javier/Stirling-PDF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added UsernameAttribute enum for useAsUsername

Browse Source
This commit is contained in:
DarioGii
2025-01-31 13:20:31 +00:00
committed by Dario Ghunney Ware
parent 8954990afb
commit 704da399d4
11 changed files with 157 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2UserService.java
View File

@@ -17,8 +17,8 @@ import stirling.software.SPDF.config.security.LoginAttemptService;
import stirling.software.SPDF.config.security.UserService;
import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
import stirling.software.SPDF.model.User;
import stirling.software.SPDF.model.UsernameAttribute;
@Slf4j
public class CustomOAuth2UserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
@@ -42,28 +42,12 @@ public class CustomOAuth2UserService implements OAuth2UserService<OidcUserReques
@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
OAUTH2 oauth2 = applicationProperties.getSecurity().getOauth2();
String usernameAttribute = oauth2.getUseAsUsername();
if (usernameAttribute == null || usernameAttribute.isEmpty()) {
Client client = oauth2.getClient();
if (client != null && client.getKeycloak() != null) {
usernameAttribute = client.getKeycloak().getUseAsUsername();
} else {
usernameAttribute = "email";
}
}
try {
OidcUser user = delegate.loadUser(userRequest);
String username = user.getUserInfo().getClaimAsString(usernameAttribute);
// Check if the username claim is null or empty
if (username == null || username.isBlank()) {
throw new IllegalArgumentException(
"Claim '" + usernameAttribute + "' cannot be null or empty");
}
OAUTH2 oauth2 = applicationProperties.getSecurity().getOauth2();
UsernameAttribute usernameAttribute =
UsernameAttribute.valueOf(oauth2.getUseAsUsername().toUpperCase());
String username = usernameAttribute.getName();
Optional<User> internalUser = userService.findByUsernameIgnoreCase(username);
@@ -79,10 +63,7 @@ public class CustomOAuth2UserService implements OAuth2UserService<OidcUserReques
// Return a new OidcUser with adjusted attributes
return new DefaultOidcUser(
user.getAuthorities(),
userRequest.getIdToken(),
user.getUserInfo(),
usernameAttribute);
user.getAuthorities(), userRequest.getIdToken(), user.getUserInfo(), username);
} catch (IllegalArgumentException e) {
log.error("Error loading OIDC user: {}", e.getMessage());
throw new OAuth2AuthenticationException(new OAuth2Error(e.getMessage()), e);

55
src/main/java/stirling/software/SPDF/config/security/oauth2/OAuth2Configuration.java
View File

@@ -29,6 +29,7 @@ import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
import stirling.software.SPDF.model.User;
import stirling.software.SPDF.model.UsernameAttribute;
import stirling.software.SPDF.model.exception.NoProviderFoundException;
import stirling.software.SPDF.model.provider.GitHubProvider;
import stirling.software.SPDF.model.provider.GoogleProvider;
@@ -93,7 +94,7 @@ public class OAuth2Configuration {
.clientId(keycloak.getClientId())
.clientSecret(keycloak.getClientSecret())
.scope(keycloak.getScopes())
.userNameAttributeName(keycloak.getUseAsUsername())
.userNameAttributeName(keycloak.getUseAsUsername().name())
.clientName(keycloak.getClientName())
.build())
: Optional.empty();
@@ -124,7 +125,7 @@ public class OAuth2Configuration {
.authorizationUri(google.getAuthorizationUri())
.tokenUri(google.getTokenUri())
.userInfoUri(google.getUserInfoUri())
.userNameAttributeName(google.getUseAsUsername())
.userNameAttributeName(google.getUseAsUsername().name())
.clientName(google.getClientName())
.redirectUri(REDIRECT_URI_PATH + google.getName())
.authorizationGrantType(AUTHORIZATION_CODE)
@@ -157,7 +158,7 @@ public class OAuth2Configuration {
.authorizationUri(github.getAuthorizationUri())
.tokenUri(github.getTokenUri())
.userInfoUri(github.getUserInfoUri())
.userNameAttributeName(github.getUseAsUsername())
.userNameAttributeName(github.getUseAsUsername().name())
.clientName(github.getClientName())
.redirectUri(REDIRECT_URI_PATH + github.getName())
.authorizationGrantType(AUTHORIZATION_CODE)
@@ -172,29 +173,36 @@ public class OAuth2Configuration {
return Optional.empty();
}
if (isStringEmpty(oauth.getIssuer())
|| isStringEmpty(oauth.getClientId())
|| isStringEmpty(oauth.getClientSecret())
|| isCollectionEmpty(oauth.getScopes())
|| isStringEmpty(oauth.getUseAsUsername())) {
return Optional.empty();
}
String name = oauth.getProvider();
String firstChar = String.valueOf(name.charAt(0));
String clientName = name.replaceFirst(firstChar, firstChar.toUpperCase());
return Optional.of(
ClientRegistrations.fromIssuerLocation(oauth.getIssuer())
.registrationId(name)
.clientId(oauth.getClientId())
.clientSecret(oauth.getClientSecret())
.scope(oauth.getScopes())
.userNameAttributeName(oauth.getUseAsUsername())
.clientName(clientName)
.redirectUri(REDIRECT_URI_PATH + name)
.authorizationGrantType(AUTHORIZATION_CODE)
.build());
Provider oidcProvider =
new Provider(
oauth.getIssuer(),
name,
clientName,
oauth.getClientId(),
oauth.getClientSecret(),
oauth.getScopes(),
UsernameAttribute.valueOf(oauth.getUseAsUsername().toUpperCase()),
null,
null,
null);
return !isStringEmpty(oidcProvider.getIssuer()) || validateProvider(oidcProvider)
? Optional.of(
ClientRegistrations.fromIssuerLocation(oauth.getIssuer())
.registrationId(name)
.clientId(oidcProvider.getClientId())
.clientSecret(oidcProvider.getClientSecret())
.scope(oidcProvider.getScopes())
.userNameAttributeName(oidcProvider.getUseAsUsername().getName())
.clientName(clientName)
.redirectUri(REDIRECT_URI_PATH + name)
.authorizationGrantType(AUTHORIZATION_CODE)
.build())
: Optional.empty();
}
private boolean isOAuth2Enabled(OAUTH2 oAuth2) {
@@ -214,8 +222,7 @@ public class OAuth2Configuration {
@Bean
@ConditionalOnProperty(
value = "security.oauth2.enabled",
havingValue = "true",
matchIfMissing = false)
havingValue = "true")
GrantedAuthoritiesMapper userAuthoritiesMapper() {
return (authorities) -> {
Set<GrantedAuthority> mappedAuthorities = new HashSet<>();