wip - battling with Okta

src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java

@@ -8,7 +8,7 @@ import java.util.*;
 import java.util.stream.Collectors;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
-import io.swagger.v3.oas.annotations.Operation;
+
 import javax.imageio.ImageIO;
 
 import org.apache.pdfbox.multipdf.PDFMergerUtility;
@@ -26,6 +26,7 @@ import org.springframework.web.multipart.MultipartFile;
 
 import io.github.pixee.security.BoundedLineReader;
 import io.github.pixee.security.Filenames;
+import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import lombok.extern.slf4j.Slf4j;
@@ -65,9 +66,10 @@ public class OCRController {
     }
 
     @PostMapping(consumes = "multipart/form-data", value = "/ocr-pdf")
-     @Operation(
+    @Operation(
-        summary = "Process PDF files with OCR using Tesseract",
+            summary = "Process PDF files with OCR using Tesseract",
-        description = "Takes a PDF file as input, performs OCR using specified languages and OCR type (skip-text/force-ocr), and returns the processed PDF. Input:PDF Output:PDF Type:SISO")
+            description =
+                    "Takes a PDF file as input, performs OCR using specified languages and OCR type (skip-text/force-ocr), and returns the processed PDF. Input:PDF Output:PDF Type:SISO")
     public ResponseEntity<byte[]> processPdfWithOCR(
             @ModelAttribute ProcessPdfWithOcrRequest request)
             throws IOException, InterruptedException {

src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java

@@ -81,7 +81,7 @@ public class AccountWebController {
                     String firstChar = String.valueOf(oauth.getProvider().charAt(0));
                     String clientName =
                             oauth.getProvider().replaceFirst(firstChar, firstChar.toUpperCase());
-                    providerList.put(OAUTH_2_AUTHORIZATION + "oidc", clientName);
+                    providerList.put(OAUTH_2_AUTHORIZATION + oauth.getProvider(), clientName);
                 }
 
                 Client client = oauth.getClient();

src/main/java/stirling/software/SPDF/model/UsernameAttribute.java

@@ -4,14 +4,17 @@ import lombok.Getter;
 
 @Getter
 public enum UsernameAttribute {
-    NAME("name"),
     EMAIL("email"),
-    GIVEN_NAME("given_name"),
-    PREFERRED_NAME("preferred_name"),
-    PREFERRED_USERNAME("preferred_username"),
     LOGIN("login"),
+    PROFILE("profile"),
+    NAME("name"),
+    USERNAME("username"),
+    NICKNAME("nickname"),
+    GIVEN_NAME("given_name"),
+    MIDDLE_NAME("middle_name"),
     FAMILY_NAME("family_name"),
-    NICKNAME("nickname");
+    PREFERRED_NAME("preferred_name"),
+    PREFERRED_USERNAME("preferred_username");
 
     private final String name;
 

src/main/resources/settings.yml.template

@@ -16,13 +16,12 @@ security:
   csrfDisabled: false # set to 'true' to disable CSRF protection (not recommended for production)
   loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1
   loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts
-  loginMethod: saml2 # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2)
+  loginMethod: all # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2)
-  customGlobalAPIKey: '' # todo: this is in ApplicationProperties but not here. Should we add it?
   initialLogin:
     username: '' # initial username for the first login
     password: '' # initial password for the first login
   oauth2:
-    enabled: false # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
+    enabled: true # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
     client:
       keycloak:
         issuer: '' # URL of the Keycloak realm's OpenID Connect Discovery endpoint
@@ -40,25 +39,25 @@ security:
         clientSecret: '' # client secret for GitHub OAuth2
         scopes: read:user # scope for GitHub OAuth2
         useAsUsername: login # field to use as the username for GitHub OAuth2. Available options are: [email | login | name]
-    issuer: 'https://authentik.dev.stirlingpdf.com/application/o/stirlingpdf-oauth/' # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) endpoint
+    issuer: https://trial-6373896.okta.com/home/okta_flow_sso/0oaok4lk1nVvNBnqK697/alnbibn6b0OPFATt20g7 # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) endpoint
-    clientId: '5ibI9Ud5cRNFIcS1gIJME0shO6VZOy6Ae6XUrZL0' # client ID from your provider
+    clientId: 0oaok4lk4eNm6PtFD697 # client ID from your provider
-    clientSecret: 'DFSD3B7MKLkWuEAasxxm2hghuzulPr37jdkrojPsGBz9MGwkfc' # client secret from your provider
+    clientSecret: lmwlmxFZSJ0miOoRpUAKf2jg8tVPPXhUxgL2VB-b4uJfhnk4sI02YodKWRX8fLSq # client secret from your provider
     logoutUrl: ''
     autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
     blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
-    useAsUsername: email # default is 'email'; custom fields can be used as the username
+    useAsUsername: username # default is 'email'; custom fields can be used as the username
-    scopes: openid, profile, email # specify the scopes for which the application will request permissions
+    scopes: okta.users.read, okta.users.read.self, okta.users.manage.self, okta.groups.read # specify the scopes for which the application will request permissions
     provider: google # set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
   saml2:
     enabled: false # Only enabled for paid enterprise clients (enterpriseEdition.enabled must be true)
     autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
     blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
     registrationId: stirlingpdf-dario-saml
-    idpMetadataUri: https://authentik.dev.stirlingpdf.com/api/v3/providers/saml/5/metadata/?download # todo: remove
+    idpMetadataUri: https://trial-6373896.okta.com/app/exkok5ozyuOz5fAyF697/sso/saml/metadata # todo: remove
-    idpSingleLoginUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/sso/binding/post/ # todo: remove
+    idpSingleLoginUrl: https://trial-6373896.okta.com/app/generic-saml/exkok5ozyuOz5fAyF697/sso/saml # todo: remove
-    idpSingleLogoutUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/slo/binding/post/ # todo: remove
+    idpSingleLogoutUrl: https://trial-6373896.okta.com # todo: remove
-    idpIssuer: authentik
+    idpIssuer: okta
-    idpCert: classpath:authentik-Self-signed_Certificate_certificate.pem
+    idpCert: classpath:okta.cert
     privateKey: classpath:private_key.key
     spCert: classpath:certificate.crt