Search in sources :

Example 81 with OAuth2Error

use of org.springframework.security.oauth2.core.OAuth2Error in project dhis2-core by dhis2.

the class DhisOidcUserService method loadUser.

@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
    ClientRegistration clientRegistration = userRequest.getClientRegistration();
    DhisOidcClientRegistration oidcClientRegistration = clientRegistrationRepository.getDhisOidcClientRegistration(clientRegistration.getRegistrationId());
    String mappingClaimKey = oidcClientRegistration.getMappingClaimKey();
    OidcUser oidcUser = super.loadUser(userRequest);
    OidcUserInfo userInfo = oidcUser.getUserInfo();
    Map<String, Object> attributes = oidcUser.getAttributes();
    Object claimValue = attributes.get(mappingClaimKey);
    if (claimValue == null && userInfo != null) {
        claimValue = userInfo.getClaim(mappingClaimKey);
    }
    if (log.isDebugEnabled()) {
        log.debug(String.format("Trying to look up DHIS2 user with OidcUser mapping mappingClaimKey='%s', claim value='%s'", mappingClaimKey, claimValue));
    }
    if (claimValue != null) {
        User user = userService.getUserByOpenId((String) claimValue);
        if (user != null) {
            return new DhisOidcUser(user, attributes, IdTokenClaimNames.SUB, oidcUser.getIdToken());
        }
    }
    String errorMessage = String.format("Failed to look up DHIS2 user with OidcUser mapping mappingClaimKey='%s', claim value='%s'", mappingClaimKey, claimValue);
    if (log.isDebugEnabled()) {
        log.debug(errorMessage);
    }
    OAuth2Error oauth2Error = new OAuth2Error("could_not_map_oidc_user_to_dhis2_user", errorMessage, null);
    throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser) User(org.hisp.dhis.user.User) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser)

Aggregations

OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)80 Test (org.junit.jupiter.api.Test)52 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)30 OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)19 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)16 Authentication (org.springframework.security.core.Authentication)12 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)12 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)11 Map (java.util.Map)10 Jwt (org.springframework.security.oauth2.jwt.Jwt)10 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9 OAuth2AuthorizationContext (org.springframework.security.oauth2.client.OAuth2AuthorizationContext)9 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)9 Instant (java.time.Instant)8 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8 BDDMockito.given (org.mockito.BDDMockito.given)8 Mockito.mock (org.mockito.Mockito.mock)8 Mockito.verify (org.mockito.Mockito.verify)8 Mono (reactor.core.publisher.Mono)8 Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)7