Examples with UserConsentModel org.keycloak.models.UserConsentModel used on opensource projects

Example 16 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class AccountRestService method createConsent.

/**
 * Create a new consent model object from the requested consent object
 * for the given client model.
 *
 * @param client    client to create a consent for
 * @param requested list of client scopes that the new consent should contain
 * @return newly created consent model
 * @throws IllegalArgumentException throws an exception if the scope id is not available
 */
private UserConsentModel createConsent(ClientModel client, ConsentRepresentation requested) throws IllegalArgumentException {
    UserConsentModel consent = new UserConsentModel(client);
    Map<String, ClientScopeModel> availableGrants = realm.getClientScopesStream().collect(Collectors.toMap(ClientScopeModel::getId, Function.identity()));
    if (client.isConsentRequired()) {
        availableGrants.put(client.getId(), client);
    }
    for (ConsentScopeRepresentation scopeRepresentation : requested.getGrantedScopes()) {
        ClientScopeModel scopeModel = availableGrants.get(scopeRepresentation.getId());
        if (scopeModel == null) {
            String msg = String.format("Scope id %s does not exist for client %s.", scopeRepresentation, consent.getClient().getName());
            event.error(msg);
            throw new IllegalArgumentException(msg);
        } else {
            consent.addGrantedClientScope(scopeModel);
        }
    }
    return consent;
}

Example 17 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class AccountRestService method getConsent.

/**
 * Returns the consent for the client with the given client id.
 *
 * @param clientId client id to return the consent for
 * @return consent of the client
 */
@Path("/applications/{clientId}/consent")
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getConsent(@PathParam("clientId") final String clientId) {
    checkAccountApiEnabled();
    auth.requireOneOf(AccountRoles.MANAGE_ACCOUNT, AccountRoles.VIEW_CONSENT, AccountRoles.MANAGE_CONSENT);
    ClientModel client = realm.getClientByClientId(clientId);
    if (client == null) {
        return ErrorResponse.error("No client with clientId: " + clientId + " found.", Response.Status.NOT_FOUND);
    }
    UserConsentModel consent = session.users().getConsentByClient(realm, user.getId(), client.getId());
    if (consent == null) {
        return Response.noContent().build();
    }
    return Response.ok(modelToRepresentation(consent)).build();
}

Example 18 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class AccountRestService method modelToRepresentation.

private ClientRepresentation modelToRepresentation(ClientModel model, List<String> inUseClients, List<String> offlineClients, Map<String, UserConsentModel> consents) {
    ClientRepresentation representation = new ClientRepresentation();
    representation.setClientId(model.getClientId());
    representation.setClientName(StringPropertyReplacer.replaceProperties(model.getName(), getProperties()));
    representation.setDescription(model.getDescription());
    representation.setUserConsentRequired(model.isConsentRequired());
    representation.setInUse(inUseClients.contains(model.getClientId()));
    representation.setOfflineAccess(offlineClients.contains(model.getClientId()));
    representation.setRootUrl(model.getRootUrl());
    representation.setBaseUrl(model.getBaseUrl());
    representation.setEffectiveUrl(ResolveRelative.resolveRelativeUri(session, model.getRootUrl(), model.getBaseUrl()));
    UserConsentModel consentModel = consents.get(model.getClientId());
    if (consentModel != null) {
        representation.setConsent(modelToRepresentation(consentModel));
        representation.setLogoUri(model.getAttribute(ClientModel.LOGO_URI));
        representation.setPolicyUri(model.getAttribute(ClientModel.POLICY_URI));
        representation.setTosUri(model.getAttribute(ClientModel.TOS_URI));
    }
    return representation;
}

Example 19 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class AccountRestService method upsert.

/**
 * Creates or updates the consent of the given, requested consent for
 * the client with the given client id. Returns the appropriate REST response.
 *
 * @param clientId client id to set a consent for
 * @param consent  requested consent for the client
 * @return response to return to the caller
 */
private Response upsert(String clientId, ConsentRepresentation consent) {
    checkAccountApiEnabled();
    auth.requireOneOf(AccountRoles.MANAGE_ACCOUNT, AccountRoles.MANAGE_CONSENT);
    event.event(EventType.GRANT_CONSENT);
    ClientModel client = realm.getClientByClientId(clientId);
    if (client == null) {
        event.event(EventType.GRANT_CONSENT_ERROR);
        String msg = String.format("No client with clientId: %s found.", clientId);
        event.error(msg);
        return ErrorResponse.error(msg, Response.Status.NOT_FOUND);
    }
    try {
        UserConsentModel grantedConsent = createConsent(client, consent);
        if (session.users().getConsentByClient(realm, user.getId(), client.getId()) == null) {
            session.users().addConsent(realm, user.getId(), grantedConsent);
        } else {
            session.users().updateConsent(realm, user.getId(), grantedConsent);
        }
        event.success();
        grantedConsent = session.users().getConsentByClient(realm, user.getId(), client.getId());
        return Response.ok(modelToRepresentation(grantedConsent)).build();
    } catch (IllegalArgumentException e) {
        return ErrorResponse.error(e.getMessage(), Response.Status.BAD_REQUEST);
    }
}

Example 20 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class UserConsentModelTest method updateWithClientScopeRemovalTest.

@Test
@ModelTest
public void updateWithClientScopeRemovalTest(KeycloakSession session) {
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession removalTestSession1) -> {
        KeycloakSession currentSession = removalTestSession1;
        RealmModel realm = currentSession.realms().getRealm("original");
        ClientModel fooClient = realm.getClientByClientId("foo-client");
        UserModel john = currentSession.users().getUserByUsername(realm, "john");
        UserConsentModel johnConsent = currentSession.users().getConsentByClient(realm, john.getId(), fooClient.getId());
        Assert.assertEquals(1, johnConsent.getGrantedClientScopes().size());
        // Remove foo protocol mapper from johnConsent
        ClientScopeModel fooScope = KeycloakModelUtils.getClientScopeByName(realm, "foo");
        johnConsent.getGrantedClientScopes().remove(fooScope);
        currentSession.users().updateConsent(realm, john.getId(), johnConsent);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession removalTestSession2) -> {
        KeycloakSession currentSession = removalTestSession2;
        RealmModel realm = currentSession.realms().getRealm("original");
        ClientModel fooClient = realm.getClientByClientId("foo-client");
        UserModel john = currentSession.users().getUserByUsername(realm, "john");
        UserConsentModel johnConsent = currentSession.users().getConsentByClient(realm, john.getId(), fooClient.getId());
        Assert.assertEquals(johnConsent.getGrantedClientScopes().size(), 0);
        Assert.assertTrue("Created date should be less than last updated date", johnConsent.getCreatedDate() < johnConsent.getLastUpdatedDate());
    });
}