From 1f174370363b20ba8303b35834aa1ddbb85ca3eb Mon Sep 17 00:00:00 2001 From: Stefan Deser Date: Sun, 3 Feb 2019 13:59:07 +0100 Subject: [PATCH 1/2] Fix token storage issue for no email on athlete --- Strava API v3/.gitignore | 5 +- Strava API v3/pom.xml | 2 +- .../src/javastrava/auth/TokenManager.java | 60 +++++++++---------- 3 files changed, 35 insertions(+), 32 deletions(-) diff --git a/Strava API v3/.gitignore b/Strava API v3/.gitignore index 39dcaada..91154e16 100644 --- a/Strava API v3/.gitignore +++ b/Strava API v3/.gitignore @@ -38,4 +38,7 @@ local.properties .target # TeXlipse plugin -.texlipse \ No newline at end of file +.texlipse + +.idea/ +*.iml diff --git a/Strava API v3/pom.xml b/Strava API v3/pom.xml index 463712f3..3c5d9042 100644 --- a/Strava API v3/pom.xml +++ b/Strava API v3/pom.xml @@ -148,5 +148,5 @@ https://github.com/danshannon/javastravav3api Dan Shannon - 2.0.0-SNAPSHOT + 2.0.1-SNAPSHOT \ No newline at end of file diff --git a/Strava API v3/src/javastrava/auth/TokenManager.java b/Strava API v3/src/javastrava/auth/TokenManager.java index d2342f1d..7e402384 100644 --- a/Strava API v3/src/javastrava/auth/TokenManager.java +++ b/Strava API v3/src/javastrava/auth/TokenManager.java @@ -1,13 +1,13 @@ package javastrava.auth; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - import javastrava.auth.model.Token; import javastrava.auth.ref.AuthorisationScope; import javastrava.config.Messages; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + /** *

* Manages the caching of tokens @@ -32,9 +32,9 @@ public static TokenManager instance() { } /** - * Cached tokens, mapped by username + * Cached tokens, mapped by athlete id */ - private final Map tokens; + private final Map tokens; /** *

@@ -43,7 +43,7 @@ public static TokenManager instance() { */ private TokenManager() { // Initialise as a singleton - this.tokens = new HashMap(); + this.tokens = new HashMap(); } /** @@ -63,16 +63,16 @@ public void clearTokenCache() { * of scopes *

* - * @param username - * The username + * @param athleteId + * The athleteId * @param requiredScopes * This list of scopes which must match the scopes of the token * @return The token with the matching list of scopes, or null * if there is no such token */ - public Token retrieveTokenWithExactScope(final String username, final AuthorisationScope... requiredScopes) { + public Token retrieveTokenWithExactScope(final Integer athleteId, final AuthorisationScope... requiredScopes) { // Get the token from the cache - final Token token = this.tokens.get(username); + final Token token = this.tokens.get(athleteId); // If there's no such token, or it has no scopes, then return null if ((token == null) || (token.getScopes() == null)) { @@ -109,19 +109,19 @@ public Token retrieveTokenWithExactScope(final String username, final Authorisat * of scopes *

* - * @param username The user to look up for a cached token + * @param athleteId The user to look up for a cached token * @param scopes The set of scopes the token must have * @return The matching token from the cache, or null if there is no matching token */ - public Token retrieveTokenWithExactScope(final String username, final List scopes) { + public Token retrieveTokenWithExactScope(final Integer athleteId, final List scopes) { if (scopes == null) { - return retrieveTokenWithExactScope(username, new AuthorisationScope[] {}); + return retrieveTokenWithExactScope(athleteId, new AuthorisationScope[] {}); } final AuthorisationScope[] array = new AuthorisationScope[scopes.size()]; for (int i = 0; i < scopes.size(); i++) { array[i] = scopes.get(i); } - return retrieveTokenWithExactScope(username, array); + return retrieveTokenWithExactScope(athleteId, array); } /** @@ -130,16 +130,16 @@ public Token retrieveTokenWithExactScope(final String username, final List * - * @param username - * The username + * @param athleteId + * The athleteId * @param scopes * The list of scopes which are required to be in the token * @return The token, or null if there is no cached token, or * the cached token doesn't have all the required scopes */ - public Token retrieveTokenWithScope(final String username, final AuthorisationScope... scopes) { + public Token retrieveTokenWithScope(final Integer athleteId, final AuthorisationScope... scopes) { // Get the token from cache - final Token token = this.tokens.get(username); + final Token token = this.tokens.get(athleteId); AuthorisationScope[] authScopes = scopes; // If scopes = null @@ -168,23 +168,23 @@ public Token retrieveTokenWithScope(final String username, final AuthorisationSc * scopes. *

* - * @param username - * The username + * @param athleteId + * The athleteId * @param scopes * The list of scopes which are required to be in the token * @return The token, or null if there is no cached token, or * the cached token doesn't have all the required scopes */ - public Token retrieveTokenWithScope(final String username, final List scopes) { + public Token retrieveTokenWithScope(final Integer athleteId, final List scopes) { if (scopes == null) { - return retrieveTokenWithScope(username, new AuthorisationScope[] {}); + return retrieveTokenWithScope(athleteId, new AuthorisationScope[] {}); } final AuthorisationScope[] array = new AuthorisationScope[scopes.size()]; for (int i = 0; i < scopes.size(); i++) { array[i] = scopes.get(i); } - return retrieveTokenWithExactScope(username, array); + return retrieveTokenWithExactScope(athleteId, array); } @@ -208,7 +208,7 @@ public void revokeToken(final Token token) { * @throws IllegalArgumentException If the token is null, or the athlete contained in it is null or has a null email, or there are no authorisation scopes, then */ public void storeToken(final Token token) { - String username = null; + Integer athleteId = null; if (token == null) { throw new IllegalArgumentException(Messages.string("TokenManager.0")); //$NON-NLS-1$ } @@ -216,14 +216,14 @@ public void storeToken(final Token token) { if (token.getAthlete() == null) { throw new IllegalArgumentException(Messages.string("TokenManager.1")); //$NON-NLS-1$ } - if (token.getAthlete().getEmail() == null) { - throw new IllegalArgumentException(Messages.string("TokenManager.2")); //$NON-NLS-1$ - } +// if (token.getAthlete().getEmail() == null) { +// throw new IllegalArgumentException(Messages.string("TokenManager.2")); //$NON-NLS-1$ +// } if (token.getScopes() == null) { throw new IllegalArgumentException(Messages.string("TokenManager.3")); //$NON-NLS-1$ } - username = token.getAthlete().getEmail(); - this.tokens.put(username, token); + athleteId = token.getAthlete().getId(); + this.tokens.put(athleteId, token); } } From 4b566099d365894cc5ccf35d2d561e7f7967665c Mon Sep 17 00:00:00 2001 From: Stefan Deser Date: Sun, 10 Feb 2019 16:15:18 +0100 Subject: [PATCH 2/2] Update AuthorisationScopes --- .gitignore | 1 + .../src/javastrava-config.properties | 9 ++- .../src/javastrava-messages.properties | 9 ++- .../src/javastrava/auth/model/Token.java | 60 +++++-------------- .../auth/ref/AuthorisationScope.java | 35 ++++++----- 5 files changed, 48 insertions(+), 66 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..9f11b755 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea/ diff --git a/Strava API v3/src/javastrava-config.properties b/Strava API v3/src/javastrava-config.properties index 05c33d19..cac6ca6c 100644 --- a/Strava API v3/src/javastrava-config.properties +++ b/Strava API v3/src/javastrava-config.properties @@ -44,8 +44,13 @@ AuthorisationApprovalPrompt.force=force AuthorisationResponseType.code=code -AuthorisationScope.view_private=view_private -AuthorisationScope.write=write +AuthorisationScope.read=read +AuthorisationScope.read_all=read_all +AuthorisationScope.profile_read_all=profile:read_all +AuthorisationScope.profile_write=profile:write +AuthorisationScope.activity_read=activity:read +AuthorisationScope.activity_read_all=activity:read_all +AuthorisationScope.activity_write=activity:write StravaActivityType.alpineski=alpineski StravaActivityType.backcountryski=backcountryski diff --git a/Strava API v3/src/javastrava-messages.properties b/Strava API v3/src/javastrava-messages.properties index 6da38a60..f56c88ba 100644 --- a/Strava API v3/src/javastrava-messages.properties +++ b/Strava API v3/src/javastrava-messages.properties @@ -2,8 +2,13 @@ Common.unknown.description=Unknown # Enum values -AuthorisationScope.view_private.description=Allow viewing of private data -AuthorisationScope.write.description=Allow creation of data +AuthorisationScope.read.description=Allows access to public segments, public routes, public profile data, public posts, public events, club feeds, and leaderboards. This scope matches the old default scope, except it no longer includes access to activities and certain athlete endpoints mentioned below. +AuthorisationScope.read_all.description=Allows access to view private routes, private segments, and private events. This scope matches the old view_private scope, except that it no longer includes access to private activities. +AuthorisationScope.profile_read_all.description=NEW! Allows access to read all profile information even if the user has set their profile visibility to “Followers” or “Only You.” +AuthorisationScope.profile_write.description=NEW! Allows access to update the user’s weight and Functional Threshold Power (FTP), and access to star or unstar segments on their behalf. +AuthorisationScope.activity_read.description=NEW! Allows access to read the user’s activity data for activities that are visible to “Everyone” and “Followers.” +AuthorisationScope.activity_read_all.description=NEW! Allows the same access as activity:read, plus access to read the athlete’s activities that are visible to “Only You.” +AuthorisationScope.activity_write.description=NEW! Allows access to create manual activities and uploads, and access to edit any activities that are visible to the app (based on activity read access level). RetrofitErrorHandler.rateLimitExceeded=Rate Limit Exceeded RetrofitErrorHandler.unknownError=Unknown error has occurred diff --git a/Strava API v3/src/javastrava/auth/model/Token.java b/Strava API v3/src/javastrava/auth/model/Token.java index 6cb8b404..957def55 100644 --- a/Strava API v3/src/javastrava/auth/model/Token.java +++ b/Strava API v3/src/javastrava/auth/model/Token.java @@ -1,9 +1,5 @@ package javastrava.auth.model; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; - import javastrava.auth.AuthorisationService; import javastrava.auth.TokenService; import javastrava.auth.impl.TokenServiceImpl; @@ -11,34 +7,12 @@ import javastrava.model.StravaAthlete; import javastrava.model.StravaEntity; import javastrava.model.reference.StravaResourceState; -import javastrava.service.ActivityService; -import javastrava.service.AthleteService; -import javastrava.service.ChallengeService; -import javastrava.service.ClubGroupEventService; -import javastrava.service.ClubService; -import javastrava.service.GearService; -import javastrava.service.RouteService; -import javastrava.service.RunningRaceService; -import javastrava.service.SegmentEffortService; -import javastrava.service.SegmentService; -import javastrava.service.StravaService; -import javastrava.service.StreamService; -import javastrava.service.UploadService; -import javastrava.service.WebhookService; -import javastrava.service.impl.ActivityServiceImpl; -import javastrava.service.impl.AthleteServiceImpl; -import javastrava.service.impl.ChallengeServiceImpl; -import javastrava.service.impl.ClubGroupEventServiceImpl; -import javastrava.service.impl.ClubServiceImpl; -import javastrava.service.impl.GearServiceImpl; -import javastrava.service.impl.RouteServiceImpl; -import javastrava.service.impl.RunningRaceServiceImpl; -import javastrava.service.impl.SegmentEffortServiceImpl; -import javastrava.service.impl.SegmentServiceImpl; -import javastrava.service.impl.StravaServiceImpl; -import javastrava.service.impl.StreamServiceImpl; -import javastrava.service.impl.UploadServiceImpl; -import javastrava.service.impl.WebhookServiceImpl; +import javastrava.service.*; +import javastrava.service.impl.*; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; /** *

@@ -287,27 +261,25 @@ public int hashCode() { * user) *

* - * @return true if the token contains the {@link AuthorisationScope#VIEW_PRIVATE} + * @return true if the token contains the {@link AuthorisationScope#PROFILE_READ_ALL} or {@link AuthorisationScope#ACTIVITY_READ_ALL} */ - public boolean hasViewPrivate() { - if ((this.scopes != null) && this.scopes.contains(AuthorisationScope.VIEW_PRIVATE)) { - return true; - } - return false; - } + public boolean hasViewPrivate() { + return (this.scopes != null) + && (this.scopes.contains(AuthorisationScope.PROFILE_READ_ALL) + || this.scopes.contains(AuthorisationScope.ACTIVITY_READ_ALL)); + } /** *

* Validates that the token has write access (according to the scopes that it was granted on creation at least; it is quite possible that permissions have subsequently been revoked by the user) *

* - * @return true if the token contains the {@link AuthorisationScope#WRITE} + * @return true if the token contains the {@link AuthorisationScope#PROFILE_WRITE} or {@link AuthorisationScope#ACTIVITY_WRITE} */ public boolean hasWriteAccess() { - if ((this.scopes != null) && this.scopes.contains(AuthorisationScope.WRITE)) { - return true; - } - return false; + return (this.scopes != null) + && (this.scopes.contains(AuthorisationScope.PROFILE_WRITE) + || this.scopes.contains(AuthorisationScope.ACTIVITY_WRITE)); } /** diff --git a/Strava API v3/src/javastrava/auth/ref/AuthorisationScope.java b/Strava API v3/src/javastrava/auth/ref/AuthorisationScope.java index 10b29bca..dd7d96a7 100644 --- a/Strava API v3/src/javastrava/auth/ref/AuthorisationScope.java +++ b/Strava API v3/src/javastrava/auth/ref/AuthorisationScope.java @@ -12,24 +12,23 @@ * @author Dan Shannon */ public enum AuthorisationScope { - /** - *

- * This authorisation scope allows the Strava API to return data from within the authenticated user's privacy zones - *

- */ - VIEW_PRIVATE(StravaConfig.string("AuthorisationScope.view_private"), Messages.string("AuthorisationScope.view_private.description")), //$NON-NLS-1$ //$NON-NLS-2$ - /** - *

- * This authorisation scope allows the Strava API to write data - that is to update athlete details, activity details, and to make comments and give kudos to other riders' activities - *

- */ - WRITE(StravaConfig.string("AuthorisationScope.write"), Messages.string("AuthorisationScope.write.description")), //$NON-NLS-1$ //$NON-NLS-2$ - /** - *

- * Should never occur but may if the Strava API behaviour has changed - *

- */ - UNKNOWN(StravaConfig.string("Common.unknown"), Messages.string("Common.unknown.description")); //$NON-NLS-1$ //$NON-NLS-2$ + + READ(StravaConfig.string("AuthorisationScope.read"), Messages.string("AuthorisationScope.read.description")), + + READ_ALL(StravaConfig.string("AuthorisationScope.read_all"), Messages.string("AuthorisationScope.read_all.description")), + + PROFILE_READ_ALL(StravaConfig.string("AuthorisationScope.profile_read_all"), Messages.string("AuthorisationScope.profile_read_all.description")), + + PROFILE_WRITE(StravaConfig.string("AuthorisationScope.profile_write"), Messages.string("AuthorisationScope.profile_write.description")), + + ACTIVITY_READ(StravaConfig.string("AuthorisationScope.activity_read"), Messages.string("AuthorisationScope.activity_read.description")), + + ACTIVITY_READ_ALL(StravaConfig.string("AuthorisationScope.activity_read_all"), Messages.string("AuthorisationScope.activity_read_all.description")), + + ACTIVITY_WRITE(StravaConfig.string("AuthorisationScope.activity_write"), Messages.string("AuthorisationScope.activity_write.description")), + + UNKNOWN(StravaConfig.string("Common.unknown"), Messages.string("Common.unknown.description")); + /** *

* Used when deserialising JSON returned by the Strava API