diff --git a/client/src/main/java/dk/acto/fafnir/client/JwtValidator.java b/client/src/main/java/dk/acto/fafnir/client/JwtValidator.java index 660d1f8..4f1cd5f 100644 --- a/client/src/main/java/dk/acto/fafnir/client/JwtValidator.java +++ b/client/src/main/java/dk/acto/fafnir/client/JwtValidator.java @@ -31,56 +31,61 @@ public class JwtValidator { public JwtAuthentication decodeToken(String authHeader) { var decoder = Optional.of(publicKeyProvider.getPublicKey()) - .map(Base64.getDecoder()::decode) - .map(X509EncodedKeySpec::new) - .map(x -> Try.of(() -> KeyFactory.getInstance("RSA")) - .mapTry(y -> y.generatePublic(x)) - .toJavaOptional() - .orElseThrow(InvalidPublicKey::new)) - .map(x -> Jwts.parserBuilder().setSigningKey(x).build()) - .orElseThrow(InvalidPublicKey::new); + .map(Base64.getDecoder()::decode) + .map(X509EncodedKeySpec::new) + .map(x -> Try.of(() -> KeyFactory.getInstance("RSA")) + .mapTry(y -> y.generatePublic(x)) + .toJavaOptional() + .orElseThrow(InvalidPublicKey::new)) + .map(x -> Jwts.parserBuilder().setSigningKey(x).build()) + .orElseThrow(InvalidPublicKey::new); var claims = Try.of(() -> auth.matcher(authHeader)) - .filter(Matcher::matches) - .map(x -> x.group(2)) - .mapTry(decoder::parseClaimsJws) - .map(Jwt::getBody) - .getOrNull(); + .filter(Matcher::matches) + .map(x -> x.group(2)) + .mapTry(decoder::parseClaimsJws) + .map(Jwt::getBody) + .getOrNull(); + + if (claims == null) { + System.err.println("Claims could not be parsed from the token."); + return null; + } return Optional.ofNullable(claims).map(c -> JwtAuthentication.builder() - .details(mapClaims(claims)) - .authorities(ap.mapAuthorities(claims)) - .build()) - .orElse(null); + .details(mapClaims(c)) + .authorities(ap.mapAuthorities(c)) + .build()) + .orElse(null); } private FafnirUser mapClaims(Claims claims) { return FafnirUser.builder() - .data(UserData.builder() - .subject(claims.getSubject()) - .name(claims.get("name", String.class)) - .locale(Optional.ofNullable(claims.get("locale", String.class)) - .map(Locale::forLanguageTag) - .orElse(null)) - .metaId(claims.get("mId", String.class)) - .providerOrg(claims.get("provider_org", String.class)) - .created(claims.getIssuedAt().toInstant()) - .build()) - .organisationId(claims.get("org_id", String.class)) - .organisationName(claims.get("org_name", String.class)) - .provider(claims.getIssuer()) - .roles(mapRoles(claims.get("role"))) - .build(); + .data(UserData.builder() + .subject(claims.getSubject()) + .name(claims.get("name", String.class)) + .locale(Optional.ofNullable(claims.get("locale", String.class)) + .map(Locale::forLanguageTag) + .orElse(null)) + .metaId(claims.get("mId", String.class)) + .providerOrg(claims.get("provider_org", String.class)) + .created(claims.getIssuedAt().toInstant()) + .build()) + .organisationId(claims.get("org_id", String.class)) + .organisationName(claims.get("org_name", String.class)) + .provider(claims.getIssuer()) + .roles(mapRoles(claims.get("role"))) + .build(); } private String[] mapRoles(Object roles) { var builder = Stream.builder(); Optional.ofNullable(roles) - .ifPresent(r -> Try.of(() -> (List) r) - .forEach(list -> list - .forEach(each -> Try.of(() -> (String) each) - .forEach(builder)))); + .ifPresent(r -> Try.of(() -> (List) r) + .forEach(list -> list + .forEach(each -> Try.of(() -> (String) each) + .forEach(builder)))); return builder.build().toArray(String[]::new); } diff --git a/sso/src/main/java/dk/acto/fafnir/sso/provider/UniLoginProvider.java b/sso/src/main/java/dk/acto/fafnir/sso/provider/UniLoginProvider.java index 68b6b96..d48d87f 100644 --- a/sso/src/main/java/dk/acto/fafnir/sso/provider/UniLoginProvider.java +++ b/sso/src/main/java/dk/acto/fafnir/sso/provider/UniLoginProvider.java @@ -67,7 +67,6 @@ public AuthenticationResult callback(UniloginTokenCredentials data, HttpSession var CODE_VERIFIER = (String) session.getAttribute("codeVerifier"); - var accessCode = data.getCode(); AccessToken accessToken; @@ -77,14 +76,13 @@ public AuthenticationResult callback(UniloginTokenCredentials data, HttpSession intro = getIntrospectToken(accessToken.getAccess_token(), UL_CLIENT_ID, UL_SECRET, OID_BASE_URL); - if (intro == null) { return AuthenticationResult.failure(FailureReason.AUTHENTICATION_FAILED); } var userId = intro.getUniid(); - var institutions = getInstitutionList(userId); + if (institutions.isEmpty()) { return AuthenticationResult.failure(FailureReason.CONNECTION_FAILED); } else if (institutions.size() == 1) {