_Bastler/we.bstly-back
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

fix OIDC client

Browse Source
This commit is contained in:
_Bastler
2022-12-09 11:02:21 +01:00
parent c73c172abe
commit 27c6ab5630
14 changed files with 187 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/src/main/java/de/bstly/we/businesslogic/UserAliasManager.java
+10
View File
@@ -64,6 +64,16 @@ public class UserAliasManager implements UserDataProvider {
return userAliasRepository.findOne(qUserAlias.alias.eq(alias)).orElse(null);
}
/**
*
* @param userId
* @param alias
* @return
*/
public boolean hasAlias(Long userId, String alias) {
return userAliasRepository.exists(qUserAlias.target.eq(userId).and(qUserAlias.alias.eq(alias)));
}
/**
* Gets the all by target.
*
core/src/main/java/de/bstly/we/controller/AuthenticationController.java
+25
View File
@@ -4,6 +4,7 @@
package de.bstly.we.controller;
import java.io.IOException;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -13,7 +14,9 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.validation.Errors;
import org.springframework.web.bind.annotation.GetMapping;
@@ -22,12 +25,14 @@ import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import de.bstly.we.businesslogic.UserAliasManager;
import de.bstly.we.businesslogic.UserManager;
import de.bstly.we.controller.model.PasswordResetModel;
import de.bstly.we.controller.support.EntityResponseStatusException;
import de.bstly.we.controller.support.RequestBodyErrors;
import de.bstly.we.controller.validation.PasswordModelValidator;
import de.bstly.we.model.User;
import de.bstly.we.security.model.LocalUserDetails;
/**
* The Class AuthenticationController.
@@ -40,6 +45,8 @@ public class AuthenticationController extends BaseController {
private UserManager userManager;
@Autowired
private PasswordModelValidator passwordModelValidator;
@Autowired
private UserAliasManager userAliasManager;
/**
* Me.
@@ -102,7 +109,25 @@ public class AuthenticationController extends BaseController {
user = userManager.setPassword(user.getId(), passwordResetModel.getPassword());
user.setResetToken(null);
userManager.update(user);
}
@PreAuthorize("authentication.authenticated")
@PostMapping("/alias")
public void setAlias(@RequestBody Optional<String> alias, HttpServletRequest req, HttpServletResponse resp) {
if (alias.isPresent() && !userAliasManager.hasAlias(getCurrentUserId(), alias.get())) {
throw new EntityResponseStatusException(HttpStatus.FORBIDDEN);
}
SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = context.getAuthentication();
if (authentication != null && authentication.getPrincipal() instanceof LocalUserDetails) {
LocalUserDetails details = (LocalUserDetails) authentication.getPrincipal();
details.setAlias(alias.orElse(null));
Authentication newAuthentication = new UsernamePasswordAuthenticationToken(details,
authentication.getCredentials(), details.getAuthorities());
context.setAuthentication(newAuthentication);
}
}
}
core/src/main/java/de/bstly/we/controller/PermissionManagementController.java
+22 -2
View File
@@ -3,6 +3,7 @@
*/
package de.bstly.we.controller;
import java.time.Instant;
import java.util.List;
import java.util.Optional;
@@ -92,6 +93,23 @@ public class PermissionManagementController extends BaseController {
permission.getStarts(), permission.getExpires());
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@PostMapping("list")
public List<Permission> createPermissions(@RequestBody List<Permission> permissions,
@RequestParam("target") Optional<Long> target, @RequestParam("starts") Optional<Instant> starts,
@RequestParam("expires") Optional<Instant> expires) {
List<Permission> result = Lists.newArrayList();
for (Permission permission : permissions) {
permission.setId(null);
permission.setTarget(target.orElse(permission.getTarget()));
permission.setStarts(starts.orElse(permission.getStarts()));
permission.setExpires(expires.orElse(permission.getExpires()));
result.add(permissionManager.create(permission.getTarget(), permission.getName(), permission.isAddon(),
permission.getStarts(), permission.getExpires()));
}
return result;
}
/**
* Update permission.
*
@@ -116,13 +134,15 @@ public class PermissionManagementController extends BaseController {
*/
@PreAuthorize("hasRole('ROLE_ADMIN')")
@PatchMapping("list")
public List<Permission> updatePermissions(@RequestBody List<Permission> permissions) {
public List<Permission> updatePermissions(@RequestBody List<Permission> permissions,
@RequestParam("starts") Optional<Instant> starts, @RequestParam("expires") Optional<Instant> expires) {
List<Permission> result = Lists.newArrayList();
for (Permission permission : permissions) {
if (permission.getId() == null) {
throw new EntityResponseStatusException(HttpStatus.CONFLICT);
}
permission.setStarts(starts.orElse(permission.getStarts()));
permission.setExpires(expires.orElse(permission.getExpires()));
result.add(permissionManager.update(permission));
}
return result;
core/src/main/java/de/bstly/we/controller/QuotaManagementController.java
+18 -1
View File
@@ -109,6 +109,22 @@ public class QuotaManagementController extends BaseController {
quota.isDisposable());
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@PostMapping("/list")
public List<Quota> createQuotaList(@RequestBody List<Quota> quotas, @RequestParam("target") Optional<Long> target,
@RequestParam("value") Optional<Long> value) {
List<Quota> result = Lists.newArrayList();
for (Quota quota : quotas) {
quota.setId(null);
quota.setTarget(target.orElse(quota.getTarget()));
quota.setValue(value.orElse(quota.getValue()));
result.add(quotaManager.create(quota.getTarget(), quota.getName(), quota.getValue(), quota.getUnit(),
quota.isDisposable()));
}
return result;
}
/**
* Update quota.
*
@@ -133,7 +149,7 @@ public class QuotaManagementController extends BaseController {
*/
@PreAuthorize("hasRole('ROLE_ADMIN')")
@PatchMapping("/list")
public List<Quota> updateQuotaList(@RequestBody List<Quota> quotas) {
public List<Quota> updateQuotaList(@RequestBody List<Quota> quotas, @RequestParam("value") Optional<Long> value) {
List<Quota> result = Lists.newArrayList();
@@ -141,6 +157,7 @@ public class QuotaManagementController extends BaseController {
if (quotaManager.get(quota.getTarget(), quota.getName()) == null) {
throw new EntityResponseStatusException(HttpStatus.CONFLICT);
}
quota.setValue(value.orElse(quota.getValue()));
result.add(quotaManager.update(quota));
}
core/src/main/java/de/bstly/we/security/model/LocalUserDetails.java
+15
View File
@@ -18,6 +18,7 @@ public class LocalUserDetails extends User {
*/
private static final long serialVersionUID = 1L;
private Long userId;
private String alias;
/**
* Instantiates a new local user details.
@@ -52,4 +53,18 @@ public class LocalUserDetails extends User {
this.userId = userId;
}
/**
* @return the alias
*/
public String getAlias() {
return alias;
}
/**
* @param alias the alias to set
*/
public void setAlias(String alias) {
this.alias = alias;
}
}