Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
50145c914b | ||
| 0430c7f4de | |||
|
|
1317fd40f5 | ||
| daa072f2bf | |||
|
|
c36720e548 | ||
| 4b74de1261 | |||
|
|
60ec7de366 | ||
| 4a6598f102 | |||
|
|
b278f755b4 | ||
| 23cdbe9bd1 | |||
|
|
416baebab5 | ||
| 2f38855449 | |||
|
|
1a3cb5044f | ||
| 861f2f1184 | |||
|
|
773b760bc1 | ||
| b729344d1e |
40
CHANGELOG.md
40
CHANGELOG.md
@@ -413,3 +413,43 @@
|
|||||||
### Features
|
### Features
|
||||||
|
|
||||||
* Use environment variables for Keycloak client configuration in staging ([fccd94c](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/fccd94cc11db43f99eded13207cc93fb59d8703e))
|
* Use environment variables for Keycloak client configuration in staging ([fccd94c](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/fccd94cc11db43f99eded13207cc93fb59d8703e))
|
||||||
|
## (2026-01-20)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
* Add logging for OpenID authentication process in OpenIDController ([b729344](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/b729344d1e79c631146dd988248d033d97e12d93))
|
||||||
|
## (2026-01-20)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
* Add error logging for user info retrieval in OpenIDConnectService ([861f2f1](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/861f2f1184e860fdd164481167f941c11accfedd))
|
||||||
|
## (2026-01-20)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
* Add idClaimName parameter to OpenIDConnectService for flexible ID claim mapping ([2f38855](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/2f388554495d8bd44b4c533baa0f2fc27eea22c2))
|
||||||
|
## (2026-01-21)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
* Change log level to warn for OpenID callback in OpenIDController ([23cdbe9](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/23cdbe9bd127bc26405fd216372bbb2d7e718a77))
|
||||||
|
## (2026-01-21)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
* Change log level to warn for OpenID callback in OpenIDController ([4a6598f](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4a6598f102d8934c7502944a0addd400dd0cbcac))
|
||||||
|
## (2026-01-21)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
* Update ID mapping in OpenIDUserInfo to use hashed value and remove name field ([4b74de1](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4b74de12610120831fc1529f0409db66aafd4d03))
|
||||||
|
## (2026-01-21)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
* Update ID mapping in OpenIDUserInfo to use hashed value and remove name field ([daa072f](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/daa072f2bf260ed62402096b41ce85aa071efaf5))
|
||||||
|
## (2026-01-21)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
* Implement OAuth session management with Redis caching for OpenID user data ([0430c7f](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/0430c7f4deb37661c697406a714e2693bf0c7307))
|
||||||
|
|||||||
Submodule knockoutwhist updated: 77a44fa17b...0b35e1a649
Submodule knockoutwhistfrontend updated: cd950e9521...65591ad392
@@ -1,13 +1,15 @@
|
|||||||
package controllers
|
package controllers
|
||||||
|
|
||||||
|
import com.github.benmanes.caffeine.cache.{Cache, Caffeine}
|
||||||
import logic.user.{SessionManager, UserManager}
|
import logic.user.{SessionManager, UserManager}
|
||||||
import model.users.User
|
import model.users.User
|
||||||
import play.api.Configuration
|
import play.api.{Configuration, Logger}
|
||||||
import play.api.libs.json.Json
|
import play.api.libs.json.Json
|
||||||
import play.api.mvc.*
|
import play.api.mvc.*
|
||||||
import play.api.mvc.Cookie.SameSite.Lax
|
import play.api.mvc.Cookie.SameSite.Lax
|
||||||
import services.{OpenIDConnectService, OpenIDUserInfo}
|
import services.{OpenIDConnectService, OpenIDUserInfo, OAuthCacheService}
|
||||||
|
|
||||||
|
import java.util.concurrent.TimeUnit
|
||||||
import javax.inject.*
|
import javax.inject.*
|
||||||
import scala.concurrent.{ExecutionContext, Future}
|
import scala.concurrent.{ExecutionContext, Future}
|
||||||
|
|
||||||
@@ -17,9 +19,12 @@ class OpenIDController @Inject()(
|
|||||||
val openIDService: OpenIDConnectService,
|
val openIDService: OpenIDConnectService,
|
||||||
val sessionManager: SessionManager,
|
val sessionManager: SessionManager,
|
||||||
val userManager: UserManager,
|
val userManager: UserManager,
|
||||||
val config: Configuration
|
val config: Configuration,
|
||||||
|
val oauthCache: OAuthCacheService
|
||||||
)(implicit ec: ExecutionContext) extends BaseController {
|
)(implicit ec: ExecutionContext) extends BaseController {
|
||||||
|
|
||||||
|
private val logger = Logger(this.getClass)
|
||||||
|
|
||||||
def loginWithProvider(provider: String): Action[AnyContent] = Action.async { implicit request =>
|
def loginWithProvider(provider: String): Action[AnyContent] = Action.async { implicit request =>
|
||||||
val state = openIDService.generateState()
|
val state = openIDService.generateState()
|
||||||
val nonce = openIDService.generateNonce()
|
val nonce = openIDService.generateNonce()
|
||||||
@@ -47,8 +52,11 @@ class OpenIDController @Inject()(
|
|||||||
val code = request.getQueryString("code")
|
val code = request.getQueryString("code")
|
||||||
val error = request.getQueryString("error")
|
val error = request.getQueryString("error")
|
||||||
|
|
||||||
|
logger.warn(s"Received callback from $provider with state $sessionState, nonce $sessionNonce, provider $sessionProvider, returned state $returnedState, code $code, error $error")
|
||||||
|
|
||||||
error match {
|
error match {
|
||||||
case Some(err) =>
|
case Some(err) =>
|
||||||
|
logger.error(s"Authentication failed: $err")
|
||||||
Future.successful(Redirect("/login").flashing("error" -> s"Authentication failed: $err"))
|
Future.successful(Redirect("/login").flashing("error" -> s"Authentication failed: $err"))
|
||||||
case None =>
|
case None =>
|
||||||
(for {
|
(for {
|
||||||
@@ -56,6 +64,7 @@ class OpenIDController @Inject()(
|
|||||||
_ <- Option(sessionProvider.contains(provider))
|
_ <- Option(sessionProvider.contains(provider))
|
||||||
authCode <- code
|
authCode <- code
|
||||||
} yield {
|
} yield {
|
||||||
|
logger.warn(s"Authentication successful for $provider")
|
||||||
openIDService.exchangeCodeForTokens(provider, authCode, sessionState.get).flatMap {
|
openIDService.exchangeCodeForTokens(provider, authCode, sessionState.get).flatMap {
|
||||||
case Some(tokenResponse) =>
|
case Some(tokenResponse) =>
|
||||||
openIDService.getUserInfo(provider, tokenResponse.accessToken).flatMap {
|
openIDService.getUserInfo(provider, tokenResponse.accessToken).flatMap {
|
||||||
@@ -63,6 +72,7 @@ class OpenIDController @Inject()(
|
|||||||
// Check if user already exists
|
// Check if user already exists
|
||||||
userManager.authenticateOpenID(provider, userInfo.id) match {
|
userManager.authenticateOpenID(provider, userInfo.id) match {
|
||||||
case Some(user) =>
|
case Some(user) =>
|
||||||
|
logger.warn(s"User ${userInfo.name} (${userInfo.id}) already exists, logging them in")
|
||||||
// User already exists, log them in
|
// User already exists, log them in
|
||||||
val sessionToken = sessionManager.createSession(user)
|
val sessionToken = sessionManager.createSession(user)
|
||||||
Future.successful(Redirect(config.getOptional[String]("openid.mainRoute").getOrElse("/"))
|
Future.successful(Redirect(config.getOptional[String]("openid.mainRoute").getOrElse("/"))
|
||||||
@@ -75,39 +85,47 @@ class OpenIDController @Inject()(
|
|||||||
))
|
))
|
||||||
.removingFromSession("oauth_state", "oauth_nonce", "oauth_provider", "oauth_access_token"))
|
.removingFromSession("oauth_state", "oauth_nonce", "oauth_provider", "oauth_access_token"))
|
||||||
case None =>
|
case None =>
|
||||||
// New user, redirect to username selection
|
logger.warn(s"User ${userInfo.name} (${userInfo.id}) not found, creating new user")
|
||||||
|
// Store OAuth data in cache and get session ID
|
||||||
|
val oauthSessionId = oauthCache.storeOAuthData(userInfo, tokenResponse.accessToken, provider)
|
||||||
|
// New user, redirect to username selection with only session ID
|
||||||
Future.successful(Redirect(config.get[String]("openid.selectUserRoute"))
|
Future.successful(Redirect(config.get[String]("openid.selectUserRoute"))
|
||||||
.withSession(
|
.withSession("oauth_session_id" -> oauthSessionId))
|
||||||
"oauth_user_info" -> Json.toJson(userInfo).toString(),
|
|
||||||
"oauth_provider" -> provider,
|
|
||||||
"oauth_access_token" -> tokenResponse.accessToken
|
|
||||||
))
|
|
||||||
}
|
}
|
||||||
case None =>
|
case None =>
|
||||||
|
logger.error("Failed to retrieve user information")
|
||||||
Future.successful(Redirect("/login").flashing("error" -> "Failed to retrieve user information"))
|
Future.successful(Redirect("/login").flashing("error" -> "Failed to retrieve user information"))
|
||||||
}
|
}
|
||||||
case None =>
|
case None =>
|
||||||
|
logger.error("Failed to exchange authorization code")
|
||||||
Future.successful(Redirect("/login").flashing("error" -> "Failed to exchange authorization code"))
|
Future.successful(Redirect("/login").flashing("error" -> "Failed to exchange authorization code"))
|
||||||
}
|
}
|
||||||
}).getOrElse {
|
}).getOrElse {
|
||||||
|
logger.error("Invalid state parameter")
|
||||||
Future.successful(Redirect("/login").flashing("error" -> "Invalid state parameter"))
|
Future.successful(Redirect("/login").flashing("error" -> "Invalid state parameter"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
def selectUsername(): Action[AnyContent] = Action.async { implicit request =>
|
def selectUsername(): Action[AnyContent] = Action.async { implicit request =>
|
||||||
request.session.get("oauth_user_info") match {
|
request.session.get("oauth_session_id") match {
|
||||||
case Some(userInfoJson) =>
|
case Some(sessionId) =>
|
||||||
val userInfo = Json.parse(userInfoJson).as[OpenIDUserInfo]
|
oauthCache.getOAuthData(sessionId) match {
|
||||||
Future.successful(Ok(Json.obj(
|
case Some((userInfo, _, _)) =>
|
||||||
"id" -> userInfo.id,
|
Future.successful(Ok(Json.obj(
|
||||||
"email" -> userInfo.email,
|
"id" -> userInfo.id,
|
||||||
"name" -> userInfo.name,
|
"email" -> userInfo.email,
|
||||||
"picture" -> userInfo.picture,
|
"name" -> userInfo.name,
|
||||||
"provider" -> userInfo.provider,
|
"picture" -> userInfo.picture,
|
||||||
"providerName" -> userInfo.providerName
|
"provider" -> userInfo.provider,
|
||||||
)))
|
"providerName" -> userInfo.providerName
|
||||||
|
)))
|
||||||
|
case None =>
|
||||||
|
logger.error(s"OAuth session data not found for session ID: $sessionId")
|
||||||
|
Future.successful(Redirect("/login").flashing("error" -> "Session expired"))
|
||||||
|
}
|
||||||
case None =>
|
case None =>
|
||||||
|
logger.error("No OAuth session ID found")
|
||||||
Future.successful(Redirect("/login").flashing("error" -> "No authentication information found"))
|
Future.successful(Redirect("/login").flashing("error" -> "No authentication information found"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -115,48 +133,53 @@ class OpenIDController @Inject()(
|
|||||||
def submitUsername(): Action[AnyContent] = Action.async { implicit request =>
|
def submitUsername(): Action[AnyContent] = Action.async { implicit request =>
|
||||||
val username = request.body.asJson.flatMap(json => (json \ "username").asOpt[String])
|
val username = request.body.asJson.flatMap(json => (json \ "username").asOpt[String])
|
||||||
.orElse(request.body.asFormUrlEncoded.flatMap(_.get("username").flatMap(_.headOption)))
|
.orElse(request.body.asFormUrlEncoded.flatMap(_.get("username").flatMap(_.headOption)))
|
||||||
val userInfoJson = request.session.get("oauth_user_info")
|
val sessionId = request.session.get("oauth_session_id")
|
||||||
val provider = request.session.get("oauth_provider").getOrElse("unknown")
|
|
||||||
|
|
||||||
(username, userInfoJson) match {
|
(username, sessionId) match {
|
||||||
case (Some(uname), Some(userInfoJson)) =>
|
case (Some(uname), Some(sid)) =>
|
||||||
val userInfo = Json.parse(userInfoJson).as[OpenIDUserInfo]
|
oauthCache.getOAuthData(sid) match {
|
||||||
|
case Some((userInfo, accessToken, provider)) =>
|
||||||
// Check if username already exists
|
// Check if username already exists
|
||||||
val trimmedUsername = uname.trim
|
val trimmedUsername = uname.trim
|
||||||
userManager.userExists(trimmedUsername) match {
|
userManager.userExists(trimmedUsername) match {
|
||||||
case Some(_) =>
|
case Some(_) =>
|
||||||
Future.successful(Conflict(Json.obj("error" -> "Username already taken")))
|
Future.successful(Conflict(Json.obj("error" -> "Username already taken")))
|
||||||
case None =>
|
case None =>
|
||||||
// Create new user with OpenID info (no password needed)
|
// Create new user with OpenID info (no password needed)
|
||||||
val success = userManager.addOpenIDUser(trimmedUsername, userInfo)
|
val success = userManager.addOpenIDUser(trimmedUsername, userInfo)
|
||||||
if (success) {
|
if (success) {
|
||||||
// Get the created user and create session
|
// Get created user and create session
|
||||||
userManager.userExists(trimmedUsername) match {
|
userManager.userExists(trimmedUsername) match {
|
||||||
case Some(user) =>
|
case Some(user) =>
|
||||||
val sessionToken = sessionManager.createSession(user)
|
val sessionToken = sessionManager.createSession(user)
|
||||||
Future.successful(Ok(Json.obj(
|
// Clean up cache after successful user creation
|
||||||
"message" -> "User created successfully",
|
oauthCache.removeOAuthData(sid)
|
||||||
"user" -> Json.obj(
|
Future.successful(Ok(Json.obj(
|
||||||
"id" -> user.id,
|
"message" -> "User created successfully",
|
||||||
"username" -> user.name
|
"user" -> Json.obj(
|
||||||
)
|
"id" -> user.id,
|
||||||
)).withCookies(Cookie(
|
"username" -> user.name
|
||||||
name = "accessToken",
|
)
|
||||||
value = sessionToken,
|
)).withCookies(Cookie(
|
||||||
httpOnly = true,
|
name = "accessToken",
|
||||||
secure = false,
|
value = sessionToken,
|
||||||
sameSite = Some(Lax)
|
httpOnly = true,
|
||||||
)).removingFromSession("oauth_user_info", "oauth_provider", "oauth_access_token"))
|
secure = false,
|
||||||
case None =>
|
sameSite = Some(Lax)
|
||||||
Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user session")))
|
)).removingFromSession("oauth_session_id"))
|
||||||
}
|
case None =>
|
||||||
} else {
|
Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user session")))
|
||||||
Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user")))
|
}
|
||||||
|
} else {
|
||||||
|
Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user")))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
case None =>
|
||||||
|
logger.error(s"OAuth session data not found for session ID: $sid")
|
||||||
|
Future.successful(Redirect("/login").flashing("error" -> "Session expired"))
|
||||||
}
|
}
|
||||||
case _ =>
|
case _ =>
|
||||||
Future.successful(BadRequest(Json.obj("error" -> "Username is required")))
|
Future.successful(BadRequest(Json.obj("error" -> "Username and valid session required")))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
89
knockoutwhistweb/app/services/OAuthCacheService.scala
Normal file
89
knockoutwhistweb/app/services/OAuthCacheService.scala
Normal file
@@ -0,0 +1,89 @@
|
|||||||
|
package services
|
||||||
|
|
||||||
|
import org.redisson.Redisson
|
||||||
|
import org.redisson.api.RMapCache
|
||||||
|
import org.redisson.config.Config
|
||||||
|
import play.api.Logger
|
||||||
|
import play.api.libs.json.Json
|
||||||
|
|
||||||
|
import java.util.concurrent.TimeUnit
|
||||||
|
import javax.inject.*
|
||||||
|
|
||||||
|
@Singleton
|
||||||
|
class OAuthCacheService @Inject()() {
|
||||||
|
|
||||||
|
private val logger = Logger(this.getClass)
|
||||||
|
|
||||||
|
// Initialize Redis connection similar to Gateway
|
||||||
|
private val redis = {
|
||||||
|
val config: Config = Config()
|
||||||
|
val url = "redis://" + sys.env.getOrElse("REDIS_HOST", "localhost") + ":" + sys.env.getOrElse("REDIS_PORT", "6379")
|
||||||
|
logger.info(s"OAuthCacheService connecting to Redis at $url")
|
||||||
|
config.useSingleServer.setAddress(url)
|
||||||
|
Redisson.create(config)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cache for OAuth data with 30 minute TTL
|
||||||
|
private val oauthCache: RMapCache[String, String] = redis.getMapCache("oauth_cache")
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Store OAuth data with random ID and return the ID
|
||||||
|
*/
|
||||||
|
def storeOAuthData(userInfo: OpenIDUserInfo, accessToken: String, provider: String): String = {
|
||||||
|
val sessionId = java.util.UUID.randomUUID().toString
|
||||||
|
|
||||||
|
val oauthData = Json.obj(
|
||||||
|
"userInfo" -> Json.toJson(userInfo),
|
||||||
|
"accessToken" -> accessToken,
|
||||||
|
"provider" -> provider,
|
||||||
|
"timestamp" -> System.currentTimeMillis()
|
||||||
|
).toString()
|
||||||
|
|
||||||
|
// Store with 30 minute TTL
|
||||||
|
oauthCache.put(sessionId, oauthData, 30, TimeUnit.MINUTES)
|
||||||
|
logger.info(s"Stored OAuth data for session $sessionId")
|
||||||
|
|
||||||
|
sessionId
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieve OAuth data by session ID
|
||||||
|
*/
|
||||||
|
def getOAuthData(sessionId: String): Option[(OpenIDUserInfo, String, String)] = {
|
||||||
|
Option(oauthCache.get(sessionId)) match {
|
||||||
|
case Some(dataJson) =>
|
||||||
|
try {
|
||||||
|
val json = Json.parse(dataJson)
|
||||||
|
val userInfo = (json \ "userInfo").as[OpenIDUserInfo]
|
||||||
|
val accessToken = (json \ "accessToken").as[String]
|
||||||
|
val provider = (json \ "provider").as[String]
|
||||||
|
|
||||||
|
logger.info(s"Retrieved OAuth data for session $sessionId")
|
||||||
|
Some((userInfo, accessToken, provider))
|
||||||
|
} catch {
|
||||||
|
case e: Exception =>
|
||||||
|
logger.error(s"Failed to parse OAuth data for session $sessionId: ${e.getMessage}")
|
||||||
|
None
|
||||||
|
}
|
||||||
|
case None =>
|
||||||
|
logger.warn(s"No OAuth data found for session $sessionId")
|
||||||
|
None
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Remove OAuth data after use
|
||||||
|
*/
|
||||||
|
def removeOAuthData(sessionId: String): Unit = {
|
||||||
|
oauthCache.remove(sessionId)
|
||||||
|
logger.info(s"Removed OAuth data for session $sessionId")
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Clean up expired sessions (optional maintenance)
|
||||||
|
*/
|
||||||
|
def cleanupExpiredSessions(): Unit = {
|
||||||
|
oauthCache.clear()
|
||||||
|
logger.info("Cleaned up expired OAuth sessions")
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -2,7 +2,7 @@ package services
|
|||||||
|
|
||||||
import com.typesafe.config.Config
|
import com.typesafe.config.Config
|
||||||
import play.api.libs.ws.WSClient
|
import play.api.libs.ws.WSClient
|
||||||
import play.api.Configuration
|
import play.api.{Configuration, Logger}
|
||||||
import play.api.libs.json.*
|
import play.api.libs.json.*
|
||||||
|
|
||||||
import java.net.URI
|
import java.net.URI
|
||||||
@@ -11,7 +11,6 @@ import scala.concurrent.{ExecutionContext, Future}
|
|||||||
import com.nimbusds.oauth2.sdk.*
|
import com.nimbusds.oauth2.sdk.*
|
||||||
import com.nimbusds.oauth2.sdk.id.*
|
import com.nimbusds.oauth2.sdk.id.*
|
||||||
import com.nimbusds.openid.connect.sdk.*
|
import com.nimbusds.openid.connect.sdk.*
|
||||||
|
|
||||||
import play.api.libs.ws.DefaultBodyWritables.*
|
import play.api.libs.ws.DefaultBodyWritables.*
|
||||||
|
|
||||||
case class OpenIDUserInfo(
|
case class OpenIDUserInfo(
|
||||||
@@ -36,7 +35,8 @@ case class OpenIDProvider(
|
|||||||
authorizationEndpoint: String,
|
authorizationEndpoint: String,
|
||||||
tokenEndpoint: String,
|
tokenEndpoint: String,
|
||||||
userInfoEndpoint: String,
|
userInfoEndpoint: String,
|
||||||
scopes: Set[String] = Set("openid", "profile", "email")
|
scopes: Set[String] = Set("openid", "profile", "email"),
|
||||||
|
idClaimName: String = "id"
|
||||||
)
|
)
|
||||||
|
|
||||||
case class TokenResponse(
|
case class TokenResponse(
|
||||||
@@ -50,6 +50,8 @@ case class TokenResponse(
|
|||||||
@Singleton
|
@Singleton
|
||||||
class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit ec: ExecutionContext) {
|
class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit ec: ExecutionContext) {
|
||||||
|
|
||||||
|
private val logger = Logger(this.getClass)
|
||||||
|
|
||||||
private val providers = Map(
|
private val providers = Map(
|
||||||
"discord" -> OpenIDProvider(
|
"discord" -> OpenIDProvider(
|
||||||
name = "Discord",
|
name = "Discord",
|
||||||
@@ -69,7 +71,8 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
|
|||||||
authorizationEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/auth",
|
authorizationEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/auth",
|
||||||
tokenEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/token",
|
tokenEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/token",
|
||||||
userInfoEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/userinfo",
|
userInfoEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/userinfo",
|
||||||
scopes = Set("openid", "profile", "email")
|
scopes = Set("openid", "profile", "email"),
|
||||||
|
idClaimName = "sub"
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -135,7 +138,7 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
|
|||||||
if (response.status == 200) {
|
if (response.status == 200) {
|
||||||
val json = response.json
|
val json = response.json
|
||||||
Some(OpenIDUserInfo(
|
Some(OpenIDUserInfo(
|
||||||
id = (json \ "id").as[String],
|
id = (json \ provider.idClaimName).as[String],
|
||||||
email = (json \ "email").asOpt[String],
|
email = (json \ "email").asOpt[String],
|
||||||
name = (json \ "name").asOpt[String].orElse((json \ "login").asOpt[String]),
|
name = (json \ "name").asOpt[String].orElse((json \ "login").asOpt[String]),
|
||||||
picture = (json \ "picture").asOpt[String].orElse((json \ "avatar_url").asOpt[String]),
|
picture = (json \ "picture").asOpt[String].orElse((json \ "avatar_url").asOpt[String]),
|
||||||
@@ -143,10 +146,15 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
|
|||||||
providerName = provider.name
|
providerName = provider.name
|
||||||
))
|
))
|
||||||
} else {
|
} else {
|
||||||
|
logger.error(s"Failed to retrieve user info from ${provider.userInfoEndpoint}, status code ${response.status}")
|
||||||
None
|
None
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
.recover { case _ => None }
|
.recover { case e => {
|
||||||
|
logger.error(s"Failed to retrieve user info from ${provider.userInfoEndpoint}", e)
|
||||||
|
None
|
||||||
|
}
|
||||||
|
}
|
||||||
case None => Future.successful(None)
|
case None => Future.successful(None)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,3 +1,3 @@
|
|||||||
MAJOR=4
|
MAJOR=4
|
||||||
MINOR=44
|
MINOR=52
|
||||||
PATCH=0
|
PATCH=0
|
||||||
|
|||||||
Reference in New Issue
Block a user