1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.mycore.orcid.oauth;
20
21 import java.io.IOException;
22 import java.net.URISyntaxException;
23
24 import org.apache.logging.log4j.LogManager;
25 import org.apache.logging.log4j.Logger;
26 import org.jdom2.JDOMException;
27 import org.mycore.common.config.MCRConfiguration2;
28 import org.mycore.frontend.MCRFrontendUtil;
29 import org.mycore.frontend.servlets.MCRServlet;
30 import org.mycore.frontend.servlets.MCRServletJob;
31 import org.mycore.orcid.user.MCRORCIDSession;
32 import org.mycore.orcid.user.MCRORCIDUser;
33 import org.xml.sax.SAXException;
34
35 import com.fasterxml.jackson.core.JsonProcessingException;
36
37 import jakarta.servlet.http.HttpServletResponse;
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54 public class MCROAuthServlet extends MCRServlet {
55
56 private static final long serialVersionUID = 1L;
57
58 private static final Logger LOGGER = LogManager.getLogger(MCROAuthServlet.class);
59
60 private String scopes = MCRConfiguration2.getStringOrThrow("MCR.ORCID.OAuth.Scopes");
61
62 private String userServlet = MCRConfiguration2.getStringOrThrow("MCR.ORCID.OAuth.User.Servlet");
63
64 private String redirectURL;
65
66 @Override
67 protected void doGetPost(MCRServletJob job) throws Exception {
68 String baseURL = MCRFrontendUtil.getBaseURL();
69
70 this.redirectURL = baseURL + job.getRequest().getServletPath().substring(1);
71 String userProfileURL = MCRServlet.getServletBaseURL() + userServlet;
72
73 String code = job.getRequest().getParameter("code");
74 String error = job.getRequest().getParameter("error");
75
76 if ((error != null) && !error.trim().isEmpty()) {
77 job.getResponse().sendRedirect(userProfileURL + "&XSL.error=" + error);
78 } else if ((code == null) || code.trim().isEmpty()) {
79 redirectToGetAuthorization(job);
80 } else {
81 String state = job.getRequest().getParameter("state");
82 if (!MCROAuthClient.buildStateParam().equals(state)) {
83 String msg = "Invalid state, possibly cross-site request forgery?";
84 job.getResponse().sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
85 }
86
87 MCRTokenResponse token = exchangeCodeForAccessToken(code);
88
89 MCRORCIDUser orcidUser = MCRORCIDSession.getCurrentUser();
90 orcidUser.store(token);
91 orcidUser.getProfile().getWorksSection();
92
93 job.getResponse().sendRedirect(userProfileURL);
94 }
95 }
96
97 private void redirectToGetAuthorization(MCRServletJob job)
98 throws URISyntaxException, IOException {
99 String url = MCROAuthClient.instance().getCodeRequestURL(redirectURL, scopes);
100 job.getResponse().sendRedirect(url);
101 }
102
103 private MCRTokenResponse exchangeCodeForAccessToken(String code)
104 throws JsonProcessingException, IOException, JDOMException, SAXException {
105 MCRTokenRequest request = MCROAuthClient.instance().getTokenRequest();
106 request.set("grant_type", "authorization_code");
107 request.set("code", code);
108 request.set("redirect_uri", redirectURL);
109
110 MCRTokenResponse token = request.post();
111 LOGGER.info("access granted for " + token.getORCID() + " " + token.getAccessToken());
112 return token;
113 }
114 }