2024-02-08 10:04:38 +01:00
|
|
|
package eu.eudat.models;
|
2023-10-11 16:53:12 +02:00
|
|
|
|
2023-11-29 16:41:15 +01:00
|
|
|
import eu.eudat.commons.JsonHandlingService;
|
2023-10-17 14:22:05 +02:00
|
|
|
import eu.eudat.commons.scope.user.UserScope;
|
2023-11-29 16:41:15 +01:00
|
|
|
import eu.eudat.commons.types.user.AdditionalInfoEntity;
|
2023-11-17 18:01:44 +01:00
|
|
|
import eu.eudat.data.UserEntity;
|
2023-10-17 14:22:05 +02:00
|
|
|
import gr.cite.commons.web.authz.configuration.AuthorizationConfiguration;
|
2023-10-11 16:53:12 +02:00
|
|
|
import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
|
|
|
|
|
import gr.cite.commons.web.oidc.principal.MyPrincipal;
|
|
|
|
|
import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor;
|
|
|
|
|
import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractorKeys;
|
|
|
|
|
import gr.cite.tools.fieldset.BaseFieldSet;
|
|
|
|
|
import gr.cite.tools.fieldset.FieldSet;
|
2023-11-29 16:41:15 +01:00
|
|
|
import jakarta.persistence.EntityManager;
|
2023-10-11 16:53:12 +02:00
|
|
|
import org.springframework.beans.factory.config.ConfigurableBeanFactory;
|
|
|
|
|
import org.springframework.context.annotation.Scope;
|
|
|
|
|
import org.springframework.stereotype.Component;
|
|
|
|
|
|
2023-10-18 17:52:03 +02:00
|
|
|
import javax.management.InvalidApplicationException;
|
2023-10-11 16:53:12 +02:00
|
|
|
import java.util.*;
|
|
|
|
|
|
|
|
|
|
@Component
|
|
|
|
|
@Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE)
|
|
|
|
|
public class AccountBuilder {
|
|
|
|
|
|
|
|
|
|
private final ClaimExtractor claimExtractor;
|
|
|
|
|
private final Set<String> excludeMoreClaim;
|
|
|
|
|
private final CurrentPrincipalResolver currentPrincipalResolver;
|
2023-10-17 14:22:05 +02:00
|
|
|
private final AuthorizationConfiguration authorizationConfiguration;
|
2023-11-29 16:41:15 +01:00
|
|
|
private final JsonHandlingService jsonHandlingService;
|
2023-10-11 16:53:12 +02:00
|
|
|
private final UserScope userScope;
|
2023-11-29 16:41:15 +01:00
|
|
|
private final EntityManager entityManager;
|
|
|
|
|
public AccountBuilder(ClaimExtractor claimExtractor, CurrentPrincipalResolver currentPrincipalResolver, AuthorizationConfiguration authorizationConfiguration, JsonHandlingService jsonHandlingService, UserScope userScope, EntityManager entityManager) {
|
2023-10-11 16:53:12 +02:00
|
|
|
this.claimExtractor = claimExtractor;
|
|
|
|
|
this.currentPrincipalResolver = currentPrincipalResolver;
|
2023-10-17 14:22:05 +02:00
|
|
|
this.authorizationConfiguration = authorizationConfiguration;
|
2023-11-29 16:41:15 +01:00
|
|
|
this.jsonHandlingService = jsonHandlingService;
|
2023-10-11 16:53:12 +02:00
|
|
|
this.userScope = userScope;
|
2023-11-29 16:41:15 +01:00
|
|
|
this.entityManager = entityManager;
|
2023-10-11 16:53:12 +02:00
|
|
|
this.excludeMoreClaim = Set.of(
|
|
|
|
|
ClaimExtractorKeys.Subject,
|
|
|
|
|
ClaimExtractorKeys.Name,
|
|
|
|
|
ClaimExtractorKeys.Scope,
|
|
|
|
|
ClaimExtractorKeys.Client,
|
|
|
|
|
ClaimExtractorKeys.IssuedAt,
|
|
|
|
|
ClaimExtractorKeys.NotBefore,
|
|
|
|
|
ClaimExtractorKeys.AuthenticatedAt,
|
|
|
|
|
ClaimExtractorKeys.ExpiresAt);
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-18 17:52:03 +02:00
|
|
|
public Account build(FieldSet fields, MyPrincipal principal) throws InvalidApplicationException {
|
2023-10-11 16:53:12 +02:00
|
|
|
Account model = new Account();
|
|
|
|
|
if (principal == null || !principal.isAuthenticated()) {
|
|
|
|
|
model.setIsAuthenticated(Boolean.FALSE);
|
|
|
|
|
return model;
|
|
|
|
|
}
|
|
|
|
|
model.setIsAuthenticated(Boolean.TRUE);
|
|
|
|
|
|
|
|
|
|
FieldSet principalFields = fields.extractPrefixed(BaseFieldSet.asIndexerPrefix(Account._principal));
|
|
|
|
|
if (!principalFields.isEmpty()) model.setPrincipal(new Account.PrincipalInfo());
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._subject))
|
|
|
|
|
model.getPrincipal().setSubject(this.claimExtractor.subjectUUID(principal));
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._userId))
|
|
|
|
|
model.getPrincipal().setUserId(this.userScope.getUserIdSafe());
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._name))
|
|
|
|
|
model.getPrincipal().setName(this.claimExtractor.name(principal));
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._scope))
|
|
|
|
|
model.getPrincipal().setScope(this.claimExtractor.scope(principal));
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._client))
|
|
|
|
|
model.getPrincipal().setClient(this.claimExtractor.client(principal));
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._issuedAt))
|
|
|
|
|
model.getPrincipal().setIssuedAt(this.claimExtractor.issuedAt(principal));
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._notBefore))
|
|
|
|
|
model.getPrincipal().setNotBefore(this.claimExtractor.notBefore(principal));
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._authenticatedAt))
|
|
|
|
|
model.getPrincipal().setAuthenticatedAt(this.claimExtractor.authenticatedAt(principal));
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._expiresAt))
|
|
|
|
|
model.getPrincipal().setExpiresAt(this.claimExtractor.expiresAt(principal));
|
|
|
|
|
if (principalFields.hasField(Account.PrincipalInfo._more)) {
|
|
|
|
|
model.getPrincipal().setMore(new HashMap<>());
|
|
|
|
|
for (String key : this.claimExtractor.knownPublicKeys()) {
|
|
|
|
|
if (this.excludeMoreClaim.contains(key))
|
|
|
|
|
continue;
|
|
|
|
|
List<String> values = this.claimExtractor.asStrings(principal, key);
|
|
|
|
|
if (values == null || values.isEmpty())
|
|
|
|
|
continue;
|
|
|
|
|
if (!model.getPrincipal().getMore().containsKey(key))
|
|
|
|
|
model.getPrincipal().getMore().put(key, new ArrayList<>());
|
|
|
|
|
model.getPrincipal().getMore().get(key).addAll(values);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (fields.hasField(Account._roles)) {
|
2023-11-17 18:01:44 +01:00
|
|
|
List<String> roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal());
|
|
|
|
|
model.setRoles(roles);
|
2023-10-11 16:53:12 +02:00
|
|
|
}
|
2023-10-17 14:22:05 +02:00
|
|
|
if (fields.hasField(Account._permissions)) {
|
|
|
|
|
List<String> roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal());
|
|
|
|
|
Set<String> permissions = authorizationConfiguration.permissionsOfRoles(roles);
|
|
|
|
|
model.setPermissions(new ArrayList<>(permissions));
|
|
|
|
|
}
|
2023-11-29 16:41:15 +01:00
|
|
|
|
|
|
|
|
FieldSet profileFields = fields.extractPrefixed(BaseFieldSet.asIndexerPrefix(Account._profile));
|
|
|
|
|
if (!profileFields.isEmpty() && this.userScope.getUserIdSafe() != null){
|
|
|
|
|
model.setProfile(new Account.UserProfileInfo());
|
|
|
|
|
UserEntity data = this.entityManager.find(UserEntity.class, this.userScope.getUserIdSafe());
|
|
|
|
|
AdditionalInfoEntity additionalInfoEntity = data == null ? null : this.jsonHandlingService.fromJsonSafe(AdditionalInfoEntity.class, data.getAdditionalInfo());
|
|
|
|
|
if (profileFields.hasField(Account.UserProfileInfo._avatarUrl) && additionalInfoEntity != null) model.getProfile().setAvatarUrl(additionalInfoEntity.getAvatarUrl());
|
|
|
|
|
if (profileFields.hasField(Account.UserProfileInfo._language) && additionalInfoEntity != null) model.getProfile().setLanguage(additionalInfoEntity.getLanguage());
|
|
|
|
|
if (profileFields.hasField(Account.UserProfileInfo._timezone) && additionalInfoEntity != null) model.getProfile().setTimezone(additionalInfoEntity.getTimezone());
|
|
|
|
|
if (profileFields.hasField(Account.UserProfileInfo._culture) && additionalInfoEntity != null) model.getProfile().setCulture(additionalInfoEntity.getCulture());
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-11 16:53:12 +02:00
|
|
|
return model;
|
|
|
|
|
}
|
|
|
|
|
}
|
