ci: bump version to v4.45.0

feat: Add logging for OpenID authentication process in OpenIDController
ci: bump version to v4.44.0
2026-01-20 20:06:17 +00:00 · 2026-01-20 21:03:47 +01:00 · 2026-01-20 19:50:33 +00:00 · 2026-01-20 20:48:18 +01:00 · 2026-01-20 19:42:30 +00:00 · 2026-01-20 20:39:56 +01:00
13 changed files with 160 additions and 78 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -383,3 +383,38 @@
 ### Features

 * Disable default JPA and Hibernate modules and enhance EntityManagerProvider for HikariCP integration ([9fa1e5e](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/9fa1e5e07122aebd0391d47c3513013243a72a0f))
+##  (2026-01-20)
+
+### Features
+
+* Add logging for user management operations in HibernateUserManager ([9ca1813](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/9ca1813f06539cffeb573d0e00571e4f2d5144f1))
+##  (2026-01-20)
+
+### Features
+
+* Integrate UserManager and HibernateUserManager in session management ([e32f4eb](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/e32f4eb8fff9daec46f20284e28e94a59231d033))
+##  (2026-01-20)
+
+### Features
+
+* Implement transaction management for user addition and removal in HibernateUserManager ([45dec00](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/45dec00b86a1395457226ed62ac319c61e38739a))
+##  (2026-01-20)
+
+### Features
+
+* Add mainRoute configuration for OpenID in application and environment files ([4f52c1a](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4f52c1a0f30cf0b917452149a52b53b94d82a7c9))
+##  (2026-01-20)
+
+### Features
+
+* Simplify authorization request creation in OpenIDConnectService and use environment variables for Keycloak configuration ([82a9706](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/82a9706deb97db193015e55a048830d496e76d83))
+##  (2026-01-20)
+
+### Features
+
+* Use environment variables for Keycloak client configuration in staging ([fccd94c](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/fccd94cc11db43f99eded13207cc93fb59d8703e))
+##  (2026-01-20)
+
+### Features
+
+* Add logging for OpenID authentication process in OpenIDController ([b729344](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/b729344d1e79c631146dd988248d033d97e12d93))
--- a/2
+++ b/2
--- a/knockoutwhistweb/app/controllers/OpenIDController.scala
+++ b/knockoutwhistweb/app/controllers/OpenIDController.scala
@@ -2,7 +2,7 @@ package controllers

 import logic.user.{SessionManager, UserManager}
 import model.users.User
-import play.api.Configuration
+import play.api.{Configuration, Logger}
 import play.api.libs.json.Json
 import play.api.mvc.*
 import play.api.mvc.Cookie.SameSite.Lax
@@ -20,6 +20,8 @@ class OpenIDController @Inject()(
                                  val config: Configuration
                                )(implicit ec: ExecutionContext) extends BaseController {

+  private val logger = Logger(this.getClass)
+
  def loginWithProvider(provider: String): Action[AnyContent] = Action.async { implicit request =>
    val state = openIDService.generateState()
    val nonce = openIDService.generateNonce()
@@ -47,8 +49,11 @@ class OpenIDController @Inject()(
    val code = request.getQueryString("code")
    val error = request.getQueryString("error")

+    logger.info(s"Received callback from $provider with state $sessionState, nonce $sessionNonce, provider $sessionProvider, returned state $returnedState, code $code, error $error")
+
    error match {
      case Some(err) =>
+        logger.error(s"Authentication failed: $err")
        Future.successful(Redirect("/login").flashing("error" -> s"Authentication failed: $err"))
      case None =>
        (for {
@@ -58,22 +63,43 @@ class OpenIDController @Inject()(
        } yield {
          openIDService.exchangeCodeForTokens(provider, authCode, sessionState.get).flatMap {
            case Some(tokenResponse) =>
-              openIDService.getUserInfo(provider, tokenResponse.accessToken).map {
+              openIDService.getUserInfo(provider, tokenResponse.accessToken).flatMap {
                case Some(userInfo) =>
-                  // Store user info in session for username selection
-                  Redirect(config.get[String]("openid.selectUserRoute"))
-                    .withSession(
-                      "oauth_user_info" -> Json.toJson(userInfo).toString(),
-                      "oauth_provider" -> provider,
-                      "oauth_access_token" -> tokenResponse.accessToken
-                    )
+                  // Check if user already exists
+                  userManager.authenticateOpenID(provider, userInfo.id) match {
+                    case Some(user) =>
+                      logger.info(s"User ${userInfo.name} (${userInfo.id}) already exists, logging them in")
+                      // User already exists, log them in
+                      val sessionToken = sessionManager.createSession(user)
+                      Future.successful(Redirect(config.getOptional[String]("openid.mainRoute").getOrElse("/"))
+                        .withCookies(Cookie(
+                          name = "accessToken",
+                          value = sessionToken,
+                          httpOnly = true,
+                          secure = false,
+                          sameSite = Some(Lax)
+                        ))
+                        .removingFromSession("oauth_state", "oauth_nonce", "oauth_provider", "oauth_access_token"))
+                    case None =>
+                      logger.info(s"User ${userInfo.name} (${userInfo.id}) not found, creating new user")
+                      // New user, redirect to username selection
+                      Future.successful(Redirect(config.get[String]("openid.selectUserRoute"))
+                        .withSession(
+                          "oauth_user_info" -> Json.toJson(userInfo).toString(),
+                          "oauth_provider" -> provider,
+                          "oauth_access_token" -> tokenResponse.accessToken
+                        ))
+                  }
                case None =>
-                  Redirect("/login").flashing("error" -> "Failed to retrieve user information")
+                  logger.error("Failed to retrieve user information")
+                  Future.successful(Redirect("/login").flashing("error" -> "Failed to retrieve user information"))
              }
            case None =>
+              logger.error("Failed to exchange authorization code")
              Future.successful(Redirect("/login").flashing("error" -> "Failed to exchange authorization code"))
          }
        }).getOrElse {
+          logger.error("Invalid state parameter")
          Future.successful(Redirect("/login").flashing("error" -> "Invalid state parameter"))
        }
    }
--- a/knockoutwhistweb/app/di/ProductionModule.scala
+++ b/knockoutwhistweb/app/di/ProductionModule.scala
@@ -1,25 +0,0 @@
-package di
-
-import com.google.inject.AbstractModule
-import com.google.inject.name.Names
-import logic.user.impl.HibernateUserManager
-import play.api.db.DBApi
-import play.api.{Configuration, Environment}
-
-class ProductionModule(
-  environment: Environment,
-  configuration: Configuration
-) extends AbstractModule {
-
-  override def configure(): Unit = {
-    // Bind HibernateUserManager for production
-    bind(classOf[logic.user.UserManager])
-      .to(classOf[logic.user.impl.HibernateUserManager])
-      .asEagerSingleton()
-
-    // Bind EntityManager for JPA
-    bind(classOf[jakarta.persistence.EntityManager])
-      .toProvider(classOf[EntityManagerProvider])
-      .asEagerSingleton()
-  }
-}
--- a/knockoutwhistweb/app/logic/user/impl/BaseSessionManager.scala
+++ b/knockoutwhistweb/app/logic/user/impl/BaseSessionManager.scala
@@ -4,7 +4,7 @@ import com.auth0.jwt.algorithms.Algorithm
 import com.auth0.jwt.{JWT, JWTVerifier}
 import com.github.benmanes.caffeine.cache.{Cache, Caffeine}
 import com.typesafe.config.Config
-import logic.user.SessionManager
+import logic.user.{SessionManager, UserManager}
 import model.users.User
 import scalafx.util.Duration
 import services.JwtKeyProvider
@@ -16,7 +16,7 @@ import javax.inject.{Inject, Singleton}
 import scala.util.Try

@Singleton
-class BaseSessionManager @Inject()(val keyProvider: JwtKeyProvider, val userManager: StubUserManager, val config: Config) extends SessionManager {
+class BaseSessionManager @Inject()(val keyProvider: JwtKeyProvider, val userManager: UserManager, val config: Config) extends SessionManager {

  private val algorithm = Algorithm.RSA512(keyProvider.publicKey, keyProvider.privateKey)
  private val verifier: JWTVerifier = JWT.require(algorithm)
--- a/knockoutwhistweb/app/logic/user/impl/HibernateUserManager.scala
+++ b/knockoutwhistweb/app/logic/user/impl/HibernateUserManager.scala
@@ -5,6 +5,7 @@ import jakarta.inject.Inject
 import jakarta.persistence.EntityManager
 import logic.user.UserManager
 import model.users.{User, UserEntity}
+import play.api.Logger
 import services.OpenIDUserInfo
 import util.UserHash

@@ -14,14 +15,20 @@ import scala.jdk.CollectionConverters.*
@Singleton
 class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends UserManager {

+  private val logger = Logger(getClass.getName)
+
  override def addUser(name: String, password: String): Boolean = {
+    val tx = em.getTransaction
    try {
+      tx.begin()
      // Check if user already exists
      val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
        .setParameter("username", name)
        .getResultList
      
      if (!existing.isEmpty) {
+        logger.warn(s"User $name already exists")
+        tx.rollback()
        return false
      }

@@ -35,20 +42,30 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends

      em.persist(userEntity)
      em.flush()
+      tx.commit()
+
      true
    } catch {
-      case _: Exception => false
+      case e: Exception => {
+        if (tx.isActive) tx.rollback()
+        logger.error(s"Error adding user $name", e)
+        false
+      }
    }
  }

  override def addOpenIDUser(name: String, userInfo: OpenIDUserInfo): Boolean = {
+    val tx = em.getTransaction
    try {
+      tx.begin()
      // Check if user already exists
      val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
        .setParameter("username", name)
        .getResultList
      
      if (!existing.isEmpty) {
+        logger.warn(s"User $name already exists")
+        tx.rollback()
        return false
      }

@@ -62,6 +79,8 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
        .getResultList
      
      if (!existingOpenID.isEmpty) {
+        logger.warn(s"OpenID user ${userInfo.provider}_${userInfo.id} already exists")
+        tx.rollback()
        return false
      }

@@ -70,9 +89,14 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends

      em.persist(userEntity)
      em.flush()
+      tx.commit()
      true
    } catch {
-      case _: Exception => false
+      case e: Exception => {
+        if (tx.isActive) tx.rollback()
+        logger.error(s"Error adding OpenID user ${userInfo.provider}_${userInfo.id}", e)
+        false
+      }
    }
  }

@@ -93,7 +117,10 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
        None
      }
    } catch {
-      case _: Exception => None
+      case e: Exception => {
+        logger.error(s"Error authenticating user $name", e)
+        None
+      }
    }
  }

@@ -113,7 +140,10 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
        Some(users.get(0).toUser)
      }
    } catch {
-      case _: Exception => None
+      case e: Exception => {
+        logger.error(s"Error authenticating OpenID user ${provider}_$providerId", e)
+        None
+      }
    }
  }

@@ -129,7 +159,10 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
        Some(users.get(0).toUser)
      }
    } catch {
-      case _: Exception => None
+      case e: Exception => {
+        logger.error(s"Error checking if user $name exists", e)
+        None
+      }
    }
  }

@@ -137,25 +170,35 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
    try {
      Option(em.find(classOf[UserEntity], id)).map(_.toUser)
    } catch {
-      case _: Exception => None
+      case e: Exception => {
+        logger.error(s"Error checking if user with ID $id exists", e)
+        None
+      }
    }
  }

  override def removeUser(name: String): Boolean = {
+    val tx = em.getTransaction
    try {
+      tx.begin()
      val users = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
        .setParameter("username", name)
        .getResultList
      
      if (users.isEmpty) {
+        tx.rollback()
        false
      } else {
        em.remove(users.get(0))
        em.flush()
+        tx.commit()
        true
      }
    } catch {
-      case _: Exception => false
+      case _: Exception => {
+        if (tx.isActive) tx.rollback()
+        false
+      }
    }
  }
 }
--- a/knockoutwhistweb/app/modules/GatewayModule.scala
+++ b/knockoutwhistweb/app/modules/GatewayModule.scala
@@ -1,10 +1,24 @@
 package modules

 import com.google.inject.AbstractModule
+import di.EntityManagerProvider
+import jakarta.persistence.EntityManager
 import logic.Gateway
+import logic.user.UserManager
+import logic.user.impl.HibernateUserManager

 class GatewayModule extends AbstractModule {
  override def configure(): Unit = {
    bind(classOf[Gateway]).asEagerSingleton()
+
+    // Bind HibernateUserManager for production (when GatewayModule is used)
+    bind(classOf[UserManager])
+      .to(classOf[HibernateUserManager])
+      .asEagerSingleton()
+
+    // Bind EntityManager for JPA
+    bind(classOf[EntityManager])
+      .toProvider(classOf[EntityManagerProvider])
+      .asEagerSingleton()
  }
 }
--- a/knockoutwhistweb/app/services/OpenIDConnectService.scala
+++ b/knockoutwhistweb/app/services/OpenIDConnectService.scala
@@ -75,30 +75,15 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit

  def getAuthorizationUrl(providerName: String, state: String, nonce: String): Option[String] = {
    providers.get(providerName).map { provider =>
-      val authRequest = if (provider.scopes.contains("openid")) {
-        // Use OpenID Connect AuthenticationRequest for OpenID providers
-        new AuthenticationRequest.Builder(
-          new ResponseType(ResponseType.Value.CODE),
-          new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")),
-          new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId),
-          URI.create(provider.redirectUri)
-        )
-          .state(new com.nimbusds.oauth2.sdk.id.State(state))
-          .nonce(new Nonce(nonce))
-          .endpointURI(URI.create(provider.authorizationEndpoint))
-          .build()
-      } else {
-        // Use standard OAuth2 AuthorizationRequest for non-OpenID providers (like Discord)
-        new AuthorizationRequest.Builder(
-          new ResponseType(ResponseType.Value.CODE),
-          new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
-        )
-          .scope(new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")))
-          .state(new com.nimbusds.oauth2.sdk.id.State(state))
-          .redirectionURI(URI.create(provider.redirectUri))
-          .endpointURI(URI.create(provider.authorizationEndpoint))
-          .build()
-      }
+      val authRequest = new AuthorizationRequest.Builder(
+        new ResponseType(ResponseType.Value.CODE),
+        new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
+      )
+        .scope(new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")))
+        .state(new com.nimbusds.oauth2.sdk.id.State(state))
+        .redirectionURI(URI.create(provider.redirectUri))
+        .endpointURI(URI.create(provider.authorizationEndpoint))
+        .build()

      authRequest.toURI.toString
    }
--- a/knockoutwhistweb/conf/META-INF/persistence.xml
+++ b/knockoutwhistweb/conf/META-INF/persistence.xml
@@ -7,10 +7,11 @@

    <persistence-unit name="defaultPersistenceUnit">
        <provider>org.hibernate.jpa.HibernatePersistenceProvider</provider>
-        
+
+        <class>model.users.UserEntity</class>
+
        <properties>
            <!-- Hibernate specific settings -->
-            <property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQLDialect"/>
            <property name="hibernate.hbm2ddl.auto" value="update"/>
            <property name="hibernate.archive.autodetection" value="class"/>
            <property name="hibernate.show_sql" value="false"/>
--- a/knockoutwhistweb/conf/application.conf
+++ b/knockoutwhistweb/conf/application.conf
@@ -29,6 +29,7 @@ play.filters.cors {
 # Local Development OpenID Connect Configuration
 openid {
  selectUserRoute="http://localhost:5173/select-username"
+  mainRoute="http://localhost:5173/"

  discord {
    clientId = ${?DISCORD_CLIENT_ID}
--- a/knockoutwhistweb/conf/prod.conf
+++ b/knockoutwhistweb/conf/prod.conf
@@ -18,17 +18,18 @@ play.filters.cors {
 openid {

  selectUserRoute="https://knockout.janis-eccarius.de/select-username"
+  mainRoute="https://knockout.janis-eccarius.de/"

  discord {
    clientId = ${?DISCORD_CLIENT_ID}
    clientSecret = ${?DISCORD_CLIENT_SECRET}
    redirectUri = ${?DISCORD_REDIRECT_URI}
-    redirectUri = "https://knockout.janis-eccarius.de/auth/discord/callback"
+    redirectUri = "https://knockout.janis-eccarius.de/api/auth/discord/callback"
  }
  
  keycloak {
-    clientId = "your-keycloak-client-id"
-    clientSecret = "your-keycloak-client-secret"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
    redirectUri = "https://knockout.janis-eccarius.de/api/auth/keycloak/callback"
    authUrl = ${?KEYCLOAK_AUTH_URL}
    authUrl = "https://identity.janis-eccarius.de/realms/master"
--- a/knockoutwhistweb/conf/staging.conf
+++ b/knockoutwhistweb/conf/staging.conf
@@ -15,17 +15,18 @@ play.filters.cors {
 openid {

  selectUserRoute="https://st.knockout.janis-eccarius.de/select-username"
+  mainRoute="https://st.knockout.janis-eccarius.de/"

  discord {
    clientId = ${?DISCORD_CLIENT_ID}
    clientSecret = ${?DISCORD_CLIENT_SECRET}
    redirectUri = ${?DISCORD_REDIRECT_URI}
-    redirectUri = "https://st.knockout.janis-eccarius.de/auth/discord/callback"
+    redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/discord/callback"
  }
  
  keycloak {
-    clientId = "your-keycloak-client-id"
-    clientSecret = "your-keycloak-client-secret"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
    redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/keycloak/callback"
    authUrl = ${?KEYCLOAK_AUTH_URL}
    authUrl = "https://identity.janis-eccarius.de/realms/master"
--- a/versions.env
+++ b/versions.env
@@ -1,3 +1,3 @@
 MAJOR=4
-MINOR=38
+MINOR=45
 PATCH=0
Author	SHA1	Message	Date
TeamCity	773b760bc1	ci: bump version to v4.45.0	2026-01-20 20:06:17 +00:00
Janis	b729344d1e	feat: Add logging for OpenID authentication process in OpenIDController	2026-01-20 21:03:47 +01:00
TeamCity	9a194a9fd7	ci: bump version to v4.44.0	2026-01-20 19:50:33 +00:00
Janis	fccd94cc11	feat: Use environment variables for Keycloak client configuration in staging	2026-01-20 20:48:18 +01:00
TeamCity	27da1327c1	ci: bump version to v4.43.0	2026-01-20 19:42:30 +00:00
Janis	82a9706deb	feat: Simplify authorization request creation in OpenIDConnectService and use environment variables for Keycloak configuration	2026-01-20 20:39:56 +01:00
TeamCity	6479f68b6c	ci: bump version to v4.42.0	2026-01-20 18:43:58 +00:00
Janis	4f52c1a0f3	feat: Add mainRoute configuration for OpenID in application and environment files	2026-01-20 19:41:29 +01:00
TeamCity	3787e0f3ed	ci: bump version to v4.41.0	2026-01-20 15:16:55 +00:00
Janis	45dec00b86	feat: Implement transaction management for user addition and removal in HibernateUserManager	2026-01-20 16:14:38 +01:00
TeamCity	fbb3f48b6d	ci: bump version to v4.40.0	2026-01-20 15:03:32 +00:00
Janis	e32f4eb8ff	feat: Integrate UserManager and HibernateUserManager in session management	2026-01-20 16:00:59 +01:00
TeamCity	66edab8ffe	ci: bump version to v4.39.0	2026-01-20 14:46:08 +00:00
Janis	9ca1813f06	feat: Add logging for user management operations in HibernateUserManager	2026-01-20 15:43:54 +01:00