Source code

001/*
002 *  Copyright 2026 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.mobileapp.site;
017
018import java.util.List;
019
020import org.apache.cocoon.environment.Request;
021import org.apache.cocoon.environment.Response;
022import org.apache.cocoon.environment.Session;
023import org.apache.http.HttpResponse;
024import org.apache.http.client.methods.HttpUriRequest;
025
026import org.ametys.plugins.site.proxy.BackOfficeRequestProxy;
027import org.ametys.plugins.site.proxy.SessionAttributeRequestProxy;
028
029/**
030 * Request proxy to forward OIDC tokens from the mobile app to the back office.
031 */
032public class OIDCSessionAttributeRequestProxy implements BackOfficeRequestProxy
033{
034    /** The prefix for incoming request headers from mobile app */
035    public static final String HEADER_PREFIX = "X-Ametys-Mobile-";
036    
037    private static final List<String> __ATTRIBUTES = List.of("oidc_token", "msal_token");
038
039    @Override
040    public void prepareBackOfficeRequest(Request request, HttpUriRequest backOfficeRequest)
041    {
042        Session session = request.getSession(false);
043        if (session != null)
044        {
045            for (String attributeName : __ATTRIBUTES)
046            {
047                // First, check if the attribute is present in the session
048                Object attribute = session.getAttribute(attributeName);
049                
050                // Otherwise, check if it's present as a request header (pushed by the mobile app)
051                if (attribute == null)
052                {
053                    attribute = request.getHeader(HEADER_PREFIX + attributeName);
054                    
055                    // FIXME MOBILEAPP-103: store session attributes at authentication time
056                    if (attribute != null)
057                    {
058                        session.setAttribute(attributeName, attribute);
059                    }
060                }
061                
062                if (attribute != null)
063                {
064                    backOfficeRequest.setHeader(SessionAttributeRequestProxy.HEADER_PREFIX + attributeName, attribute.toString());
065                }
066            }
067        }
068    }
069    
070    public void handleBackOfficeResponse(Response response, HttpResponse backOfficeResponse)
071    {
072        // Nothing to do
073    }
074}