001/*******************************************************************************
002 * Copyright 2018 The MIT Internet Trust Consortium
003 *
004 * Portions copyright 2011-2013 The MITRE Corporation
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License");
007 * you may not use this file except in compliance with the License.
008 * You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 *******************************************************************************/
018/**
019 *
020 */
021package org.mitre.openid.connect.web;
022
023import java.security.Principal;
024import java.util.Collection;
025
026import org.mitre.openid.connect.model.BlacklistedSite;
027import org.mitre.openid.connect.service.BlacklistedSiteService;
028import org.mitre.openid.connect.view.HttpCodeView;
029import org.mitre.openid.connect.view.JsonEntityView;
030import org.mitre.openid.connect.view.JsonErrorView;
031import org.slf4j.Logger;
032import org.slf4j.LoggerFactory;
033import org.springframework.beans.factory.annotation.Autowired;
034import org.springframework.http.HttpStatus;
035import org.springframework.http.MediaType;
036import org.springframework.security.access.prepost.PreAuthorize;
037import org.springframework.stereotype.Controller;
038import org.springframework.ui.ModelMap;
039import org.springframework.web.bind.annotation.PathVariable;
040import org.springframework.web.bind.annotation.RequestBody;
041import org.springframework.web.bind.annotation.RequestMapping;
042import org.springframework.web.bind.annotation.RequestMethod;
043
044import com.google.gson.Gson;
045import com.google.gson.JsonObject;
046import com.google.gson.JsonParser;
047import com.google.gson.JsonSyntaxException;
048
049/**
050 * @author jricher
051 *
052 */
053@Controller
054@RequestMapping("/" + BlacklistAPI.URL)
055@PreAuthorize("hasRole('ROLE_ADMIN')")
056public class BlacklistAPI {
057
058        public static final String URL = RootController.API_URL + "/blacklist";
059
060        @Autowired
061        private BlacklistedSiteService blacklistService;
062
063        /**
064         * Logger for this class
065         */
066        private static final Logger logger = LoggerFactory.getLogger(BlacklistAPI.class);
067
068        private Gson gson = new Gson();
069        private JsonParser parser = new JsonParser();
070
071        /**
072         * Get a list of all blacklisted sites
073         * @param m
074         * @return
075         */
076        @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
077        public String getAllBlacklistedSites(ModelMap m) {
078
079                Collection<BlacklistedSite> all = blacklistService.getAll();
080
081                m.put(JsonEntityView.ENTITY, all);
082
083                return JsonEntityView.VIEWNAME;
084        }
085
086        /**
087         * Create a new blacklisted site
088         * @param jsonString
089         * @param m
090         * @param p
091         * @return
092         */
093        @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
094        public String addNewBlacklistedSite(@RequestBody String jsonString, ModelMap m, Principal p) {
095
096                JsonObject json;
097
098                BlacklistedSite blacklist = null;
099
100                try {
101
102                        json = parser.parse(jsonString).getAsJsonObject();
103                        blacklist = gson.fromJson(json, BlacklistedSite.class);
104                        BlacklistedSite newBlacklist = blacklistService.saveNew(blacklist);
105                        m.put(JsonEntityView.ENTITY, newBlacklist);
106
107                }
108                catch (JsonSyntaxException e) {
109                        logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e);
110                        m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
111                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
112                        return JsonErrorView.VIEWNAME;
113                } catch (IllegalStateException e) {
114                        logger.error("addNewBlacklistedSite failed due to IllegalStateException", e);
115                        m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
116                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
117                        return JsonErrorView.VIEWNAME;
118                }
119
120                return JsonEntityView.VIEWNAME;
121
122        }
123
124        /**
125         * Update an existing blacklisted site
126         */
127        @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
128        public String updateBlacklistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) {
129
130                JsonObject json;
131
132                BlacklistedSite blacklist = null;
133
134                try {
135
136                        json = parser.parse(jsonString).getAsJsonObject();
137                        blacklist = gson.fromJson(json, BlacklistedSite.class);
138
139                }
140                catch (JsonSyntaxException e) {
141                        logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e);
142                        m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
143                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
144                        return JsonErrorView.VIEWNAME;
145                } catch (IllegalStateException e) {
146                        logger.error("updateBlacklistedSite failed due to IllegalStateException", e);
147                        m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
148                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
149                        return JsonErrorView.VIEWNAME;
150                }
151
152
153                BlacklistedSite oldBlacklist = blacklistService.getById(id);
154
155                if (oldBlacklist == null) {
156                        logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found");
157                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
158                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found.");
159                        return JsonErrorView.VIEWNAME;
160                } else {
161
162                        BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist);
163
164                        m.put(JsonEntityView.ENTITY, newBlacklist);
165
166                        return JsonEntityView.VIEWNAME;
167                }
168        }
169
170        /**
171         * Delete a blacklisted site
172         *
173         */
174        @RequestMapping(value="/{id}", method = RequestMethod.DELETE)
175        public String deleteBlacklistedSite(@PathVariable("id") Long id, ModelMap m) {
176                BlacklistedSite blacklist = blacklistService.getById(id);
177
178                if (blacklist == null) {
179                        logger.error("deleteBlacklistedSite failed; blacklist with id " + id + " could not be found");
180                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found.");
181                        return JsonErrorView.VIEWNAME;
182                } else {
183                        m.put(HttpCodeView.CODE, HttpStatus.OK);
184                        blacklistService.remove(blacklist);
185                }
186
187                return HttpCodeView.VIEWNAME;
188        }
189
190        /**
191         * Get a single blacklisted site
192         */
193        @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
194        public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) {
195                BlacklistedSite blacklist = blacklistService.getById(id);
196                if (blacklist == null) {
197                        logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found");
198                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
199                        m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found.");
200                        return JsonErrorView.VIEWNAME;
201                } else {
202
203                        m.put(JsonEntityView.ENTITY, blacklist);
204
205                        return JsonEntityView.VIEWNAME;
206                }
207
208        }
209
210}