[GitHub] incubator-usergrid pull request: External token validation (for UG...

[snoopdave]

Github user snoopdave commented on a diff in the pull request:

    https://github.com/apache/incubator-usergrid/pull/224#discussion_r28510168
  
    --- Diff: 
stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
 ---
    @@ -441,6 +480,209 @@ public Viewable handleAuthorizeForm( @Context UriInfo 
ui, @FormParam( "response_
         }
     
     
    +    /**
    +     * <p>
    +     * Validates access token from other or "external" Usergrid system.
    +     * Calls other system's /management/me endpoint to get the User 
associated with the access token.
    +     * If user does not exist locally, then user and organization with the 
same name of user is created.
    +     * If no user is returned from the other cluster, then this endpoint 
will return 401.
    +     * <p>
    +     *
    +     * <p>
    +     * See <a 
href="https://issues.apache.org/jira/browse/USERGRID-567";>USERGRID-567</a>
    +     * for details about Usergrid Central SSO.
    +     * </p>
    +     *
    +     * @param ui             Information about calling URI.
    +     * @param json           JSON object with fields: ext_access_token, ttl
    +     * @param callback       For JSONP support.
    +     * @return               Returns JSON object with access_token field.
    +     * @throws Exception     Returns 401 if access token cannot be 
validated
    +     */
    +    @POST
    +    @Path( "/externaltoken" )
    +    public Response validateExternalToken(
    +            @Context UriInfo ui,
    +            Map<String, Object> json,
    +            @QueryParam( "callback" ) @DefaultValue( "" ) String callback 
)  throws Exception {
    +
    +        if ( StringUtils.isEmpty( properties.getProperty( 
USERGRID_CENTRAL_URL ))) {
    +            throw new NotImplementedException( "External Token Validation 
Service is not configured" );
    +        }
    +
    +        Object extAccessTokenObj = json.get( "ext_access_token" );
    +        if ( extAccessTokenObj == null ) {
    +            throw new IllegalArgumentException("ext_access_token must be 
specified");
    +        }
    +        String extAccessToken = json.get("ext_access_token").toString();
    +
    +        Object ttlObj = json.get("ttl");
    +        if ( ttlObj == null ) {
    +            throw new IllegalArgumentException("ttl must be specified");
    +        }
    +        long ttl;
    +        try {
    +            ttl = Long.parseLong(ttlObj.toString());
    +        } catch ( NumberFormatException e ) {
    +            throw new IllegalArgumentException("ttl must be specified as a 
long");
    +        }
    +
    +        return validateExternalToken( ui, extAccessToken, ttl, callback );
    +    }
    +
    +
    +    /**
    +     * <p>
    +     * Validates access token from other or "external" Usergrid system.
    +     * Calls other system's /management/me endpoint to get the User
    +     * associated with the access token. If user does not exist locally,
    +     * then user and organizations will be created. If no user is returned
    +     * from the other cluster, then this endpoint will return 401.
    +     * </p>
    +     *
    +     * <p> Part of Usergrid Central SSO feature.
    +     * See <a 
href="https://issues.apache.org/jira/browse/USERGRID-567";>USERGRID-567</a>
    +     * for details about Usergrid Central SSO.
    +     * </p>
    +     *
    +     * @param ui             Information about calling URI.
    +     * @param extAccessToken Access token from external Usergrid system.
    +     * @param ttl            Time to live for token.
    +     * @param callback       For JSONP support.
    +     * @return               Returns JSON object with access_token field.
    +     * @throws Exception     Returns 401 if access token cannot be 
validated
    +     */
    +    @GET
    +    @Path( "/externaltoken" )
    +    public Response validateExternalToken(
    +                                @Context UriInfo ui,
    +                                @QueryParam( "ext_access_token" ) String 
extAccessToken,
    +                                @QueryParam( "ttl" ) @DefaultValue("-1") 
long ttl,
    +                                @QueryParam( "callback" ) @DefaultValue( 
"" ) String callback )
    +            throws Exception {
    +
    +
    +        if ( StringUtils.isEmpty( properties.getProperty( 
USERGRID_CENTRAL_URL ))) {
    +            throw new NotImplementedException( "External Token Validation 
Service is not configured" );
    +        }
    +
    +        if ( extAccessToken == null ) {
    +            throw new IllegalArgumentException("ext_access_token must be 
specified");
    +        }
    +
    +        if ( ttl == -1 ) {
    +            throw new IllegalArgumentException("ttl must be specified");
    +        }
    +
    +        // look up user via UG Central's /management/me endpoint.
    +
    +        JsonNode accessInfoNode = getMeFromUgCentral( extAccessToken );
    +
    +        JsonNode userNode = accessInfoNode.get( "user" );
    +        String username = userNode.get( "username" ).getTextValue();
    +
    +        // if user does not exist locally then we need to fix that
    +
    +        UUID userId = null;
    +        final OrganizationInfo organizationInfo = 
management.getOrganizationByName(username);
    +
    +        if ( organizationInfo == null ) {
    --- End diff --
    
    Fixed. Now lookup user instead of org.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---