UY-1520 CR-1308 fixes

ppiernik · ppiernik · commit 443bcca54d36 · 2025-04-02T19:52:20.000+02:00
diff --git a/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/ASConsentDeciderServlet.java b/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/ASConsentDeciderServlet.java
@@ -213,7 +213,7 @@ protected void autoReplay(OAuthClientSettings clientPreferences, OAuthAuthzConte
 			Collection<DynamicAttribute> attributes =  OAuthProcessor.filterAttributes(userInfo,
 					oauthCtx.getEffectiveRequestedAttrs());
 			Set<DynamicAttribute> filteredAttributes = AttributeValueFilter.filterAttributes(oauthCtx.getClaimValueFilters(), attributes);
-			ACRConsistencyValidator.verifyACRAttribute(oauthCtx, filteredAttributes);
+			EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(oauthCtx, filteredAttributes);
 			respDoc = oauthProcessor.prepareAuthzResponseAndRecordInternalState(filteredAttributes, selectedIdentity, oauthCtx,
 					statReporter, InvocationContext.getCurrent().getLoginSession().getAuthenticationTime(), oauthCtx.getClaimValueFilters());
 		} catch (OAuthErrorResponseException e)
diff --git a/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/EssentialACRConsistencyValidator.java b/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/EssentialACRConsistencyValidator.java
@@ -18,19 +18,19 @@
 import pl.edu.icm.unity.oauth.as.OAuthAuthzContext;
 import pl.edu.icm.unity.oauth.as.OAuthErrorResponseException;
 
-public class ACRConsistencyValidator
+public class EssentialACRConsistencyValidator
 {
-	static void verifyACRAttribute(OAuthAuthzContext ctx, Collection<DynamicAttribute> attributes) throws OAuthErrorResponseException
+	static void verifyEssentialRequestedACRisReturned(OAuthAuthzContext ctx, Collection<DynamicAttribute> attributes) throws OAuthErrorResponseException
 	{
 		if (ctx.getAcr().isEmpty())
 			return;
 		if (ctx.getAcr().getEssentialACRs() == null || ctx.getAcr().getEssentialACRs().isEmpty())
 			return;
-		Optional<DynamicAttribute> any = attributes.stream().filter(a -> a.getAttribute().getName().equals(IDTokenClaimsSet.ACR_CLAIM_NAME)).findAny();
+		Optional<DynamicAttribute> acrAttribute = attributes.stream().filter(a -> a.getAttribute().getName().equals(IDTokenClaimsSet.ACR_CLAIM_NAME)).findAny();
 		
-		if (any.isPresent())
+		if (acrAttribute.isPresent())
 		{
-			if (any.get().getAttribute().getValues().containsAll(ctx.getAcr().getEssentialACRs().stream().map(acr -> acr.getValue()).toList()))
+			if (acrAttribute.get().getAttribute().getValues().containsAll(ctx.getAcr().getEssentialACRs().stream().map(acr -> acr.getValue()).toList()))
 				return;
 		}	
 		
diff --git a/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/OAuthAuthzView.java b/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/OAuthAuthzView.java
@@ -208,7 +208,7 @@ private void activeValueSelectionAndConsentStage(OAuthAuthzContext ctx, OAuthASP
 
 		try
 		{
-			ACRConsistencyValidator.verifyACRAttribute(ctx, filteredByClaimAttributes);
+			EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(ctx, filteredByClaimAttributes);
 		} catch (OAuthErrorResponseException e)
 		{
 			oauthResponseHandler.returnOauthResponseNotThrowingAndReportStatistic(e.getOauthResponse(), false, ctx,
diff --git a/oauth/src/test/java/pl/edu/icm/unity/oauth/as/webauthz/EssentialACRConsistencyValidatorTest.java b/oauth/src/test/java/pl/edu/icm/unity/oauth/as/webauthz/EssentialACRConsistencyValidatorTest.java
@@ -25,7 +25,7 @@
 import pl.edu.icm.unity.oauth.as.OAuthAuthzContext;
 import pl.edu.icm.unity.oauth.as.OAuthErrorResponseException;
 
-public class ACRConsistencyValidatorTest
+public class EssentialACRConsistencyValidatorTest
 {
 	@Test
 	public void shouldThrowExceptionWhenReturnedACRNotContainsRequestedACR() throws OAuthErrorResponseException, URISyntaxException
@@ -34,7 +34,7 @@ public void shouldThrowExceptionWhenReturnedACRNotContainsRequestedACR() throws
 		context.setAcr(new ACRRequest(List.of(new ACR("essentialACR1")), null));
 		context.setReturnURI(new URI("return"));
 		List<DynamicAttribute> attrs = List.of(new DynamicAttribute(new Attribute("acr", null, null, List.of("acr1"))));
-		assertThrows(OAuthErrorResponseException.class, () -> ACRConsistencyValidator.verifyACRAttribute(context, attrs));
+		assertThrows(OAuthErrorResponseException.class, () -> EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(context, attrs));
 	}
 	
 	@Test
@@ -44,7 +44,7 @@ public void shouldValidateSuccessfulltWhenACRContainsRequestedACR() throws OAuth
 		context.setAcr(new ACRRequest(List.of(new ACR("essentialACR1")), null));
 		context.setReturnURI(new URI("return"));
 		List<DynamicAttribute> attrs = List.of(new DynamicAttribute(new Attribute("acr", null, null, List.of("essentialACR1"))));
-		assertDoesNotThrow(() -> ACRConsistencyValidator.verifyACRAttribute(context, attrs));
+		assertDoesNotThrow(() -> EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(context, attrs));
 	}
 	
 	@Test
@@ -54,6 +54,6 @@ public void shouldValidateSuccessfulltWhenRequestedACRisVoluntary() throws OAuth
 		context.setAcr(new ACRRequest(List.of(), List.of(new ACR("voluntaryACR1"))));
 		context.setReturnURI(new URI("return"));
 		List<DynamicAttribute> attrs = List.of(new DynamicAttribute(new Attribute("acr", null, null, List.of("anotherACR"))));
-		assertDoesNotThrow(() -> ACRConsistencyValidator.verifyACRAttribute(context, attrs));
+		assertDoesNotThrow(() -> EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(context, attrs));
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -18,19 +18,19 @@`
`18`	`18`	`import pl.edu.icm.unity.oauth.as.OAuthAuthzContext;`
`19`	`19`	`import pl.edu.icm.unity.oauth.as.OAuthErrorResponseException;`
`20`	`20`
`21`		`-public class ACRConsistencyValidator`
	`21`	`+public class EssentialACRConsistencyValidator`
`22`	`22`	`{`
`23`		`- static void verifyACRAttribute(OAuthAuthzContext ctx, Collection<DynamicAttribute> attributes) throws OAuthErrorResponseException`
	`23`	`+ static void verifyEssentialRequestedACRisReturned(OAuthAuthzContext ctx, Collection<DynamicAttribute> attributes) throws OAuthErrorResponseException`
`24`	`24`	`{`
`25`	`25`	`if (ctx.getAcr().isEmpty())`
`26`	`26`	`return;`
`27`	`27`	`if (ctx.getAcr().getEssentialACRs() == null \|\| ctx.getAcr().getEssentialACRs().isEmpty())`
`28`	`28`	`return;`
`29`		`- Optional<DynamicAttribute> any = attributes.stream().filter(a -> a.getAttribute().getName().equals(IDTokenClaimsSet.ACR_CLAIM_NAME)).findAny();`
	`29`	`+ Optional<DynamicAttribute> acrAttribute = attributes.stream().filter(a -> a.getAttribute().getName().equals(IDTokenClaimsSet.ACR_CLAIM_NAME)).findAny();`
`30`	`30`
`31`		`- if (any.isPresent())`
	`31`	`+ if (acrAttribute.isPresent())`
`32`	`32`	`{`
`33`		`- if (any.get().getAttribute().getValues().containsAll(ctx.getAcr().getEssentialACRs().stream().map(acr -> acr.getValue()).toList()))`
	`33`	`+ if (acrAttribute.get().getAttribute().getValues().containsAll(ctx.getAcr().getEssentialACRs().stream().map(acr -> acr.getValue()).toList()))`
`34`	`34`	`return;`
`35`	`35`	`}`
`36`	`36`
Original file line number	Diff line number	Diff line change
`@@ -208,7 +208,7 @@ private void activeValueSelectionAndConsentStage(OAuthAuthzContext ctx, OAuthASP`
`208`	`208`
`209`	`209`	`try`
`210`	`210`	`{`
`211`		`- ACRConsistencyValidator.verifyACRAttribute(ctx, filteredByClaimAttributes);`
	`211`	`+ EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(ctx, filteredByClaimAttributes);`
`212`	`212`	`} catch (OAuthErrorResponseException e)`
`213`	`213`	`{`
`214`	`214`	`oauthResponseHandler.returnOauthResponseNotThrowingAndReportStatistic(e.getOauthResponse(), false, ctx,`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@`
`25`	`25`	`import pl.edu.icm.unity.oauth.as.OAuthAuthzContext;`
`26`	`26`	`import pl.edu.icm.unity.oauth.as.OAuthErrorResponseException;`
`27`	`27`
`28`		`-public class ACRConsistencyValidatorTest`
	`28`	`+public class EssentialACRConsistencyValidatorTest`
`29`	`29`	`{`
`30`	`30`	`@Test`
`31`	`31`	`public void shouldThrowExceptionWhenReturnedACRNotContainsRequestedACR() throws OAuthErrorResponseException, URISyntaxException`
`@@ -34,7 +34,7 @@ public void shouldThrowExceptionWhenReturnedACRNotContainsRequestedACR() throws`
`34`	`34`	`context.setAcr(new ACRRequest(List.of(new ACR("essentialACR1")), null));`
`35`	`35`	`context.setReturnURI(new URI("return"));`
`36`	`36`	`List<DynamicAttribute> attrs = List.of(new DynamicAttribute(new Attribute("acr", null, null, List.of("acr1"))));`
`37`		`- assertThrows(OAuthErrorResponseException.class, () -> ACRConsistencyValidator.verifyACRAttribute(context, attrs));`
	`37`	`+ assertThrows(OAuthErrorResponseException.class, () -> EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(context, attrs));`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`@Test`
`@@ -44,7 +44,7 @@ public void shouldValidateSuccessfulltWhenACRContainsRequestedACR() throws OAuth`
`44`	`44`	`context.setAcr(new ACRRequest(List.of(new ACR("essentialACR1")), null));`
`45`	`45`	`context.setReturnURI(new URI("return"));`
`46`	`46`	`List<DynamicAttribute> attrs = List.of(new DynamicAttribute(new Attribute("acr", null, null, List.of("essentialACR1"))));`
`47`		`- assertDoesNotThrow(() -> ACRConsistencyValidator.verifyACRAttribute(context, attrs));`
	`47`	`+ assertDoesNotThrow(() -> EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(context, attrs));`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`@Test`
`@@ -54,6 +54,6 @@ public void shouldValidateSuccessfulltWhenRequestedACRisVoluntary() throws OAuth`
`54`	`54`	`context.setAcr(new ACRRequest(List.of(), List.of(new ACR("voluntaryACR1"))));`
`55`	`55`	`context.setReturnURI(new URI("return"));`
`56`	`56`	`List<DynamicAttribute> attrs = List.of(new DynamicAttribute(new Attribute("acr", null, null, List.of("anotherACR"))));`
`57`		`- assertDoesNotThrow(() -> ACRConsistencyValidator.verifyACRAttribute(context, attrs));`
	`57`	`+ assertDoesNotThrow(() -> EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(context, attrs));`
`58`	`58`	`}`
`59`	`59`	`}`