Google auth: publish authentication event

0c73b57c · Matija Obreza · d89a470e · 0c73b57c · 0c73b57c
Commit 0c73b57c authored Dec 27, 2018 by Matija Obreza
--- a/src/main/java/org/genesys2/server/component/security/GoogleOAuthUtil.java
+++ b/src/main/java/org/genesys2/server/component/security/GoogleOAuthUtil.java
@@ -23,12 +23,6 @@ import java.util.UUID;

 import javax.servlet.http.HttpServletRequest;

-import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeRequestUrl;
-import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeTokenRequest;
-import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
-import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
-import com.google.api.client.http.javanet.NetHttpTransport;
-import com.google.api.client.json.jackson2.JacksonFactory;
 import org.genesys.blocks.security.UserException;
 import org.genesys.blocks.security.model.BasicUser;
 import org.genesys2.server.model.impl.User;
@@ -40,12 +34,18 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;

+import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeRequestUrl;
+import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeTokenRequest;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
+import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
+import com.google.api.client.http.javanet.NetHttpTransport;
+import com.google.api.client.json.jackson2.JacksonFactory;
+
 @Component
 public class GoogleOAuthUtil {
 	private static final Logger LOG = LoggerFactory.getLogger(GoogleOAuthUtil.class);
@@ -96,9 +96,8 @@ public class GoogleOAuthUtil {
 			}

 			final Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
-			SecurityContextHolder.getContext().setAuthentication(authentication);
-
 			return authentication;
+
 		} catch (final UsernameNotFoundException e) {
 			LOG.warn("Authentication with Google failed: No such user {}", tokenPayload.getEmail());
 			return null;
@@ -116,7 +115,7 @@ public class GoogleOAuthUtil {
 			}
 		} catch (UsernameNotFoundException e) {
 			LOG.info("Username not found, creating new Google account");
-			user = userService.createUser(tokenPayload.getEmail(), (String) tokenPayload.get("name"),null, BasicUser.AccountType.GOOGLE);
+			user = userService.createUser(tokenPayload.getEmail(), (String) tokenPayload.get("name"), null, BasicUser.AccountType.GOOGLE);
 			userService.userEmailValidated(UUID.fromString(user.getUuid()));
 		}
 		return user;

--- a/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java
+++ b/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java
@@ -27,20 +27,17 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

-import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
-import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
-import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
-import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
-import com.google.api.client.http.javanet.NetHttpTransport;
-import com.google.api.client.json.jackson2.JacksonFactory;
 import org.genesys.blocks.security.UserException;
 import org.genesys2.server.component.security.GoogleOAuthUtil;
 import org.genesys2.server.model.impl.User;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
@@ -56,6 +53,13 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;

+import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
+import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
+import com.google.api.client.http.javanet.NetHttpTransport;
+import com.google.api.client.json.jackson2.JacksonFactory;
+
 @Controller
 public class GoogleSocialController extends BaseController {

@@ -68,6 +72,9 @@ public class GoogleSocialController extends BaseController {
 	@Autowired
 	private AuthorizationServerTokenServices tokenServices;

+	@Autowired
+	private ApplicationEventPublisher applicationEventPublisher;
+	
 	@Value("${google.consumerKey}")
 	private String googleApiClientId;

@@ -92,10 +99,20 @@ public class GoogleSocialController extends BaseController {

 		// Get profile info from ID token
 		GoogleIdToken idToken = googleTokenResponse.parseIdToken();
-		final Authentication authentication = googleOAuthUtil.googleAuthentication(idToken.getPayload());
-
-		// Redirect to URL in session
-		authSuccessHandler.onAuthenticationSuccess(request, response, authentication);
+		try {
+			User user = googleOAuthUtil.extractUserFromGoogleTokenPayload(idToken.getPayload());
+			LOG.warn("Google auth for {}", user.getEmail());
+			final Authentication authentication = googleOAuthUtil.googleAuthentication(idToken.getPayload());
+			SecurityContextHolder.getContext().setAuthentication(authentication);
+			
+			applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(authentication));
+			
+			// Redirect to URL in session
+			 authSuccessHandler.onAuthenticationSuccess(request, response, authentication);
+
+		} catch (UserException e) {
+			LOG.error(e.getMessage(), e);
+		}
 	}

 	/**
@@ -122,8 +139,11 @@ public class GoogleSocialController extends BaseController {
 			final OAuth2Request oAuth2Request = new OAuth2Request(null, clientId, user.getAuthorities(), true, scope, null, null, null, null);

 			final UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
-			final OAuth2Authentication auth = new OAuth2Authentication(oAuth2Request, authenticationToken);
-			return tokenServices.createAccessToken(auth);
+			final OAuth2Authentication authentication = new OAuth2Authentication(oAuth2Request, authenticationToken);
+			
+			applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(authentication));
+			
+			return tokenServices.createAccessToken(authentication);
 		} else {
 			throw new BadCredentialsException("Could not authenticate you with Google");
 		}