Allow OIDC OP without attached service

2a58d66c · ls1947 · d306cbb1 · 2a58d66c
Commit 2a58d66c authored Jul 23, 2020 by ls1947
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLoginImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLoginImpl.java
@@ -169,48 +169,54 @@ public class OidcOpLoginImpl implements OidcOpLogin {

 			OidcClientConfigurationEntity clientConfig = flowState.getClientConfiguration();
 			List<ServiceOidcClientEntity> serviceOidcClientList = serviceOidcClientDao.findByClientConfig(clientConfig);
-			
+
+			/*
+			 * Allow OIDC config without service
+			 */
 			if (serviceOidcClientList.size() == 0) {
-				throw new OidcAuthenticationException("no service is connected to client configuration");
+				throw new OidcAuthenticationException("no script is connected to client configuration");
 			}
 			
 			RegistryEntity registry = null;
 			for (ServiceOidcClientEntity serviceOidcClient : serviceOidcClientList) {
 				ServiceEntity service = serviceOidcClient.getService();
-				logger.debug("Service for RP found: {}", service);
 				
-				registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
-				
-				if (registry != null) {
-					List<Object> objectList = checkRules(user, service, registry);
-					List<OverrideAccess> overrideAccessList = extractOverideAccess(objectList);
-					List<UnauthorizedUser> unauthorizedUserList = extractUnauthorizedUser(objectList);
+				if (service != null) {
+					logger.debug("Service for RP found: {}", service);
 					
-					if (overrideAccessList.size() == 0 && unauthorizedUserList.size() > 0) {
-						return "/user/check-access.xhtml?regId=" + registry.getId();
-					}
-				}
-				else {
-					registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.LOST_ACCESS);
+					registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
 					
 					if (registry != null) {
-						logger.info("Registration for user {} and service {} in state LOST_ACCESS, checking again", 
-								user.getEppn(), service.getName());
 						List<Object> objectList = checkRules(user, service, registry);
 						List<OverrideAccess> overrideAccessList = extractOverideAccess(objectList);
 						List<UnauthorizedUser> unauthorizedUserList = extractUnauthorizedUser(objectList);
 						
 						if (overrideAccessList.size() == 0 && unauthorizedUserList.size() > 0) {
-							logger.info("Registration for user {} and service {} in state LOST_ACCESS stays, redirecting to check page", 
-									user.getEppn(), service.getName());
 							return "/user/check-access.xhtml?regId=" + registry.getId();
 						}
 					}
 					else {
-						logger.info("No active registration for user {} and service {}, redirecting to register page", 
-								user.getEppn(), service.getName());
-						session.setOriginalRequestPath("/oidc/realms/" + opConfig.getRealm() + "/protocol/openid-connect/auth/return");
-						return "/user/register-service.xhtml?serviceId=" + service.getId();
+						registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.LOST_ACCESS);
+						
+						if (registry != null) {
+							logger.info("Registration for user {} and service {} in state LOST_ACCESS, checking again", 
+									user.getEppn(), service.getName());
+							List<Object> objectList = checkRules(user, service, registry);
+							List<OverrideAccess> overrideAccessList = extractOverideAccess(objectList);
+							List<UnauthorizedUser> unauthorizedUserList = extractUnauthorizedUser(objectList);
+							
+							if (overrideAccessList.size() == 0 && unauthorizedUserList.size() > 0) {
+								logger.info("Registration for user {} and service {} in state LOST_ACCESS stays, redirecting to check page", 
+										user.getEppn(), service.getName());
+								return "/user/check-access.xhtml?regId=" + registry.getId();
+							}
+						}
+						else {
+							logger.info("No active registration for user {} and service {}, redirecting to register page", 
+									user.getEppn(), service.getName());
+							session.setOriginalRequestPath("/oidc/realms/" + opConfig.getRealm() + "/protocol/openid-connect/auth/return");
+							return "/user/register-service.xhtml?serviceId=" + service.getId();
+						}
 					}
 				}
 			}
@@ -262,9 +268,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {

 		RegistryEntity registry = flowState.getRegistry();

-		if (registry == null) {
-			throw new OidcAuthenticationException("No registry attached to flow state.");
-		}
+		/*
+		 * allow for no registry
+		 */
+//		if (registry == null) {
+//			throw new OidcAuthenticationException("No registry attached to flow state.");
+//		}
 		
 		List<ServiceOidcClientEntity> serviceOidcClientList = serviceOidcClientDao.findByClientConfig(clientConfig);

@@ -364,9 +373,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {

 		RegistryEntity registry = flowState.getRegistry();

-		if (registry == null) {
-			throw new OidcAuthenticationException("No registry attached to flow state.");
-		}
+		/*
+		 * allow for no registry
+		 */
+//		if (registry == null) {
+//			throw new OidcAuthenticationException("No registry attached to flow state.");
+//		}

 		JWTClaimsSet.Builder claimsBuilder = new JWTClaimsSet.Builder();