Source code

001/*
002 * (C) Copyright 2019 Nuxeo (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Salem Aouana
018 */
019
020package org.nuxeo.ecm.platform.oauth2.tokens;
021
022import static java.util.Objects.requireNonNull;
023import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
024import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
025import static org.nuxeo.ecm.platform.oauth2.tokens.NuxeoOAuth2Token.KEY_NUXEO_LOGIN;
026import static org.nuxeo.ecm.platform.oauth2.tokens.NuxeoOAuth2Token.KEY_SERVICE_NAME;
027
028import java.util.List;
029import java.util.stream.Collectors;
030
031import org.apache.commons.lang3.StringUtils;
032import org.nuxeo.ecm.core.api.DocumentModel;
033import org.nuxeo.ecm.core.api.NuxeoException;
034import org.nuxeo.ecm.core.api.NuxeoPrincipal;
035import org.nuxeo.ecm.core.query.sql.model.Predicates;
036import org.nuxeo.ecm.core.query.sql.model.QueryBuilder;
037import org.nuxeo.ecm.directory.Session;
038import org.nuxeo.ecm.directory.api.DirectoryService;
039import org.nuxeo.ecm.platform.oauth2.enums.NuxeoOAuth2TokenType;
040import org.nuxeo.runtime.api.Framework;
041import org.nuxeo.runtime.model.DefaultComponent;
042
043/**
044 * The implementation that manages the oauth2 tokens in Nuxeo.
045 *
046 * @since 11.1
047 */
048public class OAuth2TokenServiceImpl extends DefaultComponent implements OAuth2TokenService {
049
050    public static final String TOKEN_DIR = "oauth2Tokens";
051
052    @Override
053    public List<NuxeoOAuth2Token> getTokens(NuxeoPrincipal principal) {
054        return findTokens(getQueryBuilder(null, null), principal);
055    }
056
057    @Override
058    public List<NuxeoOAuth2Token> getTokens(String nxuser) {
059        requireNonNull(nxuser, "nxuser cannot be null");
060        return findTokens(getQueryBuilder(nxuser, null));
061    }
062
063    @Override
064    public List<NuxeoOAuth2Token> getTokens(NuxeoOAuth2TokenType type, NuxeoPrincipal principal) {
065        requireNonNull(type, "oAuth2TokenType cannot be null");
066        return findTokens(getQueryBuilder(null, type), principal);
067    }
068
069    @Override
070    public List<NuxeoOAuth2Token> getTokens(String nxuser, NuxeoOAuth2TokenType type) {
071        requireNonNull(nxuser, "nxuser cannot be null");
072        requireNonNull(type, "oAuth2TokenType cannot be null");
073
074        return findTokens(getQueryBuilder(nxuser, type));
075    }
076
077    @Override
078    public List<NuxeoOAuth2Token> search(String query, NuxeoPrincipal principal) {
079        return findTokens(getQueryBuilder(query), principal);
080    }
081
082    protected List<NuxeoOAuth2Token> findTokens(QueryBuilder queryBuilder) {
083        return findTokens(queryBuilder, null);
084    }
085
086    protected List<NuxeoOAuth2Token> findTokens(QueryBuilder queryBuilder, NuxeoPrincipal principal) {
087        if (principal != null) {
088            checkPermission(principal);
089        }
090        return Framework.doPrivileged(() -> {
091            DirectoryService ds = Framework.getService(DirectoryService.class);
092            try (Session session = ds.open(TOKEN_DIR)) {
093                List<DocumentModel> documents = session.query(queryBuilder, false);
094                return documents.stream().map(NuxeoOAuth2Token::new).collect(Collectors.toList());
095            }
096        });
097    }
098
099    protected void checkPermission(NuxeoPrincipal principal) {
100        if (!principal.isAdministrator()) {
101            throw new NuxeoException("You do not have permissions to perform this operation.", SC_FORBIDDEN);
102        }
103    }
104
105    protected QueryBuilder getQueryBuilder(String query) {
106        if (StringUtils.isEmpty(query)) {
107            throw new NuxeoException("query is required", SC_BAD_REQUEST);
108        }
109
110        String match = String.format("%%%s%%", query);
111        return new QueryBuilder().predicate(
112                Predicates.or(Predicates.like(KEY_NUXEO_LOGIN, match), Predicates.like(KEY_SERVICE_NAME, match)));
113
114    }
115
116    protected QueryBuilder getQueryBuilder(String nxuser, NuxeoOAuth2TokenType type) {
117        QueryBuilder queryBuilder = new QueryBuilder();
118
119        if (nxuser != null) {
120            queryBuilder.predicate(Predicates.eq(NuxeoOAuth2Token.KEY_NUXEO_LOGIN, nxuser));
121        }
122        if (type != null) {
123            queryBuilder.predicate(type.getPredicate());
124        }
125        return queryBuilder;
126    }
127}