Merge pull request 'Add detailed logging and error handling to OIDC User Service' (#27) from fix/moreloginoicduser into main
Reviewed-on: #27
This commit is contained in:
commit
f3c5e78ffa
1 changed files with 63 additions and 43 deletions
|
|
@ -262,61 +262,81 @@ public class SecurityConfig {
|
||||||
final OidcUserService delegate = new OidcUserService();
|
final OidcUserService delegate = new OidcUserService();
|
||||||
|
|
||||||
return (userRequest) -> {
|
return (userRequest) -> {
|
||||||
OidcUser oidcUser = delegate.loadUser(userRequest);
|
try {
|
||||||
Integer userId = null;
|
log.info("=== OIDC User Service called ===");
|
||||||
|
|
||||||
// Debug: Print all claims
|
OidcUser oidcUser = delegate.loadUser(userRequest);
|
||||||
log.debug("=== ID Token Claims ===");
|
log.info("OIDC User loaded successfully");
|
||||||
oidcUser.getIdToken().getClaims().forEach((key, value) ->
|
|
||||||
log.debug("{}: {}", key, value)
|
|
||||||
);
|
|
||||||
log.debug("======================");
|
|
||||||
|
|
||||||
Set<GrantedAuthority> mappedAuthorities = new HashSet<>(oidcUser.getAuthorities());
|
Integer userId = null;
|
||||||
|
|
||||||
User user = null;
|
// Debug: Print all claims
|
||||||
|
log.debug("=== ID Token Claims ===");
|
||||||
|
oidcUser.getIdToken().getClaims().forEach((key, value) ->
|
||||||
|
log.debug("{}: {}", key, value)
|
||||||
|
);
|
||||||
|
log.debug("======================");
|
||||||
|
|
||||||
String workdayId = oidcUser.getAttribute(workdayClaim);
|
Set<GrantedAuthority> mappedAuthorities = new HashSet<>(oidcUser.getAuthorities());
|
||||||
String email = oidcUser.getAttribute(emailClaim);
|
|
||||||
|
|
||||||
String firstName = oidcUser.getAttribute(firstnameClaim);
|
User user = null;
|
||||||
String lastName = oidcUser.getAttribute(lastNameClaim);
|
|
||||||
|
|
||||||
|
String workdayId = oidcUser.getAttribute(workdayClaim);
|
||||||
|
String email = oidcUser.getAttribute(emailClaim);
|
||||||
|
|
||||||
if (identifyBy.equals("email") && email != null && !email.isEmpty()) {
|
String firstName = oidcUser.getAttribute(firstnameClaim);
|
||||||
log.debug("Fetch user by email {}", email);
|
String lastName = oidcUser.getAttribute(lastNameClaim);
|
||||||
user = userRepository.getByEmail(email);
|
|
||||||
} else if (identifyBy.equals("workday") && workdayId != null && !workdayId.isEmpty()) {
|
|
||||||
log.debug("Fetch user by workday id {}", workdayId);
|
|
||||||
user = userRepository.getByWorkdayId(workdayId).orElse(null);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (user != null) {
|
log.info("Claims extracted - email: {}, workdayId: {}, firstName: {}, lastName: {}",
|
||||||
userId = user.getId();
|
email, workdayId, firstName, lastName);
|
||||||
} else {
|
|
||||||
if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) {
|
|
||||||
var isFirstUser = userRepository.count() == 0;
|
|
||||||
user = LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser);
|
|
||||||
userId = userRepository.update(user);
|
|
||||||
|
|
||||||
} else {
|
if (identifyBy.equals("email") && email != null && !email.isEmpty()) {
|
||||||
log.debug("Unable to create user {} / {}", email, workdayId);
|
log.debug("Fetch user by email {}", email);
|
||||||
mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE"));
|
user = userRepository.getByEmail(email);
|
||||||
|
} else if (identifyBy.equals("workday") && workdayId != null && !workdayId.isEmpty()) {
|
||||||
|
log.debug("Fetch user by workday id {}", workdayId);
|
||||||
|
user = userRepository.getByWorkdayId(workdayId).orElse(null);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName()));
|
userId = user.getId();
|
||||||
user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase())));
|
log.info("User found with ID: {}", userId);
|
||||||
}
|
} else {
|
||||||
|
if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) {
|
||||||
|
log.info("Creating new user");
|
||||||
|
var isFirstUser = userRepository.count() == 0;
|
||||||
|
user = LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser);
|
||||||
|
userId = userRepository.update(user);
|
||||||
|
log.info("New user created with ID: {}", userId);
|
||||||
|
} else {
|
||||||
|
log.warn("Unable to create user - email: {}, firstName: {}, lastName: {}, workdayId: {}",
|
||||||
|
email, firstName, lastName, workdayId);
|
||||||
|
mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return new LccOidcUser(
|
if (user != null) {
|
||||||
mappedAuthorities,
|
user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName()));
|
||||||
oidcUser.getIdToken(),
|
user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase())));
|
||||||
oidcUser.getUserInfo(),
|
}
|
||||||
"preferred_username",
|
|
||||||
userId
|
log.info("=== OIDC User Service completed successfully ===");
|
||||||
);
|
|
||||||
|
return new LccOidcUser(
|
||||||
|
mappedAuthorities,
|
||||||
|
oidcUser.getIdToken(),
|
||||||
|
oidcUser.getUserInfo(),
|
||||||
|
"preferred_username",
|
||||||
|
userId
|
||||||
|
);
|
||||||
|
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.error("=== FATAL ERROR in oidcUserService ===", e);
|
||||||
|
log.error("Exception type: {}", e.getClass().getName());
|
||||||
|
log.error("Exception message: {}", e.getMessage());
|
||||||
|
log.error("Stack trace:", e);
|
||||||
|
throw e; // Re-throw to maintain Spring Security behavior
|
||||||
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue