From 885806ff24d02d8fb8aa6d78af9b55c408274071 Mon Sep 17 00:00:00 2001 From: Pierre Mauduit Date: Wed, 31 Jan 2024 17:14:00 +0100 Subject: [PATCH] fixing conflicts / compilation / testsuite after rebasing --- .../admin/AbstractAccountsManager.java | 6 ++--- .../admin/CreateAccountUserCustomizer.java | 2 +- .../admin/ldap/LdapAccountsManager.java | 9 ++++---- .../RabbitmqAccountCreatedEventSender.java | 23 +++++++++++-------- .../GatewaySecurityConfiguration.java | 1 - .../security/oauth2/OAuth2UserMapper.java | 5 ++-- .../oauth2/OpenIdConnectUserMapper.java | 2 ++ .../RolesMappingsUserCustomizerIT.java | 4 ++-- 8 files changed, 29 insertions(+), 23 deletions(-) diff --git a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/AbstractAccountsManager.java b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/AbstractAccountsManager.java index 5e384f38..e341325b 100644 --- a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/AbstractAccountsManager.java +++ b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/AbstractAccountsManager.java @@ -50,8 +50,8 @@ protected Optional find(GeorchestraUser mappedUser) { } protected Optional findInternal(GeorchestraUser mappedUser) { - if (null != mappedUser.getOAuth2ProviderId()) { - return findByOAuth2ProviderId(mappedUser.getOAuth2ProviderId()); + if ((null != mappedUser.getOAuth2Provider()) && (null != mappedUser.getOAuth2Uid())) { + return findByOAuth2Uid(mappedUser.getOAuth2Provider(), mappedUser.getOAuth2Uid()); } return findByUsername(mappedUser.getUsername()); } @@ -73,7 +73,7 @@ GeorchestraUser createIfMissing(GeorchestraUser mapped) { } } - protected abstract Optional findByOAuth2ProviderId(String oauth2ProviderId); + protected abstract Optional findByOAuth2Uid(String oauth2Provider, String oauth2Uid); protected abstract Optional findByUsername(String username); diff --git a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/CreateAccountUserCustomizer.java b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/CreateAccountUserCustomizer.java index 04d8bd5a..158fb3a2 100644 --- a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/CreateAccountUserCustomizer.java +++ b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/CreateAccountUserCustomizer.java @@ -61,7 +61,7 @@ public class CreateAccountUserCustomizer implements GeorchestraUserCustomizerExt final boolean isOauth2 = auth instanceof OAuth2AuthenticationToken; final boolean isPreAuth = auth instanceof PreAuthenticatedAuthenticationToken; if (isOauth2) { - Objects.requireNonNull(mappedUser.getOAuth2ProviderId(), "GeorchestraUser.oAuth2ProviderId is null"); + Objects.requireNonNull(mappedUser.getOAuth2Uid(), "GeorchestraUser.oAuth2ProviderId is null"); } if (isPreAuth) { Objects.requireNonNull(mappedUser.getUsername(), "GeorchestraUser.username is null"); diff --git a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.java b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.java index ae1b3894..35f8393f 100644 --- a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.java +++ b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.java @@ -73,8 +73,8 @@ public LdapAccountsManager(Consumer eventPublisher, AccountDao a } @Override - protected Optional findByOAuth2ProviderId(@NonNull String oauth2ProviderId) { - return usersApi.findByOAuth2ProviderId(oauth2ProviderId).map(this::ensureRolesPrefixed); + protected Optional findByOAuth2Uid(@NonNull String oAuth2Provider, @NonNull String oAuth2Uid) { + return usersApi.findByOAuth2Uid(oAuth2Provider, oAuth2Uid).map(this::ensureRolesPrefixed); } @Override @@ -145,10 +145,11 @@ private Account mapToAccountBrief(@NonNull GeorchestraUser preAuth) { String phone = ""; String title = ""; String description = ""; - final @javax.annotation.Nullable String oAuth2ProviderId = preAuth.getOAuth2ProviderId(); + final @javax.annotation.Nullable String oAuth2Provider = preAuth.getOAuth2Provider(); + final @javax.annotation.Nullable String oAuth2Uid = preAuth.getOAuth2Uid(); Account newAccount = AccountFactory.createBrief(username, password, firstName, lastName, email, phone, title, - description, oAuth2ProviderId); + description, oAuth2Provider, oAuth2Uid); newAccount.setPending(false); if (StringUtils.isEmpty(org) && !StringUtils.isBlank(defaultOrganization)) { newAccount.setOrg(defaultOrganization); diff --git a/gateway/src/main/java/org/georchestra/gateway/accounts/events/rabbitmq/RabbitmqAccountCreatedEventSender.java b/gateway/src/main/java/org/georchestra/gateway/accounts/events/rabbitmq/RabbitmqAccountCreatedEventSender.java index f64ae41f..4ac349ca 100644 --- a/gateway/src/main/java/org/georchestra/gateway/accounts/events/rabbitmq/RabbitmqAccountCreatedEventSender.java +++ b/gateway/src/main/java/org/georchestra/gateway/accounts/events/rabbitmq/RabbitmqAccountCreatedEventSender.java @@ -44,23 +44,28 @@ public RabbitmqAccountCreatedEventSender(AmqpTemplate eventTemplate) { @EventListener(AccountCreated.class) public void on(AccountCreated event) { GeorchestraUser user = event.getUser(); - final String oAuth2ProviderId = user.getOAuth2ProviderId(); - if (null != oAuth2ProviderId) { + final String oAuth2Provider = user.getOAuth2Provider(); + if (null != oAuth2Provider) { String fullName = user.getFirstName() + " " + user.getLastName(); + String localUid = user.getUsername(); String email = user.getEmail(); - String provider = oAuth2ProviderId; - sendNewOAuthAccountMessage(fullName, email, provider); + String organization = user.getOrganization(); + String oAuth2Uid = user.getOAuth2Uid(); + sendNewOAuthAccountMessage(fullName, localUid, email, organization, oAuth2Provider, oAuth2Uid); } } - public void sendNewOAuthAccountMessage(String fullName, String email, String provider) { - // beans getting a reference to the sender + public void sendNewOAuthAccountMessage(String fullName, String localUid, String email, String organization, + String providerName, String providerUid) { JSONObject jsonObj = new JSONObject(); jsonObj.put("uid", UUID.randomUUID()); jsonObj.put("subject", OAUTH2_ACCOUNT_CREATION); - jsonObj.put("username", fullName); // bean - jsonObj.put("email", email); // bean - jsonObj.put("provider", provider); // bean + jsonObj.put("fullName", fullName); + jsonObj.put("localUid", localUid); + jsonObj.put("email", email); + jsonObj.put("organization", organization); + jsonObj.put("providerName", providerName); + jsonObj.put("providerUid", providerUid); eventTemplate.convertAndSend("routing-gateway", jsonObj.toString());// send } } \ No newline at end of file diff --git a/gateway/src/main/java/org/georchestra/gateway/security/GatewaySecurityConfiguration.java b/gateway/src/main/java/org/georchestra/gateway/security/GatewaySecurityConfiguration.java index 809f4d71..f37f2ca4 100644 --- a/gateway/src/main/java/org/georchestra/gateway/security/GatewaySecurityConfiguration.java +++ b/gateway/src/main/java/org/georchestra/gateway/security/GatewaySecurityConfiguration.java @@ -83,7 +83,6 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http, log.info("Security filter chain initialized"); - ServerHttpSecurity.LogoutSpec logoutUrl = http.formLogin().loginPage("/login").and().logout() .logoutUrl("/logout"); if (oidcLogoutSuccessHandler != null) { diff --git a/gateway/src/main/java/org/georchestra/gateway/security/oauth2/OAuth2UserMapper.java b/gateway/src/main/java/org/georchestra/gateway/security/oauth2/OAuth2UserMapper.java index ce362de3..04192159 100644 --- a/gateway/src/main/java/org/georchestra/gateway/security/oauth2/OAuth2UserMapper.java +++ b/gateway/src/main/java/org/georchestra/gateway/security/oauth2/OAuth2UserMapper.java @@ -83,9 +83,8 @@ protected Optional map(OAuth2AuthenticationToken token) { OAuth2User oAuth2User = token.getPrincipal(); GeorchestraUser user = new GeorchestraUser(); - final String oAuth2ProviderId = String.format("%s;%s", token.getAuthorizedClientRegistrationId(), - token.getName()); - user.setOAuth2ProviderId(oAuth2ProviderId); + user.setOAuth2Provider(token.getAuthorizedClientRegistrationId()); + user.setOAuth2Uid(token.getName()); Map attributes = oAuth2User.getAttributes(); List roles = resolveRoles(oAuth2User.getAuthorities()); diff --git a/gateway/src/main/java/org/georchestra/gateway/security/oauth2/OpenIdConnectUserMapper.java b/gateway/src/main/java/org/georchestra/gateway/security/oauth2/OpenIdConnectUserMapper.java index 4014b3f5..338f97d3 100644 --- a/gateway/src/main/java/org/georchestra/gateway/security/oauth2/OpenIdConnectUserMapper.java +++ b/gateway/src/main/java/org/georchestra/gateway/security/oauth2/OpenIdConnectUserMapper.java @@ -156,6 +156,8 @@ public OpenIdConnectUserMapper(@NonNull OAuth2ConfigurationProperties config) { try { applyStandardClaims(oidcUser, user); applyNonStandardClaims(oidcUser.getClaims(), user); + user.setUsername((token.getAuthorizedClientRegistrationId() + "_" + user.getUsername()) + .replaceAll("[^a-zA-Z0-9-_]", "_").toLowerCase()); } catch (Exception e) { log.error("Error mapping non-standard OIDC claims for authenticated user", e); throw new IllegalStateException(e); diff --git a/gateway/src/test/java/org/georchestra/gateway/security/RolesMappingsUserCustomizerIT.java b/gateway/src/test/java/org/georchestra/gateway/security/RolesMappingsUserCustomizerIT.java index 9774b5e6..b7704392 100644 --- a/gateway/src/test/java/org/georchestra/gateway/security/RolesMappingsUserCustomizerIT.java +++ b/gateway/src/test/java/org/georchestra/gateway/security/RolesMappingsUserCustomizerIT.java @@ -151,7 +151,7 @@ private void verifyMappedUser(String expected) { oidcRolesMappingConfig.setNormalize(true); oidcRolesMappingConfig.setUppercase(true); - verifyMappedUser("{\"GeorchestraUser\":{\"username\":\"user\"," + verifyMappedUser("{\"GeorchestraUser\":{\"username\":\"testclient_user\"," + "\"roles\":[\"ROLE_AUTHORITY_1\",\"ROLE_GP.OIDC.ROLE_1\",\"ROLE_GP.OIDC.ROLE_2\"]}}"); } @@ -168,7 +168,7 @@ private void verifyMappedUser(String expected) { oidcRolesMappingConfig.getJson().setSplit(true); oidcRolesMappingConfig.getJson().getPath().add("$.permission"); - verifyMappedUser("{\"GeorchestraUser\":{\"username\":\"user\"," + verifyMappedUser("{\"GeorchestraUser\":{\"username\":\"testclient_user\"," + "\"roles\":[\"ROLE_AUTHORITY_1\",\"ROLE_GP.OIDC.ROLE 1\",\"ROLE_GP.OIDC.ROLE 2\"]}}"); } }