Source code

001/*
002 *  Copyright 2021 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.workspaces.extrausermgt.authentication.oidc;
017
018import java.util.Map;
019
020import org.apache.avalon.framework.parameters.Parameters;
021import org.apache.avalon.framework.thread.ThreadSafe;
022import org.apache.cocoon.acting.AbstractAction;
023import org.apache.cocoon.environment.ObjectModelHelper;
024import org.apache.cocoon.environment.Redirector;
025import org.apache.cocoon.environment.Request;
026import org.apache.cocoon.environment.Session;
027import org.apache.cocoon.environment.SourceResolver;
028
029import org.ametys.plugins.extrausermgt.authentication.oidc.AbstractOIDCCredentialProvider;
030
031/**
032 * Proxy callback for OpenId Connect protocol, so that one has to provide only one redirect URL to the identity provider.
033 */
034public class OIDCCallbackAction extends AbstractAction implements ThreadSafe
035{
036    /** Callback URL for all Ametys OIDC implementations */
037    public static final String CALLBACK_URL = "/_extra-user-management/oidc-callback";
038    
039    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
040    {
041        Request request = ObjectModelHelper.getRequest(objectModel);
042        Session session = request.getSession(true);
043        
044        String redirectUri = (String) session.getAttribute(AbstractOIDCCredentialProvider.REDIRECT_URI_SESSION_ATTRIBUTE);
045
046        if (redirectUri == null)
047        {
048            throw new IllegalArgumentException("OIDC callback must have a redirect URI");
049        }
050        
051        // handle errors
052        String error = request.getParameter("error");
053        String errorDescription = request.getParameter("error_description");
054        if (error != null || errorDescription != null) 
055        {
056            getLogger().warn(String.format("Received an error from OpenID provider. Redirecting to initial URI. Error: %s %nErrorDescription: %s", error, errorDescription));
057            redirector.redirect(true, redirectUri);
058        }
059        else
060        {
061            String queryString = request.getQueryString();
062            String actualRedirectUri = redirectUri.contains("?") ? redirectUri + "&" + queryString : redirectUri + "?" + queryString;
063            
064            redirector.redirect(true, actualRedirectUri);
065        }
066        
067        return EMPTY_MAP;
068    }
069}