wip - refactoring & cleanup

This commit is contained in:
Dario Ghunney Ware 2025-01-23 17:57:35 +00:00
parent 0fee70cd60
commit 329cd0cf25
18 changed files with 74 additions and 87 deletions

View File

@ -3,7 +3,7 @@ package stirling.software.SPDF.config.interfaces;
import java.sql.SQLException;
import java.util.List;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
import stirling.software.SPDF.utils.FileInfo;
public interface DatabaseInterface {

View File

@ -15,7 +15,6 @@ import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuc
import com.coveo.saml.SamlClient;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.AllArgsConstructor;
@ -26,8 +25,8 @@ import stirling.software.SPDF.config.security.saml2.CustomSaml2AuthenticatedPrin
import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
import stirling.software.SPDF.model.ApplicationProperties.Security.SAML2;
import stirling.software.SPDF.model.Provider;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
import stirling.software.SPDF.model.provider.Provider;
import stirling.software.SPDF.utils.UrlUtils;
@Slf4j
@ -39,7 +38,7 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
@Override
public void onLogoutSuccess(
HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
throws IOException {
if (!response.isCommitted()) {
// Handle user logout due to disabled account
@ -58,30 +57,25 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
// Handle SAML2 logout redirection
if (authentication instanceof Saml2Authentication) {
getRedirect_saml2(request, response, authentication);
return;
}
// Handle OAuth2 logout redirection
else if (authentication instanceof OAuth2AuthenticationToken) {
getRedirect_oauth2(request, response, authentication);
return;
}
// Handle Username/Password logout
else if (authentication instanceof UsernamePasswordAuthenticationToken) {
getRedirectStrategy().sendRedirect(request, response, "/login?logout=true");
return;
}
// Handle unknown authentication types
else {
log.error(
"authentication class unknown: "
+ authentication.getClass().getSimpleName());
"authentication class unknown: {}",
authentication.getClass().getSimpleName());
getRedirectStrategy().sendRedirect(request, response, "/login?logout=true");
return;
}
} else {
// Redirect to login page after logout
getRedirectStrategy().sendRedirect(request, response, "/login?logout=true");
return;
}
}
}
@ -162,17 +156,17 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
try {
// Get OAuth2 provider details from configuration
Provider provider = oauth.getClient().get(registrationId);
issuer = provider.getIssuer();
clientId = provider.getClientId();
} catch (UnsupportedProviderException e) {
log.error(e.getMessage());
}
} else {
registrationId = oauth.getProvider() != null ? oauth.getProvider() : "";
}
issuer = oauth.getIssuer();
clientId = oauth.getClientId();
}
String errorMessage = "";
// Handle different error scenarios during logout
if (request.getParameter("oauth2AuthenticationErrorWeb") != null) {
param = "erroroauth=oauth2AuthenticationErrorWeb";
@ -194,7 +188,7 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
// Redirect based on OAuth2 provider
switch (registrationId.toLowerCase()) {
case "keycloak":
case "keycloak" -> {
// Add Keycloak specific logout URL if needed
String logoutUrl =
issuer
@ -205,15 +199,15 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
+ response.encodeRedirectURL(redirect_url);
log.info("Redirecting to Keycloak logout URL: " + logoutUrl);
response.sendRedirect(logoutUrl);
break;
case "github":
}
case "github" -> {
// Add GitHub specific logout URL if needed
// todo: why does the redirect go to github? shouldn't it come to Stirling PDF?
String githubLogoutUrl = "https://github.com/logout";
log.info("Redirecting to GitHub logout URL: " + redirect_url);
response.sendRedirect(redirect_url);
break;
case "google":
}
case "google" -> {
// Add Google specific logout URL if needed
// String googleLogoutUrl =
// "https://accounts.google.com/Logout?continue=https://appengine.google.com/_ah/logout?continue="
@ -221,12 +215,12 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
log.info("Google does not have a specific logout URL");
// log.info("Redirecting to Google logout URL: " + googleLogoutUrl);
// response.sendRedirect(googleLogoutUrl);
// break;
default:
}
default -> {
String defaultRedirectUrl = request.getContextPath() + "/login?" + param;
log.info("Redirecting to default logout URL: " + defaultRedirectUrl);
log.info("Redirecting to default logout URL: {}", defaultRedirectUrl);
response.sendRedirect(defaultRedirectUrl);
break;
}
}
}

View File

@ -10,7 +10,7 @@ import lombok.extern.slf4j.Slf4j;
import stirling.software.SPDF.config.interfaces.DatabaseInterface;
import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.Role;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
@Slf4j
@Component

View File

@ -26,7 +26,7 @@ import stirling.software.SPDF.config.security.saml2.CustomSaml2AuthenticatedPrin
import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
import stirling.software.SPDF.controller.api.pipeline.UserServiceInterface;
import stirling.software.SPDF.model.*;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
import stirling.software.SPDF.repository.AuthorityRepository;
import stirling.software.SPDF.repository.UserRepository;

View File

@ -13,7 +13,7 @@ import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import stirling.software.SPDF.config.InstallationPathConfig;
import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
@Slf4j
@Getter

View File

@ -8,7 +8,7 @@ import org.springframework.stereotype.Component;
import stirling.software.SPDF.config.interfaces.DatabaseInterface;
import stirling.software.SPDF.controller.api.H2SQLCondition;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
@Component
@Conditional(H2SQLCondition.class)

View File

@ -19,7 +19,7 @@ import stirling.software.SPDF.config.security.UserService;
import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
import stirling.software.SPDF.model.AuthenticationType;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
import stirling.software.SPDF.utils.RequestUriUtils;
public class CustomOAuth2AuthenticationSuccessHandler

View File

@ -1,5 +1,7 @@
package stirling.software.SPDF.config.security.oauth2;
import static org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
@ -28,7 +30,6 @@ import stirling.software.SPDF.model.User;
import stirling.software.SPDF.model.provider.GithubProvider;
import stirling.software.SPDF.model.provider.GoogleProvider;
import stirling.software.SPDF.model.provider.KeycloakProvider;
import static org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE;
@Slf4j
@Configuration
@ -41,9 +42,7 @@ public class OAuth2Configuration {
@Lazy private final UserService userService;
public OAuth2Configuration(
ApplicationProperties applicationProperties,
@Lazy UserService userService
) {
ApplicationProperties applicationProperties, @Lazy UserService userService) {
this.userService = userService;
this.applicationProperties = applicationProperties;
}
@ -123,11 +122,8 @@ public class OAuth2Configuration {
return Optional.empty();
}
GithubProvider github = applicationProperties
.getSecurity()
.getOauth2()
.getClient()
.getGithub();
GithubProvider github =
applicationProperties.getSecurity().getOauth2().getClient().getGithub();
return github != null && github.isSettingsValid()
? Optional.of(

View File

@ -19,7 +19,7 @@ import stirling.software.SPDF.config.security.UserService;
import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.ApplicationProperties.Security.SAML2;
import stirling.software.SPDF.model.AuthenticationType;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
import stirling.software.SPDF.utils.RequestUriUtils;
@AllArgsConstructor

View File

@ -34,7 +34,7 @@ import stirling.software.SPDF.model.AuthenticationType;
import stirling.software.SPDF.model.Role;
import stirling.software.SPDF.model.User;
import stirling.software.SPDF.model.api.user.UsernameAndPass;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
@Controller
@Tag(name = "User", description = "User APIs")

View File

@ -37,6 +37,7 @@ import stirling.software.SPDF.repository.UserRepository;
@Tag(name = "Account Security", description = "Account Security APIs")
public class AccountWebController {
public static final String OAUTH_2_AUTHORIZATION = "/oauth2/authorization/";
private final ApplicationProperties applicationProperties;
private final SessionPersistentRegistry sessionPersistentRegistry;
@ -65,26 +66,24 @@ public class AccountWebController {
if (oauth != null) {
if (oauth.getEnabled()) {
if (oauth.isSettingsValid()) {
providerList.put("/oauth2/authorization/oidc", oauth.getProvider());
providerList.put(OAUTH_2_AUTHORIZATION + "oidc", oauth.getProvider());
}
Client client = oauth.getClient();
if (client != null) {
GoogleProvider google = client.getGoogle();
if (google.isSettingsValid()) {
providerList.put(
"/oauth2/authorization/" + google.getName(),
google.getClientName());
OAUTH_2_AUTHORIZATION + google.getName(), google.getClientName());
}
GithubProvider github = client.getGithub();
if (github.isSettingsValid()) {
providerList.put(
"/oauth2/authorization/" + github.getName(),
github.getClientName());
OAUTH_2_AUTHORIZATION + github.getName(), github.getClientName());
}
KeycloakProvider keycloak = client.getKeycloak();
if (keycloak.isSettingsValid()) {
providerList.put(
"/oauth2/authorization/" + keycloak.getName(),
OAUTH_2_AUTHORIZATION + keycloak.getName(),
keycloak.getClientName());
}
}
@ -101,7 +100,7 @@ public class AccountWebController {
.removeIf(entry -> entry.getKey() == null || entry.getValue() == null);
model.addAttribute("providerlist", providerList);
model.addAttribute("loginMethod", securityProps.getLoginMethod());
boolean altLogin = providerList.size() > 0 ? securityProps.isAltLogin() : false;
boolean altLogin = !providerList.isEmpty() ? securityProps.isAltLogin() : false;
model.addAttribute("altLogin", altLogin);
model.addAttribute("currentPage", "login");
String error = request.getParameter("error");

View File

@ -12,7 +12,6 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
@ -33,10 +32,11 @@ import lombok.ToString;
import lombok.extern.slf4j.Slf4j;
import stirling.software.SPDF.config.InstallationPathConfig;
import stirling.software.SPDF.config.YamlPropertySourceFactory;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
import stirling.software.SPDF.model.provider.GithubProvider;
import stirling.software.SPDF.model.provider.GoogleProvider;
import stirling.software.SPDF.model.provider.KeycloakProvider;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.provider.Provider;
@Configuration
@ConfigurationProperties(prefix = "")
@ -227,9 +227,7 @@ public class ApplicationProperties {
public void setScopes(String scopes) {
List<String> scopesList =
Arrays.stream(scopes.split(","))
.map(String::trim)
.toList();
Arrays.stream(scopes.split(",")).map(String::trim).toList();
this.scopes.addAll(scopesList);
}
@ -260,8 +258,11 @@ public class ApplicationProperties {
case "google" -> getGoogle();
case "github" -> getGithub();
case "keycloak" -> getKeycloak();
default -> throw new UnsupportedProviderException(
"Logout from the provider is not supported? Report it at https://github.com/Stirling-Tools/Stirling-PDF/issues");
default ->
throw new UnsupportedProviderException(
"Logout from the provider "
+ registrationId
+ " is not supported. Report it at https://github.com/Stirling-Tools/Stirling-PDF/issues");
};
}
}

View File

@ -1,4 +1,4 @@
package stirling.software.SPDF.model.provider;
package stirling.software.SPDF.model.exception;
public class UnsupportedProviderException extends Exception {
public UnsupportedProviderException(String message) {

View File

@ -1,13 +1,11 @@
package stirling.software.SPDF.model.provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.stream.Collectors;
import lombok.NoArgsConstructor;
import stirling.software.SPDF.model.Provider;
// @Setter
@NoArgsConstructor
public class GithubProvider extends Provider {
@ -22,7 +20,8 @@ public class GithubProvider extends Provider {
private Collection<String> scopes = new ArrayList<>();
private String useAsUsername = "login";
public GithubProvider(String clientId, String clientSecret, Collection<String> scopes, String useAsUsername) {
public GithubProvider(
String clientId, String clientSecret, Collection<String> scopes, String useAsUsername) {
super(null, NAME, CLIENT_NAME, clientId, clientSecret, scopes, useAsUsername);
this.clientId = clientId;
this.clientSecret = clientSecret;

View File

@ -1,15 +1,11 @@
package stirling.software.SPDF.model.provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import lombok.NoArgsConstructor;
import stirling.software.SPDF.model.Provider;
// @Setter
@NoArgsConstructor
public class GoogleProvider extends Provider {
@ -25,7 +21,8 @@ public class GoogleProvider extends Provider {
private Collection<String> scopes = new ArrayList<>();
private String useAsUsername = "email";
public GoogleProvider(String clientId, String clientSecret, Collection<String> scopes, String useAsUsername) {
public GoogleProvider(
String clientId, String clientSecret, Collection<String> scopes, String useAsUsername) {
super(null, NAME, CLIENT_NAME, clientId, clientSecret, scopes, useAsUsername);
this.clientId = clientId;
this.clientSecret = clientSecret;
@ -67,5 +64,4 @@ public class GoogleProvider extends Provider {
+ useAsUsername
+ "]";
}
}

View File

@ -1,13 +1,11 @@
package stirling.software.SPDF.model.provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.stream.Collectors;
import lombok.NoArgsConstructor;
import stirling.software.SPDF.model.Provider;
// @Setter
@NoArgsConstructor
public class KeycloakProvider extends Provider {
@ -20,7 +18,12 @@ public class KeycloakProvider extends Provider {
private Collection<String> scopes;
private String useAsUsername = "email";
public KeycloakProvider(String issuer, String clientId, String clientSecret, Collection<String> scopes, String useAsUsername) {
public KeycloakProvider(
String issuer,
String clientId,
String clientSecret,
Collection<String> scopes,
String useAsUsername) {
super(issuer, NAME, CLIENT_NAME, clientId, clientSecret, scopes, useAsUsername);
this.useAsUsername = useAsUsername;
this.issuer = issuer;
@ -56,5 +59,4 @@ public class KeycloakProvider extends Provider {
+ useAsUsername
+ "]";
}
}

View File

@ -1,8 +1,9 @@
package stirling.software.SPDF.model;
package stirling.software.SPDF.model.provider;
import java.util.Arrays;
import java.util.Collection;
import java.util.stream.Collectors;
import lombok.Getter;
import lombok.NoArgsConstructor;
@ -25,8 +26,7 @@ public abstract class Provider {
String clientId,
String clientSecret,
Collection<String> scopes,
String useAsUsername
) {
String useAsUsername) {
this.issuer = issuer;
this.name = name;
this.clientName = clientName;
@ -53,32 +53,32 @@ public abstract class Provider {
return value != null && !value.isEmpty();
}
protected void setIssuer(String issuer) {
public void setIssuer(String issuer) {
this.issuer = issuer;
}
protected void setName(String name) {
public void setName(String name) {
this.name = name;
}
protected void setClientName(String clientName) {
public void setClientName(String clientName) {
this.clientName = clientName;
}
protected void setClientId(String clientId) {
public void setClientId(String clientId) {
this.clientId = clientId;
}
protected void setClientSecret(String clientSecret) {
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
protected void setScopes(String scopes) {
this.scopes = Arrays.stream(scopes.split(",")).map(String::trim).collect(Collectors.toList());
public void setScopes(String scopes) {
this.scopes =
Arrays.stream(scopes.split(",")).map(String::trim).collect(Collectors.toList());
}
protected void setUseAsUsername(String useAsUsername) {
public void setUseAsUsername(String useAsUsername) {
this.useAsUsername = useAsUsername;
}
}

View File

@ -9,7 +9,7 @@ import org.junit.jupiter.params.provider.ValueSource;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.provider.UnsupportedProviderException;
import stirling.software.SPDF.model.exception.UnsupportedProviderException;
import static org.junit.jupiter.api.Assertions.assertInstanceOf;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.mock;