Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b278f755b4 | ||
| 23cdbe9bd1 | |||
|
|
416baebab5 | ||
| 2f38855449 | |||
|
|
1a3cb5044f | ||
| 861f2f1184 | |||
|
|
773b760bc1 | ||
| b729344d1e |
20
CHANGELOG.md
20
CHANGELOG.md
@@ -413,3 +413,23 @@
|
||||
### Features
|
||||
|
||||
* Use environment variables for Keycloak client configuration in staging ([fccd94c](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/fccd94cc11db43f99eded13207cc93fb59d8703e))
|
||||
## (2026-01-20)
|
||||
|
||||
### Features
|
||||
|
||||
* Add logging for OpenID authentication process in OpenIDController ([b729344](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/b729344d1e79c631146dd988248d033d97e12d93))
|
||||
## (2026-01-20)
|
||||
|
||||
### Features
|
||||
|
||||
* Add error logging for user info retrieval in OpenIDConnectService ([861f2f1](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/861f2f1184e860fdd164481167f941c11accfedd))
|
||||
## (2026-01-20)
|
||||
|
||||
### Features
|
||||
|
||||
* Add idClaimName parameter to OpenIDConnectService for flexible ID claim mapping ([2f38855](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/2f388554495d8bd44b4c533baa0f2fc27eea22c2))
|
||||
## (2026-01-21)
|
||||
|
||||
### Features
|
||||
|
||||
* Change log level to warn for OpenID callback in OpenIDController ([23cdbe9](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/23cdbe9bd127bc26405fd216372bbb2d7e718a77))
|
||||
|
||||
Submodule knockoutwhistfrontend updated: cd950e9521...65591ad392
@@ -2,7 +2,7 @@ package controllers
|
||||
|
||||
import logic.user.{SessionManager, UserManager}
|
||||
import model.users.User
|
||||
import play.api.Configuration
|
||||
import play.api.{Configuration, Logger}
|
||||
import play.api.libs.json.Json
|
||||
import play.api.mvc.*
|
||||
import play.api.mvc.Cookie.SameSite.Lax
|
||||
@@ -20,6 +20,8 @@ class OpenIDController @Inject()(
|
||||
val config: Configuration
|
||||
)(implicit ec: ExecutionContext) extends BaseController {
|
||||
|
||||
private val logger = Logger(this.getClass)
|
||||
|
||||
def loginWithProvider(provider: String): Action[AnyContent] = Action.async { implicit request =>
|
||||
val state = openIDService.generateState()
|
||||
val nonce = openIDService.generateNonce()
|
||||
@@ -47,8 +49,11 @@ class OpenIDController @Inject()(
|
||||
val code = request.getQueryString("code")
|
||||
val error = request.getQueryString("error")
|
||||
|
||||
logger.warn(s"Received callback from $provider with state $sessionState, nonce $sessionNonce, provider $sessionProvider, returned state $returnedState, code $code, error $error")
|
||||
|
||||
error match {
|
||||
case Some(err) =>
|
||||
logger.error(s"Authentication failed: $err")
|
||||
Future.successful(Redirect("/login").flashing("error" -> s"Authentication failed: $err"))
|
||||
case None =>
|
||||
(for {
|
||||
@@ -63,6 +68,7 @@ class OpenIDController @Inject()(
|
||||
// Check if user already exists
|
||||
userManager.authenticateOpenID(provider, userInfo.id) match {
|
||||
case Some(user) =>
|
||||
logger.info(s"User ${userInfo.name} (${userInfo.id}) already exists, logging them in")
|
||||
// User already exists, log them in
|
||||
val sessionToken = sessionManager.createSession(user)
|
||||
Future.successful(Redirect(config.getOptional[String]("openid.mainRoute").getOrElse("/"))
|
||||
@@ -75,6 +81,7 @@ class OpenIDController @Inject()(
|
||||
))
|
||||
.removingFromSession("oauth_state", "oauth_nonce", "oauth_provider", "oauth_access_token"))
|
||||
case None =>
|
||||
logger.info(s"User ${userInfo.name} (${userInfo.id}) not found, creating new user")
|
||||
// New user, redirect to username selection
|
||||
Future.successful(Redirect(config.get[String]("openid.selectUserRoute"))
|
||||
.withSession(
|
||||
@@ -84,12 +91,15 @@ class OpenIDController @Inject()(
|
||||
))
|
||||
}
|
||||
case None =>
|
||||
logger.error("Failed to retrieve user information")
|
||||
Future.successful(Redirect("/login").flashing("error" -> "Failed to retrieve user information"))
|
||||
}
|
||||
case None =>
|
||||
logger.error("Failed to exchange authorization code")
|
||||
Future.successful(Redirect("/login").flashing("error" -> "Failed to exchange authorization code"))
|
||||
}
|
||||
}).getOrElse {
|
||||
logger.error("Invalid state parameter")
|
||||
Future.successful(Redirect("/login").flashing("error" -> "Invalid state parameter"))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@ package services
|
||||
|
||||
import com.typesafe.config.Config
|
||||
import play.api.libs.ws.WSClient
|
||||
import play.api.Configuration
|
||||
import play.api.{Configuration, Logger}
|
||||
import play.api.libs.json.*
|
||||
|
||||
import java.net.URI
|
||||
@@ -11,7 +11,6 @@ import scala.concurrent.{ExecutionContext, Future}
|
||||
import com.nimbusds.oauth2.sdk.*
|
||||
import com.nimbusds.oauth2.sdk.id.*
|
||||
import com.nimbusds.openid.connect.sdk.*
|
||||
|
||||
import play.api.libs.ws.DefaultBodyWritables.*
|
||||
|
||||
case class OpenIDUserInfo(
|
||||
@@ -36,7 +35,8 @@ case class OpenIDProvider(
|
||||
authorizationEndpoint: String,
|
||||
tokenEndpoint: String,
|
||||
userInfoEndpoint: String,
|
||||
scopes: Set[String] = Set("openid", "profile", "email")
|
||||
scopes: Set[String] = Set("openid", "profile", "email"),
|
||||
idClaimName: String = "id"
|
||||
)
|
||||
|
||||
case class TokenResponse(
|
||||
@@ -50,6 +50,8 @@ case class TokenResponse(
|
||||
@Singleton
|
||||
class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit ec: ExecutionContext) {
|
||||
|
||||
private val logger = Logger(this.getClass)
|
||||
|
||||
private val providers = Map(
|
||||
"discord" -> OpenIDProvider(
|
||||
name = "Discord",
|
||||
@@ -69,7 +71,8 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
|
||||
authorizationEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/auth",
|
||||
tokenEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/token",
|
||||
userInfoEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/userinfo",
|
||||
scopes = Set("openid", "profile", "email")
|
||||
scopes = Set("openid", "profile", "email"),
|
||||
idClaimName = "sub"
|
||||
)
|
||||
)
|
||||
|
||||
@@ -135,7 +138,7 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
|
||||
if (response.status == 200) {
|
||||
val json = response.json
|
||||
Some(OpenIDUserInfo(
|
||||
id = (json \ "id").as[String],
|
||||
id = (json \ provider.idClaimName).as[String],
|
||||
email = (json \ "email").asOpt[String],
|
||||
name = (json \ "name").asOpt[String].orElse((json \ "login").asOpt[String]),
|
||||
picture = (json \ "picture").asOpt[String].orElse((json \ "avatar_url").asOpt[String]),
|
||||
@@ -143,10 +146,15 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
|
||||
providerName = provider.name
|
||||
))
|
||||
} else {
|
||||
logger.error(s"Failed to retrieve user info from ${provider.userInfoEndpoint}, status code ${response.status}")
|
||||
None
|
||||
}
|
||||
}
|
||||
.recover { case _ => None }
|
||||
.recover { case e => {
|
||||
logger.error(s"Failed to retrieve user info from ${provider.userInfoEndpoint}", e)
|
||||
None
|
||||
}
|
||||
}
|
||||
case None => Future.successful(None)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
MAJOR=4
|
||||
MINOR=44
|
||||
MINOR=48
|
||||
PATCH=0
|
||||
|
||||
Reference in New Issue
Block a user