Search in sources :

Example 11 with ScopeDTO

use of org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class OpenIDConnectClaimFilterImplTest method testGetClaimsFilteredByUserConsent.

@Test
public void testGetClaimsFilteredByUserConsent() throws Exception {
    claims = getClaims();
    AuthenticatedUser user = getDefaultAuthenticatedLocalUser();
    when(ssoConsentService.isSSOConsentManagementEnabled(any())).thenReturn(true);
    Map<String, Object> claimFilter = openIDConnectClaimFilter.getClaimsFilteredByUserConsent(claims, user, CLIENT_ID, SP_TENANT_DOMAIN);
    Assert.assertEquals(((ScopeDTO) claimFilter.get("testUserClaimURI")).getName(), "email");
    Assert.assertEquals(((ScopeDTO) claimFilter.get("testUserClaimURI")).getDescription(), "emailDescription");
    Assert.assertNull(claimFilter.get("testUserClaimURI2"));
}
Also used : Matchers.anyString(org.mockito.Matchers.anyString) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) Test(org.testng.annotations.Test)

Example 12 with ScopeDTO

use of org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class OpenIDConnectClaimFilterImplTest method testGetClaimsFilteredByUserConsentWithManagementServiceDisabled.

@Test
public void testGetClaimsFilteredByUserConsentWithManagementServiceDisabled() throws Exception {
    claims = getClaims();
    AuthenticatedUser user = getDefaultAuthenticatedLocalUser();
    when(ssoConsentService.isSSOConsentManagementEnabled(any())).thenReturn(false);
    Map<String, Object> claimFilter = openIDConnectClaimFilter.getClaimsFilteredByUserConsent(claims, user, CLIENT_ID, SP_TENANT_DOMAIN);
    Assert.assertEquals(((ScopeDTO) claimFilter.get("testUserClaimURI")).getName(), "email");
    Assert.assertEquals(((ScopeDTO) claimFilter.get("testUserClaimURI")).getDescription(), "emailDescription");
    Assert.assertEquals(((ScopeDTO) claimFilter.get("testUserClaimURI2")).getName(), "address");
    Assert.assertEquals(((ScopeDTO) claimFilter.get("testUserClaimURI2")).getDescription(), "addressDescription");
}
Also used : Matchers.anyString(org.mockito.Matchers.anyString) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) Test(org.testng.annotations.Test)

Example 13 with ScopeDTO

use of org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class ScopeClaimMappingDAOImpl method getScopes.

@Override
public List<ScopeDTO> getScopes(int tenantId) throws IdentityOAuth2Exception {
    String sql = SQLQueries.GET_IDN_OIDC_SCOPES_CLAIMS;
    JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate();
    List<ScopeDTO> oidcScopeClaimList;
    try {
        Map<String, ScopeDTO> scopeClaimMap = new HashMap<>();
        jdbcTemplate.executeQuery(sql, (RowMapper<ScopeDTO>) (resultSet, i) -> {
            String scope = resultSet.getString(1);
            if (!scopeClaimMap.containsKey(scope)) {
                ScopeDTO tempScopeDTO = new ScopeDTO(scope, resultSet.getString(2), resultSet.getString(3), new String[] {});
                if (resultSet.getString(4) != null) {
                    tempScopeDTO.setClaim(new String[] { resultSet.getString(4) });
                }
                scopeClaimMap.put(scope, tempScopeDTO);
            } else {
                if (resultSet.getString(4) != null) {
                    ScopeDTO tempScope = scopeClaimMap.get(scope);
                    tempScope.addNewClaimToExistingClaims(resultSet.getString(4));
                    scopeClaimMap.replace(scope, tempScope);
                }
            }
            return null;
        }, preparedStatement -> {
            preparedStatement.setInt(1, tenantId);
            preparedStatement.setString(2, Oauth2ScopeConstants.SCOPE_TYPE_OIDC);
            preparedStatement.setInt(3, tenantId);
            preparedStatement.setInt(4, tenantId);
            preparedStatement.setString(5, OIDC_DIALECT_URI);
        });
        oidcScopeClaimList = new ArrayList<ScopeDTO>(scopeClaimMap.values());
    } catch (DataAccessException e) {
        String errorMessage = "Error occured while loading scopes claims mapping.";
        throw new IdentityOAuth2Exception(errorMessage, e);
    }
    return oidcScopeClaimList;
}
Also used : IdentityOAuth2ClientException(org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException) Arrays(java.util.Arrays) JdbcTemplate(org.wso2.carbon.database.utils.jdbc.JdbcTemplate) LambdaExceptionUtils.rethrowConsumer(org.wso2.carbon.identity.core.util.LambdaExceptionUtils.rethrowConsumer) Oauth2ScopeConstants(org.wso2.carbon.identity.oauth2.Oauth2ScopeConstants) Set(java.util.Set) HashMap(java.util.HashMap) SQLIntegrityConstraintViolationException(java.sql.SQLIntegrityConstraintViolationException) JdbcUtils(org.wso2.carbon.identity.oauth2.util.JdbcUtils) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) List(java.util.List) CollectionUtils(org.apache.commons.collections.CollectionUtils) TransactionException(org.wso2.carbon.database.utils.jdbc.exceptions.TransactionException) DataAccessException(org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException) ScopeDTO(org.wso2.carbon.identity.oauth.dto.ScopeDTO) Map(java.util.Map) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) Log(org.apache.commons.logging.Log) RowMapper(org.wso2.carbon.database.utils.jdbc.RowMapper) LogFactory(org.apache.commons.logging.LogFactory) ArrayUtils(org.apache.commons.lang.ArrayUtils) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) HashMap(java.util.HashMap) ScopeDTO(org.wso2.carbon.identity.oauth.dto.ScopeDTO) JdbcTemplate(org.wso2.carbon.database.utils.jdbc.JdbcTemplate) DataAccessException(org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException)

Example 14 with ScopeDTO

use of org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class ScopeClaimMappingDAOImpl method addScopes.

@Override
public void addScopes(int tenantId, List<ScopeDTO> scopeClaimsList) throws IdentityOAuth2Exception {
    JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate();
    scopeClaimsList.forEach(rethrowConsumer(scopeDTO -> {
        String scope = scopeDTO.getName();
        String[] claims = scopeDTO.getClaim();
        // name is exist will throw conflict error.
        if (!isScopeExist(scope, tenantId, true)) {
            try {
                int scopeClaimMappingId = jdbcTemplate.executeInsert(SQLQueries.STORE_IDN_OAUTH2_SCOPE, (preparedStatement -> {
                    preparedStatement.setString(1, scope);
                    preparedStatement.setString(2, scopeDTO.getDisplayName());
                    preparedStatement.setString(3, scopeDTO.getDescription());
                    preparedStatement.setInt(4, tenantId);
                    preparedStatement.setString(5, Oauth2ScopeConstants.SCOPE_TYPE_OIDC);
                }), null, true, Oauth2ScopeConstants.SCOPE_ID);
                if (scopeClaimMappingId > 0 && ArrayUtils.isNotEmpty(claims)) {
                    Set<String> claimsSet = new HashSet<>(Arrays.asList(claims));
                    insertClaims(tenantId, scopeClaimMappingId, claimsSet);
                }
                if (log.isDebugEnabled() && ArrayUtils.isNotEmpty(claims)) {
                    log.debug("The scope: " + scope + " and the claims: " + Arrays.asList(claims) + "are " + "successfully inserted for the tenant: " + tenantId);
                }
            } catch (DataAccessException e) {
                if (e.getCause() instanceof SQLIntegrityConstraintViolationException) {
                    int scopeClaimMappingId = getScopeId(scope, tenantId);
                    if (scopeClaimMappingId > 0) {
                        log.warn("Scope " + scope + " already exist in tenant " + tenantId + " , hence ignoring");
                        return;
                    }
                } else {
                    String errorMessage = "Error while persisting new claims for the scope for the tenant: " + tenantId;
                    throw new IdentityOAuth2Exception(errorMessage, e);
                }
            }
        } else {
            log.warn(String.format("Scope %s already exist in tenant %s.", scope, tenantId));
            throw new IdentityOAuth2ClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE.getCode(), String.format(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE.getMessage(), scope));
        }
    }));
}
Also used : IdentityOAuth2ClientException(org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException) Arrays(java.util.Arrays) JdbcTemplate(org.wso2.carbon.database.utils.jdbc.JdbcTemplate) LambdaExceptionUtils.rethrowConsumer(org.wso2.carbon.identity.core.util.LambdaExceptionUtils.rethrowConsumer) Oauth2ScopeConstants(org.wso2.carbon.identity.oauth2.Oauth2ScopeConstants) Set(java.util.Set) HashMap(java.util.HashMap) SQLIntegrityConstraintViolationException(java.sql.SQLIntegrityConstraintViolationException) JdbcUtils(org.wso2.carbon.identity.oauth2.util.JdbcUtils) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) List(java.util.List) CollectionUtils(org.apache.commons.collections.CollectionUtils) TransactionException(org.wso2.carbon.database.utils.jdbc.exceptions.TransactionException) DataAccessException(org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException) ScopeDTO(org.wso2.carbon.identity.oauth.dto.ScopeDTO) Map(java.util.Map) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) Log(org.apache.commons.logging.Log) RowMapper(org.wso2.carbon.database.utils.jdbc.RowMapper) LogFactory(org.apache.commons.logging.LogFactory) ArrayUtils(org.apache.commons.lang.ArrayUtils) Set(java.util.Set) HashSet(java.util.HashSet) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) SQLIntegrityConstraintViolationException(java.sql.SQLIntegrityConstraintViolationException) JdbcTemplate(org.wso2.carbon.database.utils.jdbc.JdbcTemplate) DataAccessException(org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException) IdentityOAuth2ClientException(org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException)

Example 15 with ScopeDTO

use of org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class ScopeClaimMappingDAOImpl method addScope.

/**
 * To add OIDC scope for a specific tenant.
 *
 * @param scope    Scope.
 * @param tenantId Tenant Id.
 * @throws IdentityOAuth2Exception If an error occurs when adding a scope.
 */
@Override
public void addScope(ScopeDTO scope, int tenantId) throws IdentityOAuth2Exception {
    // name is exist will throw conflict error.
    if (!isScopeExist(scope.getName(), tenantId, true)) {
        JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate();
        try {
            int scopeClaimMappingId = jdbcTemplate.executeInsert(SQLQueries.STORE_IDN_OAUTH2_SCOPE, (preparedStatement -> {
                preparedStatement.setString(1, scope.getName());
                preparedStatement.setString(2, scope.getDisplayName());
                preparedStatement.setString(3, scope.getDescription());
                preparedStatement.setInt(4, tenantId);
                preparedStatement.setString(5, Oauth2ScopeConstants.SCOPE_TYPE_OIDC);
            }), null, true, Oauth2ScopeConstants.SCOPE_ID);
            if (scopeClaimMappingId > 0 && ArrayUtils.isNotEmpty(scope.getClaim())) {
                Set<String> claimsSet = new HashSet<>(Arrays.asList(scope.getClaim()));
                insertClaims(tenantId, scopeClaimMappingId, claimsSet);
            }
            if (log.isDebugEnabled() && ArrayUtils.isNotEmpty(scope.getClaim())) {
                log.debug(String.format("The scope %s and the claims %s are successfully inserted for the tenant:" + " %s", scope.getName(), Arrays.asList(scope.getClaim()), tenantId));
            }
        } catch (DataAccessException e) {
            String errorMessage = "Error while persisting scopes for the tenant: " + tenantId;
            throw new IdentityOAuth2Exception(errorMessage, e);
        }
    } else {
        log.warn(String.format("Scope %s already exist in tenant %s.", scope.getName(), tenantId));
        throw new IdentityOAuth2ClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE.getCode(), String.format(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE.getMessage(), scope.getName()));
    }
}
Also used : IdentityOAuth2ClientException(org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException) Arrays(java.util.Arrays) JdbcTemplate(org.wso2.carbon.database.utils.jdbc.JdbcTemplate) LambdaExceptionUtils.rethrowConsumer(org.wso2.carbon.identity.core.util.LambdaExceptionUtils.rethrowConsumer) Oauth2ScopeConstants(org.wso2.carbon.identity.oauth2.Oauth2ScopeConstants) Set(java.util.Set) HashMap(java.util.HashMap) SQLIntegrityConstraintViolationException(java.sql.SQLIntegrityConstraintViolationException) JdbcUtils(org.wso2.carbon.identity.oauth2.util.JdbcUtils) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) List(java.util.List) CollectionUtils(org.apache.commons.collections.CollectionUtils) TransactionException(org.wso2.carbon.database.utils.jdbc.exceptions.TransactionException) DataAccessException(org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException) ScopeDTO(org.wso2.carbon.identity.oauth.dto.ScopeDTO) Map(java.util.Map) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) Log(org.apache.commons.logging.Log) RowMapper(org.wso2.carbon.database.utils.jdbc.RowMapper) LogFactory(org.apache.commons.logging.LogFactory) ArrayUtils(org.apache.commons.lang.ArrayUtils) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) JdbcTemplate(org.wso2.carbon.database.utils.jdbc.JdbcTemplate) DataAccessException(org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException) IdentityOAuth2ClientException(org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException) HashSet(java.util.HashSet)

Aggregations

ArrayList (java.util.ArrayList)23 ScopeDTO (org.wso2.carbon.identity.oauth.dto.ScopeDTO)18 HashMap (java.util.HashMap)13 Scope (org.wso2.carbon.apimgt.api.model.Scope)11 ScopeDTO (org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.ScopeDTO)11 Test (org.testng.annotations.Test)8 APIScopeDTO (org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.APIScopeDTO)8 IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)8 Scope (org.wso2.carbon.identity.oauth2.bean.Scope)8 HashSet (java.util.HashSet)7 List (java.util.List)7 ScopeDTO (org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO)7 Map (java.util.Map)6 APIProvider (org.wso2.carbon.apimgt.api.APIProvider)6 JdbcTemplate (org.wso2.carbon.database.utils.jdbc.JdbcTemplate)6 DataAccessException (org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException)6 OIDCScopeClaimCacheEntry (org.wso2.carbon.identity.openidconnect.cache.OIDCScopeClaimCacheEntry)6 Matchers.anyString (org.mockito.Matchers.anyString)5 SQLIntegrityConstraintViolationException (java.sql.SQLIntegrityConstraintViolationException)4 Arrays (java.util.Arrays)4