Openconnect

src/main/java/be/lghs/accounting/configuration/OAuth2UserImpl.java

@@ -1,6 +1,7 @@
 package be.lghs.accounting.configuration;
 
 import be.lghs.accounting.model.enums.UserRole;
+import be.lghs.accounting.model.tables.records.UsersRecord;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 
@@ -21,9 +22,9 @@ private static Collection<? extends GrantedAuthority> getAuthorities(UserRole[]
 
     private final UUID id;
 
-    public OAuth2UserImpl(UserRole[] roles, Map<String, Object> attributes) {
-        super(getAuthorities(roles), attributes, "username");
-        this.id = UUID.fromString((String) attributes.get("uuid"));
+    public OAuth2UserImpl(UserRole[] roles, Map<String, Object> attributes, UsersRecord record) {
+        super(getAuthorities(roles), attributes, "preferred_username");
+        this.id = record.getUuid();
     }
 
     public UUID getId() {

src/main/java/be/lghs/accounting/configuration/SecurityUserService.java

@@ -3,6 +3,7 @@
 import be.lghs.accounting.model.tables.records.UsersRecord;
 import be.lghs.accounting.repositories.UserRepository;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -12,27 +13,37 @@
 import java.util.Map;
 import java.util.UUID;
 
+@Slf4j
 @Service
 @RequiredArgsConstructor
 public class SecurityUserService extends DefaultOAuth2UserService {
 
     private final UserRepository userRepository;
 
+
+    private static String getMandatory(Map<String, Object> values, String attribute) {
+        if (values.containsKey(attribute)) {
+            return (String) values.get(attribute);
+        } else {
+            throw new RuntimeException("Missing attribute " + attribute + " for user ");
+        }
+    }
+
     @Override
     public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
         OAuth2User user = super.loadUser(userRequest);
         Map<String, Object> attributes = user.getAttributes();
 
         UsersRecord usersRecord = userRepository.ensureUserExists(
-            (int) attributes.get("id"),
-            UUID.fromString((String) attributes.get("uuid")),
-            (String) attributes.get("name"),
-            (String) attributes.get("username"),
-            (String) attributes.get("email"));
+                UUID.fromString(getMandatory(attributes, "sub")),
+                getMandatory(attributes, "name"),
+                getMandatory(attributes, "preferred_username"),
+                getMandatory(attributes, "email"));
 
         return new OAuth2UserImpl(
-            usersRecord.getRoles(),
-            attributes
+                usersRecord.getRoles(),
+                attributes,
+                usersRecord
         );
     }
 }

src/main/java/be/lghs/accounting/repositories/UserRepository.java

@@ -28,10 +28,10 @@ public class UserRepository {
 
     private final DSLContext dsl;
 
-    public UsersRecord ensureUserExists(int id, UUID uuid, String name, String username, String email) {
+    public UsersRecord ensureUserExists(UUID uuid, String name, String username, String email) {
         return dsl.insertInto(Tables.USERS)
-            .columns(USERS.ID, USERS.UUID, USERS.NAME, USERS.USERNAME, USERS.EMAIL)
-            .values(id, uuid, name, username, email)
+            .columns(USERS.UUID, USERS.NAME, USERS.USERNAME, USERS.EMAIL)
+            .values(uuid, name, username, email)
             .onDuplicateKeyUpdate()
             .set(USERS.NAME, name)
             .set(USERS.USERNAME, username)

src/main/resources/application.yml

@@ -1,6 +1,9 @@
-server.error:
-  include-stacktrace: always
-  include-exception: true
+server:
+  error:
+    include-stacktrace: always
+    include-exception: true
+
+  forward-headers-strategy: framework
 
 logging.config: classpath:logback-spring.xml
 
@@ -16,30 +19,25 @@ spring:
   datasource:
     url: jdbc:postgresql:lghs_accounting
     username: lghs_accounting_app
-    password: 'change-me'
+    password: ${DB_APP_PWD}
 
   flyway:
     url: ${spring.datasource.url}
     user: lghs_accounting_root
-    password: 'change-me'
+    password: ${DB_ROOT_PWD}
     schemas: accounting
 
   security:
     oauth2:
       client:
-        provider:
+        registration:
           members:
-            client-id: "${spring.security.oauth2.client.registration.members.client-id}"
-            authorization-uri: "https://members.lghs.be/oauth/authorize"
-            token-uri: "https://members.lghs.be/oauth/token"
-            user-info-uri: "https://members.lghs.be/api/me"
+            client-id: "accounting"
+            client-secret: "${OAUTH2_CLIENT_SECRET}"
             user-name-attribute: "username"
-        registration:
+        provider:
           members:
-            client-id: "change-me"
-            client-secret: "change-me"
-            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
-            authorization-grant-type: "authorization_code"
+            issuer-uri: "${OAUTH2_ISSUER_URI}"
 
   mail:
     port: 465
@@ -62,7 +60,7 @@ pebble:
   cache: false
   strict-variables: true
   suffix: '.peb'
-
+  
 ---
 spring.config.activate.on-profile: prd
 

src/main/resources/db/migration/V0010__remove_id_from_user.sql

@@ -0,0 +1,3 @@
+ALTER TABLE accounting.users DROP CONSTRAINT users_pkey;
+ALTER TABLE accounting.users ADD PRIMARY KEY (uuid);
+ALTER TABLE accounting.users DROP COLUMN id;