Skip to content

Commit 1c7204a

Browse files
timeutimeu
committed
Bugfix: Implement workaround for http issue with google auth
Inject a custom GoogleOauth2Template that replaces http with https. This is required due to recent change in Google OAUTH2 which requires https for non localhost redirect urls. Spring security social > 2.x would make this workaround obsolete as it detects that the app is running behind a proxy that does TLS termination.
1 parent 4ce386e commit 1c7204a

File tree

3 files changed

+113
-0
lines changed

3 files changed

+113
-0
lines changed

src/genophenbrowser-server/src/main/java/com/gmi/nordborglab/browser/server/security/GoogleConnectionFactory.java

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
package com.gmi.nordborglab.browser.server.security;
2+
3+
import org.springframework.social.connect.UserProfile;
4+
import org.springframework.social.connect.support.OAuth2ConnectionFactory;
5+
import org.springframework.social.google.api.Google;
6+
import org.springframework.social.google.connect.GoogleAdapter;
7+
import org.springframework.social.google.connect.GoogleOAuth2Template;
8+
import org.springframework.social.google.connect.GoogleServiceProvider;
9+
import org.springframework.social.oauth2.AccessGrant;
10+
import org.springframework.social.oauth2.OAuth2Operations;
11+
12+
/**
13+
* Custom Google ConnectionFactory implementation to workround https://jira.spring.io/browse/SOCIAL-447.
14+
*
15+
*
16+
* @author Uemit Seren
17+
*/
18+
public class GoogleConnectionFactory extends OAuth2ConnectionFactory<Google> {
19+
20+
private final GoogleOAuth2TemplateWrapper oauth2Template;
21+
22+
public GoogleConnectionFactory(final String clientId, final String clientSecret) {
23+
super("google", new GoogleServiceProvider(clientId, clientSecret),
24+
new GoogleAdapter());
25+
oauth2Template = new GoogleOAuth2TemplateWrapper(new GoogleOAuth2Template(clientId, clientSecret));
26+
}
27+
28+
public OAuth2Operations getOAuthOperations() {
29+
return oauth2Template;
30+
}
31+
32+
@Override
33+
protected String extractProviderUserId(final AccessGrant accessGrant) {
34+
final Google api = ((GoogleServiceProvider) getServiceProvider()).getApi(accessGrant.getAccessToken());
35+
final UserProfile userProfile = getApiAdapter().fetchUserProfile(api);
36+
return userProfile.getUsername();
37+
}
38+
}

src/genophenbrowser-server/src/main/java/com/gmi/nordborglab/browser/server/security/GoogleOAuth2TemplateWrapper.java

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
package com.gmi.nordborglab.browser.server.security;
2+
3+
import org.springframework.social.oauth2.AccessGrant;
4+
import org.springframework.social.oauth2.GrantType;
5+
import org.springframework.social.oauth2.OAuth2Operations;
6+
import org.springframework.social.oauth2.OAuth2Parameters;
7+
import org.springframework.util.MultiValueMap;
8+
9+
public class GoogleOAuth2TemplateWrapper implements OAuth2Operations{
10+
11+
private final OAuth2Operations oauth2Template;
12+
13+
public GoogleOAuth2TemplateWrapper(OAuth2Operations oauth2Template) {
14+
this.oauth2Template = oauth2Template;
15+
}
16+
private OAuth2Parameters fixRedirectUrl(OAuth2Parameters parameters) {
17+
String redirectUrl = parameters.getRedirectUri();
18+
if (redirectUrl.contains("http") && !redirectUrl.contains("localhost")) {
19+
redirectUrl = redirectUrl.replace("http", "https");
20+
}
21+
parameters.setRedirectUri(redirectUrl);
22+
return parameters;
23+
}
24+
25+
@Override
26+
public String buildAuthorizeUrl(OAuth2Parameters parameters) {
27+
return oauth2Template.buildAuthorizeUrl(fixRedirectUrl(parameters));
28+
}
29+
@Override
30+
public String buildAuthorizeUrl(GrantType grantType, OAuth2Parameters parameters) {
31+
return oauth2Template.buildAuthorizeUrl(grantType, fixRedirectUrl(parameters));
32+
}
33+
@Override
34+
public String buildAuthenticateUrl(OAuth2Parameters parameters) {
35+
return oauth2Template.buildAuthenticateUrl(fixRedirectUrl(parameters));
36+
}
37+
@Override
38+
public String buildAuthenticateUrl(GrantType grantType, OAuth2Parameters parameters) {
39+
return oauth2Template.buildAuthenticateUrl(grantType, fixRedirectUrl(parameters));
40+
}
41+
@Override
42+
public AccessGrant exchangeForAccess(String authorizationCode, String redirectUri,
43+
MultiValueMap<String, String> additionalParameters) {
44+
return oauth2Template.exchangeForAccess(authorizationCode, redirectUri, additionalParameters);
45+
}
46+
@Override
47+
public AccessGrant exchangeCredentialsForAccess(String username, String password,
48+
MultiValueMap<String, String> additionalParameters) {
49+
return oauth2Template.exchangeCredentialsForAccess(username, password, additionalParameters);
50+
}
51+
@Override
52+
public AccessGrant refreshAccess(String refreshToken, String scope,
53+
MultiValueMap<String, String> additionalParameters) {
54+
return oauth2Template.refreshAccess(refreshToken, scope, additionalParameters);
55+
}
56+
@Override
57+
public AccessGrant refreshAccess(String refreshToken, MultiValueMap<String, String> additionalParameters) {
58+
return oauth2Template.refreshAccess(refreshToken, additionalParameters);
59+
}
60+
@Override
61+
public AccessGrant authenticateClient() {
62+
return oauth2Template.authenticateClient();
63+
}
64+
@Override
65+
public AccessGrant authenticateClient(String scope) {
66+
return oauth2Template.authenticateClient(scope);
67+
}
68+
}

src/genophenbrowser-server/src/main/resources/META-INF/spring-social.xml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,13 @@
7474
<constructor-arg value="${google.clientId}"/>
7575
<constructor-arg value="${google.clientSecret}"/>
7676
<property name="defaultScope" value="email"/>
77+
<property name="connectionFactory">
78+
<bean id = "customGoogleConnectionFactory"
79+
class="com.gmi.nordborglab.browser.server.security.GoogleConnectionFactory">
80+
<constructor-arg value="${google.clientId}"/>
81+
<constructor-arg value="${google.clientSecret}"/>
82+
</bean>
83+
</property>
7784
</bean>
7885
<bean class="org.springframework.social.github.security.GitHubAuthenticationService">
7986
<constructor-arg value="${github.clientId}"/>

0 commit comments

Comments
 (0)