retrieve user details from claim, add /me endpoint

cbellone · Apr 23, 2021 · e5a6851 · e5a6851
1 parent 29602cd
commit e5a6851
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 56 deletions.
diff --git a/src/main/java/alfio/config/authentication/support/OpenIdPublicCallbackLoginFilter.java b/src/main/java/alfio/config/authentication/support/OpenIdPublicCallbackLoginFilter.java
diff --git a/src/main/java/alfio/controller/api/v2/model/User.java b/src/main/java/alfio/controller/api/v2/model/User.java
@@ -0,0 +1,25 @@
+package alfio.controller.api.v2.model;
+
+public class User {
+    private final String firstName;
+    private final String lastName;
+    private final String emailAddress;
+
+    public User(String firstName, String lastName, String emailAddress) {
+        this.firstName = firstName;
+        this.lastName = lastName;
+        this.emailAddress = emailAddress;
+    }
+
+    public String getFirstName() {
+        return firstName;
+    }
+
+    public String getLastName() {
+        return lastName;
+    }
+
+    public String getEmailAddress() {
+        return emailAddress;
+    }
+}
diff --git a/src/main/java/alfio/controller/api/v2/user/UserApiV2Controller.java b/src/main/java/alfio/controller/api/v2/user/UserApiV2Controller.java
@@ -0,0 +1,29 @@
+package alfio.controller.api.v2.user;
+
+import alfio.controller.api.v2.model.User;
+import alfio.manager.user.UserManager;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/v2/public/user")
+@RequiredArgsConstructor
+public class UserApiV2Controller {
+
+    private final UserManager userManager;
+
+    @GetMapping("/me")
+    public ResponseEntity<User> getUserIdentity(Authentication authentication) {
+        if(authentication != null) {
+            return userManager.findOptionalEnabledUserByUsername(authentication.getName())
+                .map(u -> ResponseEntity.ok(new User(u.getFirstName(), u.getLastName(), u.getEmailAddress())))
+                .orElseGet(() -> ResponseEntity.status(HttpStatus.NO_CONTENT).build());
+        }
+        return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
+    }
+}
diff --git a/src/main/java/alfio/manager/openid/BaseOpenIdAuthenticationManager.java b/src/main/java/alfio/manager/openid/BaseOpenIdAuthenticationManager.java
@@ -34,6 +34,7 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import lombok.extern.log4j.Log4j2;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
 import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
 import org.springframework.security.core.GrantedAuthority;
@@ -100,15 +101,15 @@ public final OpenIdAlfioAuthentication authenticateUser(String code) {
         String email = idTokenClaims.get(EMAIL).asString();
 
         var userInfo = fromToken(idToken, subject, email, idTokenClaims);
-        return createOrRetrieveUser(userInfo);
+        return createOrRetrieveUser(userInfo, idTokenClaims);
     }
 
-    private OpenIdAlfioAuthentication createOrRetrieveUser(OpenIdAlfioUser user) {
+    private OpenIdAlfioAuthentication createOrRetrieveUser(OpenIdAlfioUser user, Map<String, Claim> idTokenClaims) {
         if (!userManager.usernameExists(user.getEmail())) {
             userRepository.create(user.getEmail(),
                 passwordEncoder.encode(PasswordGenerator.generateRandomPassword()),
-                user.getEmail(),
-                user.getEmail(),
+                retrieveClaimOrBlank(idTokenClaims, "given_name"),
+                retrieveClaimOrBlank(idTokenClaims, "family_name"),
                 user.getEmail(),
                 true,
                 getUserType(),
@@ -126,6 +127,14 @@ private OpenIdAlfioAuthentication createOrRetrieveUser(OpenIdAlfioUser user) {
         return new OpenIdAlfioAuthentication(authorities, user.getIdToken(), user.getSubject(), user.getEmail(), buildLogoutUrl());
     }
 
+    private static String retrieveClaimOrBlank(Map<String, Claim> claims, String name) {
+        String claimValue = null;
+        if(claims.containsKey(name)) {
+            claimValue = claims.get(name).asString();
+        }
+        return StringUtils.trimToEmpty(claimValue);
+    }
+
     private void updateOrganizations(OpenIdAlfioUser alfioUser) {
         int userId = userRepository.findIdByUserName(alfioUser.getEmail()).orElseThrow();
         var databaseOrganizationIds = organizationRepository.findAllForUser(alfioUser.getEmail()).stream()