fix(jans-auth-server): jansApp attribute only relevant for SG (#3782)

JanssenProject · Feb 6, 2023 · 6153a13 · 6153a13
1 parent d71b3e2
commit 6153a13
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 8 deletions.
diff --git a/...-catalog/person_authentication/fido2-external-authenticator/Fido2ExternalAuthenticator.py b/...-catalog/person_authentication/fido2-external-authenticator/Fido2ExternalAuthenticator.py
@@ -156,7 +156,8 @@ def prepareForStep(self, configurationAttributes, requestParameters, step):
             attestationResponse = None
 
             # Check if user have registered devices
-            count = CdiUtil.bean(UserService).countFido2RegisteredDevices(userName, self.fido2_domain)
+            count = CdiUtil.bean(UserService).countFido2RegisteredDevices(userName)
+
             if count > 0:
                 print "Fido2. Prepare for step 2. Call Fido2 endpoint in order to start assertion flow"
 

diff --git a/.../src/main/java/io/jans/as/common/service/common/fido2/RegistrationPersistenceService.java b/.../src/main/java/io/jans/as/common/service/common/fido2/RegistrationPersistenceService.java
@@ -121,9 +121,15 @@ public List<Fido2RegistrationEntry> findByRpRegisteredUserDevices(String userNam
 
         Filter userInumFilter = Filter.createEqualityFilter("personInum", userInum);
         Filter registeredFilter = Filter.createEqualityFilter("jansStatus", Fido2RegistrationStatus.registered.getValue());
-		Filter appIdFilter = Filter.createEqualityFilter("jansApp", rpId);
-        Filter filter = Filter.createANDFilter(userInumFilter, registeredFilter, appIdFilter);
-
+        Filter filter = null;
+        if (StringHelper.isNotEmpty(rpId)) {
+        	Filter appIdFilter = Filter.createEqualityFilter("jansApp", rpId);
+        	filter = Filter.createANDFilter(userInumFilter, registeredFilter, appIdFilter);
+        }
+        else
+        {
+        	filter = Filter.createANDFilter(userInumFilter, registeredFilter);
+        }
         List<Fido2RegistrationEntry> fido2RegistrationnEntries = persistenceEntryManager.findEntries(baseDn, Fido2RegistrationEntry.class, filter, returnAttributes);
 
         return fido2RegistrationnEntries;

diff --git a/jans-auth-server/server/src/main/webapp/auth/fido2/platform.xhtml b/jans-auth-server/server/src/main/webapp/auth/fido2/platform.xhtml
@@ -158,7 +158,7 @@ body {
 						<h2>#{msgs['fido2.verification.stepverification']}</h2>
 						<p>#{msgs['fido2.touch.verification.usedevice']}</p>
 						<img
-							src="#{oxAuthConfigurationService.getImgLocation()}/touchid.jpg"
+							src="#{webConfigurationService.getImgLocation()}/touchid.jpg"
 							alt="step_ver" />
 						<h4>#{msgs['fido2.touch.verification.insertkey']}</h4>
 						<p>#{msgs['fido2.touch.verification.useit']}</p>

diff --git a/jans-auth-server/server/src/main/webapp/auth/fido2/secKeys.xhtml b/jans-auth-server/server/src/main/webapp/auth/fido2/secKeys.xhtml
@@ -171,7 +171,7 @@ body {
                                                 <h2>#{msgs['fido2.verification.stepverification']}</h2>
                                                 <p>#{msgs['fido2.verification.usedevice']}</p>
                                                 <img
-                                                        src="#{oxAuthConfigurationService.getImgLocation()}/step_ver.png"
+                                                        src="#{webConfigurationService.getImgLocation()}/step_ver.png"
                                                         alt="step_ver" />
                                                 <h4>#{msgs['fido2.verification.insertkey']}</h4>
                                                 <p>#{msgs['fido2.verification.useit']}</p>

diff --git a/jans-auth-server/server/src/main/webapp/stylesheet/style.css b/jans-auth-server/server/src/main/webapp/stylesheet/style.css
@@ -207,7 +207,7 @@ login-panel {
 
             .login-panel-header {
                             background-color: #D4CFC7;
-                                            background-image: url("#{oxAuthConfigurationService.getImgLocation()}/panel_header_bg.png");
+                                            background-image: url("#{webConfigurationService.getImgLocation()}/panel_header_bg.png");
                                                             background-position: left top;
                                                                             background-repeat: repeat-x;
                                                                                             border-style: solid;

diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java
@@ -325,7 +325,7 @@ private Pair<ArrayNode, String> prepareAllowedCredentials(String documentDomain,
 						String.format("Can't find associated key '%s' for application '%s'", requestedKeyHandle, documentDomain)));
 			existingFido2Registrations = Arrays.asList(fido2RegistrationEntry);
 		} else {
-			existingFido2Registrations = registrationPersistenceService.findByRpRegisteredUserDevices(username, documentDomain);
+			existingFido2Registrations = registrationPersistenceService.findByRpRegisteredUserDevices(username, null);
 		}
 		//  f.getRegistrationData().getAttenstationRequest() null check is added to maintain backward compatiblity with U2F devices when U2F devices are migrated to the FIDO2 server
 		List<Fido2RegistrationEntry> allowedFido2Registrations = existingFido2Registrations.parallelStream()