From 4dccacb8969a8d2c92e05afec1473329866b3422 Mon Sep 17 00:00:00 2001 From: Francois Date: Sun, 27 Feb 2022 19:46:20 +0100 Subject: [PATCH] make changes to make the app work with a default keycloak with openconnect --- .../configuration/OAuth2UserImpl.java | 7 +-- .../configuration/SecurityUserService.java | 45 +++++++++++++------ .../repositories/UserRepository.java | 6 +-- src/main/resources/application.yml | 26 +++++------ .../migration/V0010__remove_id_from_user.sql | 3 ++ 5 files changed, 53 insertions(+), 34 deletions(-) create mode 100644 src/main/resources/db/migration/V0010__remove_id_from_user.sql diff --git a/src/main/java/be/lghs/accounting/configuration/OAuth2UserImpl.java b/src/main/java/be/lghs/accounting/configuration/OAuth2UserImpl.java index eeca711..4560a58 100644 --- a/src/main/java/be/lghs/accounting/configuration/OAuth2UserImpl.java +++ b/src/main/java/be/lghs/accounting/configuration/OAuth2UserImpl.java @@ -1,6 +1,7 @@ package be.lghs.accounting.configuration; import be.lghs.accounting.model.enums.UserRole; +import be.lghs.accounting.model.tables.records.UsersRecord; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.core.user.DefaultOAuth2User; @@ -21,9 +22,9 @@ private static Collection getAuthorities(UserRole[] private final UUID id; - public OAuth2UserImpl(UserRole[] roles, Map attributes) { - super(getAuthorities(roles), attributes, "username"); - this.id = UUID.fromString((String) attributes.get("uuid")); + public OAuth2UserImpl(UserRole[] roles, Map attributes, UsersRecord record) { + super(getAuthorities(roles), attributes, "preferred_username"); + this.id = record.getUuid(); } public UUID getId() { diff --git a/src/main/java/be/lghs/accounting/configuration/SecurityUserService.java b/src/main/java/be/lghs/accounting/configuration/SecurityUserService.java index 452a938..a9d2c8d 100644 --- a/src/main/java/be/lghs/accounting/configuration/SecurityUserService.java +++ b/src/main/java/be/lghs/accounting/configuration/SecurityUserService.java @@ -3,6 +3,7 @@ import be.lghs.accounting.model.tables.records.UsersRecord; import be.lghs.accounting.repositories.UserRepository; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService; import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -12,27 +13,43 @@ import java.util.Map; import java.util.UUID; +@Slf4j @Service @RequiredArgsConstructor public class SecurityUserService extends DefaultOAuth2UserService { private final UserRepository userRepository; + + private static String getMandatory(Map values, String attribute) { + if (values.containsKey(attribute)) { + return (String) values.get(attribute); + } else { + throw new RuntimeException("Missing attribute " + attribute + " for user "); + } + } + @Override public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException { - OAuth2User user = super.loadUser(userRequest); - Map attributes = user.getAttributes(); - - UsersRecord usersRecord = userRepository.ensureUserExists( - (int) attributes.get("id"), - UUID.fromString((String) attributes.get("uuid")), - (String) attributes.get("name"), - (String) attributes.get("username"), - (String) attributes.get("email")); - - return new OAuth2UserImpl( - usersRecord.getRoles(), - attributes - ); + try { + OAuth2User user = super.loadUser(userRequest); + Map attributes = user.getAttributes(); + + UsersRecord usersRecord = userRepository.ensureUserExists( + UUID.fromString(getMandatory(attributes, "sub")), + getMandatory(attributes, "name"), + getMandatory(attributes, "preferred_username"), + getMandatory(attributes, "email")); + + return new OAuth2UserImpl( + usersRecord.getRoles(), + attributes, + usersRecord + ); + + } catch (Exception e) { + log.error("Error while loading user", e); + throw new RuntimeException("Error while loading user"); + } } } diff --git a/src/main/java/be/lghs/accounting/repositories/UserRepository.java b/src/main/java/be/lghs/accounting/repositories/UserRepository.java index 9a4b165..1c4de70 100644 --- a/src/main/java/be/lghs/accounting/repositories/UserRepository.java +++ b/src/main/java/be/lghs/accounting/repositories/UserRepository.java @@ -28,10 +28,10 @@ public class UserRepository { private final DSLContext dsl; - public UsersRecord ensureUserExists(int id, UUID uuid, String name, String username, String email) { + public UsersRecord ensureUserExists(UUID uuid, String name, String username, String email) { return dsl.insertInto(Tables.USERS) - .columns(USERS.ID, USERS.UUID, USERS.NAME, USERS.USERNAME, USERS.EMAIL) - .values(id, uuid, name, username, email) + .columns(USERS.UUID, USERS.NAME, USERS.USERNAME, USERS.EMAIL) + .values(uuid, name, username, email) .onDuplicateKeyUpdate() .set(USERS.NAME, name) .set(USERS.USERNAME, username) diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 49b1d88..01680b7 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -1,6 +1,9 @@ -server.error: - include-stacktrace: always - include-exception: true +server: + error: + include-stacktrace: always + include-exception: true + + forward-headers-strategy: framework logging.config: classpath:logback-spring.xml @@ -27,19 +30,14 @@ spring: security: oauth2: client: - provider: + registration: members: - client-id: "${spring.security.oauth2.client.registration.members.client-id}" - authorization-uri: "https://members.lghs.be/oauth/authorize" - token-uri: "https://members.lghs.be/oauth/token" - user-info-uri: "https://members.lghs.be/api/me" + client-id: "accounting" + client-secret: "${OAUTH2_CLIENT_SECRET}" user-name-attribute: "username" - registration: + provider: members: - client-id: "change-me" - client-secret: "change-me" - redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" - authorization-grant-type: "authorization_code" + issuer-uri: "${OAUTH2_ISSUER_URI}" mail: port: 465 @@ -62,7 +60,7 @@ pebble: cache: false strict-variables: true suffix: '.peb' - + --- spring.config.activate.on-profile: prd diff --git a/src/main/resources/db/migration/V0010__remove_id_from_user.sql b/src/main/resources/db/migration/V0010__remove_id_from_user.sql new file mode 100644 index 0000000..eb96936 --- /dev/null +++ b/src/main/resources/db/migration/V0010__remove_id_from_user.sql @@ -0,0 +1,3 @@ +ALTER TABLE accounting.users DROP CONSTRAINT users_pkey; +ALTER TABLE accounting.users ADD PRIMARY KEY (uuid); +ALTER TABLE accounting.users DROP COLUMN id;