feat(jans-auth-server): provide ability to ignore/bypass prompt=consent

#3721 (#3851)
JanssenProject · Feb 14, 2023 · c0286ba · c0286ba
1 parent 42c9556
commit c0286ba
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 5 deletions.
diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java
@@ -448,6 +448,8 @@ public class AppConfiguration implements Configuration {
     @DocProperty(description = "Boolean value specifying whether to disable prompt=login", defaultValue = "false")
     private Boolean disablePromptLogin = false;
 
+    @DocProperty(description = "Boolean value specifying whether to disable prompt=consent", defaultValue = "false")
+    private Boolean disablePromptConsent = false;
 
     /**
      * SessionId will be expired after sessionIdLifetime seconds
@@ -1122,6 +1124,15 @@ public void setDisablePromptLogin(Boolean disablePromptLogin) {
         this.disablePromptLogin = disablePromptLogin;
     }
 
+    public Boolean getDisablePromptConsent() {
+        if (disablePromptConsent == null) disablePromptConsent = false;
+        return disablePromptConsent;
+    }
+
+    public void setDisablePromptConsent(Boolean disablePromptConsent) {
+        this.disablePromptConsent = disablePromptConsent;
+    }
+
     public Boolean getIncludeSidInResponse() {
         if (includeSidInResponse == null) includeSidInResponse = false;
         return includeSidInResponse;

diff --git a/...r/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/...r/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java
@@ -352,7 +352,7 @@ private ResponseBuilder authorize(AuthzRequest authzRequest) throws AcrChangedEx
 
         authzRequest.getAuditLog().setUsername(user.getUserId());
 
-        ExternalPostAuthnContext postAuthnContext = new ExternalPostAuthnContext(client, sessionUser, authzRequest.getHttpRequest(), authzRequest.getHttpResponse());
+        ExternalPostAuthnContext postAuthnContext = new ExternalPostAuthnContext(client, sessionUser, authzRequest, prompts);
         checkForceReAuthentication(authzRequest, prompts, client, postAuthnContext);
         checkForceAuthorization(authzRequest, prompts, client, postAuthnContext);
 
@@ -533,6 +533,12 @@ private void checkPromptSelectAccount(AuthzRequest authzRequest, List<Prompt> pr
     }
 
     private void checkPromptConsent(AuthzRequest authzRequest, List<Prompt> prompts, SessionId sessionUser, User user, ClientAuthorization clientAuthorization, boolean clientAuthorizationFetched) {
+        if (isTrue(appConfiguration.getDisablePromptConsent())) {
+            log.trace("Disabled prompt=consent (because disablePromptConsent=true).");
+            prompts.remove(Prompt.CONSENT);
+            return;
+        }
+
         if (prompts.contains(Prompt.CONSENT) || !isTrue(sessionUser.isPermissionGrantedForClient(authzRequest.getClientId()))) {
             if (!clientAuthorizationFetched) {
                 clientAuthorization = clientAuthorizationsService.find(user.getAttribute("inum"), authzRequest.getClient().getClientId());

diff --git a/...er/src/main/java/io/jans/as/server/service/external/context/ExternalPostAuthnContext.java b/...er/src/main/java/io/jans/as/server/service/external/context/ExternalPostAuthnContext.java
@@ -8,10 +8,11 @@
 
 import io.jans.as.common.model.registration.Client;
 import io.jans.as.common.model.session.SessionId;
+import io.jans.as.model.common.Prompt;
+import io.jans.as.server.authorize.ws.rs.AuthzRequest;
 import io.jans.model.custom.script.conf.CustomScriptConfiguration;
 
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
+import java.util.List;
 
 /**
  * @author Yuriy Zabrovarnyy
@@ -21,11 +22,31 @@ public class ExternalPostAuthnContext extends ExternalScriptContext {
     private final Client client;
     private final SessionId session;
     private CustomScriptConfiguration script;
+    private AuthzRequest authzRequest;
+    private List<Prompt> prompts;
 
-    public ExternalPostAuthnContext(Client client, SessionId session, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
-        super(httpRequest, httpResponse);
+    public ExternalPostAuthnContext(Client client, SessionId session, AuthzRequest authzRequest, List<Prompt> prompts) {
+        super(authzRequest.getHttpRequest(), authzRequest.getHttpResponse());
         this.client = client;
         this.session = session;
+        this.authzRequest = authzRequest;
+        this.prompts = prompts;
+    }
+
+    public AuthzRequest getAuthzRequest() {
+        return authzRequest;
+    }
+
+    public void setAuthzRequest(AuthzRequest authzRequest) {
+        this.authzRequest = authzRequest;
+    }
+
+    public List<Prompt> getPrompts() {
+        return prompts;
+    }
+
+    public void setPrompts(List<Prompt> prompts) {
+        this.prompts = prompts;
     }
 
     public CustomScriptConfiguration getScript() {
@@ -50,6 +71,8 @@ public String toString() {
                 "client=" + client +
                 ", session=" + (session != null ? session.getId() : "") +
                 ", script=" + script +
+                ", prompts=" + prompts +
+                ", authzRequest=" + authzRequest +
                 "} " + super.toString();
     }
 }