From 77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f Mon Sep 17 00:00:00 2001 From: Thomas Date: Wed, 16 Oct 2019 15:06:58 +0200 Subject: Check if Consent is required before protocol post-processing starts. The process stops if Consent is needed --- .../services/ProtocolAuthenticationService.java | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'eaaf_core/src/main/java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index b4b188b6..090ea501 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -157,17 +157,25 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer //do not remove the full active SSO-Session // in case of only one Service-Provider authentication request is aborted if ( !pendingReq.needSingleSignOnFunctionality()) { - transactionStorage.remove(pendingReq.getPendingRequestId()); - + requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); + } //check if pending-request are authenticated - } else if (pendingReq.isAuthenticated()) { + } else if (pendingReq.isAuthenticated() && !pendingReq.isNeedUserConsent()) { internalFinalizeAuthenticationProcess(req, resp, pendingReq); } else { - //suspect state: pending-request is not aborted but also are not authenticated - log.error("PendingRequest is NOT authenticated --> Abort authentication process!"); + //suspect state: pending-request is not aborted but also are not authenticated + log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq.isAuthenticated(), pendingReq.isNeedUserConsent()); + if (pendingReq.isNeedUserConsent()) { + log.error("PendingRequest NEEDS user-consent. Can NOT fininalize authentication --> Abort authentication process!"); + + } else { + log.error("PendingRequest is NOT authenticated --> Abort authentication process!"); + + } + handleErrorNoRedirect( new EAAFException( "auth.20", @@ -179,9 +187,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer log.error("Finalize authentication protocol FAILED." , e); buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); - if (pendingReq != null) - transactionStorage.remove(pendingReq.getPendingRequestId()); - } //remove pending-request -- cgit v1.2.3