From 95034909d1ac9ecdcb9a0a24c8d4adc3bcda6b79 Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Tue, 26 Sep 2023 14:58:20 +0300
Subject: [PATCH] feat: postProcessAttributesContext should has reference to
 ProfileRequestContext #172

---
 .../GluuReleaseAttributesPostProcessor.java   |  7 ++-
 .../PostProcessAttributesContext.java         | 11 +++++
 .../externalauth/ShibOxAuthAuthServlet.java   | 44 +++++++++++++++----
 3 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/shib-oxauth-authn/src/main/java/org/gluu/idp/consent/processor/GluuReleaseAttributesPostProcessor.java b/shib-oxauth-authn/src/main/java/org/gluu/idp/consent/processor/GluuReleaseAttributesPostProcessor.java
index 4f29de9..1732601 100644
--- a/shib-oxauth-authn/src/main/java/org/gluu/idp/consent/processor/GluuReleaseAttributesPostProcessor.java
+++ b/shib-oxauth-authn/src/main/java/org/gluu/idp/consent/processor/GluuReleaseAttributesPostProcessor.java
@@ -82,7 +82,7 @@ protected void doExecute(@Nonnull final ProfileRequestContext profileRequestCont
 			}
 		}
 
-		PostProcessAttributesContext context = buildContext(idpAttributeMap);
+		PostProcessAttributesContext context = buildContext(profileRequestContext, idpAttributeMap);
 
 		for (String attr : idpAttributeMap.keySet()) {
 			LOG.info("------------------------attr: {}", attr);
@@ -101,10 +101,9 @@ protected void doExecute(@Nonnull final ProfileRequestContext profileRequestCont
 		LOG.debug("Executed script method 'updateAttributes' with result {}", result);
 	}
 
-	private PostProcessAttributesContext buildContext(final Map<String,IdPAttribute> idpAttributeMap) {
-
+	private PostProcessAttributesContext buildContext(ProfileRequestContext profileRequestContext, final Map<String,IdPAttribute> idpAttributeMap) {
 		PostProcessAttributesContext context = new PostProcessAttributesContext();
-
+		context.setProfileRequestContext(profileRequestContext);
 		context.setAttributeReleaseAction(this);
 		context.setIdpAttributeMap(idpAttributeMap);
 
diff --git a/shib-oxauth-authn/src/main/java/org/gluu/idp/consent/processor/PostProcessAttributesContext.java b/shib-oxauth-authn/src/main/java/org/gluu/idp/consent/processor/PostProcessAttributesContext.java
index b1ff742..2b97818 100644
--- a/shib-oxauth-authn/src/main/java/org/gluu/idp/consent/processor/PostProcessAttributesContext.java
+++ b/shib-oxauth-authn/src/main/java/org/gluu/idp/consent/processor/PostProcessAttributesContext.java
@@ -3,6 +3,8 @@
 import java.io.Serializable;
 import java.util.Map;
 
+import org.opensaml.profile.context.ProfileRequestContext;
+
 import net.shibboleth.idp.attribute.IdPAttribute;
 
 /**
@@ -15,10 +17,19 @@ public class PostProcessAttributesContext implements Serializable {
 
 	private static final long serialVersionUID = 1822377169827670256L;
 
+	private ProfileRequestContext profileRequestContext;
 	private GluuReleaseAttributesPostProcessor releaseAttributesPostProcessor;
 	private Map<String,IdPAttribute> idpAttributeMap;
 
 	
+	public ProfileRequestContext getProfileRequestContext() {
+		return profileRequestContext;
+	}
+
+	public void setProfileRequestContext(ProfileRequestContext profileRequestContext) {
+		this.profileRequestContext = profileRequestContext;
+	}
+
 	public void setAttributeReleaseAction(GluuReleaseAttributesPostProcessor releaseAttributesPostProcessor) {
 		this.releaseAttributesPostProcessor = releaseAttributesPostProcessor;
 	}
diff --git a/shib-oxauth-authn/src/main/java/org/gluu/idp/externalauth/ShibOxAuthAuthServlet.java b/shib-oxauth-authn/src/main/java/org/gluu/idp/externalauth/ShibOxAuthAuthServlet.java
index abcc159..817e062 100644
--- a/shib-oxauth-authn/src/main/java/org/gluu/idp/externalauth/ShibOxAuthAuthServlet.java
+++ b/shib-oxauth-authn/src/main/java/org/gluu/idp/externalauth/ShibOxAuthAuthServlet.java
@@ -50,6 +50,14 @@
 import org.springframework.core.env.Environment;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.webflow.context.ExternalContextHolder;
+import org.springframework.webflow.context.servlet.ServletExternalContext;
+import org.springframework.webflow.engine.impl.FlowExecutionImpl;
+import org.springframework.webflow.execution.FlowExecutionFactory;
+import org.springframework.webflow.execution.FlowExecutionKey;
+import org.springframework.webflow.execution.repository.FlowExecutionRepository;
+import org.springframework.webflow.executor.FlowExecutionResult;
+import org.springframework.webflow.executor.FlowExecutorImpl;
 
 import net.shibboleth.idp.attribute.IdPAttribute;
 import net.shibboleth.idp.authn.AuthnEventIds;
@@ -115,7 +123,12 @@ public void init(final ServletConfig config) throws ServletException {
 
     @Override
     protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException {
-        try {
+    	if (!checkRequest(request, response)) {
+    		return;
+    	}
+
+    	try {
+            ExternalContextHolder.setExternalContext(new ServletExternalContext(request.getServletContext(), request, response));
 
             final String requestUrl = request.getRequestURL().toString();
             LOG.trace("Get request to: '{}'", requestUrl);
@@ -157,7 +170,7 @@ public String getParameter(String name) {
             }
 
             // Get authentication key from request 
-            final String authenticationKey = ExternalAuthentication.startExternalAuthentication(externalRequest);
+            final String flowExecutionKey = ExternalAuthentication.startExternalAuthentication(externalRequest);
 
             // Get external authentication properties
             final boolean force = Boolean.parseBoolean(request.getAttribute(ExternalAuthentication.FORCE_AUTHN_PARAM).toString());
@@ -165,7 +178,7 @@ public String getParameter(String name) {
             // It's an authentication
             if (!authorizationResponse) {
                 LOG.debug("Initiating oxAuth login redirect");
-                startLoginRequest(request, response, authenticationKey, force);
+                startLoginRequest(request, response, flowExecutionKey, force);
                 return;
             }
 
@@ -176,22 +189,35 @@ public String getParameter(String name) {
                 LOG.error("The state in session and in request are not equals");
 
                 // Re-init login page
-                startLoginRequest(request, response, authenticationKey, force);
+                startLoginRequest(request, response, flowExecutionKey, force);
                 return;
             }
 
-            processAuthorizationResponse(request, response, authenticationKey);
+            processAuthorizationResponse(request, response, flowExecutionKey);
 
         } catch (final ExternalAuthenticationException ex) {
-            LOG.warn("Error processing oxAuth authentication request", ex);
+            LOG.error("Error processing oxAuth authentication request", ex);
             loadErrorPage(request, response);
-
         } catch (final Exception ex) {
             LOG.error("Something unexpected happened", ex);
             request.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, AuthnEventIds.AUTHN_EXCEPTION);
+        } finally {
+            ExternalContextHolder.setExternalContext(null);
         }
     }
 
+    private final boolean checkRequest(final HttpServletRequest request, final HttpServletResponse response) throws ServletException {
+		// Check whether a session is required.
+		if (request.getSession(false) == null) {
+            LOG.error("Pre-existing session required but none found");
+            loadErrorPage(request, response);
+            
+            return false;
+		}
+		
+		return true;
+	}
+
     private void processAuthorizationResponse(final HttpServletRequest request, final HttpServletResponse response, final String authenticationKey)
             throws ExternalAuthenticationException, IOException {
         try {
@@ -242,14 +268,14 @@ private void processAuthorizationResponse(final HttpServletRequest request, fina
 	                if(!idpAttributes.isEmpty()) {
 	                    LOG.debug("Storing generated idp attributes");
 	                    ProfileRequestContext prContext = ExternalAuthentication.getProfileRequestContext(authenticationKey, request);
-	                    GluuScratchContext gluuScratchContext = prContext.getSubcontext(GluuScratchContext.class,true);
+	                    GluuScratchContext gluuScratchContext = prContext.getSubcontext(GluuScratchContext.class, true);
 	                    gluuScratchContext.setIdpAttributes(idpAttributes);
 	                }
 	
 	                LOG.debug("Created an IdP subject instance with principals for {} ", userProfile.getId());
 	                final Set<Principal> userPrincipals = new HashSet<Principal>();
 	                userPrincipals.add(new UsernamePrincipal(userProfile.getId()));
-	                request.setAttribute(ExternalAuthentication.SUBJECT_KEY, new Subject(false, userPrincipals,Collections.emptySet(),Collections.emptySet()));
+	                request.setAttribute(ExternalAuthentication.SUBJECT_KEY, new Subject(false, userPrincipals, Collections.emptySet(),Collections.emptySet()));
 	
 	                if (authenticationContext != null) {
 	                	String usedAcr = userProfile.getUsedAcr();