Fix the issue https://github.com/wso2/product-is/issues/21192

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/device/constants/Constants.java

@@ -42,6 +42,7 @@ public class Constants {
     public static final String NOT_EXIST = "NOT_EXIST";
     public static final String EXPIRY_TIME = "EXPIRY_TIME";
     public static final String PENDING = "PENDING";
+    public static final String SLOW_DOWN = "SLOW_DOWN";
     public static final String AUTHZ_USER = "AUTHZ_USER";
     public static final String LAST_POLL_TIME = "LAST_POLL_TIME";
     public static final String POLL_TIME = "POLL_TIME";

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/device/dao/DeviceFlowDAOImpl.java

@@ -34,6 +34,7 @@
 import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
 import org.wso2.carbon.identity.oauth2.device.codegenerator.GenerateKeys;
 import org.wso2.carbon.identity.oauth2.device.constants.Constants;
+import org.wso2.carbon.identity.oauth2.device.errorcodes.DeviceErrorCodes;
 import org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO;
 import org.wso2.carbon.identity.oauth2.device.util.DeviceFlowUtil;
 import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
@@ -53,6 +54,8 @@
 import java.util.TimeZone;
 import java.util.UUID;
 
+import static org.wso2.carbon.identity.oauth2.device.constants.Constants.SLOW_DOWN;
+
 /**
  * This class contains override methods of DeviceFlowDAO.
  */
@@ -178,6 +181,9 @@ public DeviceFlowDO getAuthenticationDetails(String deviceCode, String clientId)
         String authenticatedIDP = null;
         String subjectIdentifier = null;
         List<String> scopes = null;
+        String deviceStatus = null;
+        Date date = new Date();
+        Timestamp newPollTime = new Timestamp(date.getTime());
         DeviceFlowDO deviceFlowDO = new DeviceFlowDO();
         try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
              PreparedStatement prepStmt =
@@ -186,12 +192,18 @@ public DeviceFlowDO getAuthenticationDetails(String deviceCode, String clientId)
             prepStmt.setString(2, clientId);
             try (ResultSet resultSet = prepStmt.executeQuery()) {
                 if (resultSet.next()) {
-                    deviceFlowDO.setStatus(resultSet.getString(1));
+                    deviceStatus = resultSet.getString(1);
+                    deviceFlowDO.setStatus(deviceStatus);
                     deviceFlowDO.setLastPollTime(resultSet.getTimestamp(2,
                             Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC))));
                     deviceFlowDO.setPollTime(resultSet.getLong(3));
                     deviceFlowDO.setExpiryTime(resultSet.getTimestamp(4,
                             Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC))));
+
+                    if (!Constants.AUTHORIZED.equals(deviceStatus)) {
+                        handleAuthorizationPending(deviceStatus, newPollTime, deviceFlowDO);
+                    }
+
                     userName = resultSet.getString(5);
                     tenantId = resultSet.getInt(6);
                     userDomain = resultSet.getString(7);
@@ -237,6 +249,18 @@ public DeviceFlowDO getAuthenticationDetails(String deviceCode, String clientId)
         }
     }
 
+    private void handleAuthorizationPending(String deviceStatus, Timestamp newPollTime, DeviceFlowDO deviceFlowDO)
+            throws IdentityOAuth2Exception {
+
+        if (!isWithinValidPollInterval(newPollTime, deviceFlowDO)) {
+            deviceStatus = SLOW_DOWN;
+            throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.SLOW_DOWN,
+                    deviceStatus);
+        }
+        throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.AUTHORIZATION_PENDING,
+                deviceStatus);
+    }
+
     @Override
     @Deprecated
     public DeviceFlowDO getAuthenticationDetails(String deviceCode) throws IdentityOAuth2Exception {
@@ -698,4 +722,16 @@ private List<String> getScopesForCodeId(String codeId, Connection connection) th
         }
         return scopeSet;
     }
+
+    /**
+     * This checks whether polling frequency is correct or not.
+     *
+     * @param newPollTime  Time of the new poll request.
+     * @param deviceFlowDO DO class that contains values from database.
+     * @return true or false.
+     */
+    private boolean isWithinValidPollInterval(Timestamp newPollTime, DeviceFlowDO deviceFlowDO) {
+
+        return newPollTime.getTime() - deviceFlowDO.getLastPollTime().getTime() > deviceFlowDO.getPollTime();
+    }
 }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/device/grant/DeviceFlowGrant.java

@@ -35,6 +35,9 @@
 import java.sql.Timestamp;
 import java.util.Date;
 
+import static org.wso2.carbon.identity.oauth2.device.constants.Constants.PENDING;
+import static org.wso2.carbon.identity.oauth2.device.constants.Constants.SLOW_DOWN;
+
 /**
  * Device flow grant type for Identity Server.
  */
@@ -47,11 +50,11 @@ public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageCon
             IdentityOAuth2Exception {
 
         super.validateGrant(oAuthTokenReqMessageContext);
-        boolean authStatus = false;
         RequestParameter[] parameters = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getRequestParameters();
         String deviceCode = null;
         String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
         String deviceStatus;
+        DeviceFlowDO deviceFlowDO = null;
 
         for (RequestParameter parameter : parameters) {
             if (Constants.DEVICE_CODE.equals(parameter.getKey()) && StringUtils.isNotBlank(parameter.getValue()[0])) {
@@ -64,32 +67,56 @@ public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageCon
             log.debug("Getting ready to release token for device_code: " + deviceCode);
         }
 
-        DeviceFlowDO deviceFlowDO = DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO()
-                .getAuthenticationDetails(deviceCode, clientId);
-        Date date = new Date();
-        deviceStatus = deviceFlowDO.getStatus();
-        deviceFlowDO.setDeviceCode(deviceCode);
-        if (Constants.NOT_EXIST.equals(deviceStatus)) {
-            throw new IdentityOAuth2Exception(DeviceErrorCodes.INVALID_REQUEST, DeviceErrorCodes.INVALID_REQUEST);
+        try {
+            deviceFlowDO = DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO()
+                    .getAuthenticationDetails(deviceCode, clientId);
+            deviceStatus = deviceFlowDO.getStatus();
+            deviceFlowDO.setDeviceCode(deviceCode);
+            setLastPollTime(deviceCode);
+        } catch (IdentityOAuth2Exception e) {
+            deviceStatus = e.getMessage();
+            setLastPollTime(deviceCode);
+            handleInvalidRequests(deviceStatus);
         }
+
+        handleInvalidRequests(deviceStatus, deviceFlowDO);
+        if (Constants.AUTHORIZED.equals(deviceStatus)) {
+            DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().setDeviceCodeExpired(deviceCode,
+                    Constants.EXPIRED);
+            setPropertiesForTokenGeneration(oAuthTokenReqMessageContext, deviceFlowDO);
+        }
+        return true;
+    }
+
+    private void setLastPollTime(String deviceCode)
+            throws IdentityOAuth2Exception {
+
+        Date date = new Date();
         Timestamp newPollTime = new Timestamp(date.getTime());
         DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().setLastPollTime(deviceCode, newPollTime);
-        if (!isWithinValidPollInterval(newPollTime, deviceFlowDO)) {
-            throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.SLOW_DOWN,
-                    DeviceErrorCodes.SubDeviceErrorCodesDescriptions.SLOW_DOWN);
+    }
+
+    private void handleInvalidRequests(String deviceStatus, DeviceFlowDO deviceFlowDO)
+            throws IdentityOAuth2Exception {
+
+        Date date = new Date();
+        if (Constants.NOT_EXIST.equals(deviceStatus)) {
+            throw new IdentityOAuth2Exception(DeviceErrorCodes.INVALID_REQUEST, DeviceErrorCodes.INVALID_REQUEST);
         } else if (Constants.EXPIRED.equals(deviceStatus) || isExpiredDeviceCode(deviceFlowDO, date)) {
             throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.EXPIRED_TOKEN,
                     DeviceErrorCodes.SubDeviceErrorCodesDescriptions.EXPIRED_TOKEN);
-        } else if (Constants.AUTHORIZED.equals(deviceStatus)) {
-            authStatus = true;
-            DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().setDeviceCodeExpired(deviceCode,
-                    Constants.EXPIRED);
-            setPropertiesForTokenGeneration(oAuthTokenReqMessageContext, deviceFlowDO);
-        } else if (Constants.USED.equals(deviceStatus) || Constants.PENDING.equals(deviceStatus)) {
+        }
+    }
+
+    private void handleInvalidRequests(String deviceStatus) throws IdentityOAuth2Exception {
+
+        if (PENDING.equals(deviceStatus)) {
             throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.AUTHORIZATION_PENDING,
                     DeviceErrorCodes.SubDeviceErrorCodesDescriptions.AUTHORIZATION_PENDING);
+        } else if (SLOW_DOWN.equals(deviceStatus)) {
+            throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.SLOW_DOWN,
+                    DeviceErrorCodes.SubDeviceErrorCodesDescriptions.SLOW_DOWN);
         }
-        return authStatus;
     }
 
     /**