From 77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f Mon Sep 17 00:00:00 2001
From: Thomas <thomas.lenz@egiz.gv.at>
Date: Wed, 16 Oct 2019 15:06:58 +0200
Subject: Check if Consent is required before protocol post-processing starts.
 The process stops if Consent is needed

---
 .../services/ProtocolAuthenticationService.java     | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index b4b188b6..090ea501 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -157,17 +157,25 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 				//do not remove the full active SSO-Session 
 				//	in case of only one Service-Provider authentication request is aborted   
 				if ( !pendingReq.needSingleSignOnFunctionality())  {
-					transactionStorage.remove(pendingReq.getPendingRequestId());
-				
+					requestStorage.removePendingRequest(pendingReq.getPendingRequestId());
+					
 				}							
 
 				//check if pending-request are authenticated					
-			} else if (pendingReq.isAuthenticated()) {				
+			} else if (pendingReq.isAuthenticated() && !pendingReq.isNeedUserConsent()) {				
 				internalFinalizeAuthenticationProcess(req, resp, pendingReq);
 
 			} else {
-				//suspect state: pending-request is not aborted but also are not authenticated 
-				log.error("PendingRequest is NOT authenticated --> Abort authentication process!");		
+				//suspect state: pending-request is not aborted but also are not authenticated
+				log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq.isAuthenticated(), pendingReq.isNeedUserConsent());
+				if (pendingReq.isNeedUserConsent()) {
+					log.error("PendingRequest NEEDS user-consent. Can NOT fininalize authentication --> Abort authentication process!");
+					
+				} else {
+					log.error("PendingRequest is NOT authenticated --> Abort authentication process!");
+					
+				}
+				
 				handleErrorNoRedirect(
 						new EAAFException(
 								"auth.20",
@@ -179,9 +187,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 			log.error("Finalize authentication protocol FAILED." , e);
 			buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
 			
-			if (pendingReq != null)
-				transactionStorage.remove(pendingReq.getPendingRequestId());
-			
 		}		
 	
 		//remove pending-request
-- 
cgit v1.2.3