Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor OAuth2 login for Halo 2.20 #64

Merged
merged 6 commits into from
Oct 11, 2024
Merged

Refactor OAuth2 login for Halo 2.20 #64

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
0a553a5
Refactor OAuth2 login for Halo 2.20
JohnNiang Sep 25, 2024
a29d5e1
Update dependencies
JohnNiang Sep 26, 2024
c2186a4
Remove unused code
JohnNiang Sep 29, 2024
c329c09
Remove UserConnection endpoint and service
JohnNiang Sep 30, 2024
d2edf4a
Remove unused code
JohnNiang Oct 10, 2024
7416aeb
Restrict minimal requirement of Halo
JohnNiang Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,15 @@ group 'run.halo.oauth'
sourceCompatibility = JavaVersion.VERSION_17

repositories {
mavenLocal()
JohnNiang marked this conversation as resolved.
Show resolved Hide resolved
maven { url 'https://s01.oss.sonatype.org/content/repositories/releases' }
maven { url 'https://s01.oss.sonatype.org/content/repositories/snapshots/' }
maven { url 'https://repo.spring.io/milestone' }
mavenCentral()
}

dependencies {
implementation platform('run.halo.tools.platform:plugin:2.17.0-SNAPSHOT')
implementation platform('run.halo.tools.platform:plugin:2.20.0+local.6')
compileOnly 'run.halo.app:api'

testImplementation 'run.halo.app:api'
Expand Down
4 changes: 4 additions & 0 deletions src/main/java/run/halo/oauth/DefaultOAuth2AuthorizedClientService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
import reactor.core.publisher.Mono;
import run.halo.app.extension.Metadata;
import run.halo.app.extension.ReactiveExtensionClient;
import run.halo.app.security.authentication.oauth2.HaloOAuth2AuthenticationToken;

/**
* Implementations of this interface are responsible for the management of Authorized Client(s),
Expand Down Expand Up @@ -60,6 +61,9 @@ public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient,
Authentication principal) {
Assert.notNull(authorizedClient, "authorizedClient cannot be null");
Assert.notNull(principal, "principal cannot be null");
if (principal instanceof HaloOAuth2AuthenticationToken haloOAuthToken) {
principal = haloOAuthToken.getOriginal();
}
String registrationId = authorizedClient.getClientRegistration().getRegistrationId();
return client.fetch(AuthorizedClient.class,
authorizedClientName(registrationId, principal.getName())
Expand Down
52 changes: 0 additions & 52 deletions src/main/java/run/halo/oauth/DefaultSocialUserDetailsService.java
View file
Open in desktop

This file was deleted.

62 changes: 0 additions & 62 deletions src/main/java/run/halo/oauth/DefaultUserDetailsService.java
View file
Open in desktop

This file was deleted.

58 changes: 58 additions & 0 deletions src/main/java/run/halo/oauth/HaloOAuth2AuthenticationWebFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
package run.halo.oauth;

import org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager;
import org.springframework.security.oauth2.client.endpoint.WebClientReactiveAuthorizationCodeTokenResponseClient;
import org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter;
import org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import run.halo.app.security.AuthenticationSecurityWebFilter;

/**
* OAuth2 authentication web filter.
*
* @author johnniang
* @since 2.20.0
*/
@Component
public class HaloOAuth2AuthenticationWebFilter implements AuthenticationSecurityWebFilter {

private final WebFilter delegate;

public HaloOAuth2AuthenticationWebFilter(Oauth2LoginConfiguration configuration,
ServerSecurityContextRepository securityContextRepository) {
var authManager = new OAuth2LoginReactiveAuthenticationManager(
new WebClientReactiveAuthorizationCodeTokenResponseClient(),
new DefaultReactiveOAuth2UserService()
);
var filter = new OAuth2LoginAuthenticationWebFilter(authManager,
configuration.getAuthorizedClientRepository());
filter.setRequiresAuthenticationMatcher(configuration.getAuthenticationMatcher());
var converter = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(
configuration.getClientRegistrationRepository()
);
filter.setAuthenticationSuccessHandler(
new RedirectServerAuthenticationSuccessHandler("/uc")
);
filter.setAuthenticationFailureHandler(
new RedirectServerAuthenticationFailureHandler("/login?oauth2_error")
);
filter.setServerAuthenticationConverter(converter);
filter.setSecurityContextRepository(securityContextRepository);

this.delegate = filter;
}

@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
return delegate.filter(exchange, chain);
}

}
33 changes: 33 additions & 0 deletions src/main/java/run/halo/oauth/HaloOAuth2RedirectWebFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
package run.halo.oauth;

import org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import run.halo.app.security.HttpBasicSecurityWebFilter;

@Component
public class HaloOAuth2RedirectWebFilter implements HttpBasicSecurityWebFilter {

private final WebFilter delegate;

public HaloOAuth2RedirectWebFilter(Oauth2LoginConfiguration configuration) {
this.delegate = createDelegate(configuration);
}

@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
return delegate.filter(exchange, chain);
}

private static OAuth2AuthorizationRequestRedirectWebFilter createDelegate(
Oauth2LoginConfiguration configuration
) {
return new OAuth2AuthorizationRequestRedirectWebFilter(
configuration.getClientRegistrationRepository()
);
}

}
31 changes: 0 additions & 31 deletions src/main/java/run/halo/oauth/ListedConnection.java
View file
Open in desktop

This file was deleted.

Loading
Loading