use of org.wso2.carbon.consent.mgt.core.model.Receipt in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handlePostConsent.
private void handlePostConsent(OAuthMessage oAuthMessage) throws ConsentHandlingFailedException {
OAuth2Parameters oauth2Params = getOauth2Params(oAuthMessage);
String tenantDomain = EndpointUtil.getSPTenantDomainFromClientId(oauth2Params.getClientId());
setSPAttributeToRequest(oAuthMessage.getRequest(), oauth2Params.getApplicationName(), tenantDomain);
String spTenantDomain = oauth2Params.getTenantDomain();
AuthenticatedUser loggedInUser = getLoggedInUser(oAuthMessage);
String clientId = oauth2Params.getClientId();
ServiceProvider serviceProvider;
if (log.isDebugEnabled()) {
log.debug("Initiating post user consent handling for user: " + loggedInUser.toFullQualifiedUsername() + " for client_id: " + clientId + " of tenantDomain: " + spTenantDomain);
}
try {
if (isConsentHandlingFromFrameworkSkipped(oauth2Params)) {
if (log.isDebugEnabled()) {
log.debug("Consent handling from framework skipped for client_id: " + clientId + " of tenantDomain: " + spTenantDomain + " for user: " + loggedInUser.toFullQualifiedUsername() + ". " + "Therefore handling post consent is not applicable.");
}
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", clientId);
Map<String, Object> configs = new HashMap<>();
configs.put("skipConsent", "true");
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Consent is disabled for the OAuth client.", "handle-consent", configs);
}
return;
}
List<Integer> approvedClaimIds = getUserConsentClaimIds(oAuthMessage);
serviceProvider = getServiceProvider(clientId);
/*
With the current implementation of the SSOConsentService we need to send back the original
ConsentClaimsData object we got during pre consent stage. Currently we are repeating the API call
during post consent handling to get the original ConsentClaimsData object (Assuming there is no
change in SP during pre-consent and post-consent).
The API on the SSO Consent Service will be improved to avoid having to send the original
ConsentClaimsData object.
*/
ConsentClaimsData value = getConsentRequiredClaims(loggedInUser, serviceProvider, oauth2Params);
/*
It is needed to pitch the consent required claims with the OIDC claims. otherwise the consent of the
the claims which are not in the OIDC claims will be saved as consent denied.
*/
if (value != null) {
// Remove the claims which dont have values given by the user.
value.setRequestedClaims(removeConsentRequestedNullUserAttributes(value.getRequestedClaims(), loggedInUser.getUserAttributes(), spTenantDomain));
List<ClaimMetaData> requestedOidcClaimsList = getRequestedOidcClaimsList(value, oauth2Params, spTenantDomain);
value.setRequestedClaims(requestedOidcClaimsList);
}
// Call framework and create the consent receipt.
if (log.isDebugEnabled()) {
log.debug("Creating user consent receipt for user: " + loggedInUser.toFullQualifiedUsername() + " for client_id: " + clientId + " of tenantDomain: " + spTenantDomain);
}
Map<String, Object> params;
if (hasPromptContainsConsent(oauth2Params)) {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
params = new HashMap<>();
params.put("clientId", clientId);
params.put("prompt", oauth2Params.getPrompt());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, null, "hand-over-to-consent-service", null);
}
getSSOConsentService().processConsent(approvedClaimIds, serviceProvider, loggedInUser, value, true);
} else {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
params = new HashMap<>();
params.put("clientId", clientId);
params.put("prompt", oauth2Params.getPrompt());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, null, "hand-over-to-consent-service", null);
}
getSSOConsentService().processConsent(approvedClaimIds, serviceProvider, loggedInUser, value, false);
}
} catch (OAuthSystemException | SSOConsentServiceException e) {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.FAILED, "System error occurred.", "process-consent", null);
}
String msg = "Error while processing consent of user: " + loggedInUser.toFullQualifiedUsername() + " for " + "client_id: " + clientId + " of tenantDomain: " + spTenantDomain;
throw new ConsentHandlingFailedException(msg, e);
} catch (ClaimMetadataException e) {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.FAILED, String.format("Error occurred while getting " + "claim mappings for %s.", OIDC_DIALECT), "process-consent", null);
}
throw new ConsentHandlingFailedException("Error while getting claim mappings for " + OIDC_DIALECT, e);
} catch (RequestObjectException e) {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.FAILED, String.format("Error occurred while getting essential claims for the session data key : %s.", oauth2Params.getSessionDataKey()), "process-consent", null);
}
throw new ConsentHandlingFailedException("Error while getting essential claims for the session data key " + ": " + oauth2Params.getSessionDataKey(), e);
}
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project identity-governance by wso2-extensions.
the class Utils method getConsentReceiptDTO.
/**
* This API is used to get ConsentReceiptDTO response.
*
* @param receipt Receipt instance.
* @return ConsentReceiptDTO.
*/
public static ConsentReceiptDTO getConsentReceiptDTO(Receipt receipt) {
ConsentReceiptDTO consentReceiptDTO = new ConsentReceiptDTO();
consentReceiptDTO.setCollectionMethod(receipt.getCollectionMethod());
consentReceiptDTO.setConsentReceiptID(receipt.getConsentReceiptId());
consentReceiptDTO.setJurisdiction(receipt.getJurisdiction());
consentReceiptDTO.setConsentTimestamp(receipt.getConsentTimestamp());
consentReceiptDTO.setLanguage(receipt.getLanguage());
consentReceiptDTO.setPiiPrincipalId(receipt.getPiiPrincipalId());
consentReceiptDTO.setPolicyUrl(receipt.getPolicyUrl());
consentReceiptDTO.setSensitive(receipt.isSensitive());
consentReceiptDTO.setTenantDomain(receipt.getTenantDomain());
consentReceiptDTO.setVersion(receipt.getVersion());
consentReceiptDTO.setState(receipt.getState());
consentReceiptDTO.setServices(receipt.getServices().stream().map(receiptService -> {
ServiceDTO serviceDTO = new ServiceDTO();
serviceDTO.setService(receiptService.getService());
serviceDTO.setTenantDomain(receiptService.getTenantDomain());
serviceDTO.setPurposes(receiptService.getPurposes().stream().map(consentPurpose -> {
PurposeDTO purposeDTO = new PurposeDTO();
purposeDTO.setConsentType(consentPurpose.getConsentType());
purposeDTO.setPiiCategory(consentPurpose.getPiiCategory().stream().map(piiCategoryValidity -> {
PiiCategoryDTO piiCategoryDTO = new PiiCategoryDTO();
piiCategoryDTO.setPiiCategory(piiCategoryValidity.getName());
piiCategoryDTO.setValidity(piiCategoryValidity.getValidity());
return piiCategoryDTO;
}).collect(Collectors.toList()));
purposeDTO.setPrimaryPurpose(consentPurpose.isPrimaryPurpose());
purposeDTO.setPurpose(consentPurpose.getPurpose());
purposeDTO.setPurposeCategory(consentPurpose.getPurposeCategory());
purposeDTO.setTermination(consentPurpose.getTermination());
purposeDTO.setThirdPartyDisclosure(consentPurpose.isThirdPartyDisclosure());
purposeDTO.setThirdPartyName(consentPurpose.getThirdPartyName());
return purposeDTO;
}).collect(Collectors.toList()));
return serviceDTO;
}).collect(Collectors.toList()));
consentReceiptDTO.setSpiCat(receipt.getSpiCat());
consentReceiptDTO.setPiiControllers(receipt.getPiiControllers().stream().map(piiController -> {
PiiControllerDTO piiControllerDTO = new PiiControllerDTO();
AddressDTO addressDTO = new AddressDTO();
consentReceiptDTO.setPublicKey(receipt.getPublicKey());
addressDTO.setAddressCountry(piiController.getAddress().getAddressCountry());
addressDTO.setAddressLocality(piiController.getAddress().getAddressLocality());
addressDTO.setAddressRegion(piiController.getAddress().getAddressRegion());
addressDTO.setPostalCode(piiController.getAddress().getPostalCode());
addressDTO.setPostOfficeBoxNumber(piiController.getAddress().getPostOfficeBoxNumber());
addressDTO.setStreetAddress(piiController.getAddress().getStreetAddress());
piiControllerDTO.setAddress(addressDTO);
piiControllerDTO.setContact(piiController.getContact());
piiControllerDTO.setEmail(piiController.getEmail());
piiControllerDTO.setPhone(piiController.getPhone());
piiControllerDTO.setPiiController(piiController.getPiiController());
piiControllerDTO.setPiiControllerUrl(piiController.getPiiControllerUrl());
piiControllerDTO.setOnBehalf(piiController.isOnBehalf());
return piiControllerDTO;
}).collect(Collectors.toList()));
return consentReceiptDTO;
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project identity-governance by wso2-extensions.
the class ConsentInformationProviderTest method testGetRetainedUserInformationGetDomainException.
@Test(expectedExceptions = UserExportException.class)
public void testGetRetainedUserInformationGetDomainException() throws Exception {
RealmService realmService = mock(RealmService.class);
TenantManager tenantManager = mock(TenantManager.class);
when(realmService.getTenantManager()).thenReturn(tenantManager);
when(tenantManager.getDomain(anyInt())).thenThrow(new UserStoreException());
ReceiptListResponse receiptListResponse = mock(ReceiptListResponse.class);
List<ReceiptListResponse> receiptListResponses = new ArrayList<>();
receiptListResponses.add(receiptListResponse);
ConsentManager consentManager = mock(ConsentManager.class);
when(consentManager.searchReceipts(eq(100), eq(0), anyString(), anyString(), anyString(), anyString())).thenReturn(receiptListResponses);
when(consentManager.searchReceipts(eq(100), eq(100), anyString(), anyString(), anyString(), anyString())).thenReturn(new ArrayList<ReceiptListResponse>());
Receipt mockReceipt = mock(Receipt.class);
when(mockReceipt.getPiiPrincipalId()).thenReturn(USERNAME_CLAIM_VALUE);
when(consentManager.getReceipt(anyString())).thenReturn(mockReceipt);
ConsentInformationProvider consentInformationProvider = new ConsentInformationProvider();
consentInformationProvider.setRealmService(realmService);
consentInformationProvider.setConsentManager(consentManager);
consentInformationProvider.getRetainedUserInformation(USERNAME_CLAIM_VALUE, UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, -1234);
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project identity-governance by wso2-extensions.
the class ConsentInformationProviderTest method testGetRetainedUserInformation.
@Test
public void testGetRetainedUserInformation() throws Exception {
RealmService realmService = mock(RealmService.class);
TenantManager tenantManager = mock(TenantManager.class);
when(realmService.getTenantManager()).thenReturn(tenantManager);
when(tenantManager.getDomain(anyInt())).thenReturn(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
ReceiptListResponse receiptListResponse = new ReceiptListResponse("test1", "test1", "1", -1234, "test1", "test1", "test1");
List<ReceiptListResponse> receiptListResponses = new ArrayList<>();
receiptListResponses.add(receiptListResponse);
ConsentManager consentManager = mock(ConsentManager.class);
when(consentManager.searchReceipts(eq(100), eq(0), anyString(), anyString(), isNull(), anyString())).thenReturn(receiptListResponses);
when(consentManager.searchReceipts(eq(100), eq(100), anyString(), anyString(), isNull(), anyString())).thenReturn(new ArrayList<ReceiptListResponse>());
Receipt mockReceipt = mock(Receipt.class);
when(mockReceipt.getPiiPrincipalId()).thenReturn(USERNAME_CLAIM_VALUE);
when(consentManager.getReceipt(anyString())).thenReturn(mockReceipt);
ConsentInformationProvider consentInformationProvider = new ConsentInformationProvider();
consentInformationProvider.setRealmService(realmService);
consentInformationProvider.setConsentManager(consentManager);
UserInformationDTO retainedUserInformationObj = consentInformationProvider.getRetainedUserInformation(USERNAME_CLAIM_VALUE, UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, -1234);
if (retainedUserInformationObj != null && retainedUserInformationObj.getData() instanceof List) {
List retainedUserInformationList = (List) retainedUserInformationObj.getData();
Object receiptObj = retainedUserInformationList.get(0);
if (receiptObj instanceof ConsentReceiptDTO) {
ConsentReceiptDTO receipt = (ConsentReceiptDTO) receiptObj;
Assert.assertEquals(receipt.getPiiPrincipalId(), USERNAME_CLAIM_VALUE);
} else {
Assert.fail();
}
} else {
Assert.fail();
}
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project identity-governance by wso2-extensions.
the class ConsentInformationProviderTest method testGetRetainedUserInformationSearchReceiptsException.
@Test(expectedExceptions = UserExportException.class)
public void testGetRetainedUserInformationSearchReceiptsException() throws Exception {
RealmService realmService = mock(RealmService.class);
TenantManager tenantManager = mock(TenantManager.class);
when(realmService.getTenantManager()).thenReturn(tenantManager);
when(tenantManager.getDomain(anyInt())).thenReturn(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
ConsentManager consentManager = mock(ConsentManager.class);
when(consentManager.searchReceipts(eq(100), eq(00), anyString(), anyString(), isNull(), anyString())).thenThrow(new ConsentManagementException());
when(consentManager.searchReceipts(eq(100), eq(100), anyString(), anyString(), isNull(), anyString())).thenReturn(new ArrayList<ReceiptListResponse>());
Receipt mockReceipt = mock(Receipt.class);
when(mockReceipt.getPiiPrincipalId()).thenReturn(USERNAME_CLAIM_VALUE);
when(consentManager.getReceipt(anyString())).thenReturn(mockReceipt);
ConsentInformationProvider consentInformationProvider = new ConsentInformationProvider();
consentInformationProvider.setRealmService(realmService);
consentInformationProvider.setConsentManager(consentManager);
consentInformationProvider.getRetainedUserInformation(USERNAME_CLAIM_VALUE, UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, -1234);
}
Aggregations