From e20732630cbe7696389981e20da9f1a50e40a076 Mon Sep 17 00:00:00 2001
From: Emmanuel Durin <emmanuel.durin@camptocamp.com>
Date: Mon, 4 Dec 2023 13:15:56 +0100
Subject: [PATCH] filter implementation

---
 .../app/GeorchestraGatewayApplication.java    |  2 ++
 .../ResolveGeorchestraUserGlobalFilter.java   | 24 +++++++++++--------
 .../main/resources/messages/login.properties  |  3 ++-
 .../resources/messages/login_de.properties    |  3 ++-
 .../resources/messages/login_en.properties    |  3 ++-
 .../resources/messages/login_es.properties    |  3 ++-
 .../resources/messages/login_fr.properties    |  3 ++-
 .../resources/messages/login_nl.properties    |  3 ++-
 .../resources/messages/login_ru.properties    |  3 ++-
 .../src/main/resources/templates/login.html   |  3 ++-
 10 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/gateway/src/main/java/org/georchestra/gateway/app/GeorchestraGatewayApplication.java b/gateway/src/main/java/org/georchestra/gateway/app/GeorchestraGatewayApplication.java
index 4253b7e7..2739b838 100644
--- a/gateway/src/main/java/org/georchestra/gateway/app/GeorchestraGatewayApplication.java
+++ b/gateway/src/main/java/org/georchestra/gateway/app/GeorchestraGatewayApplication.java
@@ -123,6 +123,8 @@ public String loginPage(@RequestParam Map<String, String> allRequestParams, Mode
         mdl.addAttribute("passwordExpired", expired);
         boolean invalidCredentials = "invalid_credentials".equals(allRequestParams.get("error"));
         mdl.addAttribute("invalidCredentials", invalidCredentials);
+        boolean duplicateAccount = "duplicate_account".equals(allRequestParams.get("error"));
+        mdl.addAttribute("duplicateAccount", duplicateAccount);
         return "login";
     }
 
diff --git a/gateway/src/main/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilter.java b/gateway/src/main/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilter.java
index e00c2759..3c559380 100644
--- a/gateway/src/main/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilter.java
+++ b/gateway/src/main/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilter.java
@@ -42,6 +42,7 @@
 
 import java.net.URI;
 import java.util.Optional;
+import java.util.function.Function;
 
 /**
  * A {@link GlobalFilter} that resolves the {@link GeorchestraUser} from the
@@ -64,7 +65,7 @@ public class ResolveGeorchestraUserGlobalFilter implements GlobalFilter, Ordered
 
     private ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
 
-    private static String EXPIRED_PASSWORD = "expired_password";
+    private static String DUPLICATE_ACCOUNT = "duplicate_account";
 
     /**
      * @return a lower precedence than {@link RouteToRequestUrlFilter}'s, in order
@@ -82,7 +83,6 @@ public class ResolveGeorchestraUserGlobalFilter implements GlobalFilter, Ordered
      * chain.
      */
     public @Override Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
-
         Mono<Void> res = exchange.getPrincipal()//
                 .doOnNext(p -> log.debug("resolving user from {}", p.getClass().getName()))//
                 .filter(Authentication.class::isInstance)//
@@ -91,12 +91,16 @@ public class ResolveGeorchestraUserGlobalFilter implements GlobalFilter, Ordered
                     try {
                         return resolver.resolve(auth);
                     } catch (DuplicatedEmailFoundException exp) {
-                        GeorchestraUser user = new GeorchestraUser();
-                        user.setId("0");
-                        return Optional.of(user);
+                        Optional<GeorchestraUser> op = Optional.empty();
+                        return op;
                     }
                 })//
-                .filter(user -> !((GeorchestraUser) user.get()).getId().equals("0")).map(user -> {
+                .map(user -> {
+                    if (user.isEmpty()) {
+                        return this.redirectStrategy.sendRedirect(exchange, URI
+                                .create("https://georchestra-127-0-1-1.traefik.me/login?error=" + DUPLICATE_ACCOUNT));
+                    }
+
                     GeorchestraUser usr = user.orElse(null);
                     GeorchestraUsers.store(exchange, usr);
                     if (usr != null && usr instanceof ExtendedGeorchestraUser) {
@@ -104,14 +108,14 @@ public class ResolveGeorchestraUserGlobalFilter implements GlobalFilter, Ordered
                         Organization org = eu.getOrg();
                         GeorchestraOrganizations.store(exchange, org);
                     }
-                    return exchange;
+                    return chain.filter(exchange);
                 })//
-                .defaultIfEmpty(exchange)//
-                .flatMap(chain::filter);
+                .defaultIfEmpty(chain.filter(exchange))//
+                .flatMap(Function.identity());
 
         System.out.println(res);
         return res;
-        return this.redirectStrategy.sendRedirect(exchange, URI.create("login?error=" + EXPIRED_PASSWORD));
+//        return this.redirectStrategy.sendRedirect(exchange, URI.create("login?error=" + DUPLICATE_ACCOUNT));
     }
 
 }
\ No newline at end of file
diff --git a/gateway/src/main/resources/messages/login.properties b/gateway/src/main/resources/messages/login.properties
index 2adf6071..01bb116c 100644
--- a/gateway/src/main/resources/messages/login.properties
+++ b/gateway/src/main/resources/messages/login.properties
@@ -8,4 +8,5 @@ forget_password = Forgot password ?
 identity_provider_title = Log in with an identity provider
 expired_password = Your password has been expired
 expired_password_link = and should be changed
-invalid_credentials = Invalid username or password
\ No newline at end of file
+invalid_credentials = Invalid username or password
+duplicate_account = An account already exists using this email address
diff --git a/gateway/src/main/resources/messages/login_de.properties b/gateway/src/main/resources/messages/login_de.properties
index b00bacd4..8e7a086a 100644
--- a/gateway/src/main/resources/messages/login_de.properties
+++ b/gateway/src/main/resources/messages/login_de.properties
@@ -8,4 +8,5 @@ forget_password = Passwort vergessen?
 identity_provider_title = Melden Sie sich bei einem Identitätsanbieter an
 expired_password = Ihr Passwort ist abgelaufen
 expired_password_link = und sollte geändert werden
-invalid_credentials = Ungültiger Benutzername oder Passwort
\ No newline at end of file
+invalid_credentials = Ungültiger Benutzername oder Passwort
+duplicate_account = An account already exists using this email address
diff --git a/gateway/src/main/resources/messages/login_en.properties b/gateway/src/main/resources/messages/login_en.properties
index 34ef2ee0..1b12d445 100644
--- a/gateway/src/main/resources/messages/login_en.properties
+++ b/gateway/src/main/resources/messages/login_en.properties
@@ -8,4 +8,5 @@ forget_password = Forgot password ?
 identity_provider_title = Log in with an identity provider
 expired_password = Your password has been expired
 expired_password_link =  and should be changed
-invalid_credentials = Invalid username or password
\ No newline at end of file
+invalid_credentials = Invalid username or password
+duplicate_account = An account already exists using this email address
diff --git a/gateway/src/main/resources/messages/login_es.properties b/gateway/src/main/resources/messages/login_es.properties
index 493f4bff..05dc302c 100644
--- a/gateway/src/main/resources/messages/login_es.properties
+++ b/gateway/src/main/resources/messages/login_es.properties
@@ -8,4 +8,5 @@ forget_password = Contraseña olvidada ?
 identity_provider_title = Iniciar sesión con un proveedor de identidad
 expired_password = Su contraseña ha caducado
 expired_password_link = y debería ser cambiado
-invalid_credentials = Nombre de usuario o contraseña invalido
\ No newline at end of file
+invalid_credentials = Nombre de usuario o contraseña invalido
+duplicate_account = An account already exists using this email address
diff --git a/gateway/src/main/resources/messages/login_fr.properties b/gateway/src/main/resources/messages/login_fr.properties
index 85e6976c..5b95c11a 100644
--- a/gateway/src/main/resources/messages/login_fr.properties
+++ b/gateway/src/main/resources/messages/login_fr.properties
@@ -8,4 +8,5 @@ forget_password = Mot de passe oublié ?
 identity_provider_title = Se connecter depuis un fournisseur d'identité
 expired_password = Votre mot de passe a expiré
 expired_password_link = et doit être changé
-invalid_credentials = Nom d'utilisateur ou mot de passe non valide
\ No newline at end of file
+invalid_credentials = Nom d'utilisateur ou mot de passe non valide
+duplicate_account = An account already exists using this email address
diff --git a/gateway/src/main/resources/messages/login_nl.properties b/gateway/src/main/resources/messages/login_nl.properties
index 74dc8fc7..213fdc8f 100644
--- a/gateway/src/main/resources/messages/login_nl.properties
+++ b/gateway/src/main/resources/messages/login_nl.properties
@@ -8,4 +8,5 @@ forget_password = Wachtwoord vergeten ?
 identity_provider_title = Log in met een identiteitsprovider
 expired_password = Uw wachtwoord is verlopen
 expired_password_link = en moet worden veranderd
-invalid_credentials = ongeldige gebruikersnaam of wachtwoord
\ No newline at end of file
+invalid_credentials = ongeldige gebruikersnaam of wachtwoord
+duplicate_account = An account already exists using this email address
diff --git a/gateway/src/main/resources/messages/login_ru.properties b/gateway/src/main/resources/messages/login_ru.properties
index b67cb3fa..ffc9cc53 100644
--- a/gateway/src/main/resources/messages/login_ru.properties
+++ b/gateway/src/main/resources/messages/login_ru.properties
@@ -8,4 +8,5 @@ forget_password = Забыли пароль ?
 identity_provider_title = Войдите в систему с помощью поставщика удостоверений
 expired_password = Срок действия вашего пароля истек,
 expired_password_link = и следует изменить
-invalid_credentials = неправильное имя пользователя или пароль
\ No newline at end of file
+invalid_credentials = неправильное имя пользователя или пароль
+duplicate_account = An account already exists using this email address
diff --git a/gateway/src/main/resources/templates/login.html b/gateway/src/main/resources/templates/login.html
index 790f2641..1b9383c6 100644
--- a/gateway/src/main/resources/templates/login.html
+++ b/gateway/src/main/resources/templates/login.html
@@ -39,8 +39,9 @@ <h2 class="form-signin-heading"><span th:text="#{login_message_title}"></span></
             <div style="text-align: center; font-size: 18px; color: #ff0033;" th:if="${passwordExpired}">  <span th:text="#{expired_password}" ></span>
                 <a href="/console/account/passwordRecovery" > <span th:text="#{expired_password_link}" ></span> </a>
             </div>
+            <div style="text-align: center; font-size: 18px; color: #ff0033;" th:if="${duplicateAccount}"> <span th:text="#{duplicate_account}"></span> </div>
         </div>
-    </form>
+    </form>~
     <div th:if="${oauth2LoginLinks.size() != 0}" class="container"><h2 class="form-signin-heading">Login with OAuth 2.0</h2>
         <table class="table table-striped">
         <tr th:each="oauth2Client : ${oauth2LoginLinks}">