Source code

001/*
002 * (C) Copyright 2011 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 * Contributors:
016 *     Thomas Roger <troger@nuxeo.com>
017 */
018
019package org.nuxeo.ecm.user.center;
020
021import static org.jboss.seam.ScopeType.CONVERSATION;
022import static org.nuxeo.ecm.platform.oauth2.Constants.TOKEN_SERVICE;
023
024import java.io.Serializable;
025import java.util.ArrayList;
026import java.util.Calendar;
027import java.util.HashMap;
028import java.util.List;
029import java.util.Map;
030
031import org.jboss.seam.annotations.In;
032import org.jboss.seam.annotations.Name;
033import org.jboss.seam.annotations.Scope;
034import org.nuxeo.ecm.core.api.DocumentModel;
035import org.nuxeo.ecm.core.api.DocumentModelList;
036import org.nuxeo.ecm.core.api.NuxeoPrincipal;
037import org.nuxeo.ecm.directory.Session;
038import org.nuxeo.ecm.directory.api.DirectoryService;
039import org.nuxeo.ecm.platform.oauth.tokens.OAuthTokenStoreImpl;
040import org.nuxeo.ecm.platform.oauth2.clients.OAuth2Client;
041import org.nuxeo.ecm.platform.oauth2.clients.OAuth2ClientService;
042import org.nuxeo.ecm.platform.oauth2.tokens.NuxeoOAuth2Token;
043import org.nuxeo.ecm.platform.oauth2.tokens.OAuth2TokenStore;
044import org.nuxeo.runtime.api.Framework;
045
046/**
047 * @author <a href="mailto:troger@nuxeo.com">Thomas Roger</a>
048 */
049@Name("authorizedApplicationsActions")
050@Scope(CONVERSATION)
051public class AuthorizedApplicationsActions implements Serializable {
052
053    private static final long serialVersionUID = 1L;
054
055    @In
056    protected NuxeoPrincipal currentUser;
057
058    public List<Map<String, Serializable>> getOAuth2AuthorizedApplications() {
059        List<Map<String, Serializable>> applications = new ArrayList<>();
060        OAuth2ClientService clientService = Framework.getService(OAuth2ClientService.class);
061        OAuth2TokenStore tokenStore = new OAuth2TokenStore(TOKEN_SERVICE);
062        // Get OAuth2 tokens for the current user
063        DocumentModelList tokens = tokenStore.query(getOAuth2QueryFilter());
064        // Join them with the related OAuth2 client
065        for (DocumentModel token : tokens) {
066            OAuth2Client client = clientService.getClient(
067                    (String) token.getPropertyValue(NuxeoOAuth2Token.SCHEMA + ":clientId"));
068            if (client != null) {
069                Map<String, Serializable> application = new HashMap<>();
070                application.put("id", token.getPropertyValue(NuxeoOAuth2Token.SCHEMA + ":id"));
071                application.put("applicationId", client.getId());
072                application.put("applicationName", client.getName());
073                Calendar creationDate = (Calendar) token.getPropertyValue(NuxeoOAuth2Token.SCHEMA + ":creationDate");
074                if (creationDate != null) {
075                    application.put("applicationAuthorizationDate", creationDate.getTime());
076                }
077                applications.add(application);
078            }
079        }
080        return applications;
081    }
082
083    public DocumentModelList getOAuthAuthorizedApplications() {
084        DirectoryService directoryService = Framework.getService(DirectoryService.class);
085        return Framework.doPrivileged(() -> {
086            try (Session session = directoryService.open(OAuthTokenStoreImpl.DIRECTORY_NAME)) {
087                Map<String, Serializable> queryFilter = getOAuthQueryFilter();
088                return session.query(queryFilter);
089            }
090        });
091    }
092
093    protected Map<String, Serializable> getOAuth2QueryFilter() {
094        Map<String, Serializable> filter = new HashMap<>();
095        filter.put("nuxeoLogin", currentUser.getName());
096        return filter;
097    }
098
099    protected Map<String, Serializable> getOAuthQueryFilter() {
100        Map<String, Serializable> filter = new HashMap<>();
101        filter.put("clientToken", 0);
102        filter.put("nuxeoLogin", currentUser.getName());
103        return filter;
104    }
105
106    public void revokeAccess(String directoryName, String id) {
107        DirectoryService directoryService = Framework.getService(DirectoryService.class);
108        Framework.doPrivileged(() -> {
109            try (Session session = directoryService.open(directoryName)) {
110                session.deleteEntry(id);
111            }
112        });
113    }
114
115}