UY-1521 CR-1307 fixes

ppiernik · ppiernik · commit 68bde8e57905 · 2025-04-02T19:54:23.000+02:00
diff --git a/oauth/src/main/java/pl/edu/icm/unity/oauth/as/OAuthAuthzContext.java b/oauth/src/main/java/pl/edu/icm/unity/oauth/as/OAuthAuthzContext.java
@@ -53,7 +53,7 @@ public enum Prompt { NONE, LOGIN, CONSENT}
 	private ClientType clientType;
 	private boolean openIdMode;
 	private Optional<ClaimsInTokenAttribute> claimsInTokenAttribute = Optional.empty();
-	private ACRRequest acr;
+	private ACRRequest requestedACR;
 	private List<AttributeFilteringSpec> claimValueFilters;
 	
 	public OAuthAuthzContext(AuthorizationRequest request, OAuthASProperties properties)
@@ -267,14 +267,14 @@ public boolean requestsAttributesInIdToken()
 		return claimsInTokenAttribute.get().values.contains(ClaimsInTokenAttribute.Value.id_token);	
 	}
 
-	public ACRRequest getAcr()
+	public ACRRequest getRequestedAcr()
 	{
-		return acr;
+		return requestedACR;
 	}
 
-	public void setAcr(ACRRequest acr)
+	public void setRequestedAcr(ACRRequest acr)
 	{
-		this.acr = acr;
+		this.requestedACR = acr;
 	}
 	
 	public List<AttributeFilteringSpec> getClaimValueFilters()
diff --git a/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/EssentialACRConsistencyValidator.java b/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/EssentialACRConsistencyValidator.java
@@ -22,15 +22,15 @@ public class EssentialACRConsistencyValidator
 {
 	static void verifyEssentialRequestedACRisReturned(OAuthAuthzContext ctx, Collection<DynamicAttribute> attributes) throws OAuthErrorResponseException
 	{
-		if (ctx.getAcr().isEmpty())
+		if (ctx.getRequestedAcr().isEmpty())
 			return;
-		if (ctx.getAcr().getEssentialACRs() == null || ctx.getAcr().getEssentialACRs().isEmpty())
+		if (ctx.getRequestedAcr().getEssentialACRs() == null || ctx.getRequestedAcr().getEssentialACRs().isEmpty())
 			return;
 		Optional<DynamicAttribute> acrAttribute = attributes.stream().filter(a -> a.getAttribute().getName().equals(IDTokenClaimsSet.ACR_CLAIM_NAME)).findAny();
 		
 		if (acrAttribute.isPresent())
 		{
-			if (acrAttribute.get().getAttribute().getValues().containsAll(ctx.getAcr().getEssentialACRs().stream().map(acr -> acr.getValue()).toList()))
+			if (acrAttribute.get().getAttribute().getValues().containsAll(ctx.getRequestedAcr().getEssentialACRs().stream().map(acr -> acr.getValue()).toList()))
 				return;
 		}	
 		
diff --git a/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/OAuthParseServlet.java b/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/OAuthParseServlet.java
@@ -219,7 +219,7 @@ protected void processRequestInterruptible(HttpServletRequest request, HttpServl
 
 		AuthenticationPolicy.setPolicy(request.getSession(), mapPromptToAuthenticationPolicy(context.getPrompts()));
 		setLanguageCookie(response, parsedRequestParametersWithUILocales.uiLocales);
-		setRequestedAuthenticationContextClassReference(context.getAcr(), request.getSession(), contextKey);
+		setRequestedAuthenticationContextClassReference(context.getRequestedAcr(), request.getSession(), contextKey);
 		response.sendRedirect(oauthUiServletPath + getQueryToAppend(authzRequest, contextKey));
 	}
 	
diff --git a/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/OAuthWebRequestValidator.java b/oauth/src/main/java/pl/edu/icm/unity/oauth/as/webauthz/OAuthWebRequestValidator.java
@@ -180,7 +180,7 @@ void validate(OAuthAuthzContext context) throws OAuthValidationException
 	private void recordACR(OAuthAuthzContext context, AuthorizationRequest authzRequest)
 	{
 		ACRRequest acrRequest = ACRRequest.resolve(authzRequest);
-		context.setAcr(acrRequest);
+		context.setRequestedAcr(acrRequest);
 	}
 
 	private void validateAndRecordClaimsInTokenAttribute(OAuthAuthzContext context, AuthorizationRequest authzRequest)
@@ -295,7 +295,7 @@ private void validateAndRecordScopesAndClaimFilters(Map<String, AttributeExt> cl
 
 			validRequestedScopes.forEach(si -> context.addEffectiveScopeInfo(si));
 			requestedScopes.forEach(si -> context.addRequestedScope(si.getValue()));
-			if (!context.getAcr().isEmpty())
+			if (!context.getRequestedAcr().isEmpty())
 			{
 				context.getEffectiveRequestedAttrs().add(IDTokenClaimsSet.ACR_CLAIM_NAME);
 			}			
diff --git a/oauth/src/test/java/pl/edu/icm/unity/oauth/as/webauthz/EssentialACRConsistencyValidatorTest.java b/oauth/src/test/java/pl/edu/icm/unity/oauth/as/webauthz/EssentialACRConsistencyValidatorTest.java
@@ -31,7 +31,7 @@ public class EssentialACRConsistencyValidatorTest
 	public void shouldThrowExceptionWhenReturnedACRNotContainsRequestedACR() throws OAuthErrorResponseException, URISyntaxException
 	{
 		OAuthAuthzContext context = new OAuthAuthzContext(new AuthorizationRequest(new URI(""), ResponseType.TOKEN, new ClientID()), null);
-		context.setAcr(new ACRRequest(List.of(new ACR("essentialACR1")), null));
+		context.setRequestedAcr(new ACRRequest(List.of(new ACR("essentialACR1")), null));
 		context.setReturnURI(new URI("return"));
 		List<DynamicAttribute> attrs = List.of(new DynamicAttribute(new Attribute("acr", null, null, List.of("acr1"))));
 		assertThrows(OAuthErrorResponseException.class, () -> EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(context, attrs));
@@ -41,7 +41,7 @@ public void shouldThrowExceptionWhenReturnedACRNotContainsRequestedACR() throws
 	public void shouldValidateSuccessfulltWhenACRContainsRequestedACR() throws OAuthErrorResponseException, URISyntaxException
 	{
 		OAuthAuthzContext context = new OAuthAuthzContext(new AuthorizationRequest(new URI(""), ResponseType.TOKEN, new ClientID()), null);
-		context.setAcr(new ACRRequest(List.of(new ACR("essentialACR1")), null));
+		context.setRequestedAcr(new ACRRequest(List.of(new ACR("essentialACR1")), null));
 		context.setReturnURI(new URI("return"));
 		List<DynamicAttribute> attrs = List.of(new DynamicAttribute(new Attribute("acr", null, null, List.of("essentialACR1"))));
 		assertDoesNotThrow(() -> EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(context, attrs));
@@ -51,7 +51,7 @@ public void shouldValidateSuccessfulltWhenACRContainsRequestedACR() throws OAuth
 	public void shouldValidateSuccessfulltWhenRequestedACRisVoluntary() throws OAuthErrorResponseException, URISyntaxException
 	{
 		OAuthAuthzContext context = new OAuthAuthzContext(new AuthorizationRequest(new URI(""), ResponseType.TOKEN, new ClientID()), null);
-		context.setAcr(new ACRRequest(List.of(), List.of(new ACR("voluntaryACR1"))));
+		context.setRequestedAcr(new ACRRequest(List.of(), List.of(new ACR("voluntaryACR1"))));
 		context.setReturnURI(new URI("return"));
 		List<DynamicAttribute> attrs = List.of(new DynamicAttribute(new Attribute("acr", null, null, List.of("anotherACR"))));
 		assertDoesNotThrow(() -> EssentialACRConsistencyValidator.verifyEssentialRequestedACRisReturned(context, attrs));

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ public enum Prompt { NONE, LOGIN, CONSENT}`
`53`	`53`	`private ClientType clientType;`
`54`	`54`	`private boolean openIdMode;`
`55`	`55`	`private Optional<ClaimsInTokenAttribute> claimsInTokenAttribute = Optional.empty();`
`56`		`- private ACRRequest acr;`
	`56`	`+ private ACRRequest requestedACR;`
`57`	`57`	`private List<AttributeFilteringSpec> claimValueFilters;`
`58`	`58`
`59`	`59`	`public OAuthAuthzContext(AuthorizationRequest request, OAuthASProperties properties)`
`@@ -267,14 +267,14 @@ public boolean requestsAttributesInIdToken()`
`267`	`267`	`return claimsInTokenAttribute.get().values.contains(ClaimsInTokenAttribute.Value.id_token);`
`268`	`268`	`}`
`269`	`269`
`270`		`- public ACRRequest getAcr()`
	`270`	`+ public ACRRequest getRequestedAcr()`
`271`	`271`	`{`
`272`		`- return acr;`
	`272`	`+ return requestedACR;`
`273`	`273`	`}`
`274`	`274`
`275`		`- public void setAcr(ACRRequest acr)`
	`275`	`+ public void setRequestedAcr(ACRRequest acr)`
`276`	`276`	`{`
`277`		`- this.acr = acr;`
	`277`	`+ this.requestedACR = acr;`
`278`	`278`	`}`
`279`	`279`
`280`	`280`	`public List<AttributeFilteringSpec> getClaimValueFilters()`
Original file line number	Diff line number	Diff line change
`@@ -22,15 +22,15 @@ public class EssentialACRConsistencyValidator`
`22`	`22`	`{`
`23`	`23`	`static void verifyEssentialRequestedACRisReturned(OAuthAuthzContext ctx, Collection<DynamicAttribute> attributes) throws OAuthErrorResponseException`
`24`	`24`	`{`
`25`		`- if (ctx.getAcr().isEmpty())`
	`25`	`+ if (ctx.getRequestedAcr().isEmpty())`
`26`	`26`	`return;`
`27`		`- if (ctx.getAcr().getEssentialACRs() == null \|\| ctx.getAcr().getEssentialACRs().isEmpty())`
	`27`	`+ if (ctx.getRequestedAcr().getEssentialACRs() == null \|\| ctx.getRequestedAcr().getEssentialACRs().isEmpty())`
`28`	`28`	`return;`
`29`	`29`	`Optional<DynamicAttribute> acrAttribute = attributes.stream().filter(a -> a.getAttribute().getName().equals(IDTokenClaimsSet.ACR_CLAIM_NAME)).findAny();`
`30`	`30`
`31`	`31`	`if (acrAttribute.isPresent())`
`32`	`32`	`{`
`33`		`- if (acrAttribute.get().getAttribute().getValues().containsAll(ctx.getAcr().getEssentialACRs().stream().map(acr -> acr.getValue()).toList()))`
	`33`	`+ if (acrAttribute.get().getAttribute().getValues().containsAll(ctx.getRequestedAcr().getEssentialACRs().stream().map(acr -> acr.getValue()).toList()))`
`34`	`34`	`return;`
`35`	`35`	`}`
`36`	`36`
Original file line number	Diff line number	Diff line change
`@@ -219,7 +219,7 @@ protected void processRequestInterruptible(HttpServletRequest request, HttpServl`
`219`	`219`
`220`	`220`	`AuthenticationPolicy.setPolicy(request.getSession(), mapPromptToAuthenticationPolicy(context.getPrompts()));`
`221`	`221`	`setLanguageCookie(response, parsedRequestParametersWithUILocales.uiLocales);`
`222`		`- setRequestedAuthenticationContextClassReference(context.getAcr(), request.getSession(), contextKey);`
	`222`	`+ setRequestedAuthenticationContextClassReference(context.getRequestedAcr(), request.getSession(), contextKey);`
`223`	`223`	`response.sendRedirect(oauthUiServletPath + getQueryToAppend(authzRequest, contextKey));`
`224`	`224`	`}`
`225`	`225`
Original file line number	Diff line number	Diff line change
`@@ -180,7 +180,7 @@ void validate(OAuthAuthzContext context) throws OAuthValidationException`
`180`	`180`	`private void recordACR(OAuthAuthzContext context, AuthorizationRequest authzRequest)`
`181`	`181`	`{`
`182`	`182`	`ACRRequest acrRequest = ACRRequest.resolve(authzRequest);`
`183`		`- context.setAcr(acrRequest);`
	`183`	`+ context.setRequestedAcr(acrRequest);`
`184`	`184`	`}`
`185`	`185`
`186`	`186`	`private void validateAndRecordClaimsInTokenAttribute(OAuthAuthzContext context, AuthorizationRequest authzRequest)`
`@@ -295,7 +295,7 @@ private void validateAndRecordScopesAndClaimFilters(Map<String, AttributeExt> cl`
`295`	`295`
`296`	`296`	`validRequestedScopes.forEach(si -> context.addEffectiveScopeInfo(si));`
`297`	`297`	`requestedScopes.forEach(si -> context.addRequestedScope(si.getValue()));`
`298`		`- if (!context.getAcr().isEmpty())`
	`298`	`+ if (!context.getRequestedAcr().isEmpty())`
`299`	`299`	`{`
`300`	`300`	`context.getEffectiveRequestedAttrs().add(IDTokenClaimsSet.ACR_CLAIM_NAME);`
`301`	`301`	`}`