diff --git a/src/main/java/be/lghs/accounting/configuration/OAuth2UserImpl.java b/src/main/java/be/lghs/accounting/configuration/OAuth2UserImpl.java index eeca711..4560a58 100644 --- a/src/main/java/be/lghs/accounting/configuration/OAuth2UserImpl.java +++ b/src/main/java/be/lghs/accounting/configuration/OAuth2UserImpl.java @@ -1,6 +1,7 @@ package be.lghs.accounting.configuration; import be.lghs.accounting.model.enums.UserRole; +import be.lghs.accounting.model.tables.records.UsersRecord; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.core.user.DefaultOAuth2User; @@ -21,9 +22,9 @@ private static Collection getAuthorities(UserRole[] private final UUID id; - public OAuth2UserImpl(UserRole[] roles, Map attributes) { - super(getAuthorities(roles), attributes, "username"); - this.id = UUID.fromString((String) attributes.get("uuid")); + public OAuth2UserImpl(UserRole[] roles, Map attributes, UsersRecord record) { + super(getAuthorities(roles), attributes, "preferred_username"); + this.id = record.getUuid(); } public UUID getId() { diff --git a/src/main/java/be/lghs/accounting/configuration/SecurityUserService.java b/src/main/java/be/lghs/accounting/configuration/SecurityUserService.java index 452a938..0366cee 100644 --- a/src/main/java/be/lghs/accounting/configuration/SecurityUserService.java +++ b/src/main/java/be/lghs/accounting/configuration/SecurityUserService.java @@ -3,6 +3,7 @@ import be.lghs.accounting.model.tables.records.UsersRecord; import be.lghs.accounting.repositories.UserRepository; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService; import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -12,27 +13,37 @@ import java.util.Map; import java.util.UUID; +@Slf4j @Service @RequiredArgsConstructor public class SecurityUserService extends DefaultOAuth2UserService { private final UserRepository userRepository; + + private static String getMandatory(Map values, String attribute) { + if (values.containsKey(attribute)) { + return (String) values.get(attribute); + } else { + throw new RuntimeException("Missing attribute " + attribute + " for user "); + } + } + @Override public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException { OAuth2User user = super.loadUser(userRequest); Map attributes = user.getAttributes(); UsersRecord usersRecord = userRepository.ensureUserExists( - (int) attributes.get("id"), - UUID.fromString((String) attributes.get("uuid")), - (String) attributes.get("name"), - (String) attributes.get("username"), - (String) attributes.get("email")); + UUID.fromString(getMandatory(attributes, "sub")), + getMandatory(attributes, "name"), + getMandatory(attributes, "preferred_username"), + getMandatory(attributes, "email")); return new OAuth2UserImpl( - usersRecord.getRoles(), - attributes + usersRecord.getRoles(), + attributes, + usersRecord ); } } diff --git a/src/main/java/be/lghs/accounting/repositories/UserRepository.java b/src/main/java/be/lghs/accounting/repositories/UserRepository.java index 9a4b165..1c4de70 100644 --- a/src/main/java/be/lghs/accounting/repositories/UserRepository.java +++ b/src/main/java/be/lghs/accounting/repositories/UserRepository.java @@ -28,10 +28,10 @@ public class UserRepository { private final DSLContext dsl; - public UsersRecord ensureUserExists(int id, UUID uuid, String name, String username, String email) { + public UsersRecord ensureUserExists(UUID uuid, String name, String username, String email) { return dsl.insertInto(Tables.USERS) - .columns(USERS.ID, USERS.UUID, USERS.NAME, USERS.USERNAME, USERS.EMAIL) - .values(id, uuid, name, username, email) + .columns(USERS.UUID, USERS.NAME, USERS.USERNAME, USERS.EMAIL) + .values(uuid, name, username, email) .onDuplicateKeyUpdate() .set(USERS.NAME, name) .set(USERS.USERNAME, username) diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 49b1d88..acef265 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -1,6 +1,9 @@ -server.error: - include-stacktrace: always - include-exception: true +server: + error: + include-stacktrace: always + include-exception: true + + forward-headers-strategy: framework logging.config: classpath:logback-spring.xml @@ -16,30 +19,25 @@ spring: datasource: url: jdbc:postgresql:lghs_accounting username: lghs_accounting_app - password: 'change-me' + password: ${DB_APP_PWD} flyway: url: ${spring.datasource.url} user: lghs_accounting_root - password: 'change-me' + password: ${DB_ROOT_PWD} schemas: accounting security: oauth2: client: - provider: + registration: members: - client-id: "${spring.security.oauth2.client.registration.members.client-id}" - authorization-uri: "https://members.lghs.be/oauth/authorize" - token-uri: "https://members.lghs.be/oauth/token" - user-info-uri: "https://members.lghs.be/api/me" + client-id: "accounting" + client-secret: "${OAUTH2_CLIENT_SECRET}" user-name-attribute: "username" - registration: + provider: members: - client-id: "change-me" - client-secret: "change-me" - redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" - authorization-grant-type: "authorization_code" + issuer-uri: "${OAUTH2_ISSUER_URI}" mail: port: 465 @@ -62,7 +60,7 @@ pebble: cache: false strict-variables: true suffix: '.peb' - + --- spring.config.activate.on-profile: prd diff --git a/src/main/resources/db/migration/V0010__remove_id_from_user.sql b/src/main/resources/db/migration/V0010__remove_id_from_user.sql new file mode 100644 index 0000000..eb96936 --- /dev/null +++ b/src/main/resources/db/migration/V0010__remove_id_from_user.sql @@ -0,0 +1,3 @@ +ALTER TABLE accounting.users DROP CONSTRAINT users_pkey; +ALTER TABLE accounting.users ADD PRIMARY KEY (uuid); +ALTER TABLE accounting.users DROP COLUMN id;