diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/BasicOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/BasicOAuth2ClientMapper.java index 72380fabcc..cad0eecfcd 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/BasicOAuth2ClientMapper.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/BasicOAuth2ClientMapper.java @@ -33,12 +33,12 @@ import java.util.Map; public class BasicOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper { @Override - public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Client registration) { - OAuth2MapperConfig config = registration.getMapperConfig(); + public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Client oAuth2Client) { + OAuth2MapperConfig config = oAuth2Client.getMapperConfig(); Map attributes = token.getPrincipal().getAttributes(); String email = BasicMapperUtils.getStringAttributeByKey(attributes, config.getBasic().getEmailAttributeKey()); OAuth2User oauth2User = BasicMapperUtils.getOAuth2User(email, attributes, config); - return getOrCreateSecurityUserFromOAuth2User(oauth2User, registration); + return getOrCreateSecurityUserFromOAuth2User(oauth2User, oAuth2Client); } } diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/CustomOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/CustomOAuth2ClientMapper.java index abbd57e562..e9c2b9583d 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/CustomOAuth2ClientMapper.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/CustomOAuth2ClientMapper.java @@ -41,10 +41,10 @@ public class CustomOAuth2ClientMapper extends AbstractOAuth2ClientMapper impleme private RestTemplateBuilder restTemplateBuilder = new RestTemplateBuilder(); @Override - public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Client registration) { - OAuth2MapperConfig config = registration.getMapperConfig(); + public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Client auth2Client) { + OAuth2MapperConfig config = auth2Client.getMapperConfig(); OAuth2User oauth2User = getOAuth2User(token, providerAccessToken, config.getCustom()); - return getOrCreateSecurityUserFromOAuth2User(oauth2User, registration); + return getOrCreateSecurityUserFromOAuth2User(oauth2User, auth2Client); } private synchronized OAuth2User getOAuth2User(OAuth2AuthenticationToken token, String providerAccessToken, OAuth2CustomMapperConfig custom) { diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/GithubOAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/GithubOAuth2ClientMapper.java index f7af72ce69..889b7a828d 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/GithubOAuth2ClientMapper.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/GithubOAuth2ClientMapper.java @@ -49,13 +49,13 @@ public class GithubOAuth2ClientMapper extends AbstractOAuth2ClientMapper impleme private OAuth2Configuration oAuth2Configuration; @Override - public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Client registration) { - OAuth2MapperConfig config = registration.getMapperConfig(); + public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Client oAuth2Client) { + OAuth2MapperConfig config = oAuth2Client.getMapperConfig(); Map githubMapperConfig = oAuth2Configuration.getGithubMapper(); String email = getEmail(githubMapperConfig.get(EMAIL_URL_KEY), providerAccessToken); Map attributes = token.getPrincipal().getAttributes(); OAuth2User oAuth2User = BasicMapperUtils.getOAuth2User(email, attributes, config); - return getOrCreateSecurityUserFromOAuth2User(oAuth2User, registration); + return getOrCreateSecurityUserFromOAuth2User(oAuth2User, oAuth2Client); } private synchronized String getEmail(String emailUrl, String oauth2Token) { diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/OAuth2ClientMapper.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/OAuth2ClientMapper.java index 35bf09fa46..d65f3f66ec 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/OAuth2ClientMapper.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/OAuth2ClientMapper.java @@ -21,5 +21,5 @@ import org.thingsboard.server.common.data.oauth2.OAuth2Client; import org.thingsboard.server.service.security.model.SecurityUser; public interface OAuth2ClientMapper { - SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Client registration); + SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Client oAuth2Client); } diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java index 102709b717..b85e618a6e 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java @@ -97,19 +97,19 @@ public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS try { OAuth2AuthenticationToken token = (OAuth2AuthenticationToken) authentication; - OAuth2Client registration = oAuth2ClientService.findOAuth2ClientById(TenantId.SYS_TENANT_ID, new OAuth2ClientId(UUID.fromString(token.getAuthorizedClientRegistrationId()))); + OAuth2Client oauth2Client = oAuth2ClientService.findOAuth2ClientById(TenantId.SYS_TENANT_ID, new OAuth2ClientId(UUID.fromString(token.getAuthorizedClientRegistrationId()))); OAuth2AuthorizedClient oAuth2AuthorizedClient = oAuth2AuthorizedClientService.loadAuthorizedClient( token.getAuthorizedClientRegistrationId(), token.getPrincipal().getName()); - OAuth2ClientMapper mapper = oauth2ClientMapperProvider.getOAuth2ClientMapperByType(registration.getMapperConfig().getType()); + OAuth2ClientMapper mapper = oauth2ClientMapperProvider.getOAuth2ClientMapperByType(oauth2Client.getMapperConfig().getType()); SecurityUser securityUser = mapper.getOrCreateUserByClientPrincipal(request, token, oAuth2AuthorizedClient.getAccessToken().getTokenValue(), - registration); + oauth2Client); clearAuthenticationAttributes(request, response); JwtPair tokenPair = tokenFactory.createTokenPair(securityUser); getRedirectStrategy().sendRedirect(request, response, getRedirectUrl(baseUrl, tokenPair)); - systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, registration.getName(), null); + systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, oauth2Client.getName(), null); } catch (Exception e) { log.debug("Error occurred during processing authentication success result. " + "request [{}], response [{}], authentication [{}]", request, response, authentication, e); diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/domain/DomainInfo.java b/common/data/src/main/java/org/thingsboard/server/common/data/domain/DomainInfo.java index 335d5b1604..55871e5d6b 100644 --- a/common/data/src/main/java/org/thingsboard/server/common/data/domain/DomainInfo.java +++ b/common/data/src/main/java/org/thingsboard/server/common/data/domain/DomainInfo.java @@ -28,7 +28,7 @@ import java.util.List; @Schema public class DomainInfo extends Domain { - @Schema(description = "List of available oauth2 client registration") + @Schema(description = "List of available oauth2 clients") private List oauth2ClientInfos; public DomainInfo(Domain domain, List oauth2ClientInfos) { diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/sql/DomainEntity.java b/dao/src/main/java/org/thingsboard/server/dao/model/sql/DomainEntity.java index 069481a205..1b0c7a4183 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/model/sql/DomainEntity.java +++ b/dao/src/main/java/org/thingsboard/server/dao/model/sql/DomainEntity.java @@ -49,13 +49,10 @@ public class DomainEntity extends BaseSqlEntity { private Boolean propagateToEdge; public DomainEntity(Domain domain) { - if (domain.getId() != null) { - this.setUuid(domain.getId().getId()); - } + super(domain); if (domain.getTenantId() != null) { this.tenantId = domain.getTenantId().getId(); } - this.setCreatedTime(domain.getCreatedTime()); this.name = domain.getName(); this.oauth2Enabled = domain.isOauth2Enabled(); this.propagateToEdge = domain.isPropagateToEdge(); diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/sql/MobileAppEntity.java b/dao/src/main/java/org/thingsboard/server/dao/model/sql/MobileAppEntity.java index 52bba805fe..0313864d09 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/model/sql/MobileAppEntity.java +++ b/dao/src/main/java/org/thingsboard/server/dao/model/sql/MobileAppEntity.java @@ -53,13 +53,10 @@ public class MobileAppEntity extends BaseSqlEntity { } public MobileAppEntity(MobileApp mobile) { - if (mobile.getId() != null) { - this.setUuid(mobile.getId().getId()); - } + super(mobile); if (mobile.getTenantId() != null) { this.tenantId = mobile.getTenantId().getId(); } - this.setCreatedTime(mobile.getCreatedTime()); this.pkgName = mobile.getPkgName(); this.appSecret = mobile.getAppSecret(); this.oauth2Enabled = mobile.isOauth2Enabled(); diff --git a/dao/src/main/java/org/thingsboard/server/dao/model/sql/OAuth2ClientEntity.java b/dao/src/main/java/org/thingsboard/server/dao/model/sql/OAuth2ClientEntity.java index b9792de53d..8428d346ce 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/model/sql/OAuth2ClientEntity.java +++ b/dao/src/main/java/org/thingsboard/server/dao/model/sql/OAuth2ClientEntity.java @@ -118,29 +118,26 @@ public class OAuth2ClientEntity extends BaseSqlEntity { super(); } - public OAuth2ClientEntity(OAuth2Client registration) { - if (registration.getId() != null) { - this.setUuid(registration.getId().getId()); + public OAuth2ClientEntity(OAuth2Client oAuth2Client) { + super(oAuth2Client); + if (oAuth2Client.getTenantId() != null) { + this.tenantId = oAuth2Client.getTenantId().getId(); } - this.setCreatedTime(registration.getCreatedTime()); - if (registration.getTenantId() != null) { - this.tenantId = registration.getTenantId().getId(); - } - this.title = registration.getTitle(); - this.clientId = registration.getClientId(); - this.clientSecret = registration.getClientSecret(); - this.authorizationUri = registration.getAuthorizationUri(); - this.tokenUri = registration.getAccessTokenUri(); - this.scope = registration.getScope().stream().reduce((result, element) -> result + "," + element).orElse(""); - this.platforms = registration.getPlatforms() != null ? registration.getPlatforms().stream().map(Enum::name).reduce((result, element) -> result + "," + element).orElse("") : ""; - this.userInfoUri = registration.getUserInfoUri(); - this.userNameAttributeName = registration.getUserNameAttributeName(); - this.jwkSetUri = registration.getJwkSetUri(); - this.clientAuthenticationMethod = registration.getClientAuthenticationMethod(); - this.loginButtonLabel = registration.getLoginButtonLabel(); - this.loginButtonIcon = registration.getLoginButtonIcon(); - this.additionalInfo = registration.getAdditionalInfo(); - OAuth2MapperConfig mapperConfig = registration.getMapperConfig(); + this.title = oAuth2Client.getTitle(); + this.clientId = oAuth2Client.getClientId(); + this.clientSecret = oAuth2Client.getClientSecret(); + this.authorizationUri = oAuth2Client.getAuthorizationUri(); + this.tokenUri = oAuth2Client.getAccessTokenUri(); + this.scope = oAuth2Client.getScope().stream().reduce((result, element) -> result + "," + element).orElse(""); + this.platforms = oAuth2Client.getPlatforms() != null ? oAuth2Client.getPlatforms().stream().map(Enum::name).reduce((result, element) -> result + "," + element).orElse("") : ""; + this.userInfoUri = oAuth2Client.getUserInfoUri(); + this.userNameAttributeName = oAuth2Client.getUserNameAttributeName(); + this.jwkSetUri = oAuth2Client.getJwkSetUri(); + this.clientAuthenticationMethod = oAuth2Client.getClientAuthenticationMethod(); + this.loginButtonLabel = oAuth2Client.getLoginButtonLabel(); + this.loginButtonIcon = oAuth2Client.getLoginButtonIcon(); + this.additionalInfo = oAuth2Client.getAdditionalInfo(); + OAuth2MapperConfig mapperConfig = oAuth2Client.getMapperConfig(); if (mapperConfig != null) { this.allowUserCreation = mapperConfig.isAllowUserCreation(); this.activateUser = mapperConfig.isActivateUser(); diff --git a/dao/src/main/java/org/thingsboard/server/dao/oauth2/HybridClientRegistrationRepository.java b/dao/src/main/java/org/thingsboard/server/dao/oauth2/HybridClientRegistrationRepository.java index 0315f93628..8009cf98f6 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/oauth2/HybridClientRegistrationRepository.java +++ b/dao/src/main/java/org/thingsboard/server/dao/oauth2/HybridClientRegistrationRepository.java @@ -41,20 +41,20 @@ public class HybridClientRegistrationRepository implements ClientRegistrationRep null : toSpringClientRegistration(registration); } - private ClientRegistration toSpringClientRegistration(OAuth2Client registration){ - String registrationId = registration.getUuidId().toString(); + private ClientRegistration toSpringClientRegistration(OAuth2Client oAuth2Client){ + String registrationId = oAuth2Client.getUuidId().toString(); return ClientRegistration.withRegistrationId(registrationId) - .clientName(registration.getName()) - .clientId(registration.getClientId()) - .authorizationUri(registration.getAuthorizationUri()) - .clientSecret(registration.getClientSecret()) - .tokenUri(registration.getAccessTokenUri()) - .scope(registration.getScope()) + .clientName(oAuth2Client.getName()) + .clientId(oAuth2Client.getClientId()) + .authorizationUri(oAuth2Client.getAuthorizationUri()) + .clientSecret(oAuth2Client.getClientSecret()) + .tokenUri(oAuth2Client.getAccessTokenUri()) + .scope(oAuth2Client.getScope()) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .userInfoUri(registration.getUserInfoUri()) - .userNameAttributeName(registration.getUserNameAttributeName()) - .jwkSetUri(registration.getJwkSetUri()) - .clientAuthenticationMethod(registration.getClientAuthenticationMethod().equals("POST") ? + .userInfoUri(oAuth2Client.getUserInfoUri()) + .userNameAttributeName(oAuth2Client.getUserNameAttributeName()) + .jwkSetUri(oAuth2Client.getJwkSetUri()) + .clientAuthenticationMethod(oAuth2Client.getClientAuthenticationMethod().equals("POST") ? ClientAuthenticationMethod.CLIENT_SECRET_POST : ClientAuthenticationMethod.CLIENT_SECRET_BASIC) .redirectUri(defaultRedirectUriTemplate) .build();