From c0286bae1e2540530d74b0f40f2d48c2490c22a2 Mon Sep 17 00:00:00 2001 From: YuriyZ Date: Tue, 14 Feb 2023 11:48:33 +0200 Subject: [PATCH] feat(jans-auth-server): provide ability to ignore/bypass prompt=consent #3721 (#3851) --- .../model/configuration/AppConfiguration.java | 11 +++++++ .../ws/rs/AuthorizeRestWebServiceImpl.java | 8 ++++- .../context/ExternalPostAuthnContext.java | 31 ++++++++++++++++--- 3 files changed, 45 insertions(+), 5 deletions(-) diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java index bdb82f0c2ae..3cbc120860a 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java @@ -448,6 +448,8 @@ public class AppConfiguration implements Configuration { @DocProperty(description = "Boolean value specifying whether to disable prompt=login", defaultValue = "false") private Boolean disablePromptLogin = false; + @DocProperty(description = "Boolean value specifying whether to disable prompt=consent", defaultValue = "false") + private Boolean disablePromptConsent = false; /** * SessionId will be expired after sessionIdLifetime seconds @@ -1122,6 +1124,15 @@ public void setDisablePromptLogin(Boolean disablePromptLogin) { this.disablePromptLogin = disablePromptLogin; } + public Boolean getDisablePromptConsent() { + if (disablePromptConsent == null) disablePromptConsent = false; + return disablePromptConsent; + } + + public void setDisablePromptConsent(Boolean disablePromptConsent) { + this.disablePromptConsent = disablePromptConsent; + } + public Boolean getIncludeSidInResponse() { if (includeSidInResponse == null) includeSidInResponse = false; return includeSidInResponse; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java index b0284cd9415..ca4f43db959 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java @@ -352,7 +352,7 @@ private ResponseBuilder authorize(AuthzRequest authzRequest) throws AcrChangedEx authzRequest.getAuditLog().setUsername(user.getUserId()); - ExternalPostAuthnContext postAuthnContext = new ExternalPostAuthnContext(client, sessionUser, authzRequest.getHttpRequest(), authzRequest.getHttpResponse()); + ExternalPostAuthnContext postAuthnContext = new ExternalPostAuthnContext(client, sessionUser, authzRequest, prompts); checkForceReAuthentication(authzRequest, prompts, client, postAuthnContext); checkForceAuthorization(authzRequest, prompts, client, postAuthnContext); @@ -533,6 +533,12 @@ private void checkPromptSelectAccount(AuthzRequest authzRequest, List pr } private void checkPromptConsent(AuthzRequest authzRequest, List prompts, SessionId sessionUser, User user, ClientAuthorization clientAuthorization, boolean clientAuthorizationFetched) { + if (isTrue(appConfiguration.getDisablePromptConsent())) { + log.trace("Disabled prompt=consent (because disablePromptConsent=true)."); + prompts.remove(Prompt.CONSENT); + return; + } + if (prompts.contains(Prompt.CONSENT) || !isTrue(sessionUser.isPermissionGrantedForClient(authzRequest.getClientId()))) { if (!clientAuthorizationFetched) { clientAuthorization = clientAuthorizationsService.find(user.getAttribute("inum"), authzRequest.getClient().getClientId()); diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/context/ExternalPostAuthnContext.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/context/ExternalPostAuthnContext.java index 910d35df80e..0c656712930 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/context/ExternalPostAuthnContext.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/context/ExternalPostAuthnContext.java @@ -8,10 +8,11 @@ import io.jans.as.common.model.registration.Client; import io.jans.as.common.model.session.SessionId; +import io.jans.as.model.common.Prompt; +import io.jans.as.server.authorize.ws.rs.AuthzRequest; import io.jans.model.custom.script.conf.CustomScriptConfiguration; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; +import java.util.List; /** * @author Yuriy Zabrovarnyy @@ -21,11 +22,31 @@ public class ExternalPostAuthnContext extends ExternalScriptContext { private final Client client; private final SessionId session; private CustomScriptConfiguration script; + private AuthzRequest authzRequest; + private List prompts; - public ExternalPostAuthnContext(Client client, SessionId session, HttpServletRequest httpRequest, HttpServletResponse httpResponse) { - super(httpRequest, httpResponse); + public ExternalPostAuthnContext(Client client, SessionId session, AuthzRequest authzRequest, List prompts) { + super(authzRequest.getHttpRequest(), authzRequest.getHttpResponse()); this.client = client; this.session = session; + this.authzRequest = authzRequest; + this.prompts = prompts; + } + + public AuthzRequest getAuthzRequest() { + return authzRequest; + } + + public void setAuthzRequest(AuthzRequest authzRequest) { + this.authzRequest = authzRequest; + } + + public List getPrompts() { + return prompts; + } + + public void setPrompts(List prompts) { + this.prompts = prompts; } public CustomScriptConfiguration getScript() { @@ -50,6 +71,8 @@ public String toString() { "client=" + client + ", session=" + (session != null ? session.getId() : "") + ", script=" + script + + ", prompts=" + prompts + + ", authzRequest=" + authzRequest + "} " + super.toString(); } }