github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #123 from dBucik/fix_pccx 

fix: 🐛 Fix missing sub in ClaimSourceProduceContext
pull/1580/head
Dominik František Bučík 2022-01-12 15:35:11 +01:00 committed by GitHub
parent fd525b1b54 5eace9fb21
commit d7d2a62dba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghPassportAndVisaClaimSource.java
View File

@ -162,6 +162,7 @@ public abstract class Ga4ghPassportAndVisaClaimSource extends ClaimSource {
ArrayNode passport,
Set<String> linkedIdentities)
{
log.debug("GA4GH: {}", uriVariables);
JsonNode response = callHttpJsonAPI(repo, uriVariables);
if (response != null) {
JsonNode visas = response.path(GA4GH_CLAIM);

29
perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/userInfo/PerunUserInfoCacheLoader.java
View File

@ -60,10 +60,11 @@ public class PerunUserInfoCacheLoader extends CacheLoader<UserInfoCacheKey, User
long perunUserId = key.getUserId();
Set<String> attributes = constructAttributes(key.getScopes());
Map<String, PerunAttributeValue> userAttributeValues = fetchUserAttributes(perunUserId, attributes);
String sub = extractSub(userAttributeValues, perunUserId, false);
ClaimSourceProduceContext.ClaimSourceProduceContextBuilder builder = ClaimSourceProduceContext.builder()
.perunUserId(perunUserId)
.sub(ui.getSub())
.sub(sub)
.attrValues(userAttributeValues)
.scopes(key.getScopes())
.client(key.getClient())
@ -97,11 +98,9 @@ public class PerunUserInfoCacheLoader extends CacheLoader<UserInfoCacheKey, User
}
private Set<String> constructAttributes(Set<String> requestedScopes) {
Set<String> attributes = new HashSet<>();
// always try to fetch sub, as it might be needed in further claims i.e. GA4GH processing
Set<String> attributes = new HashSet<>(openidMappings.getAttrNames());
if (requestedScopes != null && !requestedScopes.isEmpty()) {
if (requestedScopes.contains(OPENID)) {
attributes.addAll(openidMappings.getAttrNames());
}
if (requestedScopes.contains(PROFILE)) {
attributes.addAll(profileMappings.getAttrNames());
}
@ -182,17 +181,31 @@ public class PerunUserInfoCacheLoader extends CacheLoader<UserInfoCacheKey, User
private void processOpenid(Map<String, PerunAttributeValue> userAttributeValues, long perunUserId,
PerunUserInfo ui) {
ui.setSub(extractSub(userAttributeValues, perunUserId, true));
ui.setId(perunUserId);
}
private String extractSub(Map<String, PerunAttributeValue> userAttributeValues, long perunUserId, boolean failOnNoSub) {
JsonNode subJson = extractJsonValue(openidMappings.getSub(), userAttributeValues);
if (subJson != null && !subJson.isNull() && StringUtils.hasText(subJson.asText())) {
String sub = subJson.asText();
if (subModifiers != null) {
subJson = modifyClaims(subModifiers, subJson);
if (subJson.asText() == null || !StringUtils.hasText(subJson.asText())) {
if (failOnNoSub && (subJson.asText() == null || !StringUtils.hasText(subJson.asText()))) {
throw new RuntimeException("Sub has no value after modification for username " + perunUserId);
} else {
sub = subJson.asText();
}
}
ui.setSub(subJson.asText());
if (sub != null && StringUtils.hasText(sub)) {
return sub;
}
}
if (failOnNoSub) {
throw new RuntimeException("Sub has no value for username " + perunUserId);
} else {
return null;
}
ui.setId(perunUserId);
}
private void processProfile(Map<String, PerunAttributeValue> userAttributeValues, PerunUserInfo ui) {