Refactoring security for audit prep

OpenConext · Sep 28, 2023 · fa34612 · fa34612
1 parent 261d69f
commit fa34612
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 29 deletions.
diff --git a/server/src/main/java/access/api/DefaultErrorController.java b/server/src/main/java/access/api/DefaultErrorController.java
@@ -39,7 +39,7 @@ public DefaultErrorController(ErrorAttributes errorAttributes) {
     }
 
     @RequestMapping("/error")
-    public ResponseEntity error(HttpServletRequest request) throws URISyntaxException {
+    public ResponseEntity error(HttpServletRequest request) {
         WebRequest webRequest = new ServletWebRequest(request);
         Map<String, Object> result = this.errorAttributes.getErrorAttributes(
                 webRequest,

diff --git a/server/src/main/java/access/security/AuthorizationRequestCustomizer.java b/server/src/main/java/access/security/AuthorizationRequestCustomizer.java
@@ -0,0 +1,50 @@
+package access.security;
+
+import access.model.Invitation;
+import access.repository.InvitationRepository;
+import jakarta.servlet.http.HttpSession;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.web.savedrequest.DefaultSavedRequest;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import java.util.Optional;
+import java.util.function.Consumer;
+
+public class AuthorizationRequestCustomizer implements Consumer<OAuth2AuthorizationRequest.Builder> {
+
+    private final InvitationRepository invitationRepository;
+    private final String eduidEntityId;
+
+    public AuthorizationRequestCustomizer(InvitationRepository invitationRepository, String eduidEntityId) {
+        this.invitationRepository = invitationRepository;
+        this.eduidEntityId = eduidEntityId;
+    }
+
+    @Override
+    public void accept(OAuth2AuthorizationRequest.Builder builder) {
+        builder.additionalParameters(params -> {
+            RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
+            HttpSession session = ((ServletRequestAttributes) requestAttributes)
+                    .getRequest().getSession(false);
+            if (session == null) {
+                return;
+            }
+            DefaultSavedRequest savedRequest = (DefaultSavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
+            String[] force = savedRequest.getParameterValues("force");
+            if (force != null && force.length == 1) {
+                params.put("prompt", "login");
+            }
+            String[] hash = savedRequest.getParameterValues("hash");
+            if (hash != null && hash.length == 1) {
+                Optional<Invitation> optionalInvitation = invitationRepository.findByHash(hash[0]);
+                optionalInvitation.ifPresent(invitation -> {
+                    if (invitation.isEduIDOnly()) {
+                        params.put("login_hint", eduidEntityId);
+                    }
+                });
+            }
+        });
+    }
+}
diff --git a/server/src/main/java/access/security/SecurityConfig.java b/server/src/main/java/access/security/SecurityConfig.java
@@ -158,37 +158,10 @@ private OAuth2AuthorizationRequestResolver authorizationRequestResolver(
                 new DefaultOAuth2AuthorizationRequestResolver(
                         clientRegistrationRepository, "/oauth2/authorization");
         authorizationRequestResolver.setAuthorizationRequestCustomizer(
-                authorizationRequestCustomizer());
-
+                new AuthorizationRequestCustomizer(invitationRepository, eduidEntityId));
         return authorizationRequestResolver;
     }
 
-    private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer() {
-        return customizer -> customizer
-                .additionalParameters(params -> {
-                    RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
-                    HttpSession session = ((ServletRequestAttributes) requestAttributes)
-                            .getRequest().getSession(false);
-                    if (session == null) {
-                        return;
-                    }
-                    DefaultSavedRequest savedRequest = (DefaultSavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
-                    String[] force = savedRequest.getParameterValues("force");
-                    if (force != null && force.length == 1) {
-                        params.put("prompt", "login");
-                    }
-                    String[] hash = savedRequest.getParameterValues("hash");
-                    if (hash != null && hash.length == 1) {
-                        Optional<Invitation> optionalInvitation = invitationRepository.findByHash(hash[0]);
-                        optionalInvitation.ifPresent(invitation -> {
-                            if (invitation.isEduIDOnly()) {
-                                params.put("login_hint", eduidEntityId);
-                            }
-                        });
-                    }
-                });
-    }
-
     @Bean
     @Order(2)
     SecurityFilterChain basicAuthenticationSecurityFilterChain(HttpSecurity http) throws Exception {