Commit 2cc9f8c2 authored by Matija Obreza's avatar Matija Obreza
Browse files

Additional fixes for Google+ login

parent d00c6c7c
......@@ -22,7 +22,6 @@ import org.genesys2.server.model.wrapper.UserWrapper;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.social.google.api.userinfo.GoogleUserInfo;
public interface UserService {
......@@ -72,6 +71,4 @@ public interface UserService {
void setAccountLockLocal(String uuid, boolean locked);
void userEmailValidated(String uuid);
void googleAuthentication(GoogleUserInfo userInfo);
}
......@@ -16,6 +16,12 @@
package org.genesys2.server.service.impl;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.genesys2.server.exception.NoUserFoundException;
......@@ -43,12 +49,9 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.social.google.api.userinfo.GoogleUserInfo;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.*;
@Service
@Transactional(readOnly = true)
public class UserServiceImpl implements UserService {
......@@ -350,25 +353,6 @@ public class UserServiceImpl implements UserService {
}
}
@Override
public void googleAuthentication(GoogleUserInfo userInfo) {
User user = getUserByEmail(userInfo.getEmail());
if (user == null) {
LOG.warn("Authentication with Google+ failed: No such user " + userInfo.getEmail());
}
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
grantedAuthorities.add(new SimpleGrantedAuthority("USER"));
grantedAuthorities.add(new SimpleGrantedAuthority("VALIDATEDUSER"));
AuthUserDetails userDetails = new AuthUserDetails(user.getUuid(), user.getPassword(), grantedAuthorities);
userDetails.setUser(user);
Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
}
private void addRoleToCurrentUser(User user, String role) {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
......
......@@ -56,7 +56,7 @@ public class GoogleSocialController extends BaseController {
userService.userEmailValidated(user.getUuid());
}
userService.googleAuthentication(userInfo);
googleOAuthUtil.googleAuthentication(userInfo);
return "redirect:/";
}
......
......@@ -6,8 +6,11 @@ import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
......@@ -18,11 +21,20 @@ import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.social.google.api.userinfo.GoogleUserInfo;
import org.springframework.stereotype.Component;
@Component
public class GoogleOAuthUtil {
private static final Log LOG = LogFactory.getLog(GoogleOAuthUtil.class);
public static final String LOCAL_GOOGLEAUTH_PATH = "/google/auth";
@Value("${base.url}")
......@@ -34,6 +46,10 @@ public class GoogleOAuthUtil {
@Value("${google.consumerSecret}")
private String secret;
@Autowired
@Named("authUserDetailsService")
private UserDetailsService userDetailsService;
public String exchangeForAccessToken(HttpServletRequest request) throws IOException, JSONException {
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("https://accounts.google.com/o/oauth2/token");
......@@ -69,10 +85,27 @@ public class GoogleOAuthUtil {
parameters.add(new BasicNameValuePair("approval_prompt", "auto"));
parameters.add(new BasicNameValuePair("access_type", "online"));
parameters.add(new BasicNameValuePair("include_granted_scopes", "true"));
// Google+ "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"));
// Google+
// "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"));
// Only basic:
parameters.add(new BasicNameValuePair("scope", "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"));
String query = URLEncodedUtils.format(parameters, "UTF-8");
return "https://accounts.google.com/o/oauth2/auth?" + query;
}
public void googleAuthentication(GoogleUserInfo userInfo) {
try {
UserDetails userDetails = userDetailsService.loadUserByUsername(userInfo.getEmail());
if (!(userDetails.isEnabled() && userDetails.isAccountNonExpired() && userDetails.isAccountNonLocked() && userDetails.isCredentialsNonExpired())) {
LOG.warn("Google login canceled: Account currently not available: " + userInfo.getEmail());
return;
}
Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
} catch (UsernameNotFoundException e) {
LOG.warn("Authentication with Google+ failed: No such user " + userInfo.getEmail());
}
}
}
......@@ -22,6 +22,7 @@
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.2.xsd">
<context:property-placeholder ignore-resource-not-found="true" location="classpath:/application.properties,classpath:/spring/spring.properties,classpath:/genesys.properties" />
<!-- This ensures things are loaded in correct order -->
<import resource="spring-common.xml" />
......
......@@ -54,9 +54,6 @@
<prop key="hibernate.hbm2ddl.auto">${db.hbm2ddl}</prop>
<prop key="hibernate.search.default.indexBase">${lucene.indexDir}</prop>
<prop key="hibernate.search.default.exclusive_index_use">false</prop>
<prop key="hibernate.connection.CharSet">utf8</prop>
<prop key="hibernate.connection.characterEncoding">utf8</prop>
<prop key="hibernate.connection.useUnicode">true</prop>
</props>
</property>
<property name="packagesToScan">
......
......@@ -23,9 +23,7 @@
http://www.springframework.org/schema/context/spring-context-3.2.xsd"
default-autowire="no">
<context:component-scan base-package="org.genesys2.server"/>
<context:property-placeholder ignore-resource-not-found="true" location="classpath:/spring/spring.properties"/>
<context:property-placeholder ignore-resource-not-found="true" location="classpath:/application.properties,classpath:/spring/spring.properties,classpath:/genesys.properties" />
<bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
<property name="host" value="${mail.host}"/>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment