OAuthTokenCache: Use account id as key
Current implementation assumes that OAuth provider always exposes user name by using it for key in OAuth token cache. For some OAuth providers (most notably Google OAuth provider) this is not the case. Move from using user name to account id for token cache key. Postpone populating the cache to the point when the authentication already took place and use returned account id as cache key. Bug: Issue 4627 Change-Id: I59f15b7c5ca8be6d52b59d21fac58cba88ba7fe3
This commit is contained in:
David Ostrovsky
@@ -62,6 +62,7 @@ class OAuthSession {
|
||||
private final OAuthTokenCache tokenCache;
|
||||
private OAuthServiceProvider serviceProvider;
|
||||
private OAuthUserInfo user;
|
||||
private Account.Id accountId;
|
||||
private String redirectToken;
|
||||
private boolean linkMode;
|
||||
|
||||
@@ -80,7 +81,7 @@ class OAuthSession {
|
||||
}
|
||||
|
||||
boolean isLoggedIn() {
|
||||
return tokenCache.has(user);
|
||||
return user != null;
|
||||
}
|
||||
|
||||
boolean isOAuthFinal(HttpServletRequest request) {
|
||||
@@ -101,13 +102,10 @@ class OAuthSession {
|
||||
OAuthToken token = oauth.getAccessToken(
|
||||
new OAuthVerifier(request.getParameter("code")));
|
||||
user = oauth.getUserInfo(token);
|
||||
if (user != null && token != null) {
|
||||
tokenCache.put(user, token);
|
||||
}
|
||||
|
||||
if (isLoggedIn()) {
|
||||
log.debug("Login-SUCCESS " + this);
|
||||
authenticateAndRedirect(request, response);
|
||||
authenticateAndRedirect(request, response, token);
|
||||
return true;
|
||||
}
|
||||
response.sendError(SC_UNAUTHORIZED);
|
||||
@@ -128,7 +126,7 @@ class OAuthSession {
|
||||
}
|
||||
|
||||
private void authenticateAndRedirect(HttpServletRequest req,
|
||||
HttpServletResponse rsp) throws IOException {
|
||||
HttpServletResponse rsp, OAuthToken token) throws IOException {
|
||||
AuthRequest areq = new AuthRequest(user.getExternalId());
|
||||
AuthResult arsp;
|
||||
try {
|
||||
@@ -147,6 +145,9 @@ class OAuthSession {
|
||||
areq.setEmailAddress(user.getEmailAddress());
|
||||
areq.setDisplayName(user.getDisplayName());
|
||||
arsp = accountManager.authenticate(areq);
|
||||
|
||||
accountId = arsp.getAccountId();
|
||||
tokenCache.put(accountId, token);
|
||||
} catch (AccountException e) {
|
||||
log.error("Unable to authenticate user \"" + user + "\"", e);
|
||||
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
|
||||
@@ -215,7 +216,10 @@ class OAuthSession {
|
||||
}
|
||||
|
||||
void logout() {
|
||||
tokenCache.remove(user);
|
||||
if (accountId != null) {
|
||||
tokenCache.remove(accountId);
|
||||
accountId = null;
|
||||
}
|
||||
user = null;
|
||||
redirectToken = null;
|
||||
serviceProvider = null;
|
||||
@@ -247,8 +251,8 @@ class OAuthSession {
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "OAuthSession [token=" + tokenCache.get(user) + ", user=" + user
|
||||
+ "]";
|
||||
return "OAuthSession [token=" + tokenCache.get(accountId) + ", user="
|
||||
+ user + "]";
|
||||
}
|
||||
|
||||
public void setServiceProvider(OAuthServiceProvider provider) {
|
||||
|
||||
Reference in New Issue
Block a user