ci: bump version to v4.53.0

CHANGELOG.md

@@ -363,3 +363,98 @@
 ### Features
 
 * Update Hibernate connection provider and database configuration ([71a549b](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/71a549b7f059e748f7691bb9a27e2861b61c6f6f))
+##  (2026-01-20)
+
+### Features
+
+* Add HikariCP specific configuration to db.conf ([009b2b1](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/009b2b1ad9180f58a0b1434354f8a467b4e452ca))
+##  (2026-01-20)
+
+### Features
+
+* Add HikariCP specific configuration to db.conf ([4aa8709](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4aa8709eb593b03254efc616b6b04c23b23ab6ab))
+##  (2026-01-20)
+
+### Features
+
+* Enhance EntityManagerProvider to use Play configuration for database settings ([476db28](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/476db288216ed2c1013fe3ddb9b82472254e352b))
+##  (2026-01-20)
+
+### Features
+
+* Disable default JPA and Hibernate modules and enhance EntityManagerProvider for HikariCP integration ([9fa1e5e](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/9fa1e5e07122aebd0391d47c3513013243a72a0f))
+##  (2026-01-20)
+
+### Features
+
+* Add logging for user management operations in HibernateUserManager ([9ca1813](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/9ca1813f06539cffeb573d0e00571e4f2d5144f1))
+##  (2026-01-20)
+
+### Features
+
+* Integrate UserManager and HibernateUserManager in session management ([e32f4eb](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/e32f4eb8fff9daec46f20284e28e94a59231d033))
+##  (2026-01-20)
+
+### Features
+
+* Implement transaction management for user addition and removal in HibernateUserManager ([45dec00](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/45dec00b86a1395457226ed62ac319c61e38739a))
+##  (2026-01-20)
+
+### Features
+
+* Add mainRoute configuration for OpenID in application and environment files ([4f52c1a](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4f52c1a0f30cf0b917452149a52b53b94d82a7c9))
+##  (2026-01-20)
+
+### Features
+
+* Simplify authorization request creation in OpenIDConnectService and use environment variables for Keycloak configuration ([82a9706](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/82a9706deb97db193015e55a048830d496e76d83))
+##  (2026-01-20)
+
+### Features
+
+* Use environment variables for Keycloak client configuration in staging ([fccd94c](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/fccd94cc11db43f99eded13207cc93fb59d8703e))
+##  (2026-01-20)
+
+### Features
+
+* Add logging for OpenID authentication process in OpenIDController ([b729344](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/b729344d1e79c631146dd988248d033d97e12d93))
+##  (2026-01-20)
+
+### Features
+
+* Add error logging for user info retrieval in OpenIDConnectService ([861f2f1](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/861f2f1184e860fdd164481167f941c11accfedd))
+##  (2026-01-20)
+
+### Features
+
+* Add idClaimName parameter to OpenIDConnectService for flexible ID claim mapping ([2f38855](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/2f388554495d8bd44b4c533baa0f2fc27eea22c2))
+##  (2026-01-21)
+
+### Features
+
+* Change log level to warn for OpenID callback in OpenIDController ([23cdbe9](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/23cdbe9bd127bc26405fd216372bbb2d7e718a77))
+##  (2026-01-21)
+
+### Features
+
+* Change log level to warn for OpenID callback in OpenIDController ([4a6598f](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4a6598f102d8934c7502944a0addd400dd0cbcac))
+##  (2026-01-21)
+
+### Features
+
+* Update ID mapping in OpenIDUserInfo to use hashed value and remove name field ([4b74de1](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4b74de12610120831fc1529f0409db66aafd4d03))
+##  (2026-01-21)
+
+### Features
+
+* Update ID mapping in OpenIDUserInfo to use hashed value and remove name field ([daa072f](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/daa072f2bf260ed62402096b41ce85aa071efaf5))
+##  (2026-01-21)
+
+### Features
+
+* Implement OAuth session management with Redis caching for OpenID user data ([0430c7f](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/0430c7f4deb37661c697406a714e2693bf0c7307))
+##  (2026-01-21)
+
+### Features
+
+* Update CORS allowed origins to use production URL ([66b5594](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/66b55945eb8f095c08a8f859955d31f7fc32ce0e))

knockoutwhistweb/app/controllers/OpenIDController.scala

@@ -1,13 +1,15 @@
 package controllers
 
+import com.github.benmanes.caffeine.cache.{Cache, Caffeine}
 import logic.user.{SessionManager, UserManager}
 import model.users.User
-import play.api.Configuration
+import play.api.{Configuration, Logger}
 import play.api.libs.json.Json
 import play.api.mvc.*
 import play.api.mvc.Cookie.SameSite.Lax
-import services.{OpenIDConnectService, OpenIDUserInfo}
+import services.{OpenIDConnectService, OpenIDUserInfo, OAuthCacheService}
 
+import java.util.concurrent.TimeUnit
 import javax.inject.*
 import scala.concurrent.{ExecutionContext, Future}
 
@@ -17,9 +19,12 @@ class OpenIDController @Inject()(
                                   val openIDService: OpenIDConnectService,
                                   val sessionManager: SessionManager,
                                   val userManager: UserManager,
-                                  val config: Configuration
+                                  val config: Configuration,
+                                  val oauthCache: OAuthCacheService
                                 )(implicit ec: ExecutionContext) extends BaseController {
 
+  private val logger = Logger(this.getClass)
+  
   def loginWithProvider(provider: String): Action[AnyContent] = Action.async { implicit request =>
     val state = openIDService.generateState()
     val nonce = openIDService.generateNonce()
@@ -47,8 +52,11 @@ class OpenIDController @Inject()(
     val code = request.getQueryString("code")
     val error = request.getQueryString("error")
 
+    logger.warn(s"Received callback from $provider with state $sessionState, nonce $sessionNonce, provider $sessionProvider, returned state $returnedState, code $code, error $error")
+
     error match {
       case Some(err) =>
+        logger.error(s"Authentication failed: $err")
         Future.successful(Redirect("/login").flashing("error" -> s"Authentication failed: $err"))
       case None =>
         (for {
@@ -56,33 +64,54 @@ class OpenIDController @Inject()(
           _ <- Option(sessionProvider.contains(provider))
           authCode <- code
         } yield {
+          logger.warn(s"Authentication successful for $provider")
           openIDService.exchangeCodeForTokens(provider, authCode, sessionState.get).flatMap {
             case Some(tokenResponse) =>
-              openIDService.getUserInfo(provider, tokenResponse.accessToken).map {
+              openIDService.getUserInfo(provider, tokenResponse.accessToken).flatMap {
                 case Some(userInfo) =>
-                  // Store user info in session for username selection
+                  // Check if user already exists
-                  Redirect(config.get[String]("openid.selectUserRoute"))
+                  userManager.authenticateOpenID(provider, userInfo.id) match {
-                    .withSession(
+                    case Some(user) =>
-                      "oauth_user_info" -> Json.toJson(userInfo).toString(),
+                      logger.warn(s"User ${userInfo.name} (${userInfo.id}) already exists, logging them in")
-                      "oauth_provider" -> provider,
+                      // User already exists, log them in
-                      "oauth_access_token" -> tokenResponse.accessToken
+                      val sessionToken = sessionManager.createSession(user)
-                    )
+                      Future.successful(Redirect(config.getOptional[String]("openid.mainRoute").getOrElse("/"))
+                        .withCookies(Cookie(
+                          name = "accessToken",
+                          value = sessionToken,
+                          httpOnly = true,
+                          secure = false,
+                          sameSite = Some(Lax)
+                        ))
+                        .removingFromSession("oauth_state", "oauth_nonce", "oauth_provider", "oauth_access_token"))
                     case None =>
-                  Redirect("/login").flashing("error" -> "Failed to retrieve user information")
+                      logger.warn(s"User ${userInfo.name} (${userInfo.id}) not found, creating new user")
+                      // Store OAuth data in cache and get session ID
+                      val oauthSessionId = oauthCache.storeOAuthData(userInfo, tokenResponse.accessToken, provider)
+                      // New user, redirect to username selection with only session ID
+                      Future.successful(Redirect(config.get[String]("openid.selectUserRoute"))
+                        .withSession("oauth_session_id" -> oauthSessionId))
                   }
                 case None =>
+                  logger.error("Failed to retrieve user information")
+                  Future.successful(Redirect("/login").flashing("error" -> "Failed to retrieve user information"))
+              }
+            case None =>
+              logger.error("Failed to exchange authorization code")
               Future.successful(Redirect("/login").flashing("error" -> "Failed to exchange authorization code"))
           }
         }).getOrElse {
+          logger.error("Invalid state parameter")
           Future.successful(Redirect("/login").flashing("error" -> "Invalid state parameter"))
         }
     }
   }
 
   def selectUsername(): Action[AnyContent] = Action.async { implicit request =>
-    request.session.get("oauth_user_info") match {
+    request.session.get("oauth_session_id") match {
-      case Some(userInfoJson) =>
+      case Some(sessionId) =>
-        val userInfo = Json.parse(userInfoJson).as[OpenIDUserInfo]
+        oauthCache.getOAuthData(sessionId) match {
+          case Some((userInfo, _, _)) =>
             Future.successful(Ok(Json.obj(
               "id" -> userInfo.id,
               "email" -> userInfo.email,
@@ -92,6 +121,11 @@ class OpenIDController @Inject()(
               "providerName" -> userInfo.providerName
             )))
           case None =>
+            logger.error(s"OAuth session data not found for session ID: $sessionId")
+            Future.successful(Redirect("/login").flashing("error" -> "Session expired"))
+        }
+      case None =>
+        logger.error("No OAuth session ID found")
         Future.successful(Redirect("/login").flashing("error" -> "No authentication information found"))
     }
   }
@@ -99,13 +133,12 @@ class OpenIDController @Inject()(
   def submitUsername(): Action[AnyContent] = Action.async { implicit request =>
     val username = request.body.asJson.flatMap(json => (json \ "username").asOpt[String])
       .orElse(request.body.asFormUrlEncoded.flatMap(_.get("username").flatMap(_.headOption)))
-    val userInfoJson = request.session.get("oauth_user_info")
+    val sessionId = request.session.get("oauth_session_id")
-    val provider = request.session.get("oauth_provider").getOrElse("unknown")
-    
-    (username, userInfoJson) match {
-      case (Some(uname), Some(userInfoJson)) =>
-        val userInfo = Json.parse(userInfoJson).as[OpenIDUserInfo]
     
+    (username, sessionId) match {
+      case (Some(uname), Some(sid)) =>
+        oauthCache.getOAuthData(sid) match {
+          case Some((userInfo, accessToken, provider)) =>
             // Check if username already exists
             val trimmedUsername = uname.trim
             userManager.userExists(trimmedUsername) match {
@@ -115,10 +148,12 @@ class OpenIDController @Inject()(
                 // Create new user with OpenID info (no password needed)
                 val success = userManager.addOpenIDUser(trimmedUsername, userInfo)
                 if (success) {
-              // Get the created user and create session
+                  // Get created user and create session
                   userManager.userExists(trimmedUsername) match {
                     case Some(user) =>
                       val sessionToken = sessionManager.createSession(user)
+                      // Clean up cache after successful user creation
+                      oauthCache.removeOAuthData(sid)
                       Future.successful(Ok(Json.obj(
                         "message" -> "User created successfully",
                         "user" -> Json.obj(
@@ -131,7 +166,7 @@ class OpenIDController @Inject()(
                         httpOnly = true,
                         secure = false,
                         sameSite = Some(Lax)
-                  )).removingFromSession("oauth_user_info", "oauth_provider", "oauth_access_token"))
+                      )).removingFromSession("oauth_session_id"))
                     case None =>
                       Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user session")))
                   }
@@ -139,8 +174,12 @@ class OpenIDController @Inject()(
                   Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user")))
                 }
             }
+          case None =>
+            logger.error(s"OAuth session data not found for session ID: $sid")
+            Future.successful(Redirect("/login").flashing("error" -> "Session expired"))
+        }
       case _ =>
-        Future.successful(BadRequest(Json.obj("error" -> "Username is required")))
+        Future.successful(BadRequest(Json.obj("error" -> "Username and valid session required")))
     }
   }
 }

knockoutwhistweb/app/di/EntityManagerProvider.scala

@@ -1,14 +1,33 @@
 package di
 
-import com.google.inject.Provider
+import com.google.inject.{Inject, Provider}
-import com.google.inject.Inject
 import jakarta.inject.Singleton
 import jakarta.persistence.{EntityManager, EntityManagerFactory, Persistence}
+import play.api.Configuration
 
 @Singleton
-class EntityManagerProvider @Inject()() extends Provider[EntityManager] {
+class EntityManagerProvider @Inject()(config: Configuration) extends Provider[EntityManager] {
 
-  private val emf: EntityManagerFactory = Persistence.createEntityManagerFactory("defaultPersistenceUnit")
+  private val emf: EntityManagerFactory = {
+    val dbConfig = config.get[Configuration]("db.default")
+    val props = new java.util.HashMap[String, Object]()
+    
+    // Map Play configuration to Jakarta Persistence properties
+    props.put("jakarta.persistence.jdbc.driver", dbConfig.get[String]("driver"))
+    props.put("jakarta.persistence.jdbc.url", dbConfig.get[String]("url"))
+    props.put("jakarta.persistence.jdbc.user", dbConfig.get[String]("username"))
+    props.put("jakarta.persistence.jdbc.password", dbConfig.get[String]("password"))
+    
+    // Also pass HikariCP settings if present
+    dbConfig.getOptional[Configuration]("hikaricp").foreach { hikariConfig =>
+      hikariConfig.keys.foreach { key =>
+        val value = hikariConfig.underlying.getValue(key).unwrapped()
+        props.put(s"hibernate.hikari.$key", value)
+      }
+    }
+
+    Persistence.createEntityManagerFactory("defaultPersistenceUnit", props)
+  }
 
   override def get(): EntityManager = {
     emf.createEntityManager()

knockoutwhistweb/app/di/ProductionModule.scala

@@ -1,25 +0,0 @@
-package di
-
-import com.google.inject.AbstractModule
-import com.google.inject.name.Names
-import logic.user.impl.HibernateUserManager
-import play.api.db.DBApi
-import play.api.{Configuration, Environment}
-
-class ProductionModule(
-  environment: Environment,
-  configuration: Configuration
-) extends AbstractModule {
-
-  override def configure(): Unit = {
-    // Bind HibernateUserManager for production
-    bind(classOf[logic.user.UserManager])
-      .to(classOf[logic.user.impl.HibernateUserManager])
-      .asEagerSingleton()
-
-    // Bind EntityManager for JPA
-    bind(classOf[jakarta.persistence.EntityManager])
-      .toProvider(classOf[EntityManagerProvider])
-      .asEagerSingleton()
-  }
-}

knockoutwhistweb/app/logic/user/impl/BaseSessionManager.scala

@@ -4,7 +4,7 @@ import com.auth0.jwt.algorithms.Algorithm
 import com.auth0.jwt.{JWT, JWTVerifier}
 import com.github.benmanes.caffeine.cache.{Cache, Caffeine}
 import com.typesafe.config.Config
-import logic.user.SessionManager
+import logic.user.{SessionManager, UserManager}
 import model.users.User
 import scalafx.util.Duration
 import services.JwtKeyProvider
@@ -16,7 +16,7 @@ import javax.inject.{Inject, Singleton}
 import scala.util.Try
 
 @Singleton
-class BaseSessionManager @Inject()(val keyProvider: JwtKeyProvider, val userManager: StubUserManager, val config: Config) extends SessionManager {
+class BaseSessionManager @Inject()(val keyProvider: JwtKeyProvider, val userManager: UserManager, val config: Config) extends SessionManager {
 
   private val algorithm = Algorithm.RSA512(keyProvider.publicKey, keyProvider.privateKey)
   private val verifier: JWTVerifier = JWT.require(algorithm)

knockoutwhistweb/app/logic/user/impl/HibernateUserManager.scala

@@ -5,6 +5,7 @@ import jakarta.inject.Inject
 import jakarta.persistence.EntityManager
 import logic.user.UserManager
 import model.users.{User, UserEntity}
+import play.api.Logger
 import services.OpenIDUserInfo
 import util.UserHash
 
@@ -14,14 +15,20 @@ import scala.jdk.CollectionConverters.*
 @Singleton
 class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends UserManager {
 
+  private val logger = Logger(getClass.getName)
+
   override def addUser(name: String, password: String): Boolean = {
+    val tx = em.getTransaction
     try {
+      tx.begin()
       // Check if user already exists
       val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
         .setParameter("username", name)
         .getResultList
       
       if (!existing.isEmpty) {
+        logger.warn(s"User $name already exists")
+        tx.rollback()
         return false
       }
 
@@ -35,20 +42,30 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
 
       em.persist(userEntity)
       em.flush()
+      tx.commit()
+
       true
     } catch {
-      case _: Exception => false
+      case e: Exception => {
+        if (tx.isActive) tx.rollback()
+        logger.error(s"Error adding user $name", e)
+        false
+      }
     }
   }
 
   override def addOpenIDUser(name: String, userInfo: OpenIDUserInfo): Boolean = {
+    val tx = em.getTransaction
     try {
+      tx.begin()
       // Check if user already exists
       val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
         .setParameter("username", name)
         .getResultList
       
       if (!existing.isEmpty) {
+        logger.warn(s"User $name already exists")
+        tx.rollback()
         return false
       }
 
@@ -62,6 +79,8 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
         .getResultList
       
       if (!existingOpenID.isEmpty) {
+        logger.warn(s"OpenID user ${userInfo.provider}_${userInfo.id} already exists")
+        tx.rollback()
         return false
       }
 
@@ -70,9 +89,14 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
 
       em.persist(userEntity)
       em.flush()
+      tx.commit()
       true
     } catch {
-      case _: Exception => false
+      case e: Exception => {
+        if (tx.isActive) tx.rollback()
+        logger.error(s"Error adding OpenID user ${userInfo.provider}_${userInfo.id}", e)
+        false
+      }
     }
   }
 
@@ -93,7 +117,10 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
         None
       }
     } catch {
-      case _: Exception => None
+      case e: Exception => {
+        logger.error(s"Error authenticating user $name", e)
+        None
+      }
     }
   }
 
@@ -113,7 +140,10 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
         Some(users.get(0).toUser)
       }
     } catch {
-      case _: Exception => None
+      case e: Exception => {
+        logger.error(s"Error authenticating OpenID user ${provider}_$providerId", e)
+        None
+      }
     }
   }
 
@@ -129,7 +159,10 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
         Some(users.get(0).toUser)
       }
     } catch {
-      case _: Exception => None
+      case e: Exception => {
+        logger.error(s"Error checking if user $name exists", e)
+        None
+      }
     }
   }
 
@@ -137,25 +170,35 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
     try {
       Option(em.find(classOf[UserEntity], id)).map(_.toUser)
     } catch {
-      case _: Exception => None
+      case e: Exception => {
+        logger.error(s"Error checking if user with ID $id exists", e)
+        None
+      }
     }
   }
 
   override def removeUser(name: String): Boolean = {
+    val tx = em.getTransaction
     try {
+      tx.begin()
       val users = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
         .setParameter("username", name)
         .getResultList
       
       if (users.isEmpty) {
+        tx.rollback()
         false
       } else {
         em.remove(users.get(0))
         em.flush()
+        tx.commit()
         true
       }
     } catch {
-      case _: Exception => false
+      case _: Exception => {
+        if (tx.isActive) tx.rollback()
+        false
+      }
     }
   }
 }

knockoutwhistweb/app/modules/GatewayModule.scala

@@ -1,10 +1,24 @@
 package modules
 
 import com.google.inject.AbstractModule
+import di.EntityManagerProvider
+import jakarta.persistence.EntityManager
 import logic.Gateway
+import logic.user.UserManager
+import logic.user.impl.HibernateUserManager
 
 class GatewayModule extends AbstractModule {
   override def configure(): Unit = {
     bind(classOf[Gateway]).asEagerSingleton()
+
+    // Bind HibernateUserManager for production (when GatewayModule is used)
+    bind(classOf[UserManager])
+      .to(classOf[HibernateUserManager])
+      .asEagerSingleton()
+
+    // Bind EntityManager for JPA
+    bind(classOf[EntityManager])
+      .toProvider(classOf[EntityManagerProvider])
+      .asEagerSingleton()
   }
 }

knockoutwhistweb/app/services/OAuthCacheService.scala

@@ -0,0 +1,89 @@
+package services
+
+import org.redisson.Redisson
+import org.redisson.api.RMapCache
+import org.redisson.config.Config
+import play.api.Logger
+import play.api.libs.json.Json
+
+import java.util.concurrent.TimeUnit
+import javax.inject.*
+
+@Singleton
+class OAuthCacheService @Inject()() {
+  
+  private val logger = Logger(this.getClass)
+  
+  // Initialize Redis connection similar to Gateway
+  private val redis = {
+    val config: Config = Config()
+    val url = "redis://" + sys.env.getOrElse("REDIS_HOST", "localhost") + ":" + sys.env.getOrElse("REDIS_PORT", "6379")
+    logger.info(s"OAuthCacheService connecting to Redis at $url")
+    config.useSingleServer.setAddress(url)
+    Redisson.create(config)
+  }
+  
+  // Cache for OAuth data with 30 minute TTL
+  private val oauthCache: RMapCache[String, String] = redis.getMapCache("oauth_cache")
+  
+  /**
+   * Store OAuth data with random ID and return the ID
+   */
+  def storeOAuthData(userInfo: OpenIDUserInfo, accessToken: String, provider: String): String = {
+    val sessionId = java.util.UUID.randomUUID().toString
+    
+    val oauthData = Json.obj(
+      "userInfo" -> Json.toJson(userInfo),
+      "accessToken" -> accessToken,
+      "provider" -> provider,
+      "timestamp" -> System.currentTimeMillis()
+    ).toString()
+    
+    // Store with 30 minute TTL
+    oauthCache.put(sessionId, oauthData, 30, TimeUnit.MINUTES)
+    logger.info(s"Stored OAuth data for session $sessionId")
+    
+    sessionId
+  }
+  
+  /**
+   * Retrieve OAuth data by session ID
+   */
+  def getOAuthData(sessionId: String): Option[(OpenIDUserInfo, String, String)] = {
+    Option(oauthCache.get(sessionId)) match {
+      case Some(dataJson) =>
+        try {
+          val json = Json.parse(dataJson)
+          val userInfo = (json \ "userInfo").as[OpenIDUserInfo]
+          val accessToken = (json \ "accessToken").as[String]
+          val provider = (json \ "provider").as[String]
+          
+          logger.info(s"Retrieved OAuth data for session $sessionId")
+          Some((userInfo, accessToken, provider))
+        } catch {
+          case e: Exception =>
+            logger.error(s"Failed to parse OAuth data for session $sessionId: ${e.getMessage}")
+            None
+        }
+      case None =>
+        logger.warn(s"No OAuth data found for session $sessionId")
+        None
+    }
+  }
+  
+  /**
+   * Remove OAuth data after use
+   */
+  def removeOAuthData(sessionId: String): Unit = {
+    oauthCache.remove(sessionId)
+    logger.info(s"Removed OAuth data for session $sessionId")
+  }
+  
+  /**
+   * Clean up expired sessions (optional maintenance)
+   */
+  def cleanupExpiredSessions(): Unit = {
+    oauthCache.clear()
+    logger.info("Cleaned up expired OAuth sessions")
+  }
+}

knockoutwhistweb/app/services/OpenIDConnectService.scala

@@ -2,7 +2,7 @@ package services
 
 import com.typesafe.config.Config
 import play.api.libs.ws.WSClient
-import play.api.Configuration
+import play.api.{Configuration, Logger}
 import play.api.libs.json.*
 
 import java.net.URI
@@ -11,7 +11,6 @@ import scala.concurrent.{ExecutionContext, Future}
 import com.nimbusds.oauth2.sdk.*
 import com.nimbusds.oauth2.sdk.id.*
 import com.nimbusds.openid.connect.sdk.*
-
 import play.api.libs.ws.DefaultBodyWritables.*
 
 case class OpenIDUserInfo(
@@ -36,7 +35,8 @@ case class OpenIDProvider(
   authorizationEndpoint: String,
   tokenEndpoint: String,
   userInfoEndpoint: String,
-  scopes: Set[String] = Set("openid", "profile", "email")
+  scopes: Set[String] = Set("openid", "profile", "email"),
+  idClaimName: String = "id"
 )
 
 case class TokenResponse(
@@ -50,6 +50,8 @@ case class TokenResponse(
 @Singleton
 class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit ec: ExecutionContext) {
 
+  private val logger = Logger(this.getClass)
+
   private val providers = Map(
     "discord" -> OpenIDProvider(
       name = "Discord",
@@ -69,27 +71,14 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
       authorizationEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/auth",
       tokenEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/token",
       userInfoEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/userinfo",
-      scopes = Set("openid", "profile", "email")
+      scopes = Set("openid", "profile", "email"),
+      idClaimName = "sub"
     )
   )
 
   def getAuthorizationUrl(providerName: String, state: String, nonce: String): Option[String] = {
     providers.get(providerName).map { provider =>
-      val authRequest = if (provider.scopes.contains("openid")) {
+      val authRequest = new AuthorizationRequest.Builder(
-        // Use OpenID Connect AuthenticationRequest for OpenID providers
-        new AuthenticationRequest.Builder(
-          new ResponseType(ResponseType.Value.CODE),
-          new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")),
-          new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId),
-          URI.create(provider.redirectUri)
-        )
-          .state(new com.nimbusds.oauth2.sdk.id.State(state))
-          .nonce(new Nonce(nonce))
-          .endpointURI(URI.create(provider.authorizationEndpoint))
-          .build()
-      } else {
-        // Use standard OAuth2 AuthorizationRequest for non-OpenID providers (like Discord)
-        new AuthorizationRequest.Builder(
         new ResponseType(ResponseType.Value.CODE),
         new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
       )
@@ -98,7 +87,6 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
         .redirectionURI(URI.create(provider.redirectUri))
         .endpointURI(URI.create(provider.authorizationEndpoint))
         .build()
-      }
 
       authRequest.toURI.toString
     }
@@ -150,7 +138,7 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
             if (response.status == 200) {
               val json = response.json
               Some(OpenIDUserInfo(
-                id = (json \ "id").as[String],
+                id = (json \ provider.idClaimName).as[String],
                 email = (json \ "email").asOpt[String],
                 name = (json \ "name").asOpt[String].orElse((json \ "login").asOpt[String]),
                 picture = (json \ "picture").asOpt[String].orElse((json \ "avatar_url").asOpt[String]),
@@ -158,10 +146,15 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
                 providerName = provider.name
               ))
             } else {
+              logger.error(s"Failed to retrieve user info from ${provider.userInfoEndpoint}, status code ${response.status}")
+              None
+            }
+          }
+          .recover { case e => {
+            logger.error(s"Failed to retrieve user info from ${provider.userInfoEndpoint}", e)
             None
           }
           }
-          .recover { case _ => None }
       case None => Future.successful(None)
     }
   }

knockoutwhistweb/conf/META-INF/persistence.xml

@@ -8,15 +8,10 @@
     <persistence-unit name="defaultPersistenceUnit">
         <provider>org.hibernate.jpa.HibernatePersistenceProvider</provider>
 
-        <properties>
+        <class>model.users.UserEntity</class>
-            <!-- Database connection settings -->
-            <property name="jakarta.persistence.jdbc.driver" value="org.postgresql.Driver"/>
-            <property name="jakarta.persistence.jdbc.url" value="${DATABASE_URL}"/>
-            <property name="jakarta.persistence.jdbc.user" value="${DB_USER}"/>
-            <property name="jakarta.persistence.jdbc.password" value="${DB_PASSWORD}"/>
 
+        <properties>
             <!-- Hibernate specific settings -->
-            <property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQLDialect"/>
             <property name="hibernate.hbm2ddl.auto" value="update"/>
             <property name="hibernate.archive.autodetection" value="class"/>
             <property name="hibernate.show_sql" value="false"/>

knockoutwhistweb/conf/application.conf

@@ -2,6 +2,9 @@
 play.filters.disabled += play.filters.csrf.CSRFFilter
 play.filters.disabled += play.filters.hosts.AllowedHostsFilter
 
+# Disable default JPA and Hibernate modules to use custom EntityManagerProvider
+play.modules.disabled += "play.db.jpa.JPAModule"
+
 play.http.secret.key="QCY?tAnfk?aZ?iwrNwnxIlR6CTf:G3gf:90Latabg@5241AB`R5W:1uDFN];Ik@n"
 play.http.secret.key=${?APPLICATION_SECRET}
 
@@ -26,6 +29,7 @@ play.filters.cors {
 # Local Development OpenID Connect Configuration
 openid {
   selectUserRoute="http://localhost:5173/select-username"
+  mainRoute="http://localhost:5173/"
 
   discord {
     clientId = ${?DISCORD_CLIENT_ID}

knockoutwhistweb/conf/db.conf

@@ -1,10 +1,22 @@
 
 # Database configuration - PostgreSQL with environment variables
-db.default.driver=org.postgresql.Driver
+db.default.driver="org.postgresql.Driver"
-db.default.jdbcUrl=${?DATABASE_URL}
+db.default.url="jdbc:postgresql://localhost:5432/knockoutwhist"
+db.default.url=${?DATABASE_URL}
+db.default.username="kw_user"
 db.default.username=${?DB_USER}
+db.default.password="postgres"
 db.default.password=${?DB_PASSWORD}
 
+# HikariCP specific configuration
+db.default.hikaricp.driverClassName="org.postgresql.Driver"
+db.default.hikaricp.jdbcUrl="jdbc:postgresql://localhost:5432/knockoutwhist"
+db.default.hikaricp.jdbcUrl=${?DATABASE_URL}
+db.default.hikaricp.username="kw_user"
+db.default.hikaricp.username=${?DB_USER}
+db.default.hikaricp.password="postgres"
+db.default.hikaricp.password=${?DB_PASSWORD}
+
 # JPA/Hibernate configuration
 jpa.default=defaultPersistenceUnit
 

knockoutwhistweb/conf/prod.conf

@@ -8,7 +8,7 @@ play.http.context="/api"
 play.modules.enabled += "modules.GatewayModule"
 
 play.filters.cors {
-  allowedOrigins = ["http://localhost:5173"]
+  allowedOrigins = ["https://knockout.janis-eccarius.de"]
   allowedCredentials = true
   allowedHttpMethods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
   allowedHttpHeaders = ["Accept", "Content-Type", "Origin", "X-Requested-With"]
@@ -18,17 +18,18 @@ play.filters.cors {
 openid {
 
   selectUserRoute="https://knockout.janis-eccarius.de/select-username"
+  mainRoute="https://knockout.janis-eccarius.de/"
 
   discord {
     clientId = ${?DISCORD_CLIENT_ID}
     clientSecret = ${?DISCORD_CLIENT_SECRET}
     redirectUri = ${?DISCORD_REDIRECT_URI}
-    redirectUri = "https://knockout.janis-eccarius.de/auth/discord/callback"
+    redirectUri = "https://knockout.janis-eccarius.de/api/auth/discord/callback"
   }
   
   keycloak {
-    clientId = "your-keycloak-client-id"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
-    clientSecret = "your-keycloak-client-secret"
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
     redirectUri = "https://knockout.janis-eccarius.de/api/auth/keycloak/callback"
     authUrl = ${?KEYCLOAK_AUTH_URL}
     authUrl = "https://identity.janis-eccarius.de/realms/master"

knockoutwhistweb/conf/staging.conf

@@ -15,17 +15,18 @@ play.filters.cors {
 openid {
 
   selectUserRoute="https://st.knockout.janis-eccarius.de/select-username"
+  mainRoute="https://st.knockout.janis-eccarius.de/"
 
   discord {
     clientId = ${?DISCORD_CLIENT_ID}
     clientSecret = ${?DISCORD_CLIENT_SECRET}
     redirectUri = ${?DISCORD_REDIRECT_URI}
-    redirectUri = "https://st.knockout.janis-eccarius.de/auth/discord/callback"
+    redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/discord/callback"
   }
   
   keycloak {
-    clientId = "your-keycloak-client-id"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
-    clientSecret = "your-keycloak-client-secret"
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
     redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/keycloak/callback"
     authUrl = ${?KEYCLOAK_AUTH_URL}
     authUrl = "https://identity.janis-eccarius.de/realms/master"

versions.env

@@ -1,3 +1,3 @@
 MAJOR=4
-MINOR=34
+MINOR=53
 PATCH=0