Merge branch 'ondrejvelisek/verification-uri-complete'

Closes #1386

Author: jricher

openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java

@@ -68,6 +68,8 @@ public class ConfigurationPropertiesBean {
 	private boolean dualClient = false;
 
 	private boolean heartMode = false;
+	
+	private boolean allowCompleteDeviceCodeUri = false;
 
 	public ConfigurationPropertiesBean() {
 
@@ -257,4 +259,18 @@ public boolean isHeartMode() {
 	public void setHeartMode(boolean heartMode) {
 		this.heartMode = heartMode;
 	}
+
+	/**
+	 * @return the allowCompleteDeviceCodeUri
+	 */
+	public boolean isAllowCompleteDeviceCodeUri() {
+		return allowCompleteDeviceCodeUri;
+	}
+
+	/**
+	 * @param allowCompleteDeviceCodeUri the allowCompleteDeviceCodeUri to set
+	 */
+	public void setAllowCompleteDeviceCodeUri(boolean allowCompleteDeviceCodeUri) {
+		this.allowCompleteDeviceCodeUri = allowCompleteDeviceCodeUri;
+	}
 }

openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml

@@ -68,6 +68,10 @@
 		<!-- This property turns on HEART compliance mode -->
 		<!-- <property name="heartMode" value="true" /> -->
 
+        <!-- This property allows the server to create and accept fully-composed 
+        user URIs (with the user-code emebedded) for the device flow -->
+        <!-- <property name="allowCompleteDeviceCodeUri" value="true" /> -->
+
 	</bean>
 
 </beans>

openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json

@@ -510,7 +510,7 @@
 			"expiredUserCode": "The code that you entered has expired. Return to your device and request a new code.",
 			"userCodeAlreadyApproved": "The code that you entered has already been used.",
 			"userCodeMismatch": "There was an error processing the code you entered. Try refreshing the page and returning to your device to request a new code.",
-			"error": "There was an error processing the code you entered. Return to your device adn request a new code."
+			"error": "There was an error processing the code you entered. Return to your device and request a new code."
 		},
 		"approve": {
 			"approved": "The device has been approved.",

openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java

@@ -16,6 +16,8 @@
 
 package org.mitre.oauth2.web;
 
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.Collection;
 import java.util.Date;
 import java.util.HashMap;
@@ -26,6 +28,7 @@
 
 import javax.servlet.http.HttpSession;
 
+import org.apache.http.client.utils.URIBuilder;
 import org.mitre.oauth2.exception.DeviceCodeCreationException;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.DeviceCode;
@@ -134,14 +137,22 @@ public String requestDeviceCode(@RequestParam("client_id") String clientId, @Req
 
 		try {
 			DeviceCode dc = deviceCodeService.createNewDeviceCode(requestedScopes, client, parameters);
-	
+
 			Map<String, Object> response = new HashMap<>();
 			response.put("device_code", dc.getDeviceCode());
 			response.put("user_code", dc.getUserCode());
 			response.put("verification_uri", config.getIssuer() + USER_URL);
 			if (client.getDeviceCodeValiditySeconds() != null) {
 				response.put("expires_in", client.getDeviceCodeValiditySeconds());
 			}
+			
+			if (config.isAllowCompleteDeviceCodeUri()) {
+				URI verificationUriComplete  = new URIBuilder(config.getIssuer() + USER_URL)
+					.addParameter("user_code", dc.getUserCode())
+					.build();
+
+				response.put("verification_uri_complete", verificationUriComplete.toString());
+			}
 
 			model.put(JsonEntityView.ENTITY, response);
 
@@ -154,18 +165,31 @@ public String requestDeviceCode(@RequestParam("client_id") String clientId, @Req
 			model.put(JsonErrorView.ERROR_MESSAGE, dcce.getMessage());
 
 			return JsonErrorView.VIEWNAME;
+		} catch (URISyntaxException use) {
+			logger.error("unable to build verification_uri_complete due to wrong syntax of uri components");
+			model.put(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
+
+			return HttpCodeView.VIEWNAME;
 		}
 
 	}
 
 	@PreAuthorize("hasRole('ROLE_USER')")
 	@RequestMapping(value = "/" + USER_URL, method = RequestMethod.GET)
-	public String requestUserCode(ModelMap model) {
+	public String requestUserCode(@RequestParam(value = "user_code", required = false) String userCode, ModelMap model, HttpSession session) {
 
-		// print out a page that asks the user to enter their user code
-		// user must be logged in
+		if (!config.isAllowCompleteDeviceCodeUri() || userCode == null) {
+			// if we don't allow the complete URI or we didn't get a user code on the way in,
+			// print out a page that asks the user to enter their user code
+			// user must be logged in
+			return "requestUserCode";
+		} else {
 
-		return "requestUserCode";
+			// complete verification uri was used, we received user code directly
+			// skip requesting code page
+			// user must be logged in
+			return readUserCode(userCode, model, session);
+		}
 	}
 
 	@PreAuthorize("hasRole('ROLE_USER')")