From 0bb30b3d38898e3cc19ddbd9c72f1b0a64fd2743 Mon Sep 17 00:00:00 2001 From: yurem Date: Mon, 27 Sep 2021 16:43:28 +0300 Subject: [PATCH 1/3] fix: consent Gathering Script is not working in 4.3.0 version. #1549 --- .../ws/rs/ConsentGathererService.java | 18 ++++++++++++++++++ Server/src/main/webapp/authz/authorize.xhtml | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java index f5fbbaca55..651086edf3 100644 --- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java +++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java @@ -9,11 +9,14 @@ import org.gluu.jsf2.service.FacesService; import org.gluu.model.custom.script.conf.CustomScriptConfiguration; import org.gluu.oxauth.i18n.LanguageBean; +import org.gluu.oxauth.model.authorize.AuthorizeRequestParam; +import org.gluu.oxauth.model.authorize.ScopeChecker; import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.service.AuthorizeService; import org.gluu.oxauth.service.ClientService; +import org.gluu.oxauth.service.SessionIdService; import org.gluu.oxauth.service.common.UserService; import org.gluu.oxauth.service.external.ExternalConsentGatheringService; import org.gluu.oxauth.service.external.context.ConsentGatheringContext; @@ -69,6 +72,12 @@ public class ConsentGathererService { @Inject private ClientService clientService; + + @Inject + private SessionIdService sessionIdService; + + @Inject + private ScopeChecker scopeChecker; private final Map pageAttributes = new HashMap(); private ConsentGatheringContext context; @@ -295,4 +304,13 @@ public ConsentGatheringContext getContext() { return context; } + public List getScopes(ConsentGatheringContext context) { + SessionId authenticatedSessionId = sessionIdService.getSessionId(); + // Fix the list of scopes in the authorization page. oxAuth #739 + Set grantedScopes = scopeChecker.checkScopesPolicy(context.getClient(), authenticatedSessionId.getSessionAttributes().get(AuthorizeRequestParam.SCOPE)); + String allowedScope = org.gluu.oxauth.model.util.StringUtils.implode(grantedScopes, " "); + + return authorizeService.getScopes(allowedScope); + } + } diff --git a/Server/src/main/webapp/authz/authorize.xhtml b/Server/src/main/webapp/authz/authorize.xhtml index 2572850879..b1bf6cf84d 100644 --- a/Server/src/main/webapp/authz/authorize.xhtml +++ b/Server/src/main/webapp/authz/authorize.xhtml @@ -11,7 +11,7 @@ - + Date: Mon, 27 Sep 2021 18:38:10 +0300 Subject: [PATCH 2/3] fix: consent Gathering Script is not working in 4.3.0 version. #1549 --- .../gluu/oxauth/authorize/ws/rs/ConsentGathererService.java | 6 +++++- Server/src/main/webapp/authz/authorize.xhtml | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java index 651086edf3..deb48d4187 100644 --- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java +++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java @@ -304,7 +304,11 @@ public ConsentGatheringContext getContext() { return context; } - public List getScopes(ConsentGatheringContext context) { + public List getScopes() { + if (context == null) { + return Collections.emptyList(); + } + SessionId authenticatedSessionId = sessionIdService.getSessionId(); // Fix the list of scopes in the authorization page. oxAuth #739 Set grantedScopes = scopeChecker.checkScopesPolicy(context.getClient(), authenticatedSessionId.getSessionAttributes().get(AuthorizeRequestParam.SCOPE)); diff --git a/Server/src/main/webapp/authz/authorize.xhtml b/Server/src/main/webapp/authz/authorize.xhtml index b1bf6cf84d..27555af2eb 100644 --- a/Server/src/main/webapp/authz/authorize.xhtml +++ b/Server/src/main/webapp/authz/authorize.xhtml @@ -11,7 +11,7 @@ - + Date: Mon, 27 Sep 2021 18:41:32 +0300 Subject: [PATCH 3/3] fix: consent Gathering Script is not working in 4.3.0 version. #1549 --- Server/src/main/webapp/authz/authorize.xhtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Server/src/main/webapp/authz/authorize.xhtml b/Server/src/main/webapp/authz/authorize.xhtml index 27555af2eb..a3dfe21e87 100644 --- a/Server/src/main/webapp/authz/authorize.xhtml +++ b/Server/src/main/webapp/authz/authorize.xhtml @@ -11,7 +11,7 @@ - +