From a4c6d48f6418c388e9aa0ec499b4145234e14d21 Mon Sep 17 00:00:00 2001 From: Daniel Palafox Date: Tue, 31 Oct 2023 16:32:10 -0500 Subject: [PATCH 1/2] fix: Add missing create event method for social sign in --- .../common/manager/impl/EventManagerImpl.java | 42 ++++++++++--------- .../web/controllers/LoginController.java | 6 +++ .../controllers/OauthAuthorizeController.java | 10 ++++- 3 files changed, 38 insertions(+), 20 deletions(-) diff --git a/orcid-core/src/main/java/org/orcid/core/common/manager/impl/EventManagerImpl.java b/orcid-core/src/main/java/org/orcid/core/common/manager/impl/EventManagerImpl.java index de62d256865..11c7b13d6fa 100644 --- a/orcid-core/src/main/java/org/orcid/core/common/manager/impl/EventManagerImpl.java +++ b/orcid-core/src/main/java/org/orcid/core/common/manager/impl/EventManagerImpl.java @@ -42,27 +42,24 @@ public void createEvent(String orcid, EventType eventType, HttpServletRequest re String redirectUrl = null; String publicPage = null; - switch (eventType) { - case PUBLIC_PAGE: - publicPage = orcid; - orcid = null; - break; - case REAUTHORIZE: + if (eventType == EventType.PUBLIC_PAGE) { + publicPage = orcid; + orcid = null; + } else { + if (request != null) { + Boolean isOauth2ScreensRequest = (Boolean) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_2SCREENS); + if (isOauth2ScreensRequest != null && isOauth2ScreensRequest) { + String queryString = (String) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_QUERY_STRING); + clientId = getParameterValue(queryString, "client_id"); + redirectUrl = getParameterValue(queryString, "redirect_uri"); + ClientDetailsEntity clientDetailsEntity = clientDetailsEntityCacheManager.retrieve(clientId); + label = "OAuth " + clientDetailsEntity.getClientName(); + } + } else if (requestInfoForm != null) { clientId = requestInfoForm.getClientId(); - redirectUrl = requestInfoForm.getRedirectUrl(); + redirectUrl = removeAttributesFromUrl(requestInfoForm.getRedirectUrl()); label = "OAuth " + requestInfoForm.getClientName(); - break; - default: - if (request != null) { - Boolean isOauth2ScreensRequest = (Boolean) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_2SCREENS); - if (isOauth2ScreensRequest != null && isOauth2ScreensRequest) { - String queryString = (String) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_QUERY_STRING); - clientId = getParameterValue(queryString, "client_id"); - redirectUrl = getParameterValue(queryString, "redirect_uri"); - ClientDetailsEntity clientDetailsEntity = clientDetailsEntityCacheManager.retrieve(clientId); - label = "OAuth " + clientDetailsEntity.getClientName(); - } - } + } } EventEntity eventEntity = new EventEntity(); @@ -94,4 +91,11 @@ private String getParameterValue(String queryString, String parameter) { } return null; } + + private String removeAttributesFromUrl(String url) { + if (url.contains("?")) { + return url.substring(0, url.indexOf("?")); + } + return url; + } } diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java index 424c406fef9..8a2879f99da 100644 --- a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java +++ b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java @@ -13,6 +13,7 @@ import org.apache.commons.lang3.StringUtils; import org.codehaus.jettison.json.JSONException; import org.codehaus.jettison.json.JSONObject; +import org.orcid.core.common.manager.EventManager; import org.orcid.core.constants.OrcidOauth2Constants; import org.orcid.core.exception.ClientDeactivatedException; import org.orcid.core.exception.LockedException; @@ -23,6 +24,7 @@ import org.orcid.core.oauth.service.OrcidAuthorizationEndpoint; import org.orcid.core.oauth.service.OrcidOAuth2RequestValidator; import org.orcid.core.security.OrcidUserDetailsService; +import org.orcid.core.utils.EventType; import org.orcid.frontend.spring.web.social.config.SocialSignInUtils; import org.orcid.frontend.spring.web.social.config.SocialType; import org.orcid.frontend.spring.web.social.config.UserCookieGenerator; @@ -86,6 +88,9 @@ public class LoginController extends OauthControllerBase { @Resource private OauthHelper oauthHelper; + + @Resource + private EventManager eventManager; @RequestMapping(value = "/account/names/{type}", method = RequestMethod.GET) public @ResponseBody Names getAccountNames(@PathVariable String type) { @@ -320,6 +325,7 @@ private ModelAndView processSocialLogin(HttpServletRequest request, HttpServletR userConnectionId = userConnection.getId().getUserid(); // Store relevant data in the session socialSignInUtils.setSignedInData(request, userData); + eventManager.createEvent(userConnection.getOrcid(), EventType.SIGN_IN, request, null); if(userConnection.isLinked()) { // If user exists and is linked update user connection info diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/OauthAuthorizeController.java b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/OauthAuthorizeController.java index 45821b78f64..dbed4118a0d 100644 --- a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/OauthAuthorizeController.java +++ b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/OauthAuthorizeController.java @@ -13,6 +13,7 @@ import org.orcid.core.exception.LockedException; import org.orcid.core.common.manager.EventManager; import org.orcid.core.manager.v3.ProfileEntityManager; +import org.orcid.core.oauth.OrcidProfileUserDetails; import org.orcid.core.oauth.OrcidRandomValueTokenServices; import org.orcid.core.togglz.Features; import org.orcid.core.utils.EventType; @@ -252,7 +253,14 @@ public ModelAndView loginGetHandler(HttpServletRequest request, HttpServletRespo requestInfoForm.setRedirectUrl(view.getUrl()); if (Features.EVENTS.isActive()) { EventType eventType = "true".equals(approvalParams.get("user_oauth_approval")) ? EventType.AUTHORIZE : EventType.AUTHORIZE_DENY; - eventManager.createEvent(auth.getPrincipal().toString(), eventType, null, requestInfoForm); + String orcid = null; + Object principal = auth.getPrincipal(); + if (principal instanceof OrcidProfileUserDetails) { + orcid = ((OrcidProfileUserDetails) principal).getOrcid(); + } else { + orcid = auth.getPrincipal().toString(); + } + eventManager.createEvent(orcid, eventType, null, requestInfoForm); } if(new HttpSessionRequestCache().getRequest(request, response) != null) new HttpSessionRequestCache().removeRequest(request, response); From bd205efb24dc823bb511dc80e04d7784cfe8b4a7 Mon Sep 17 00:00:00 2001 From: Daniel Palafox Date: Tue, 31 Oct 2023 16:33:45 -0500 Subject: [PATCH 2/2] fix: Add missing togglz for events in social sign in --- .../org/orcid/frontend/web/controllers/LoginController.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java index 8a2879f99da..dff31541f06 100644 --- a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java +++ b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/LoginController.java @@ -24,6 +24,7 @@ import org.orcid.core.oauth.service.OrcidAuthorizationEndpoint; import org.orcid.core.oauth.service.OrcidOAuth2RequestValidator; import org.orcid.core.security.OrcidUserDetailsService; +import org.orcid.core.togglz.Features; import org.orcid.core.utils.EventType; import org.orcid.frontend.spring.web.social.config.SocialSignInUtils; import org.orcid.frontend.spring.web.social.config.SocialType; @@ -325,7 +326,9 @@ private ModelAndView processSocialLogin(HttpServletRequest request, HttpServletR userConnectionId = userConnection.getId().getUserid(); // Store relevant data in the session socialSignInUtils.setSignedInData(request, userData); - eventManager.createEvent(userConnection.getOrcid(), EventType.SIGN_IN, request, null); + if (Features.EVENTS.isActive()) { + eventManager.createEvent(userConnection.getOrcid(), EventType.SIGN_IN, request, null); + } if(userConnection.isLinked()) { // If user exists and is linked update user connection info