From 172669c1f264fbe5ecec0dba828ccacdfd252c53 Mon Sep 17 00:00:00 2001
From: Nico Athanassiadis <nico@dsv.su.se>
Date: Tue, 29 Apr 2025 12:46:05 +0200
Subject: [PATCH 1/3] Switched to new oauth server

We now have a new Oauth server on dsv, so we will not use toker anymore.

Also added code to update email in the db if the logged in user has an email
---
 compose.yaml                                         |  4 ++--
 .../se/su/dsv/seshat/controllers/FileController.java |  8 ++++++++
 .../services/CustomOAuth2loginSuccessHandler.java    |  5 ++++-
 .../java/se/su/dsv/seshat/services/UserService.java  | 12 ++++++++++++
 src/main/resources/application.properties            |  9 ++++-----
 src/main/resources/templates/file-management.html    |  2 +-
 6 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 7cfc102..8d09102 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -13,8 +13,7 @@ services:
 
   oauth2:
     build:
-      context: https://github.com/dsv-su/toker.git
-      dockerfile: embedded.Dockerfile
+      context: https://gitea.dsv.su.se/DMC/oauth2-authorization-server.git#20cd09737d4c57bc1ee8098637cbad1a618bf49e
 
     ports:
       - '51337:8080'
@@ -22,6 +21,7 @@ services:
       - CLIENT_ID=seshat
       - CLIENT_SECRET=n0tS3cr3t
       - CLIENT_REDIRECT_URI=http://localhost:8181/login/oauth2/code/seshat
+      - CLIENT_SCOPES=openid email profile
 
 volumes:
     mariadb_data:
diff --git a/src/main/java/se/su/dsv/seshat/controllers/FileController.java b/src/main/java/se/su/dsv/seshat/controllers/FileController.java
index a7dd87a..6e696ef 100644
--- a/src/main/java/se/su/dsv/seshat/controllers/FileController.java
+++ b/src/main/java/se/su/dsv/seshat/controllers/FileController.java
@@ -10,9 +10,12 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -183,6 +186,11 @@ public class FileController {
         return "redirect:/files/manage";
     }
 
+    @ModelAttribute("displayName")
+    public String getDisplayName(@AuthenticationPrincipal OAuth2User oauth2User) {
+        return oauth2User.getAttribute("name");
+    }
+
     private static List<FileMetadata> getFileUploadStatuses(List<FileMetadata> uploaded) {
         return uploaded.stream()
                 .filter(file -> file.getJobStatus() != null)
diff --git a/src/main/java/se/su/dsv/seshat/services/CustomOAuth2loginSuccessHandler.java b/src/main/java/se/su/dsv/seshat/services/CustomOAuth2loginSuccessHandler.java
index 805ac55..893ffcf 100644
--- a/src/main/java/se/su/dsv/seshat/services/CustomOAuth2loginSuccessHandler.java
+++ b/src/main/java/se/su/dsv/seshat/services/CustomOAuth2loginSuccessHandler.java
@@ -12,6 +12,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
 import org.springframework.stereotype.Service;
 
 import java.io.IOException;
+import java.util.Objects;
 
 @Service
 public class CustomOAuth2loginSuccessHandler implements AuthenticationSuccessHandler {
@@ -32,11 +33,13 @@ public class CustomOAuth2loginSuccessHandler implements AuthenticationSuccessHan
 
         String username = oAuth2User.getName();
         // If the user does not have an email, set it to "no-email". We will not send any eamil notifications to this user.
-        String email = oAuth2User.getAttribute("mail") != null ? oAuth2User.getAttribute("mail") : "no-email";
+        String email = Objects.requireNonNullElse(oAuth2User.getAttribute("email"), "no-email");
 
 
         if(!userService.existsByUsername(username)) {
             userService.registerUser(username, email);
+        } else {
+            userService.updateEmail(username, email);
         }
         response.sendRedirect(redirectUrl);
     }
diff --git a/src/main/java/se/su/dsv/seshat/services/UserService.java b/src/main/java/se/su/dsv/seshat/services/UserService.java
index 515d01f..832900d 100644
--- a/src/main/java/se/su/dsv/seshat/services/UserService.java
+++ b/src/main/java/se/su/dsv/seshat/services/UserService.java
@@ -27,6 +27,18 @@ public class UserService {
                 .orElseThrow(() -> new IllegalArgumentException("User not found"));
     }
 
+    public void updateEmail(String username, String newEmail) {
+        AppUser user = appUserRepository.findByUsername(username)
+                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+
+        if(newEmail.equalsIgnoreCase("no-email")) {
+            return;
+        }
+
+        user.setEmail(newEmail);
+        appUserRepository.save(user);
+    }
+
     public boolean existsByUsername(String username) {
         return appUserRepository.existsByUsername(username);
     }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index b200329..84a45b8 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -30,12 +30,11 @@ spring.jpa.hibernate.ddl-auto=update
 spring.jpa.show-sql=false
 
 # OAuth2 properties, remember if you change the registration.provider the provider properties must be updated
-spring.security.oauth2.client.provider.docker.authorization-uri=http://localhost:51337/authorize
-spring.security.oauth2.client.provider.docker.token-uri=http://localhost:51337/exchange
-spring.security.oauth2.client.provider.docker.user-info-uri=http://localhost:51337/introspect
-spring.security.oauth2.client.provider.docker.user-name-attribute=sub
+spring.security.oauth2.client.provider.docker.issuer-uri=http://localhost:51337
+
 spring.security.oauth2.client.registration.seshat.client-id=seshat
 spring.security.oauth2.client.registration.seshat.client-secret=n0tS3cr3t
 spring.security.oauth2.client.registration.seshat.authorization-grant-type=authorization_code
 spring.security.oauth2.client.registration.seshat.provider=docker
-spring.security.oauth2.client.registration.seshat.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
\ No newline at end of file
+spring.security.oauth2.client.registration.seshat.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
+spring.security.oauth2.client.registration.seshat.scope=openid,profile,email
\ No newline at end of file
diff --git a/src/main/resources/templates/file-management.html b/src/main/resources/templates/file-management.html
index 9f121ff..551c7f5 100644
--- a/src/main/resources/templates/file-management.html
+++ b/src/main/resources/templates/file-management.html
@@ -17,7 +17,7 @@
             <a class="user-menu text-white text-decoration-none dropdown-toggle" href="#" id="userMenu" role="button"
                data-bs-toggle="dropdown" aria-expanded="false">
                 <i class="bi bi-person-circle"></i>
-                <span th:text="${#authentication.getName()}">Username</span>
+                <span th:text="${displayName}">Username</span>
             </a>
             <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="userMenu">
                 <li><a class="dropdown-item" th:href="@{/logout}">Logout</a></li>
-- 
2.39.5


From 6c4c4530e41ab9333a5aaff5dd62fd6901168d50 Mon Sep 17 00:00:00 2001
From: Nico Athanassiadis <nico@dsv.su.se>
Date: Tue, 29 Apr 2025 13:14:45 +0200
Subject: [PATCH 2/3] Expanded test to inlude oauth container

---
 .../java/se/su/dsv/seshat/SeshatApplicationTests.java  | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/test/java/se/su/dsv/seshat/SeshatApplicationTests.java b/src/test/java/se/su/dsv/seshat/SeshatApplicationTests.java
index 1a1fb0c..924791c 100644
--- a/src/test/java/se/su/dsv/seshat/SeshatApplicationTests.java
+++ b/src/test/java/se/su/dsv/seshat/SeshatApplicationTests.java
@@ -3,11 +3,21 @@ package se.su.dsv.seshat;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.testcontainers.service.connection.ServiceConnection;
+import org.testcontainers.containers.ComposeContainer;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
 
+import java.io.File;
+
+@Testcontainers
 @SpringBootTest
 class SeshatApplicationTests {
     @ServiceConnection
     private static org.testcontainers.containers.MariaDBContainer<?> dbContainer = new org.testcontainers.containers.MariaDBContainer<>("mariadb:10.11");
+
+    @Container
+    private static ComposeContainer oauth2Container = new ComposeContainer(new File("compose.yaml"));
     @Test
     void contextLoads() {
     }
-- 
2.39.5


From d3c834092281a82da9da29a1bc33f53142930cef Mon Sep 17 00:00:00 2001
From: Nico Athanassiadis <nico@dsv.su.se>
Date: Tue, 29 Apr 2025 13:25:48 +0200
Subject: [PATCH 3/3] Seperated composse file

Due to tests not working as expected in other environments opted to split up the
compose file to separate files. This way we can have separation of what is loaded
by each file.

We use the include directive to add the files in the order they are needed.
---
 compose-oauth.yaml                                  | 12 ++++++++++++
 compose.yaml                                        | 13 ++-----------
 .../se/su/dsv/seshat/SeshatApplicationTests.java    |  2 +-
 3 files changed, 15 insertions(+), 12 deletions(-)
 create mode 100644 compose-oauth.yaml

diff --git a/compose-oauth.yaml b/compose-oauth.yaml
new file mode 100644
index 0000000..ffa8d1f
--- /dev/null
+++ b/compose-oauth.yaml
@@ -0,0 +1,12 @@
+services:
+  oauth2:
+    build:
+      context: https://gitea.dsv.su.se/DMC/oauth2-authorization-server.git#20cd09737d4c57bc1ee8098637cbad1a618bf49e
+
+    ports:
+      - '51337:8080'
+    environment:
+      - CLIENT_ID=seshat
+      - CLIENT_SECRET=n0tS3cr3t
+      - CLIENT_REDIRECT_URI=http://localhost:8181/login/oauth2/code/seshat
+      - CLIENT_SCOPES=openid email profile
\ No newline at end of file
diff --git a/compose.yaml b/compose.yaml
index 8d09102..2699a0f 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -11,17 +11,8 @@ services:
     volumes:
       - mariadb_data:/var/lib/mysql
 
-  oauth2:
-    build:
-      context: https://gitea.dsv.su.se/DMC/oauth2-authorization-server.git#20cd09737d4c57bc1ee8098637cbad1a618bf49e
-
-    ports:
-      - '51337:8080'
-    environment:
-      - CLIENT_ID=seshat
-      - CLIENT_SECRET=n0tS3cr3t
-      - CLIENT_REDIRECT_URI=http://localhost:8181/login/oauth2/code/seshat
-      - CLIENT_SCOPES=openid email profile
+include:
+  - compose-oauth.yaml
 
 volumes:
     mariadb_data:
diff --git a/src/test/java/se/su/dsv/seshat/SeshatApplicationTests.java b/src/test/java/se/su/dsv/seshat/SeshatApplicationTests.java
index 924791c..2e40994 100644
--- a/src/test/java/se/su/dsv/seshat/SeshatApplicationTests.java
+++ b/src/test/java/se/su/dsv/seshat/SeshatApplicationTests.java
@@ -17,7 +17,7 @@ class SeshatApplicationTests {
     private static org.testcontainers.containers.MariaDBContainer<?> dbContainer = new org.testcontainers.containers.MariaDBContainer<>("mariadb:10.11");
 
     @Container
-    private static ComposeContainer oauth2Container = new ComposeContainer(new File("compose.yaml"));
+    private static ComposeContainer oauth2Container = new ComposeContainer(new File("compose-oauth.yaml"));
     @Test
     void contextLoads() {
     }
-- 
2.39.5