github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #204 from dBucik/embl_lsaai 

fix: 🐛 Fix displaying for consent for EMBL
pull/1580/head
Dominik František Bučík 2022-07-09 15:52:08 +02:00 committed by GitHub
parent 88fe9a12b5 ef47df163f
commit 8518a6adc0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 101 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
perun-oidc-server-webapp/src/main/resources/db/mysql/v10.0.0.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE client_details MODIFY jurisdiction VARCHAR(256) DEFAULT NULL;

1
perun-oidc-server-webapp/src/main/resources/db/psql/v10.0.0.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE client_details MODIFY jurisdiction VARCHAR(256) DEFAULT NULL;

24
perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approve.jsp
View File

@ -31,9 +31,10 @@
</div>
</div>
</c:if>
<c:if test="${not client.acceptedTos}">
<c:if test="${isTestSp or (not client.acceptedTos)}">
<div class="alert alert-warning" role="alert">
<h6>This service has not declared compliance with the <a target="_blank" href="https://lifescience-ri.eu/aai/terms-of-use">Terms of Use for service providers</a> that govern the service's use of Life Science Login.</h6>
<p>You are entering a service that is in the test environment of Life Science Login. The test environment is for service developers to test their relying services AAI integration before requesting to move them to the Life Science Login production environment.</p>
<p>The test environment is not intended for common users. You are able to access the service because you have opted in as a test user. You need to refresh your registration every 30 days.</p>
</div>
</c:if>
<form name="confirmationForm" id="allow_consent_form" class="form-group"
@ -102,17 +103,22 @@
<div class="alert alert-danger" role="alert">
<h6>
This service is${' '}
<c:if test="${jurisdiction eq 'INT'}">provided by an international organization. </c:if>
<c:if test="${jurisdiction ne 'INT'}">in ${jurisdiction}</c:if>
<c:if test="${jurisdiction eq 'INT' or jurisdiction eq 'EMBL'}">provided by an international organization. </c:if>
<c:if test="${jurisdiction ne 'INT' and jurisdiction ne 'EMBL'}">in ${jurisdiction}</c:if>
</h6>
<p>
In order to access the requested services, the Life Science Login needs to transfer your personal data to a country outside EU/EEA.
We cannot guarantee that this country offers an adequately high level of personal data protection as EU/EEA countries.
<c:if test="${not empty(client.policyUri)}">
Please, read the <a target="_blank" href="<c:out value="${client.policyUri}" />">Privacy Policy</a> of the service provider to learn more about its commitments to protect your data.
<c:if test="${jurisdiction eq 'EMBL'}">
In order to access the requested services, the Life Science Login needs to transfer your personal data to an international organization outside EU/EEA jurisdictions.<br/>
<i>Please be aware that upon transfer your personal data will be protected by <a href="https://www.embl.org/documents/document/internal-policy-no-68-on-general-data-protection/" target="_blank">EMBLs Internal Policy 68 on General Data Protection</a>.</i>
</c:if>
<c:if test="${jurisdiction ne 'EMBL'}">
In order to access the requested services, the Life Science Login needs to transfer your personal data to a country outside EU/EEA.
We cannot guarantee that this country offers an adequately high level of personal data protection as EU/EEA countries.
</c:if>
</p>
<c:if test="${not empty(client.policyUri)}">
<h6>Please, read the <a target="_blank" href="<c:out value="${client.policyUri}" />">Privacy Policy</a> of the service provider to learn more about its commitments to protect your data.</h6>
</c:if>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="transfer" id="transfer" data-np-checked="1">
<label class="form-check-label" for="transfer">To continue, consent to the transfer of your personal data.</label>

42
perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/lsaai/approveDevice.jsp
View File

@ -31,9 +31,10 @@
</div>
</div>
</c:if>
<c:if test="${not client.acceptedTos}">
<c:if test="${isTestSp or (not client.acceptedTos)}">
<div class="alert alert-warning" role="alert">
<h6>This service has not declared compliance with the <a target="_blank" href="https://lifescience-ri.eu/aai/terms-of-use">Terms of Use for service providers</a> that govern the service's use of Life Science Login.</h6>
<p>You are entering a service that is in the test environment of Life Science Login. The test environment is for service developers to test their relying services AAI integration before requesting to move them to the Life Science Login production environment.</p>
<p>The test environment is not intended for common users. You are able to access the service because you have opted in as a test user. You need to refresh your registration every 30 days.</p>
</div>
</c:if>
<form name="confirmationForm" id="allow_consent_form" class="form-group"
@ -101,25 +102,30 @@
</div>
<c:if test="${not empty jurisdiction}">
<div class="alert alert-danger" role="alert">
<h6>
This service is${' '}
<c:if test="${jurisdiction eq 'INT'}">provided by an international organization. </c:if>
<c:if test="${jurisdiction ne 'INT'}">in ${jurisdiction}</c:if>
</h6>
<p>
In order to access the requested services, the Life Science Login needs to transfer your personal data to a country outside EU/EEA.
We cannot guarantee that this country offers an adequately high level of personal data protection as EU/EEA countries.
<div class="alert alert-danger" role="alert">
<h6>
This service is${' '}
<c:if test="${jurisdiction eq 'INT' or jurisdiction eq 'EMBL'}">provided by an international organization. </c:if>
<c:if test="${jurisdiction ne 'INT' and jurisdiction ne 'EMBL'}">in ${jurisdiction}</c:if>
</h6>
<p>
<c:if test="${jurisdiction eq 'EMBL'}">
In order to access the requested services, the Life Science Login needs to transfer your personal data to an international organization outside EU/EEA jurisdictions.<br/>
<i>Please be aware that upon transfer your personal data will be protected by <a href="https://www.embl.org/documents/document/internal-policy-no-68-on-general-data-protection/" target="_blank">EMBLs Internal Policy 68 on General Data Protection</a>.</i>
</c:if>
<c:if test="${jurisdiction ne 'EMBL'}">
In order to access the requested services, the Life Science Login needs to transfer your personal data to a country outside EU/EEA.
We cannot guarantee that this country offers an adequately high level of personal data protection as EU/EEA countries.
</c:if>
</p>
<c:if test="${not empty(client.policyUri)}">
Please, read the <a target="_blank" href="<c:out value="${client.policyUri}" />">Privacy Policy</a> of the service provider to learn more about its commitments to protect your data.
<h6>Please, read the <a target="_blank" href="<c:out value="${client.policyUri}" />">Privacy Policy</a> of the service provider to learn more about its commitments to protect your data.</h6>
</c:if>
</p>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="transfer" id="transfer" data-np-checked="1">
<label class="form-check-label" for="transfer">To continue, consent to the transfer of your personal data.</label>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="transfer" id="transfer" data-np-checked="1">
<label class="form-check-label" for="transfer">To continue, consent to the transfer of your personal data.</label>
</div>
</div>
</div>
</c:if>
<div class="outro">
<p>

31
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/controller/OAuthConfirmationController.java
View File

@ -28,7 +28,10 @@ import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.SystemScope;
import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.oauth2.service.SystemScopeService;
import cz.muni.ics.oidc.models.Facility;
import cz.muni.ics.oidc.models.PerunAttributeValue;
import cz.muni.ics.oidc.saml.SamlPrincipal;
import cz.muni.ics.oidc.server.adapters.PerunAdapter;
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
import cz.muni.ics.oidc.web.WebHtmlClasses;
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
@ -108,6 +111,8 @@ public class OAuthConfirmationController {
private PerunOidcConfig perunOidcConfig;
private WebHtmlClasses htmlClasses;
private PerunAdapter perunAdapter;
@Autowired
public OAuthConfirmationController(ClientDetailsEntityService clientService,
SystemScopeService scopeService,
@ -115,7 +120,8 @@ public class OAuthConfirmationController {
UserInfoService userInfoService,
RedirectResolver redirectResolver,
PerunOidcConfig perunOidcConfig,
WebHtmlClasses htmlClasses) {
WebHtmlClasses htmlClasses,
PerunAdapter perunAdapter) {
this.clientService = clientService;
this.scopeService = scopeService;
@ -124,6 +130,7 @@ public class OAuthConfirmationController {
this.redirectResolver = redirectResolver;
this.perunOidcConfig = perunOidcConfig;
this.htmlClasses = htmlClasses;
this.perunAdapter = perunAdapter;
}
public OAuthConfirmationController(ClientDetailsEntityService clientService) {
@ -200,15 +207,37 @@ public class OAuthConfirmationController {
if (perunOidcConfig.getTheme().equalsIgnoreCase(LSAAI)) {
model.put("getsOfflineAccess", authRequest.getScope().contains("offline_access"));
model.put("jurisdiction", getJurisdiction(client));
model.put("isTestSp", isTestSp(client));
return "lsaai/approve";
}
return THEMED_APPROVE;
}
private boolean isTestSp(ClientDetailsEntity client) {
if (client == null || !StringUtils.hasText(client.getClientId())) {
return true;
}
Facility facility = perunAdapter.getFacilityByClientId(client.getClientId());
if (facility == null || facility.getId() == null) {
return true;
}
PerunAttributeValue attrValue = perunAdapter.getFacilityAttributeValue(facility.getId(), "urn:perun:facility:attribute-def:def:isTestSp");
if (attrValue == null) {
return false;
} else if (attrValue.valueAsBoolean()) {
return attrValue.valueAsBoolean();
}
return false;
}
private String getJurisdiction(ClientDetailsEntity client) {
if (!StringUtils.hasText(client.getJurisdiction()) || euEaa.contains(client.getJurisdiction())) {
return "";
} else if (client.getJurisdiction().length() > 2) {
if ("EMBL".equalsIgnoreCase(client.getJurisdiction())) {
return "EMBL";
}
return "INT";
}

31
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/endpoint/DeviceEndpoint.java
View File

@ -24,7 +24,10 @@ import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.oauth2.service.DeviceCodeService;
import cz.muni.ics.oauth2.service.SystemScopeService;
import cz.muni.ics.oauth2.token.DeviceTokenGranter;
import cz.muni.ics.oidc.models.Facility;
import cz.muni.ics.oidc.models.PerunAttributeValue;
import cz.muni.ics.oidc.saml.SamlPrincipal;
import cz.muni.ics.oidc.server.adapters.PerunAdapter;
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
import cz.muni.ics.oidc.server.userInfo.PerunUserInfo;
import cz.muni.ics.oidc.web.WebHtmlClasses;
@ -137,6 +140,8 @@ public class DeviceEndpoint {
private final ScopeClaimTranslationService scopeClaimTranslationService;
private final UserInfoService userInfoService;
private final PerunAdapter perunAdapter;
@Autowired
public DeviceEndpoint(ClientDetailsEntityService clientService,
SystemScopeService scopeService,
@ -145,7 +150,8 @@ public class DeviceEndpoint {
PerunOidcConfig perunOidcConfig,
WebHtmlClasses htmlClasses,
ScopeClaimTranslationService scopeClaimTranslationService,
UserInfoService userInfoService)
UserInfoService userInfoService,
PerunAdapter perunAdapter)
{
this.clientService = clientService;
this.scopeService = scopeService;
@ -155,6 +161,7 @@ public class DeviceEndpoint {
this.htmlClasses = htmlClasses;
this.scopeClaimTranslationService = scopeClaimTranslationService;
this.userInfoService = userInfoService;
this.perunAdapter = perunAdapter;
}
@PostMapping(value = ENDPOINT_URL, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
@ -447,15 +454,37 @@ public class DeviceEndpoint {
if (perunOidcConfig.getTheme().equalsIgnoreCase("lsaai")) {
model.put("getsOfflineAccess", dc.getScope().contains("offline_access"));
model.put("jurisdiction", getJurisdiction(client));
model.put("isTestSp", isTestSp(client));
return "lsaai/" + APPROVE_DEVICE;
}
return THEMED_APPROVE_DEVICE;
}
private boolean isTestSp(ClientDetailsEntity client) {
if (client == null || !StringUtils.hasText(client.getClientId())) {
return true;
}
Facility facility = perunAdapter.getFacilityByClientId(client.getClientId());
if (facility == null || facility.getId() == null) {
return true;
}
PerunAttributeValue attrValue = perunAdapter.getFacilityAttributeValue(facility.getId(), "urn:perun:facility:attribute-def:def:isTestSp");
if (attrValue == null) {
return false;
} else if (attrValue.valueAsBoolean()) {
return attrValue.valueAsBoolean();
}
return false;
}
private String getJurisdiction(ClientDetailsEntity client) {
if (!StringUtils.hasText(client.getJurisdiction()) || euEaa.contains(client.getJurisdiction())) {
return "";
} else if (client.getJurisdiction().length() > 2) {
if ("EMBL".equalsIgnoreCase(client.getJurisdiction())) {
return "EMBL";
}
return "INT";
}