zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-03 13:37:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

Make first pass at new OAuth-aware server authentication framework

Browse source 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=147081745
This commit is contained in:
mountford 2017-02-09 14:28:23 -08:00 committed by Ben McIlwain
parent cb215adac3
commit c41f5bb31c
17 changed files with 327 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
java/google/registry/config/RegistryConfig.java
View file

@ -23,6 +23,7 @@ import com.google.common.base.Optional;
import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.net.HostAndPort;
import dagger.Module;
import dagger.Provides;
@ -904,6 +905,44 @@ public final class RegistryConfig {
return CONFIG_SETTINGS.get();
}
/**
* Provides the OAuth scopes to check for on access tokens.
*
* <p>This list should be a superset of the required OAuth scope set provided below.
*
* <p>If we feel the need, we could define additional fixed scopes, similar to the Java remote
* API, which requires at least one of:
*
* <ul>
* <li>https://www.googleapis.com/auth/appengine.apis</li>
* <li>https://www.googleapis.com/auth/cloud-platform</li>
* </ul>
*/
@Provides
@Config("availableOauthScopes")
public static ImmutableSet<String> provideAvailableOauthScopes() {
return ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email");
}
/**
* Provides the required OAuth scopes for simply authenticating.
*
* <p>This set contains the scopes which must be present to authenticate a user. It should be a
* subset of the scopes we request from the OAuth interface, provided above.
*/
@Provides
@Config("requiredOauthScopes")
public static ImmutableSet<String> provideRequiredOauthScopes() {
return ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email");
}
/** Provides the allowed OAuth client IDs (could be multibinding). */
@Provides
@Config("allowedOauthClientIds")
public static ImmutableSet<String> provideAllowedOauthClientIds() {
return ImmutableSet.of("PUT.YOUR.PROXY.CLIENT.ID.HERE", "PUT.YOUR.REGTOOL.CLIENT.ID.HERE");
}
/**
* Returns the help path for the RDAP terms of service.
*

1
java/google/registry/module/backend/BUILD
View file

@ -31,6 +31,7 @@ java_library(
"//java/google/registry/rde/imports",
"//java/google/registry/request",
"//java/google/registry/request:modules",
"//java/google/registry/request/auth",
"//java/google/registry/tmch",
"//java/google/registry/util",
"@com_google_appengine_api_1_0_sdk",

2
java/google/registry/module/backend/BackendComponent.java
View file

@ -39,6 +39,7 @@ import google.registry.request.Modules.URLFetchServiceModule;
import google.registry.request.Modules.UrlFetchTransportModule;
import google.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule;
import google.registry.request.Modules.UserServiceModule;
import google.registry.request.auth.AuthModule;
import google.registry.util.SystemClock.SystemClockModule;
import google.registry.util.SystemSleeper.SystemSleeperModule;
import javax.inject.Singleton;
@ -48,6 +49,7 @@ import javax.inject.Singleton;
@Component(
modules = {
AppIdentityCredentialModule.class,
AuthModule.class,
BackendRequestComponentModule.class,
BigqueryModule.class,
ConfigModule.class,

6
java/google/registry/module/backend/BackendRequestHandler.java
View file

@ -16,6 +16,7 @@ package google.registry.module.backend;
import com.google.appengine.api.users.UserService;
import google.registry.request.RequestHandler;
import google.registry.request.auth.RequestAuthenticator;
import javax.inject.Inject;
import javax.inject.Provider;
@ -25,7 +26,8 @@ public class BackendRequestHandler
@Inject BackendRequestHandler(
Provider<BackendRequestComponent.Builder> componentBuilderProvider,
UserService userService) {
super(componentBuilderProvider, userService);
UserService userService,
RequestAuthenticator requestAuthenticator) {
super(componentBuilderProvider, userService, requestAuthenticator);
}
}

1
java/google/registry/module/frontend/BUILD
View file

@ -18,6 +18,7 @@ java_library(
"//java/google/registry/rdap",
"//java/google/registry/request",
"//java/google/registry/request:modules",
"//java/google/registry/request/auth",
"//java/google/registry/ui",
"//java/google/registry/ui/server/registrar",
"//java/google/registry/util",

2
java/google/registry/module/frontend/FrontendComponent.java
View file

@ -29,6 +29,7 @@ import google.registry.request.Modules.ModulesServiceModule;
import google.registry.request.Modules.UrlFetchTransportModule;
import google.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule;
import google.registry.request.Modules.UserServiceModule;
import google.registry.request.auth.AuthModule;
import google.registry.ui.ConsoleConfigModule;
import google.registry.util.SystemClock.SystemClockModule;
import google.registry.util.SystemSleeper.SystemSleeperModule;
@ -39,6 +40,7 @@ import javax.inject.Singleton;
@Component(
modules = {
AppIdentityCredentialModule.class,
AuthModule.class,
BraintreeModule.class,
ConfigModule.class,
ConsoleConfigModule.class,

6
java/google/registry/module/frontend/FrontendRequestHandler.java
View file

@ -16,6 +16,7 @@ package google.registry.module.frontend;
import com.google.appengine.api.users.UserService;
import google.registry.request.RequestHandler;
import google.registry.request.auth.RequestAuthenticator;
import javax.inject.Inject;
import javax.inject.Provider;
@ -25,7 +26,8 @@ public class FrontendRequestHandler
@Inject FrontendRequestHandler(
Provider<FrontendRequestComponent.Builder> componentBuilderProvider,
UserService userService) {
super(componentBuilderProvider, userService);
UserService userService,
RequestAuthenticator requestAuthenticator) {
super(componentBuilderProvider, userService, requestAuthenticator);
}
}

1
java/google/registry/module/tools/BUILD
View file

@ -20,6 +20,7 @@ java_library(
"//java/google/registry/monitoring/whitebox",
"//java/google/registry/request",
"//java/google/registry/request:modules",
"//java/google/registry/request/auth",
"//java/google/registry/tools/server",
"//java/google/registry/tools/server/javascrap",
"//java/google/registry/util",

2
java/google/registry/module/tools/ToolsComponent.java
View file

@ -33,6 +33,7 @@ import google.registry.request.Modules.ModulesServiceModule;
import google.registry.request.Modules.UrlFetchTransportModule;
import google.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule;
import google.registry.request.Modules.UserServiceModule;
import google.registry.request.auth.AuthModule;
import google.registry.util.SystemClock.SystemClockModule;
import google.registry.util.SystemSleeper.SystemSleeperModule;
import javax.inject.Singleton;
@ -42,6 +43,7 @@ import javax.inject.Singleton;
@Component(
modules = {
AppIdentityCredentialModule.class,
AuthModule.class,
ConfigModule.class,
CustomLogicFactoryModule.class,
DatastoreServiceModule.class,

6
java/google/registry/module/tools/ToolsRequestHandler.java
View file

@ -16,6 +16,7 @@ package google.registry.module.tools;
import com.google.appengine.api.users.UserService;
import google.registry.request.RequestHandler;
import google.registry.request.auth.RequestAuthenticator;
import javax.inject.Inject;
import javax.inject.Provider;
@ -25,7 +26,8 @@ public class ToolsRequestHandler
@Inject ToolsRequestHandler(
Provider<ToolsRequestComponent.Builder> componentBuilderProvider,
UserService userService) {
super(componentBuilderProvider, userService);
UserService userService,
RequestAuthenticator requestAuthenticator) {
super(componentBuilderProvider, userService, requestAuthenticator);
}
}

4
java/google/registry/request/Action.java
View file

@ -14,6 +14,7 @@
package google.registry.request;
import google.registry.request.auth.Auth;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@ -61,4 +62,7 @@ public @interface Action {
* {@code web.xml} with {@code <role-name>*</role-name>}.
*/
boolean requireLogin() default false;
/** Authentication settings. */
Auth auth() default @Auth;
}

1
java/google/registry/request/BUILD
View file

@ -11,6 +11,7 @@ java_library(
exclude = ["Modules.java"],
),
deps = [
"//java/google/registry/request/auth",
"//java/google/registry/security",
"//java/google/registry/util",
"@com_google_appengine_api_1_0_sdk",

34
java/google/registry/request/RequestHandler.java
View file

@ -27,6 +27,8 @@ import static javax.servlet.http.HttpServletResponse.SC_NOT_FOUND;
import com.google.appengine.api.users.UserService;
import com.google.common.base.Optional;
import google.registry.request.auth.AuthResult;
import google.registry.request.auth.RequestAuthenticator;
import google.registry.util.FormattingLogger;
import google.registry.util.TypeUtils.TypeInstantiator;
import java.io.IOException;
@ -77,6 +79,7 @@ public class RequestHandler<C, B extends RequestComponentBuilder<C, B>> {
private final Router router;
private final Provider<B> requestComponentBuilderProvider;
private final UserService userService;
private final RequestAuthenticator requestAuthenticator;
/**
* Constructor for subclasses to create a new request handler for a specific request component.
@ -89,22 +92,33 @@ public class RequestHandler<C, B extends RequestComponentBuilder<C, B>> {
* be used to construct new instances of the request component (with the required
* request-derived modules provided by this class)
* @param userService an instance of the App Engine UserService API
* @param requestAuthenticator an instance of the RequestAuthenticator class
*/
protected RequestHandler(Provider<B> requestComponentBuilderProvider, UserService userService) {
this(null, requestComponentBuilderProvider, userService);
protected RequestHandler(
Provider<B> requestComponentBuilderProvider,
UserService userService,
RequestAuthenticator requestAuthenticator) {
this(null, requestComponentBuilderProvider, userService, requestAuthenticator);
}
/** Creates a new RequestHandler with an explicit component class for test purposes. */
public static <C, B extends RequestComponentBuilder<C, B>> RequestHandler<C, B> createForTest(
Class<C> component, Provider<B> requestComponentBuilderProvider, UserService userService) {
Class<C> component,
Provider<B> requestComponentBuilderProvider,
UserService userService,
RequestAuthenticator requestAuthenticator) {
return new RequestHandler<>(
checkNotNull(component), requestComponentBuilderProvider, userService);
checkNotNull(component),
requestComponentBuilderProvider,
userService,
requestAuthenticator);
}
private RequestHandler(
@Nullable Class<C> component,
Provider<B> requestComponentBuilderProvider,
UserService userService) {
UserService userService,
RequestAuthenticator requestAuthenticator) {
// If the component class isn't explicitly provided, infer it from the class's own typing.
// This is safe only for use by subclasses of RequestHandler where the generic parameter is
// preserved at runtime, so only expose that option via the protected constructor.
@ -112,6 +126,7 @@ public class RequestHandler<C, B extends RequestComponentBuilder<C, B>> {
component != null ? component : new TypeInstantiator<C>(getClass()){}.getExactType());
this.requestComponentBuilderProvider = checkNotNull(requestComponentBuilderProvider);
this.userService = checkNotNull(userService);
this.requestAuthenticator = checkNotNull(requestAuthenticator);
}
/** Runs the appropriate action for a servlet request. */
@ -152,9 +167,16 @@ public class RequestHandler<C, B extends RequestComponentBuilder<C, B>> {
rsp.sendError(SC_FORBIDDEN, "Invalid " + X_CSRF_TOKEN);
return;
}
Optional<AuthResult> authResult =
requestAuthenticator.authorize(route.get().action().auth(), req);
if (!authResult.isPresent()) {
rsp.sendError(SC_FORBIDDEN);
return;
}
// Build a new request component using any modules we've constructed by this point.
C component = requestComponentBuilderProvider.get()
.requestModule(new RequestModule(req, rsp))
.requestModule(new RequestModule(req, rsp, authResult.get()))
.build();
// Apply the selected Route to the component to produce an Action instance, and run it.
try {

16
java/google/registry/request/RequestModule.java
View file

@ -26,6 +26,7 @@ import dagger.Module;
import dagger.Provides;
import google.registry.request.HttpException.BadRequestException;
import google.registry.request.HttpException.UnsupportedMediaTypeException;
import google.registry.request.auth.AuthResult;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
@ -40,10 +41,18 @@ public final class RequestModule {
private final HttpServletRequest req;
private final HttpServletResponse rsp;
private final AuthResult authResult;
public RequestModule(HttpServletRequest req, HttpServletResponse rsp) {
public RequestModule(
HttpServletRequest req, HttpServletResponse rsp) {
this(req, rsp, AuthResult.NOT_AUTHENTICATED);
}
public RequestModule(
HttpServletRequest req, HttpServletResponse rsp, AuthResult authResult) {
this.req = req;
this.rsp = rsp;
this.authResult = authResult;
}
@Provides
@ -66,6 +75,11 @@ public final class RequestModule {
return rsp;
}
@Provides
AuthResult provideAuthResult() {
return authResult;
}
@Provides
@RequestPath
static String provideRequestPath(HttpServletRequest req) {

3
javatests/google/registry/request/BUILD
View file

@ -12,14 +12,15 @@ java_library(
srcs = glob(["*.java"]),
deps = [
"//java/google/registry/request",
"//java/google/registry/request/auth",
"//java/google/registry/security",
"//javatests/google/registry/security",
"//javatests/google/registry/testing",
"@com_google_appengine_api_1_0_sdk//:testonly",
"@com_google_guava",
"@com_google_guava_testlib",
"@com_google_truth",
"@com_googlecode_json_simple",
"@javax_inject",
"@javax_servlet_api",
"@joda_time",
"@junit",

150
javatests/google/registry/request/RequestHandlerTest.java
View file

@ -23,15 +23,27 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.verifyZeroInteractions;
import static org.mockito.Mockito.when;
import com.google.appengine.api.oauth.OAuthServiceFactory;
import com.google.appengine.api.users.User;
import com.google.appengine.api.users.UserService;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.testing.NullPointerTester;
import google.registry.request.HttpException.ServiceUnavailableException;
import google.registry.request.auth.AppEngineInternalAuthenticationMechanism;
import google.registry.request.auth.Auth;
import google.registry.request.auth.AuthLevel;
import google.registry.request.auth.AuthResult;
import google.registry.request.auth.LegacyAuthenticationMechanism;
import google.registry.request.auth.OAuthAuthenticationMechanism;
import google.registry.request.auth.RequestAuthenticator;
import google.registry.testing.AppEngineRule;
import google.registry.testing.InjectRule;
import google.registry.testing.Providers;
import google.registry.testing.UserInfo;
import java.io.PrintWriter;
import java.io.StringWriter;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
@ -57,31 +69,31 @@ public final class RequestHandlerTest {
public final InjectRule inject = new InjectRule();
@Action(path = "/bumblebee", method = {GET, POST}, isPrefix = true)
public class BumblebeeTask implements Runnable {
public static class BumblebeeTask implements Runnable {
@Override
public void run() {}
}
@Action(path = "/sloth", method = POST, automaticallyPrintOk = true)
public class SlothTask implements Runnable {
public static class SlothTask implements Runnable {
@Override
public void run() {}
}
@Action(path = "/safe-sloth", method = {GET, POST}, xsrfProtection = true, xsrfScope = "vampire")
public class SafeSlothTask implements Runnable {
public static class SafeSlothTask implements Runnable {
@Override
public void run() {}
}
@Action(path = "/users-only", method = GET, requireLogin = true)
public class UsersOnlyAction implements Runnable {
public static class UsersOnlyAction implements Runnable {
@Override
public void run() {}
}
@Action(path = "/fail")
public final class FailTask implements Runnable {
public static final class FailTask implements Runnable {
@Override
public void run() {
throw new ServiceUnavailableException("Set sail for fail");
@ -89,7 +101,7 @@ public final class RequestHandlerTest {
}
@Action(path = "/failAtConstruction")
public final class FailAtConstructionTask implements Runnable {
public static final class FailAtConstructionTask implements Runnable {
public FailAtConstructionTask() {
throw new ServiceUnavailableException("Fail at construction");
}
@ -100,7 +112,57 @@ public final class RequestHandlerTest {
}
}
class AuthBase implements Runnable {
private final AuthResult authResult;
AuthBase(AuthResult authResult) {
this.authResult = authResult;
}
@Override
public void run() {
injectedAuthResult = authResult;
}
}
@Action(
path = "/auth/none",
auth = @Auth(
methods = {Auth.AuthMethod.INTERNAL},
minimumLevel = AuthLevel.NONE,
userPolicy = Auth.UserPolicy.IGNORED),
method = Action.Method.GET)
public class AuthNoneAction extends AuthBase {
@Inject AuthNoneAction(AuthResult authResult) {
super(authResult);
}
}
@Action(
path = "/auth/adminUserAnyMethod",
auth = @Auth(
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},
minimumLevel = AuthLevel.USER,
userPolicy = Auth.UserPolicy.ADMIN),
method = Action.Method.GET)
public class AuthAdminUserAnyMethodAction extends AuthBase {
@Inject AuthAdminUserAnyMethodAction(AuthResult authResult) {
super(authResult);
}
}
public class Component {
private RequestModule requestModule = null;
public RequestModule getRequestModule() {
return requestModule;
}
public void setRequestModule(RequestModule requestModule) {
this.requestModule = requestModule;
}
public BumblebeeTask bumblebeeTask() {
return bumblebeeTask;
}
@ -124,12 +186,22 @@ public final class RequestHandlerTest {
public FailAtConstructionTask failAtConstructionTask() {
return new FailAtConstructionTask();
}
public AuthNoneAction authNoneAction() {
return new AuthNoneAction(component.getRequestModule().provideAuthResult());
}
public AuthAdminUserAnyMethodAction authAdminUserAnyMethodAction() {
return new AuthAdminUserAnyMethodAction(
component.getRequestModule().provideAuthResult());
}
}
/** Fake Builder for the fake component above to satisfy RequestHandler expectations. */
public abstract static class Builder implements RequestComponentBuilder<Component, Builder> {
public abstract class Builder implements RequestComponentBuilder<Component, Builder> {
@Override
public Builder requestModule(RequestModule requestModule) {
component.setRequestModule(requestModule);
return this;
}
}
@ -158,9 +230,22 @@ public final class RequestHandlerTest {
private final Component component = new Component();
private final StringWriter httpOutput = new StringWriter();
private RequestHandler<Component, Builder> handler;
private AuthResult injectedAuthResult = null;
private final User testUser = new User("test@example.com", "test@example.com");
private RequestAuthenticator requestAuthenticator;
@Before
public void before() throws Exception {
requestAuthenticator = new RequestAuthenticator(
new AppEngineInternalAuthenticationMechanism(),
ImmutableList.of(
new OAuthAuthenticationMechanism(
OAuthServiceFactory.getOAuthService(),
ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email"),
ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email"),
ImmutableSet.of("proxy-client-id", "regtool-client-id"))),
new LegacyAuthenticationMechanism(userService));
// Initialize here, not inline, so that we pick up the mocked UserService.
handler = RequestHandler.<Component, Builder>createForTest(
Component.class,
@ -171,7 +256,8 @@ public final class RequestHandlerTest {
return component;
}
}),
userService);
userService,
requestAuthenticator);
when(rsp.getWriter()).thenReturn(new PrintWriter(httpOutput));
}
@ -279,6 +365,7 @@ public final class RequestHandlerTest {
@Test
public void testNullness() {
NullPointerTester tester = new NullPointerTester();
tester.setDefault(RequestAuthenticator.class, requestAuthenticator);
tester.testAllPublicStaticMethods(RequestHandler.class);
tester.testAllPublicInstanceMethods(handler);
}
@ -331,9 +418,56 @@ public final class RequestHandlerTest {
@Test
public void testMustBeLoggedIn_loggedIn_runsAction() throws Exception {
when(userService.isUserLoggedIn()).thenReturn(true);
when(userService.getCurrentUser()).thenReturn(testUser);
when(req.getMethod()).thenReturn("GET");
when(req.getRequestURI()).thenReturn("/users-only");
handler.handleRequest(req, rsp);
verify(usersOnlyAction).run();
}
@Test
public void testNoAuthNeeded_success() throws Exception {
when(req.getMethod()).thenReturn("GET");
when(req.getRequestURI()).thenReturn("/auth/none");
handler.handleRequest(req, rsp);
assertThat(injectedAuthResult).isNotNull();
assertThat(injectedAuthResult.authLevel()).isEqualTo(AuthLevel.NONE);
assertThat(injectedAuthResult.userAuthInfo()).isAbsent();
}
@Test
public void testAuthNeeded_notLoggedIn() throws Exception {
when(req.getMethod()).thenReturn("GET");
when(req.getRequestURI()).thenReturn("/auth/adminUserAnyMethod");
handler.handleRequest(req, rsp);
verify(rsp).sendError(403);
assertThat(injectedAuthResult).isNull();
}
@Test
public void testAuthNeeded_notAuthorized() throws Exception {
when(userService.isUserLoggedIn()).thenReturn(true);
when(userService.getCurrentUser()).thenReturn(testUser);
when(userService.isUserAdmin()).thenReturn(false);
when(req.getMethod()).thenReturn("GET");
when(req.getRequestURI()).thenReturn("/auth/adminUserAnyMethod");
handler.handleRequest(req, rsp);
verify(rsp).sendError(403);
assertThat(injectedAuthResult).isNull();
}
@Test
public void testAuthNeeded_success() throws Exception {
when(userService.isUserLoggedIn()).thenReturn(true);
when(userService.getCurrentUser()).thenReturn(testUser);
when(userService.isUserAdmin()).thenReturn(true);
when(req.getMethod()).thenReturn("GET");
when(req.getRequestURI()).thenReturn("/auth/adminUserAnyMethod");
handler.handleRequest(req, rsp);
assertThat(injectedAuthResult).isNotNull();
assertThat(injectedAuthResult.authLevel()).isEqualTo(AuthLevel.USER);
assertThat(injectedAuthResult.userAuthInfo()).isPresent();
assertThat(injectedAuthResult.userAuthInfo().get().user()).isEqualTo(testUser);
assertThat(injectedAuthResult.userAuthInfo().get().oauthTokenInfo()).isAbsent();
}
}

75
javatests/google/registry/testing/FakeUserService.java Normal file
View file

@ -0,0 +1,75 @@
// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.testing;
import com.google.appengine.api.users.User;
import com.google.appengine.api.users.UserService;
import java.util.Set;
import javax.annotation.Nullable;
// TODO: Consider reconciling this with AppEngineRule.withUserService()
/** Fake implementation of {@link UserService} for testing. */
public class FakeUserService implements UserService {
@Nullable private User user = null;
private boolean isAdmin = false;
public void setUser(@Nullable User user, boolean isAdmin) {
this.user = user;
this.isAdmin = isAdmin;
}
@Override
public String createLoginURL(String destinationURL) {
throw new UnsupportedOperationException();
}
@Override
public String createLoginURL(String destinationURL, String authDomain) {
throw new UnsupportedOperationException();
}
@Override
public String createLoginURL(String destinationURL, String authDomain, String federatedIdentity,
Set<String> attributesRequest) {
throw new UnsupportedOperationException();
}
@Override
public String createLogoutURL(String destinationURL) {
throw new UnsupportedOperationException();
}
@Override
public String createLogoutURL(String destinationURL, String authDomain) {
throw new UnsupportedOperationException();
}
@Override
public boolean isUserLoggedIn() {
return user != null;
}
@Override
public boolean isUserAdmin() {
return isAdmin;
}
@Override
public User getCurrentUser() {
return user;
}
}