001/*******************************************************************************
002 * Copyright 2018 The MIT Internet Trust Consortium
003 *
004 * Portions copyright 2011-2013 The MITRE Corporation
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License");
007 * you may not use this file except in compliance with the License.
008 * You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 *******************************************************************************/
018/**
019 *
020 */
021package org.mitre.openid.connect.web;
022
023import java.security.Principal;
024import java.util.Collection;
025
026import org.mitre.openid.connect.model.WhitelistedSite;
027import org.mitre.openid.connect.service.WhitelistedSiteService;
028import org.mitre.openid.connect.view.HttpCodeView;
029import org.mitre.openid.connect.view.JsonEntityView;
030import org.mitre.openid.connect.view.JsonErrorView;
031import org.slf4j.Logger;
032import org.slf4j.LoggerFactory;
033import org.springframework.beans.factory.annotation.Autowired;
034import org.springframework.http.HttpStatus;
035import org.springframework.http.MediaType;
036import org.springframework.security.access.prepost.PreAuthorize;
037import org.springframework.stereotype.Controller;
038import org.springframework.ui.ModelMap;
039import org.springframework.web.bind.annotation.PathVariable;
040import org.springframework.web.bind.annotation.RequestBody;
041import org.springframework.web.bind.annotation.RequestMapping;
042import org.springframework.web.bind.annotation.RequestMethod;
043
044import com.google.gson.Gson;
045import com.google.gson.JsonObject;
046import com.google.gson.JsonParseException;
047import com.google.gson.JsonParser;
048
049/**
050 * @author jricher
051 *
052 */
053@Controller
054@RequestMapping("/" + WhitelistAPI.URL)
055@PreAuthorize("hasRole('ROLE_USER')")
056public class WhitelistAPI {
057
058        public static final String URL = RootController.API_URL + "/whitelist";
059
060        @Autowired
061        private WhitelistedSiteService whitelistService;
062
063        /**
064         * Logger for this class
065         */
066        private static final Logger logger = LoggerFactory.getLogger(WhitelistAPI.class);
067
068        private Gson gson = new Gson();
069        private JsonParser parser = new JsonParser();
070
071        /**
072         * Get a list of all whitelisted sites
073         * @param m
074         * @return
075         */
076        @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
077        public String getAllWhitelistedSites(ModelMap m) {
078
079                Collection<WhitelistedSite> all = whitelistService.getAll();
080
081                m.put(JsonEntityView.ENTITY, all);
082
083                return JsonEntityView.VIEWNAME;
084        }
085
086        /**
087         * Create a new whitelisted site
088         * @param jsonString
089         * @param m
090         * @param p
091         * @return
092         */
093        @PreAuthorize("hasRole('ROLE_ADMIN')")
094        @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
095        public String addNewWhitelistedSite(@RequestBody String jsonString, ModelMap m, Principal p) {
096
097                JsonObject json;
098
099                WhitelistedSite whitelist = null;
100                try {
101                        json = parser.parse(jsonString).getAsJsonObject();
102                        whitelist = gson.fromJson(json, WhitelistedSite.class);
103
104                } catch (JsonParseException e) {
105                        logger.error("addNewWhitelistedSite failed due to JsonParseException", e);
106                        m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
107                        m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
108                        return JsonErrorView.VIEWNAME;
109                } catch (IllegalStateException e) {
110                        logger.error("addNewWhitelistedSite failed due to IllegalStateException", e);
111                        m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
112                        m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
113                        return JsonErrorView.VIEWNAME;
114                }
115
116                // save the id of the person who created this
117                whitelist.setCreatorUserId(p.getName());
118
119                WhitelistedSite newWhitelist = whitelistService.saveNew(whitelist);
120
121                m.put(JsonEntityView.ENTITY, newWhitelist);
122
123                return JsonEntityView.VIEWNAME;
124
125        }
126
127        /**
128         * Update an existing whitelisted site
129         */
130        @PreAuthorize("hasRole('ROLE_ADMIN')")
131        @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
132        public String updateWhitelistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) {
133
134                JsonObject json;
135
136                WhitelistedSite whitelist = null;
137                try {
138                        json = parser.parse(jsonString).getAsJsonObject();
139                        whitelist = gson.fromJson(json, WhitelistedSite.class);
140
141                } catch (JsonParseException e) {
142                        logger.error("updateWhitelistedSite failed due to JsonParseException", e);
143                        m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
144                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
145                        return JsonErrorView.VIEWNAME;
146                } catch (IllegalStateException e) {
147                        logger.error("updateWhitelistedSite failed due to IllegalStateException", e);
148                        m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
149                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
150                        return JsonErrorView.VIEWNAME;
151                }
152
153                WhitelistedSite oldWhitelist = whitelistService.getById(id);
154
155                if (oldWhitelist == null) {
156                        logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found.");
157                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
158                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found.");
159                        return JsonErrorView.VIEWNAME;
160                } else {
161
162                        WhitelistedSite newWhitelist = whitelistService.update(oldWhitelist, whitelist);
163
164                        m.put(JsonEntityView.ENTITY, newWhitelist);
165
166                        return JsonEntityView.VIEWNAME;
167                }
168        }
169
170        /**
171         * Delete a whitelisted site
172         *
173         */
174        @PreAuthorize("hasRole('ROLE_ADMIN')")
175        @RequestMapping(value="/{id}", method = RequestMethod.DELETE)
176        public String deleteWhitelistedSite(@PathVariable("id") Long id, ModelMap m) {
177                WhitelistedSite whitelist = whitelistService.getById(id);
178
179                if (whitelist == null) {
180                        logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found.");
181                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
182                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found.");
183                        return JsonErrorView.VIEWNAME;
184                } else {
185                        m.put(HttpCodeView.CODE, HttpStatus.OK);
186                        whitelistService.remove(whitelist);
187                }
188
189                return HttpCodeView.VIEWNAME;
190        }
191
192        /**
193         * Get a single whitelisted site
194         */
195        @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
196        public String getWhitelistedSite(@PathVariable("id") Long id, ModelMap m) {
197                WhitelistedSite whitelist = whitelistService.getById(id);
198                if (whitelist == null) {
199                        logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found.");
200                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
201                        m.put(JsonErrorView.ERROR_MESSAGE, "The requested whitelisted site with id " + id + "could not be found.");
202                        return JsonErrorView.VIEWNAME;
203                } else {
204
205                        m.put(JsonEntityView.ENTITY, whitelist);
206
207                        return JsonEntityView.VIEWNAME;
208                }
209
210        }
211
212}