Search in sources :

Example 1 with ExpressionMapping

use of io.gravitee.management.rest.resource.auth.oauth2.ExpressionMapping in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResource method getGroupsToAddUser.

private Set<GroupEntity> getGroupsToAddUser(String username, List<ExpressionMapping> mappings, String userInfo) {
    Set<GroupEntity> groupsToAdd = new HashSet<>();
    for (ExpressionMapping mapping : mappings) {
        TemplateEngine templateEngine = TemplateEngine.templateEngine();
        templateEngine.getTemplateContext().setVariable("profile", userInfo);
        boolean match = templateEngine.getValue(mapping.getCondition(), boolean.class);
        trace(username, match, mapping);
        // get groups
        if (match) {
            for (String groupName : mapping.getGroupNames()) {
                List<GroupEntity> groupEntities = groupService.findByName(groupName);
                if (groupEntities.isEmpty()) {
                    LOGGER.error("Unable to create user, missing group in repository : {}", groupName);
                    throw new InternalServerErrorException();
                } else if (groupEntities.size() > 1) {
                    LOGGER.warn("There's more than a group found in repository for name : {}", groupName);
                }
                GroupEntity groupEntity = groupEntities.get(0);
                groupsToAdd.add(groupEntity);
            }
        }
    }
    return groupsToAdd;
}
Also used : ExpressionMapping(io.gravitee.management.rest.resource.auth.oauth2.ExpressionMapping) TemplateEngine(io.gravitee.el.TemplateEngine)

Example 2 with ExpressionMapping

use of io.gravitee.management.rest.resource.auth.oauth2.ExpressionMapping in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResource method processUser.

private Response processUser(String userInfo) throws IOException {
    HashMap<String, String> attrs = getUserProfileAttrs(userInfo);
    List<ExpressionMapping> mappings = serverConfiguration.getGroupsMapping();
    String username = attrs.get(UserProfile.EMAIL);
    if (username == null) {
        throw new BadRequestException("No public email linked to your account");
    }
    // set user to Authentication Context
    UserDetails userDetails = new UserDetails(username, "", Collections.emptyList());
    userDetails.setEmail(username);
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()));
    try {
        UserEntity registeredUser = userService.findByUsername(username, false);
        userDetails.setUsername(registeredUser.getId());
    } catch (UserNotFoundException unfe) {
        final NewExternalUserEntity newUser = new NewExternalUserEntity();
        newUser.setUsername(username);
        newUser.setEmail(username);
        newUser.setSource(AuthenticationSource.OAUTH2.getName());
        if (attrs.get(UserProfile.ID) != null) {
            newUser.setSourceId(attrs.get(UserProfile.ID));
        }
        if (attrs.get(UserProfile.LASTNAME) != null) {
            newUser.setLastname(attrs.get(UserProfile.LASTNAME));
        }
        if (attrs.get(UserProfile.FIRSTNAME) != null) {
            newUser.setFirstname(attrs.get(UserProfile.FIRSTNAME));
        }
        if (attrs.get(UserProfile.PICTURE) != null) {
            newUser.setPicture(attrs.get(UserProfile.PICTURE));
        }
        if (!mappings.isEmpty()) {
            // can fail if a group in config does not exist in gravitee --> HTTP 500
            Set<GroupEntity> groupsToAdd = getGroupsToAddUser(username, mappings, userInfo);
            UserEntity createdUser = userService.create(newUser, true);
            userDetails.setUsername(createdUser.getId());
            addUserToApiAndAppGroupsWithDefaultRole(createdUser.getId(), groupsToAdd);
        } else {
            UserEntity createdUser = userService.create(newUser, true);
            userDetails.setUsername(createdUser.getId());
        }
    }
    // User refresh
    UpdateUserEntity user = new UpdateUserEntity();
    user.setUsername(username);
    if (attrs.get(UserProfile.LASTNAME) != null) {
        user.setLastname(attrs.get(UserProfile.LASTNAME));
    }
    if (attrs.get(UserProfile.FIRSTNAME) != null) {
        user.setFirstname(attrs.get(UserProfile.FIRSTNAME));
    }
    if (attrs.get(UserProfile.PICTURE) != null) {
        user.setPicture(attrs.get(UserProfile.PICTURE));
    }
    UserEntity updatedUser = userService.update(user);
    return connectUser(updatedUser.getId());
}
Also used : UserNotFoundException(io.gravitee.management.service.exceptions.UserNotFoundException) ExpressionMapping(io.gravitee.management.rest.resource.auth.oauth2.ExpressionMapping) UserDetails(io.gravitee.management.idp.api.authentication.UserDetails) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Aggregations

ExpressionMapping (io.gravitee.management.rest.resource.auth.oauth2.ExpressionMapping)2 TemplateEngine (io.gravitee.el.TemplateEngine)1 UserDetails (io.gravitee.management.idp.api.authentication.UserDetails)1 UserNotFoundException (io.gravitee.management.service.exceptions.UserNotFoundException)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1