Skip to content
Snippets Groups Projects
Commit 47a2760d authored by Lukasz Lopatowski's avatar Lukasz Lopatowski
Browse files

Refactor

parent 201ca0d4
No related branches found
No related tags found
1 merge request!137Draft: Release/1.7.1
Pipeline #93256 passed
Stage: test
Stage: sonar
Stage: build
Stage: mend
Hide whitespace changes
Inline Side-by-side
src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
+ 5
23
View file @ 47a2760d
...@@ -41,29 +41,20 @@ import static java.lang.String.format; ...@@ -41,29 +41,20 @@ import static java.lang.String.format;
public class OIDCAuthController { public class OIDCAuthController {
private final OidcUserService oidcUserService; private final OidcUserService oidcUserService;
private final JWTTokenService jwtTokenService; private final JWTTokenService jwtTokenService;
private final UserLoginRegisterService loginRegisterService; private final UserLoginRegisterService loginRegisterService;
private final UserService userService; private final UserService userService;
private final PasswordEncoder passwordEncoder; private final PasswordEncoder passwordEncoder;
private final DomainService domains; private final DomainService domains;
private final ConfigurationManager configurationManager; private final ConfigurationManager configurationManager;
@Value("${portal.address}") @Value("${portal.address}")
private String portalAddress; private String portalAddress;
@Value("${spring.security.oauth2.client.provider.my-oidc.issuer-uri:http://localhost:8080/realms/geant}") @Value("${spring.security.oauth2.client.provider.my-oidc.issuer-uri:http://localhost:8080/realms/geant}")
private String oidcAddress; private String oidcAddress;
@PostMapping("api/oidc/link") @PostMapping("api/oidc/link")
public UserOidcToken oidcLinkedSuccess(@RequestBody final OidcLogin oidcLogin, HttpServletRequest request) { public UserOidcToken oidcLinkedSuccess(@RequestBody final OidcLogin oidcLogin, HttpServletRequest request) {
User user = userService.findByEmail(oidcLogin.email()); User user = userService.findByEmail(oidcLogin.email());
try { try {
validate( validate(
...@@ -81,14 +72,12 @@ public class OIDCAuthController { ...@@ -81,14 +72,12 @@ public class OIDCAuthController {
throw new AuthenticationException(ae.getMessage()); throw new AuthenticationException(ae.getMessage());
} }
checkUserApprovals(user); checkUserApprovals(user);
if (
configurationManager.getConfiguration().isMaintenance() if (configurationManager.getConfiguration().isMaintenance()
&& user.getRoles().stream().noneMatch( && user.getRoles().stream().noneMatch(value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN))) {
value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN)
)
) {
throw new UndergoingMaintenanceException("Application is undergoing maintenance right now"); throw new UndergoingMaintenanceException("Application is undergoing maintenance right now");
} }
this.loginRegisterService.registerNewSuccessfulLogin( this.loginRegisterService.registerNewSuccessfulLogin(
user, user,
request.getHeader(HttpHeaders.HOST), request.getHeader(HttpHeaders.HOST),
...@@ -108,13 +97,10 @@ public class OIDCAuthController { ...@@ -108,13 +97,10 @@ public class OIDCAuthController {
jwtTokenService.getRefreshToken(linkedUser), jwtTokenService.getRefreshToken(linkedUser),
oidcLogin.oidcToken() oidcLogin.oidcToken()
); );
} }
@GetMapping("/api/oidc/success") @GetMapping("/api/oidc/success")
public RedirectView oidcLoginSuccess(@AuthenticationPrincipal OidcUser oidcUser, HttpServletRequest request) { public RedirectView oidcLoginSuccess(@AuthenticationPrincipal OidcUser oidcUser, HttpServletRequest request) {
if (oidcUserService.externalUserRequiredLinking(oidcUser)) { if (oidcUserService.externalUserRequiredLinking(oidcUser)) {
String linkingRedirectUrl = portalAddress String linkingRedirectUrl = portalAddress
+ "/login-linking?oidc_token=" + "/login-linking?oidc_token="
...@@ -122,7 +108,6 @@ public class OIDCAuthController { ...@@ -122,7 +108,6 @@ public class OIDCAuthController {
return new RedirectView(linkingRedirectUrl); return new RedirectView(linkingRedirectUrl);
} }
try { try {
User user = oidcUserService.checkUser(oidcUser); User user = oidcUserService.checkUser(oidcUser);
String redirectUrl = portalAddress String redirectUrl = portalAddress
...@@ -152,13 +137,10 @@ public class OIDCAuthController { ...@@ -152,13 +137,10 @@ public class OIDCAuthController {
@GetMapping("/api/oidc/logout/{oidcToken}") @GetMapping("/api/oidc/logout/{oidcToken}")
public RedirectView logout(@PathVariable String oidcToken) { public RedirectView logout(@PathVariable String oidcToken) {
String logoutUrl = oidcAddress + "/protocol/openid-connect/logout"; String logoutUrl = oidcAddress + "/protocol/openid-connect/logout";
return new RedirectView(logoutUrl + "?id_token_hint=" + oidcToken); return new RedirectView(logoutUrl + "?id_token_hint=" + oidcToken);
} }
void validate(String email, String providedPassword, String actualPassword, boolean isEnabled) { void validate(String email, String providedPassword, String actualPassword, boolean isEnabled) {
validateConditionAndLogMessage(email == null || providedPassword == null, validateConditionAndLogMessage(email == null || providedPassword == null,
format("Login failed: missing credentials%s", email != null ? (format(" (email: %s)", email)) : "")); format("Login failed: missing credentials%s", email != null ? (format(" (email: %s)", email)) : ""));
...@@ -168,7 +150,7 @@ public class OIDCAuthController { ...@@ -168,7 +150,7 @@ public class OIDCAuthController {
void checkUserApprovals(User user) { void checkUserApprovals(User user) {
if (!user.isTermsOfUseAccepted() || !user.isPrivacyPolicyAccepted()) { if (!user.isTermsOfUseAccepted() || !user.isPrivacyPolicyAccepted()) {
log.info(format("Check during login: Terms of Use or Privacy Policy were not accepted by user [%s]", user.getUsername())); log.info("Check during login: Terms of Use or Privacy Policy were not accepted by user [{}]", user.getUsername());
user.setNewRoles(ImmutableSet.of(new UserRole(user, domains.getGlobalDomain().orElseThrow(SignupException::new), Role.ROLE_NOT_ACCEPTED))); user.setNewRoles(ImmutableSet.of(new UserRole(user, domains.getGlobalDomain().orElseThrow(SignupException::new), Role.ROLE_NOT_ACCEPTED)));
} }
} }
......
src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
+ 4
0
View file @ 47a2760d
...@@ -7,9 +7,13 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser; ...@@ -7,9 +7,13 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser;
public interface OidcUserService { public interface OidcUserService {
User checkUser(OidcUser oidcUser); User checkUser(OidcUser oidcUser);
User register(OidcUser user, Domain globalDomain); User register(OidcUser user, Domain globalDomain);
User registerNewUser(OidcUser oidcUser); User registerNewUser(OidcUser oidcUser);
boolean externalUserRequiredLinking(OidcUser oidcUser); boolean externalUserRequiredLinking(OidcUser oidcUser);
User linkUser(String email, String samlToken, String firstName, String lastName); User linkUser(String email, String samlToken, String firstName, String lastName);
} }
src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+ 5
9
View file @ 47a2760d
...@@ -58,8 +58,7 @@ public class OidcUserServiceImpl implements OidcUserService { ...@@ -58,8 +58,7 @@ public class OidcUserServiceImpl implements OidcUserService {
return userService return userService
.findBySamlToken(oidcUserSub) .findBySamlToken(oidcUserSub)
.orElseThrow(); .orElseThrow();
} else if (existUserByUsernameAsSamlToken } else if (existUserByUsernameAsSamlToken || existsUserBySamlTokenAsEmail) {
|| existsUserBySamlTokenAsEmail) {
User user = userService User user = userService
.findBySamlToken(oidcUserPreferredUsername) .findBySamlToken(oidcUserPreferredUsername)
.orElseThrow(); .orElseThrow();
...@@ -80,9 +79,7 @@ public class OidcUserServiceImpl implements OidcUserService { ...@@ -80,9 +79,7 @@ public class OidcUserServiceImpl implements OidcUserService {
@Override @Override
public User registerNewUser(OidcUser oidcUser) { public User registerNewUser(OidcUser oidcUser) {
try { try {
return register(oidcUser, return register(oidcUser, domains.getGlobalDomain().orElseThrow(MissingElementException::new));
domains.getGlobalDomain().orElseThrow(MissingElementException::new)
);
} catch (ObjectAlreadyExistsException e) { } catch (ObjectAlreadyExistsException e) {
throw new SignupException("User already exists"); throw new SignupException("User already exists");
} catch (MissingElementException e) { } catch (MissingElementException e) {
...@@ -93,7 +90,6 @@ public class OidcUserServiceImpl implements OidcUserService { ...@@ -93,7 +90,6 @@ public class OidcUserServiceImpl implements OidcUserService {
@Override @Override
public User register(OidcUser oidcUser, Domain globalDomain) { public User register(OidcUser oidcUser, Domain globalDomain) {
Map<String, Object> attributes = oidcUser.getAttributes();
byte[] array = new byte[16]; byte[] array = new byte[16];
new SecureRandom().nextBytes(array); new SecureRandom().nextBytes(array);
String generatedString = Base64.getEncoder().encodeToString(array); String generatedString = Base64.getEncoder().encodeToString(array);
...@@ -119,10 +115,11 @@ public class OidcUserServiceImpl implements OidcUserService { ...@@ -119,10 +115,11 @@ public class OidcUserServiceImpl implements OidcUserService {
String oidcUserEmail = oidcUser.getAttribute("email"); String oidcUserEmail = oidcUser.getAttribute("email");
if(userService.existsByEmail(oidcUserEmail)){ if (userService.existsByEmail(oidcUserEmail)) {
User user = userService.findByEmail(oidcUserEmail); final User user = userService.findByEmail(oidcUserEmail);
return user.getSamlToken() == null || user.getSamlToken().isEmpty(); return user.getSamlToken() == null || user.getSamlToken().isEmpty();
} }
return false; return false;
} }
...@@ -138,5 +135,4 @@ public class OidcUserServiceImpl implements OidcUserService { ...@@ -138,5 +135,4 @@ public class OidcUserServiceImpl implements OidcUserService {
return user; return user;
} }
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment