Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9a194a9fd7 | ||
| fccd94cc11 | |||
|
|
27da1327c1 | ||
| 82a9706deb | |||
|
|
6479f68b6c | ||
| 4f52c1a0f3 | |||
|
|
3787e0f3ed | ||
| 45dec00b86 |
20
CHANGELOG.md
20
CHANGELOG.md
@@ -393,3 +393,23 @@
|
||||
### Features
|
||||
|
||||
* Integrate UserManager and HibernateUserManager in session management ([e32f4eb](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/e32f4eb8fff9daec46f20284e28e94a59231d033))
|
||||
## (2026-01-20)
|
||||
|
||||
### Features
|
||||
|
||||
* Implement transaction management for user addition and removal in HibernateUserManager ([45dec00](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/45dec00b86a1395457226ed62ac319c61e38739a))
|
||||
## (2026-01-20)
|
||||
|
||||
### Features
|
||||
|
||||
* Add mainRoute configuration for OpenID in application and environment files ([4f52c1a](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4f52c1a0f30cf0b917452149a52b53b94d82a7c9))
|
||||
## (2026-01-20)
|
||||
|
||||
### Features
|
||||
|
||||
* Simplify authorization request creation in OpenIDConnectService and use environment variables for Keycloak configuration ([82a9706](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/82a9706deb97db193015e55a048830d496e76d83))
|
||||
## (2026-01-20)
|
||||
|
||||
### Features
|
||||
|
||||
* Use environment variables for Keycloak client configuration in staging ([fccd94c](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/fccd94cc11db43f99eded13207cc93fb59d8703e))
|
||||
|
||||
Submodule knockoutwhistfrontend updated: c2dfa0e701...cd950e9521
@@ -58,17 +58,33 @@ class OpenIDController @Inject()(
|
||||
} yield {
|
||||
openIDService.exchangeCodeForTokens(provider, authCode, sessionState.get).flatMap {
|
||||
case Some(tokenResponse) =>
|
||||
openIDService.getUserInfo(provider, tokenResponse.accessToken).map {
|
||||
openIDService.getUserInfo(provider, tokenResponse.accessToken).flatMap {
|
||||
case Some(userInfo) =>
|
||||
// Store user info in session for username selection
|
||||
Redirect(config.get[String]("openid.selectUserRoute"))
|
||||
.withSession(
|
||||
"oauth_user_info" -> Json.toJson(userInfo).toString(),
|
||||
"oauth_provider" -> provider,
|
||||
"oauth_access_token" -> tokenResponse.accessToken
|
||||
)
|
||||
// Check if user already exists
|
||||
userManager.authenticateOpenID(provider, userInfo.id) match {
|
||||
case Some(user) =>
|
||||
// User already exists, log them in
|
||||
val sessionToken = sessionManager.createSession(user)
|
||||
Future.successful(Redirect(config.getOptional[String]("openid.mainRoute").getOrElse("/"))
|
||||
.withCookies(Cookie(
|
||||
name = "accessToken",
|
||||
value = sessionToken,
|
||||
httpOnly = true,
|
||||
secure = false,
|
||||
sameSite = Some(Lax)
|
||||
))
|
||||
.removingFromSession("oauth_state", "oauth_nonce", "oauth_provider", "oauth_access_token"))
|
||||
case None =>
|
||||
// New user, redirect to username selection
|
||||
Future.successful(Redirect(config.get[String]("openid.selectUserRoute"))
|
||||
.withSession(
|
||||
"oauth_user_info" -> Json.toJson(userInfo).toString(),
|
||||
"oauth_provider" -> provider,
|
||||
"oauth_access_token" -> tokenResponse.accessToken
|
||||
))
|
||||
}
|
||||
case None =>
|
||||
Redirect("/login").flashing("error" -> "Failed to retrieve user information")
|
||||
Future.successful(Redirect("/login").flashing("error" -> "Failed to retrieve user information"))
|
||||
}
|
||||
case None =>
|
||||
Future.successful(Redirect("/login").flashing("error" -> "Failed to exchange authorization code"))
|
||||
|
||||
@@ -18,7 +18,9 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
|
||||
private val logger = Logger(getClass.getName)
|
||||
|
||||
override def addUser(name: String, password: String): Boolean = {
|
||||
val tx = em.getTransaction
|
||||
try {
|
||||
tx.begin()
|
||||
// Check if user already exists
|
||||
val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
|
||||
.setParameter("username", name)
|
||||
@@ -26,6 +28,7 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
|
||||
|
||||
if (!existing.isEmpty) {
|
||||
logger.warn(s"User $name already exists")
|
||||
tx.rollback()
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -39,10 +42,12 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
|
||||
|
||||
em.persist(userEntity)
|
||||
em.flush()
|
||||
tx.commit()
|
||||
|
||||
true
|
||||
} catch {
|
||||
case e: Exception => {
|
||||
if (tx.isActive) tx.rollback()
|
||||
logger.error(s"Error adding user $name", e)
|
||||
false
|
||||
}
|
||||
@@ -50,7 +55,9 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
|
||||
}
|
||||
|
||||
override def addOpenIDUser(name: String, userInfo: OpenIDUserInfo): Boolean = {
|
||||
val tx = em.getTransaction
|
||||
try {
|
||||
tx.begin()
|
||||
// Check if user already exists
|
||||
val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
|
||||
.setParameter("username", name)
|
||||
@@ -58,6 +65,7 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
|
||||
|
||||
if (!existing.isEmpty) {
|
||||
logger.warn(s"User $name already exists")
|
||||
tx.rollback()
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -72,6 +80,7 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
|
||||
|
||||
if (!existingOpenID.isEmpty) {
|
||||
logger.warn(s"OpenID user ${userInfo.provider}_${userInfo.id} already exists")
|
||||
tx.rollback()
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -80,9 +89,11 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
|
||||
|
||||
em.persist(userEntity)
|
||||
em.flush()
|
||||
tx.commit()
|
||||
true
|
||||
} catch {
|
||||
case e: Exception => {
|
||||
if (tx.isActive) tx.rollback()
|
||||
logger.error(s"Error adding OpenID user ${userInfo.provider}_${userInfo.id}", e)
|
||||
false
|
||||
}
|
||||
@@ -167,20 +178,27 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
|
||||
}
|
||||
|
||||
override def removeUser(name: String): Boolean = {
|
||||
val tx = em.getTransaction
|
||||
try {
|
||||
tx.begin()
|
||||
val users = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
|
||||
.setParameter("username", name)
|
||||
.getResultList
|
||||
|
||||
if (users.isEmpty) {
|
||||
tx.rollback()
|
||||
false
|
||||
} else {
|
||||
em.remove(users.get(0))
|
||||
em.flush()
|
||||
tx.commit()
|
||||
true
|
||||
}
|
||||
} catch {
|
||||
case _: Exception => false
|
||||
case _: Exception => {
|
||||
if (tx.isActive) tx.rollback()
|
||||
false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -75,30 +75,15 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
|
||||
|
||||
def getAuthorizationUrl(providerName: String, state: String, nonce: String): Option[String] = {
|
||||
providers.get(providerName).map { provider =>
|
||||
val authRequest = if (provider.scopes.contains("openid")) {
|
||||
// Use OpenID Connect AuthenticationRequest for OpenID providers
|
||||
new AuthenticationRequest.Builder(
|
||||
new ResponseType(ResponseType.Value.CODE),
|
||||
new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")),
|
||||
new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId),
|
||||
URI.create(provider.redirectUri)
|
||||
)
|
||||
.state(new com.nimbusds.oauth2.sdk.id.State(state))
|
||||
.nonce(new Nonce(nonce))
|
||||
.endpointURI(URI.create(provider.authorizationEndpoint))
|
||||
.build()
|
||||
} else {
|
||||
// Use standard OAuth2 AuthorizationRequest for non-OpenID providers (like Discord)
|
||||
new AuthorizationRequest.Builder(
|
||||
new ResponseType(ResponseType.Value.CODE),
|
||||
new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
|
||||
)
|
||||
.scope(new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")))
|
||||
.state(new com.nimbusds.oauth2.sdk.id.State(state))
|
||||
.redirectionURI(URI.create(provider.redirectUri))
|
||||
.endpointURI(URI.create(provider.authorizationEndpoint))
|
||||
.build()
|
||||
}
|
||||
val authRequest = new AuthorizationRequest.Builder(
|
||||
new ResponseType(ResponseType.Value.CODE),
|
||||
new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
|
||||
)
|
||||
.scope(new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")))
|
||||
.state(new com.nimbusds.oauth2.sdk.id.State(state))
|
||||
.redirectionURI(URI.create(provider.redirectUri))
|
||||
.endpointURI(URI.create(provider.authorizationEndpoint))
|
||||
.build()
|
||||
|
||||
authRequest.toURI.toString
|
||||
}
|
||||
|
||||
@@ -12,7 +12,6 @@
|
||||
|
||||
<properties>
|
||||
<!-- Hibernate specific settings -->
|
||||
<property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQLDialect"/>
|
||||
<property name="hibernate.hbm2ddl.auto" value="update"/>
|
||||
<property name="hibernate.archive.autodetection" value="class"/>
|
||||
<property name="hibernate.show_sql" value="false"/>
|
||||
|
||||
@@ -29,6 +29,7 @@ play.filters.cors {
|
||||
# Local Development OpenID Connect Configuration
|
||||
openid {
|
||||
selectUserRoute="http://localhost:5173/select-username"
|
||||
mainRoute="http://localhost:5173/"
|
||||
|
||||
discord {
|
||||
clientId = ${?DISCORD_CLIENT_ID}
|
||||
|
||||
@@ -18,17 +18,18 @@ play.filters.cors {
|
||||
openid {
|
||||
|
||||
selectUserRoute="https://knockout.janis-eccarius.de/select-username"
|
||||
mainRoute="https://knockout.janis-eccarius.de/"
|
||||
|
||||
discord {
|
||||
clientId = ${?DISCORD_CLIENT_ID}
|
||||
clientSecret = ${?DISCORD_CLIENT_SECRET}
|
||||
redirectUri = ${?DISCORD_REDIRECT_URI}
|
||||
redirectUri = "https://knockout.janis-eccarius.de/auth/discord/callback"
|
||||
redirectUri = "https://knockout.janis-eccarius.de/api/auth/discord/callback"
|
||||
}
|
||||
|
||||
keycloak {
|
||||
clientId = "your-keycloak-client-id"
|
||||
clientSecret = "your-keycloak-client-secret"
|
||||
clientId = ${?KEYCLOAK_CLIENT_ID}
|
||||
clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
|
||||
redirectUri = "https://knockout.janis-eccarius.de/api/auth/keycloak/callback"
|
||||
authUrl = ${?KEYCLOAK_AUTH_URL}
|
||||
authUrl = "https://identity.janis-eccarius.de/realms/master"
|
||||
|
||||
@@ -15,17 +15,18 @@ play.filters.cors {
|
||||
openid {
|
||||
|
||||
selectUserRoute="https://st.knockout.janis-eccarius.de/select-username"
|
||||
mainRoute="https://st.knockout.janis-eccarius.de/"
|
||||
|
||||
discord {
|
||||
clientId = ${?DISCORD_CLIENT_ID}
|
||||
clientSecret = ${?DISCORD_CLIENT_SECRET}
|
||||
redirectUri = ${?DISCORD_REDIRECT_URI}
|
||||
redirectUri = "https://st.knockout.janis-eccarius.de/auth/discord/callback"
|
||||
redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/discord/callback"
|
||||
}
|
||||
|
||||
keycloak {
|
||||
clientId = "your-keycloak-client-id"
|
||||
clientSecret = "your-keycloak-client-secret"
|
||||
clientId = ${?KEYCLOAK_CLIENT_ID}
|
||||
clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
|
||||
redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/keycloak/callback"
|
||||
authUrl = ${?KEYCLOAK_AUTH_URL}
|
||||
authUrl = "https://identity.janis-eccarius.de/realms/master"
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
MAJOR=4
|
||||
MINOR=40
|
||||
MINOR=44
|
||||
PATCH=0
|
||||
|
||||
Reference in New Issue
Block a user