Skip to content

Commit

Permalink
Merge pull request #303 from mosip/bugfix-ES-218
Browse files Browse the repository at this point in the history
ES-218 (#296)
  • Loading branch information
jainhitesh9998 authored Aug 3, 2023
2 parents ce9e1d9 + 3f79522 commit 662b741
Show file tree
Hide file tree
Showing 7 changed files with 18 additions and 10 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/push_trigger.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ on:
- 1.*
- develop
- main
- bugfix-ES-177
- bugfix-ES-218

jobs:
call-workflow-codeql-analysis:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ public class ConsentDetail {
@Column(name = "claims")
private String claims;

/*
It stores the requested authorization scopes from the relying party in a json string
{
"scope" : "boolean" (essential or optional)
}
*/
@NotNull
@Column(name = "authorization_scopes")
private String authorizationScopes;
Expand Down
2 changes: 1 addition & 1 deletion db_scripts/mosip_esignet/ddl/esignet-consent.sql
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ COMMENT ON COLUMN consent_detail.id IS 'UUID : Unique id associated with each co
COMMENT ON COLUMN consent_detail.client_id IS 'Client_id: associated with relying party';
COMMENT ON COLUMN consent_detail.psu_token IS 'PSU token associated with user consent';
COMMENT ON COLUMN consent_detail.claims IS 'Json of requested and user accepted claims';
COMMENT ON COLUMN consent_detail.authorization_scopes IS 'Json string of user accepted authorization scope';
COMMENT ON COLUMN consent_detail.authorization_scopes IS 'Json string of requested authorization scope';
COMMENT ON COLUMN consent_detail.cr_dtimes IS 'Consent creation date';
COMMENT ON COLUMN consent_detail.expire_dtimes IS 'Expiration date';
COMMENT ON COLUMN consent_detail.signature IS 'Signature of consent object ';
Expand Down
2 changes: 1 addition & 1 deletion db_scripts/mosip_esignet/ddl/esignet-consent_history.sql
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ COMMENT ON COLUMN consent_history.id IS 'UUID : Unique id associated with each c
COMMENT ON COLUMN consent_history.client_id IS 'Client_id: associated with relying party';
COMMENT ON COLUMN consent_history.psu_token IS 'PSU token associated with user consent';
COMMENT ON COLUMN consent_history.claims IS 'Json of requested and user accepted claims';
COMMENT ON COLUMN consent_history.authorization_scopes IS 'Json string of user accepted authorization scope';
COMMENT ON COLUMN consent_history.authorization_scopes IS 'Json string of requested authorization scope';
COMMENT ON COLUMN consent_history.cr_dtimes IS 'Consent creation date';
COMMENT ON COLUMN consent_history.expire_dtimes IS 'Expiration date';
COMMENT ON COLUMN consent_history.signature IS 'Signature of consent object ';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,10 @@ public void updateUserConsent(OIDCTransaction transaction, boolean linked, Strin
userConsent.setClaims(normalizedClaims);
userConsent.setSignature(signature);
List<String> permittedScopes = transaction.getPermittedScopes();
List<String> authorizeScope = transaction.getRequestedAuthorizeScopes();
Map<String, Boolean> authorizeScopes = permittedScopes != null ? permittedScopes.stream()
.collect(Collectors.toMap(Function.identity(), authorizeScope::contains)) : Collections.emptyMap();
List<String> requestedAuthorizeScopes = transaction.getRequestedAuthorizeScopes();
// defaulting the essential boolean flag as false
Map<String, Boolean> authorizeScopes = requestedAuthorizeScopes != null ? requestedAuthorizeScopes.stream()
.collect(Collectors.toMap(Function.identity(), s->false)) : Collections.emptyMap();
userConsent.setAuthorizationScopes(authorizeScopes);
userConsent.setAcceptedClaims(acceptedClaims);
userConsent.setPermittedScopes(permittedScopes);
Expand Down Expand Up @@ -176,10 +177,10 @@ private static ClaimDetail sortClaimDetail(ClaimDetail claimDetail){
private ConsentAction evaluateConsentAction(OIDCTransaction transaction, ConsentDetail consentDetail, boolean linked) {
String hash;
try {
List<String> permittedScopes = transaction.getPermittedScopes();
List<String> authorizeScope = transaction.getRequestedAuthorizeScopes();
Map<String, Boolean> authorizeScopes = permittedScopes != null ? permittedScopes.stream()
.collect(Collectors.toMap(Function.identity(), authorizeScope::contains)) : Collections.emptyMap();
// defaulting the essential boolean flag as false
Map<String, Boolean> authorizeScopes = authorizeScope != null ? authorizeScope.stream()
.collect(Collectors.toMap(Function.identity(), s->false)) : Collections.emptyMap();
Claims normalizedClaims = new Claims();
normalizedClaims.setUserinfo(normalizeClaims(transaction.getRequestedClaims().getUserinfo()));
normalizedClaims.setId_token(normalizeClaims(transaction.getRequestedClaims().getId_token()));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,7 @@ public LinkedKycAuthResponseV2 authenticateUserV2(LinkedKycAuthRequest linkedKyc
if(ConsentAction.NOCAPTURE.equals(transaction.getConsentAction())){
validateConsent(transaction, transaction.getAcceptedClaims(), transaction.getPermittedScopes());
cacheUtilService.setLinkedConsentedTransaction(transaction.getLinkedTransactionId(), transaction);
consentHelperService.updateUserConsent(transaction,true, "");
kafkaHelperService.publish(linkedAuthCodeTopicName, transaction.getLinkedTransactionId());
} else {
cacheUtilService.setLinkedAuthenticatedTransaction(linkedKycAuthRequest.getLinkedTransactionId(), transaction);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ public void processConsent_withValidConsentAndConsentActionAsNoCapture_thenPass(
ConsentDetail consentDetail = new ConsentDetail();
consentDetail.setClientId("123");
consentDetail.setSignature("signature");
consentDetail.setAuthorizationScopes(Map.of("openid",true,"profile",true));
consentDetail.setAuthorizationScopes(Map.of("openid",false,"profile",false));
consentDetail.setClaims(claims);
Claims normalizedClaims = new Claims();
normalizedClaims.setUserinfo(consentHelperService.normalizeClaims(claims.getUserinfo()));
Expand Down

0 comments on commit 662b741

Please sign in to comment.