Replace registration hook by fallback in CustomOAuth2UserService (#68)

Author: alvaromanoso

src/main/java/io/autoinvestor/ServerWebExchangeFactory.java

@@ -25,6 +25,7 @@ public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest) {
 
         return delegate.loadUser(userRequest)
                 .flatMap(oauth2User -> fetchUserId(oauth2User)
+                        .switchIfEmpty(createUser(oauth2User))
                         .map(userId -> {
                             Map<String, Object> attributes = new HashMap<>(oauth2User.getAttributes());
                             attributes.put("userId", userId);
@@ -34,7 +35,6 @@ public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest) {
                                     "sub"
                             );
                         })
-                        .switchIfEmpty(Mono.error(new RuntimeException("User not found")))
                 );
     }
 
@@ -43,5 +43,11 @@ private Mono<String> fetchUserId(OAuth2User user) {
                 .getUser(user.getAttribute("email"))
                 .map(userResponse -> userResponse.userId().toString());
     }
+
+    private Mono<String> createUser(OAuth2User user) {
+        return usersClient
+                .createUser(user.getAttribute("email"))
+                .then(fetchUserId(user));
+    }
 }
 

src/main/java/io/autoinvestor/configuration/CustomOAuth2UserService.java

@@ -1,41 +1,18 @@
 package io.autoinvestor.configuration;
 
 import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.http.HttpStatus;
 import org.springframework.security.config.Customizer;
-import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
-import org.springframework.web.server.WebFilter;
 
 @Configuration
 @RequiredArgsConstructor
 public class SecurityConfiguration {
 
-    @Value("${autoinvestor.okta.hookAuthHeaderName}")
-    private String apiAuthHeaderName;
-
-    @Value("${autoinvestor.okta.hookAuthHeaderValue}")
-    private String apiAuthHeaderValue;
-
     @Bean
-    @Order(1)
-    public SecurityWebFilterChain hookSecurityWebFilterChain(ServerHttpSecurity http) {
-        return http
-                .securityMatcher(ServerWebExchangeMatchers.pathMatchers("/api/hook/**"))
-                .csrf(ServerHttpSecurity.CsrfSpec::disable)
-                .authorizeExchange(exchanges -> exchanges.anyExchange().permitAll())
-                .addFilterAt(hookAuthenticationWebFilter(), SecurityWebFiltersOrder.AUTHENTICATION)
-                .build();
-    }
-
-    @Bean
-    @Order(2)
     public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
         return http
                 .securityMatcher(ServerWebExchangeMatchers.anyExchange())
@@ -47,17 +24,4 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
                 .oauth2Login(Customizer.withDefaults())
                 .build();
     }
-
-    private WebFilter hookAuthenticationWebFilter() {
-        return (exchange, chain) -> {
-            String headerValue = exchange.getRequest().getHeaders().getFirst(apiAuthHeaderName);
-
-            if (apiAuthHeaderValue.equals(headerValue)) {
-                return chain.filter(exchange);
-            } else {
-                exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
-                return exchange.getResponse().setComplete();
-            }
-        };
-    }
 }

src/main/java/io/autoinvestor/configuration/SecurityConfiguration.java

@@ -1,6 +1,5 @@
 package io.autoinvestor.filters;
 
-import io.autoinvestor.ServerWebExchangeFactory;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.RequiredArgsConstructor;
@@ -12,6 +11,7 @@
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.stereotype.Component;
+import org.springframework.web.server.ServerWebExchange;
 
 import java.util.List;
 
@@ -20,20 +20,25 @@
 @RequiredArgsConstructor
 public class ClaimToHeaderGatewayFilterFactory implements GatewayFilterFactory<ClaimToHeaderGatewayFilterFactory.Config> {
 
-    private final ServerWebExchangeFactory serverWebExchangeFactory;
-
     @Override
     public GatewayFilter apply(Config config) {
         return (exchange, chain) -> ReactiveSecurityContextHolder.getContext()
                 .map(SecurityContext::getAuthentication)
                 .filter(authentication -> authentication instanceof OAuth2AuthenticationToken)
                 .map(authentication -> (OAuth2AuthenticationToken) authentication)
                 .mapNotNull(authentication -> authentication.getPrincipal().getAttribute(config.getClaim()))
-                .map(userId -> serverWebExchangeFactory.withHeader(exchange, config.getHeaderName(), userId.toString()))
+                .filter(userId -> userId instanceof String)
+                .map(userId -> withHeader(exchange, config.getHeaderName(), (String) userId))
                 .defaultIfEmpty(exchange)
                 .flatMap(chain::filter);
     }
 
+    private static ServerWebExchange withHeader(ServerWebExchange exchange, String headerName, String headerValue) {
+        return exchange.mutate().request(request -> request.headers(headers ->
+                headers.add(headerName, headerValue)
+        )).build();
+    }
+
     @Override
     public Config newConfig() {
         return new Config();

src/main/java/io/autoinvestor/controller/inlinehook/HookController.java

@@ -1,7 +1,4 @@
 autoinvestor:
-  okta:
-    hookAuthHeaderName: "${OKTA_HOOK_AUTH_HEADER_NAME}"
-    hookAuthHeaderValue: "${OKTA_HOOK_AUTH_HEADER_VALUE}"
   client:
     users:
       url: "${USERS_BASE_URL}"