First draft of request token implementation

2025-06-08 00:16:09 +00:00 · 2020-12-22 15:39:39 +01:00 · 2020-12-22 15:39:39 +01:00 · 44967be4e3
commit 44967be4e3
parent f289746c2f
8 changed files with 210 additions and 10 deletions
--- a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/OwnCloudClient.java
+++ b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/OwnCloudClient.java
@ -48,15 +48,15 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.util.List;

+import static com.owncloud.android.lib.common.http.HttpConstants.AUTHORIZATION_HEADER;
 import static com.owncloud.android.lib.common.http.HttpConstants.OC_X_REQUEST_ID;

 public class OwnCloudClient extends HttpClient {

    public static final String WEBDAV_FILES_PATH_4_0 = "/remote.php/dav/files/";
    public static final String WEBDAV_PATH_4_0_AND_LATER = "/remote.php/dav";
-    private static final String WEBDAV_UPLOADS_PATH_4_0 = "/remote.php/dav/uploads/";
    public static final String STATUS_PATH = "/status.php";
-
+    private static final String WEBDAV_UPLOADS_PATH_4_0 = "/remote.php/dav/uploads/";
    private static final int MAX_REDIRECTIONS_COUNT = 3;
    private static final int MAX_REPEAT_COUNT_WITH_FRESH_CREDENTIALS = 1;

@ -104,8 +104,8 @@ public class OwnCloudClient extends HttpClient {
            method.setRequestHeader(HttpConstants.OC_X_REQUEST_ID, requestId);
            method.setRequestHeader(HttpConstants.USER_AGENT_HEADER, SingleSessionManager.getUserAgent());
            method.setRequestHeader(HttpConstants.ACCEPT_ENCODING_HEADER, HttpConstants.ACCEPT_ENCODING_IDENTITY);
-            if (mCredentials.getHeaderAuth() != null) {
-                method.setRequestHeader(HttpConstants.AUTHORIZATION_HEADER, mCredentials.getHeaderAuth());
+            if (mCredentials.getHeaderAuth() != null && method.getRequestHeader(AUTHORIZATION_HEADER) == null) {
+                method.setRequestHeader(AUTHORIZATION_HEADER, mCredentials.getHeaderAuth());
            }
            status = method.execute();

@ -136,7 +136,7 @@ public class OwnCloudClient extends HttpClient {
            method.setRequestHeader(HttpConstants.USER_AGENT_HEADER, SingleSessionManager.getUserAgent());
            method.setRequestHeader(HttpConstants.ACCEPT_ENCODING_HEADER, HttpConstants.ACCEPT_ENCODING_IDENTITY);
            if (mCredentials.getHeaderAuth() != null) {
-                method.setRequestHeader(HttpConstants.AUTHORIZATION_HEADER, mCredentials.getHeaderAuth());
+                method.setRequestHeader(AUTHORIZATION_HEADER, mCredentials.getHeaderAuth());
            }
            status = method.execute();

--- a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/authentication/OwnCloudCredentialsFactory.java
+++ b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/authentication/OwnCloudCredentialsFactory.java
@ -24,10 +24,6 @@

 package com.owncloud.android.lib.common.authentication;

-import com.owncloud.android.lib.common.OwnCloudClient;
-import com.owncloud.android.lib.common.http.HttpClient;
-import com.owncloud.android.lib.common.http.HttpConstants;
-
 public class OwnCloudCredentialsFactory {

    public static final String CREDENTIAL_CHARSET = "UTF-8";
--- a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/http/HttpConstants.java
+++ b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/http/HttpConstants.java
@ -51,6 +51,12 @@ public class HttpConstants {
    public static final String ACCEPT_ENCODING_IDENTITY = "identity";
    public static final String OC_FILE_REMOTE_ID = "OC-FileId";

+    // OAuth
+    public static final String HEADER_AUTHORIZATION_CODE = "code";
+    public static final String HEADER_GRANT_TYPE = "grant_type";
+    public static final String HEADER_REDIRECT_URI = "redirect_uri";
+    public static final String HEADER_CODE_VERIFIER = "code_verifier";
+
    /***********************************************************************************************************
     ************************************************ CONTENT TYPES ********************************************
     ***********************************************************************************************************/
--- a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/TokenRequestRemoteOperation.kt
+++ b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/TokenRequestRemoteOperation.kt
@ -0,0 +1,104 @@
+/* ownCloud Android Library is available under MIT license
+ *
+ *   @author Abel García de Prada
+ *
+ *   Copyright (C) 2020 ownCloud GmbH.
+ *
+ *   Permission is hereby granted, free of charge, to any person obtaining a copy
+ *   of this software and associated documentation files (the "Software"), to deal
+ *   in the Software without restriction, including without limitation the rights
+ *   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *   copies of the Software, and to permit persons to whom the Software is
+ *   furnished to do so, subject to the following conditions:
+ *
+ *   The above copyright notice and this permission notice shall be included in
+ *   all copies or substantial portions of the Software.
+ *
+ *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ *   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ *   BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ *   ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ *   CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ *   THE SOFTWARE.
+ *
+ */
+package com.owncloud.android.lib.resources.oauth
+
+import com.owncloud.android.lib.common.OwnCloudClient
+import com.owncloud.android.lib.common.http.HttpConstants.AUTHORIZATION_HEADER
+import com.owncloud.android.lib.common.http.HttpConstants.HEADER_AUTHORIZATION_CODE
+import com.owncloud.android.lib.common.http.HttpConstants.HEADER_CODE_VERIFIER
+import com.owncloud.android.lib.common.http.HttpConstants.HEADER_GRANT_TYPE
+import com.owncloud.android.lib.common.http.HttpConstants.HEADER_REDIRECT_URI
+import com.owncloud.android.lib.common.http.HttpConstants.HTTP_OK
+import com.owncloud.android.lib.common.http.methods.nonwebdav.PostMethod
+import com.owncloud.android.lib.common.operations.RemoteOperation
+import com.owncloud.android.lib.common.operations.RemoteOperationResult
+import com.owncloud.android.lib.resources.oauth.params.TokenRequestParams
+import com.owncloud.android.lib.resources.oauth.responses.TokenResponse
+import com.squareup.moshi.JsonAdapter
+import com.squareup.moshi.Moshi
+import okhttp3.FormBody
+import okio.ByteString.Companion.encodeUtf8
+import timber.log.Timber
+import java.net.URL
+
+/**
+ * Get OIDC Discovery
+ *
+ * @author Abel García de Prada
+ */
+class TokenRequestRemoteOperation(
+    private val tokenRequestParams: TokenRequestParams
+) : RemoteOperation<TokenResponse>() {
+
+    override fun run(client: OwnCloudClient): RemoteOperationResult<TokenResponse> {
+        var result: RemoteOperationResult<TokenResponse>
+
+        try {
+            val uriBuilder = client.baseUri.buildUpon().apply {
+                appendEncodedPath(tokenRequestParams.tokenEndpoint)
+            }.build()
+
+            val requestBody = FormBody.Builder()
+                .add(HEADER_AUTHORIZATION_CODE, tokenRequestParams.authorizationCode)
+                .add(HEADER_GRANT_TYPE, tokenRequestParams.grantType)
+                .add(HEADER_REDIRECT_URI, tokenRequestParams.redirectUri)
+                .add(HEADER_CODE_VERIFIER, tokenRequestParams.codeVerifier)
+                .build()
+
+            val postMethod = PostMethod(URL(uriBuilder.toString()), requestBody)
+
+            postMethod.addRequestHeader(AUTHORIZATION_HEADER, tokenRequestParams.clientAuth)
+
+            val status = client.executeHttpMethod(postMethod)
+
+            val responseBody = postMethod.getResponseBodyAsString()
+
+            if (status == HTTP_OK && responseBody != null) {
+                Timber.d("Successful response $responseBody")
+
+                // Parse the response
+                val moshi: Moshi = Moshi.Builder().build()
+                val jsonAdapter: JsonAdapter<TokenResponse> = moshi.adapter(TokenResponse::class.java)
+                val tokenResponse: TokenResponse? = jsonAdapter.fromJson(responseBody)
+
+                result = RemoteOperationResult(RemoteOperationResult.ResultCode.OK)
+                result.data = tokenResponse
+
+                Timber.d("Get tokens completed and parsed to $tokenResponse")
+            } else {
+                result = RemoteOperationResult(postMethod)
+                Timber.e("Failed response while getting tokens from the server status code: $status; response message: $responseBody")
+            }
+
+        } catch (e: Exception) {
+            result = RemoteOperationResult(e)
+            Timber.e(e, "Exception while getting tokens")
+        }
+
+        return result
+    }
+}
--- a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/params/TokenRequestParams.kt
+++ b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/params/TokenRequestParams.kt
@ -0,0 +1,33 @@
+/* ownCloud Android Library is available under MIT license
+ *
+ *   Copyright (C) 2020 ownCloud GmbH.
+ *
+ *   Permission is hereby granted, free of charge, to any person obtaining a copy
+ *   of this software and associated documentation files (the "Software"), to deal
+ *   in the Software without restriction, including without limitation the rights
+ *   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *   copies of the Software, and to permit persons to whom the Software is
+ *   furnished to do so, subject to the following conditions:
+ *
+ *   The above copyright notice and this permission notice shall be included in
+ *   all copies or substantial portions of the Software.
+ *
+ *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ *   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ *   BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ *   ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ *   CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ *   THE SOFTWARE.
+ */
+package com.owncloud.android.lib.resources.oauth.params
+
+class TokenRequestParams(
+    val tokenEndpoint: String,
+    val authorizationCode: String,
+    val grantType: String,
+    val redirectUri: String,
+    val codeVerifier: String,
+    val clientAuth: String
+)
--- a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/responses/TokenResponse.kt
+++ b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/responses/TokenResponse.kt
@ -0,0 +1,45 @@
+/* ownCloud Android Library is available under MIT license
+ *
+ *   Copyright (C) 2020 ownCloud GmbH.
+ *
+ *   Permission is hereby granted, free of charge, to any person obtaining a copy
+ *   of this software and associated documentation files (the "Software"), to deal
+ *   in the Software without restriction, including without limitation the rights
+ *   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *   copies of the Software, and to permit persons to whom the Software is
+ *   furnished to do so, subject to the following conditions:
+ *
+ *   The above copyright notice and this permission notice shall be included in
+ *   all copies or substantial portions of the Software.
+ *
+ *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ *   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ *   BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ *   ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ *   CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ *   THE SOFTWARE.
+ */
+
+package com.owncloud.android.lib.resources.oauth.responses
+
+import com.squareup.moshi.Json
+import com.squareup.moshi.JsonClass
+
+@JsonClass(generateAdapter = true)
+data class TokenResponse(
+    @Json(name = "access_token")
+    val accessToken: String,
+    @Json(name = "expires_in")
+    val expiresIn: Int,
+    @Json(name = "refresh_token")
+    val refreshToken: String,
+    @Json(name = "token_type")
+    val tokenType: String,
+    @Json(name = "user_id")
+    val userId: String?,
+    val scope: String?,
+    @Json(name = "additional_parameters")
+    val additionalParameters: Map<String, String>?
+)
--- a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/services/OIDCService.kt
+++ b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/services/OIDCService.kt
@ -25,10 +25,17 @@ package com.owncloud.android.lib.resources.oauth.services

 import com.owncloud.android.lib.common.OwnCloudClient
 import com.owncloud.android.lib.common.operations.RemoteOperationResult
+import com.owncloud.android.lib.resources.oauth.params.TokenRequestParams
 import com.owncloud.android.lib.resources.oauth.responses.OIDCDiscoveryResponse
+import com.owncloud.android.lib.resources.oauth.responses.TokenResponse

 interface OIDCService {

    fun getOIDCServerDiscovery(ownCloudClient: OwnCloudClient): RemoteOperationResult<OIDCDiscoveryResponse>

+    fun performTokenRequest(
+        ownCloudClient: OwnCloudClient,
+        tokenRequest: TokenRequestParams
+    ): RemoteOperationResult<TokenResponse>
+
 }
--- a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/services/implementation/OCOIDCService.kt
+++ b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/services/implementation/OCOIDCService.kt
@ -26,14 +26,23 @@ package com.owncloud.android.lib.resources.oauth.services.implementation
 import com.owncloud.android.lib.common.OwnCloudClient
 import com.owncloud.android.lib.common.operations.RemoteOperationResult
 import com.owncloud.android.lib.resources.oauth.GetOIDCDiscoveryRemoteOperation
+import com.owncloud.android.lib.resources.oauth.TokenRequestRemoteOperation
+import com.owncloud.android.lib.resources.oauth.params.TokenRequestParams
 import com.owncloud.android.lib.resources.oauth.responses.OIDCDiscoveryResponse
+import com.owncloud.android.lib.resources.oauth.responses.TokenResponse
 import com.owncloud.android.lib.resources.oauth.services.OIDCService

-class OCOIDCService() : OIDCService {
+class OCOIDCService : OIDCService {

    override fun getOIDCServerDiscovery(
        ownCloudClient: OwnCloudClient
    ): RemoteOperationResult<OIDCDiscoveryResponse> =
        GetOIDCDiscoveryRemoteOperation().execute(ownCloudClient)

+    override fun performTokenRequest(
+        ownCloudClient: OwnCloudClient,
+        tokenRequest: TokenRequestParams
+    ): RemoteOperationResult<TokenResponse> =
+        TokenRequestRemoteOperation(tokenRequest).execute(ownCloudClient)
+
 }