106 lines
5.7 KiB
Java
106 lines
5.7 KiB
Java
package eu.eudat.models.v2;
|
|
|
|
import eu.eudat.commons.scope.user.UserScope;
|
|
import eu.eudat.data.entities.UserInfo;
|
|
import eu.eudat.data.entities.UserRole;
|
|
import eu.eudat.logic.services.ApiContext;
|
|
import gr.cite.commons.web.authz.configuration.AuthorizationConfiguration;
|
|
import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
|
|
import gr.cite.commons.web.oidc.principal.MyPrincipal;
|
|
import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor;
|
|
import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractorKeys;
|
|
import gr.cite.tools.fieldset.BaseFieldSet;
|
|
import gr.cite.tools.fieldset.FieldSet;
|
|
import org.springframework.beans.factory.config.ConfigurableBeanFactory;
|
|
import org.springframework.context.annotation.Scope;
|
|
import org.springframework.stereotype.Component;
|
|
|
|
import java.util.*;
|
|
|
|
@Component
|
|
@Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE)
|
|
public class AccountBuilder {
|
|
|
|
private final ClaimExtractor claimExtractor;
|
|
private final Set<String> excludeMoreClaim;
|
|
private final CurrentPrincipalResolver currentPrincipalResolver;
|
|
private final AuthorizationConfiguration authorizationConfiguration;
|
|
private final ApiContext apiContext;
|
|
private final UserScope userScope;
|
|
public AccountBuilder(ClaimExtractor claimExtractor, CurrentPrincipalResolver currentPrincipalResolver, AuthorizationConfiguration authorizationConfiguration, ApiContext apiContext, UserScope userScope) {
|
|
this.claimExtractor = claimExtractor;
|
|
this.currentPrincipalResolver = currentPrincipalResolver;
|
|
this.authorizationConfiguration = authorizationConfiguration;
|
|
this.apiContext = apiContext;
|
|
this.userScope = userScope;
|
|
this.excludeMoreClaim = Set.of(
|
|
ClaimExtractorKeys.Subject,
|
|
ClaimExtractorKeys.Name,
|
|
ClaimExtractorKeys.Scope,
|
|
ClaimExtractorKeys.Client,
|
|
ClaimExtractorKeys.IssuedAt,
|
|
ClaimExtractorKeys.NotBefore,
|
|
ClaimExtractorKeys.AuthenticatedAt,
|
|
ClaimExtractorKeys.ExpiresAt);
|
|
}
|
|
|
|
public Account build(FieldSet fields, MyPrincipal principal) {
|
|
Account model = new Account();
|
|
if (principal == null || !principal.isAuthenticated()) {
|
|
model.setIsAuthenticated(Boolean.FALSE);
|
|
return model;
|
|
}
|
|
model.setIsAuthenticated(Boolean.TRUE);
|
|
|
|
FieldSet principalFields = fields.extractPrefixed(BaseFieldSet.asIndexerPrefix(Account._principal));
|
|
if (!principalFields.isEmpty()) model.setPrincipal(new Account.PrincipalInfo());
|
|
if (principalFields.hasField(Account.PrincipalInfo._subject))
|
|
model.getPrincipal().setSubject(this.claimExtractor.subjectUUID(principal));
|
|
if (principalFields.hasField(Account.PrincipalInfo._userId))
|
|
model.getPrincipal().setUserId(this.userScope.getUserIdSafe());
|
|
if (principalFields.hasField(Account.PrincipalInfo._name))
|
|
model.getPrincipal().setName(this.claimExtractor.name(principal));
|
|
if (principalFields.hasField(Account.PrincipalInfo._scope))
|
|
model.getPrincipal().setScope(this.claimExtractor.scope(principal));
|
|
if (principalFields.hasField(Account.PrincipalInfo._client))
|
|
model.getPrincipal().setClient(this.claimExtractor.client(principal));
|
|
if (principalFields.hasField(Account.PrincipalInfo._issuedAt))
|
|
model.getPrincipal().setIssuedAt(this.claimExtractor.issuedAt(principal));
|
|
if (principalFields.hasField(Account.PrincipalInfo._notBefore))
|
|
model.getPrincipal().setNotBefore(this.claimExtractor.notBefore(principal));
|
|
if (principalFields.hasField(Account.PrincipalInfo._authenticatedAt))
|
|
model.getPrincipal().setAuthenticatedAt(this.claimExtractor.authenticatedAt(principal));
|
|
if (principalFields.hasField(Account.PrincipalInfo._expiresAt))
|
|
model.getPrincipal().setExpiresAt(this.claimExtractor.expiresAt(principal));
|
|
if (principalFields.hasField(Account.PrincipalInfo._more)) {
|
|
model.getPrincipal().setMore(new HashMap<>());
|
|
for (String key : this.claimExtractor.knownPublicKeys()) {
|
|
if (this.excludeMoreClaim.contains(key))
|
|
continue;
|
|
List<String> values = this.claimExtractor.asStrings(principal, key);
|
|
if (values == null || values.isEmpty())
|
|
continue;
|
|
if (!model.getPrincipal().getMore().containsKey(key))
|
|
model.getPrincipal().getMore().put(key, new ArrayList<>());
|
|
model.getPrincipal().getMore().get(key).addAll(values);
|
|
}
|
|
}
|
|
UserInfo user = this.userScope.isSet() ? this.apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserIdSafe()) : null; //TODO: Authn
|
|
List<UserRole> userRoles = this.userScope.isSet() ?apiContext.getOperationsContext().getDatabaseRepository().getUserRoleDao().getUserRoles(user) : new ArrayList<>();
|
|
if (fields.hasField(Account._roles)) {
|
|
//List<String> roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal());
|
|
//model.setRoles(roles);
|
|
model.setRoles(new ArrayList<>());
|
|
for (UserRole item : userRoles) {
|
|
model.getRoles().add(item.getRole());
|
|
}
|
|
}
|
|
if (fields.hasField(Account._permissions)) {
|
|
List<String> roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal());
|
|
Set<String> permissions = authorizationConfiguration.permissionsOfRoles(roles);
|
|
model.setPermissions(new ArrayList<>(permissions));
|
|
}
|
|
return model;
|
|
}
|
|
}
|