-
Notifications
You must be signed in to change notification settings - Fork 0
/
pre_token_generation.js
85 lines (69 loc) · 3.11 KB
/
pre_token_generation.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
importPackage(Packages.com.tivoli.am.fim.trustserver.sts);
importPackage(Packages.com.tivoli.am.fim.trustserver.sts.oauth20);
importPackage(Packages.com.tivoli.am.fim.trustserver.sts.uuser);
importPackage(Packages.com.ibm.security.access.user);
importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.OAuthMappingExtUtils);
importClass(Packages.com.ibm.security.access.httpclient.HttpClient);
importClass(Packages.com.ibm.security.access.httpclient.HttpResponse);
importClass(Packages.com.ibm.security.access.httpclient.Headers);
importClass(Packages.com.ibm.security.access.httpclient.Parameters);
importClass(Packages.java.util.ArrayList);
importClass(Packages.java.util.HashMap);
/**
* Discover the request_type and the grant type
*/
var request_type = null;
var grant_type = null;
// The request type - if none available assume 'resource'
var global_temp_attr = stsuu.getContextAttributes().getAttributeValuesByNameAndType("request_type", "urn:ibm:names:ITFIM:oauth:request");
if (global_temp_attr != null && global_temp_attr.length > 0) {
request_type = global_temp_attr[0];
} else {
request_type = "resource";
}
// The grant type
global_temp_attr = stsuu.getContextAttributes().getAttributeValuesByNameAndType("grant_type", "urn:ibm:names:ITFIM:oauth:body:param");
if (global_temp_attr != null && global_temp_attr.length > 0) {
grant_type = global_temp_attr[0];
}
/**
* ROPC scenario using a user registry for verification of the username
* and password.
*
* TODO: Enable ROPC registry checking
*/
if ( false && request_type == "access_token" && grant_type == "password") {
// The username
temp_attr = stsuu.getContextAttributes().getAttributeValuesByNameAndType("username", "urn:ibm:names:ITFIM:oauth:body:param");
if (temp_attr != null && temp_attr.length > 0) {
username = temp_attr[0];
}
// The password
temp_attr = stsuu.getContextAttributes().getAttributeValuesByNameAndType("password", "urn:ibm:names:ITFIM:oauth:body:param");
if (temp_attr != null && temp_attr.length > 0) {
password = temp_attr[0];
}
// Throw an exception if no username or password was defined
if (username == null || password == null) {
// use throwSTSUserMessageException to return the exception message in request's response
OAuthMappingExtUtils.throwSTSUserMessageException("No username/password.");
}
var isAuthenticated = false;
if(username == "testuser" && password == "Passw0rd") {
isAuthenticated = true;
}
if (!isAuthenticated) {
OAuthMappingExtUtils.throwSTSUserMessageException("Invalid username/password. Authentication failed.");
}
}
if (request_type == "access_token" && grant_type == "authorization_code") {
var code = stsuu.getContextAttributes().getAttributeValueByNameAndType("code","urn:ibm:names:ITFIM:oauth:body:param");
if(code != null) {
var nonce = IDMappingExtUtils.getIDMappingExtCache().getAndRemove(code);
if(nonce != null) {
var attr = new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("nonce", "urn:ibm:jwt:claim", nonce);
stsuu.addAttribute(attr);
}
}
}