From d107f0760ab0872384f477dd7363f2f884bf7b9f Mon Sep 17 00:00:00 2001
From: aka4rKO <akram.arm.7@gmail.com>
Date: Thu, 12 Dec 2024 15:27:48 +0530
Subject: [PATCH 1/2] fixed cds authentication webapp page refresh issue

---
 .../impl/OBCDSAuthServletImpl.java            |   8 +-
 .../impl/OBCDSAuthServletImplTests.java       |   2 +-
 .../ob#authenticationendpoint/WEB-INF/web.xml |  20 +++
 .../oauth2_authz_displayconsent.jsp           | 132 +++++++++++-------
 .../ob#authenticationendpoint/ob_cds.jsp      |  85 +++++++++++
 .../ob_cds_account_selection.jsp              | 103 +++++++-------
 .../ob_cds_profile_selection.jsp              |  21 +--
 7 files changed, 241 insertions(+), 130 deletions(-)
 create mode 100644 toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds.jsp

diff --git a/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/authservlet/impl/OBCDSAuthServletImpl.java b/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/authservlet/impl/OBCDSAuthServletImpl.java
index 6e04b83f..10f74825 100644
--- a/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/authservlet/impl/OBCDSAuthServletImpl.java
+++ b/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/authservlet/impl/OBCDSAuthServletImpl.java
@@ -214,12 +214,8 @@ public Map<String, String> updateConsentMetaData(HttpServletRequest httpServletR
 
     @Override
     public String getJSPPath() {
-        // If profile is already selected, skip the profile selection page
-        if (StringUtils.isBlank(preSelectedProfileId)) {
-            return "/ob_cds_profile_selection.jsp";
-        } else {
-            return "/ob_cds_account_selection.jsp";
-        }
+        // Moving the logic of determining the 1st page (profile selection or account selection) to ob_cds.jsp file
+        return "/ob_cds.jsp";
     }
 
     /**
diff --git a/components/org.wso2.openbanking.cds.consent.extensions/src/test/java/org/wso2/openbanking/cds/consent/extensions/authservlet/impl/OBCDSAuthServletImplTests.java b/components/org.wso2.openbanking.cds.consent.extensions/src/test/java/org/wso2/openbanking/cds/consent/extensions/authservlet/impl/OBCDSAuthServletImplTests.java
index 6949ed60..1144b295 100644
--- a/components/org.wso2.openbanking.cds.consent.extensions/src/test/java/org/wso2/openbanking/cds/consent/extensions/authservlet/impl/OBCDSAuthServletImplTests.java
+++ b/components/org.wso2.openbanking.cds.consent.extensions/src/test/java/org/wso2/openbanking/cds/consent/extensions/authservlet/impl/OBCDSAuthServletImplTests.java
@@ -184,6 +184,6 @@ public void testUpdateConsentMetaData() {
     @Test
     public void testGetJSPPath() {
         String jspPath = obCdsAuthServlet.getJSPPath();
-        Assert.assertEquals(jspPath, "/ob_cds_profile_selection.jsp");
+        Assert.assertEquals(jspPath, "/ob_cds.jsp");
     }
 }
diff --git a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/WEB-INF/web.xml b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/WEB-INF/web.xml
index 276420a9..7eb8bec4 100644
--- a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/WEB-INF/web.xml
+++ b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/WEB-INF/web.xml
@@ -91,6 +91,16 @@
         <url-pattern>/ob_cds_account_selection.do</url-pattern>
     </servlet-mapping>
 
+    <servlet-mapping>
+        <servlet-name>ob_cds_profile_selection.do</servlet-name>
+        <url-pattern>/ob_cds_profile_selection.do</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>ob_cds.do</servlet-name>
+        <url-pattern>/ob_cds.do</url-pattern>
+    </servlet-mapping>
+
     <servlet>
         <servlet-name>retry.do</servlet-name>
         <jsp-file>/generic-exception-response.jsp</jsp-file>
@@ -106,6 +116,16 @@
         <jsp-file>/ob_cds_account_selection.jsp</jsp-file>
     </servlet>
 
+    <servlet>
+        <servlet-name>ob_cds_profile_selection.do</servlet-name>
+        <jsp-file>/ob_cds_profile_selection.jsp</jsp-file>
+    </servlet>
+
+    <servlet>
+        <servlet-name>ob_cds.do</servlet-name>
+        <jsp-file>/ob_cds.jsp</jsp-file>
+    </servlet>
+
     <servlet-mapping>
         <servlet-name>retry.do</servlet-name>
         <url-pattern>/retry.do</url-pattern>
diff --git a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/oauth2_authz_displayconsent.jsp b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/oauth2_authz_displayconsent.jsp
index a0de01d8..a6874c57 100644
--- a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/oauth2_authz_displayconsent.jsp
+++ b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/oauth2_authz_displayconsent.jsp
@@ -28,26 +28,33 @@
 <jsp:include page="includes/consent_top.jsp"/>
 
 <%
-    String sessionDataKeyConsent = getRequestAttribute(request, "sessionDataKeyConsent");
-    String isConsentAmendment = getRequestAttribute(request, "isConsentAmendment");
-    String isSharingDurationUpdated = getRequestAttribute(request, "isSharingDurationUpdated");
-    String accounts = getRequestAttribute(request, "accountsArry[]");
-    String[] accountDisplayNameList = null;
-    String accounNames = getRequestAttribute(request, "accNames");
-    String appName = getRequestAttribute(request, "app");
-    String spFullName = getRequestAttribute(request, "spFullName");
-    String consentId = request.getParameter("id");
-    String userName = request.getParameter("user");
-    String selectedProfileId = getRequestAttribute(request, "selectedProfileId");
-    String selectedProfileName = getRequestAttribute(request, "selectedProfileName");
-    String[] accountList = accounNames.split(":");
-    String consentExpiryDateTime = getRequestAttribute(request, "consent-expiry-date");
+
+    String accounts = (String) getAttribute(request, session, "accountsArry[]", null);
+    session.setAttribute("accounts", accounts);
+
+    String accountNames = (String) getAttribute(request, session, "accNames", null);
+    String[] accountList = accountNames.split(":");
+    session.setAttribute("accountList", accountList);
+
+    String userName = (String) getAttribute(request, session, "user", null);
+    session.setAttribute("userName", userName);
+
+    String selectedProfileName = (String) getAttribute(request, session, "selectedProfileName", null);
+    session.setAttribute("selectedProfileName", selectedProfileName);
+
+    String consentExpiryDateTime = (String) getAttribute(request, session, "consent_expiration", null);
+
     String consentExpiryDate = consentExpiryDateTime.split("T")[0];
+    session.setAttribute("consentExpiryDate", consentExpiryDate);
+
     DateTimeFormatter dtf = DateTimeFormatter.ofPattern("yyyy-MM-dd");
     LocalDateTime now = LocalDateTime.now();
     String currentDate = dtf.format(now);
+    session.setAttribute("currentDate", currentDate);
+
     Map<String, List<String>> consentData;
     Map<String, List<String>> newConsentData;
+    String selectedProfileId = (String) getAttribute(request, session, "selectedProfileId", null);
     if ("individual_profile".equalsIgnoreCase(selectedProfileId)) {
         consentData = (Map<String, List<String>>) session.getAttribute("configParamsMap");
         newConsentData = (Map<String, List<String>>) session.getAttribute("newConfigParamsMap");
@@ -55,10 +62,10 @@
         consentData = (Map<String, List<String>>) session.getAttribute("business_data_cluster");
         newConsentData = (Map<String, List<String>>) session.getAttribute("new_business_data_cluster");
     }
+    session.setAttribute("consentData", consentData);
+    session.setAttribute("newConsentData", newConsentData);
     session.setAttribute("configParamsMap", consentData);
     session.setAttribute("newConfigParamsMap", newConsentData);
-    session.setAttribute("isConsentAmendment", isConsentAmendment);
-    session.setAttribute("isSharingDurationUpdated", isSharingDurationUpdated);
 
     boolean isSharedWithinDay = true;
     if (!"Single use consent".equals(consentExpiryDateTime)) {
@@ -69,16 +76,20 @@
         }
     }
     session.setAttribute("isSharedWithinDay", isSharedWithinDay);
-    String nameClaims = (String) session.getAttribute("nameClaims");
-    String contactClaims = (String) session.getAttribute("contactClaims");
-    boolean skipAccounts = (boolean) session.getAttribute("skipAccounts");
+
     int sharingDurationValue = 0;
-    if (getRequestAttribute(request, "sharing_duration_value") != null) {
-        sharingDurationValue = Integer.parseInt(getRequestAttribute(request, "sharing_duration_value"));
+    if (getAttribute(request, session, "sharing_duration_value", null) != null) {
+        sharingDurationValue = Integer.parseInt(getAttribute(request, session, "sharing_duration_value", null).toString());
+        session.setAttribute("sharingDurationValue", sharingDurationValue);
     }
+
+    boolean skipAccounts = (boolean) session.getAttribute("skipAccounts");
+    String[] accountDisplayNameList = null;
     if (!skipAccounts) {
-        accountDisplayNameList = getRequestAttribute(request, "accDisplayNames").split(":");
+        accountDisplayNameList = ((String) getAttribute(request, session, "accDisplayNames", null)).split(":");
+        session.setAttribute("accountDisplayNameList", accountDisplayNameList);
     }
+
 %>
 
 <div class="col-xs-12 col-sm-12 col-md-12 col-lg-12">
@@ -88,7 +99,7 @@
         <div class="login-form">
             <div class="form-group ui form">
                 <div class="col-md-12 ui box">
-                    <h3 class="ui header"><strong><%=spFullName%>
+                    <h3 class="ui header"><strong>${sp_full_name}
                     </strong> requests account details on your account.</h3>
     
                     <% if (!skipAccounts) { %>
@@ -103,8 +114,8 @@
                                     %>
                                         <li>
                                             <strong><% out.println(accountList[i]); %></strong><br>
-                                            <span class ="accountIdClass" id="<% out.println(accountDisplayNameList[i]);%>">
-                                                <small><% out.println(accountDisplayNameList[i]);%></small>
+                                            <span class ="accountIdClass" id="${accountDisplayNameList[i]}">
+                                                <small>${accountDisplayNameList[i]}</small>
                                             </span>
                                         </li><br>
                                     <%
@@ -117,7 +128,7 @@
                     <h4 class="section-heading-5 ui subheading">Data requested:</h4>
 
                     <!--Display requested data-->
-                    <c:forEach items="<%=consentData%>" var="record">
+                    <c:forEach items="${consentData}" var="record">
                         <div class="padding" style="border:1px solid #555;">
                             <button type="button" class="collapsible">${record.key}</button>
                             <div class="content">
@@ -138,7 +149,7 @@
                     </c:forEach>
                     <!--Display newly added requested data (Upon consent Amendment)-->
                     <c:if test="${not empty newConfigParamsMap}">
-                        <c:forEach items="<%=newConsentData%>" var="record">
+                        <c:forEach items="${newConsentData}" var="record">
                             <div class="padding" style="border:1px solid #555;">
                                 <button type="button" class="collapsible">${record.key}
                                     <span style="border: 1px solid #1b2c8f;color:#1b2c8f;font-weight:bold;background-color:#f4f5fd">New</span>
@@ -150,11 +161,11 @@
                                         </c:forEach>
                                     </ul>
                                     <c:if test="${(record.key eq 'Name')}">
-                                        <u class="ui body col-md-12"> Updated claims & scopes : <%=nameClaims%>
+                                        <u class="ui body col-md-12"> Updated claims & scopes : ${nameClaims}
                                         </u>
                                     </c:if>
                                     <c:if test="${(record.key eq 'Contact Details')}">
-                                        <u class="ui body col-md-12"> Updated claims : <%=contactClaims%> </u>
+                                        <u class="ui body col-md-12"> Updated claims : ${contactClaims} </u>
                                     </c:if>
                                     <c:if test="${(record.key eq 'Account name, type, and balance') ||
                                     (record.key eq 'Account balance and details') || (record.key eq 'Transaction details')
@@ -175,7 +186,7 @@
                             <c:when test="${!isSharedWithinDay}">
                                 <div class="padding-top ui subheading">
                                     Your data will be shared for the given sharing period :
-                                    <button type="button" class="collapsible" id="consent-expiry-date"> <%=currentDate%> - <%=consentExpiryDate%>
+                                    <button type="button" class="collapsible" id="consent-expiry-date"> ${currentDate} - ${consentExpiryDate}
                                         <c:if test="${isConsentAmendment && isSharingDurationUpdated}">
                                             <span style="border: 1px solid #1b2c8f;color:#1b2c8f;font-weight:bold;background-color:#f4f5fd">New</span>
                                         </c:if>
@@ -204,12 +215,12 @@
 
                      <div class="padding-top ui subheading">Where to manage this arrangement :
                         <h5 class="section-heading-5 padding-left ui subheading">
-                            <span> You can review and manage this arrangement on the Data Sharing dashboard by going to Settings>Data Sharing on the <%=spFullName%> website or app.</span>
+                            <span> You can review and manage this arrangement on the Data Sharing dashboard by going to Settings>Data Sharing on the ${sp_full_name} website or app.</span>
                         </h5>
                     </div>
                     <div class="padding-top ui subheading">If you want to stop sharing this data :
                         <h5 class="section-heading-5 padding-left ui subheading">
-                            <span> You can request us to stop sharing your data on your Data Sharing dashboard or by writing to <%=spFullName%> email.</span>
+                            <span> You can request us to stop sharing your data on your Data Sharing dashboard or by writing to ${sp_full_name} email.</span>
                         </h5>
                     </div>
                     <div class="ui">
@@ -217,7 +228,7 @@
                         If you want to stop sharing data, you can request us to stop sharing data on your data sharing
                         dashboard.
                         </br>
-                        Do you confirm that we can share your data with <%=spFullName%>?
+                        Do you confirm that we can share your data with ${sp_full_name}?
                     </div>
                 </div>
             </div>
@@ -233,15 +244,15 @@
                                onclick="javascript: approvedAU(); return false;"
                                value="Authorise"/>
                         <input type="hidden" id="hasApprovedAlways" name="hasApprovedAlways" value="false"/>
-                        <input type="hidden" name="sessionDataKeyConsent" value="<%=sessionDataKeyConsent%>"/>
+                        <input type="hidden" name="sessionDataKeyConsent" value="${sessionDataKeyConsent}"/>
                         <input type="hidden" name="consent" id="consent" value="deny"/>
-                        <input type="hidden" name="app" id="app" value="<%=appName%>"/>
+                        <input type="hidden" name="app" id="app" value="${app}"/>
                         <input type="hidden" name="type" id="type" value="accounts"/>
-                        <input type="hidden" name="accounts[]" id="account" value="<%=accounts%>">
-                        <input type="hidden" name="spFullName" id="spFullName" value="<%=spFullName%>"/>
-                        <input type="hidden" name="user" id="user" value="<%=userName%>"/>
-                        <input type="hidden" name="selectedProfileId" id="selectedProfileId" value="<%=selectedProfileId%>"/>
-                        <input type="hidden" name="selectedProfileName" id="selectedProfileName" value="<%=selectedProfileName%>"/>
+                        <input type="hidden" name="accounts[]" id="account" value="${accounts}">
+                        <input type="hidden" name="spFullName" id="spFullName" value="${sp_full_name}"/>
+                        <input type="hidden" name="user" id="user" value="${userName}"/>
+                        <input type="hidden" name="selectedProfileId" id="selectedProfileId" value="${selectedProfileId}"/>
+                        <input type="hidden" name="selectedProfileName" id="selectedProfileName" value="${selectedProfileName}"/>
                     </div>
                 </div>
             </div>
@@ -264,8 +275,8 @@
 
 <script>
     $(document).ready(function(){
-        var consentExpiryDate = "<%=consentExpiryDateTime%>";
-        var sharingDurationValue = "<%=sharingDurationValue%>";
+        var consentExpiryDate = "${consent_expiration}";
+        var sharingDurationValue = "${sharingDurationValue}";
         var output = "";
         var finalOutput = "";
 
@@ -342,23 +353,42 @@
         }
       });
     }
+
 </script>
 
 <jsp:include page="includes/consent_bottom.jsp"/>
 <%!
     /**
-     * Method to retrieve request attributes from request attributes or request parameters.
+     * Retrieves an attribute from the request scope first and falls back to the session scope
+     * if not found in the request. If the attribute is not found in either scope, a default
+     * value is returned.
      *
-     * @param request http servlet request
-     * @param attributeName attribute name
-     * @return attribute value
+     * @param request       the HttpServletRequest object to check for the attribute.
+     * @param session       the HttpSession object to check for the attribute if not found in the request.
+     * @param attributeName the name of the attribute to retrieve.
+     * @param defaultValue  the default value to return if the attribute is not found in both the request and session.
+     * @return the value of the attribute as an Object, or the default value if the attribute is not found.
      */
-    private String getRequestAttribute(HttpServletRequest request, String attributeName) {
+    private Object getAttribute(HttpServletRequest request, HttpSession session, String attributeName,
+                                Object defaultValue) {
+        // Check in the request first
+        Object requestAttribute = request.getAttribute(attributeName);
+        if (requestAttribute != null) {
+            return requestAttribute;
+        }
 
-        if (request.getAttribute(attributeName) != null) {
-            return String.valueOf(request.getAttribute(attributeName));
-        } else {
-            return request.getParameter(attributeName);
+        String requestParameter = request.getParameter(attributeName);
+        if (requestParameter != null) {
+            return requestParameter;
         }
+
+        // Fallback to session if not found in the request
+        Object sessionAttribute = session.getAttribute(attributeName);
+        if (sessionAttribute != null) {
+            return sessionAttribute;
+        }
+
+        // Return the default value if not found
+        return defaultValue;
     }
 %>
diff --git a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds.jsp b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds.jsp
new file mode 100644
index 00000000..1ede19ad
--- /dev/null
+++ b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds.jsp
@@ -0,0 +1,85 @@
+<%--
+ ~ Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com).
+ ~
+ ~ WSO2 LLC. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except
+ ~ in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~     http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ --%>
+
+<%
+
+    session.setAttribute("accounts_data", getAttribute(request, session, "accounts_data", null));
+    session.setAttribute("profiles_data", getAttribute(request, session, "profiles_data", null));
+    session.setAttribute("sp_full_name", getAttribute(request, session, "sp_full_name", null));
+    session.setAttribute("redirectURL", getAttribute(request, session, "redirectURL", null));
+    session.setAttribute("consent_expiration", getAttribute(request, session, "consent_expiration", null));
+    session.setAttribute("account_masking_enabled", getAttribute(request, session, "account_masking_enabled", null));
+    session.setAttribute("isConsentAmendment", getAttribute(request, session, "isConsentAmendment", null));
+    session.setAttribute("skipAccounts", getAttribute(request, session, "customerScopesOnly", null));
+    session.setAttribute("isSharingDurationUpdated", getAttribute(request, session, "isSharingDurationUpdated", null));
+    session.setAttribute("app", getAttribute(request, session, "app", null));
+    session.setAttribute("configParamsMap", getAttribute(request, session, "data_requested", null));
+    session.setAttribute("newConfigParamsMap", getAttribute(request, session, "new_data_requested", null));
+    session.setAttribute("business_data_cluster", getAttribute(request, session, "business_data_cluster", null));
+    session.setAttribute("new_business_data_cluster", getAttribute(request, session, "new_business_data_cluster", null));
+    session.setAttribute("state", getAttribute(request, session, "state", null));
+    session.setAttribute("sharing_duration_value", getAttribute(request, session, "sharing_duration_value", null));
+    session.setAttribute("customerScopesOnly", getAttribute(request, session, "customerScopesOnly", null));
+    session.setAttribute("nameClaims", getAttribute(request, session, "nameClaims", ""));
+    session.setAttribute("contactClaims", getAttribute(request, session, "contactClaims", ""));
+
+    String preSelectedProfileId = (String) getAttribute(request, session, "preSelectedProfileId", null);
+    if (preSelectedProfileId == null || "".equals(preSelectedProfileId)) {
+        response.sendRedirect("ob_cds_profile_selection.do");
+    } else {
+        session.setAttribute("preSelectedProfileId", preSelectedProfileId);
+        response.sendRedirect("ob_cds_account_selection.do");
+    }
+
+%>
+
+<%!
+    /**
+     * Retrieves an attribute from the request scope first and falls back to the session scope
+     * if not found in the request. If the attribute is not found in either scope, a default
+     * value is returned.
+     *
+     * @param request       the HttpServletRequest object to check for the attribute.
+     * @param session       the HttpSession object to check for the attribute if not found in the request.
+     * @param attributeName the name of the attribute to retrieve.
+     * @param defaultValue  the default value to return if the attribute is not found in both the request and session.
+     * @return the value of the attribute as an Object, or the default value if the attribute is not found.
+     */
+    private Object getAttribute(HttpServletRequest request, HttpSession session, String attributeName,
+                                Object defaultValue) {
+        // Check in the request first
+        Object requestAttribute = request.getAttribute(attributeName);
+        if (requestAttribute != null) {
+            return requestAttribute;
+        }
+
+        String requestParameter = request.getParameter(attributeName);
+        if (requestParameter != null) {
+            return requestParameter;
+        }
+
+        // Fallback to session if not found in the request
+        Object sessionAttribute = session.getAttribute(attributeName);
+        if (sessionAttribute != null) {
+            return sessionAttribute;
+        }
+
+        // Return the default value if not found
+        return defaultValue;
+    }
+%>
\ No newline at end of file
diff --git a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_account_selection.jsp b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_account_selection.jsp
index c49b1fe1..f67b92bf 100644
--- a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_account_selection.jsp
+++ b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_account_selection.jsp
@@ -24,61 +24,19 @@
 <%@ page import ="javax.servlet.RequestDispatcher"%>
 <%@ page import="org.owasp.encoder.Encode" %>
 <%
-    String preSelectedProfileId = (String) request.getAttribute("preSelectedProfileId");
+
+    String preSelectedProfileId = (String) getAttribute(request, session, "preSelectedProfileId", null);
     String selectedProfileId = (preSelectedProfileId == null || "".equals(preSelectedProfileId)) ?
-            request.getParameter("selectedProfileId") : preSelectedProfileId;
-    boolean isConsentAmendment = request.getAttribute("isConsentAmendment") != null ?
-            (boolean) request.getAttribute("isConsentAmendment") : false;
-    Object nameClaims = request.getAttribute("nameClaims");
-    String nameClaimsString = nameClaims != null ? (String) nameClaims : "";
-    session.setAttribute("nameClaims", nameClaimsString);
-    Object contactClaims = request.getAttribute("contactClaims");
-    String contactClaimsString = contactClaims != null ? (String) contactClaims : "";
-    session.setAttribute("contactClaims", contactClaimsString);
-
-    if (session.getAttribute("profiles_data") == null || isConsentAmendment) {
-        session.setAttribute("profiles_data", request.getAttribute("profiles_data"));
-    }
-    if (session.getAttribute("configParamsMap") == null || isConsentAmendment) {
-        session.setAttribute("configParamsMap", request.getAttribute("data_requested"));
-    }
-    if (session.getAttribute("newConfigParamsMap") == null || isConsentAmendment) {
-        session.setAttribute("newConfigParamsMap", request.getAttribute("new_data_requested"));
-    }
-    if (session.getAttribute("business_data_cluster") == null || isConsentAmendment) {
-        session.setAttribute("business_data_cluster", request.getAttribute("business_data_cluster"));
-    }
-    if (session.getAttribute("new_business_data_cluster") == null || isConsentAmendment) {
-        session.setAttribute("new_business_data_cluster", request.getAttribute("new_business_data_cluster"));
-    }
-    if (session.getAttribute("skipAccounts") == null || isConsentAmendment) {
-        session.setAttribute("skipAccounts", request.getAttribute("customerScopesOnly"));
-    }
-    
+            (String) getAttribute(request, session, "selectedProfileId", null) : preSelectedProfileId;
+    session.setAttribute("selectedProfileId", selectedProfileId);
+
     boolean skipAccounts = (boolean) session.getAttribute("skipAccounts");
     if (skipAccounts) {
-    	RequestDispatcher requestDispatcher = request.getRequestDispatcher("/oauth2_authz_consent.do");
-        request.setAttribute("sessionDataKeyConsent", Encode.forHtmlAttribute(
-                String.valueOf(session.getAttribute("sessionDataKeyConsent"))));
-        request.setAttribute("isConsentAmendment", isConsentAmendment);
-        Object isSharingDurationUpdated = request.getAttribute("isSharingDurationUpdated") != null ?
-                request.getAttribute("isSharingDurationUpdated") : session.getAttribute("isSharingDurationUpdated");
-        request.setAttribute("isSharingDurationUpdated", isSharingDurationUpdated);
-        request.setAttribute("accountsArry[]", "unavailable");
-        request.setAttribute("accNames", "");
-        Object app = request.getAttribute("app") != null ? request.getAttribute("app") : session.getAttribute("app");
-        request.setAttribute("app", app);
-        Object spFullName = request.getAttribute("sp_full_name") != null ?
-                request.getAttribute("sp_full_name") : session.getAttribute("sp_full_name");
-        request.setAttribute("spFullName", spFullName);
-        request.setAttribute("selectedProfileId", selectedProfileId);
-        request.setAttribute("selectedProfileName", session.getAttribute("selectedProfileName"));
-        Object consentExpiryDateTime = request.getAttribute("consent_expiration") != null ?
-                request.getAttribute("consent_expiration") : session.getAttribute("consent_expiration");
-        request.setAttribute("consent-expiry-date", consentExpiryDateTime);
-        request.setAttribute("sharing_duration_value", session.getAttribute("sharing_duration_value"));
-        requestDispatcher.forward(request, response);
+        session.setAttribute("accountsArry[]", "unavailable");
+        session.setAttribute("accNames", "");
+        response.sendRedirect("oauth2_authz_consent.do");
     }
+
 %>
 
 <div class="row data-container">
@@ -98,7 +56,7 @@
             <div>
                 <c:if test="${not empty accounts_data}">
                     <%--Get account ids for the selected profile--%>
-                    <c:set var="selectedProfileId" scope="session" value="<%=selectedProfileId%>"/>
+                    <c:set var="selectedProfileId" scope="session" value="${selectedProfileId}"/>
                     <c:forEach items="${profiles_data}" var="profile">
                         <c:if test="${profile['profileId'] eq selectedProfileId}">
                             <c:set var="profileAccountIds" value="${profile['accountIds']}" />
@@ -183,15 +141,15 @@
                     <input type="hidden" name="sessionDataKeyConsent" value="${sessionDataKeyConsent}"/>
                     <input type="hidden" name="consent" id="consent" value="deny"/>
                     <input type="hidden" name="app" id="app" value="${app}"/>
-                    <input type="hidden" name="spFullName" id="app" value="${sp_full_name}"/>
+                    <input type="hidden" name="sp_full_name" id="app" value="${sp_full_name}"/>
                     <input type="hidden" name="accountsArry[]" id="account" value=""/>
                     <input type="hidden" name="accNames" id="accountName" value=""/>
                     <input type="hidden" name="accDisplayNames" id="accountDisplayName" value=""/>
                     <input type="hidden" name="type" id="type" value="accounts"/>
-                    <input type="hidden" name="consent-expiry-date" id="consentExp" value="${consent_expiration}"/>
+                    <input type="hidden" name="consent_expiration" id="consentExp" value="${consent_expiration}"/>
                     <input type="hidden" name="isConsentAmendment" id="isConsentAmendment" value="${isConsentAmendment}"/>
                     <input type="hidden" name="isSharingDurationUpdated" id="isSharingDurationUpdated" value="${isSharingDurationUpdated}"/>
-                    <input type="hidden" name="selectedProfileId" id="selectedProfileId" value="<%=selectedProfileId%>"/>
+                    <input type="hidden" name="selectedProfileId" id="selectedProfileId" value="${selectedProfileId}"/>
                     <input type="hidden" name="selectedProfileName" id="selectedProfileName" value="${selectedProfileName}"/>
                     <input type="hidden" name="sharing_duration_value" id="sharing_duration_value" value="${sharing_duration_value}"/>
                 </div>
@@ -331,3 +289,38 @@
 </script>
 
 <jsp:include page="includes/consent_bottom.jsp"/>
+<%!
+    /**
+     * Retrieves an attribute from the request scope first and falls back to the session scope
+     * if not found in the request. If the attribute is not found in either scope, a default
+     * value is returned.
+     *
+     * @param request       the HttpServletRequest object to check for the attribute.
+     * @param session       the HttpSession object to check for the attribute if not found in the request.
+     * @param attributeName the name of the attribute to retrieve.
+     * @param defaultValue  the default value to return if the attribute is not found in both the request and session.
+     * @return the value of the attribute as an Object, or the default value if the attribute is not found.
+     */
+    private Object getAttribute(HttpServletRequest request, HttpSession session, String attributeName,
+                                Object defaultValue) {
+        // Check in the request first
+        Object requestAttribute = request.getAttribute(attributeName);
+        if (requestAttribute != null) {
+            return requestAttribute;
+        }
+
+        String requestParameter = request.getParameter(attributeName);
+        if (requestParameter != null) {
+            return requestParameter;
+        }
+
+        // Fallback to session if not found in the request
+        Object sessionAttribute = session.getAttribute(attributeName);
+        if (sessionAttribute != null) {
+            return sessionAttribute;
+        }
+
+        // Return the default value if not found
+        return defaultValue;
+    }
+%>
diff --git a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_profile_selection.jsp b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_profile_selection.jsp
index 271a43c0..b37befa4 100644
--- a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_profile_selection.jsp
+++ b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_profile_selection.jsp
@@ -21,23 +21,9 @@
 
 <jsp:include page="includes/consent_top.jsp"/>
 <%
-    session.setAttribute("accounts_data", request.getAttribute("accounts_data"));
-    session.setAttribute("profiles_data", request.getAttribute("profiles_data"));
-    session.setAttribute("sp_full_name", request.getAttribute("sp_full_name"));
-    session.setAttribute("redirectURL", request.getAttribute("redirectURL"));
-    session.setAttribute("consent_expiration", request.getAttribute("consent_expiration"));
-    session.setAttribute("account_masking_enabled", request.getAttribute("account_masking_enabled"));
-    session.setAttribute("isConsentAmendment", request.getAttribute("isConsentAmendment"));
-    session.setAttribute("skipAccounts", request.getAttribute("customerScopesOnly"));
-    session.setAttribute("isSharingDurationUpdated", request.getAttribute("isSharingDurationUpdated"));
-    session.setAttribute("app", request.getAttribute("app"));
-    session.setAttribute("configParamsMap", request.getAttribute("data_requested"));
-    session.setAttribute("newConfigParamsMap", request.getAttribute("new_data_requested"));
-    session.setAttribute("business_data_cluster", request.getAttribute("business_data_cluster"));
-    session.setAttribute("new_business_data_cluster", request.getAttribute("new_business_data_cluster"));
-    session.setAttribute("state", request.getAttribute("state"));
-    session.setAttribute("sharing_duration_value", request.getAttribute("sharing_duration_value"));
+
     String popoverTemplate = "<div class='popover dark-bg' role='tooltip'><div class='arrow'></div><h6 class='popover-title dark-bg'></h6><div class='popover-content'></div></div>";
+
 %>
 <div class="row data-container">
     <div class="clearfix"></div>
@@ -63,7 +49,7 @@
                             <label for="${record['profileName']}">
                                 <input type="radio" id="${record['profileName']}" name="optProfiles"
                                     value="${record['profileId']}" data-profile-name="${record['profileName']}"
-                                onclick="setSelectedProfile()"/>
+                                onclick="setSelectedProfile()" required/>
                                 ${record['profileName']}
                             </label>
                             <br/>
@@ -178,6 +164,7 @@
         selectedProfileIdInput.value = selectedProfileId;
         selectedProfileNameInput.value = selectedProfileName;
     }
+
 </script>
 
 <jsp:include page="includes/consent_bottom.jsp"/>

From e8b57c4e1e7e6c5ea00e63e77c45158c3556d15e Mon Sep 17 00:00:00 2001
From: aka4rKO <akram.arm.7@gmail.com>
Date: Thu, 12 Dec 2024 16:55:28 +0530
Subject: [PATCH 2/2] refactored code

---
 .../util/CDSConsentExtensionsUtil.java        | 37 ++++++++++++++++++
 .../oauth2_authz_displayconsent.jsp           | 37 +-----------------
 .../ob#authenticationendpoint/ob_cds.jsp      | 38 +------------------
 .../ob_cds_account_selection.jsp              | 37 +-----------------
 4 files changed, 43 insertions(+), 106 deletions(-)

diff --git a/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/util/CDSConsentExtensionsUtil.java b/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/util/CDSConsentExtensionsUtil.java
index 27ebd4f0..ebff83f9 100644
--- a/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/util/CDSConsentExtensionsUtil.java
+++ b/components/org.wso2.openbanking.cds.consent.extensions/src/main/java/org/wso2/openbanking/cds/consent/extensions/util/CDSConsentExtensionsUtil.java
@@ -32,6 +32,9 @@
 
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
 /**
  * Util class for CDSConsentExtensions.
  */
@@ -117,4 +120,38 @@ public static boolean isLegalEntityBlockedForAccountAndUser(String accountID, St
                     "Error occurred while retrieving account metadata");
         }
     }
+
+    /**
+     * Retrieves an attribute from the request scope first and falls back to the session scope
+     * if not found in the request. If the attribute is not found in either scope, a default
+     * value is returned.
+     *
+     * @param request       the HttpServletRequest object to check for the attribute.
+     * @param session       the HttpSession object to check for the attribute if not found in the request.
+     * @param attributeName the name of the attribute to retrieve.
+     * @param defaultValue  the default value to return if the attribute is not found in both the request and session.
+     * @return the value of the attribute as an Object, or the default value if the attribute is not found.
+     */
+    public static Object getAttribute(HttpServletRequest request, HttpSession session, String attributeName,
+                                Object defaultValue) {
+        // Check in the request first
+        Object requestAttribute = request.getAttribute(attributeName);
+        if (requestAttribute != null) {
+            return requestAttribute;
+        }
+
+        String requestParameter = request.getParameter(attributeName);
+        if (requestParameter != null) {
+            return requestParameter;
+        }
+
+        // Fallback to session if not found in the request
+        Object sessionAttribute = session.getAttribute(attributeName);
+        if (sessionAttribute != null) {
+            return sessionAttribute;
+        }
+
+        // Return the default value if not found
+        return defaultValue;
+    }
 }
diff --git a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/oauth2_authz_displayconsent.jsp b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/oauth2_authz_displayconsent.jsp
index a6874c57..15b17dbb 100644
--- a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/oauth2_authz_displayconsent.jsp
+++ b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/oauth2_authz_displayconsent.jsp
@@ -25,6 +25,8 @@
 <%@ page import="java.time.LocalDateTime" %>
 <%@ page import="java.time.OffsetDateTime" %>
 <%@ page import="java.time.ZoneOffset" %>
+<%@ page import ="static org.wso2.openbanking.cds.consent.extensions.util.CDSConsentExtensionsUtil.getAttribute"%>
+
 <jsp:include page="includes/consent_top.jsp"/>
 
 <%
@@ -357,38 +359,3 @@
 </script>
 
 <jsp:include page="includes/consent_bottom.jsp"/>
-<%!
-    /**
-     * Retrieves an attribute from the request scope first and falls back to the session scope
-     * if not found in the request. If the attribute is not found in either scope, a default
-     * value is returned.
-     *
-     * @param request       the HttpServletRequest object to check for the attribute.
-     * @param session       the HttpSession object to check for the attribute if not found in the request.
-     * @param attributeName the name of the attribute to retrieve.
-     * @param defaultValue  the default value to return if the attribute is not found in both the request and session.
-     * @return the value of the attribute as an Object, or the default value if the attribute is not found.
-     */
-    private Object getAttribute(HttpServletRequest request, HttpSession session, String attributeName,
-                                Object defaultValue) {
-        // Check in the request first
-        Object requestAttribute = request.getAttribute(attributeName);
-        if (requestAttribute != null) {
-            return requestAttribute;
-        }
-
-        String requestParameter = request.getParameter(attributeName);
-        if (requestParameter != null) {
-            return requestParameter;
-        }
-
-        // Fallback to session if not found in the request
-        Object sessionAttribute = session.getAttribute(attributeName);
-        if (sessionAttribute != null) {
-            return sessionAttribute;
-        }
-
-        // Return the default value if not found
-        return defaultValue;
-    }
-%>
diff --git a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds.jsp b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds.jsp
index 1ede19ad..b8ff2d33 100644
--- a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds.jsp
+++ b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds.jsp
@@ -16,6 +16,8 @@
  ~ under the License.
  --%>
 
+<%@ page import ="static org.wso2.openbanking.cds.consent.extensions.util.CDSConsentExtensionsUtil.getAttribute"%>
+
 <%
 
     session.setAttribute("accounts_data", getAttribute(request, session, "accounts_data", null));
@@ -47,39 +49,3 @@
     }
 
 %>
-
-<%!
-    /**
-     * Retrieves an attribute from the request scope first and falls back to the session scope
-     * if not found in the request. If the attribute is not found in either scope, a default
-     * value is returned.
-     *
-     * @param request       the HttpServletRequest object to check for the attribute.
-     * @param session       the HttpSession object to check for the attribute if not found in the request.
-     * @param attributeName the name of the attribute to retrieve.
-     * @param defaultValue  the default value to return if the attribute is not found in both the request and session.
-     * @return the value of the attribute as an Object, or the default value if the attribute is not found.
-     */
-    private Object getAttribute(HttpServletRequest request, HttpSession session, String attributeName,
-                                Object defaultValue) {
-        // Check in the request first
-        Object requestAttribute = request.getAttribute(attributeName);
-        if (requestAttribute != null) {
-            return requestAttribute;
-        }
-
-        String requestParameter = request.getParameter(attributeName);
-        if (requestParameter != null) {
-            return requestParameter;
-        }
-
-        // Fallback to session if not found in the request
-        Object sessionAttribute = session.getAttribute(attributeName);
-        if (sessionAttribute != null) {
-            return sessionAttribute;
-        }
-
-        // Return the default value if not found
-        return defaultValue;
-    }
-%>
\ No newline at end of file
diff --git a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_account_selection.jsp b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_account_selection.jsp
index f67b92bf..7abe3785 100644
--- a/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_account_selection.jsp
+++ b/toolkits/ob-is/carbon-home/repository/deployment/server/webapps/ob#authenticationendpoint/ob_cds_account_selection.jsp
@@ -23,6 +23,8 @@
 <jsp:include page="includes/consent_top.jsp"/>
 <%@ page import ="javax.servlet.RequestDispatcher"%>
 <%@ page import="org.owasp.encoder.Encode" %>
+<%@ page import ="static org.wso2.openbanking.cds.consent.extensions.util.CDSConsentExtensionsUtil.getAttribute"%>
+
 <%
 
     String preSelectedProfileId = (String) getAttribute(request, session, "preSelectedProfileId", null);
@@ -289,38 +291,3 @@
 </script>
 
 <jsp:include page="includes/consent_bottom.jsp"/>
-<%!
-    /**
-     * Retrieves an attribute from the request scope first and falls back to the session scope
-     * if not found in the request. If the attribute is not found in either scope, a default
-     * value is returned.
-     *
-     * @param request       the HttpServletRequest object to check for the attribute.
-     * @param session       the HttpSession object to check for the attribute if not found in the request.
-     * @param attributeName the name of the attribute to retrieve.
-     * @param defaultValue  the default value to return if the attribute is not found in both the request and session.
-     * @return the value of the attribute as an Object, or the default value if the attribute is not found.
-     */
-    private Object getAttribute(HttpServletRequest request, HttpSession session, String attributeName,
-                                Object defaultValue) {
-        // Check in the request first
-        Object requestAttribute = request.getAttribute(attributeName);
-        if (requestAttribute != null) {
-            return requestAttribute;
-        }
-
-        String requestParameter = request.getParameter(attributeName);
-        if (requestParameter != null) {
-            return requestParameter;
-        }
-
-        // Fallback to session if not found in the request
-        Object sessionAttribute = session.getAttribute(attributeName);
-        if (sessionAttribute != null) {
-            return sessionAttribute;
-        }
-
-        // Return the default value if not found
-        return defaultValue;
-    }
-%>