detached whitelist from approved sites, closes mitreid-connect#781

Author: jricher

openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java

@@ -82,9 +82,6 @@ public class ApprovedSite {
 // this should include all information for what data to access
 private Set<String> allowedScopes;
 
-// If this AP is a WS, link to the WS
-private WhitelistedSite whitelistedSite;
-
 //Link to any access tokens approved through this stored decision
 private Set<OAuth2AccessTokenEntity> approvedAccessTokens = Sets.newHashSet();
 
@@ -215,26 +212,6 @@ public void setTimeoutDate(Date timeoutDate) {
 this.timeoutDate = timeoutDate;
 }
 
-/**
- * Does this AP entry correspond to a WS?
- * @return
- */
-@Transient
-public Boolean getIsWhitelisted() {
-return (whitelistedSite != null);
-}
-
-
-@ManyToOne
-@JoinColumn(name="whitelisted_site_id")
-public WhitelistedSite getWhitelistedSite() {
-return whitelistedSite;
-}
-
-public void setWhitelistedSite(WhitelistedSite whitelistedSite) {
-this.whitelistedSite = whitelistedSite;
-}
-
 /**
  * Has this approval expired?
  * @return

openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java

@@ -21,7 +21,6 @@
 import java.util.Set;
 
 import org.mitre.openid.connect.model.ApprovedSite;
-import org.mitre.openid.connect.model.WhitelistedSite;
 import org.springframework.security.oauth2.provider.ClientDetails;
 
 /**
@@ -33,7 +32,7 @@
 public interface ApprovedSiteService {
 
 
-public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes, WhitelistedSite whitelistedSite);
+public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes);
 
 /**
  * Return a collection of all ApprovedSites

openid-connect-server-webapp/src/main/webapp/resources/js/admin.js

@@ -801,7 +801,6 @@ var AppRouter = Backbone.Router.extend({
  this.updateSidebar('user/approved');
 
  var view = new ApprovedSiteListView({model:this.approvedSiteList, clientList: this.clientList, systemScopeList: this.systemScopeList});
- 
  view.load( 
  function(collection, response, options) {
  $('#content').html(view.render().el);

openid-connect-server-webapp/src/main/webapp/resources/js/grant.js

@@ -70,7 +70,6 @@ var ApprovedSiteListView = Backbone.View.extend({
 $(this.el).html($('#tmpl-grant-table').html());
 
 var approvedSiteCount = 0;
-var whitelistCount = 0;
 
 var _self = this;
 
@@ -80,17 +79,10 @@ var ApprovedSiteListView = Backbone.View.extend({
 
 if (client != null) {
 
-if (approvedSite.get('whitelistedSite') != null) {
-var view = new ApprovedSiteView({model: approvedSite, client: client, systemScopeList: this.options.systemScopeList});
-view.parentView = _self;
-$('#grant-whitelist-table', this.el).append(view.render().el);
-whitelistCount = whitelistCount + 1;
-} else {
-var view = new ApprovedSiteView({model: approvedSite, client: client, systemScopeList: this.options.systemScopeList});
-view.parentView = _self;
-$('#grant-table', this.el).append(view.render().el);
-approvedSiteCount = approvedSiteCount + 1;
-}
+var view = new ApprovedSiteView({model: approvedSite, client: client, systemScopeList: this.options.systemScopeList});
+view.parentView = _self;
+$('#grant-table', this.el).append(view.render().el);
+approvedSiteCount = approvedSiteCount + 1;
 
 }
 
@@ -102,36 +94,15 @@ var ApprovedSiteListView = Backbone.View.extend({
 },
 
 togglePlaceholder:function() {
-// count the whitelisted and non-whitelisted entries
-var wl = 0;
-var gr = 0;
-for (var i = 0; i < this.model.length; i++) {
-if (this.model.at(i).get('whitelistedSite') != null) {
-wl += 1;
-} else {
-gr += 1;
-}
-}
-
-if (wl > 0) {
-$('#grant-whitelist-table', this.el).show();
-$('#grant-whitelist-table-empty', this.el).hide();
-} else {
-$('#grant-whitelist-table', this.el).hide();
-$('#grant-whitelist-table-empty', this.el).show();
-}
-if (gr > 0) {
+// count entries
+if (this.model.length > 0) {
 $('#grant-table', this.el).show();
 $('#grant-table-empty', this.el).hide();
 } else {
 $('#grant-table', this.el).hide();
 $('#grant-table-empty', this.el).show();
 }
 
-$('#approvde-site-count', this.el).html(gr);
-$('#whitelist-count', this.el).html(wl);
-
-
 },
 
  refreshTable:function(e) {
@@ -231,7 +202,6 @@ var ApprovedSiteView = Backbone.View.extend({
  $('.client-more-info-block', this.el).html(this.moreInfoTemplate({client: this.options.client.toJSON()}));
 
  this.$('.dynamically-registered').tooltip({title: $.t('grant.grant-table.dynamically-registered')});
- this.$('.whitelisted-site').tooltip({title: $.t('grant.grant-table.whitelisted-site')});
  this.$('.tokens').tooltip({title: $.t('grant.grant-table.active-tokens')});
  $(this.el).i18n();
 return this;

openid-connect-server-webapp/src/main/webapp/resources/template/grant.html

@@ -22,16 +22,7 @@
 <button class="btn btn-small refresh-table"><i class="icon-refresh"></i> <span data-i18n="common.refresh">Refresh</span></button>
  </div>
 
-<div class="tabbable">
-
- <ul class="nav nav-tabs">
-<li class="active"><a data-target="#grant-approved-tab" data-toggle="tab" href="#"><span data-i18n="grant.grant-table.approved-sites">Approved Sites</span> <span class="label label-info" id="approvde-site-count">?</span></a></li>
-<li><a data-target="#grant-whitelist-tab" data-toggle="tab" href="#"><span data-i18n="grant.grant-table.whitelisted-sites">Whitelisted Sites</span> <span class="label label-info" id="whitelist-count">?</span></a></li>
-</ul>
-
-<div class="tab-content">
-
-<div class="tab-pane active" id="grant-approved-tab">
+<div id="grant-approved-tab">
 
 <p data-i18n="grant.grant-table.text">These are sites you have approved manually. If the same site asks for the same access in the future, it will
 be granted without prompting.</p>
@@ -55,34 +46,6 @@
 
 </div>
 
-<div class="tab-pane" id="grant-whitelist-tab">
-
-<p data-i18n="grant.grant-table.pre-approved">These are sites that have been pre-approved by an administrator.</p>
-<p class="text-warning" data-i18n="[html]grant.grant-table.whitelist-note"><b>NOTE:</b> If you revoke them here, they will automatically be re-approved on your next visit wthout prompting.</p>
-
-<div id="grant-whitelist-table-empty" class="alert alert-info" data-i18n="grant.grant-table.no-whitelisted">
-You have not accessed any whitelisted sites.
-</div>
-
- <table id="grant-whitelist-table" class="table table-hover table-striped">
- <thead>
- <tr>
-<th></th>
- <th data-i18n="grant.grant-table.application">Application</th>
-<th><i class="icon-time"></i></th>
- <th><i class="icon-edit"></i></th>
- </tr>
- </thead>
- <tbody>
- </tbody>
- </table>
-
-</div>
-
-</div>
-
-</div>
-
  <div class="well well-small">
 <button class="btn btn-small refresh-table"><i class="icon-refresh"></i> <span data-i18n="common.refresh">Refresh</span></button>
  </div>

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java

@@ -23,7 +23,6 @@
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.openid.connect.model.ApprovedSite;
-import org.mitre.openid.connect.model.WhitelistedSite;
 import org.mitre.openid.connect.repository.ApprovedSiteRepository;
 import org.mitre.openid.connect.service.ApprovedSiteService;
 import org.mitre.openid.connect.service.StatsService;
@@ -99,8 +98,7 @@ public void remove(ApprovedSite approvedSite) {
 
 @Override
 @Transactional
-public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes,
-WhitelistedSite whitelistedSite) {
+public ApprovedSite createApprovedSite(String clientId, String userId, Date timeoutDate, Set<String> allowedScopes) {
 
 ApprovedSite as = approvedSiteRepository.save(new ApprovedSite());
 
@@ -111,7 +109,6 @@ public ApprovedSite createApprovedSite(String clientId, String userId, Date time
 as.setUserId(userId);
 as.setTimeoutDate(timeoutDate);
 as.setAllowedScopes(allowedScopes);
-as.setWhitelistedSite(whitelistedSite);
 
 return save(as);
 

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java

@@ -493,7 +493,6 @@ private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) t
 }
 
 Map<Long, Long> grantOldToNewIdMap = new HashMap<>();
-Map<Long, Long> grantToWhitelistedSiteRefs = new HashMap<>();
 Map<Long, Set<Long>> grantToAccessTokensRefs = new HashMap<>();
 
 /**
@@ -553,7 +552,7 @@ private void readGrants(JsonReader reader) throws IOException {
 Long newId = approvedSiteRepository.save(site).getId();
 grantOldToNewIdMap.put(currentId, newId);
 if (whitelistedSiteId != null) {
-grantToWhitelistedSiteRefs.put(currentId, whitelistedSiteId);
+logger.debug("Ignoring whitelisted site marker on approved site.");
 }
 if (tokenIds != null) {
 grantToAccessTokensRefs.put(currentId, tokenIds);
@@ -894,16 +893,6 @@ private void fixObjectReferences() {
 tokenRepository.saveAccessToken(accessToken);
 }
 accessTokenToIdTokenRefs.clear();
-for (Long oldGrantId : grantToWhitelistedSiteRefs.keySet()) {
-Long oldWhitelistedSiteId = grantToWhitelistedSiteRefs.get(oldGrantId);
-Long newWhitelistedSiteId = whitelistedSiteOldToNewIdMap.get(oldWhitelistedSiteId);
-WhitelistedSite wlSite = wlSiteRepository.getById(newWhitelistedSiteId);
-Long newGrantId = grantOldToNewIdMap.get(oldGrantId);
-ApprovedSite approvedSite = approvedSiteRepository.getById(newGrantId);
-approvedSite.setWhitelistedSite(wlSite);
-approvedSiteRepository.save(approvedSite);
-}
-grantToWhitelistedSiteRefs.clear();
 whitelistedSiteOldToNewIdMap.clear();
 for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
 Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java

@@ -503,7 +503,6 @@ private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) t
 }
 
 Map<Long, Long> grantOldToNewIdMap = new HashMap<>();
-Map<Long, Long> grantToWhitelistedSiteRefs = new HashMap<>();
 Map<Long, Set<Long>> grantToAccessTokensRefs = new HashMap<>();
 
 /**
@@ -563,7 +562,7 @@ private void readGrants(JsonReader reader) throws IOException {
 Long newId = approvedSiteRepository.save(site).getId();
 grantOldToNewIdMap.put(currentId, newId);
 if (whitelistedSiteId != null) {
-grantToWhitelistedSiteRefs.put(currentId, whitelistedSiteId);
+logger.debug("Ignoring whitelisted site marker on approved site.");
 }
 if (tokenIds != null) {
 grantToAccessTokensRefs.put(currentId, tokenIds);
@@ -908,16 +907,6 @@ private void fixObjectReferences() {
 tokenRepository.saveAccessToken(accessToken);
 }
 accessTokenToIdTokenRefs.clear();
-for (Long oldGrantId : grantToWhitelistedSiteRefs.keySet()) {
-Long oldWhitelistedSiteId = grantToWhitelistedSiteRefs.get(oldGrantId);
-Long newWhitelistedSiteId = whitelistedSiteOldToNewIdMap.get(oldWhitelistedSiteId);
-WhitelistedSite wlSite = wlSiteRepository.getById(newWhitelistedSiteId);
-Long newGrantId = grantOldToNewIdMap.get(oldGrantId);
-ApprovedSite approvedSite = approvedSiteRepository.getById(newGrantId);
-approvedSite.setWhitelistedSite(wlSite);
-approvedSiteRepository.save(approvedSite);
-}
-grantToWhitelistedSiteRefs.clear();
 for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
 Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
 Set<OAuth2AccessTokenEntity> tokens = new HashSet<>();

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java

@@ -295,7 +295,6 @@ private void writeGrants(JsonWriter writer) throws IOException {
 writer.name("userId").value(site.getUserId());
 writer.name("allowedScopes");
 writeNullSafeArray(writer, site.getAllowedScopes());
-writer.name("whitelistedSiteId").value(site.getIsWhitelisted() ? site.getWhitelistedSite().getId() : null);
 Set<OAuth2AccessTokenEntity> tokens = site.getApprovedAccessTokens();
 writer.name("approvedAccessTokens");
 writer.beginArray();
@@ -780,7 +779,6 @@ private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) t
 }
 
 Map<Long, Long> grantOldToNewIdMap = new HashMap<>();
-Map<Long, Long> grantToWhitelistedSiteRefs = new HashMap<>();
 Map<Long, Set<Long>> grantToAccessTokensRefs = new HashMap<>();
 
 /**
@@ -792,7 +790,6 @@ private void readGrants(JsonReader reader) throws IOException {
 while (reader.hasNext()) {
 ApprovedSite site = new ApprovedSite();
 Long currentId = null;
-Long whitelistedSiteId = null;
 Set<Long> tokenIds = null;
 reader.beginObject();
 while (reader.hasNext()) {
@@ -821,8 +818,6 @@ private void readGrants(JsonReader reader) throws IOException {
 } else if (name.equals("allowedScopes")) {
 Set<String> allowedScopes = readSet(reader);
 site.setAllowedScopes(allowedScopes);
-} else if (name.equals("whitelistedSiteId")) {
-whitelistedSiteId = reader.nextLong();
 } else if (name.equals("approvedAccessTokens")) {
 tokenIds = readSet(reader);
 } else {
@@ -839,9 +834,6 @@ private void readGrants(JsonReader reader) throws IOException {
 reader.endObject();
 Long newId = approvedSiteRepository.save(site).getId();
 grantOldToNewIdMap.put(currentId, newId);
-if (whitelistedSiteId != null) {
-grantToWhitelistedSiteRefs.put(currentId, whitelistedSiteId);
-}
 if (tokenIds != null) {
 grantToAccessTokensRefs.put(currentId, tokenIds);
 }
@@ -1193,16 +1185,6 @@ private void fixObjectReferences() {
 tokenRepository.saveAccessToken(accessToken);
 }
 accessTokenToIdTokenRefs.clear();
-for (Long oldGrantId : grantToWhitelistedSiteRefs.keySet()) {
-Long oldWhitelistedSiteId = grantToWhitelistedSiteRefs.get(oldGrantId);
-Long newWhitelistedSiteId = whitelistedSiteOldToNewIdMap.get(oldWhitelistedSiteId);
-WhitelistedSite wlSite = wlSiteRepository.getById(newWhitelistedSiteId);
-Long newGrantId = grantOldToNewIdMap.get(oldGrantId);
-ApprovedSite approvedSite = approvedSiteRepository.getById(newGrantId);
-approvedSite.setWhitelistedSite(wlSite);
-approvedSiteRepository.save(approvedSite);
-}
-grantToWhitelistedSiteRefs.clear();
 for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
 Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
 Set<OAuth2AccessTokenEntity> tokens = new HashSet<OAuth2AccessTokenEntity>();

openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java

@@ -175,11 +175,6 @@ public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizati
 if (!alreadyApproved) {
 WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId);
 if (ws != null && systemScopes.scopesMatch(ws.getAllowedScopes(), authorizationRequest.getScope())) {
-
-//Create an approved site
-ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws);
-String newSiteId = newSite.getId().toString();
-authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId);
 authorizationRequest.setApproved(true);
 
 setAuthTime(authorizationRequest);
@@ -253,7 +248,7 @@ public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizati
 timeout = cal.getTime();
 }
 
-ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null);
+ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes);
 String newSiteId = newSite.getId().toString();
 authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId);
 }