Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

server: refactor: introduce AuthUser interface #838

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
110 changes: 110 additions & 0 deletions server/src/main/java/org/eclipse/openvsx/OVSXConfig.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
package org.eclipse.openvsx;

import static java.util.Collections.emptyMap;

import java.util.Map;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;

/**
* TODO: use lombok to reduce boilerplate, it's very needed.
*/
@Configuration
@ConfigurationProperties(prefix = "ovsx")
public class OVSXConfig {

private AuthConfig auth = new AuthConfig();

public AuthConfig getAuth() {
return auth;
}

public void setAuth(AuthConfig authConfig) {
this.auth = authConfig;
}

public static class AuthConfig {

private String provider = "github";

/**
* Configuration example:
* <pre><code>
* ovsx:
* auth:
* attribute-names:
* github: # provider name
* login: field-returned-by-your-provider
* </code></pre>
*/
private Map<String, AttributeNames> attributeNames = emptyMap();

public String getProvider() {
return provider;
}

public void setProvider(String provider) {
this.provider = provider;
}

public Map<String, AttributeNames> getAttributeNames() {
return attributeNames;
}

public void setAttributeNames(Map<String, AttributeNames> attributeNames) {
this.attributeNames = attributeNames;
}

public static class AttributeNames {

public static final AttributeNames EMPTY = new AttributeNames();

private String avatarUrl;
private String email;
private String fullName;
private String loginName;
private String providerUrl;

public String getAvatarUrl() {
return avatarUrl;
}

public void setAvatarUrl(String avatarUrl) {
this.avatarUrl = avatarUrl;
}

public String getEmail() {
return email;
}

public void setEmail(String email) {
this.email = email;
}

public String getFullName() {
return fullName;
}

public void setFullName(String fullName) {
this.fullName = fullName;
}

public String getLoginName() {
return loginName;
}

public void setLoginName(String loginName) {
this.loginName = loginName;
}

public String getProviderUrl() {
return providerUrl;
}

public void setProviderUrl(String providerUrl) {
this.providerUrl = providerUrl;
}
}
}
}
7 changes: 5 additions & 2 deletions server/src/main/java/org/eclipse/openvsx/UserAPI.java
Original file line number Diff line number Diff line change
Expand Up @@ -53,17 +53,20 @@ public class UserAPI {
private final UserService users;
private final EclipseService eclipse;
private final StorageUtilService storageUtil;
private final OVSXConfig config;

public UserAPI(
RepositoryService repositories,
UserService users,
EclipseService eclipse,
StorageUtilService storageUtil
StorageUtilService storageUtil,
OVSXConfig config
) {
this.repositories = repositories;
this.users = users;
this.eclipse = eclipse;
this.storageUtil = storageUtil;
this.config = config;
}

/**
Expand All @@ -73,7 +76,7 @@ public UserAPI(
path = "/login"
)
public ModelAndView login(ModelMap model) {
return new ModelAndView("redirect:/oauth2/authorization/github", model);
return new ModelAndView("redirect:/oauth2/authorization/" + config.getAuth().getProvider(), model);
}

/**
Expand Down
63 changes: 35 additions & 28 deletions server/src/main/java/org/eclipse/openvsx/UserService.java
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,15 @@
********************************************************************************/
package org.eclipse.openvsx;

import com.google.common.base.Joiner;
import jakarta.persistence.EntityManager;
import jakarta.transaction.Transactional;
import static org.eclipse.openvsx.cache.CacheService.CACHE_NAMESPACE_DETAILS_JSON;
import static org.eclipse.openvsx.util.UrlUtil.createApiUrl;

import java.io.IOException;
import java.nio.file.Files;
import java.util.List;
import java.util.Objects;
import java.util.UUID;

import org.apache.commons.lang3.SerializationUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.tika.Tika;
Expand All @@ -27,23 +33,24 @@
import org.eclipse.openvsx.json.NamespaceDetailsJson;
import org.eclipse.openvsx.json.ResultJson;
import org.eclipse.openvsx.repositories.RepositoryService;
import org.eclipse.openvsx.security.AuthUser;
import org.eclipse.openvsx.security.IdPrincipal;
import org.eclipse.openvsx.storage.StorageUtilService;
import org.eclipse.openvsx.util.*;
import org.eclipse.openvsx.util.ErrorResultException;
import org.eclipse.openvsx.util.NamingUtil;
import org.eclipse.openvsx.util.NotFoundException;
import org.eclipse.openvsx.util.TempFile;
import org.eclipse.openvsx.util.TimeUtil;
import org.eclipse.openvsx.util.UrlUtil;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Component;
import org.springframework.web.multipart.MultipartFile;

import java.io.IOException;
import java.nio.file.Files;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import com.google.common.base.Joiner;

import static org.eclipse.openvsx.cache.CacheService.CACHE_NAMESPACE_DETAILS_JSON;
import static org.eclipse.openvsx.util.UrlUtil.createApiUrl;
import jakarta.persistence.EntityManager;
import jakarta.transaction.Transactional;

@Component
public class UserService {
Expand Down Expand Up @@ -80,44 +87,44 @@ public UserData findLoggedInUser() {
}

@Transactional
public UserData registerNewUser(OAuth2User oauth2User) {
public UserData registerNewUser(AuthUser authUser) {
var user = new UserData();
user.setProvider("github");
user.setAuthId(oauth2User.getName());
user.setLoginName(oauth2User.getAttribute("login"));
user.setFullName(oauth2User.getAttribute("name"));
user.setEmail(oauth2User.getAttribute("email"));
user.setProviderUrl(oauth2User.getAttribute("html_url"));
user.setAvatarUrl(oauth2User.getAttribute("avatar_url"));
user.setProvider(authUser.getProviderId());
user.setAuthId(authUser.getAuthId());
user.setLoginName(authUser.getLoginName());
user.setFullName(authUser.getFullName());
user.setEmail(authUser.getEmail());
user.setProviderUrl(authUser.getProviderUrl());
user.setAvatarUrl(authUser.getAvatarUrl());
entityManager.persist(user);
return user;
}

@Transactional
public UserData updateExistingUser(UserData user, OAuth2User oauth2User) {
if ("github".equals(user.getProvider())) {
public UserData updateExistingUser(UserData user, AuthUser authUser) {
if (authUser.getProviderId().equals(user.getProvider())) {
var updated = false;
String loginName = oauth2User.getAttribute("login");
String loginName = authUser.getLoginName();
if (loginName != null && !loginName.equals(user.getLoginName())) {
user.setLoginName(loginName);
updated = true;
}
String fullName = oauth2User.getAttribute("name");
String fullName = authUser.getFullName();
if (fullName != null && !fullName.equals(user.getFullName())) {
user.setFullName(fullName);
updated = true;
}
String email = oauth2User.getAttribute("email");
String email = authUser.getEmail();
if (email != null && !email.equals(user.getEmail())) {
user.setEmail(email);
updated = true;
}
String providerUrl = oauth2User.getAttribute("html_url");
String providerUrl = authUser.getProviderUrl();
if (providerUrl != null && !providerUrl.equals(user.getProviderUrl())) {
user.setProviderUrl(providerUrl);
updated = true;
}
String avatarUrl = oauth2User.getAttribute("avatar_url");
String avatarUrl = authUser.getAvatarUrl();
if (avatarUrl != null && !avatarUrl.equals(user.getAvatarUrl())) {
user.setAvatarUrl(avatarUrl);
updated = true;
Expand Down Expand Up @@ -315,4 +322,4 @@ public ResultJson deleteAccessToken(UserData user, long id) {
token.setActive(false);
return ResultJson.success("Deleted access token for user " + user.getLoginName() + ".");
}
}
}
48 changes: 48 additions & 0 deletions server/src/main/java/org/eclipse/openvsx/security/AuthUser.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
/********************************************************************************
* Copyright (c) 2023 Ericsson and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* SPDX-License-Identifier: EPL-2.0
********************************************************************************/
package org.eclipse.openvsx.security;

/**
* Encapsulate information about freshly authenticated users.
*
* Different OAuth2 providers may return the same information with different
* attribute keys. This interface allows bridging arbitrary providers.
*/
public interface AuthUser {
/**
* @return Non-human readable unique identifier.
*/
String getAuthId();
/**
* @return The user's avatar URL. Some services require post-processing to get the actual value for it
* (the value returned is a template and you need to remplace variables).
*/
String getAvatarUrl();
/**
* @return The user's email.
*/
String getEmail();
/**
* @return The user's full name (first and last names).
*/
String getFullName();
/**
* @return The login name for the user. Human-readable unique name. AKA username.
*/
String getLoginName();
/**
* @return The authentication provider unique name, e.g. `github`, `eclipse`, etc.
*/
String getProviderId();
/**
* @return The authentication provider URL.
*/
String getProviderUrl();
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
package org.eclipse.openvsx.security;

import java.util.NoSuchElementException;

import org.eclipse.openvsx.OVSXConfig;
import org.eclipse.openvsx.OVSXConfig.AuthConfig.AttributeNames;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Service;

@Service
public class AuthUserFactory {

private static final AttributeNames GITHUB_ATTRIBUTES = new AttributeNames();

static {
GITHUB_ATTRIBUTES.setAvatarUrl("avatar_url");
GITHUB_ATTRIBUTES.setEmail("email");
GITHUB_ATTRIBUTES.setFullName("name");
GITHUB_ATTRIBUTES.setLoginName("login");
GITHUB_ATTRIBUTES.setProviderUrl("html_url");
}

private final OVSXConfig config;

public AuthUserFactory(
OVSXConfig config
) {
this.config = config;
}

public AuthUser createAuthUser(String providerId, OAuth2User oauth2User) {
var attributeNames = getAttributeNames(providerId);
return new DefaultAuthUser(
oauth2User.getName(),
oauth2User.getAttribute(attributeNames.getAvatarUrl()),
oauth2User.getAttribute(attributeNames.getEmail()),
oauth2User.getAttribute(attributeNames.getFullName()),
oauth2User.getAttribute(attributeNames.getLoginName()),
providerId,
oauth2User.getAttribute(attributeNames.getProviderUrl())
);
}

/**
* @param provider The provider to get the attribute mappings for.
* @return The relevant attribute mappings.
*/
private AttributeNames getAttributeNames(String provider) {
var attributeNames = config.getAuth().getAttributeNames().get(provider);
if (attributeNames == null) {
return switch (provider) {
case "github" -> GITHUB_ATTRIBUTES;
default -> throw new NoSuchElementException("No attributes found for provider: " + provider);
};
}
return attributeNames;
}
}
Loading
Loading