From 79532506aebed5f56181ac9e4c716737154087d0 Mon Sep 17 00:00:00 2001
From: Robin Hughes <rhughes@care.com>
Date: Sun, 24 Feb 2019 11:31:14 -0500
Subject: [PATCH 1/3] Add jpa support for saving UserInfo and fix mysql schema
 bootstrapping

---
 .../repository/UserInfoRepository.java        |  2 +
 .../db/mysql/mysql_database_tables.sql        |  2 +
 .../db/mysql/mysql_loading_temp_tables.sql    | 75 +++++++++++++++++++
 .../src/main/webapp/WEB-INF/data-context.xml  |  6 +-
 .../impl/JpaUserInfoRepository.java           |  8 ++
 5 files changed, 90 insertions(+), 3 deletions(-)
 create mode 100644 openid-connect-server-webapp/src/main/resources/db/mysql/mysql_loading_temp_tables.sql

diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
index 9763ca14a5..826ddf4b2d 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
@@ -42,5 +42,7 @@ public interface UserInfoRepository {
 	 * @return
 	 */
 	public UserInfo getByEmailAddress(String email);
+	
+	public UserInfo saveUser(UserInfo userInfo);
 
 }
diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
index 7e00cc8762..4496c5cf48 100644
--- a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
@@ -238,6 +238,8 @@ CREATE TABLE IF NOT EXISTS system_scope (
 	icon VARCHAR(256),
 	restricted BOOLEAN DEFAULT false NOT NULL,
 	default_scope BOOLEAN DEFAULT false NOT NULL,
+	structured BOOLEAN DEFAULT false NOT NULL,
+	structured_param_description VARCHAR(256),
 	UNIQUE (scope)
 );
 
diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_loading_temp_tables.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_loading_temp_tables.sql
new file mode 100644
index 0000000000..cf6f3a60dd
--- /dev/null
+++ b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_loading_temp_tables.sql
@@ -0,0 +1,75 @@
+--
+-- Temporary tables used during the bootstrapping process to safely load users and clients.
+-- These are not needed if you're not using the users.sql/clients.sql files to bootstrap the database.
+--
+
+CREATE TEMPORARY TABLE IF NOT EXISTS authorities_TEMP (
+      username varchar(50) not null,
+      authority varchar(50) not null,
+      constraint ix_authority_TEMP unique (username,authority));
+      
+CREATE TEMPORARY TABLE IF NOT EXISTS users_TEMP (
+      username varchar(50) not null primary key,
+      password varchar(50) not null,
+      enabled boolean not null);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS user_info_TEMP (
+	sub VARCHAR(256) not null primary key,
+	preferred_username VARCHAR(256),
+	name VARCHAR(256),
+	given_name VARCHAR(256),
+	family_name VARCHAR(256),
+	middle_name VARCHAR(256),
+	nickname VARCHAR(256),
+	profile VARCHAR(256),
+	picture VARCHAR(256),
+	website VARCHAR(256),
+	email VARCHAR(256),
+	email_verified BOOLEAN,
+	gender VARCHAR(256),
+	zone_info VARCHAR(256),
+	locale VARCHAR(256),
+	phone_number VARCHAR(256),
+	address_id VARCHAR(256),
+	updated_time VARCHAR(256),
+	birthdate VARCHAR(256)
+);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS client_details_TEMP (
+	client_description VARCHAR(256),
+	dynamically_registered BOOLEAN,
+	id_token_validity_seconds BIGINT,
+	
+	client_id VARCHAR(256),
+	client_secret VARCHAR(2048),
+	access_token_validity_seconds BIGINT,
+	refresh_token_validity_seconds BIGINT,
+	allow_introspection BOOLEAN,
+	
+	client_name VARCHAR(256)
+);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS client_scope_TEMP (
+	owner_id VARCHAR(256),
+	scope VARCHAR(2048)
+);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS client_redirect_uri_TEMP (
+	owner_id VARCHAR(256),
+	redirect_uri VARCHAR(2048) 
+);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS client_grant_type_TEMP (
+	owner_id VARCHAR(256),
+	grant_type VARCHAR(2000)
+);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS system_scope_TEMP (
+	scope VARCHAR(256),
+	description VARCHAR(4096),
+	icon VARCHAR(256),
+	restricted BOOLEAN,
+	default_scope BOOLEAN,
+	structured BOOLEAN DEFAULT false NOT NULL,
+	structured_param_description VARCHAR(256)
+);
\ No newline at end of file
diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml
index 67d8bd146b..1ea11285bf 100644
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml
@@ -65,9 +65,9 @@
 	<!-- You can optionally initialize the database with test values here, 
 		but this is not recommended for real systems -->
 <!-- 	<jdbc:initialize-database data-source="dataSource"> -->
-<!-- 		<jdbc:script location="classpath:/db/tables/mysql_database_tables.sql"/> -->
-<!-- 		<jdbc:script location="classpath:/db/tables/security-schema.sql"/> -->
-<!-- 		<jdbc:script location="classpath:/db/tables/loading_temp_tables.sql"/> -->
+<!-- 		<jdbc:script location="classpath:/db/mysql/mysql_database_tables.sql"/> -->
+<!-- 		<jdbc:script location="classpath:/db/mysql/security-schema.sql"/> -->
+<!-- 		<jdbc:script location="classpath:/db/mysql/mysql_loading_temp_tables.sql"/> -->
 <!-- 		<jdbc:script location="classpath:/db/mysql/users.sql"/> -->
 <!-- 		<jdbc:script location="classpath:/db/mysql/clients.sql"/> -->
 <!-- 		<jdbc:script location="classpath:/db/mysql/scopes.sql"/> -->
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
index 7627246da3..d1a42afee8 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
@@ -26,7 +26,9 @@
 import org.mitre.openid.connect.model.DefaultUserInfo;
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.repository.UserInfoRepository;
+import org.mitre.util.jpa.JpaUtil;
 import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
 
 /**
  * JPA UserInfo repository implementation
@@ -63,4 +65,10 @@ public UserInfo getByEmailAddress(String email) {
 		return getSingleResult(query.getResultList());
 	}
 
+	@Override
+	@Transactional(value="defaultTransactionManager")
+	public UserInfo saveUser(UserInfo userInfo) {
+		return JpaUtil.saveOrUpdate(Long.valueOf(0), manager, userInfo);
+	}
+
 }

From 9f381217af67a79ac50cf955d893cb64dfcf1298 Mon Sep 17 00:00:00 2001
From: Martin Kuba <makub@ics.muni.cz>
Date: Wed, 6 Mar 2019 11:35:05 +0100
Subject: [PATCH 2/3] updated dependencies patchlevels

---
 pom.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 580e4a5745..94d61d2c95 100644
--- a/pom.xml
+++ b/pom.xml
@@ -365,7 +365,7 @@
 			<dependency>
 				<groupId>org.springframework</groupId>
 				<artifactId>spring-framework-bom</artifactId>
-				<version>4.3.7.RELEASE</version>
+				<version>4.3.22.RELEASE</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -374,19 +374,19 @@
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-databind</artifactId>
-				<version>2.9.0.pr2</version>
+				<version>2.9.8</version>
 			</dependency>
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-annotations</artifactId>
-				<version>2.9.0.pr2</version>
+				<version>2.9.8</version>
 			</dependency>
 
 			<!-- Spring Security -->
 			<dependency>
 				<groupId>org.springframework.security</groupId>
 				<artifactId>spring-security-bom</artifactId>
-				<version>4.2.4.RELEASE</version>
+				<version>4.2.11.RELEASE</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>

From efbe40e1af02e2f64a44d1a9124d3a4d616523a1 Mon Sep 17 00:00:00 2001
From: Martin Kuba <makub@ics.muni.cz>
Date: Wed, 6 Mar 2019 11:14:52 +0100
Subject: [PATCH 3/3] added refresh_token into grant_types_supported

---
 .../main/java/org/mitre/discovery/web/DiscoveryEndpoint.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
index 47e9b20741..270a7649eb 100644
--- a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
@@ -304,7 +304,7 @@ OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values
 				JWSAlgorithm.ES256, JWSAlgorithm.ES384, JWSAlgorithm.ES512,
 				JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512,
 				Algorithm.NONE);
-		ArrayList<String> grantTypes = Lists.newArrayList("authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer", "client_credentials", "urn:ietf:params:oauth:grant_type:redelegate", "urn:ietf:params:oauth:grant-type:device_code");
+		ArrayList<String> grantTypes = Lists.newArrayList("authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer", "client_credentials", "urn:ietf:params:oauth:grant_type:redelegate", "urn:ietf:params:oauth:grant-type:device_code","refresh_token");
 
 		Map<String, Object> m = new HashMap<>();
 		m.put("issuer", config.getIssuer());