Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(jans-auth-server): challenge endpoint returns 400 if authorize throws an unexpected exception #10561

Merged
merged 2 commits into from
Jan 7, 2025
Merged

fix(jans-auth-server): challenge endpoint returns 400 if authorize throws an unexpected exception #10561

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fffce80
fix(jans-auth-server): challenge endpoint returns 400 if authorize th…
yuriyz Jan 7, 2025
b7501d7
Merge branch 'main' into jans-auth-server-10553
yuriyz Jan 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ...server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,8 +164,8 @@ public Response authorize(AuthzRequest authzRequest) throws IOException, TokenBi
if (!ok) {
log.debug("Not allowed by authorization challenge script, client_id {}.", client.getClientId());
throw new WebApplicationException(errorResponseFactory
.newErrorResponse(Response.Status.BAD_REQUEST)
.entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED, state, "No allowed by authorization challenge script."))
.newErrorResponse(Response.Status.UNAUTHORIZED)
.entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED, state, "Not allowed by authorization challenge script."))
.build());
}

Expand Down
6 changes: 5 additions & 1 deletion jans-auth-server/server/src/main/java/io/jans/as/server/model/common/CacheGrant.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ public class CacheGrant implements Serializable {
private String acrValues;
private String sessionDn;
private int expiresIn = 1;
private boolean isAuthorizationChallenge;

// CIBA
private String authReqId;
Expand Down Expand Up @@ -73,6 +74,7 @@ public CacheGrant(AuthorizationGrant grant, AppConfiguration appConfiguration) {
codeChallengeMethod = grant.getCodeChallengeMethod();
claims = grant.getClaims();
sessionDn = grant.getSessionDn();
isAuthorizationChallenge = grant.isAuthorizationChallenge();
}

public CacheGrant(CIBAGrant grant, AppConfiguration appConfiguration) {
Expand Down Expand Up @@ -263,6 +265,7 @@ public AuthorizationCodeGrant asCodeGrant(Instance<AbstractAuthorizationGrant> g
grant.setAcrValues(acrValues);
grant.setNonce(nonce);
grant.setClaims(claims);
grant.setAuthorizationChallenge(isAuthorizationChallenge);

return grant;
}
Expand Down Expand Up @@ -335,11 +338,12 @@ public String getDeviceCode() {

@Override
public String toString() {
return "MemcachedGrant{" +
return "CacheGrant{" +
"authorizationCode=" + authorizationCodeString +
", user=" + user +
", client=" + client +
", authenticationTime=" + authenticationTime +
", isAuthorizationChallenge=" + isAuthorizationChallenge +
'}';
}
}
4 changes: 4 additions & 0 deletions ...c/main/java/io/jans/as/server/service/external/ExternalAuthorizationChallengeService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,10 @@ public boolean externalAuthorize(ExecutionContext executionContext) {
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
saveScriptError(script.getCustomScript(), ex);
throw new WebApplicationException(errorResponseFactory
.newErrorResponse(Response.Status.INTERNAL_SERVER_ERROR)
.entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED, executionContext.getAuthzRequest().getState(), "Unable to run authorization challenge script."))
.build());
}

log.trace("Finished 'authorize' method, script name: {}, clientId: {}, result: {}", script.getName(), executionContext.getAuthzRequest().getClientId(), result);
Expand Down
8 changes: 4 additions & 4 deletions jans-linux-setup/jans_setup/templates/scripts.ldif
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -532,7 +532,7 @@ jansEnabled: FALSE
jansLevel: 1
jansModuleProperty: {"value1":"location_type","value2":"db","description":""}
jansProgLng: java
jansRevision: 11
jansRevision: 1
jansScr::%(discovery_discovery)s
jansScrTyp: discovery

Expand All @@ -546,7 +546,7 @@ jansEnabled: true
jansLevel: 1
jansModuleProperty: {"value1":"location_type","value2":"db","description":""}
jansProgLng: java
jansRevision: 11
jansRevision: 1
jansScr::%(authz_detail_authzdetail)s
jansScrTyp: authz_detail

Expand All @@ -560,7 +560,7 @@ jansEnabled: true
jansLevel: 1
jansModuleProperty: {"value1":"location_type","value2":"db","description":""}
jansProgLng: java
jansRevision: 11
jansRevision: 1
jansScr::%(authorization_challenge_authorizationchallenge)s
jansScrTyp: authorization_challenge

Expand All @@ -574,7 +574,7 @@ jansEnabled: true
jansLevel: 1
jansModuleProperty: {"value1":"location_type","value2":"db","description":""}
jansProgLng: java
jansRevision: 11
jansRevision: 1
jansScr::%(access_evaluation_accessevaluation)s
jansScrTyp: access_evaluation

Expand Down
Loading