ci: bump version to v4.44.0

CHANGELOG.md

@@ -393,3 +393,23 @@
 ### Features
 
 * Integrate UserManager and HibernateUserManager in session management ([e32f4eb](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/e32f4eb8fff9daec46f20284e28e94a59231d033))
+##  (2026-01-20)
+
+### Features
+
+* Implement transaction management for user addition and removal in HibernateUserManager ([45dec00](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/45dec00b86a1395457226ed62ac319c61e38739a))
+##  (2026-01-20)
+
+### Features
+
+* Add mainRoute configuration for OpenID in application and environment files ([4f52c1a](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4f52c1a0f30cf0b917452149a52b53b94d82a7c9))
+##  (2026-01-20)
+
+### Features
+
+* Simplify authorization request creation in OpenIDConnectService and use environment variables for Keycloak configuration ([82a9706](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/82a9706deb97db193015e55a048830d496e76d83))
+##  (2026-01-20)
+
+### Features
+
+* Use environment variables for Keycloak client configuration in staging ([fccd94c](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/fccd94cc11db43f99eded13207cc93fb59d8703e))

knockoutwhistweb/app/controllers/OpenIDController.scala

@@ -58,17 +58,33 @@ class OpenIDController @Inject()(
         } yield {
           openIDService.exchangeCodeForTokens(provider, authCode, sessionState.get).flatMap {
             case Some(tokenResponse) =>
-              openIDService.getUserInfo(provider, tokenResponse.accessToken).map {
+              openIDService.getUserInfo(provider, tokenResponse.accessToken).flatMap {
                 case Some(userInfo) =>
-                  // Store user info in session for username selection
-                  Redirect(config.get[String]("openid.selectUserRoute"))
+                  // Check if user already exists
+                  userManager.authenticateOpenID(provider, userInfo.id) match {
+                    case Some(user) =>
+                      // User already exists, log them in
+                      val sessionToken = sessionManager.createSession(user)
+                      Future.successful(Redirect(config.getOptional[String]("openid.mainRoute").getOrElse("/"))
+                        .withCookies(Cookie(
+                          name = "accessToken",
+                          value = sessionToken,
+                          httpOnly = true,
+                          secure = false,
+                          sameSite = Some(Lax)
+                        ))
+                        .removingFromSession("oauth_state", "oauth_nonce", "oauth_provider", "oauth_access_token"))
+                    case None =>
+                      // New user, redirect to username selection
+                      Future.successful(Redirect(config.get[String]("openid.selectUserRoute"))
                         .withSession(
                           "oauth_user_info" -> Json.toJson(userInfo).toString(),
                           "oauth_provider" -> provider,
                           "oauth_access_token" -> tokenResponse.accessToken
-                    )
+                        ))
+                  }
                 case None =>
-                  Redirect("/login").flashing("error" -> "Failed to retrieve user information")
+                  Future.successful(Redirect("/login").flashing("error" -> "Failed to retrieve user information"))
               }
             case None =>
               Future.successful(Redirect("/login").flashing("error" -> "Failed to exchange authorization code"))

knockoutwhistweb/app/logic/user/impl/HibernateUserManager.scala

@@ -18,7 +18,9 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
   private val logger = Logger(getClass.getName)
 
   override def addUser(name: String, password: String): Boolean = {
+    val tx = em.getTransaction
     try {
+      tx.begin()
       // Check if user already exists
       val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
         .setParameter("username", name)
@@ -26,6 +28,7 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
       
       if (!existing.isEmpty) {
         logger.warn(s"User $name already exists")
+        tx.rollback()
         return false
       }
 
@@ -39,10 +42,12 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
 
       em.persist(userEntity)
       em.flush()
+      tx.commit()
 
       true
     } catch {
       case e: Exception => {
+        if (tx.isActive) tx.rollback()
         logger.error(s"Error adding user $name", e)
         false
       }
@@ -50,7 +55,9 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
   }
 
   override def addOpenIDUser(name: String, userInfo: OpenIDUserInfo): Boolean = {
+    val tx = em.getTransaction
     try {
+      tx.begin()
       // Check if user already exists
       val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
         .setParameter("username", name)
@@ -58,6 +65,7 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
       
       if (!existing.isEmpty) {
         logger.warn(s"User $name already exists")
+        tx.rollback()
         return false
       }
 
@@ -72,6 +80,7 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
       
       if (!existingOpenID.isEmpty) {
         logger.warn(s"OpenID user ${userInfo.provider}_${userInfo.id} already exists")
+        tx.rollback()
         return false
       }
 
@@ -80,9 +89,11 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
 
       em.persist(userEntity)
       em.flush()
+      tx.commit()
       true
     } catch {
       case e: Exception => {
+        if (tx.isActive) tx.rollback()
         logger.error(s"Error adding OpenID user ${userInfo.provider}_${userInfo.id}", e)
         false
       }
@@ -167,20 +178,27 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
   }
 
   override def removeUser(name: String): Boolean = {
+    val tx = em.getTransaction
     try {
+      tx.begin()
       val users = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
         .setParameter("username", name)
         .getResultList
       
       if (users.isEmpty) {
+        tx.rollback()
         false
       } else {
         em.remove(users.get(0))
         em.flush()
+        tx.commit()
         true
       }
     } catch {
-      case _: Exception => false
+      case _: Exception => {
+        if (tx.isActive) tx.rollback()
+        false
+      }
     }
   }
 }

knockoutwhistweb/app/services/OpenIDConnectService.scala

@@ -75,21 +75,7 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
 
   def getAuthorizationUrl(providerName: String, state: String, nonce: String): Option[String] = {
     providers.get(providerName).map { provider =>
-      val authRequest = if (provider.scopes.contains("openid")) {
-        // Use OpenID Connect AuthenticationRequest for OpenID providers
-        new AuthenticationRequest.Builder(
-          new ResponseType(ResponseType.Value.CODE),
-          new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")),
-          new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId),
-          URI.create(provider.redirectUri)
-        )
-          .state(new com.nimbusds.oauth2.sdk.id.State(state))
-          .nonce(new Nonce(nonce))
-          .endpointURI(URI.create(provider.authorizationEndpoint))
-          .build()
-      } else {
-        // Use standard OAuth2 AuthorizationRequest for non-OpenID providers (like Discord)
-        new AuthorizationRequest.Builder(
+      val authRequest = new AuthorizationRequest.Builder(
         new ResponseType(ResponseType.Value.CODE),
         new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
       )
@@ -98,7 +84,6 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
         .redirectionURI(URI.create(provider.redirectUri))
         .endpointURI(URI.create(provider.authorizationEndpoint))
         .build()
-      }
 
       authRequest.toURI.toString
     }

knockoutwhistweb/conf/META-INF/persistence.xml

@@ -12,7 +12,6 @@
 
         <properties>
             <!-- Hibernate specific settings -->
-            <property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQLDialect"/>
             <property name="hibernate.hbm2ddl.auto" value="update"/>
             <property name="hibernate.archive.autodetection" value="class"/>
             <property name="hibernate.show_sql" value="false"/>

knockoutwhistweb/conf/application.conf

@@ -29,6 +29,7 @@ play.filters.cors {
 # Local Development OpenID Connect Configuration
 openid {
   selectUserRoute="http://localhost:5173/select-username"
+  mainRoute="http://localhost:5173/"
 
   discord {
     clientId = ${?DISCORD_CLIENT_ID}

knockoutwhistweb/conf/prod.conf

@@ -18,17 +18,18 @@ play.filters.cors {
 openid {
 
   selectUserRoute="https://knockout.janis-eccarius.de/select-username"
+  mainRoute="https://knockout.janis-eccarius.de/"
 
   discord {
     clientId = ${?DISCORD_CLIENT_ID}
     clientSecret = ${?DISCORD_CLIENT_SECRET}
     redirectUri = ${?DISCORD_REDIRECT_URI}
-    redirectUri = "https://knockout.janis-eccarius.de/auth/discord/callback"
+    redirectUri = "https://knockout.janis-eccarius.de/api/auth/discord/callback"
   }
   
   keycloak {
-    clientId = "your-keycloak-client-id"
-    clientSecret = "your-keycloak-client-secret"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
     redirectUri = "https://knockout.janis-eccarius.de/api/auth/keycloak/callback"
     authUrl = ${?KEYCLOAK_AUTH_URL}
     authUrl = "https://identity.janis-eccarius.de/realms/master"

knockoutwhistweb/conf/staging.conf

@@ -15,17 +15,18 @@ play.filters.cors {
 openid {
 
   selectUserRoute="https://st.knockout.janis-eccarius.de/select-username"
+  mainRoute="https://st.knockout.janis-eccarius.de/"
 
   discord {
     clientId = ${?DISCORD_CLIENT_ID}
     clientSecret = ${?DISCORD_CLIENT_SECRET}
     redirectUri = ${?DISCORD_REDIRECT_URI}
-    redirectUri = "https://st.knockout.janis-eccarius.de/auth/discord/callback"
+    redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/discord/callback"
   }
   
   keycloak {
-    clientId = "your-keycloak-client-id"
-    clientSecret = "your-keycloak-client-secret"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
     redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/keycloak/callback"
     authUrl = ${?KEYCLOAK_AUTH_URL}
     authUrl = "https://identity.janis-eccarius.de/realms/master"

versions.env

@@ -1,3 +1,3 @@
 MAJOR=4
-MINOR=40
+MINOR=44
 PATCH=0