From 02b74616b22fefcfb40f1b8e2b988222ac8c8b34 Mon Sep 17 00:00:00 2001
From: "michele.artini" <michele.artini@isti.cnr.it>
Date: Thu, 22 Sep 2022 13:53:21 +0200
Subject: [PATCH] authentication details

---
 .../OAuth2WebSecurityConfig.java              | 30 +++++++------------
 .../controller/HomeController.java            |  4 +--
 .../organizations/controller/UserInfo.java    | 19 ++++++++++--
 3 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/OAuth2WebSecurityConfig.java b/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/OAuth2WebSecurityConfig.java
index bf0c5e92..c34e4c43 100644
--- a/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/OAuth2WebSecurityConfig.java
+++ b/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/OAuth2WebSecurityConfig.java
@@ -50,7 +50,7 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Value("${openaire.override.logout.url}")
 	private String openaireLogoutUrl;
 
-	private static Logger logger = LoggerFactory.getLogger(OAuth2WebSecurityConfig.class);
+	private static Logger log = LoggerFactory.getLogger(OAuth2WebSecurityConfig.class);
 
 	@Override
 	protected void configure(final HttpSecurity http) throws Exception {
@@ -86,7 +86,7 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		return (req, res, e) -> {
 			final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 			if (authentication != null) {
-				logger.warn(String
+				log.warn(String
 					.format("User '%s' (%s) attempted to access the protected URL: %s", UserInfo.getEmail(authentication), req
 						.getRemoteAddr(), req.getRequestURI()));
 			}
@@ -108,10 +108,10 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		handler.setPostLogoutRedirectUri("{baseUrl}");
 		handler.setRedirectStrategy((req, res, url) -> {
 			if (StringUtils.isNotBlank(openaireLogoutUrl)) {
-				logger.info("Performing remote logout: " + openaireLogoutUrl);
+				log.info("Performing remote logout: " + openaireLogoutUrl);
 				res.sendRedirect(openaireLogoutUrl);
 			} else {
-				logger.info("Performing remote logout: " + url);
+				log.info("Performing remote logout: " + url);
 				res.sendRedirect(url);
 			}
 		});
@@ -125,10 +125,15 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		return (userRequest) -> {
 			final OidcUser oidcUser = delegate.loadUser(userRequest);
 
-			final Optional<User> user = databaseUtils.findUser(oidcUser.getEmail());
+			log.debug("User attributes:");
+			oidcUser.getAttributes().forEach((k, v) -> {
+				log.debug("   - " + k + ": " + v);
+			});
+
+			final Optional<User> user = databaseUtils.findUser(UserInfo.getEmail(oidcUser));
 
 			if (user.isPresent()) {
-				databaseUtils.updateUserDetails(oidcUser.getEmail(), oidcUser.getFullName(), oidcUser.getAttribute("organization"));
+				databaseUtils.updateUserDetails(UserInfo.getEmail(oidcUser), UserInfo.getFullname(oidcUser), UserInfo.getOrganization(oidcUser));
 			}
 
 			final String role = "ROLE_" + OpenOrgsConstants.OPENORGS_ROLE_PREFIX + user
@@ -143,17 +148,4 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		};
 	}
 
-	// https://www.baeldung.com/spring-security-openid-connect
-
-	// https://github.com/mitreid-connect/
-	// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/tree/master/openid-connect-client
-	// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Client-configuration
-
-	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/trunk/
-	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-user-management/trunk/
-	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-openaire-users/trunk/
-	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-login/trunk/
-
-	// Aprire Ticket a GRNET con Argiro e Katerina come watchers
-
 }
diff --git a/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/controller/HomeController.java b/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/controller/HomeController.java
index b23bead1..db337ffd 100644
--- a/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/controller/HomeController.java
+++ b/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/controller/HomeController.java
@@ -72,12 +72,12 @@ public class HomeController extends AbstractDnetController {
 
 	@ModelAttribute("fullname")
 	public String getUserFullname(final Authentication authentication) {
-		return authentication != null ? UserInfo.getFullname(authentication) : null;
+		return authentication != null ? UserInfo.getFullname(authentication) : "unknown";
 	}
 
 	@ModelAttribute("organization")
 	public String getUserOrganization(final Authentication authentication) {
-		return authentication != null ? UserInfo.getOrganization(authentication) : null;
+		return authentication != null ? UserInfo.getOrganization(authentication) : "unknown";
 	}
 
 	@ModelAttribute("sysconf")
diff --git a/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/controller/UserInfo.java b/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/controller/UserInfo.java
index 0809cc82..5ee4ae67 100644
--- a/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/controller/UserInfo.java
+++ b/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/controller/UserInfo.java
@@ -5,6 +5,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 
 public class UserInfo {
 
@@ -90,17 +91,29 @@ public class UserInfo {
 
 	public static String getEmail(final Authentication authentication) {
 		final Object user = authentication.getPrincipal();
-		return user instanceof DefaultOidcUser ? ((DefaultOidcUser) user).getEmail() : authentication.getName();
+		return user instanceof DefaultOidcUser ? getEmail((DefaultOidcUser) user) : authentication.getName();
+	}
+
+	public static String getEmail(final OidcUser user) {
+		return user.getEmail();
 	}
 
 	public static String getFullname(final Authentication authentication) {
 		final Object user = authentication.getPrincipal();
-		return user instanceof DefaultOidcUser ? ((DefaultOidcUser) user).getFullName() : "unknown";
+		return user instanceof DefaultOidcUser ? getFullname((DefaultOidcUser) user) : "unknown";
+	}
+
+	public static String getFullname(final OidcUser user) {
+		return user.getFullName();
 	}
 
 	public static String getOrganization(final Authentication authentication) {
 		final Object user = authentication.getPrincipal();
-		return user instanceof DefaultOidcUser ? ((DefaultOidcUser) user).getAttribute("organization") : "unknown";
+		return user instanceof DefaultOidcUser ? getOrganization((DefaultOidcUser) user) : "unknown";
+	}
+
+	public static String getOrganization(final OidcUser user) {
+		return user.getAttribute("organization");
 	}
 
 }