From 3083a3f28f6d6c6a9de319f23fd745ac69477249 Mon Sep 17 00:00:00 2001 From: YuriyZ Date: Mon, 15 Aug 2022 10:58:32 +0300 Subject: [PATCH] feat(jans-auth-server): added allowSpontaneousScopes AS json config #2074 (#2111) * feat(jans-auth-server): added allowSpontaneousScopes AS JSON config #2074 https://github.com/JanssenProject/jans/issues/2074 docs: swagger updated * test(jans-auth-server): added SpontaneousScopeServiceTest #2074 docs: no docs --- .../model/configuration/AppConfiguration.java | 10 +++++ .../service/SpontaneousScopeService.java | 23 ++++++----- .../server/uma/service/UmaScopeService.java | 4 ++ .../service/SpontaneousScopeServiceTest.java | 40 +++++++++++++++++++ .../server/src/test/resources/testng.xml | 1 + .../docs/jans-config-api-swagger.yaml | 3 ++ .../jans_setup/setup_app/test_data_loader.py | 1 + 7 files changed, 71 insertions(+), 11 deletions(-) create mode 100644 jans-auth-server/server/src/test/java/io/jans/as/server/service/SpontaneousScopeServiceTest.java diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java index bcc16df5930..32cf2074216 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java @@ -89,6 +89,7 @@ public class AppConfiguration implements Configuration { private int statTimerIntervalInSeconds; private String statAuthorizationScope; + private Boolean allowSpontaneousScopes; private int spontaneousScopeLifetime; private String openidSubAttribute; private Boolean publicSubjectIdentifierPerClientEnabled = false; @@ -1489,6 +1490,15 @@ public void setUmaPctLifetime(int umaPctLifetime) { this.umaPctLifetime = umaPctLifetime; } + public Boolean getAllowSpontaneousScopes() { + if (allowSpontaneousScopes == null) allowSpontaneousScopes = false; + return allowSpontaneousScopes; + } + + public void setAllowSpontaneousScopes(Boolean allowSpontaneousScopes) { + this.allowSpontaneousScopes = allowSpontaneousScopes; + } + public int getSpontaneousScopeLifetime() { return spontaneousScopeLifetime; } diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/SpontaneousScopeService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/SpontaneousScopeService.java index dc8909c9a54..9be5a79600b 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/SpontaneousScopeService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/SpontaneousScopeService.java @@ -14,20 +14,17 @@ import io.jans.as.model.configuration.AppConfiguration; import io.jans.as.model.util.Pair; import io.jans.as.persistence.model.Scope; -import org.apache.commons.lang3.BooleanUtils; -import org.python.google.common.collect.Sets; -import org.slf4j.Logger; - import jakarta.ejb.Stateless; import jakarta.inject.Inject; import jakarta.inject.Named; -import java.util.ArrayList; -import java.util.Calendar; -import java.util.Date; -import java.util.Set; -import java.util.UUID; +import org.python.google.common.collect.Sets; +import org.slf4j.Logger; + +import java.util.*; import java.util.regex.Pattern; +import static org.apache.commons.lang3.BooleanUtils.isFalse; + @Stateless @Named public class SpontaneousScopeService { @@ -49,7 +46,7 @@ public Scope createSpontaneousScopeIfNeeded(Set regExps, String scopeId, } final Pair isAllowed = isAllowedBySpontaneousScopes(regExps, scopeId); - if (BooleanUtils.isFalse(isAllowed.getFirst())) { + if (isFalse(isAllowed.getFirst())) { log.error("Forbidden by client. Check client configuration."); return null; } @@ -87,7 +84,11 @@ public long getLifetime() { } public boolean isAllowedBySpontaneousScopes(Client client, String scopeRequested) { - if (BooleanUtils.isFalse(client.getAttributes().getAllowSpontaneousScopes())) { + if (isFalse(appConfiguration.getAllowSpontaneousScopes())) { + return false; + } + + if (isFalse(client.getAttributes().getAllowSpontaneousScopes())) { return false; } diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/uma/service/UmaScopeService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/uma/service/UmaScopeService.java index c0769f2d014..99f4c103370 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/uma/service/UmaScopeService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/uma/service/UmaScopeService.java @@ -76,6 +76,10 @@ public Scope getOrCreate(Client client, String scopeId, Set regExps) { return fromLdap; } + if (isFalse(appConfiguration.getAllowSpontaneousScopes())) { + return null; + } + if (isFalse(client.getAttributes().getAllowSpontaneousScopes())) { return null; } diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/service/SpontaneousScopeServiceTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/service/SpontaneousScopeServiceTest.java new file mode 100644 index 00000000000..8746f175363 --- /dev/null +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/service/SpontaneousScopeServiceTest.java @@ -0,0 +1,40 @@ +package io.jans.as.server.service; + +import io.jans.as.common.model.registration.Client; +import io.jans.as.model.config.StaticConfiguration; +import io.jans.as.model.configuration.AppConfiguration; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.testng.MockitoTestNGListener; +import org.slf4j.Logger; +import org.testng.annotations.Listeners; +import org.testng.annotations.Test; + +import static org.testng.Assert.assertFalse; + +/** + * @author Yuriy Z + */ +@Listeners(MockitoTestNGListener.class) +public class SpontaneousScopeServiceTest { + + @InjectMocks + private SpontaneousScopeService spontaneousScopeService; + + @Mock + private Logger log; + @Mock + private StaticConfiguration staticConfiguration; + @Mock + private AppConfiguration appConfiguration; + @Mock + private ScopeService scopeService; + + @Test + public void isAllowedBySpontaneousScopes_whenGlobalConfigReturnsFalse_shouldReturnFalse() { + Client client = new Client(); + client.getAttributes().setAllowSpontaneousScopes(true); + + assertFalse(spontaneousScopeService.isAllowedBySpontaneousScopes(client, "scope")); + } +} diff --git a/jans-auth-server/server/src/test/resources/testng.xml b/jans-auth-server/server/src/test/resources/testng.xml index 5a4296de96c..5485fb30ba5 100644 --- a/jans-auth-server/server/src/test/resources/testng.xml +++ b/jans-auth-server/server/src/test/resources/testng.xml @@ -12,6 +12,7 @@ + diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index e82e56ddda8..8b13a7110e3 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -4249,6 +4249,9 @@ components: umaRestrictResourceToAssociatedClient: type: boolean description: Restrict access to resource by associated client. + allowSpontaneousScopes: + type: boolean + description: Specifies whether to allow spontaneous scopes spontaneousScopeLifetime: type: integer description: The lifetime of spontaneous scope in seconds. diff --git a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py index 08f1dcf1a29..028c681ccd0 100644 --- a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py +++ b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py @@ -238,6 +238,7 @@ def load_test_data(self): 'fapiCompatibility': False, 'forceIdTokenHintPrecense': False, 'introspectionScriptBackwardCompatibility': False, + 'allowSpontaneousScopes': True, 'spontaneousScopeLifetime': 0, 'tokenEndpointAuthMethodsSupported': [ 'client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'tls_client_auth', 'self_signed_tls_client_auth', 'none' ], 'sessionIdRequestParameterEnabled': True,