From 834d2480178f5d83a4a963856982b416ce5b389f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 6 Jun 2017 15:15:44 +0200 Subject: fix bug with empty OpenIDConnect scope parameter --- .../oauth20/protocol/OAuth20AuthAction.java | 34 ++++++++++++---------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b9bed7a22..f0cf45293 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -163,22 +163,24 @@ class OAuth20AuthAction implements IAction { OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData, oAuthRequest); resultScopes.append("openId"); - for (String s : scope.split(" ")) { - if (s.equalsIgnoreCase("profile")) { - OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData); - resultScopes.append(" profile"); - } else if (s.equalsIgnoreCase("eID")) { - OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData); - resultScopes.append(" eID"); - } else if (s.equalsIgnoreCase("eID_gov")) { - OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData); - resultScopes.append(" eID_gov"); - } else if (s.equalsIgnoreCase("mandate")) { - OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData); - resultScopes.append(" mandate"); - } else if (s.equalsIgnoreCase("stork")) { - OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData); - resultScopes.append(" stork"); + if (scope != null) { + for (String s : scope.split(" ")) { + if (s.equalsIgnoreCase("profile")) { + OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData); + resultScopes.append(" profile"); + } else if (s.equalsIgnoreCase("eID")) { + OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData); + resultScopes.append(" eID"); + } else if (s.equalsIgnoreCase("eID_gov")) { + OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData); + resultScopes.append(" eID_gov"); + } else if (s.equalsIgnoreCase("mandate")) { + OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData); + resultScopes.append(" mandate"); + } else if (s.equalsIgnoreCase("stork")) { + OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData); + resultScopes.append(" stork"); + } } } -- cgit v1.2.3 From f60727a4b419a52313b4489642537603f5dac18d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 6 Jun 2017 15:20:44 +0200 Subject: update release notes --- id/history.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/id/history.txt b/id/history.txt index befe0ffbc..c7bb7ac23 100644 --- a/id/history.txt +++ b/id/history.txt @@ -8,7 +8,8 @@ Version MOA-ID Release 3.2.2: - Bug-Fix - Problem with SSL certificate path-construction in case of worker threads - Bug-Fix - Problems with configuration entries in some special cases - Bug-Fix - Problem with RandomNumberGeneration in combination with IAIK_JCE and JAVA JDK >= 8u111 - - Bug-Fix - Problem with Statistic Logger if persist operation on database failes + - Bug-Fix - Problem with Statistic Logger if persist operation on database failes + - Bug-Fix - Problem with empty scope parameter in openID Connect request ------------------------------------------------------------------------------ Version MOA-ID Release 3.2.1: Änderungen seit Version MOA-ID 3.2.0 -- cgit v1.2.3