diff --git a/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java b/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java index e5e01247deaf1e584131381ecd353a43482bf30a..3dbec2cff01d9337b5a63a315716482da451a8c0 100644 --- a/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java +++ b/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java @@ -17,6 +17,9 @@ package org.genesys2.server.mvc; import java.io.IOException; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -24,15 +27,16 @@ import javax.servlet.http.HttpServletResponse; import org.genesys.blocks.security.NotUniqueUserException; import org.genesys.blocks.security.UserException; -import org.genesys.blocks.security.model.BasicUser.AccountType; import org.genesys.blocks.security.service.PasswordPolicy.PasswordPolicyException; import org.genesys2.server.model.impl.User; -import org.genesys2.server.service.UserService; import org.genesys2.server.servlet.util.GoogleOAuthUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; +import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; @@ -43,19 +47,22 @@ import org.springframework.social.google.api.plus.Person; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; @Controller public class GoogleSocialController extends BaseController { - @Autowired - private UserService userService; - private final AuthenticationSuccessHandler authSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler(); private final AuthenticationFailureHandler authFailureHandler = new SimpleUrlAuthenticationFailureHandler(); @Autowired private GoogleOAuthUtil googleOAuthUtil; + @Autowired + private AuthorizationServerTokenServices tokenServices; + @RequestMapping("/google/login") public void redirectToGoogle(HttpServletResponse response) throws IOException { response.sendRedirect(googleOAuthUtil.getAuthenticationUrl()); @@ -84,19 +91,7 @@ public class GoogleSocialController extends BaseController { final Google google = new GoogleTemplate(accessToken); final Person userInfo = google.plusOperations().getGoogleProfile(); - User user = null; - try { - user = userService.getUserByEmail(userInfo.getAccountEmail()); - if (user.getAccountType() == AccountType.LOCAL) { - // account exists, change to {@link LoginType#GOOGLE} - LOG.info("Changing account type to LoginType#GOOGLE"); - userService.setAccountType(user, AccountType.GOOGLE); - } - } catch (UsernameNotFoundException e) { - LOG.info("Username not found, creating new Google account"); - user = userService.createUser(userInfo.getAccountEmail(), null, userInfo.getDisplayName(), AccountType.GOOGLE); - userService.userEmailValidated(user.getUuid()); - } + googleOAuthUtil.extractUserFromGoogleProfile(userInfo); final Authentication authentication = googleOAuthUtil.googleAuthentication(userInfo); @@ -104,4 +99,30 @@ public class GoogleSocialController extends BaseController { authSuccessHandler.onAuthenticationSuccess(request, response, authentication); } + /** + * Google XHR auth. + * + * @param accessToken the access token + * @param clientId the client id + * @return the object + */ + @RequestMapping(value = "/google/verify-token", method = RequestMethod.GET) + @ResponseBody + public Object googleAuth(@RequestParam("accessToken") final String accessToken, + @RequestParam("clientId") final String clientId) throws UserException { + + final Google google = new GoogleTemplate(accessToken); + final Person userInfo = google.plusOperations().getGoogleProfile(); + + User user = googleOAuthUtil.extractUserFromGoogleProfile(userInfo); + + final Set scope = new HashSet<>(Arrays.asList("trust", "read", "write")); + final OAuth2Request oAuth2Request = new OAuth2Request(null, clientId, user.getAuthorities(), true, scope, null, null, null, null); + + final UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities()); + final OAuth2Authentication auth = new OAuth2Authentication(oAuth2Request, authenticationToken); + + return tokenServices.createAccessToken(auth); + } + } diff --git a/src/main/java/org/genesys2/server/servlet/util/GoogleOAuthUtil.java b/src/main/java/org/genesys2/server/servlet/util/GoogleOAuthUtil.java index 7daba2d67659b8dd61a7e3455dd590c044c418f7..01eb021cb4a6b5d790e47889a0029d54198659b1 100644 --- a/src/main/java/org/genesys2/server/servlet/util/GoogleOAuthUtil.java +++ b/src/main/java/org/genesys2/server/servlet/util/GoogleOAuthUtil.java @@ -33,6 +33,10 @@ import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.message.BasicNameValuePair; +import org.genesys.blocks.security.UserException; +import org.genesys.blocks.security.model.BasicUser; +import org.genesys2.server.model.impl.User; +import org.genesys2.server.service.UserService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -65,6 +69,9 @@ public class GoogleOAuthUtil { @Value("${google.consumerSecret}") private String secret; + @Autowired + private UserService userService; + @Autowired @Named("authUserDetailsService") private UserDetailsService userDetailsService; @@ -136,4 +143,24 @@ public class GoogleOAuthUtil { return null; } } + + public User extractUserFromGoogleProfile(Person userInfo) throws UserException { + User user = null; + try { + user = userService.getUserByEmail(userInfo.getAccountEmail()); + if(user == null){ + throw new UsernameNotFoundException("User not found"); + } + if (user.getAccountType() == BasicUser.AccountType.LOCAL) { + // account exists, change to {@link LoginType#GOOGLE} + LOG.info("Changing account type to LoginType#GOOGLE"); + userService.setAccountType(user, BasicUser.AccountType.GOOGLE); + } + } catch (UsernameNotFoundException e) { + LOG.info("Username not found, creating new Google account"); + user = userService.createUser(userInfo.getAccountEmail(), userInfo.getDisplayName(),null, BasicUser.AccountType.GOOGLE); + userService.userEmailValidated(user.getUuid()); + } + return user; + } }