Search in sources :

Example 1 with IdentityOAuth2ScopeConsentException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeConsentException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeService method isUserHasAnExistingConsentForApp.

/**
 * Check if the user already has an existing consent for the application.
 *
 * @param userId        User id.
 * @param appId         Application id.
 * @param userTenantId  Tenant id.
 * @return  True if user already has an existing consent.
 * @throws IdentityOAuth2ScopeException
 */
public boolean isUserHasAnExistingConsentForApp(String userId, String appId, int userTenantId) throws IdentityOAuth2ScopeException {
    validateUserId(userId);
    validateAppId(appId);
    try {
        boolean consentExists = false;
        UserApplicationScopeConsentDO existingConsents = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(userId, appId, userTenantId);
        if (CollectionUtils.isNotEmpty(existingConsents.getApprovedScopes()) || CollectionUtils.isNotEmpty(existingConsents.getDeniedScopes())) {
            consentExists = true;
        }
        if (log.isDebugEnabled()) {
            log.debug("Existing consent status : " + consentExists + " for user : " + userId + ", app : " + appId + " in tenant with id : " + userTenantId);
        }
        return consentExists;
    } catch (IdentityOAuth2ScopeConsentException e) {
        Oauth2ScopeConstants.ErrorMessages error = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_CHECK_EXISTING_CONSENTS_FOR_USER;
        String msg = String.format(error.getMessage(), userId, appId, userTenantId);
        throw new IdentityOAuth2ScopeServerException(error.getCode(), msg, e);
    }
}
Also used : UserApplicationScopeConsentDO(org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)

Example 2 with IdentityOAuth2ScopeConsentException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeConsentException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeService method hasUserProvidedConsentForAllRequestedScopes.

/**
 * Check if user has already consented for requested scopes.
 *
 * @param userId                            User Id.
 * @param appId                             Application Id.
 * @param userTenantId                      Tenant Id.
 * @param consentRequiredScopes     List of consent required approved scopes.
 * @return true if user has already provided the consent.
 * @throws IdentityOAuth2ScopeException
 */
public boolean hasUserProvidedConsentForAllRequestedScopes(String userId, String appId, int userTenantId, List<String> consentRequiredScopes) throws IdentityOAuth2ScopeException {
    validateUserId(userId);
    validateAppId(appId);
    try {
        if (CollectionUtils.isNotEmpty(consentRequiredScopes)) {
            UserApplicationScopeConsentDO existingConsent = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(userId, appId, userTenantId);
            consentRequiredScopes.removeAll(existingConsent.getApprovedScopes());
            consentRequiredScopes.removeAll(existingConsent.getDeniedScopes());
            return consentRequiredScopes.isEmpty();
        }
        return true;
    } catch (IdentityOAuth2ScopeConsentException e) {
        Oauth2ScopeConstants.ErrorMessages error = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_CHECK_ALREADY_USER_CONSENTED;
        String msg = String.format(error.getMessage(), userId, appId, userTenantId);
        throw new IdentityOAuth2ScopeServerException(error.getCode(), msg, e);
    }
}
Also used : UserApplicationScopeConsentDO(org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)

Example 3 with IdentityOAuth2ScopeConsentException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeConsentException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeService method addUserConsentForApplication.

/**
 * Add an OAuth scope consent given for an application by an user.
 *
 * @param userId            User Id.
 * @param appId             Application Id.
 * @param userTenantId      Tenant Id.
 * @param approvedScopes    List of approved scopes.
 * @param deniedScopes      List of denied scopes.
 * @throws IdentityOAuth2ScopeException
 */
public void addUserConsentForApplication(String userId, String appId, int userTenantId, List<String> approvedScopes, List<String> deniedScopes) throws IdentityOAuth2ScopeException {
    validateUserId(userId);
    validateAppId(appId);
    try {
        UserApplicationScopeConsentDO userApplicationScopeConsents = new UserApplicationScopeConsentDO(appId, approvedScopes, deniedScopes);
        OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().addUserConsentForApplication(userId, userTenantId, userApplicationScopeConsents);
        if (log.isDebugEnabled()) {
            log.debug("Successfully added the user consent for OAuth scopes for user : " + userId + " and application name : " + appId + " in tenant with id : " + userTenantId);
        }
    } catch (IdentityOAuth2ScopeConsentException e) {
        Oauth2ScopeConstants.ErrorMessages error = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_ADD_USER_CONSENT_FOR_APP;
        String msg = String.format(error.getMessage(), userId, appId, userTenantId);
        throw new IdentityOAuth2ScopeServerException(error.getCode(), msg, e);
    }
}
Also used : UserApplicationScopeConsentDO(org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)

Example 4 with IdentityOAuth2ScopeConsentException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeConsentException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeService method getUserConsentForApp.

/**
 * Get OAuth scope consent given for an application by the user.
 *
 * @param userId        User Id.
 * @param appId         Application Id.
 * @param userTenantId  Tenant Id.
 * @return  {@link OAuth2ScopeConsentResponse}.
 * @throws IdentityOAuth2ScopeException
 */
public OAuth2ScopeConsentResponse getUserConsentForApp(String userId, String appId, int userTenantId) throws IdentityOAuth2ScopeException {
    validateUserId(userId);
    validateAppId(appId);
    try {
        UserApplicationScopeConsentDO userConsent = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(userId, appId, userTenantId);
        OAuth2ScopeConsentResponse consentResponse = new OAuth2ScopeConsentResponse(userId, appId, userTenantId, userConsent.getApprovedScopes(), userConsent.getDeniedScopes());
        if (log.isDebugEnabled()) {
            log.debug("Successfully retrieved the user consent for userId : " + userId + " and appId: " + appId + " as approved scopes : " + userConsent.getApprovedScopes().stream().collect(Collectors.joining(" ")) + " and denied scopes : " + userConsent.getDeniedScopes().stream().collect(Collectors.joining(" ")));
        }
        return consentResponse;
    } catch (IdentityOAuth2ScopeConsentException e) {
        Oauth2ScopeConstants.ErrorMessages error = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_RETRIEVE_USER_CONSENTS_FOR_APP;
        String msg = String.format(error.getMessage(), userId, appId, userTenantId);
        throw new IdentityOAuth2ScopeServerException(error.getCode(), msg, e);
    }
}
Also used : OAuth2ScopeConsentResponse(org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse) UserApplicationScopeConsentDO(org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)

Example 5 with IdentityOAuth2ScopeConsentException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeConsentException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthUserConsentedScopesDAOImpl method deleteUserConsents.

@Override
public void deleteUserConsents(String userId, int tenantId) throws IdentityOAuth2ScopeConsentException {
    if (log.isDebugEnabled()) {
        log.debug("Revoking all scope consents for user with userId : " + userId + " in tenantId : " + tenantId);
    }
    try (Connection conn = IdentityDatabaseUtil.getDBConnection(false)) {
        try (PreparedStatement ps = conn.prepareStatement(SQLQueries.REMOVE_OAUTH2_USER_CONSENTS)) {
            ps.setString(1, userId);
            ps.setInt(2, tenantId);
            ps.execute();
        }
    } catch (SQLException e) {
        String msg = "Error occurred while deleting user scope consents for  userId : " + userId + " and " + "tenantId : " + tenantId;
        throw new IdentityOAuth2ScopeConsentException(msg, e);
    }
}
Also used : SQLException(java.sql.SQLException) Connection(java.sql.Connection) PreparedStatement(java.sql.PreparedStatement) IdentityOAuth2ScopeConsentException(org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeConsentException)

Aggregations

UserApplicationScopeConsentDO (org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)8 Connection (java.sql.Connection)5 SQLException (java.sql.SQLException)5 IdentityOAuth2ScopeConsentException (org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeConsentException)5 PreparedStatement (java.sql.PreparedStatement)3 ResultSet (java.sql.ResultSet)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)1 OAuthUserConsentedScopeCacheEntry (org.wso2.carbon.identity.oauth2.internal.cache.OAuthUserConsentedScopeCacheEntry)1 OAuth2ScopeConsentResponse (org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse)1