fix(jans-auth-server): do not recognize different agama flows as diff…

…erent acr #8652 (#8654) * fix(jans-auth-server): do not recognized different agama flows as different acr #8652 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): do not recognize different agama flows as different acr #8652 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> --------- Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>
JanssenProject · Jun 4, 2024 · f9641cf · f9641cf
1 parent 9f84015
commit f9641cf
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 4 deletions.
diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java
@@ -32,6 +32,8 @@
 @Named
 public class AcrService {
 
+    public static final String AGAMA = "agama";
+
     @Inject
     private Logger log;
 
@@ -48,7 +50,7 @@ public class AcrService {
     private AppConfiguration appConfiguration;
 
     public static boolean isAgama(String acr) {
-        return StringUtils.isNotBlank(acr) &&  acr.startsWith("agama_");
+        return StringUtils.isNotBlank(acr) && (acr.startsWith("agama_") || acr.equalsIgnoreCase(AGAMA));
     }
 
     public void validateAcrs(AuthzRequest authzRequest, Client client) throws AcrChangedException {

diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/SessionIdService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/SessionIdService.java
@@ -169,6 +169,10 @@ public String getAcr(SessionId session) {
         return acr;
     }
 
+    public static boolean isAgamaInSessionAndRequest(String sessionAcr, List<String> acrValuesList) {
+        return isAgama(sessionAcr) && !acrValuesList.isEmpty() && isAgama(acrValuesList.iterator().next());
+    }
+
     // #34 - update session attributes with each request
     // 1) redirect_uri change -> update session
     // 2) acr change -> throw acr change exception
@@ -190,8 +194,7 @@ public SessionId assertAuthenticatedSessionCorrespondsToNewRequest(SessionId ses
             }
 
             List<String> acrValuesList = acrValuesList(acrValuesStr);
-            boolean isAgama = isAgama(sessionAcr) && !acrValuesList.isEmpty() && isAgama(acrValuesList.iterator().next());
-            boolean isAcrChanged = !acrValuesList.isEmpty() && !acrValuesList.contains(sessionAcr) && !isAgama;
+            boolean isAcrChanged = !acrValuesList.isEmpty() && !acrValuesList.contains(sessionAcr) && !isAgamaInSessionAndRequest(sessionAcr, acrValuesList);
             if (isAcrChanged) {
                 Map<String, Integer> acrToLevel = externalAuthenticationService.acrToLevelMapping();
                 Integer sessionAcrLevel = Util.asInt(acrToLevel.get(externalAuthenticationService.scriptName(sessionAcr)), -1);
@@ -916,9 +919,16 @@ public List<String> acrValuesList(String acrValues) {
 
         HashSet<String> resultAcrs = new HashSet<>();
         for (String acr : acrs) {
-            resultAcrs.add(externalAuthenticationService.scriptName(acr));
+            String acrForScript = isAgama(acr) ? AcrService.AGAMA : acr;
+            final String scriptName = externalAuthenticationService.scriptName(acrForScript);
+            if (StringUtils.isNotBlank(scriptName)) {
+                resultAcrs.add(acr);
+            }
         }
 
+        if (log.isTraceEnabled()) {
+            log.trace("acrValuesList {}", resultAcrs);
+        }
         return new ArrayList<>(resultAcrs);
     }
 

diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/service/SessionIdServiceTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/service/SessionIdServiceTest.java
@@ -1,5 +1,6 @@
 package io.jans.as.server.service;
 
+import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 import io.jans.as.common.model.session.SessionId;
 import io.jans.as.common.service.common.UserService;
@@ -82,6 +83,18 @@ public class SessionIdServiceTest {
     @Mock
     private StatService statService;
 
+    @Test
+    public void isAgamaInSessionAndRequest_forAgama_shouldReturnTrue() {
+        assertTrue(SessionIdService.isAgamaInSessionAndRequest("agama", Lists.newArrayList("agama_io.jans.agamaLab.main")));
+        assertTrue(SessionIdService.isAgamaInSessionAndRequest("agama", Lists.newArrayList("agama")));
+    }
+
+    @Test
+    public void isAgamaInSessionAndRequest_forBasic_shouldReturnFalse() {
+        assertFalse(SessionIdService.isAgamaInSessionAndRequest("agama", Lists.newArrayList("basic")));
+        assertFalse(SessionIdService.isAgamaInSessionAndRequest("basic", Lists.newArrayList("agama_io.jans.agamaLab.main")));
+    }
+
     @Test
     public void hasAllScopes_whenSessionIsNull_shouldReturnFalse() {
         assertFalse(sessionIdService.hasAllScopes((SessionId) null, null));