Merge pull request #6922 from ORCID/8891-qa-500-error-from-authorizej…

…son-when-doing-oauth-with-third-party-signin fix: Add missing create event method for social sign in
ORCID · Oct 31, 2023 · 745a8c0 · 745a8c0
2 parents 5233200 + bd205ef
commit 745a8c0
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 20 deletions.
diff --git a/orcid-core/src/main/java/org/orcid/core/common/manager/impl/EventManagerImpl.java b/orcid-core/src/main/java/org/orcid/core/common/manager/impl/EventManagerImpl.java
@@ -42,27 +42,24 @@ public void createEvent(String orcid, EventType eventType, HttpServletRequest re
         String redirectUrl = null;
         String publicPage = null;
 
-        switch (eventType) {
-            case PUBLIC_PAGE:
-                publicPage = orcid;
-                orcid = null;
-                break;
-            case REAUTHORIZE:
+        if (eventType == EventType.PUBLIC_PAGE) {
+            publicPage = orcid;
+            orcid = null;
+        } else {
+            if (request != null) {
+                Boolean isOauth2ScreensRequest = (Boolean) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_2SCREENS);
+                if (isOauth2ScreensRequest != null && isOauth2ScreensRequest) {
+                    String queryString = (String) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_QUERY_STRING);
+                    clientId = getParameterValue(queryString, "client_id");
+                    redirectUrl = getParameterValue(queryString, "redirect_uri");
+                    ClientDetailsEntity clientDetailsEntity = clientDetailsEntityCacheManager.retrieve(clientId);
+                    label = "OAuth " + clientDetailsEntity.getClientName();
+                }
+            } else if (requestInfoForm != null) {
                 clientId = requestInfoForm.getClientId();
-                redirectUrl = requestInfoForm.getRedirectUrl();
+                redirectUrl = removeAttributesFromUrl(requestInfoForm.getRedirectUrl());
                 label = "OAuth " + requestInfoForm.getClientName();
-                break;
-            default:
-                if (request != null) {
-                    Boolean isOauth2ScreensRequest = (Boolean) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_2SCREENS);
-                    if (isOauth2ScreensRequest != null && isOauth2ScreensRequest) {
-                        String queryString = (String) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_QUERY_STRING);
-                        clientId = getParameterValue(queryString, "client_id");
-                        redirectUrl = getParameterValue(queryString, "redirect_uri");
-                        ClientDetailsEntity clientDetailsEntity = clientDetailsEntityCacheManager.retrieve(clientId);
-                        label = "OAuth " + clientDetailsEntity.getClientName();
-                    }
-                }
+            }
         }
 
         EventEntity eventEntity = new EventEntity();
@@ -94,4 +91,11 @@ private String getParameterValue(String queryString, String parameter)  {
         }
         return null;
     }
+
+    private String removeAttributesFromUrl(String url) {
+        if (url.contains("?")) {
+            return url.substring(0, url.indexOf("?"));
+        }
+        return url;
+    }
 }
diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java
@@ -13,6 +13,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.codehaus.jettison.json.JSONException;
 import org.codehaus.jettison.json.JSONObject;
+import org.orcid.core.common.manager.EventManager;
 import org.orcid.core.constants.OrcidOauth2Constants;
 import org.orcid.core.exception.ClientDeactivatedException;
 import org.orcid.core.exception.LockedException;
@@ -23,6 +24,8 @@
 import org.orcid.core.oauth.service.OrcidAuthorizationEndpoint;
 import org.orcid.core.oauth.service.OrcidOAuth2RequestValidator;
 import org.orcid.core.security.OrcidUserDetailsService;
+import org.orcid.core.togglz.Features;
+import org.orcid.core.utils.EventType;
 import org.orcid.frontend.spring.web.social.config.SocialSignInUtils;
 import org.orcid.frontend.spring.web.social.config.SocialType;
 import org.orcid.frontend.spring.web.social.config.UserCookieGenerator;
@@ -86,6 +89,9 @@ public class LoginController extends OauthControllerBase {
 
     @Resource
     private OauthHelper oauthHelper;
+
+    @Resource
+    private EventManager eventManager;
 
     @RequestMapping(value = "/account/names/{type}", method = RequestMethod.GET)
     public @ResponseBody Names getAccountNames(@PathVariable String type) {
@@ -320,6 +326,9 @@ private ModelAndView processSocialLogin(HttpServletRequest request, HttpServletR
             userConnectionId = userConnection.getId().getUserid();            
             // Store relevant data in the session
             socialSignInUtils.setSignedInData(request, userData);
+            if (Features.EVENTS.isActive()) {
+                eventManager.createEvent(userConnection.getOrcid(), EventType.SIGN_IN, request, null);
+            }
 
             if(userConnection.isLinked()) {                
                 // If user exists and is linked update user connection info

diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/OauthAuthorizeController.java b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/OauthAuthorizeController.java
@@ -13,6 +13,7 @@
 import org.orcid.core.exception.LockedException;
 import org.orcid.core.common.manager.EventManager;
 import org.orcid.core.manager.v3.ProfileEntityManager;
+import org.orcid.core.oauth.OrcidProfileUserDetails;
 import org.orcid.core.oauth.OrcidRandomValueTokenServices;
 import org.orcid.core.togglz.Features;
 import org.orcid.core.utils.EventType;
@@ -252,7 +253,14 @@ public ModelAndView loginGetHandler(HttpServletRequest request, HttpServletRespo
         requestInfoForm.setRedirectUrl(view.getUrl());
         if (Features.EVENTS.isActive()) {
             EventType eventType = "true".equals(approvalParams.get("user_oauth_approval")) ? EventType.AUTHORIZE : EventType.AUTHORIZE_DENY;
-            eventManager.createEvent(auth.getPrincipal().toString(), eventType, null, requestInfoForm);
+            String orcid = null;
+            Object principal = auth.getPrincipal();
+            if (principal instanceof OrcidProfileUserDetails) {
+                orcid = ((OrcidProfileUserDetails) principal).getOrcid();
+            } else {
+                orcid = auth.getPrincipal().toString();
+            }
+            eventManager.createEvent(orcid, eventType, null, requestInfoForm);
         }
         if(new HttpSessionRequestCache().getRequest(request, response) != null)
             new HttpSessionRequestCache().removeRequest(request, response);