Commit 0c73b57c authored by Matija Obreza's avatar Matija Obreza

Google auth: publish authentication event

parent d89a470e
...@@ -23,12 +23,6 @@ import java.util.UUID; ...@@ -23,12 +23,6 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeRequestUrl;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeTokenRequest;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import org.genesys.blocks.security.UserException; import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.model.BasicUser; import org.genesys.blocks.security.model.BasicUser;
import org.genesys2.server.model.impl.User; import org.genesys2.server.model.impl.User;
...@@ -40,12 +34,18 @@ import org.springframework.beans.factory.annotation.Qualifier; ...@@ -40,12 +34,18 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeRequestUrl;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeTokenRequest;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
@Component @Component
public class GoogleOAuthUtil { public class GoogleOAuthUtil {
private static final Logger LOG = LoggerFactory.getLogger(GoogleOAuthUtil.class); private static final Logger LOG = LoggerFactory.getLogger(GoogleOAuthUtil.class);
...@@ -96,9 +96,8 @@ public class GoogleOAuthUtil { ...@@ -96,9 +96,8 @@ public class GoogleOAuthUtil {
} }
final Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); final Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
return authentication; return authentication;
} catch (final UsernameNotFoundException e) { } catch (final UsernameNotFoundException e) {
LOG.warn("Authentication with Google failed: No such user {}", tokenPayload.getEmail()); LOG.warn("Authentication with Google failed: No such user {}", tokenPayload.getEmail());
return null; return null;
...@@ -116,7 +115,7 @@ public class GoogleOAuthUtil { ...@@ -116,7 +115,7 @@ public class GoogleOAuthUtil {
} }
} catch (UsernameNotFoundException e) { } catch (UsernameNotFoundException e) {
LOG.info("Username not found, creating new Google account"); LOG.info("Username not found, creating new Google account");
user = userService.createUser(tokenPayload.getEmail(), (String) tokenPayload.get("name"),null, BasicUser.AccountType.GOOGLE); user = userService.createUser(tokenPayload.getEmail(), (String) tokenPayload.get("name"), null, BasicUser.AccountType.GOOGLE);
userService.userEmailValidated(UUID.fromString(user.getUuid())); userService.userEmailValidated(UUID.fromString(user.getUuid()));
} }
return user; return user;
......
...@@ -27,20 +27,17 @@ import javax.servlet.ServletException; ...@@ -27,20 +27,17 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import org.genesys.blocks.security.UserException; import org.genesys.blocks.security.UserException;
import org.genesys2.server.component.security.GoogleOAuthUtil; import org.genesys2.server.component.security.GoogleOAuthUtil;
import org.genesys2.server.model.impl.User; import org.genesys2.server.model.impl.User;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.OAuth2Request;
...@@ -56,6 +53,13 @@ import org.springframework.web.bind.annotation.RequestMethod; ...@@ -56,6 +53,13 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
@Controller @Controller
public class GoogleSocialController extends BaseController { public class GoogleSocialController extends BaseController {
...@@ -68,6 +72,9 @@ public class GoogleSocialController extends BaseController { ...@@ -68,6 +72,9 @@ public class GoogleSocialController extends BaseController {
@Autowired @Autowired
private AuthorizationServerTokenServices tokenServices; private AuthorizationServerTokenServices tokenServices;
@Autowired
private ApplicationEventPublisher applicationEventPublisher;
@Value("${google.consumerKey}") @Value("${google.consumerKey}")
private String googleApiClientId; private String googleApiClientId;
...@@ -92,10 +99,20 @@ public class GoogleSocialController extends BaseController { ...@@ -92,10 +99,20 @@ public class GoogleSocialController extends BaseController {
// Get profile info from ID token // Get profile info from ID token
GoogleIdToken idToken = googleTokenResponse.parseIdToken(); GoogleIdToken idToken = googleTokenResponse.parseIdToken();
try {
User user = googleOAuthUtil.extractUserFromGoogleTokenPayload(idToken.getPayload());
LOG.warn("Google auth for {}", user.getEmail());
final Authentication authentication = googleOAuthUtil.googleAuthentication(idToken.getPayload()); final Authentication authentication = googleOAuthUtil.googleAuthentication(idToken.getPayload());
SecurityContextHolder.getContext().setAuthentication(authentication);
applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(authentication));
// Redirect to URL in session // Redirect to URL in session
authSuccessHandler.onAuthenticationSuccess(request, response, authentication); authSuccessHandler.onAuthenticationSuccess(request, response, authentication);
} catch (UserException e) {
LOG.error(e.getMessage(), e);
}
} }
/** /**
...@@ -122,8 +139,11 @@ public class GoogleSocialController extends BaseController { ...@@ -122,8 +139,11 @@ public class GoogleSocialController extends BaseController {
final OAuth2Request oAuth2Request = new OAuth2Request(null, clientId, user.getAuthorities(), true, scope, null, null, null, null); final OAuth2Request oAuth2Request = new OAuth2Request(null, clientId, user.getAuthorities(), true, scope, null, null, null, null);
final UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities()); final UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
final OAuth2Authentication auth = new OAuth2Authentication(oAuth2Request, authenticationToken); final OAuth2Authentication authentication = new OAuth2Authentication(oAuth2Request, authenticationToken);
return tokenServices.createAccessToken(auth);
applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(authentication));
return tokenServices.createAccessToken(authentication);
} else { } else {
throw new BadCredentialsException("Could not authenticate you with Google"); throw new BadCredentialsException("Could not authenticate you with Google");
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment