Implement Method to Mask Content in Adaptive Authentication Scripts

components/org.wso2.carbon.identity.conditional.auth.functions.utils/pom.xml

@@ -48,6 +48,10 @@
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.user.core</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.central.log.mgt</artifactId>
+        </dependency>
 
         <!-- Test related dependencies -->
         <dependency>
@@ -112,6 +116,7 @@
                             org.osgi.service.component; version="${org.osgi.service.imp.pkg.version.range}",
                             org.wso2.carbon.identity.application.authentication.framework; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.application.authentication.framework.util; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.central.log.mgt.utils; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.multi.attribute.login.mgt; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.user.core.common; version="${carbon.kernel.package.import.version.range}",
                         </Import-Package>

components/org.wso2.carbon.identity.conditional.auth.functions.utils/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/utils/GetMaskedValueFunction.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.conditional.auth.functions.utils;
+
+/**
+ * Function to mask the given value  if log masking is enabled.
+ */
+@FunctionalInterface
+public interface GetMaskedValueFunction {
+
+    /**
+     * Masks the given value if log masking is enabled.
+     *
+     * @param value The value to be masked.
+     * @return The masked value.
+     */
+    String getMaskedValue(String value);
+}

components/org.wso2.carbon.identity.conditional.auth.functions.utils/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/utils/GetMaskedValueFunctionImpl.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.conditional.auth.functions.utils;
+
+import org.graalvm.polyglot.HostAccess;
+import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
+
+/**
+ * Implementation of  {@link GetMaskedValueFunction}.
+ */
+public class GetMaskedValueFunctionImpl implements GetMaskedValueFunction {
+
+    @Override
+    @HostAccess.Export
+    public String getMaskedValue(String value) {
+
+        return LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(value) : value;
+    }
+}

components/org.wso2.carbon.identity.conditional.auth.functions.utils/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/utils/internal/UtilsFunctionServiceComponent.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2023-2024, WSO2 LLC. (http://www.wso2.com).
  *
  * WSO2 LLC. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
@@ -28,6 +28,8 @@
 import org.wso2.carbon.identity.application.authentication.framework.JsFunctionRegistry;
 import org.wso2.carbon.identity.conditional.auth.functions.utils.FilterAuthenticatorsFunction;
 import org.wso2.carbon.identity.conditional.auth.functions.utils.FilterAuthenticatorsFunctionImpl;
+import org.wso2.carbon.identity.conditional.auth.functions.utils.GetMaskedValueFunction;
+import org.wso2.carbon.identity.conditional.auth.functions.utils.GetMaskedValueFunctionImpl;
 import org.wso2.carbon.identity.conditional.auth.functions.utils.ResolveMultiAttributeLoginIdentifierFunction;
 import org.wso2.carbon.identity.conditional.auth.functions.utils.ResolveMultiAttributeLoginIdentifierFunctionImpl;
 
@@ -53,6 +55,10 @@ protected void activate(ComponentContext ctxt) {
                 new ResolveMultiAttributeLoginIdentifierFunctionImpl();
         jsFunctionRegistry.register(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER,
                 "resolveMultiAttributeLoginIdentifier", resolveMultiAttributeLoginIdentifierFunctionImpl);
+
+        GetMaskedValueFunction getMaskedValueFunctionImpl = new GetMaskedValueFunctionImpl();
+        jsFunctionRegistry.register(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER, "getMaskedValue",
+                getMaskedValueFunctionImpl);
     }
 
     @Deactivate
@@ -63,6 +69,7 @@ protected void deactivate(ComponentContext ctxt) {
             jsFunctionRegistry.deRegister(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER, "filterAuthenticators");
             jsFunctionRegistry.deRegister(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER,
                     "resolveMultiAttributeLoginIdentifier");
+            jsFunctionRegistry.deRegister(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER, "getMaskedValue");
         }
     }
 

components/org.wso2.carbon.identity.conditional.auth.functions.utils/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/utils/GetMaskedValueFunctionImplTest.java

@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.conditional.auth.functions.utils;
+
+import org.testng.Assert;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Parameters;
+import org.testng.annotations.Test;
+import org.testng.annotations.DataProvider;
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
+import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
+import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
+import org.wso2.carbon.identity.application.common.model.ServiceProvider;
+import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
+import org.wso2.carbon.identity.common.testng.WithCarbonHome;
+import org.wso2.carbon.identity.common.testng.WithH2Database;
+import org.wso2.carbon.identity.common.testng.WithRealmService;
+import org.wso2.carbon.identity.conditional.auth.functions.test.utils.sequence.JsSequenceHandlerAbstractTest;
+import org.wso2.carbon.identity.conditional.auth.functions.test.utils.sequence.JsTestException;
+
+import java.util.Collections;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test class for GetMaskedValueFunctionImplTest.
+ */
+@WithCarbonHome
+@WithH2Database(files = "dbscripts/h2.sql")
+@WithRealmService(injectToSingletons = {LoggerUtils.class, FrameworkServiceDataHolder.class})
+public class GetMaskedValueFunctionImplTest extends JsSequenceHandlerAbstractTest {
+
+    @BeforeClass
+    @Parameters({"scriptEngine"})
+    public void setUp(String scriptEngine) throws Exception {
+
+        super.setUp(scriptEngine);
+        CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME = true;
+        sequenceHandlerRunner.registerJsFunction("getMaskedValue",
+                new GetMaskedValueFunctionImpl());
+    }
+
+    @Test(dataProvider = "maskableValueProvider")
+    public void testGetMaskedValue(boolean isLogMaskingEnabled, String username, String expectedMaskedValue)
+            throws JsTestException {
+
+        LoggerUtils.isLogMaskingEnable = isLogMaskingEnabled;
+        sequenceHandlerRunner.addSubjectAuthenticator("BasicMockAuthenticator", username, Collections.emptyMap());
+
+        ServiceProvider sp = sequenceHandlerRunner.loadServiceProviderFromResource("get-masked-value-sp.xml", this);
+        AuthenticationContext context = sequenceHandlerRunner.createAuthenticationContext(sp);
+        SequenceConfig sequenceConfig = sequenceHandlerRunner.getSequenceConfig(context, sp);
+        context.setSequenceConfig(sequenceConfig);
+        context.initializeAnalyticsData();
+
+        HttpServletRequest req = sequenceHandlerRunner.createHttpServletRequest();
+        HttpServletResponse resp = sequenceHandlerRunner.createHttpServletResponse();
+
+        sequenceHandlerRunner.handle(req, resp, context, "test_domain");
+
+        Assert.assertEquals(context.getSelectedAcr(), expectedMaskedValue);
+    }
+
+    @DataProvider(name = "maskableValueProvider")
+    public Object[][] maskableValueProvider() {
+
+        return new Object[][]{
+                {true, "johndoe", "j*****e"},
+                {false, "johndoe", "johndoe"},
+        };
+    }
+}

components/org.wso2.carbon.identity.conditional.auth.functions.utils/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/utils/get-masked-value-sp.xml

@@ -0,0 +1,56 @@
+<!--
+  ~ Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<ServiceProvider>
+    <ApplicationID>1</ApplicationID>
+    <ApplicationName>default</ApplicationName>
+    <Description>Default Service Provider</Description>
+    <LocalAndOutBoundAuthenticationConfig>
+        <AuthenticationSteps>
+            <AuthenticationStep>
+                <StepOrder>1</StepOrder>
+                <LocalAuthenticatorConfigs>
+                    <LocalAuthenticatorConfig>
+                        <Name>BasicMockAuthenticator</Name>
+                        <DisplayName>basicauth</DisplayName>
+                        <IsEnabled>true</IsEnabled>
+                    </LocalAuthenticatorConfig>
+                </LocalAuthenticatorConfigs>
+                <SubjectStep>true</SubjectStep>
+                <AttributeStep>true</AttributeStep>
+            </AuthenticationStep>
+        </AuthenticationSteps>
+        <AuthenticationScript type="application/javascript" enabled="true"><![CDATA[
+
+var onLoginRequest = function(context) {
+    executeStep(1, {
+        onSuccess: function(context) {
+            var username = context.currentKnownSubject.username;
+            var maskedUsername = getMaskedValue(username);
+            Log.info("Masked username of the logged user: " + maskedUsername);
+            context.selectedAcr = maskedUsername;
+        },
+    });
+};
+
+]]></AuthenticationScript>
+        <AuthenticationType>flow</AuthenticationType>
+    </LocalAndOutBoundAuthenticationConfig>
+    <ClaimConfig>
+        <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
+    </ClaimConfig>
+</ServiceProvider>

components/org.wso2.carbon.identity.conditional.auth.functions.utils/src/test/resources/testng.xml

@@ -23,12 +23,14 @@
         <parameter name="scriptEngine" value="nashorn"/>
         <classes>
             <class name="org.wso2.carbon.identity.conditional.auth.functions.utils.ResolveMultiAttributeLoginIdentifierFunctionImplTest"/>
+            <class name="org.wso2.carbon.identity.conditional.auth.functions.utils.GetMaskedValueFunctionImplTest"/>
         </classes>
     </test>
     <test name="org.wso2.carbon.identity.conditional.auth.functions.utils.test.graaljs" parallel="false">
         <parameter name="scriptEngine" value="graaljs"/>
         <classes>
             <class name="org.wso2.carbon.identity.conditional.auth.functions.utils.ResolveMultiAttributeLoginIdentifierFunctionImplTest"/>
+            <class name="org.wso2.carbon.identity.conditional.auth.functions.utils.GetMaskedValueFunctionImplTest"/>
         </classes>
     </test>
 </suite>