kaissi-oss
diff --git a/‎openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java‎
Lines changed: 9 additions & 1 deletion b/‎openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approveDevice.jsp‎
Lines changed: 5 additions & 4 deletions b/‎openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approveDevice.jsp‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎openid-connect-server-webapp/src/main/webapp/WEB-INF/views/requestUserCode.jsp‎
Lines changed: 1 addition & 1 deletion b/‎openid-connect-server-webapp/src/main/webapp/WEB-INF/views/requestUserCode.jsp‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java‎
Lines changed: 26 additions & 8 deletions b/‎openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java‎
Lines changed: 26 additions & 8 deletions
diff --git a/‎openid-connect-server/src/main/java/org/mitre/oauth2/token/DeviceTokenGranter.java‎
Lines changed: 6 additions & 2 deletions b/‎openid-connect-server/src/main/java/org/mitre/oauth2/token/DeviceTokenGranter.java‎
Lines changed: 6 additions & 2 deletions
@@ -48,8 +48,16 @@ public interface DeviceCodeService {
  * @param client
  * @return
  */
-public DeviceCode consumeDeviceCode(String deviceCode, ClientDetails client);
+public DeviceCode findDeviceCode(String deviceCode, ClientDetails client);
 
+
+/**
+ * 
+ * @param deviceCode
+ * @param client
+ */
+public void clearDeviceCode(String deviceCode, ClientDetails client);
+
 /**
  * @param deviceCode
  * @param userCode
 
@@ -37,7 +37,7 @@
 </h1>
 
 <form name="confirmationForm"
-action="${pageContext.request.contextPath.endsWith('/') ? pageContext.request.contextPath : pageContext.request.contextPath.concat('/') }device-user/approve" method="post">
+action="${pageContext.request.contextPath.endsWith('/') ? pageContext.request.contextPath : pageContext.request.contextPath.concat('/') }device/approve" method="post">
 
 <div class="row">
 <div class="span5 offset1 well-small" style="text-align: left">
@@ -163,8 +163,9 @@
 </div>
 </c:if>
 
+<ul>
 <c:forEach var="scope" items="${ scopes }">
-
+<li>
 <c:if test="${ not empty scope.icon }">
 <i class="icon-${ fn:escapeXml(scope.icon) }"></i>
 </c:if> 
@@ -199,9 +200,9 @@
 
 </span>
 </c:if>
-
+</li>
 </c:forEach>
-
+</ul>
 </fieldset>
 
 </div>
 
@@ -39,7 +39,7 @@
 </c:if>
 
 
-<form action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }device-user/verify" method="POST">
+<form action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }device/verify" method="POST">
 
 <div class="row-fluid">
 <div class="span12">
 
@@ -90,22 +90,26 @@ public DeviceCode approveDeviceCode(DeviceCode dc, OAuth2Authentication auth) {
  * @see org.mitre.oauth2.service.DeviceCodeService#consumeDeviceCode(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)
  */
 @Override
-public DeviceCode consumeDeviceCode(String deviceCode, ClientDetails client) {
+public DeviceCode findDeviceCode(String deviceCode, ClientDetails client) {
 DeviceCode found = repository.getByDeviceCode(deviceCode);
 
-// make sure it's not used twice
-repository.remove(found);
-
-if (found.getClientId().equals(client.getClientId())) {
-// make sure the client matches, if so, we're good
-return found;
+if (found != null) {
+if (found.getClientId().equals(client.getClientId())) {
+// make sure the client matches, if so, we're good
+return found;
+} else {
+// if the clients don't match, pretend the code wasn't found
+return null;
+}
 } else {
-// if the clients don't match, pretend the code wasn't found
+// didn't find the code, return null
 return null;
 }
 
 }
 
+
+
 /* (non-Javadoc)
  * @see org.mitre.oauth2.service.DeviceCodeService#clearExpiredDeviceCodes()
  */
@@ -126,4 +130,18 @@ protected void doOperation(DeviceCode item) {
 }.execute();
 }
 
+/* (non-Javadoc)
+ * @see org.mitre.oauth2.service.DeviceCodeService#clearDeviceCode(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)
+ */
+@Override
+public void clearDeviceCode(String deviceCode, ClientDetails client) {
+DeviceCode found = findDeviceCode(deviceCode, client);
+
+if (found != null) {
+// make sure it's not used twice
+repository.remove(found);
+}
+
+}
+
 }
@@ -70,13 +70,15 @@ protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, Tok
 String deviceCode = tokenRequest.getRequestParameters().get("device_code");
 
 // look up the device code and consume it
-DeviceCode dc = deviceCodeService.consumeDeviceCode(deviceCode, client);
+DeviceCode dc = deviceCodeService.findDeviceCode(deviceCode, client);
 
 if (dc != null) {
 
 // make sure the code hasn't expired yet
 if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) {
-// TODO: return an error
+
+deviceCodeService.clearDeviceCode(deviceCode, client);
+
 throw new DeviceCodeExpiredException("Device code has expired " + deviceCode);
 
 } else if (!dc.isApproved()) {
@@ -90,6 +92,8 @@ protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, Tok
 
 OAuth2Authentication auth = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), dc.getAuthenticationHolder().getUserAuth());
 
+deviceCodeService.clearDeviceCode(deviceCode, client);
+
 return auth;
 }
 } else {