use of io.gravitee.management.rest.resource.auth.oauth2.ExpressionMapping in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResource method getGroupsToAddUser.
private Set<GroupEntity> getGroupsToAddUser(String username, List<ExpressionMapping> mappings, String userInfo) {
Set<GroupEntity> groupsToAdd = new HashSet<>();
for (ExpressionMapping mapping : mappings) {
TemplateEngine templateEngine = TemplateEngine.templateEngine();
templateEngine.getTemplateContext().setVariable("profile", userInfo);
boolean match = templateEngine.getValue(mapping.getCondition(), boolean.class);
trace(username, match, mapping);
// get groups
if (match) {
for (String groupName : mapping.getGroupNames()) {
List<GroupEntity> groupEntities = groupService.findByName(groupName);
if (groupEntities.isEmpty()) {
LOGGER.error("Unable to create user, missing group in repository : {}", groupName);
throw new InternalServerErrorException();
} else if (groupEntities.size() > 1) {
LOGGER.warn("There's more than a group found in repository for name : {}", groupName);
}
GroupEntity groupEntity = groupEntities.get(0);
groupsToAdd.add(groupEntity);
}
}
}
return groupsToAdd;
}
use of io.gravitee.management.rest.resource.auth.oauth2.ExpressionMapping in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResource method processUser.
private Response processUser(String userInfo) throws IOException {
HashMap<String, String> attrs = getUserProfileAttrs(userInfo);
List<ExpressionMapping> mappings = serverConfiguration.getGroupsMapping();
String username = attrs.get(UserProfile.EMAIL);
if (username == null) {
throw new BadRequestException("No public email linked to your account");
}
// set user to Authentication Context
UserDetails userDetails = new UserDetails(username, "", Collections.emptyList());
userDetails.setEmail(username);
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()));
try {
UserEntity registeredUser = userService.findByUsername(username, false);
userDetails.setUsername(registeredUser.getId());
} catch (UserNotFoundException unfe) {
final NewExternalUserEntity newUser = new NewExternalUserEntity();
newUser.setUsername(username);
newUser.setEmail(username);
newUser.setSource(AuthenticationSource.OAUTH2.getName());
if (attrs.get(UserProfile.ID) != null) {
newUser.setSourceId(attrs.get(UserProfile.ID));
}
if (attrs.get(UserProfile.LASTNAME) != null) {
newUser.setLastname(attrs.get(UserProfile.LASTNAME));
}
if (attrs.get(UserProfile.FIRSTNAME) != null) {
newUser.setFirstname(attrs.get(UserProfile.FIRSTNAME));
}
if (attrs.get(UserProfile.PICTURE) != null) {
newUser.setPicture(attrs.get(UserProfile.PICTURE));
}
if (!mappings.isEmpty()) {
// can fail if a group in config does not exist in gravitee --> HTTP 500
Set<GroupEntity> groupsToAdd = getGroupsToAddUser(username, mappings, userInfo);
UserEntity createdUser = userService.create(newUser, true);
userDetails.setUsername(createdUser.getId());
addUserToApiAndAppGroupsWithDefaultRole(createdUser.getId(), groupsToAdd);
} else {
UserEntity createdUser = userService.create(newUser, true);
userDetails.setUsername(createdUser.getId());
}
}
// User refresh
UpdateUserEntity user = new UpdateUserEntity();
user.setUsername(username);
if (attrs.get(UserProfile.LASTNAME) != null) {
user.setLastname(attrs.get(UserProfile.LASTNAME));
}
if (attrs.get(UserProfile.FIRSTNAME) != null) {
user.setFirstname(attrs.get(UserProfile.FIRSTNAME));
}
if (attrs.get(UserProfile.PICTURE) != null) {
user.setPicture(attrs.get(UserProfile.PICTURE));
}
UserEntity updatedUser = userService.update(user);
return connectUser(updatedUser.getId());
}
Aggregations