use of org.wso2.carbon.consent.mgt.core.model.Receipt in project identity-governance by wso2-extensions.
the class UserSelfRegistrationManager method addConsent.
private void addConsent(String consent, String tenantDomain) throws ConsentManagementException, IdentityRecoveryServerException {
Gson gson = new Gson();
ReceiptInput receiptInput = gson.fromJson(consent, ReceiptInput.class);
ConsentManager consentManager = IdentityRecoveryServiceDataHolder.getInstance().getConsentManager();
if (receiptInput.getServices().size() < 0) {
throw new IdentityRecoveryServerException("A service should be available in a receipt");
}
// There should be a one receipt
ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0);
// without giving consent to any of the purposes.
if (receiptServiceInput.getPurposes().isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("Consent does not contain any purposes. Hence not adding consent");
}
return;
}
receiptServiceInput.setTenantDomain(tenantDomain);
try {
setIDPData(tenantDomain, receiptServiceInput);
} catch (IdentityProviderManagementException e) {
throw new ConsentManagementException("Error while retrieving identity provider data", "Error while " + "setting IDP data", e);
}
receiptInput.setTenantDomain(tenantDomain);
consentManager.addConsent(receiptInput);
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project product-is by wso2.
the class ConsentMgtTestCase method testAddReceipt.
@Test(alwaysRun = true, groups = "wso2.is", description = "Add Receipt test", dependsOnMethods = { "testAddPurpose" })
public void testAddReceipt() {
String piiPrincipalId = "admin";
String service = "travelocity.com";
String serviceDisplayName = "Travelocity";
String serviceDescription = "Travel City Guide";
String consentType = "Sample";
String collectionMethod = "Web";
String jurisdiction = "NC";
String language = "en-US";
String policyURL = "http://test.com";
JSONObject response = addReceipt(piiPrincipalId, service, serviceDisplayName, serviceDescription, consentType, collectionMethod, jurisdiction, language, policyURL);
Assert.assertEquals(response.get("piiPrincipalId"), piiPrincipalId);
Assert.assertEquals(response.get("language"), language);
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getConsentRequiredClaims.
/**
* Get consent required claims for a given service from a user.
*
* @param serviceProvider Service provider requesting consent.
* @param authenticatedUser Authenticated user requesting consent form.
* @param useExistingConsents Use existing consent given by the user.
* @param claimsListOfScopes Claims list of requested scopes.
* @return ConsentClaimsData which contains mandatory and required claims for consent.
* @throws SSOConsentServiceException If error occurs while building claim information.
*/
protected ConsentClaimsData getConsentRequiredClaims(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser, boolean useExistingConsents, List<String> claimsListOfScopes) throws SSOConsentServiceException {
if (!isSSOConsentManagementEnabled(serviceProvider)) {
String message = "Consent management for SSO is disabled.";
throw new SSOConsentDisabledException(message, message);
}
if (serviceProvider == null) {
throw new SSOConsentServiceException("Service provider cannot be null.");
}
String spName = serviceProvider.getApplicationName();
String spTenantDomain = getSPTenantDomain(serviceProvider);
String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
ClaimMapping[] claimMappings = getSpClaimMappings(serviceProvider);
if (claimMappings == null || claimMappings.length == 0) {
if (log.isDebugEnabled()) {
log.debug("No claim mapping configured from the application. Hence skipping getting consent.");
}
return new ConsentClaimsData();
}
if (claimsListOfScopes != null) {
try {
claimMappings = FrameworkUtils.getFilteredScopeClaims(claimsListOfScopes, Arrays.asList(claimMappings), serviceProvider.getOwner().getTenantDomain()).toArray(new ClaimMapping[0]);
} catch (ClaimManagementException e) {
throw new SSOConsentServiceException("Error occurred while filtering claims of requested scopes");
}
}
List<String> requestedClaims = new ArrayList<>();
List<String> mandatoryClaims = new ArrayList<>();
Map<ClaimMapping, String> userAttributes = authenticatedUser.getUserAttributes();
String subjectClaimUri = getSubjectClaimUri(serviceProvider);
boolean subjectClaimUriRequested = false;
boolean subjectClaimUriMandatory = false;
boolean promptSubjectClaimRequestedConsent = true;
if (StringUtils.isNotBlank(IdentityUtil.getProperty(CONFIG_PROMPT_SUBJECT_CLAIM_REQUESTED_CONSENT))) {
promptSubjectClaimRequestedConsent = Boolean.parseBoolean(IdentityUtil.getProperty(CONFIG_PROMPT_SUBJECT_CLAIM_REQUESTED_CONSENT));
}
if (isPassThroughScenario(claimMappings, userAttributes)) {
for (Map.Entry<ClaimMapping, String> userAttribute : userAttributes.entrySet()) {
String remoteClaimUri = userAttribute.getKey().getRemoteClaim().getClaimUri();
if (subjectClaimUri.equals(remoteClaimUri) || IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR.equals(remoteClaimUri)) {
continue;
}
mandatoryClaims.add(remoteClaimUri);
}
} else {
boolean isCustomClaimMapping = isCustomClaimMapping(serviceProvider);
for (ClaimMapping claimMapping : claimMappings) {
if (isCustomClaimMapping) {
if (subjectClaimUri.equals(claimMapping.getRemoteClaim().getClaimUri())) {
subjectClaimUri = claimMapping.getLocalClaim().getClaimUri();
if (promptSubjectClaimRequestedConsent) {
if (claimMapping.isMandatory()) {
subjectClaimUriMandatory = true;
} else if (claimMapping.isRequested()) {
subjectClaimUriRequested = true;
}
}
continue;
}
} else {
if (subjectClaimUri.equals(claimMapping.getLocalClaim().getClaimUri())) {
if (promptSubjectClaimRequestedConsent) {
if (claimMapping.isMandatory()) {
subjectClaimUriMandatory = true;
} else if (claimMapping.isRequested()) {
subjectClaimUriRequested = true;
}
}
continue;
}
}
if (claimMapping.isMandatory()) {
mandatoryClaims.add(claimMapping.getLocalClaim().getClaimUri());
} else if (claimMapping.isRequested()) {
requestedClaims.add(claimMapping.getLocalClaim().getClaimUri());
}
}
}
if (promptSubjectClaimRequestedConsent) {
if (subjectClaimUriMandatory) {
mandatoryClaims.add(subjectClaimUri);
} else if (subjectClaimUriRequested) {
requestedClaims.add(subjectClaimUri);
}
}
List<ClaimMetaData> receiptConsentMetaData = new ArrayList<>();
List<ClaimMetaData> receiptConsentDeniedMetaData;
Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
if (useExistingConsents && receipt != null) {
receiptConsentMetaData = getRequestedClaimsFromReceipt(receipt, true);
List<String> claimsWithConsent = getClaimsFromConsentMetaData(receiptConsentMetaData);
receiptConsentDeniedMetaData = getRequestedClaimsFromReceipt(receipt, false);
List<String> claimsDeniedConsent = getClaimsFromConsentMetaData(receiptConsentDeniedMetaData);
mandatoryClaims.removeAll(claimsWithConsent);
requestedClaims.removeAll(claimsWithConsent);
requestedClaims.removeAll(claimsDeniedConsent);
}
ConsentClaimsData consentClaimsData = getConsentRequiredClaimData(mandatoryClaims, requestedClaims, spTenantDomain);
consentClaimsData.setClaimsWithConsent(receiptConsentMetaData);
return consentClaimsData;
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getConsentReceiptOfUser.
private Receipt getConsentReceiptOfUser(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser, String spName, String spTenantDomain, String subject) throws SSOConsentServiceException {
int receiptListLimit = 2;
List<ReceiptListResponse> receiptListResponses;
try {
receiptListResponses = getReceiptListOfUserForSP(authenticatedUser, spName, spTenantDomain, subject, receiptListLimit);
if (isDebugEnabled()) {
String message = String.format("Retrieved %s receipts for user: %s, service provider: %s in tenant " + "domain %s", receiptListResponses.size(), subject, serviceProvider, spTenantDomain);
logDebug(message);
}
if (hasUserMultipleReceipts(receiptListResponses)) {
throw new SSOConsentServiceException("Consent Management Error", "User cannot have more than one " + "ACTIVE consent per service provider.");
} else if (hasUserSingleReceipt(receiptListResponses)) {
String receiptId = getFirstConsentReceiptFromList(receiptListResponses);
return getReceipt(authenticatedUser, receiptId);
} else {
return null;
}
} catch (ConsentManagementException e) {
throw new SSOConsentServiceException("Consent Management Error", "Error while retrieving user consents.", e);
}
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getReceipt.
private Receipt getReceipt(AuthenticatedUser authenticatedUser, String receiptId) throws SSOConsentServiceException {
Receipt currentReceipt;
String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
try {
initializeTenantRegistry(authenticatedUser);
startTenantFlowWithUser(subject, authenticatedUser.getTenantDomain());
currentReceipt = getConsentManager().getReceipt(receiptId);
} catch (ConsentManagementException e) {
throw new SSOConsentServiceException("Consent Management Error", "Error while retrieving user consents.", e);
} catch (IdentityException e) {
throw new SSOConsentServiceException("Consent Management Error", "Error while initializing registry for " + "the tenant domain: " + authenticatedUser.getTenantDomain(), e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
return currentReceipt;
}
Aggregations