View Javadoc
1   /*
2    * This file is part of ***  M y C o R e  ***
3    * See http://www.mycore.de/ for details.
4    *
5    * MyCoRe is free software: you can redistribute it and/or modify
6    * it under the terms of the GNU General Public License as published by
7    * the Free Software Foundation, either version 3 of the License, or
8    * (at your option) any later version.
9    *
10   * MyCoRe is distributed in the hope that it will be useful,
11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13   * GNU General Public License for more details.
14   *
15   * You should have received a copy of the GNU General Public License
16   * along with MyCoRe.  If not, see <http://www.gnu.org/licenses/>.
17   */
18  
19  package org.mycore.orcid.oauth;
20  
21  import java.io.IOException;
22  import java.net.URISyntaxException;
23  
24  import org.apache.logging.log4j.LogManager;
25  import org.apache.logging.log4j.Logger;
26  import org.jdom2.JDOMException;
27  import org.mycore.common.config.MCRConfiguration2;
28  import org.mycore.frontend.MCRFrontendUtil;
29  import org.mycore.frontend.servlets.MCRServlet;
30  import org.mycore.frontend.servlets.MCRServletJob;
31  import org.mycore.orcid.user.MCRORCIDSession;
32  import org.mycore.orcid.user.MCRORCIDUser;
33  import org.xml.sax.SAXException;
34  
35  import com.fasterxml.jackson.core.JsonProcessingException;
36  
37  import jakarta.servlet.http.HttpServletResponse;
38  
39  /**
40   * Implements ORCID OAuth2 authorization.
41   *
42   * User should invoke MCROAuthServlet without any parameters.
43   * The servlet will redirect the user to orcid.org authorization.
44   * The user will login at orcid.org and accept or deny this application as trusted party
45   * for the activity scopes defined in MCR.ORCID.OAuth.Scopes.
46   * orcid.org then redirects the user's browser to this servlet again.
47   * If the scopes were accepted by user, the response contains a code parameter.
48   * This code is exchanged for an access token and stored in the user's attributes here.
49   *
50   * See https://members.orcid.org/api/oauth/3legged-oauth
51   *
52   * @author Frank L\u00FCtzenkirchen
53   */
54  public class MCROAuthServlet extends MCRServlet {
55  
56      private static final long serialVersionUID = 1L;
57  
58      private static final Logger LOGGER = LogManager.getLogger(MCROAuthServlet.class);
59  
60      private String scopes = MCRConfiguration2.getStringOrThrow("MCR.ORCID.OAuth.Scopes");
61  
62      private String userServlet = MCRConfiguration2.getStringOrThrow("MCR.ORCID.OAuth.User.Servlet");
63  
64      private String redirectURL;
65  
66      @Override
67      protected void doGetPost(MCRServletJob job) throws Exception {
68          String baseURL = MCRFrontendUtil.getBaseURL();
69  
70          this.redirectURL = baseURL + job.getRequest().getServletPath().substring(1);
71          String userProfileURL = MCRServlet.getServletBaseURL() + userServlet;
72  
73          String code = job.getRequest().getParameter("code");
74          String error = job.getRequest().getParameter("error");
75  
76          if ((error != null) && !error.trim().isEmpty()) {
77              job.getResponse().sendRedirect(userProfileURL + "&XSL.error=" + error);
78          } else if ((code == null) || code.trim().isEmpty()) {
79              redirectToGetAuthorization(job);
80          } else {
81              String state = job.getRequest().getParameter("state");
82              if (!MCROAuthClient.buildStateParam().equals(state)) {
83                  String msg = "Invalid state, possibly cross-site request forgery?";
84                  job.getResponse().sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
85              }
86  
87              MCRTokenResponse token = exchangeCodeForAccessToken(code);
88  
89              MCRORCIDUser orcidUser = MCRORCIDSession.getCurrentUser();
90              orcidUser.store(token);
91              orcidUser.getProfile().getWorksSection();
92  
93              job.getResponse().sendRedirect(userProfileURL);
94          }
95      }
96  
97      private void redirectToGetAuthorization(MCRServletJob job)
98          throws URISyntaxException, IOException {
99          String url = MCROAuthClient.instance().getCodeRequestURL(redirectURL, scopes);
100         job.getResponse().sendRedirect(url);
101     }
102 
103     private MCRTokenResponse exchangeCodeForAccessToken(String code)
104         throws JsonProcessingException, IOException, JDOMException, SAXException {
105         MCRTokenRequest request = MCROAuthClient.instance().getTokenRequest();
106         request.set("grant_type", "authorization_code");
107         request.set("code", code);
108         request.set("redirect_uri", redirectURL);
109 
110         MCRTokenResponse token = request.post();
111         LOGGER.info("access granted for " + token.getORCID() + " " + token.getAccessToken());
112         return token;
113     }
114 }