diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml index dc6d7ae94..a8ad836ed 100644 --- a/.github/workflows/push_trigger.yml +++ b/.github/workflows/push_trigger.yml @@ -10,7 +10,7 @@ on: - 1.* - develop - main - - bugfix-ES-177 + - bugfix-ES-218 jobs: call-workflow-codeql-analysis: diff --git a/consent-service-impl/src/main/java/io/mosip/esignet/entity/ConsentDetail.java b/consent-service-impl/src/main/java/io/mosip/esignet/entity/ConsentDetail.java index 272562c52..4f0073f51 100644 --- a/consent-service-impl/src/main/java/io/mosip/esignet/entity/ConsentDetail.java +++ b/consent-service-impl/src/main/java/io/mosip/esignet/entity/ConsentDetail.java @@ -38,6 +38,12 @@ public class ConsentDetail { @Column(name = "claims") private String claims; + /* + It stores the requested authorization scopes from the relying party in a json string + { + "scope" : "boolean" (essential or optional) + } + */ @NotNull @Column(name = "authorization_scopes") private String authorizationScopes; diff --git a/db_scripts/mosip_esignet/ddl/esignet-consent.sql b/db_scripts/mosip_esignet/ddl/esignet-consent.sql index ad7873f60..9bd1f8b50 100644 --- a/db_scripts/mosip_esignet/ddl/esignet-consent.sql +++ b/db_scripts/mosip_esignet/ddl/esignet-consent.sql @@ -37,7 +37,7 @@ COMMENT ON COLUMN consent_detail.id IS 'UUID : Unique id associated with each co COMMENT ON COLUMN consent_detail.client_id IS 'Client_id: associated with relying party'; COMMENT ON COLUMN consent_detail.psu_token IS 'PSU token associated with user consent'; COMMENT ON COLUMN consent_detail.claims IS 'Json of requested and user accepted claims'; -COMMENT ON COLUMN consent_detail.authorization_scopes IS 'Json string of user accepted authorization scope'; +COMMENT ON COLUMN consent_detail.authorization_scopes IS 'Json string of requested authorization scope'; COMMENT ON COLUMN consent_detail.cr_dtimes IS 'Consent creation date'; COMMENT ON COLUMN consent_detail.expire_dtimes IS 'Expiration date'; COMMENT ON COLUMN consent_detail.signature IS 'Signature of consent object '; diff --git a/db_scripts/mosip_esignet/ddl/esignet-consent_history.sql b/db_scripts/mosip_esignet/ddl/esignet-consent_history.sql index ef824227a..0d90fa34f 100644 --- a/db_scripts/mosip_esignet/ddl/esignet-consent_history.sql +++ b/db_scripts/mosip_esignet/ddl/esignet-consent_history.sql @@ -35,7 +35,7 @@ COMMENT ON COLUMN consent_history.id IS 'UUID : Unique id associated with each c COMMENT ON COLUMN consent_history.client_id IS 'Client_id: associated with relying party'; COMMENT ON COLUMN consent_history.psu_token IS 'PSU token associated with user consent'; COMMENT ON COLUMN consent_history.claims IS 'Json of requested and user accepted claims'; -COMMENT ON COLUMN consent_history.authorization_scopes IS 'Json string of user accepted authorization scope'; +COMMENT ON COLUMN consent_history.authorization_scopes IS 'Json string of requested authorization scope'; COMMENT ON COLUMN consent_history.cr_dtimes IS 'Consent creation date'; COMMENT ON COLUMN consent_history.expire_dtimes IS 'Expiration date'; COMMENT ON COLUMN consent_history.signature IS 'Signature of consent object '; diff --git a/oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java b/oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java index 3244af552..a4636a87f 100644 --- a/oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java +++ b/oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java @@ -89,9 +89,10 @@ public void updateUserConsent(OIDCTransaction transaction, boolean linked, Strin userConsent.setClaims(normalizedClaims); userConsent.setSignature(signature); List permittedScopes = transaction.getPermittedScopes(); - List authorizeScope = transaction.getRequestedAuthorizeScopes(); - Map authorizeScopes = permittedScopes != null ? permittedScopes.stream() - .collect(Collectors.toMap(Function.identity(), authorizeScope::contains)) : Collections.emptyMap(); + List requestedAuthorizeScopes = transaction.getRequestedAuthorizeScopes(); + // defaulting the essential boolean flag as false + Map authorizeScopes = requestedAuthorizeScopes != null ? requestedAuthorizeScopes.stream() + .collect(Collectors.toMap(Function.identity(), s->false)) : Collections.emptyMap(); userConsent.setAuthorizationScopes(authorizeScopes); userConsent.setAcceptedClaims(acceptedClaims); userConsent.setPermittedScopes(permittedScopes); @@ -176,10 +177,10 @@ private static ClaimDetail sortClaimDetail(ClaimDetail claimDetail){ private ConsentAction evaluateConsentAction(OIDCTransaction transaction, ConsentDetail consentDetail, boolean linked) { String hash; try { - List permittedScopes = transaction.getPermittedScopes(); List authorizeScope = transaction.getRequestedAuthorizeScopes(); - Map authorizeScopes = permittedScopes != null ? permittedScopes.stream() - .collect(Collectors.toMap(Function.identity(), authorizeScope::contains)) : Collections.emptyMap(); + // defaulting the essential boolean flag as false + Map authorizeScopes = authorizeScope != null ? authorizeScope.stream() + .collect(Collectors.toMap(Function.identity(), s->false)) : Collections.emptyMap(); Claims normalizedClaims = new Claims(); normalizedClaims.setUserinfo(normalizeClaims(transaction.getRequestedClaims().getUserinfo())); normalizedClaims.setId_token(normalizeClaims(transaction.getRequestedClaims().getId_token())); diff --git a/oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java b/oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java index 392699d16..5d10cfc57 100644 --- a/oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java +++ b/oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java @@ -170,7 +170,7 @@ public void processConsent_withValidConsentAndConsentActionAsNoCapture_thenPass( ConsentDetail consentDetail = new ConsentDetail(); consentDetail.setClientId("123"); consentDetail.setSignature("signature"); - consentDetail.setAuthorizationScopes(Map.of("openid",true,"profile",true)); + consentDetail.setAuthorizationScopes(Map.of("openid",false,"profile",false)); consentDetail.setClaims(claims); Claims normalizedClaims = new Claims(); normalizedClaims.setUserinfo(consentHelperService.normalizeClaims(claims.getUserinfo()));