From ff3740c54f517f5eef003506864329e087fbe8f2 Mon Sep 17 00:00:00 2001 From: Dario Ghunney Ware Date: Wed, 5 Feb 2025 19:39:32 +0000 Subject: [PATCH] wip - battling with Okta --- .../controller/api/misc/OCRController.java | 10 +++++--- .../controller/web/AccountWebController.java | 2 +- .../SPDF/model/UsernameAttribute.java | 13 ++++++---- src/main/resources/settings.yml.template | 25 +++++++++---------- 4 files changed, 27 insertions(+), 23 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java index 8dda1fc4..c8ffe9de 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java @@ -8,7 +8,7 @@ import java.util.*; import java.util.stream.Collectors; import java.util.zip.ZipEntry; import java.util.zip.ZipOutputStream; -import io.swagger.v3.oas.annotations.Operation; + import javax.imageio.ImageIO; import org.apache.pdfbox.multipdf.PDFMergerUtility; @@ -26,6 +26,7 @@ import org.springframework.web.multipart.MultipartFile; import io.github.pixee.security.BoundedLineReader; import io.github.pixee.security.Filenames; +import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.extern.slf4j.Slf4j; @@ -65,9 +66,10 @@ public class OCRController { } @PostMapping(consumes = "multipart/form-data", value = "/ocr-pdf") - @Operation( - summary = "Process PDF files with OCR using Tesseract", - description = "Takes a PDF file as input, performs OCR using specified languages and OCR type (skip-text/force-ocr), and returns the processed PDF. Input:PDF Output:PDF Type:SISO") + @Operation( + summary = "Process PDF files with OCR using Tesseract", + description = + "Takes a PDF file as input, performs OCR using specified languages and OCR type (skip-text/force-ocr), and returns the processed PDF. Input:PDF Output:PDF Type:SISO") public ResponseEntity processPdfWithOCR( @ModelAttribute ProcessPdfWithOcrRequest request) throws IOException, InterruptedException { diff --git a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java index e9a1d228..870ec624 100644 --- a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java +++ b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java @@ -81,7 +81,7 @@ public class AccountWebController { String firstChar = String.valueOf(oauth.getProvider().charAt(0)); String clientName = oauth.getProvider().replaceFirst(firstChar, firstChar.toUpperCase()); - providerList.put(OAUTH_2_AUTHORIZATION + "oidc", clientName); + providerList.put(OAUTH_2_AUTHORIZATION + oauth.getProvider(), clientName); } Client client = oauth.getClient(); diff --git a/src/main/java/stirling/software/SPDF/model/UsernameAttribute.java b/src/main/java/stirling/software/SPDF/model/UsernameAttribute.java index 24bccaf9..23e098a4 100644 --- a/src/main/java/stirling/software/SPDF/model/UsernameAttribute.java +++ b/src/main/java/stirling/software/SPDF/model/UsernameAttribute.java @@ -4,14 +4,17 @@ import lombok.Getter; @Getter public enum UsernameAttribute { - NAME("name"), EMAIL("email"), - GIVEN_NAME("given_name"), - PREFERRED_NAME("preferred_name"), - PREFERRED_USERNAME("preferred_username"), LOGIN("login"), + PROFILE("profile"), + NAME("name"), + USERNAME("username"), + NICKNAME("nickname"), + GIVEN_NAME("given_name"), + MIDDLE_NAME("middle_name"), FAMILY_NAME("family_name"), - NICKNAME("nickname"); + PREFERRED_NAME("preferred_name"), + PREFERRED_USERNAME("preferred_username"); private final String name; diff --git a/src/main/resources/settings.yml.template b/src/main/resources/settings.yml.template index 6add3b49..434eae05 100644 --- a/src/main/resources/settings.yml.template +++ b/src/main/resources/settings.yml.template @@ -16,13 +16,12 @@ security: csrfDisabled: false # set to 'true' to disable CSRF protection (not recommended for production) loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1 loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts - loginMethod: saml2 # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2) - customGlobalAPIKey: '' # todo: this is in ApplicationProperties but not here. Should we add it? + loginMethod: all # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2) initialLogin: username: '' # initial username for the first login password: '' # initial password for the first login oauth2: - enabled: false # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work) + enabled: true # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work) client: keycloak: issuer: '' # URL of the Keycloak realm's OpenID Connect Discovery endpoint @@ -40,25 +39,25 @@ security: clientSecret: '' # client secret for GitHub OAuth2 scopes: read:user # scope for GitHub OAuth2 useAsUsername: login # field to use as the username for GitHub OAuth2. Available options are: [email | login | name] - issuer: 'https://authentik.dev.stirlingpdf.com/application/o/stirlingpdf-oauth/' # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) endpoint - clientId: '5ibI9Ud5cRNFIcS1gIJME0shO6VZOy6Ae6XUrZL0' # client ID from your provider - clientSecret: 'DFSD3B7MKLkWuEAasxxm2hghuzulPr37jdkrojPsGBz9MGwkfc' # client secret from your provider + issuer: https://trial-6373896.okta.com/home/okta_flow_sso/0oaok4lk1nVvNBnqK697/alnbibn6b0OPFATt20g7 # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) endpoint + clientId: 0oaok4lk4eNm6PtFD697 # client ID from your provider + clientSecret: lmwlmxFZSJ0miOoRpUAKf2jg8tVPPXhUxgL2VB-b4uJfhnk4sI02YodKWRX8fLSq # client secret from your provider logoutUrl: '' autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin - useAsUsername: email # default is 'email'; custom fields can be used as the username - scopes: openid, profile, email # specify the scopes for which the application will request permissions + useAsUsername: username # default is 'email'; custom fields can be used as the username + scopes: okta.users.read, okta.users.read.self, okta.users.manage.self, okta.groups.read # specify the scopes for which the application will request permissions provider: google # set this to your OAuth provider's name, e.g., 'google' or 'keycloak' saml2: enabled: false # Only enabled for paid enterprise clients (enterpriseEdition.enabled must be true) autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin registrationId: stirlingpdf-dario-saml - idpMetadataUri: https://authentik.dev.stirlingpdf.com/api/v3/providers/saml/5/metadata/?download # todo: remove - idpSingleLoginUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/sso/binding/post/ # todo: remove - idpSingleLogoutUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/slo/binding/post/ # todo: remove - idpIssuer: authentik - idpCert: classpath:authentik-Self-signed_Certificate_certificate.pem + idpMetadataUri: https://trial-6373896.okta.com/app/exkok5ozyuOz5fAyF697/sso/saml/metadata # todo: remove + idpSingleLoginUrl: https://trial-6373896.okta.com/app/generic-saml/exkok5ozyuOz5fAyF697/sso/saml # todo: remove + idpSingleLogoutUrl: https://trial-6373896.okta.com # todo: remove + idpIssuer: okta + idpCert: classpath:okta.cert privateKey: classpath:private_key.key spCert: classpath:certificate.crt