diff --git a/src/main/java/info/fingo/urlopia/config/authentication/noauth/NoAuthFilter.java b/src/main/java/info/fingo/urlopia/config/authentication/noauth/NoAuthFilter.java index 29c8a91a..a95feb62 100644 --- a/src/main/java/info/fingo/urlopia/config/authentication/noauth/NoAuthFilter.java +++ b/src/main/java/info/fingo/urlopia/config/authentication/noauth/NoAuthFilter.java @@ -48,9 +48,9 @@ protected void doFilterInternal(HttpServletRequest request, private Authentication getAuthenticationForUser(User user, HttpServletResponse response) { try{ - var principal = user.getPrincipalName(); + var accountName = user.getAccountName(); var authorities = userAuthoritiesProvider.getAuthoritiesFromUser(user); - return new UsernamePasswordAuthenticationToken(principal, null, authorities); + return new UsernamePasswordAuthenticationToken(accountName, null, authorities); }catch (InvalidTokenException | NoSuchUserException exception){ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return null; diff --git a/src/main/java/info/fingo/urlopia/config/authentication/oauth/JwtFilter.java b/src/main/java/info/fingo/urlopia/config/authentication/oauth/JwtFilter.java index f450e2b7..fad82bf9 100644 --- a/src/main/java/info/fingo/urlopia/config/authentication/oauth/JwtFilter.java +++ b/src/main/java/info/fingo/urlopia/config/authentication/oauth/JwtFilter.java @@ -23,7 +23,8 @@ @RequiredArgsConstructor @ConditionalOnProperty(name = "ad.configuration.enabled", havingValue = "true", matchIfMissing = true) public class JwtFilter extends OncePerRequestFilter { - private static final Logger LOGGER = LoggerFactory.getLogger(OncePerRequestFilter.class); + private static final Logger LOGGER = LoggerFactory.getLogger(JwtFilter.class); + private final JwtTokenValidator jwtTokenValidator; @Override @@ -36,20 +37,20 @@ protected void doFilterInternal(HttpServletRequest request, return; } var authResult = getAuthenticationByToken(header, response); - if (authResult != null){ + if (authResult != null) { SecurityContextHolder.getContext().setAuthentication(authResult); chain.doFilter(request, response); } } - private Authentication getAuthenticationByToken(String header, - HttpServletResponse response) { - try{ + + private Authentication getAuthenticationByToken(String header, HttpServletResponse response) { + try { var accessToken = jwtTokenValidator.validateAuthorizationHeader(header); var accountName = accessToken.getAccountName(); var authorities = accessToken.getAuthorities(); return new UsernamePasswordAuthenticationToken(accountName, null, authorities); - }catch (InvalidTokenException | NoSuchUserException exception){ - LOGGER.warn("Invalid authentication token", exception); + } catch (InvalidTokenException | NoSuchUserException exception) { + LOGGER.warn("Error when authenticating user", exception); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return null; } diff --git a/src/main/java/info/fingo/urlopia/config/authentication/oauth/JwtUtils.java b/src/main/java/info/fingo/urlopia/config/authentication/oauth/JwtUtils.java index 6f819f54..49a97ccf 100644 --- a/src/main/java/info/fingo/urlopia/config/authentication/oauth/JwtUtils.java +++ b/src/main/java/info/fingo/urlopia/config/authentication/oauth/JwtUtils.java @@ -28,6 +28,6 @@ public static JsonObject decodeTokenPayloadToJsonObject(DecodedJWT decodedJWT) { public static String getAccountNameFromDecodedToken(DecodedJWT decodedToken) { var payloadAsJson = decodeTokenPayloadToJsonObject(decodedToken); var principal = payloadAsJson.getAsJsonPrimitive(PRINCIPAL_KEY).getAsString(); - return principal.substring(0, principal.indexOf("@")); + return principal.contains("@") ? principal.substring(0, principal.indexOf("@")) : principal; } } diff --git a/src/main/java/info/fingo/urlopia/user/ActiveDirectoryUserSynchronizer.java b/src/main/java/info/fingo/urlopia/user/ActiveDirectoryUserSynchronizer.java index e7199e0a..fb57ed47 100644 --- a/src/main/java/info/fingo/urlopia/user/ActiveDirectoryUserSynchronizer.java +++ b/src/main/java/info/fingo/urlopia/user/ActiveDirectoryUserSynchronizer.java @@ -23,7 +23,6 @@ @RequiredArgsConstructor @ConditionalOnProperty(name = "ad.configuration.enabled", havingValue = "true", matchIfMissing = true) public class ActiveDirectoryUserSynchronizer { - private static final Logger LOGGER = LoggerFactory.getLogger(ActiveDirectoryUserSynchronizer.class); private final UserRepository userRepository; @@ -32,11 +31,10 @@ public class ActiveDirectoryUserSynchronizer { private final ActiveDirectoryUserMapperWrapper userMapper; private final AutomaticVacationDayService automaticVacationDayService; - public void addNewUsers() { - var dbUsers = userRepository.findAllPrincipalNames(); + var dbUsers = userRepository.findAllAccountNames(); pickUsersFromActiveDirectory().stream() - .filter(user -> !dbUsers.contains(ActiveDirectoryUtils.pickAttribute(user, Attribute.PRINCIPAL_NAME))) + .filter(user -> !dbUsers.contains(ActiveDirectoryUtils.pickAttribute(user, Attribute.ACCOUNT_NAME))) .map(userMapper::mapNewUser) .forEach(this::saveNewUser); LOGGER.info("Synchronisation succeed: find new users"); @@ -52,23 +50,23 @@ private void saveNewUser(User user) { } public void deactivateDeletedUsers() { - var adUsers = pickUsersFromActiveDirectory().stream() - .map(user -> ActiveDirectoryUtils.pickAttribute(user, Attribute.PRINCIPAL_NAME)) + var existingAccountNames = pickUsersFromActiveDirectory().stream() + .map(user -> ActiveDirectoryUtils.pickAttribute(user, Attribute.ACCOUNT_NAME)) .toList(); userRepository.findAll().stream() - .filter(user -> !adUsers.contains(user.getPrincipalName())) + .filter(user -> !existingAccountNames.contains(user.getAccountName())) .forEach(this::deactivateUser); LOGGER.info("Synchronisation succeed: deactivate deleted users"); } public void deactivateDisabledUsers() { - var disabledUsers = pickDisabledUsersFromActiveDirectory().stream() - .map(user -> ActiveDirectoryUtils.pickAttribute(user, Attribute.PRINCIPAL_NAME)) + var disabledAccountNames = pickDisabledUsersFromActiveDirectory().stream() + .map(user -> ActiveDirectoryUtils.pickAttribute(user, Attribute.ACCOUNT_NAME)) .toList(); userRepository.findAll().stream() - .filter(user -> disabledUsers.contains(user.getPrincipalName())) + .filter(user -> disabledAccountNames.contains(user.getAccountName())) .forEach(this::deactivateUser); LOGGER.info("Synchronisation succeed: deactivate disabled users"); } @@ -91,9 +89,9 @@ public void synchronizeFull() { private void synchronize(Stream adUsers) { adUsers.forEach(adUser -> { - var principalName = ActiveDirectoryUtils.pickAttribute(adUser, Attribute.PRINCIPAL_NAME); + var accountName = ActiveDirectoryUtils.pickAttribute(adUser, Attribute.ACCOUNT_NAME); userRepository - .findFirstByPrincipalName(principalName) + .findFirstByAccountName(accountName) .map(user -> userMapper.updateUser(adUser, user)) .ifPresent(userRepository::save); }); diff --git a/src/main/java/info/fingo/urlopia/user/UserRepository.java b/src/main/java/info/fingo/urlopia/user/UserRepository.java index 3e080cfb..7257cdbd 100644 --- a/src/main/java/info/fingo/urlopia/user/UserRepository.java +++ b/src/main/java/info/fingo/urlopia/user/UserRepository.java @@ -17,10 +17,8 @@ public interface UserRepository extends BaseRepository, JpaRepository findFirstByAdName(String adName); - Optional findFirstByFirstNameAndLastName(String firstName, String lastName); - - @Query("SELECT u.principalName FROM User u") - List findAllPrincipalNames(); + @Query("SELECT u.accountName FROM User u") + List findAllAccountNames(); @Query("SELECT u FROM User u WHERE u.admin = true") List findAdmins();