Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ES-218] #304

Merged
merged 5 commits into from
Aug 3, 2023
Merged

[ES-218] #304

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7518b18
ES-218 (#296)
jainhitesh9998 Aug 2, 2023
040deb0
ES-218 (#296)
jainhitesh9998 Aug 2, 2023
c013beb
Merge branch 'mosip:develop' into develop
kaifk468 Aug 3, 2023
af6c586
[BUGFIX] remove consent in linked consent when openid is only the scope
jainhitesh9998 Aug 3, 2023
e8b23d2
Merge branch 'develop' of https://github.com/Infosys/esignet into dev…
jainhitesh9998 Aug 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .github/workflows/push_trigger.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ on:
- 1.*
- develop
- main
- bugfix-ES-177

jobs:
call-workflow-codeql-analysis:
Expand Down
6 changes: 6 additions & 0 deletions consent-service-impl/src/main/java/io/mosip/esignet/entity/ConsentDetail.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ public class ConsentDetail {
@Column(name = "claims")
private String claims;

/*
It stores the requested authorization scopes from the relying party in a json string
{
"scope" : "boolean" (essential or optional)
}
*/
@NotNull
@Column(name = "authorization_scopes")
private String authorizationScopes;
Expand Down
2 changes: 1 addition & 1 deletion db_scripts/mosip_esignet/ddl/esignet-consent.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ COMMENT ON COLUMN consent_detail.id IS 'UUID : Unique id associated with each co
COMMENT ON COLUMN consent_detail.client_id IS 'Client_id: associated with relying party';
COMMENT ON COLUMN consent_detail.psu_token IS 'PSU token associated with user consent';
COMMENT ON COLUMN consent_detail.claims IS 'Json of requested and user accepted claims';
COMMENT ON COLUMN consent_detail.authorization_scopes IS 'Json string of user accepted authorization scope';
COMMENT ON COLUMN consent_detail.authorization_scopes IS 'Json string of requested authorization scope';
COMMENT ON COLUMN consent_detail.cr_dtimes IS 'Consent creation date';
COMMENT ON COLUMN consent_detail.expire_dtimes IS 'Expiration date';
COMMENT ON COLUMN consent_detail.signature IS 'Signature of consent object ';
Expand Down
2 changes: 1 addition & 1 deletion db_scripts/mosip_esignet/ddl/esignet-consent_history.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ COMMENT ON COLUMN consent_history.id IS 'UUID : Unique id associated with each c
COMMENT ON COLUMN consent_history.client_id IS 'Client_id: associated with relying party';
COMMENT ON COLUMN consent_history.psu_token IS 'PSU token associated with user consent';
COMMENT ON COLUMN consent_history.claims IS 'Json of requested and user accepted claims';
COMMENT ON COLUMN consent_history.authorization_scopes IS 'Json string of user accepted authorization scope';
COMMENT ON COLUMN consent_history.authorization_scopes IS 'Json string of requested authorization scope';
COMMENT ON COLUMN consent_history.cr_dtimes IS 'Consent creation date';
COMMENT ON COLUMN consent_history.expire_dtimes IS 'Expiration date';
COMMENT ON COLUMN consent_history.signature IS 'Signature of consent object ';
Expand Down
13 changes: 7 additions & 6 deletions oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,10 @@ public void updateUserConsent(OIDCTransaction transaction, boolean linked, Strin
userConsent.setClaims(normalizedClaims);
userConsent.setSignature(signature);
List<String> permittedScopes = transaction.getPermittedScopes();
List<String> authorizeScope = transaction.getRequestedAuthorizeScopes();
Map<String, Boolean> authorizeScopes = permittedScopes != null ? permittedScopes.stream()
.collect(Collectors.toMap(Function.identity(), authorizeScope::contains)) : Collections.emptyMap();
List<String> requestedAuthorizeScopes = transaction.getRequestedAuthorizeScopes();
// defaulting the essential boolean flag as false
Map<String, Boolean> authorizeScopes = requestedAuthorizeScopes != null ? requestedAuthorizeScopes.stream()
.collect(Collectors.toMap(Function.identity(), s->false)) : Collections.emptyMap();
userConsent.setAuthorizationScopes(authorizeScopes);
userConsent.setAcceptedClaims(acceptedClaims);
userConsent.setPermittedScopes(permittedScopes);
Expand Down Expand Up @@ -176,10 +177,10 @@ private static ClaimDetail sortClaimDetail(ClaimDetail claimDetail){
private ConsentAction evaluateConsentAction(OIDCTransaction transaction, ConsentDetail consentDetail, boolean linked) {
String hash;
try {
List<String> permittedScopes = transaction.getPermittedScopes();
List<String> authorizeScope = transaction.getRequestedAuthorizeScopes();
Map<String, Boolean> authorizeScopes = permittedScopes != null ? permittedScopes.stream()
.collect(Collectors.toMap(Function.identity(), authorizeScope::contains)) : Collections.emptyMap();
// defaulting the essential boolean flag as false
Map<String, Boolean> authorizeScopes = authorizeScope != null ? authorizeScope.stream()
.collect(Collectors.toMap(Function.identity(), s->false)) : Collections.emptyMap();
Claims normalizedClaims = new Claims();
normalizedClaims.setUserinfo(normalizeClaims(transaction.getRequestedClaims().getUserinfo()));
normalizedClaims.setId_token(normalizeClaims(transaction.getRequestedClaims().getId_token()));
Expand Down
1 change: 1 addition & 0 deletions ...-service-impl/src/main/java/io/mosip/esignet/services/LinkedAuthorizationServiceImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,7 @@ public LinkedKycAuthResponseV2 authenticateUserV2(LinkedKycAuthRequest linkedKyc
if(ConsentAction.NOCAPTURE.equals(transaction.getConsentAction())){
validateConsent(transaction, transaction.getAcceptedClaims(), transaction.getPermittedScopes());
cacheUtilService.setLinkedConsentedTransaction(transaction.getLinkedTransactionId(), transaction);
consentHelperService.updateUserConsent(transaction,true, "");
kafkaHelperService.publish(linkedAuthCodeTopicName, transaction.getLinkedTransactionId());
} else {
cacheUtilService.setLinkedAuthenticatedTransaction(linkedKycAuthRequest.getLinkedTransactionId(), transaction);
Expand Down
2 changes: 1 addition & 1 deletion oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ public void processConsent_withValidConsentAndConsentActionAsNoCapture_thenPass(
ConsentDetail consentDetail = new ConsentDetail();
consentDetail.setClientId("123");
consentDetail.setSignature("signature");
consentDetail.setAuthorizationScopes(Map.of("openid",true,"profile",true));
consentDetail.setAuthorizationScopes(Map.of("openid",false,"profile",false));
consentDetail.setClaims(claims);
Claims normalizedClaims = new Claims();
normalizedClaims.setUserinfo(consentHelperService.normalizeClaims(claims.getUserinfo()));
Expand Down