uoa-repository-manager-service/src/main/java/eu/dnetlib/repo/manager/config/FrontEndLinkURIAuthenticationSuccessHandler.java

package eu.dnetlib.repo.manager.config;

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.session.FindByIndexNameSessionRepository;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Base64;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    private String frontEndURI;

    private static final Logger LOGGER = Logger
            .getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class);

    public void init() {
        LOGGER.debug("Front end uri : " + frontEndURI);
    }


    @Value("${aai.mode}")
    private String aai_mode;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
        request.getSession().setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, authOIDC.getUserInfo().getEmail());

        JsonObject userInfo = new JsonObject();

        if (authOIDC.getUserInfo().getSub() == null)
            userInfo.addProperty("sub", "");
        else
            userInfo.addProperty("sub", URLEncoder.encode(authOIDC.getUserInfo().getSub(), "UTF-8"));


        if (authOIDC.getUserInfo().getName() != null)
            userInfo.addProperty("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8"));

        if (authOIDC.getUserInfo().getGivenName() == null)
            userInfo.addProperty("firstname", "");
        else
            userInfo.addProperty("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");

        if (authOIDC.getUserInfo().getFamilyName() == null)
            userInfo.addProperty("lastname", "");
        else
            userInfo.addProperty("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");

        userInfo.addProperty("email", authOIDC.getUserInfo().getEmail() + "");
        if (authOIDC.getUserInfo().getSource().getAsJsonArray("edu_person_entitlements") == null)
            userInfo.addProperty("role", "");
        else
            userInfo.addProperty("role", URLEncoder.encode(authOIDC.getUserInfo()
                    .getSource().getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");


        Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue());
        String regex = "^([A-Za-z0-9-_=]+)\\.([A-Za-z0-9-_=]+)\\.?([A-Za-z0-9-_.+=]*)$";
        Matcher matcher = Pattern.compile(regex).matcher(authOIDC.getAccessTokenValue());
        if (matcher.find()) {
            long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong();
            accessToken.setMaxAge((int) (exp - (new Date().getTime() / 1000)));
        } else {
            accessToken.setMaxAge(3600);
        }
        if (aai_mode.equalsIgnoreCase("production") || aai_mode.equalsIgnoreCase("beta"))
            accessToken.setDomain(".openaire.eu");
        accessToken.setPath("/");


        Cookie openAIREUser = new Cookie("openAIREUser", new Gson().toJson(userInfo));
        openAIREUser.setMaxAge(accessToken.getMaxAge());
        openAIREUser.setPath("/");
        if (aai_mode.equalsIgnoreCase("production") || aai_mode.equalsIgnoreCase("beta"))
            openAIREUser.setDomain(".openaire.eu");

//        if (frontDomain!=null) {
//            accessToken.setDomain(frontDomain);
//            // openAIREUser.setDomain(frontDomain);
//        }

        response.addCookie(openAIREUser);
        response.addCookie(accessToken);
        response.sendRedirect(frontEndURI);
    }

    public String getFrontEndURI() {
        return frontEndURI;
    }

    public void setFrontEndURI(String frontEndURI) {
        this.frontEndURI = frontEndURI;
    }
}