Merge remote-tracking branch 'origin/version_4.3.0' into version_4.3.0

GluuFederation · Sep 28, 2021 · 3a73e70 · 3a73e70
2 parents f3ab227 + c406906
commit 3a73e70
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java
@@ -9,11 +9,14 @@
 import org.gluu.jsf2.service.FacesService;
 import org.gluu.model.custom.script.conf.CustomScriptConfiguration;
 import org.gluu.oxauth.i18n.LanguageBean;
+import org.gluu.oxauth.model.authorize.AuthorizeRequestParam;
+import org.gluu.oxauth.model.authorize.ScopeChecker;
 import org.gluu.oxauth.model.common.SessionId;
 import org.gluu.oxauth.model.config.Constants;
 import org.gluu.oxauth.model.configuration.AppConfiguration;
 import org.gluu.oxauth.service.AuthorizeService;
 import org.gluu.oxauth.service.ClientService;
+import org.gluu.oxauth.service.SessionIdService;
 import org.gluu.oxauth.service.common.UserService;
 import org.gluu.oxauth.service.external.ExternalConsentGatheringService;
 import org.gluu.oxauth.service.external.context.ConsentGatheringContext;
@@ -69,6 +72,12 @@ public class ConsentGathererService {
 
     @Inject
     private ClientService clientService;
+
+    @Inject
+    private SessionIdService sessionIdService;
+
+    @Inject
+    private ScopeChecker scopeChecker;
 
     private final Map<String, String> pageAttributes = new HashMap<String, String>();
     private ConsentGatheringContext context;
@@ -295,4 +304,17 @@ public ConsentGatheringContext getContext() {
 		return context;
 	}
 
+    public List<org.oxauth.persistence.model.Scope> getScopes() {
+    	if (context == null) {
+    		return Collections.emptyList();
+    	}
+
+    	SessionId authenticatedSessionId = sessionIdService.getSessionId();
+        // Fix the list of scopes in the authorization page. oxAuth #739
+        Set<String> grantedScopes = scopeChecker.checkScopesPolicy(context.getClient(), authenticatedSessionId.getSessionAttributes().get(AuthorizeRequestParam.SCOPE));
+        String allowedScope = org.gluu.oxauth.model.util.StringUtils.implode(grantedScopes, " ");
+
+        return authorizeService.getScopes(allowedScope);
+    }
+
 }
diff --git a/Server/src/main/webapp/authz/authorize.xhtml b/Server/src/main/webapp/authz/authorize.xhtml
@@ -11,7 +11,7 @@
 	</f:metadata>
 
 	<ui:param name="_client" value="#{consentGatherer.context.client}" />
-	<ui:param name="_scopes" value="#{authorizeService.scopes}" />
+	<ui:param name="_scopes" value="#{consentGatherer.scopes}" />
 
     <ui:define name="controlButttons">
     	<h:commandLink id="doNotAllowButton" class="button button-default"