Search in sources :

Example 16 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project identity-governance by wso2-extensions.

the class UserSelfRegistrationManager method addConsent.

private void addConsent(String consent, String tenantDomain) throws ConsentManagementException, IdentityRecoveryServerException {
    Gson gson = new Gson();
    ReceiptInput receiptInput = gson.fromJson(consent, ReceiptInput.class);
    ConsentManager consentManager = IdentityRecoveryServiceDataHolder.getInstance().getConsentManager();
    if (receiptInput.getServices().size() < 0) {
        throw new IdentityRecoveryServerException("A service should be available in a receipt");
    }
    // There should be a one receipt
    ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0);
    // without giving consent to any of the purposes.
    if (receiptServiceInput.getPurposes().isEmpty()) {
        if (log.isDebugEnabled()) {
            log.debug("Consent does not contain any purposes. Hence not adding consent");
        }
        return;
    }
    receiptServiceInput.setTenantDomain(tenantDomain);
    try {
        setIDPData(tenantDomain, receiptServiceInput);
    } catch (IdentityProviderManagementException e) {
        throw new ConsentManagementException("Error while retrieving identity provider data", "Error while " + "setting IDP data", e);
    }
    receiptInput.setTenantDomain(tenantDomain);
    consentManager.addConsent(receiptInput);
}
Also used : ReceiptServiceInput(org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput) ReceiptInput(org.wso2.carbon.consent.mgt.core.model.ReceiptInput) IdentityRecoveryServerException(org.wso2.carbon.identity.recovery.IdentityRecoveryServerException) ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) Gson(com.google.gson.Gson) ConsentManager(org.wso2.carbon.consent.mgt.core.ConsentManager) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Example 17 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project product-is by wso2.

the class ConsentMgtTestCase method testAddReceipt.

@Test(alwaysRun = true, groups = "wso2.is", description = "Add Receipt test", dependsOnMethods = { "testAddPurpose" })
public void testAddReceipt() {
    String piiPrincipalId = "admin";
    String service = "travelocity.com";
    String serviceDisplayName = "Travelocity";
    String serviceDescription = "Travel City Guide";
    String consentType = "Sample";
    String collectionMethod = "Web";
    String jurisdiction = "NC";
    String language = "en-US";
    String policyURL = "http://test.com";
    JSONObject response = addReceipt(piiPrincipalId, service, serviceDisplayName, serviceDescription, consentType, collectionMethod, jurisdiction, language, policyURL);
    Assert.assertEquals(response.get("piiPrincipalId"), piiPrincipalId);
    Assert.assertEquals(response.get("language"), language);
}
Also used : JSONObject(org.json.simple.JSONObject) ISIntegrationTest(org.wso2.identity.integration.common.utils.ISIntegrationTest) Test(org.testng.annotations.Test)

Example 18 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method getConsentRequiredClaims.

/**
 * Get consent required claims for a given service from a user.
 *
 * @param serviceProvider     Service provider requesting consent.
 * @param authenticatedUser   Authenticated user requesting consent form.
 * @param useExistingConsents Use existing consent given by the user.
 * @param claimsListOfScopes  Claims list of requested scopes.
 * @return ConsentClaimsData which contains mandatory and required claims for consent.
 * @throws SSOConsentServiceException If error occurs while building claim information.
 */
protected ConsentClaimsData getConsentRequiredClaims(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser, boolean useExistingConsents, List<String> claimsListOfScopes) throws SSOConsentServiceException {
    if (!isSSOConsentManagementEnabled(serviceProvider)) {
        String message = "Consent management for SSO is disabled.";
        throw new SSOConsentDisabledException(message, message);
    }
    if (serviceProvider == null) {
        throw new SSOConsentServiceException("Service provider cannot be null.");
    }
    String spName = serviceProvider.getApplicationName();
    String spTenantDomain = getSPTenantDomain(serviceProvider);
    String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
    ClaimMapping[] claimMappings = getSpClaimMappings(serviceProvider);
    if (claimMappings == null || claimMappings.length == 0) {
        if (log.isDebugEnabled()) {
            log.debug("No claim mapping configured from the application. Hence skipping getting consent.");
        }
        return new ConsentClaimsData();
    }
    if (claimsListOfScopes != null) {
        try {
            claimMappings = FrameworkUtils.getFilteredScopeClaims(claimsListOfScopes, Arrays.asList(claimMappings), serviceProvider.getOwner().getTenantDomain()).toArray(new ClaimMapping[0]);
        } catch (ClaimManagementException e) {
            throw new SSOConsentServiceException("Error occurred while filtering claims of requested scopes");
        }
    }
    List<String> requestedClaims = new ArrayList<>();
    List<String> mandatoryClaims = new ArrayList<>();
    Map<ClaimMapping, String> userAttributes = authenticatedUser.getUserAttributes();
    String subjectClaimUri = getSubjectClaimUri(serviceProvider);
    boolean subjectClaimUriRequested = false;
    boolean subjectClaimUriMandatory = false;
    boolean promptSubjectClaimRequestedConsent = true;
    if (StringUtils.isNotBlank(IdentityUtil.getProperty(CONFIG_PROMPT_SUBJECT_CLAIM_REQUESTED_CONSENT))) {
        promptSubjectClaimRequestedConsent = Boolean.parseBoolean(IdentityUtil.getProperty(CONFIG_PROMPT_SUBJECT_CLAIM_REQUESTED_CONSENT));
    }
    if (isPassThroughScenario(claimMappings, userAttributes)) {
        for (Map.Entry<ClaimMapping, String> userAttribute : userAttributes.entrySet()) {
            String remoteClaimUri = userAttribute.getKey().getRemoteClaim().getClaimUri();
            if (subjectClaimUri.equals(remoteClaimUri) || IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR.equals(remoteClaimUri)) {
                continue;
            }
            mandatoryClaims.add(remoteClaimUri);
        }
    } else {
        boolean isCustomClaimMapping = isCustomClaimMapping(serviceProvider);
        for (ClaimMapping claimMapping : claimMappings) {
            if (isCustomClaimMapping) {
                if (subjectClaimUri.equals(claimMapping.getRemoteClaim().getClaimUri())) {
                    subjectClaimUri = claimMapping.getLocalClaim().getClaimUri();
                    if (promptSubjectClaimRequestedConsent) {
                        if (claimMapping.isMandatory()) {
                            subjectClaimUriMandatory = true;
                        } else if (claimMapping.isRequested()) {
                            subjectClaimUriRequested = true;
                        }
                    }
                    continue;
                }
            } else {
                if (subjectClaimUri.equals(claimMapping.getLocalClaim().getClaimUri())) {
                    if (promptSubjectClaimRequestedConsent) {
                        if (claimMapping.isMandatory()) {
                            subjectClaimUriMandatory = true;
                        } else if (claimMapping.isRequested()) {
                            subjectClaimUriRequested = true;
                        }
                    }
                    continue;
                }
            }
            if (claimMapping.isMandatory()) {
                mandatoryClaims.add(claimMapping.getLocalClaim().getClaimUri());
            } else if (claimMapping.isRequested()) {
                requestedClaims.add(claimMapping.getLocalClaim().getClaimUri());
            }
        }
    }
    if (promptSubjectClaimRequestedConsent) {
        if (subjectClaimUriMandatory) {
            mandatoryClaims.add(subjectClaimUri);
        } else if (subjectClaimUriRequested) {
            requestedClaims.add(subjectClaimUri);
        }
    }
    List<ClaimMetaData> receiptConsentMetaData = new ArrayList<>();
    List<ClaimMetaData> receiptConsentDeniedMetaData;
    Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
    if (useExistingConsents && receipt != null) {
        receiptConsentMetaData = getRequestedClaimsFromReceipt(receipt, true);
        List<String> claimsWithConsent = getClaimsFromConsentMetaData(receiptConsentMetaData);
        receiptConsentDeniedMetaData = getRequestedClaimsFromReceipt(receipt, false);
        List<String> claimsDeniedConsent = getClaimsFromConsentMetaData(receiptConsentDeniedMetaData);
        mandatoryClaims.removeAll(claimsWithConsent);
        requestedClaims.removeAll(claimsWithConsent);
        requestedClaims.removeAll(claimsDeniedConsent);
    }
    ConsentClaimsData consentClaimsData = getConsentRequiredClaimData(mandatoryClaims, requestedClaims, spTenantDomain);
    consentClaimsData.setClaimsWithConsent(receiptConsentMetaData);
    return consentClaimsData;
}
Also used : Receipt(org.wso2.carbon.consent.mgt.core.model.Receipt) ArrayList(java.util.ArrayList) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) SSOConsentDisabledException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException) ClaimManagementException(org.wso2.carbon.claim.mgt.ClaimManagementException) Map(java.util.Map) HashMap(java.util.HashMap)

Example 19 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method getConsentReceiptOfUser.

private Receipt getConsentReceiptOfUser(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser, String spName, String spTenantDomain, String subject) throws SSOConsentServiceException {
    int receiptListLimit = 2;
    List<ReceiptListResponse> receiptListResponses;
    try {
        receiptListResponses = getReceiptListOfUserForSP(authenticatedUser, spName, spTenantDomain, subject, receiptListLimit);
        if (isDebugEnabled()) {
            String message = String.format("Retrieved %s receipts for user: %s, service provider: %s in tenant " + "domain %s", receiptListResponses.size(), subject, serviceProvider, spTenantDomain);
            logDebug(message);
        }
        if (hasUserMultipleReceipts(receiptListResponses)) {
            throw new SSOConsentServiceException("Consent Management Error", "User cannot have more than one " + "ACTIVE consent per service provider.");
        } else if (hasUserSingleReceipt(receiptListResponses)) {
            String receiptId = getFirstConsentReceiptFromList(receiptListResponses);
            return getReceipt(authenticatedUser, receiptId);
        } else {
            return null;
        }
    } catch (ConsentManagementException e) {
        throw new SSOConsentServiceException("Consent Management Error", "Error while retrieving user consents.", e);
    }
}
Also used : ReceiptListResponse(org.wso2.carbon.consent.mgt.core.model.ReceiptListResponse) ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)

Example 20 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method getReceipt.

private Receipt getReceipt(AuthenticatedUser authenticatedUser, String receiptId) throws SSOConsentServiceException {
    Receipt currentReceipt;
    String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
    try {
        initializeTenantRegistry(authenticatedUser);
        startTenantFlowWithUser(subject, authenticatedUser.getTenantDomain());
        currentReceipt = getConsentManager().getReceipt(receiptId);
    } catch (ConsentManagementException e) {
        throw new SSOConsentServiceException("Consent Management Error", "Error while retrieving user consents.", e);
    } catch (IdentityException e) {
        throw new SSOConsentServiceException("Consent Management Error", "Error while initializing registry for " + "the tenant domain: " + authenticatedUser.getTenantDomain(), e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
    return currentReceipt;
}
Also used : Receipt(org.wso2.carbon.consent.mgt.core.model.Receipt) ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Aggregations

ConsentManagementException (org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)9 Receipt (org.wso2.carbon.consent.mgt.core.model.Receipt)9 ArrayList (java.util.ArrayList)8 ConsentManager (org.wso2.carbon.consent.mgt.core.ConsentManager)7 ReceiptListResponse (org.wso2.carbon.consent.mgt.core.model.ReceiptListResponse)7 JSONObject (org.json.JSONObject)6 Test (org.testng.annotations.Test)6 SSOConsentServiceException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)6 ReceiptServiceInput (org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput)5 PIICategoryValidity (org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)4 ReceiptPurposeInput (org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput)4 ConsentReceiptDTO (org.wso2.carbon.identity.user.export.core.dto.ConsentReceiptDTO)4 HashMap (java.util.HashMap)3 List (java.util.List)3 Map (java.util.Map)3 JSONArray (org.json.JSONArray)3 ReceiptInput (org.wso2.carbon.consent.mgt.core.model.ReceiptInput)3 SSOConsentDisabledException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException)3 RealmService (org.wso2.carbon.user.core.service.RealmService)3 TenantManager (org.wso2.carbon.user.core.tenant.TenantManager)3