feat(jans-auth-server): implemented auth server config property to di…

…sable prompt=login #3006
JanssenProject · Jan 5, 2023 · 1174024 · 1174024
1 parent 3822975
commit 1174024
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 3 deletions.
diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java
@@ -448,6 +448,9 @@ public class AppConfiguration implements Configuration {
     @DocProperty(description = "Boolean value specifying whether to include sessionId in response", defaultValue = "false")
     private Boolean includeSidInResponse = false;
 
+    @DocProperty(description = "Boolean value specifying whether to disable prompt=login", defaultValue = "false")
+    private Boolean disablePromptLogin = false;
+
 
     /**
      * SessionId will be expired after sessionIdLifetime seconds
@@ -1109,6 +1112,15 @@ public void setForceOfflineAccessScopeToEnableRefreshToken(Boolean forceOfflineA
         this.forceOfflineAccessScopeToEnableRefreshToken = forceOfflineAccessScopeToEnableRefreshToken;
     }
 
+    public Boolean getDisablePromptLogin() {
+        if (disablePromptLogin == null) disablePromptLogin = false;
+        return disablePromptLogin;
+    }
+
+    public void setDisablePromptLogin(Boolean disablePromptLogin) {
+        this.disablePromptLogin = disablePromptLogin;
+    }
+
     public Boolean getIncludeSidInResponse() {
         if (includeSidInResponse == null) includeSidInResponse = false;
         return includeSidInResponse;

diff --git a/...r/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/...r/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java
@@ -545,7 +545,12 @@ private void checkPromptConsent(AuthzRequest authzRequest, List<Prompt> prompts,
         }
     }
 
-    private void checkPromptLogin(AuthzRequest authzRequest, List<Prompt> prompts) {
+    public void checkPromptLogin(AuthzRequest authzRequest, List<Prompt> prompts) {
+        if (isTrue(appConfiguration.getDisablePromptLogin())) {
+            log.trace("Disabled prompt=login (because disablePromptLogin=true).");
+            prompts.remove(Prompt.LOGIN);
+            return;
+        }
         if (prompts.contains(Prompt.LOGIN)) {
             boolean sessionUnauthenticated = false;
 

diff --git a/...rver/src/test/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImplTest.java b/...rver/src/test/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImplTest.java
@@ -3,6 +3,8 @@
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 import io.jans.as.common.model.registration.Client;
+import io.jans.as.common.model.session.SessionId;
+import io.jans.as.model.common.Prompt;
 import io.jans.as.model.common.ResponseType;
 import io.jans.as.model.common.ScopeConstants;
 import io.jans.as.model.configuration.AppConfiguration;
@@ -25,10 +27,12 @@
 import org.testng.annotations.Listeners;
 import org.testng.annotations.Test;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Set;
 
-import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertTrue;
+import static org.mockito.Mockito.when;
+import static org.testng.Assert.*;
 
 /**
  * @author Yuriy Z
@@ -111,6 +115,35 @@ public class AuthorizeRestWebServiceImplTest {
     @Mock
     private AuthzRequestService authzRequestService;
 
+    @Test
+    public void checkPromptLogin_whenDisablePromptLoginIsTrue_shouldNotClearSession() {
+        AuthzRequest authzRequest = new AuthzRequest();
+        authzRequest.setSessionId("some_id");
+
+        List<Prompt> promptList = new ArrayList<>();
+        promptList.add(Prompt.LOGIN);
+
+        when(appConfiguration.getDisablePromptLogin()).thenReturn(true);
+
+        authorizeRestWebService.checkPromptLogin(authzRequest, promptList);
+        assertEquals(authzRequest.getSessionId(), "some_id");
+    }
+
+    @Test
+    public void checkPromptLogin_whenDisablePromptLoginIsFalse_shouldClearSession() {
+        AuthzRequest authzRequest = new AuthzRequest();
+        authzRequest.setSessionId("some_id");
+
+        List<Prompt> promptList = new ArrayList<>();
+        promptList.add(Prompt.LOGIN);
+
+        when(identity.getSessionId()).thenReturn(new SessionId());
+        when(appConfiguration.getDisablePromptLogin()).thenReturn(false);
+
+        authorizeRestWebService.checkPromptLogin(authzRequest, promptList);
+        assertNull(authzRequest.getSessionId());
+    }
+
     @Test
     public void checkOfflineAccessScopes_whenOfflineAccessIsPresentAndConsentNot_shouldRemoveOfflineAccess() {
         final Set<String> scopes = Sets.newHashSet(ScopeConstants.OFFLINE_ACCESS);