+        val client = Client(clientId, setOf(), setOf(), setOf(AuthorizedGrantType.PASSWORD))
         val identity = Identity(username)
 
         every { clientService.clientOf(clientId) } returns client
@@ -155,7 +156,7 @@ internal class PasswordGrantTokenServiceTest {
 
     @Test
     fun invalidIdentityScopeException() {
-        val client = Client(clientId, setOf("scope1", "scope2"), setOf())
+        val client = Client(clientId, setOf("scope1", "scope2"), setOf(), setOf(AuthorizedGrantType.PASSWORD))
         val identity = Identity(username)
 
         every { clientService.clientOf(clientId) } returns client
@@ -171,7 +172,7 @@ internal class PasswordGrantTokenServiceTest {
 
     @Test
     fun invalidRequestClientScopeException() {
-        val client = Client(clientId, setOf("scope3"), setOf())
+        val client = Client(clientId, setOf("scope3"), setOf(), setOf(AuthorizedGrantType.PASSWORD))
         val identity = Identity(username)
 
         every { clientService.clientOf(clientId) } returns client
@@ -195,7 +196,7 @@ internal class PasswordGrantTokenServiceTest {
                 null
         )
 
-        val client = Client(clientId, setOf("scope1", "scope2"), setOf())
+        val client = Client(clientId, setOf("scope1", "scope2"), setOf(), setOf(AuthorizedGrantType.PASSWORD))
         val identity = Identity(username)
         val requestScopes = setOf("scope1", "scope2")
         val refreshToken = RefreshToken("test", Instant.now(), username, clientId, requestScopes)

oauth2-server-core/src/test/java/nl/myndocs/oauth2/RefreshTokenGrantTokenServiceTest.kt

@@ -6,6 +6,7 @@ import io.mockk.impl.annotations.MockK
 import io.mockk.impl.annotations.RelaxedMockK
 import io.mockk.junit5.MockKExtension
 import io.mockk.verify
+import nl.myndocs.oauth2.client.AuthorizedGrantType
 import nl.myndocs.oauth2.client.Client
 import nl.myndocs.oauth2.client.ClientService
 import nl.myndocs.oauth2.exception.InvalidClientException
@@ -58,7 +59,7 @@ internal class RefreshTokenGrantTokenServiceTest {
 
     @Test
     fun validRefreshToken() {
-        val client = Client(clientId, setOf("scope1", "scope2"), setOf())
+        val client = Client(clientId, setOf("scope1", "scope2"), setOf(), setOf(AuthorizedGrantType.REFRESH_TOKEN))
         val token = RefreshToken("test", Instant.now(), username, clientId, scopes)
         val newRefreshToken = RefreshToken("test", Instant.now(), username, clientId, scopes)
         val accessToken = AccessToken("test", "bearer", Instant.now(), username, clientId, scopes, newRefreshToken)
@@ -79,7 +80,7 @@ internal class RefreshTokenGrantTokenServiceTest {
 
     @Test
     fun missingRefreshToken() {
-        val client = Client(clientId, setOf("scope1", "scope2"), setOf())
+        val client = Client(clientId, setOf("scope1", "scope2"), setOf(), setOf(AuthorizedGrantType.REFRESH_TOKEN))
 
         every { clientService.clientOf(clientId) } returns client
         every { clientService.validClient(client, clientSecret) } returns true
@@ -106,7 +107,7 @@ internal class RefreshTokenGrantTokenServiceTest {
 
     @Test
     fun invalidClientException() {
-        val client = Client(clientId, setOf(), setOf())
+        val client = Client(clientId, setOf(), setOf(), setOf(AuthorizedGrantType.REFRESH_TOKEN))
         every { clientService.clientOf(clientId) } returns client
         every { clientService.validClient(client, clientSecret) } returns false
 
@@ -117,7 +118,7 @@ internal class RefreshTokenGrantTokenServiceTest {
 
     @Test
     fun storedClientDoesNotMatchRequestedException() {
-        val client = Client(clientId, setOf("scope1", "scope2"), setOf())
+        val client = Client(clientId, setOf("scope1", "scope2"), setOf(), setOf(AuthorizedGrantType.REFRESH_TOKEN))
         val token = RefreshToken("test", Instant.now(), username, "wrong-client", scopes)
 
         every { clientService.clientOf(clientId) } returns client

oauth2-server-json/pom.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>kotlin-oauth2-server</artifactId>
+        <groupId>nl.myndocs</groupId>
+        <version>0.1.1</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>oauth2-server-json</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>2.8.5</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>3.1.1</version>
+                <configuration>
+                    <createSourcesJar>true</createSourcesJar>
+                    <artifactSet>
+                        <includes>
+                            <include>com.google.code.gson:*</include>
+                        </includes>
+                    </artifactSet>
+                    <relocations>
+                        <relocation>
+                            <pattern>com.google.gson</pattern>
+                            <shadedPattern>nl.myndocs.oauth2.shaded.com.google.gson</shadedPattern>
+                        </relocation>
+                    </relocations>
+                    <shadedArtifactAttached>true</shadedArtifactAttached>
+                    <transformers>
+                        <transformer
+                                implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
+                    </transformers>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>

oauth2-server-sparkjava/src/main/java/nl/myndocs/oauth2/sparkjava/json/JsonMapper.kt renamed to oauth2-server-json/src/main/java/nl/myndocs/oauth2/json/JsonMapper.kt

@@ -1,4 +1,4 @@
-package nl.myndocs.oauth2.sparkjava.json
+package nl.myndocs.oauth2.json
 
 import com.google.gson.Gson