Merge branch 'master' of https://github.com/wso2-extensions/identity-…

…inbound-auth-oauth into master_DCR_Validations

components/org.wso2.carbon.identity.api.server.dcr/pom.xml

@@ -5,12 +5,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>6.11.156-SNAPSHOT</version>
+        <version>6.11.164-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.server.dcr</artifactId>
-    <version>6.11.156-SNAPSHOT</version>
+    <version>6.11.164-SNAPSHOT</version>
     <name>WSO2 Carbon -  User DCR Rest API</name>
     <description>WSO2 Carbon - User DCR Rest API</description>
 

components/org.wso2.carbon.identity.api.server.oauth.scope/pom.xml

@@ -5,12 +5,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>6.11.156-SNAPSHOT</version>
+        <version>6.11.164-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.server.oauth.scope</artifactId>
-    <version>6.11.156-SNAPSHOT</version>
+    <version>6.11.164-SNAPSHOT</version>
 
     <name>WSO2 Carbon - Identity OAuth 2.0 Scope Rest APIs</name>
     <description>Rest APIs for OAuth 2.0 Scope Handling</description>

components/org.wso2.carbon.identity.api.server.oauth.scope/src/main/java/org/wso2/carbon/identity/oauth/scope/endpoint/impl/ScopesApiServiceImpl.java

@@ -18,13 +18,13 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.cxf.jaxrs.impl.UriInfoImpl;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.core.ServiceURLBuilder;
+import org.wso2.carbon.identity.core.URLBuilderException;
+import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.oauth.scope.endpoint.ScopesApiService;
 import org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO;
@@ -38,11 +38,9 @@
 import org.wso2.carbon.user.api.UserStoreException;
 
 import java.net.URI;
-import java.net.URISyntaxException;
 import java.util.Set;
 
 import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
 
 import static org.wso2.carbon.identity.oauth.common.OAuthConstants.TENANT_NAME_FROM_CONTEXT;
 import static org.wso2.carbon.identity.oauth.scope.endpoint.Constants.SERVER_API_PATH_COMPONENT;
@@ -292,23 +290,15 @@ public Response deleteScope(String name) {
      */
     private static URI buildURIForHeader(String scopeName) {
 
-        String tenantQualifiedRelativePath =
-                String.format(TENANT_CONTEXT_PATH_COMPONENT, getTenantDomainFromContext()) + SERVER_API_PATH_COMPONENT;
-        String url = IdentityUtil.getEndpointURIPath(tenantQualifiedRelativePath + scopeName, false, true);
-
-        URI location = URI.create(url);
-        if (!location.isAbsolute()) {
-            Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
-            if (currentMessage != null) {
-                UriInfo ui = new UriInfoImpl(currentMessage.getExchange().getInMessage(), null);
-                try {
-                    return new URI(ui.getBaseUri().getScheme(), ui.getBaseUri().getAuthority(), url, null, null);
-                } catch (URISyntaxException e) {
-                    LOG.error("Server encountered an error while building the location URL with scheme: " +
-                            ui.getBaseUri().getScheme() + ", authority: " + ui.getBaseUri().getAuthority() +
-                            ", url: " + url, e);
-                }
-            }
+        URI location;
+        String context = IdentityTenantUtil.isTenantQualifiedUrlsEnabled() ? SERVER_API_PATH_COMPONENT + scopeName :
+                String.format(TENANT_CONTEXT_PATH_COMPONENT, getTenantDomainFromContext()) + SERVER_API_PATH_COMPONENT
+                        + scopeName;
+        try {
+            String url = ServiceURLBuilder.create().addPath(context).build().getAbsolutePublicURL();
+            location = URI.create(url);
+        } catch (URLBuilderException e) {
+            throw new RuntimeException("Error occurred while building URL in tenant qualified mode.", e);
         }
         return location;
     }

components/org.wso2.carbon.identity.api.server.oauth.scope/src/test/java/org/wso2/carbon/identity/oauth/scope/endpoint/impl/ScopesApiServiceImplTest.java

@@ -25,6 +25,9 @@
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
+import org.wso2.carbon.identity.core.ServiceURL;
+import org.wso2.carbon.identity.core.ServiceURLBuilder;
+import org.wso2.carbon.identity.core.URLBuilderException;
 import org.wso2.carbon.identity.oauth.scope.endpoint.dto.ErrorDTO;
 import org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO;
 import org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeToUpdateDTO;
@@ -48,13 +51,15 @@
 import static org.mockito.Mockito.reset;
 import static org.powermock.api.mockito.PowerMockito.doNothing;
 import static org.powermock.api.mockito.PowerMockito.doThrow;
+import static org.powermock.api.mockito.PowerMockito.mock;
 import static org.powermock.api.mockito.PowerMockito.mockStatic;
 import static org.powermock.api.mockito.PowerMockito.when;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertNull;
+import static org.wso2.carbon.identity.oauth.scope.endpoint.Constants.SERVER_API_PATH_COMPONENT;
 
 @PowerMockIgnore("javax.*")
-@PrepareForTest({ScopeUtils.class, OAuth2ScopeService.class})
+@PrepareForTest({ScopeUtils.class, OAuth2ScopeService.class, ServiceURLBuilder.class})
 public class ScopesApiServiceImplTest extends PowerMockTestCase {
 
     private ScopesApiServiceImpl scopesApiService = new ScopesApiServiceImpl();
@@ -337,6 +342,7 @@ public void testRegisterScope(Response.Status expectation, Throwable throwable)
         ScopeDTO scopeDTO = new ScopeDTO();
         scopeDTO.setDescription("some description");
         scopeDTO.setBindings(Collections.<String>emptyList());
+        mockServiceURLBuilder(SERVER_API_PATH_COMPONENT + scopeDTO.getName());
         if (Response.Status.OK.equals(expectation)) {
             when(oAuth2ScopeService.registerScope(any(Scope.class))).thenReturn(any(Scope.class));
             assertEquals(scopesApiService.registerScope(scopeDTO).getStatus(), Response.Status.CREATED.getStatusCode(),
@@ -459,5 +465,17 @@ private void callRealMethod() throws Exception {
                 any(String.class)).thenCallRealMethod();
     }
 
+    private void mockServiceURLBuilder(String url) throws URLBuilderException {
+
+        mockStatic(ServiceURLBuilder.class);
+        ServiceURLBuilder serviceURLBuilder = mock(ServiceURLBuilder.class);
+        when(ServiceURLBuilder.create()).thenReturn(serviceURLBuilder);
+        when(serviceURLBuilder.addPath(any())).thenReturn(serviceURLBuilder);
+
+        ServiceURL serviceURL = mock(ServiceURL.class);
+        when(serviceURL.getAbsolutePublicURL()).thenReturn(url);
+        when(serviceURLBuilder.build()).thenReturn(serviceURL);
+    }
+
 }
 

components/org.wso2.carbon.identity.discovery/pom.xml

@@ -21,7 +21,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.156-SNAPSHOT</version>
+        <version>6.11.164-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.ciba/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
-        <version>6.11.156-SNAPSHOT</version>
+        <version>6.11.164-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.oauth.client.authn.filter/pom.xml

@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.156-SNAPSHOT</version>
+        <version>6.11.164-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.common/pom.xml

@@ -23,7 +23,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.156-SNAPSHOT</version>
+        <version>6.11.164-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java

@@ -110,6 +110,7 @@ public final class OAuthConstants {
     public static final String AUTHENTICATED_IDPS = "AuthenticatedIdPs";
     public static final String SESSION_STATE = "session_state";
     public static final String STATE = "state";
+    public static final String AUTHENTICATOR_IDP_SPLITTER = ":";
 
     public static final String SECTOR_IDENTIFIER_URI = "sector_identifier_uri";
     public static final String SUBJECT_TYPE = "subject_type";
@@ -757,6 +758,7 @@ public static class ResponseModes {
         public static final String QUERY_JWT = "query.jwt";
         public static final String FRAGMENT_JWT = "fragment.jwt";
         public static final String FORM_POST_JWT = "form_post.jwt";
+        public static final String DIRECT = "direct"; // Used for API based authentication.
     }
 
 }

components/org.wso2.carbon.identity.oauth.dcr.endpoint/pom.xml

@@ -6,7 +6,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.156-SNAPSHOT</version>
+        <version>6.11.164-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.dcr/pom.xml

@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.156-SNAPSHOT</version>
+        <version>6.11.164-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.endpoint/pom.xml

@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.156-SNAPSHOT</version>
+        <version>6.11.164-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
@@ -332,7 +332,7 @@
                                         <limit implementation="org.jacoco.report.check.Limit">
                                             <counter>COMPLEXITY</counter>
                                             <value>COVEREDRATIO</value>
-                                            <minimum>0.55</minimum>
+                                            <minimum>0.50</minimum>
                                         </limit>
                                     </limits>
                                 </rule>

components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/OAuthRequestWrapper.java

@@ -22,6 +22,7 @@
 
 import java.util.Collections;
 import java.util.Enumeration;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -39,6 +40,8 @@ public class OAuthRequestWrapper extends HttpServletRequestWrapper {
     private Map<String, List<String>> form;
     private Enumeration<String> parameterNames;
 
+    private boolean isInternalRequest = false;
+
     @Deprecated
     public OAuthRequestWrapper(HttpServletRequest request, MultivaluedMap<String, String> form) {
 
@@ -66,7 +69,7 @@ public OAuthRequestWrapper(HttpServletRequest request, Map<String, List<String>>
     public String getParameter(String name) {
 
         String value = super.getParameter(name);
-        if (value == null) {
+        if (value == null || isInternalRequest) {
             if (CollectionUtils.isNotEmpty(form.get(name))) {
                 value = form.get(name).get(0);
             }
@@ -79,4 +82,29 @@ public Enumeration<String> getParameterNames() {
 
         return parameterNames;
     }
+
+    /**
+     * Set whether the request is internal or not.
+     * If the request is internal, the request parameters
+     * in the wrapper will get priority over the servlet request.
+     *
+     * @param internalRequest Whether the request is internal or not.
+     */
+    public void setInternalRequest(boolean internalRequest) {
+
+        isInternalRequest = internalRequest;
+    }
+
+    @Override
+    public Map<String, String[]> getParameterMap() {
+
+        Map<String, String[]> parameterMap = new HashMap<>(super.getParameterMap());
+
+        // Add form data to parameterMap.
+        for (Map.Entry<String, List<String>> entry : form.entrySet()) {
+            parameterMap.put(entry.getKey(), entry.getValue().toArray(new String[0]));
+        }
+
+        return parameterMap;
+    }
 }