Search in sources :

Example 1 with IdentityOAuth2ScopeException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeService method getScope.

/**
 * @param name Name of the scope which need to get retrieved
 * @return Retrieved Scope
 * @throws IdentityOAuth2ScopeException
 */
public Scope getScope(String name) throws IdentityOAuth2ScopeException {
    Scope scope;
    int tenantID = Oauth2ScopeUtils.getTenantID();
    validateScopeName(name);
    scope = OAuthScopeCache.getInstance().getValueFromCache(new OAuthScopeCacheKey(name), tenantID);
    if (scope == null) {
        try {
            scope = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().getScopeByName(name, tenantID);
            if (scope != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Scope is getting from the database. \n" + scope.toString());
                }
                OAuthScopeCache.getInstance().addToCache(new OAuthScopeCacheKey(name), scope, tenantID);
            }
        } catch (IdentityOAuth2ScopeServerException e) {
            throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_SCOPE_BY_NAME, name, e);
        }
    }
    if (scope == null) {
        throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE, name);
    }
    return scope;
}
Also used : Scope(org.wso2.carbon.identity.oauth2.bean.Scope) OAuthScopeCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthScopeCacheKey)

Example 2 with IdentityOAuth2ScopeException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeService method isUserHasAnExistingConsentForApp.

/**
 * Check if the user already has an existing consent for the application.
 *
 * @param userId        User id.
 * @param appId         Application id.
 * @param userTenantId  Tenant id.
 * @return  True if user already has an existing consent.
 * @throws IdentityOAuth2ScopeException
 */
public boolean isUserHasAnExistingConsentForApp(String userId, String appId, int userTenantId) throws IdentityOAuth2ScopeException {
    validateUserId(userId);
    validateAppId(appId);
    try {
        boolean consentExists = false;
        UserApplicationScopeConsentDO existingConsents = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(userId, appId, userTenantId);
        if (CollectionUtils.isNotEmpty(existingConsents.getApprovedScopes()) || CollectionUtils.isNotEmpty(existingConsents.getDeniedScopes())) {
            consentExists = true;
        }
        if (log.isDebugEnabled()) {
            log.debug("Existing consent status : " + consentExists + " for user : " + userId + ", app : " + appId + " in tenant with id : " + userTenantId);
        }
        return consentExists;
    } catch (IdentityOAuth2ScopeConsentException e) {
        Oauth2ScopeConstants.ErrorMessages error = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_CHECK_EXISTING_CONSENTS_FOR_USER;
        String msg = String.format(error.getMessage(), userId, appId, userTenantId);
        throw new IdentityOAuth2ScopeServerException(error.getCode(), msg, e);
    }
}
Also used : UserApplicationScopeConsentDO(org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)

Example 3 with IdentityOAuth2ScopeException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeService method hasUserProvidedConsentForAllRequestedScopes.

/**
 * Check if user has already consented for requested scopes.
 *
 * @param userId                            User Id.
 * @param appId                             Application Id.
 * @param userTenantId                      Tenant Id.
 * @param consentRequiredScopes     List of consent required approved scopes.
 * @return true if user has already provided the consent.
 * @throws IdentityOAuth2ScopeException
 */
public boolean hasUserProvidedConsentForAllRequestedScopes(String userId, String appId, int userTenantId, List<String> consentRequiredScopes) throws IdentityOAuth2ScopeException {
    validateUserId(userId);
    validateAppId(appId);
    try {
        if (CollectionUtils.isNotEmpty(consentRequiredScopes)) {
            UserApplicationScopeConsentDO existingConsent = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(userId, appId, userTenantId);
            consentRequiredScopes.removeAll(existingConsent.getApprovedScopes());
            consentRequiredScopes.removeAll(existingConsent.getDeniedScopes());
            return consentRequiredScopes.isEmpty();
        }
        return true;
    } catch (IdentityOAuth2ScopeConsentException e) {
        Oauth2ScopeConstants.ErrorMessages error = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_CHECK_ALREADY_USER_CONSENTED;
        String msg = String.format(error.getMessage(), userId, appId, userTenantId);
        throw new IdentityOAuth2ScopeServerException(error.getCode(), msg, e);
    }
}
Also used : UserApplicationScopeConsentDO(org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)

Example 4 with IdentityOAuth2ScopeException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeService method isScopeExists.

/**
 * Check the existence of a scope depends on scope type. Type can be OAUTH2 scopes or OIDC scopes.
 *
 * @param name              Name of the scope.
 * @param includeOIDCScopes Include OIDC scopes as well.
 * @return True if scope with the given scope name exists.
 * @throws IdentityOAuth2ScopeException
 */
public boolean isScopeExists(String name, boolean includeOIDCScopes) throws IdentityOAuth2ScopeException {
    boolean isScopeExists;
    int tenantID = Oauth2ScopeUtils.getTenantID();
    if (name == null) {
        throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_NAME_NOT_SPECIFIED, null);
    }
    Scope scopeFromCache = OAuthScopeCache.getInstance().getValueFromCache(new OAuthScopeCacheKey(name), tenantID);
    if (scopeFromCache != null) {
        isScopeExists = true;
    } else {
        try {
            isScopeExists = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().isScopeExists(name, tenantID, includeOIDCScopes);
        } catch (IdentityOAuth2ScopeServerException e) {
            throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_SCOPE_BY_NAME, name, e);
        }
    }
    return isScopeExists;
}
Also used : Scope(org.wso2.carbon.identity.oauth2.bean.Scope) OAuthScopeCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthScopeCacheKey)

Example 5 with IdentityOAuth2ScopeException

use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeService method registerScope.

/**
 * Register a scope with the bindings
 *
 * @param scope details of the scope to be registered
 * @throws IdentityOAuth2ScopeServerException
 */
public Scope registerScope(Scope scope) throws IdentityOAuth2ScopeException {
    addScopePreValidation(scope);
    // Check whether a scope exists with the provided scope name or not regardless of scope type. We don't allow
    // to register same scope name across OAuth2 and OIDC scope endpoints. We keep the scope name as unique.
    boolean isScopeExists = isScopeExists(scope.getName(), true);
    if (isScopeExists) {
        // Rechecking to see if the existing scope is an OIDC scope to improve error response.
        if (isScopeExists(scope.getName(), false)) {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE, scope.getName());
        } else {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE_OIDC, scope.getName());
        }
    }
    int tenantID = Oauth2ScopeUtils.getTenantID();
    try {
        OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().addScope(scope, tenantID);
        if (log.isDebugEnabled()) {
            log.debug("Scope is added to the database. \n" + scope.toString());
        }
    } catch (IdentityOAuth2ScopeServerException e) {
        throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_REGISTER_SCOPE, scope.toString(), e);
    }
    OAuthScopeCache.getInstance().addToCache(new OAuthScopeCacheKey(scope.getName()), scope, tenantID);
    return scope;
}
Also used : OAuthScopeCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthScopeCacheKey)

Aggregations

Scope (org.wso2.carbon.identity.oauth2.bean.Scope)14 Test (org.testng.annotations.Test)12 IdentityOAuth2ScopeException (org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeException)12 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)11 Connection (java.sql.Connection)9 IdentityOAuth2ScopeClientException (org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeClientException)8 IdentityBaseTest (org.wso2.carbon.identity.testutil.IdentityBaseTest)8 OAuthScopeCacheKey (org.wso2.carbon.identity.oauth.cache.OAuthScopeCacheKey)6 DataProvider (org.testng.annotations.DataProvider)5 UserApplicationScopeConsentDO (org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)5 ScopeDTO (org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO)3 ScopeEndpointException (org.wso2.carbon.identity.oauth.scope.endpoint.exceptions.ScopeEndpointException)3 PowerMockIdentityBaseTest (org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)3 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)2 ErrorDTO (org.wso2.carbon.identity.oauth.scope.endpoint.dto.ErrorDTO)2 OAuth2ScopeConsentResponse (org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse)2 SQLException (java.sql.SQLException)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1