added modification to support PKCE authorization in Quick ACG

Author: annahileta

Quick_ACG/pom.xml

@@ -158,6 +158,7 @@
                                     <includes>
                                         <include>Locals.java</include>
                                         <include>User.java</include>
+                                        <include>EnvelopeDocumentInfo.java</include>
                                     </includes>
                                 </resource>
                                 <resource>
@@ -199,7 +200,16 @@
                                     <targetPath>${basedir}/src/main/java/com/docusign/core/security</targetPath>
                                     <directory>../src/main/java/com/docusign/core/security</directory>
                                     <includes>
-                                        <include>OAuthProperties.java</include>
+                                        <include>SecurityHelpers.java</include>
+                                        <include>JWTOAuth2User.java</include>
+                                        <include>CustomAuthenticationFailureHandler.java</include>
+                                    </includes>
+                                </resource>
+                                <resource>
+                                    <targetPath>${basedir}/src/main/java/com/docusign/core/security/acg</targetPath>
+                                    <directory>../src/main/java/com/docusign/core/security/acg</directory>
+                                    <includes>
+                                        <include>ACGAuthenticationMethod.java</include>
                                     </includes>
                                 </resource>
                                 <resource>

Quick_ACG/src/main/java/com/docusign/core/model/Session.java

@@ -1,37 +1,33 @@
 package com.docusign.core.model;
 
+import com.docusign.esign.client.auth.OAuth;
 import lombok.Data;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.WebApplicationContext;
 
 import java.io.Serializable;
+import java.util.List;
 import java.util.UUID;
 
 @Component
-@Scope(value = WebApplicationContext.SCOPE_SESSION,
-        proxyMode = ScopedProxyMode.TARGET_CLASS)
+@Scope(value = WebApplicationContext.SCOPE_SESSION, proxyMode = ScopedProxyMode.TARGET_CLASS)
 @Data
 public class Session implements Serializable {
     private static final long serialVersionUID = 2695379118371574037L;
 
+    public Long tokenExpirationTime;
+
     private String accountId;
+
     private String accountName;
+
     private String basePath;
-    private String statusCFR;
-    private String roomsBasePath;
+
     private String envelopeId;
-    private String templateId;
-    private String templateName;
-    private String permissionProfileId;
-    private String permissionProfileName;
-    private String apiIndexPath;
-    private boolean refreshToken = false;
-    private String clickwrapId;
-    private String clickwrapVersionNumber;
-    private String exportId;
-    private String importId;
-    private UUID orgId;
-    public UUID bulkListId;
+
+    private String statusCFR;
+
+    private Boolean isPKCEWorking = true;
 }

src/main/java/com/docusign/DSConfiguration.java

@@ -168,7 +168,7 @@ public ManifestStructure getCodeExamplesText() {
 
         try {
             codeExamplesText = new ObjectMapper().readValue(loadFileData(codeExamplesManifest),
-                ManifestStructure.class);
+                    ManifestStructure.class);
         } catch (Exception e) {
             e.printStackTrace();
         }
@@ -182,8 +182,8 @@ public String loadFileData(String linkToManifestFile) throws Exception {
         httpConnection.setRequestMethod(HttpMethod.GET);
 
         httpConnection.setRequestProperty(
-            HttpHeaders.CONTENT_TYPE,
-            String.valueOf(MediaType.APPLICATION_JSON));
+                HttpHeaders.CONTENT_TYPE,
+                String.valueOf(MediaType.APPLICATION_JSON));
 
         int responseCode = httpConnection.getResponseCode();
 

src/main/java/com/docusign/core/controller/IndexController.java

@@ -95,7 +95,7 @@ public String index(ModelMap model, HttpServletResponse response) throws Excepti
         }
 
         if (config.getQuickstart().equals("true") && config.getSelectedApiIndex().equals(ApiIndex.ESIGNATURE) &&
-            !(SecurityContextHolder.getContext().getAuthentication() instanceof OAuth2AuthenticationToken)) {
+                !(SecurityContextHolder.getContext().getAuthentication() instanceof OAuth2AuthenticationToken)) {
             String site = ApiIndex.ESIGNATURE.getPathOfFirstExample();
             response.setStatus(response.SC_MOVED_TEMPORARILY);
             response.setHeader(LOCATION_HEADER, site);
@@ -114,7 +114,7 @@ public String index(ModelMap model, HttpServletResponse response) throws Excepti
 
     @GetMapping(path = "/ds/mustAuthenticate")
     public ModelAndView mustAuthenticateController(ModelMap model, HttpServletRequest req, HttpServletResponse resp)
-    throws IOException {
+            throws IOException {
         model.addAttribute(LAUNCHER_TEXTS, config.getCodeExamplesText().SupportingTexts);
         model.addAttribute(ATTR_TITLE, config.getCodeExamplesText().SupportingTexts.LoginPage.LoginButton);
 
@@ -124,11 +124,12 @@ public ModelAndView mustAuthenticateController(ModelMap model, HttpServletReques
             config.setIsConsentRedirectActivated(false);
             this.session.setAuthTypeSelected(AuthType.JWT);
 
-            return new ModelAndView(new JWTAuthenticationMethod().loginUsingJWT(config, session, redirectURL));
+            return new ModelAndView(
+                    new JWTAuthenticationMethod().loginUsingJWT(config, session, redirectURL, ApiType.getScopeList()));
         }
 
         boolean isRedirectToMonitor = redirectURL.toLowerCase().contains("/m") &&
-            !redirectURL.toLowerCase().contains("/mae");
+                !redirectURL.toLowerCase().contains("/mae");
         if (session.isRefreshToken() || config.getQuickstart().equals("true")) {
             config.setQuickstart("false");
 
@@ -148,12 +149,13 @@ private ModelAndView checkForMonitorRedirects(String redirectURL) {
         this.session.setAuthTypeSelected(AuthType.JWT);
         redirectURL = redirectURL != "/" ? redirectURL : session.getMonitorExampleRedirect();
         this.session.setMonitorExampleRedirect(null);
-        return new ModelAndView(new JWTAuthenticationMethod().loginUsingJWT(config, session, redirectURL));
+        return new ModelAndView(
+                new JWTAuthenticationMethod().loginUsingJWT(config, session, redirectURL, ApiType.getScopeList()));
     }
 
     @GetMapping("/pkce")
     public RedirectView pkce(String code, String state, HttpServletRequest req, HttpServletResponse resp)
-    throws Exception {
+            throws Exception {
         String redirectURL = getRedirectURLForJWTAuthentication(req, resp);
         RedirectView redirect;
         try {
@@ -167,25 +169,25 @@ public RedirectView pkce(String code, String state, HttpServletRequest req, Http
     }
 
     @PostMapping("/ds/authenticate")
-    public RedirectView authenticate(ModelMap model, @RequestBody MultiValueMap <String, String> formParams,
-        HttpServletRequest req, HttpServletResponse resp) throws Exception {
+    public RedirectView authenticate(ModelMap model, @RequestBody MultiValueMap<String, String> formParams,
+            HttpServletRequest req, HttpServletResponse resp) throws Exception {
         if (!formParams.containsKey("selectAuthType")) {
             model.addAttribute("message", "Select option with selectAuthType name must be provided.");
             return new RedirectView("pages/error");
         }
 
         String redirectURL = getRedirectURLForJWTAuthentication(req, resp);
 
-        List <String> selectAuthTypeObject = formParams.get("selectAuthType");
+        List<String> selectAuthTypeObject = formParams.get("selectAuthType");
         AuthType authTypeSelected = AuthType.valueOf(selectAuthTypeObject.get(0));
 
         if (authTypeSelected.equals(AuthType.JWT)) {
             this.session.setAuthTypeSelected(AuthType.JWT);
-            return new JWTAuthenticationMethod().loginUsingJWT(config, session, redirectURL);
+            return new JWTAuthenticationMethod().loginUsingJWT(config, session, redirectURL, ApiType.getScopeList());
         } else {
             this.session.setAuthTypeSelected(AuthType.AGC);
             if (this.session.getIsPKCEWorking()) {
-                return new ACGAuthenticationMethod().initiateAuthorization(config);
+                return new ACGAuthenticationMethod().initiateAuthorization(config, ApiType.getScopeList());
             } else {
                 return getRedirectView(authTypeSelected);
             }
@@ -196,7 +198,7 @@ private String getRedirectURLForJWTAuthentication(HttpServletRequest req, HttpSe
         SavedRequest savedRequest = requestCache.getRequest(req, resp);
 
         String[] examplesCodes = new String[] {
-            ApiIndex.CLICK.getExamplesPathCode(),
+                ApiIndex.CLICK.getExamplesPathCode(),
                 ApiIndex.ESIGNATURE.getExamplesPathCode(),
                 ApiIndex.MONITOR.getExamplesPathCode(),
                 ApiIndex.ADMIN.getExamplesPathCode(),
@@ -209,7 +211,7 @@ private String getRedirectURLForJWTAuthentication(HttpServletRequest req, HttpSe
 
             if (indexOfExampleCodeInRedirect != -1) {
                 Boolean hasNumbers = savedRequest.getRedirectUrl().substring(indexOfExampleCodeInRedirect)
-                    .matches(".*\\d.*");
+                        .matches(".*\\d.*");
 
                 return "GET".equals(savedRequest.getMethod()) && hasNumbers ? savedRequest.getRedirectUrl() : "/";
             }
@@ -220,8 +222,8 @@ private String getRedirectURLForJWTAuthentication(HttpServletRequest req, HttpSe
 
     @GetMapping(path = "/ds-return")
     public String returnController(@RequestParam(value = ATTR_STATE, required = false) String state,
-        @RequestParam(value = ATTR_EVENT, required = false) String event,
-        @RequestParam(required = false) String envelopeId, ModelMap model) {
+            @RequestParam(value = ATTR_EVENT, required = false) String event,
+            @RequestParam(required = false) String envelopeId, ModelMap model) {
         model.addAttribute(LAUNCHER_TEXTS, config.getCodeExamplesText().SupportingTexts);
         model.addAttribute(ATTR_TITLE, "Return from DocuSign");
         model.addAttribute(ATTR_EVENT, event);

src/main/java/com/docusign/core/model/ApiType.java

@@ -1,6 +1,8 @@
 package com.docusign.core.model;
 
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 
 public enum ApiType {
     ESIGNATURE("eSignature API", new String[] { "signature" }, "eg"),
@@ -37,6 +39,14 @@ public static ApiType giveTypeByName(String exampleName) {
                 .get();
     }
 
+    public static List<String> getScopeList() {
+        List<String> scopes = new ArrayList<>();
+        for (ApiType scope : ApiType.values()) {
+            scopes.addAll(Arrays.asList(scope.getScopes()));
+        }
+        return scopes;
+    }
+
     public String[] getScopes() {
         return scopes;
     }

src/main/java/com/docusign/core/security/SecurityHelpers.java

@@ -4,29 +4,18 @@
 import java.security.NoSuchAlgorithmException;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Base64;
 import java.util.List;
 import java.util.Random;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
-import com.docusign.core.model.ApiType;
 import com.docusign.core.model.Session;
 import com.docusign.esign.client.auth.OAuth;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 public class SecurityHelpers {
-    public static List<String> getScopeList() {
-        List<String> scopes = new ArrayList<>();
-        for (ApiType scope : ApiType.values()) {
-            scopes.addAll(Arrays.asList(scope.getScopes()));
-        }
-        return scopes;
-    }
-
     public static String generateCodeVerifier() {
         byte[] randomBytes = new byte[32];
         new Random().nextBytes(randomBytes);
@@ -46,12 +35,12 @@ public static String parseJsonField(String jsonResponse, String field) throws IO
     }
 
     public static void setSpringSecurityAuthentication(
-        List<String> scopes,
-        String oAuthToken,
-        OAuth.UserInfo userInfo,
-        String accountId,
-        Session session,
-        String expiresIn) {
+            List<String> scopes,
+            String oAuthToken,
+            OAuth.UserInfo userInfo,
+            String accountId,
+            Session session,
+            String expiresIn) {
         JWTOAuth2User principal = new JWTOAuth2User();
         principal.setAuthorities(scopes);
         principal.setCreated(userInfo.getCreated());

src/main/java/com/docusign/core/security/acg/ACGAuthenticationMethod.java

@@ -26,9 +26,7 @@ public class ACGAuthenticationMethod {
 
     private static String codeChallenge;
 
-    public RedirectView initiateAuthorization(DSConfiguration configuration) throws Exception {
-        List<String> scopes = SecurityHelpers.getScopeList();
-
+    public RedirectView initiateAuthorization(DSConfiguration configuration, List<String> scopes) throws Exception {
         codeVerifier = SecurityHelpers.generateCodeVerifier();
         codeChallenge = SecurityHelpers.generateCodeChallenge(codeVerifier);
 

src/main/java/com/docusign/core/security/jwt/JWTAuthenticationMethod.java

@@ -29,9 +29,8 @@ public class JWTAuthenticationMethod {
         public RedirectView loginUsingJWT(
                         DSConfiguration configuration,
                         Session session,
-                        String redirectURL) {
-                List<String> scopes = SecurityHelpers.getScopeList();
-
+                        String redirectURL,
+                        List<String> scopes) {
                 try {
                         ApiClient apiClient = new ApiClient(configuration.getBasePath());
                         byte[] privateKeyBytes = Files.readAllBytes(Paths.get(configuration.getPrivateKeyPath()));