OAuth

compose.yml

@@ -31,6 +31,7 @@ services:
         "--canvas-token", "changeme",
         "--use-canvas", "true",
 #        "--disable-compilation", # Enable me, if desired!
+        "--client-id", "changeme",
     ]
     networks:
       - autograder

docs/getting-started/getting-started.md

@@ -109,6 +109,12 @@ Do the following actions:
 # Use one of the following, but not both
 --canvas-token <canvas api key>
 --use-canvas false
+
+#Follow the steps at https://developer.byu.edu/data/api-usage/create-an-oauth-client
+#Please choose the sandbox environment
+#You are going to want to choose the Auth Code + PKCE option
+#For the redirect url, you should use the cas-callback-url
+--client-id <client id>
 ```
 
 ### 6. Run the Autograder Locally

src/main/java/Main.java

@@ -90,6 +90,9 @@ private static void setupProperties(String[] args) {
             if (cmd.hasOption("disable-compilation")) {
                 properties.setProperty("run-compilation", "false");
             }
+            if(cmd.hasOption("client-id")){
+                properties.setProperty("client-id", cmd.getOptionValue("client-id"));
+            }
         } catch (ParseException e) {
             throw new RuntimeException("Error parsing command line arguments", e);
         }
@@ -109,6 +112,7 @@ private static Options getOptions() {
         options.addOption(null, "canvas-token", true, "Canvas Token");
         options.addOption(null, "use-canvas", true, "Using Canvas");
         options.addOption(null, "disable-compilation", false, "Turn off student code compilation");
+        options.addOption(null, "client-id", true, "Client ID for BYU OAuth");
         return options;
     }
 

src/main/java/edu/byu/cs/controller/CasController.java → src/main/java/edu/byu/cs/controller/RedirectController.java

@@ -1,53 +1,71 @@
 package edu.byu.cs.controller;
 
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+
 import edu.byu.cs.canvas.CanvasException;
+import edu.byu.cs.controller.exception.UnauthorizedException;
 import edu.byu.cs.dataAccess.DataAccessException;
 import edu.byu.cs.model.User;
 import edu.byu.cs.properties.ApplicationProperties;
-import edu.byu.cs.service.CasService;
+import edu.byu.cs.service.AuthenticationService;
 import edu.byu.cs.service.ConfigService;
+import static edu.byu.cs.util.JwtUtils.generateToken;
 import io.javalin.http.Context;
+import io.javalin.http.Cookie;
 import io.javalin.http.Handler;
 import io.javalin.http.HttpStatus;
 
-import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
-
-import static edu.byu.cs.util.JwtUtils.generateToken;
-
 /**
- * Handles CAS-related HTTP endpoints. CAS, standing for <em>Central Authentication Service</em>,
- * is BYU's centralized authentication provider for all BYU users
+ * Handles Redirect related endpoints, including the class chat link (i. e. Slack or Discord)
+ * and authentication redirects.
  */
-public class CasController {
+public class RedirectController {
+
     public static final Handler callbackGet = ctx -> {
-        String ticket = ctx.queryParam("ticket");
+        String code = ctx.queryParam("code");
+        if (code == null){
+            throw new UnauthorizedException();
+        }
+        AuthenticationService.TokenResponse response = AuthenticationService.exchangeCodeForTokens(code);
 
         User user;
         try {
-            user = CasService.callback(ticket);
+            user = AuthenticationService.callback(response.idToken());
         } catch (CanvasException e) {
             String errorUrlParam = URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8);
             ctx.redirect(ApplicationProperties.frontendUrl() + "/login?error=" + errorUrlParam, HttpStatus.FOUND);
             return;
         }
 
-        // FIXME: secure cookie with httpOnly
-        ctx.cookie("token", generateToken(user.netId()), 14400);
+        ctx.cookie (new Cookie(
+                "token",
+                generateToken(user.netId()),
+                "/",
+                14400,
+                AuthenticationService.isSecure(),
+                0,
+                true
+        ));
 
         redirect(ctx);
     };
 
+
+
     public static final Handler loginGet = ctx -> {
         // check if already logged in
         if (ctx.cookie("token") != null) {
             redirect(ctx);
             return;
         }
-        ctx.redirect(CasService.BYU_CAS_URL + "/login" + "?service=" + ApplicationProperties.casCallbackUrl());
+        ctx.redirect(AuthenticationService.getAuthorizationUrl());
     };
 
-
+    /**
+     * Redirects students to the class chat invite. At the time we used Slack, and therefore all references use
+     * that name
+     */
     private static void redirect(Context ctx) throws DataAccessException {
         String redirectTo;
         if(ctx.sessionAttribute("slack") != null) {
@@ -64,7 +82,7 @@ private static void redirect(Context ctx) throws DataAccessException {
             return;
         }
 
-        // TODO: call cas logout endpoint with ticket
+        // TODO: call logout endpoint with token
         ctx.removeCookie("token", "/");
         ctx.redirect(ApplicationProperties.frontendUrl(), HttpStatus.OK);
     };

src/main/java/edu/byu/cs/properties/ApplicationProperties.java

@@ -58,6 +58,7 @@ public static String frontendUrl() {
         return mustGet("frontend-url");
     }
 
+    public static String clientId() {return mustGet("client-id");}
 
     public static String casCallbackUrl() {
         return mustGet("cas-callback-url");

src/main/java/edu/byu/cs/server/endpointprovider/EndpointProviderImpl.java

@@ -93,17 +93,17 @@ public Handler meGet() {
 
     @Override
     public Handler callbackGet() {
-        return CasController.callbackGet;
+        return RedirectController.callbackGet;
     }
 
     @Override
     public Handler loginGet() {
-        return CasController.loginGet;
+        return RedirectController.loginGet;
     }
 
     @Override
     public Handler logoutPost() {
-        return CasController.logoutPost;
+        return RedirectController.logoutPost;
     }
 
     // ConfigController