Skip to content

Commit

Permalink
Change sessionDataKey retrieval
Browse files Browse the repository at this point in the history
  • Loading branch information
janakamarasena committed Oct 23, 2023
1 parent 548769a commit da6d797
Show file tree
Hide file tree
Showing 6 changed files with 54 additions and 38 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ private AuthServiceResponse processCommonAuthResponse(AuthServiceRequestWrapper
AuthServiceResponse authServiceResponse = new AuthServiceResponse();

if (isAuthFlowSuccessful(request)) {
handleSuccessAuthResponse(request, response, authServiceResponse);
handleSuccessAuthResponse(request, authServiceResponse);
} else if (isAuthFlowFailed(request, response)) {
handleFailedAuthResponse(request, response, authServiceResponse);
} else if (isAuthFlowIncomplete(request)) {
Expand All @@ -107,7 +107,7 @@ private AuthServiceResponse processCommonAuthResponse(AuthServiceRequestWrapper
private void handleIntermediateAuthResponse(AuthServiceRequestWrapper request, AuthServiceResponseWrapper response,
AuthServiceResponse authServiceResponse) throws AuthServiceException {

authServiceResponse.setSessionDataKey(response.getSessionDataKey());
authServiceResponse.setSessionDataKey(request.getSessionDataKey());
authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.INCOMPLETE);
AuthServiceResponseData responseData = new AuthServiceResponseData();
boolean isMultiOptionsResponse = request.isMultiOptionsResponse();
Expand All @@ -124,10 +124,9 @@ private void handleIntermediateAuthResponse(AuthServiceRequestWrapper request, A
authServiceResponse.setData(responseData);
}

private void handleSuccessAuthResponse(AuthServiceRequestWrapper request, AuthServiceResponseWrapper response,
AuthServiceResponse authServiceResponse) throws AuthServiceException {
private void handleSuccessAuthResponse(AuthServiceRequestWrapper request, AuthServiceResponse authServiceResponse) {

authServiceResponse.setSessionDataKey(getFlowCompletionSessionDataKey(request, response));
authServiceResponse.setSessionDataKey(request.getSessionDataKey());
authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.SUCCESS_COMPLETED);
}

Expand All @@ -137,15 +136,15 @@ private void handleFailedAuthResponse(AuthServiceRequestWrapper request, AuthSer
String errorCode = null;
String errorMessage = null;
if (request.isAuthFlowConcluded()) {
authServiceResponse.setSessionDataKey(getFlowCompletionSessionDataKey(request, response));
authServiceResponse.setSessionDataKey(request.getSessionDataKey());
authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.FAIL_COMPLETED);
AuthenticationResult authenticationResult = getAuthenticationResult(request, response);
AuthenticationResult authenticationResult = getAuthenticationResult(request);
if (authenticationResult != null) {
errorCode = (String) authenticationResult.getProperty(FrameworkConstants.AUTH_ERROR_CODE);
errorMessage = (String) authenticationResult.getProperty(FrameworkConstants.AUTH_ERROR_MSG);
}
} else {
authServiceResponse.setSessionDataKey(response.getSessionDataKey());
authServiceResponse.setSessionDataKey(request.getSessionDataKey());
authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.FAIL_INCOMPLETE);
List<AuthenticatorData> authenticatorDataList = request.getAuthInitiationData();
AuthServiceResponseData responseData = new AuthServiceResponseData(authenticatorDataList);
Expand Down Expand Up @@ -242,38 +241,39 @@ private boolean isAuthFlowSuccessful(AuthServiceRequestWrapper request) {
private boolean isAuthFlowFailed(AuthServiceRequestWrapper request, AuthServiceResponseWrapper response)
throws AuthServiceException {

return AuthenticatorFlowStatus.FAIL_COMPLETED == request.getAuthFlowStatus() || response.isErrorResponse();
return AuthenticatorFlowStatus.FAIL_COMPLETED == request.getAuthFlowStatus() || response.isErrorResponse() ||
isSentToRetryPageOnMissingContext(request, response);
}

private boolean isAuthFlowIncomplete(AuthServiceRequestWrapper request) {

return AuthenticatorFlowStatus.INCOMPLETE == request.getAuthFlowStatus();
}

private String getFlowCompletionSessionDataKey(AuthServiceRequestWrapper request,
AuthServiceResponseWrapper response) throws AuthServiceException {

String completionSessionDataKey = (String) request.getAttribute(FrameworkConstants.SESSION_DATA_KEY);
if (StringUtils.isBlank(completionSessionDataKey)) {
completionSessionDataKey = response.getSessionDataKey();
}

return completionSessionDataKey;
}

private AuthenticationResult getAuthenticationResult(AuthServiceRequestWrapper request,
AuthServiceResponseWrapper response)
throws AuthServiceException {
private AuthenticationResult getAuthenticationResult(AuthServiceRequestWrapper request) {

AuthenticationResult authenticationResult =
(AuthenticationResult) request.getAttribute(FrameworkConstants.RequestAttribute.AUTH_RESULT);
if (authenticationResult == null) {
AuthenticationResultCacheEntry authenticationResultCacheEntry =
FrameworkUtils.getAuthenticationResultFromCache(getFlowCompletionSessionDataKey(request, response));
FrameworkUtils.getAuthenticationResultFromCache(request.getSessionDataKey());
if (authenticationResultCacheEntry != null) {
authenticationResult = authenticationResultCacheEntry.getResult();
}
}
return authenticationResult;
}

private boolean isSentToRetryPageOnMissingContext(AuthServiceRequestWrapper request,
AuthServiceResponseWrapper response) throws AuthServiceException {

// If it's a retry due to context being null there is nothing to retry again the flow should be restarted.
if (AuthenticatorFlowStatus.INCOMPLETE == request.getAuthFlowStatus() &&
Boolean.TRUE.equals(request.getAttribute(FrameworkConstants.IS_SENT_TO_RETRY))) {
Map<String, String> queryParams = AuthServiceUtils.extractQueryParams(response.getRedirectURL());
return StringUtils.equals(queryParams.get(FrameworkConstants.STATUS_PARAM),
FrameworkConstants.ERROR_STATUS_AUTH_CONTEXT_NULL);
}
return false;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,8 @@ public void handle(HttpServletRequest request, HttpServletResponse response) thr
}

if (context != null) {
// Adding the sessionDataKey to the request to be used when the context is not available.
request.setAttribute(FrameworkConstants.SESSION_DATA_KEY, context.getContextIdentifier());
if (StringUtils.isNotBlank(context.getServiceProviderName())) {
MDC.put(SERVICE_PROVIDER_QUERY_KEY, context.getServiceProviderName());
}
Expand Down Expand Up @@ -372,7 +374,8 @@ public void handle(HttpServletRequest request, HttpServletResponse response) thr

log.error("Context does not exist. Probably due to invalidated cache. " + message);
FrameworkUtils.sendToRetryPage(request, responseWrapper, context,
"authentication.context.null", "authentication.context.null.description");
FrameworkConstants.ERROR_STATUS_AUTH_CONTEXT_NULL,
FrameworkConstants.ERROR_DESCRIPTION_AUTH_CONTEXT_NULL);
}
} catch (JsFailureException e) {
if (log.isDebugEnabled()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -147,4 +147,26 @@ private void skipNonceCookieValidation() {

this.setAttribute(FrameworkConstants.SKIP_NONCE_COOKIE_VALIDATION, true);
}

/**
* Get the session data key.
*
* @return String of session data key.
*/
public String getSessionDataKey() {

if (this.parameters.containsKey(FrameworkConstants.SESSION_DATA_KEY)) {
String[] sessionDataKeyParam = this.parameters.get(FrameworkConstants.SESSION_DATA_KEY);
if (sessionDataKeyParam != null && sessionDataKeyParam.length > 0) {
return sessionDataKeyParam[0];
}
}

Object sessionDataKeyAttr = getAttribute(FrameworkConstants.SESSION_DATA_KEY);
if (sessionDataKeyAttr != null) {
return sessionDataKeyAttr.toString();
}

return null;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@

import org.wso2.carbon.identity.application.authentication.framework.exception.auth.service.AuthServiceException;
import org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.auth.service.AuthServiceConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.auth.service.AuthServiceUtils;

Expand Down Expand Up @@ -52,18 +51,6 @@ public String getAuthenticators() throws AuthServiceException {
return queryParams.get(AuthServiceConstants.AUTHENTICATORS);
}

/**
* Get the sessionDataKey related to the authentication flow.
*
* @return String of sessionDataKey.
* @throws AuthServiceException
*/
public String getSessionDataKey() throws AuthServiceException {

Map<String, String> queryParams = AuthServiceUtils.extractQueryParams(getRedirectURL());
return queryParams.get(FrameworkConstants.SESSION_DATA_KEY);
}

/**
* Check if the response is an error response.
* This is determined by checking the existence and the value of the
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,9 @@ public abstract class FrameworkConstants {
public static final String BLOCKED_USERSTORE_DOMAINS_SEPARATOR = ",";

public static final String IS_USER_RESOLVED = "isUserResolved";
public static final String ERROR_STATUS_AUTH_CONTEXT_NULL = "authentication.context.null";
public static final String ERROR_DESCRIPTION_AUTH_CONTEXT_NULL = "authentication.context.null.description";
public static final String IS_SENT_TO_RETRY = "isSentToRetry";

private FrameworkConstants() {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -650,6 +650,7 @@ public static void sendToRetryPage(HttpServletRequest request, HttpServletRespon
}
}
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
request.setAttribute(FrameworkConstants.IS_SENT_TO_RETRY, true);
if (context != null) {
if (IdentityTenantUtil.isTenantedSessionsEnabled()) {
uriBuilder.addParameter(USER_TENANT_DOMAIN_HINT, context.getUserTenantDomain());
Expand Down

0 comments on commit da6d797

Please sign in to comment.