From 1158260d242f9729ae883848b77e84703907ca49 Mon Sep 17 00:00:00 2001 From: Shenali Date: Wed, 27 Sep 2023 16:29:21 +0530 Subject: [PATCH 1/4] refactor:Update oauth endpoint request with t, ut and sp --- .../endpoint/authz/OAuth2AuthzEndpoint.java | 56 ++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java index 1b15a55a8f0..ccd699aaadd 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java @@ -235,6 +235,9 @@ public class OAuth2AuthzEndpoint { private static final String PARAMETERS = "params"; private static final String FORM_POST_REDIRECT_URI = "redirectURI"; + private static final String SERVICE_PROVIDER = "s"; + private static final String TENANT_DOMAIN = "t"; + private static final String USER_TENANT_DOMAIN = "ut"; private static final String AUTHENTICATION_ENDPOINT = "/authenticationendpoint"; private static final String OAUTH_RESPONSE_JSP_PAGE = "/oauth_response.jsp"; @@ -964,6 +967,35 @@ sessionState, oauth2Params, getLoggedInUser(oAuthMessage).getAuthenticatedSubjec } } + private void handleFormPostResponseMode(OAuthMessage oAuthMessage, + OIDCSessionState sessionState, + AuthorizationResponseDTO authorizationResponseDTO, + AuthenticatedUser authenticatedUser) { + + String authenticatedIdPs = oAuthMessage.getSessionDataCacheEntry().getAuthenticatedIdPs(); + OAuth2Parameters oauth2Params = getOauth2Params(oAuthMessage); + boolean isOIDCRequest = OAuth2Util.isOIDCAuthzRequest(oauth2Params.getScopes()); + + String sessionStateValue = null; + if (isOIDCRequest) { + sessionState.setAddSessionState(true); + sessionStateValue = manageOIDCSessionState(oAuthMessage, + sessionState, oauth2Params, getLoggedInUser(oAuthMessage).getAuthenticatedSubjectIdentifier(), + oAuthMessage.getSessionDataCacheEntry(), authorizationResponseDTO); + authorizationResponseDTO.setSessionState(sessionStateValue); + } + + if (OAuthServerConfiguration.getInstance().isOAuthResponseJspPageAvailable()) { + String params = buildParams(authorizationResponseDTO.getSuccessResponseDTO().getFormPostBody(), + authenticatedIdPs, sessionStateValue); + String redirectURI = oauth2Params.getRedirectURI(); + forwardToOauthResponseJSP(oAuthMessage, params, redirectURI, authorizationResponseDTO, authenticatedUser); + authorizationResponseDTO.setIsForwardToOAuthResponseJSP(true); + } else { + authorizationResponseDTO.setAuthenticatedIDPs(authenticatedIdPs); + } + } + private Response handleFormPostResponseModeError(OAuthMessage oAuthMessage, OAuthProblemException oauthProblemException) { @@ -1160,7 +1192,7 @@ private Response handleSuccessfulAuthentication(OAuthMessage oAuthMessage, OAuth if (!authorizationResponseDTO.getIsConsentRedirect()) { if (isFormPostWithoutErrors(oAuthMessage, authorizationResponseDTO)) { - handleFormPostResponseMode(oAuthMessage, sessionState, authorizationResponseDTO); + handleFormPostResponseMode(oAuthMessage, sessionState, authorizationResponseDTO, authenticatedUser); if (authorizationResponseDTO.getIsForwardToOAuthResponseJSP()) { return Response.ok().build(); } @@ -4125,6 +4157,28 @@ private Response forwardToOauthResponseJSP(OAuthMessage oAuthMessage, String par } } + private Response forwardToOauthResponseJSP(OAuthMessage oAuthMessage, String params, String redirectURI, + AuthorizationResponseDTO authorizationResponseDTO, + AuthenticatedUser authenticatedUser) { + + try { + HttpServletRequest request = oAuthMessage.getRequest(); + HttpServletResponse response = oAuthMessage.getResponse(); + request.setAttribute(PARAMETERS, params); + request.setAttribute(FORM_POST_REDIRECT_URI, redirectURI); + request.setAttribute(SERVICE_PROVIDER, getServiceProvider(authorizationResponseDTO.getClientId())); + request.setAttribute(TENANT_DOMAIN, authorizationResponseDTO.getSigningTenantDomain()); + request.setAttribute(USER_TENANT_DOMAIN, authenticatedUser.getTenantDomain()); + ServletContext authEndpoint = request.getServletContext().getContext(AUTHENTICATION_ENDPOINT); + RequestDispatcher requestDispatcher = authEndpoint.getRequestDispatcher(OAUTH_RESPONSE_JSP_PAGE); + requestDispatcher.forward(request, response); + return Response.ok().build(); + } catch (ServletException | OAuthSystemException | IOException exception) { + log.error("Error occurred while forwarding the request to oauth_response.jsp page.", exception); + return Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR).build(); + } + } + private boolean isPromptSelectAccount(OAuth2Parameters oauth2Params) { return OAuthConstants.Prompt.SELECT_ACCOUNT.equals(oauth2Params.getPrompt()); From a868a6b2727f07a5803ae232dc6c18ea90e76b7b Mon Sep 17 00:00:00 2001 From: Shenali Date: Mon, 2 Oct 2023 11:37:46 +0530 Subject: [PATCH 2/4] refactor:Update overloaded methods --- .../endpoint/authz/OAuth2AuthzEndpoint.java | 56 +++++-------------- 1 file changed, 14 insertions(+), 42 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java index ccd699aaadd..73ce78df696 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java @@ -236,7 +236,7 @@ public class OAuth2AuthzEndpoint { private static final String PARAMETERS = "params"; private static final String FORM_POST_REDIRECT_URI = "redirectURI"; private static final String SERVICE_PROVIDER = "s"; - private static final String TENANT_DOMAIN = "t"; + private static final String TENANT_DOMAIN = "tenantDomain"; private static final String USER_TENANT_DOMAIN = "ut"; private static final String AUTHENTICATION_ENDPOINT = "/authenticationendpoint"; private static final String OAUTH_RESPONSE_JSP_PAGE = "/oauth_response.jsp"; @@ -648,7 +648,7 @@ private Response handleResponseFromConsent(OAuthMessage oAuthMessage) throws OAu handleUserConsent(oAuthMessage, consent, sessionState, oauth2Params, authorizationResponseDTO); if (isFormPostWithoutErrors(oAuthMessage, authorizationResponseDTO)) { - handleFormPostResponseMode(oAuthMessage, sessionState, authorizationResponseDTO); + handleFormPostResponseMode(oAuthMessage, sessionState, authorizationResponseDTO, null); if (authorizationResponseDTO.getIsForwardToOAuthResponseJSP()) { return Response.ok().build(); } @@ -939,34 +939,6 @@ private void manageOIDCSessionState(OAuthMessage oAuthMessage, OIDCSessionState authorizationResponseDTO.setSessionState(sessionStateParam); } - private void handleFormPostResponseMode(OAuthMessage oAuthMessage, - OIDCSessionState sessionState, - AuthorizationResponseDTO authorizationResponseDTO) { - - String authenticatedIdPs = oAuthMessage.getSessionDataCacheEntry().getAuthenticatedIdPs(); - OAuth2Parameters oauth2Params = getOauth2Params(oAuthMessage); - boolean isOIDCRequest = OAuth2Util.isOIDCAuthzRequest(oauth2Params.getScopes()); - - String sessionStateValue = null; - if (isOIDCRequest) { - sessionState.setAddSessionState(true); - sessionStateValue = manageOIDCSessionState(oAuthMessage, - sessionState, oauth2Params, getLoggedInUser(oAuthMessage).getAuthenticatedSubjectIdentifier(), - oAuthMessage.getSessionDataCacheEntry(), authorizationResponseDTO); - authorizationResponseDTO.setSessionState(sessionStateValue); - } - - if (OAuthServerConfiguration.getInstance().isOAuthResponseJspPageAvailable()) { - String params = buildParams(authorizationResponseDTO.getSuccessResponseDTO().getFormPostBody(), - authenticatedIdPs, sessionStateValue); - String redirectURI = oauth2Params.getRedirectURI(); - forwardToOauthResponseJSP(oAuthMessage, params, redirectURI); - authorizationResponseDTO.setIsForwardToOAuthResponseJSP(true); - } else { - authorizationResponseDTO.setAuthenticatedIDPs(authenticatedIdPs); - } - } - private void handleFormPostResponseMode(OAuthMessage oAuthMessage, OIDCSessionState sessionState, AuthorizationResponseDTO authorizationResponseDTO, @@ -989,7 +961,12 @@ sessionState, oauth2Params, getLoggedInUser(oAuthMessage).getAuthenticatedSubjec String params = buildParams(authorizationResponseDTO.getSuccessResponseDTO().getFormPostBody(), authenticatedIdPs, sessionStateValue); String redirectURI = oauth2Params.getRedirectURI(); - forwardToOauthResponseJSP(oAuthMessage, params, redirectURI, authorizationResponseDTO, authenticatedUser); + if (authenticatedUser != null) { + forwardToOauthResponseJSP(oAuthMessage, params, redirectURI, authorizationResponseDTO, + authenticatedUser); + } else { + forwardToOauthResponseJSP(oAuthMessage, params, redirectURI); + } authorizationResponseDTO.setIsForwardToOAuthResponseJSP(true); } else { authorizationResponseDTO.setAuthenticatedIDPs(authenticatedIdPs); @@ -4160,21 +4137,16 @@ private Response forwardToOauthResponseJSP(OAuthMessage oAuthMessage, String par private Response forwardToOauthResponseJSP(OAuthMessage oAuthMessage, String params, String redirectURI, AuthorizationResponseDTO authorizationResponseDTO, AuthenticatedUser authenticatedUser) { - try { HttpServletRequest request = oAuthMessage.getRequest(); - HttpServletResponse response = oAuthMessage.getResponse(); - request.setAttribute(PARAMETERS, params); - request.setAttribute(FORM_POST_REDIRECT_URI, redirectURI); - request.setAttribute(SERVICE_PROVIDER, getServiceProvider(authorizationResponseDTO.getClientId())); - request.setAttribute(TENANT_DOMAIN, authorizationResponseDTO.getSigningTenantDomain()); request.setAttribute(USER_TENANT_DOMAIN, authenticatedUser.getTenantDomain()); - ServletContext authEndpoint = request.getServletContext().getContext(AUTHENTICATION_ENDPOINT); - RequestDispatcher requestDispatcher = authEndpoint.getRequestDispatcher(OAUTH_RESPONSE_JSP_PAGE); - requestDispatcher.forward(request, response); + request.setAttribute(TENANT_DOMAIN, authorizationResponseDTO.getSigningTenantDomain()); + request.setAttribute(SERVICE_PROVIDER, getServiceProvider(authorizationResponseDTO.getClientId())); + forwardToOauthResponseJSP(oAuthMessage, params, redirectURI); return Response.ok().build(); - } catch (ServletException | OAuthSystemException | IOException exception) { - log.error("Error occurred while forwarding the request to oauth_response.jsp page.", exception); + } catch (OAuthSystemException exception) { + log.error("Error occurred while setting service provider in the request to oauth_response.jsp page.", + exception); return Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR).build(); } } From 15b53ca30d1b06ecd9cc4a26581af85e84734456 Mon Sep 17 00:00:00 2001 From: Shenali Date: Tue, 3 Oct 2023 17:55:16 +0530 Subject: [PATCH 3/4] refactor:Update attribute names --- .../identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java index 73ce78df696..0491af07a2e 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java @@ -235,9 +235,9 @@ public class OAuth2AuthzEndpoint { private static final String PARAMETERS = "params"; private static final String FORM_POST_REDIRECT_URI = "redirectURI"; - private static final String SERVICE_PROVIDER = "s"; + private static final String SERVICE_PROVIDER = "serviceProvider"; private static final String TENANT_DOMAIN = "tenantDomain"; - private static final String USER_TENANT_DOMAIN = "ut"; + private static final String USER_TENANT_DOMAIN = "userTenantDomain"; private static final String AUTHENTICATION_ENDPOINT = "/authenticationendpoint"; private static final String OAUTH_RESPONSE_JSP_PAGE = "/oauth_response.jsp"; From b2270503a4eeeab1749a41198d7c569eb84057a0 Mon Sep 17 00:00:00 2001 From: Shenali Jayakody <66279520+Shenali-SJ@users.noreply.github.com> Date: Wed, 4 Oct 2023 11:13:00 +0530 Subject: [PATCH 4/4] Refactor:Handle internal server error response Co-authored-by: Chamath Samarawickrama --- .../identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java index 0491af07a2e..b495cad167f 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java @@ -4147,7 +4147,9 @@ private Response forwardToOauthResponseJSP(OAuthMessage oAuthMessage, String par } catch (OAuthSystemException exception) { log.error("Error occurred while setting service provider in the request to oauth_response.jsp page.", exception); - return Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR).build(); + return Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR) + .entity("Internal Server Error: " + exception.getMessage()) + .build(); } }